github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-09 19:14:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

test(perf): streamline deep code-safety audit assertions

Browse Source
This commit is contained in:
Peter Steinberger
2026-03-02 11:58:49 +00:00
parent d9ff3bf1af
commit d95bc10425
1 changed files with 13 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
src/security/audit.test.ts
View File

@@ -5,7 +5,10 @@ import { afterAll, beforeAll, describe, expect, it, vi } from "vitest";
import type { ChannelPlugin } from "../channels/plugins/types.js"; import type { ChannelPlugin } from "../channels/plugins/types.js";
import type { OpenClawConfig } from "../config/config.js"; import type { OpenClawConfig } from "../config/config.js";
import { withEnvAsync } from "../test-utils/env.js"; import { withEnvAsync } from "../test-utils/env.js";
import { collectPluginsCodeSafetyFindings } from "./audit-extra.js"; import {
collectInstalledSkillsCodeSafetyFindings,
collectPluginsCodeSafetyFindings,
} from "./audit-extra.js";
import type { SecurityAuditOptions, SecurityAuditReport } from "./audit.js"; import type { SecurityAuditOptions, SecurityAuditReport } from "./audit.js";
import { runSecurityAudit } from "./audit.js"; import { runSecurityAudit } from "./audit.js";
import * as skillScanner from "./skill-scanner.js"; import * as skillScanner from "./skill-scanner.js";
@@ -2666,24 +2669,22 @@ description: test skill
}); });
it("reports detailed code-safety issues for both plugins and skills", async () => { it("reports detailed code-safety issues for both plugins and skills", async () => {
const deepRes = await runSecurityAudit({ const cfg: OpenClawConfig = {
config: { agents: { defaults: { workspace: sharedCodeSafetyWorkspaceDir } } }, agents: { defaults: { workspace: sharedCodeSafetyWorkspaceDir } },
includeFilesystem: true, };
includeChannelSecurity: false, const [pluginFindings, skillFindings] = await Promise.all([
deep: true, collectPluginsCodeSafetyFindings({ stateDir: sharedCodeSafetyStateDir }),
stateDir: sharedCodeSafetyStateDir, collectInstalledSkillsCodeSafetyFindings({ cfg, stateDir: sharedCodeSafetyStateDir }),
probeGatewayFn: async (opts) => successfulProbeResult(opts.url), ]);
execDockerRawFn: execDockerRawUnavailable,
});
const pluginFinding = deepRes.findings.find( const pluginFinding = pluginFindings.find(
(finding) => finding.checkId === "plugins.code_safety" && finding.severity === "critical", (finding) => finding.checkId === "plugins.code_safety" && finding.severity === "critical",
); );
expect(pluginFinding).toBeDefined(); expect(pluginFinding).toBeDefined();
expect(pluginFinding?.detail).toContain("dangerous-exec"); expect(pluginFinding?.detail).toContain("dangerous-exec");
expect(pluginFinding?.detail).toMatch(/\.hidden[\\/]+index\.js:\d+/); expect(pluginFinding?.detail).toMatch(/\.hidden[\\/]+index\.js:\d+/);
const skillFinding = deepRes.findings.find( const skillFinding = skillFindings.find(
(finding) => finding.checkId === "skills.code_safety" && finding.severity === "critical", (finding) => finding.checkId === "skills.code_safety" && finding.severity === "critical",
); );
expect(skillFinding).toBeDefined(); expect(skillFinding).toBeDefined();