vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-06 23:10:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

test: cover forced-unsafe security scan failures

Browse Source
This commit is contained in:
masonxhuang
2026-04-01 17:45:39 +08:00
committed by Mason Huang
parent 037db99995
commit 109d4ac720
1 changed files with 53 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
src/cli/plugins-cli.install.test.ts
View File

@@ -779,6 +779,35 @@ describe("plugins cli install", () => {
expect(runtimeErrors.at(-1)).toContain(pluginInstallError);
});
it("does not fall back to hook pack for local path when security scan fails under dangerous force unsafe install", async () => {
const localPluginDir = fs.mkdtempSync(path.join(os.tmpdir(), "openclaw-local-plugin-"));
const cfg = {} as OpenClawConfig;
const pluginInstallError = "plugin security scan failed";
loadConfig.mockReturnValue(cfg);
installPluginFromPath.mockResolvedValue({
ok: false,
error: pluginInstallError,
code: "security_scan_failed",
});
try {
await expect(
runPluginsCommand([
"plugins",
"install",
localPluginDir,
"--dangerously-force-unsafe-install",
]),
).rejects.toThrow("__exit__:1");
} finally {
fs.rmSync(localPluginDir, { recursive: true, force: true });
}
expect(installHooksFromPath).not.toHaveBeenCalled();
expect(runtimeErrors.at(-1)).toContain(pluginInstallError);
});
it("does not fall back to hook pack for npm installs when dangerous force unsafe install is set", async () => {
const cfg = {} as OpenClawConfig;
const pluginInstallError = "plugin blocked by security scan";
@@ -803,6 +832,30 @@ describe("plugins cli install", () => {
expect(runtimeErrors.at(-1)).toContain(pluginInstallError);
});
it("does not fall back to hook pack for npm installs when security scan fails under dangerous force unsafe install", async () => {
const cfg = {} as OpenClawConfig;
const pluginInstallError = "plugin security scan failed";
loadConfig.mockReturnValue(cfg);
installPluginFromClawHub.mockResolvedValue({
ok: false,
error: "ClawHub /api/v1/packages/demo failed (404): Package not found",
code: "package_not_found",
});
installPluginFromNpmSpec.mockResolvedValue({
ok: false,
error: pluginInstallError,
code: "security_scan_failed",
});
await expect(
runPluginsCommand(["plugins", "install", "demo", "--dangerously-force-unsafe-install"]),
).rejects.toThrow("__exit__:1");
expect(installHooksFromNpmSpec).not.toHaveBeenCalled();
expect(runtimeErrors.at(-1)).toContain(pluginInstallError);
});
it("still falls back to local hook pack when dangerous force unsafe install is set for non-security errors", async () => {
const localHookDir = fs.mkdtempSync(path.join(os.tmpdir(), "openclaw-local-hook-pack-"));
const cfg = {} as OpenClawConfig;