vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-06 18:40:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

test: stabilize config and plugin scanner tests

Browse Source
This commit is contained in:
Peter Steinberger
2026-04-16 22:08:19 +01:00
parent dafc71c913
commit 678b019467
3 changed files with 18 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/config/config.web-search-provider.test.ts
View File

@@ -1,5 +1,7 @@
import { afterEach, beforeAll, beforeEach, describe, expect, it, vi } from "vitest";
import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
import { __testing as webSearchTesting } from "../agents/tools/web-search.js";
import { buildWebSearchProviderConfig } from "./test-helpers.js";
import { validateConfigObjectWithPlugins } from "./validation.js";
vi.mock("../runtime.js", () => ({
defaultRuntime: { log: vi.fn(), error: vi.fn() },
@@ -225,15 +227,7 @@ vi.mock("../plugins/manifest-registry.js", () => {
};
});
let validateConfigObjectWithPlugins: typeof import("./validation.js").validateConfigObjectWithPlugins;
let resolveSearchProvider: typeof import("../agents/tools/web-search.js").__testing.resolveSearchProvider;
beforeAll(async () => {
({ validateConfigObjectWithPlugins } = await import("./validation.js"));
({
__testing: { resolveSearchProvider },
} = await import("../agents/tools/web-search.js"));
});
const { resolveSearchProvider } = webSearchTesting;
describe("web search provider config", () => {
it("does not warn for brave plugin config when bundled web search allowlist compat applies", () => {

11
src/security/skill-scanner.test.ts
View File

@@ -195,6 +195,17 @@ console.log(json);
const findings = scanSource(source, "plugin.ts");
expect(findings).toEqual([]);
});
it("does not treat fetch in names or comments as network send context", () => {
const source = `
const inheritedOutputPath = process.env.OPENCLAW_RUN_NODE_OUTPUT_LOG?.trim();
async function closeFetchHandles() {
// Best-effort cleanup for stale fetch keep-alive handles.
}
`;
const findings = scanSource(source, "plugin.ts");
expect(findings.some((f) => f.ruleId === "env-harvesting")).toBe(false);
});
});
// ---------------------------------------------------------------------------

5
src/security/skill-scanner.ts
View File

@@ -173,6 +173,7 @@ const LINE_RULES: LineRule[] = [
];
const STANDARD_PORTS = new Set([80, 443, 8080, 8443, 3000]);
const NETWORK_SEND_CONTEXT_PATTERN = /\bfetch\s*\(|\bpost\s*\(|\.\s*post\s*\(|http\.request\s*\(/i;
const SOURCE_RULES: SourceRule[] = [
{
@@ -180,7 +181,7 @@ const SOURCE_RULES: SourceRule[] = [
severity: "warn",
message: "File read combined with network send — possible data exfiltration",
pattern: /readFileSync|readFile/,
requiresContext: /\bfetch\b|\bpost\b|http\.request/i,
requiresContext: NETWORK_SEND_CONTEXT_PATTERN,
},
{
ruleId: "obfuscated-code",
@@ -200,7 +201,7 @@ const SOURCE_RULES: SourceRule[] = [
message:
"Environment variable access combined with network send — possible credential harvesting",
pattern: /process\.env/,
requiresContext: /\bfetch\b|\bpost\b|http\.request/i,
requiresContext: NETWORK_SEND_CONTEXT_PATTERN,
},
];