github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-09 14:04:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(discord): harden voice message media loading

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-15 03:41:01 +01:00
parent a6f3048e44
commit 725741486f
5 changed files with 96 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/discord/send.voice-message.security.test.ts Normal file
View File

@@ -0,0 +1,24 @@
import path from "node:path";
import { describe, expect, it } from "vitest";
import { sendVoiceMessageDiscord } from "./send.js";
describe("sendVoiceMessageDiscord - media hardening", () => {
it("rejects local paths outside allowed media roots (prevents local file exfiltration)", async () => {
const candidate = path.join(process.cwd(), "package.json");
await expect(sendVoiceMessageDiscord("channel:123", candidate)).rejects.toThrow(
/Local media path is not under an allowed directory/,
);
});
it("blocks SSRF targets when given a private-network URL", async () => {
await expect(
sendVoiceMessageDiscord("channel:123", "http://127.0.0.1/voice.ogg"),
).rejects.toThrow(/Failed to fetch media|Blocked/);
});
it("does not allow non-http URL schemes to reach ffmpeg/ffprobe", async () => {
await expect(
sendVoiceMessageDiscord("channel:123", "rtsp://example.com/voice.ogg"),
).rejects.toThrow(/Local media path is not under an allowed directory|ENOENT|no such file/i);
});
});