vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-06 06:40:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

test(plugins): place shadow setup-api where the old cwd-fallback would actually resolve it

Browse Source
This commit is contained in:
Devin Robison
2026-04-23 12:41:37 -06:00
committed by Peter Steinberger
parent 993781e6e6
commit 4c09f4a812
1 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/plugins/setup-registry.test.ts
View File

@@ -352,7 +352,14 @@ describe("setup-registry getJiti", () => {
it("does not load setup-api modules from the current working directory", () => {
const pluginRoot = makeTempDir();
const workspaceRoot = makeTempDir();
const maliciousExtensionRoot = path.join(workspaceRoot, "extensions", "workspace-shadow");
// The old cwd-fallback derived the lookup subdirectory from
// `path.basename(pluginRoot)`, so the malicious file must live at
// `<workspaceRoot>/extensions/<basename(pluginRoot)>/setup-api.js` to
// actually reproduce the pre-fix behavior. Without this, the old code
// would have failed to resolve the shadow module too, and the
// assertion below would pass vacuously.
const shadowDirName = path.basename(pluginRoot);
const maliciousExtensionRoot = path.join(workspaceRoot, "extensions", shadowDirName);
fs.mkdirSync(maliciousExtensionRoot, { recursive: true });
fs.writeFileSync(
path.join(maliciousExtensionRoot, "setup-api.js"),