vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-30 02:22:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Secrets: add inline allowlist review set (#38314)

Browse Source 
* Secrets: add inline allowlist review set

* Secrets: narrow detect-secrets file exclusions

* Secrets: exclude Docker fingerprint false positive

* Secrets: allowlist test and docs false positives

* Secrets: refresh baseline after allowlist updates

* Secrets: fix gateway chat fixture pragma

* Secrets: format pre-commit config

* Android: keep talk mode fixture JSON valid

* Feishu: rely on client timeout injection

* Secrets: allowlist provider auth test fixtures

* Secrets: allowlist onboard search fixtures

* Secrets: allowlist onboard mode fixture

* Secrets: allowlist gateway auth mode fixture

* Secrets: allowlist APNS wake test key

* Secrets: allowlist gateway reload fixtures

* Secrets: allowlist moonshot video fixture

* Secrets: allowlist auto audio fixture

* Secrets: allowlist tiny audio fixture

* Secrets: allowlist embeddings fixtures

* Secrets: allowlist resolve fixtures

* Secrets: allowlist target registry pattern fixtures

* Secrets: allowlist gateway chat env fixture

* Secrets: refresh baseline after fixture allowlists

* Secrets: reapply gateway chat env allowlist

* Secrets: reapply gateway chat env allowlist

* Secrets: stabilize gateway chat env allowlist

* Secrets: allowlist runtime snapshot save fixture

* Secrets: allowlist oauth profile fixtures

* Secrets: allowlist compaction identifier fixture

* Secrets: allowlist model auth fixture

* Secrets: allowlist model status fixtures

* Secrets: allowlist custom onboarding fixture

* Secrets: allowlist mattermost token summary fixtures

* Secrets: allowlist gateway auth suite fixtures

* Secrets: allowlist channel summary fixture

* Secrets: allowlist provider usage auth fixtures

* Secrets: allowlist media proxy fixture

* Secrets: allowlist secrets audit fixtures

* Secrets: refresh baseline after final fixture allowlists

* Feishu: prefer explicit client timeout

* Feishu: test direct timeout precedence
This commit is contained in:
Vincent Koc
2026-03-06 19:35:26 -05:00
committed by GitHub
parent 3070fafec1
commit 42e3d8d693
80 changed files with 363 additions and 317 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/tui/gateway-chat.test.ts
View File

@@ -118,7 +118,7 @@ describe("resolveGatewayConnection", () => {
gateway: {
mode: "local",
auth: {
password: "config-password",
password: "config-password", // pragma: allowlist secret
},
},
});
@@ -134,7 +134,7 @@ describe("resolveGatewayConnection", () => {
mode: "local",
auth: {
token: "config-token",
password: "config-password",
password: "config-password", // pragma: allowlist secret
},
},
});
@@ -180,13 +180,15 @@ describe("resolveGatewayConnection", () => {
loadConfig.mockReturnValue({
gateway: {
mode: "remote",
remote: { url: "wss://remote.example/ws", token: "remote-token", password: "remote-pass" },
remote: { url: "wss://remote.example/ws", token: "remote-token", password: "remote-pass" }, // pragma: allowlist secret
},
});
await withEnvAsync({ OPENCLAW_GATEWAY_PASSWORD: "env-pass" }, async () => {
const gatewayPasswordEnv = "OPENCLAW_GATEWAY_PASSWORD"; // pragma: allowlist secret
const gatewayPassword = "env-pass"; // pragma: allowlist secret
await withEnvAsync({ [gatewayPasswordEnv]: gatewayPassword }, async () => {
const result = await resolveGatewayConnection({});
expect(result.password).toBe("env-pass");
expect(result.password).toBe(gatewayPassword);
});
});
@@ -263,12 +265,12 @@ describe("resolveGatewayConnection", () => {
const tokenExecProgram = [
"const fs=require('node:fs');",
`fs.writeFileSync(${JSON.stringify(tokenMarker)},'1');`,
"process.stdout.write(JSON.stringify({ protocolVersion: 1, values: { TOKEN_SECRET: 'token-from-exec' } }));",
"process.stdout.write(JSON.stringify({ protocolVersion: 1, values: { TOKEN_SECRET: 'token-from-exec' } }));", // pragma: allowlist secret
].join("");
const passwordExecProgram = [
"const fs=require('node:fs');",
`fs.writeFileSync(${JSON.stringify(passwordMarker)},'1');`,
"process.stdout.write(JSON.stringify({ protocolVersion: 1, values: { PASSWORD_SECRET: 'password-from-exec' } }));",
"process.stdout.write(JSON.stringify({ protocolVersion: 1, values: { PASSWORD_SECRET: 'password-from-exec' } }));", // pragma: allowlist secret
].join("");
loadConfig.mockReturnValue({
@@ -316,12 +318,12 @@ describe("resolveGatewayConnection", () => {
const tokenExecProgram = [
"const fs=require('node:fs');",
`fs.writeFileSync(${JSON.stringify(tokenMarker)},'1');`,
"process.stdout.write(JSON.stringify({ protocolVersion: 1, values: { TOKEN_SECRET: 'token-from-exec' } }));",
"process.stdout.write(JSON.stringify({ protocolVersion: 1, values: { TOKEN_SECRET: 'token-from-exec' } }));", // pragma: allowlist secret
].join("");
const passwordExecProgram = [
"const fs=require('node:fs');",
`fs.writeFileSync(${JSON.stringify(passwordMarker)},'1');`,
"process.stdout.write(JSON.stringify({ protocolVersion: 1, values: { PASSWORD_SECRET: 'password-from-exec' } }));",
"process.stdout.write(JSON.stringify({ protocolVersion: 1, values: { PASSWORD_SECRET: 'password-from-exec' } }));", // pragma: allowlist secret
].join("");
loadConfig.mockReturnValue({

4
src/tui/tui-formatters.test.ts
View File

@@ -250,14 +250,14 @@ describe("sanitizeRenderableText", () => {
});
it("preserves long credential-like mixed alnum tokens for copy safety", () => {
const input = "e3b19c3b87bcf364b23eebb2c276e96ec478956ba1d84c93";
const input = "e3b19c3b87bcf364b23eebb2c276e96ec478956ba1d84c93"; // pragma: allowlist secret
const sanitized = sanitizeRenderableText(input);
expect(sanitized).toBe(input);
});
it("preserves quoted credential-like mixed alnum tokens for copy safety", () => {
const input = "'e3b19c3b87bcf364b23eebb2c276e96ec478956ba1d84c93'";
const input = "'e3b19c3b87bcf364b23eebb2c276e96ec478956ba1d84c93'"; // pragma: allowlist secret
const sanitized = sanitizeRenderableText(input);
expect(sanitized).toBe(input);