vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-10 10:30:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

test: tighten web guarded fetch assertions

Browse Source
This commit is contained in:
Peter Steinberger
2026-05-09 17:21:39 +01:00
parent 30e6bd11b3
commit 70d3c53ecb
1 changed files with 15 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
src/agents/tools/web-guarded-fetch.test.ts
View File

@@ -39,17 +39,14 @@ describe("web-guarded-fetch", () => {
await withTrustedWebToolsEndpoint({ url: "https://example.com" }, async () => undefined);
expect(fetchWithSsrFGuard).toHaveBeenCalledWith(
expect.objectContaining({
url: "https://example.com",
policy: {
allowRfc2544BenchmarkRange: true,
allowIpv6UniqueLocalRange: true,
hostnameAllowlist: ["example.com"],
},
mode: GUARDED_FETCH_MODE.TRUSTED_ENV_PROXY,
}),
);
const call = vi.mocked(fetchWithSsrFGuard).mock.calls[0]?.[0];
expect(call?.url).toBe("https://example.com");
expect(call?.policy).toEqual({
allowRfc2544BenchmarkRange: true,
allowIpv6UniqueLocalRange: true,
hostnameAllowlist: ["example.com"],
});
expect(call?.mode).toBe(GUARDED_FETCH_MODE.TRUSTED_ENV_PROXY);
});
it("uses private-network policy only for self-hosted web tools endpoints", async () => {
@@ -61,17 +58,12 @@ describe("web-guarded-fetch", () => {
await withSelfHostedWebToolsEndpoint({ url: "http://127.0.0.1:8080" }, async () => undefined);
expect(fetchWithSsrFGuard).toHaveBeenCalledWith(
expect.objectContaining({
url: "http://127.0.0.1:8080",
policy: expect.objectContaining({
dangerouslyAllowPrivateNetwork: true,
allowRfc2544BenchmarkRange: true,
allowIpv6UniqueLocalRange: true,
}),
mode: GUARDED_FETCH_MODE.TRUSTED_ENV_PROXY,
}),
);
const call = vi.mocked(fetchWithSsrFGuard).mock.calls[0]?.[0];
expect(call?.url).toBe("http://127.0.0.1:8080");
expect(call?.policy?.dangerouslyAllowPrivateNetwork).toBe(true);
expect(call?.policy?.allowRfc2544BenchmarkRange).toBe(true);
expect(call?.policy?.allowIpv6UniqueLocalRange).toBe(true);
expect(call?.mode).toBe(GUARDED_FETCH_MODE.TRUSTED_ENV_PROXY);
});
it("keeps strict endpoint policy unchanged", async () => {
@@ -83,12 +75,8 @@ describe("web-guarded-fetch", () => {
await withStrictWebToolsEndpoint({ url: "https://example.com" }, async () => undefined);
expect(fetchWithSsrFGuard).toHaveBeenCalledWith(
expect.objectContaining({
url: "https://example.com",
}),
);
const call = vi.mocked(fetchWithSsrFGuard).mock.calls[0]?.[0];
expect(call?.url).toBe("https://example.com");
expect(call?.policy).toBeUndefined();
expect(call?.mode).toBe(GUARDED_FETCH_MODE.STRICT);
});