test(infra): avoid host-specific exec path fixtures

2026-05-31 13:48:34 +00:00 · 2026-05-29 09:26:46 +02:00
parent ac52499aca
commit 0fbd975fe8
2 changed files with 8 additions and 6 deletions
--- a/src/infra/exec-approvals-analysis.test.ts
+++ b/src/infra/exec-approvals-analysis.test.ts
@@ -563,9 +563,9 @@ describe("exec approvals shell analysis", () => {
  describe("shell allowlist (chained commands)", () => {
    it.each([
      {
-        allowlist: [{ pattern: "/usr/bin/obsidian-cli" }, { pattern: "/usr/bin/head" }],
+        allowlist: [{ pattern: "/usr/bin/obsidian-cli" }, { pattern: "/opt/openclaw-test/head" }],
        command:
-          "/usr/bin/obsidian-cli print-default && /usr/bin/obsidian-cli search foo | /usr/bin/head",
+          "/usr/bin/obsidian-cli print-default && /usr/bin/obsidian-cli search foo | /opt/openclaw-test/head",
        expectedAnalysisOk: true,
        expectedAllowlistSatisfied: true,
      },
@@ -689,12 +689,12 @@ describe("exec approvals shell analysis", () => {
      expect(result.segmentSatisfiedBy).toEqual([null]);
    });

-    it.each(['/usr/bin/echo "foo && bar"', '/usr/bin/echo "foo\\" && bar"'])(
+    it.each(['/opt/openclaw-test/echo "foo && bar"', '/opt/openclaw-test/echo "foo\\" && bar"'])(
      "respects quoted chain separator for %s",
      (command) => {
        const result = evaluateShellAllowlist({
          command,
-          allowlist: [{ pattern: "/usr/bin/echo" }],
+          allowlist: [{ pattern: "/opt/openclaw-test/echo" }],
          safeBins: new Set(),
          cwd: "/tmp",
        });
--- a/src/infra/exec-approvals-safe-bins.test.ts
+++ b/src/infra/exec-approvals-safe-bins.test.ts
@@ -463,21 +463,23 @@ describe("exec approvals safe bins", () => {
      argv: ["echo", "hello"],
      resolution: {
        rawExecutable: "echo",
-        resolvedPath: "/bin/echo",
+        resolvedPath: "/opt/openclaw-test/bin/echo",
        executableName: "echo",
      },
      safeBins: normalizeSafeBins(["echo"]),
      safeBinProfiles,
+      trustedSafeBinDirs: new Set(["/opt/openclaw-test/bin"]),
    });
    const deny = isSafeBinUsage({
      argv: ["echo", "hello", "world"],
      resolution: {
        rawExecutable: "echo",
-        resolvedPath: "/bin/echo",
+        resolvedPath: "/opt/openclaw-test/bin/echo",
        executableName: "echo",
      },
      safeBins: normalizeSafeBins(["echo"]),
      safeBinProfiles,
+      trustedSafeBinDirs: new Set(["/opt/openclaw-test/bin"]),
    });
    expect(allow).toBe(true);
    expect(deny).toBe(false);