github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-09 18:14:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

security(feishu): bind doc create grants to trusted requester context (#31184)

Browse Source 
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
This commit is contained in:
Tak Hoffman
2026-03-01 20:51:45 -06:00
committed by GitHub
parent e482da6682
commit bbab94c1fe
9 changed files with 142 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/security/audit.test.ts
View File

@@ -1266,7 +1266,7 @@ describe("security audit", () => {
);
});
it("warns when Feishu doc tool is enabled because create supports owner_open_id", async () => {
it("warns when Feishu doc tool is enabled because create can grant requester access", async () => {
const cfg: OpenClawConfig = {
channels: {
feishu: {
@@ -1280,7 +1280,7 @@ describe("security audit", () => {
expectFinding(res, "channels.feishu.doc_owner_open_id", "warn");
});
it("does not warn for Feishu owner_open_id when doc tools are disabled", async () => {
it("does not warn for Feishu doc grant risk when doc tools are disabled", async () => {
const cfg: OpenClawConfig = {
channels: {
feishu: {