github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-09 09:47:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

test: remove low-value relative traversal session-file guard case

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-16 08:57:45 +00:00
parent eb7b5c02c3
commit c8704297b2
1 changed files with 0 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/config/sessions/sessions.test.ts
View File

@@ -58,14 +58,6 @@ describe("session path safety", () => {
expect(resolved).toBe(path.resolve(sessionsDir, "sess-1-topic-topic%2Fa%2Bb.jsonl")); expect(resolved).toBe(path.resolve(sessionsDir, "sess-1-topic-topic%2Fa%2Bb.jsonl"));
}); });
it("rejects unsafe sessionFile candidates that escape the sessions dir", () => {
const sessionsDir = "/tmp/openclaw/agents/main/sessions";
expect(() =>
resolveSessionFilePath("sess-1", { sessionFile: "../../etc/passwd" }, { sessionsDir }),
).toThrow(/within sessions directory/);
});
it("rejects absolute sessionFile paths outside known agent sessions dirs", () => { it("rejects absolute sessionFile paths outside known agent sessions dirs", () => {
const sessionsDir = "/tmp/openclaw/agents/main/sessions"; const sessionsDir = "/tmp/openclaw/agents/main/sessions";