github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-13 08:30:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

test(gateway): dedupe control-ui not-found fixture assertions

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-21 23:12:29 +00:00
parent 7778eee5e3
commit b0f6f18569
1 changed files with 74 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files

76
src/gateway/control-ui.http.test.ts
View File

@@ -30,6 +30,33 @@ describe("handleControlUiHttpRequest", () => {
}; };
} }
function expectNotFoundResponse(params: {
handled: boolean;
res: ReturnType<typeof makeMockHttpResponse>["res"];
end: ReturnType<typeof makeMockHttpResponse>["end"];
}) {
expect(params.handled).toBe(true);
expect(params.res.statusCode).toBe(404);
expect(params.end).toHaveBeenCalledWith("Not Found");
}
async function withBasePathRootFixture<T>(params: {
siblingDir: string;
fn: (paths: { root: string; sibling: string }) => Promise<T>;
}) {
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-ui-root-"));
try {
const root = path.join(tmp, "ui");
const sibling = path.join(tmp, params.siblingDir);
await fs.mkdir(root, { recursive: true });
await fs.mkdir(sibling, { recursive: true });
await fs.writeFile(path.join(root, "index.html"), "<html>ok</html>\n");
return await params.fn({ root, sibling });
} finally {
await fs.rm(tmp, { recursive: true, force: true });
}
}
it("sets security headers for Control UI responses", async () => { it("sets security headers for Control UI responses", async () => {
await withControlUiRoot({ await withControlUiRoot({
fn: async (tmp) => { fn: async (tmp) => {
@@ -145,10 +172,7 @@ describe("handleControlUiHttpRequest", () => {
root: { kind: "resolved", path: tmp }, root: { kind: "resolved", path: tmp },
}, },
); );
expectNotFoundResponse({ handled, res, end });
expect(handled).toBe(true);
expect(res.statusCode).toBe(404);
expect(end).toHaveBeenCalledWith("Not Found");
} finally { } finally {
await fs.rm(outsideDir, { recursive: true, force: true }); await fs.rm(outsideDir, { recursive: true, force: true });
} }
@@ -221,10 +245,7 @@ describe("handleControlUiHttpRequest", () => {
root: { kind: "resolved", path: tmp }, root: { kind: "resolved", path: tmp },
}, },
); );
expectNotFoundResponse({ handled, res, end });
expect(handled).toBe(true);
expect(res.statusCode).toBe(404);
expect(end).toHaveBeenCalledWith("Not Found");
} finally { } finally {
await fs.rm(outsideDir, { recursive: true, force: true }); await fs.rm(outsideDir, { recursive: true, force: true });
} }
@@ -233,13 +254,9 @@ describe("handleControlUiHttpRequest", () => {
}); });
it("rejects absolute-path escape attempts under basePath routes", async () => { it("rejects absolute-path escape attempts under basePath routes", async () => {
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-ui-root-")); await withBasePathRootFixture({
try { siblingDir: "ui-secrets",
const root = path.join(tmp, "ui"); fn: async ({ root, sibling }) => {
const sibling = path.join(tmp, "ui-secrets");
await fs.mkdir(root, { recursive: true });
await fs.mkdir(sibling, { recursive: true });
await fs.writeFile(path.join(root, "index.html"), "<html>ok</html>\n");
const secretPath = path.join(sibling, "secret.txt"); const secretPath = path.join(sibling, "secret.txt");
await fs.writeFile(secretPath, "sensitive-data"); await fs.writeFile(secretPath, "sensitive-data");
@@ -255,23 +272,16 @@ describe("handleControlUiHttpRequest", () => {
root: { kind: "resolved", path: root }, root: { kind: "resolved", path: root },
}, },
); );
expectNotFoundResponse({ handled, res, end });
expect(handled).toBe(true); },
expect(res.statusCode).toBe(404); });
expect(end).toHaveBeenCalledWith("Not Found");
} finally {
await fs.rm(tmp, { recursive: true, force: true });
}
}); });
it("rejects symlink escape attempts under basePath routes", async () => { it("rejects symlink escape attempts under basePath routes", async () => {
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-ui-root-")); await withBasePathRootFixture({
try { siblingDir: "outside",
const root = path.join(tmp, "ui"); fn: async ({ root, sibling }) => {
const sibling = path.join(tmp, "outside");
await fs.mkdir(path.join(root, "assets"), { recursive: true }); await fs.mkdir(path.join(root, "assets"), { recursive: true });
await fs.mkdir(sibling, { recursive: true });
await fs.writeFile(path.join(root, "index.html"), "<html>ok</html>\n");
const secretPath = path.join(sibling, "secret.txt"); const secretPath = path.join(sibling, "secret.txt");
await fs.writeFile(secretPath, "sensitive-data"); await fs.writeFile(secretPath, "sensitive-data");
@@ -294,12 +304,8 @@ describe("handleControlUiHttpRequest", () => {
root: { kind: "resolved", path: root }, root: { kind: "resolved", path: root },
}, },
); );
expectNotFoundResponse({ handled, res, end });
expect(handled).toBe(true); },
expect(res.statusCode).toBe(404); });
expect(end).toHaveBeenCalledWith("Not Found");
} finally {
await fs.rm(tmp, { recursive: true, force: true });
}
}); });
}); });