github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-09 02:28:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

test(web-fetch): dedupe blocked-url SSRF assertions

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-21 23:51:02 +00:00
parent a97992fcf2
commit 8083cb8e0b
1 changed files with 15 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
src/agents/tools/web-fetch.ssrf.e2e.test.ts
View File

@@ -55,6 +55,14 @@ async function createWebFetchToolForTest(params?: {
}); });
} }
async function expectBlockedUrl(
tool: Awaited<ReturnType<typeof createWebFetchToolForTest>>,
url: string,
expectedMessage: RegExp,
) {
await expect(tool?.execute?.("call", { url })).rejects.toThrow(expectedMessage);
}
describe("web_fetch SSRF protection", () => { describe("web_fetch SSRF protection", () => {
const priorFetch = global.fetch; const priorFetch = global.fetch;
@@ -76,9 +84,7 @@ describe("web_fetch SSRF protection", () => {
firecrawl: { apiKey: "firecrawl-test" }, firecrawl: { apiKey: "firecrawl-test" },
}); });
await expect(tool?.execute?.("call", { url: "http://localhost/test" })).rejects.toThrow( await expectBlockedUrl(tool, "http://localhost/test", /Blocked hostname/i);
/Blocked hostname/i,
);
expect(fetchSpy).not.toHaveBeenCalled(); expect(fetchSpy).not.toHaveBeenCalled();
expect(lookupMock).not.toHaveBeenCalled(); expect(lookupMock).not.toHaveBeenCalled();
}); });
@@ -87,12 +93,10 @@ describe("web_fetch SSRF protection", () => {
const fetchSpy = setMockFetch(); const fetchSpy = setMockFetch();
const tool = await createWebFetchToolForTest(); const tool = await createWebFetchToolForTest();
await expect(tool?.execute?.("call", { url: "http://127.0.0.1/test" })).rejects.toThrow( const cases = ["http://127.0.0.1/test", "http://[::ffff:127.0.0.1]/"] as const;
/private|internal|blocked/i, for (const url of cases) {
); await expectBlockedUrl(tool, url, /private|internal|blocked/i);
await expect(tool?.execute?.("call", { url: "http://[::ffff:127.0.0.1]/" })).rejects.toThrow( }
/private|internal|blocked/i,
);
expect(fetchSpy).not.toHaveBeenCalled(); expect(fetchSpy).not.toHaveBeenCalled();
expect(lookupMock).not.toHaveBeenCalled(); expect(lookupMock).not.toHaveBeenCalled();
}); });
@@ -108,9 +112,7 @@ describe("web_fetch SSRF protection", () => {
const fetchSpy = setMockFetch(); const fetchSpy = setMockFetch();
const tool = await createWebFetchToolForTest(); const tool = await createWebFetchToolForTest();
await expect(tool?.execute?.("call", { url: "https://private.test/resource" })).rejects.toThrow( await expectBlockedUrl(tool, "https://private.test/resource", /private|internal|blocked/i);
/private|internal|blocked/i,
);
expect(fetchSpy).not.toHaveBeenCalled(); expect(fetchSpy).not.toHaveBeenCalled();
}); });
@@ -124,9 +126,7 @@ describe("web_fetch SSRF protection", () => {
firecrawl: { apiKey: "firecrawl-test" }, firecrawl: { apiKey: "firecrawl-test" },
}); });
await expect(tool?.execute?.("call", { url: "https://example.com" })).rejects.toThrow( await expectBlockedUrl(tool, "https://example.com", /private|internal|blocked/i);
/private|internal|blocked/i,
);
expect(fetchSpy).toHaveBeenCalledTimes(1); expect(fetchSpy).toHaveBeenCalledTimes(1);
}); });