github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-09 12:07:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

test(security): consolidate runtime guardrail scans

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-22 22:05:30 +00:00
parent fe58839ed1
commit 57b75678d4
4 changed files with 90 additions and 246 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/security/audit.test.ts
View File

@@ -2234,7 +2234,7 @@ describe("security audit", () => {
}
});
it("flags plugins with dangerous code patterns (deep audit)", async () => {
it("does not scan plugin code safety findings when deep audit is disabled", async () => {
const tmpDir = await makeTmpDir("audit-scanner-plugin");
const pluginDir = path.join(tmpDir, "extensions", "evil-plugin");
await fs.mkdir(path.join(pluginDir, ".hidden"), { recursive: true });
@@ -2260,20 +2260,7 @@ describe("security audit", () => {
});
expect(nonDeepRes.findings.some((f) => f.checkId === "plugins.code_safety")).toBe(false);
const deepRes = await runSecurityAudit({
config: cfg,
includeFilesystem: true,
includeChannelSecurity: false,
deep: true,
stateDir: tmpDir,
probeGatewayFn: async (opts) => successfulProbeResult(opts.url),
});
expect(
deepRes.findings.some(
(f) => f.checkId === "plugins.code_safety" && f.severity === "critical",
),
).toBe(true);
// Deep-mode positive coverage lives in the detailed plugin+skills code-safety test below.
});
it("reports detailed code-safety issues for both plugins and skills", async () => {