github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-09 00:28:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

test: group remaining suite cleanups

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-21 21:43:24 +00:00
parent 5c8f0b5a77
commit 861718e4dc
32 changed files with 870 additions and 922 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
src/agents/sandbox/validate-sandbox-security.test.ts
View File

@@ -115,15 +115,6 @@ describe("validateSeccompProfile", () => {
expect(() => validateSeccompProfile("/tmp/seccomp.json")).not.toThrow();
expect(() => validateSeccompProfile(undefined)).not.toThrow();
});
it("blocks unconfined (case-insensitive)", () => {
expect(() => validateSeccompProfile("unconfined")).toThrow(
/seccomp profile "unconfined" is blocked/,
);
expect(() => validateSeccompProfile("Unconfined")).toThrow(
/seccomp profile "Unconfined" is blocked/,
);
});
});
describe("validateApparmorProfile", () => {
@@ -131,11 +122,23 @@ describe("validateApparmorProfile", () => {
expect(() => validateApparmorProfile("openclaw-sandbox")).not.toThrow();
expect(() => validateApparmorProfile(undefined)).not.toThrow();
});
});
it("blocks unconfined (case-insensitive)", () => {
expect(() => validateApparmorProfile("unconfined")).toThrow(
/apparmor profile "unconfined" is blocked/,
);
describe("profile hardening", () => {
it.each([
{
name: "seccomp",
run: (value: string) => validateSeccompProfile(value),
expected: /seccomp profile ".+" is blocked/,
},
{
name: "apparmor",
run: (value: string) => validateApparmorProfile(value),
expected: /apparmor profile ".+" is blocked/,
},
])("blocks unconfined profiles (case-insensitive): $name", ({ run, expected }) => {
expect(() => run("unconfined")).toThrow(expected);
expect(() => run("Unconfined")).toThrow(expected);
});
});