vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-18 19:04:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

test(release): tolerate generated Slack scan artifact

Browse Source
This commit is contained in:
Peter Steinberger
2026-05-14 23:21:35 +01:00
parent 942334f97d
commit 93c799eb16
1 changed files with 15 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/plugins/npm-install-security-scan.release.test.ts
View File

@@ -30,7 +30,6 @@ const REQUIRED_REVIEWED_PUBLISHABLE_CRITICAL_FINDINGS = new Set([
"@openclaw/google-meet:dangerous-exec:src/node-host.ts",
"@openclaw/google-meet:dangerous-exec:src/realtime.ts",
"@openclaw/matrix:dangerous-exec:src/matrix/deps.ts",
"@openclaw/slack:dynamic-code-execution:dist/outbound-payload.test-harness-<hash>.js",
"@openclaw/voice-call:dangerous-exec:src/tunnel.ts",
"@openclaw/voice-call:dangerous-exec:src/webhook/tailscale.ts",
]);
@@ -40,6 +39,7 @@ const OPTIONAL_REVIEWED_PUBLISHABLE_DIST_CRITICAL_FINDINGS = new Set([
"@openclaw/acpx:dangerous-exec:dist/service-<hash>.js",
"@openclaw/codex:dangerous-exec:dist/client-<hash>.js",
"@openclaw/google-meet:dangerous-exec:dist/index.js",
"@openclaw/slack:dynamic-code-execution:dist/outbound-payload.test-harness-<hash>.js",
"@openclaw/voice-call:dangerous-exec:dist/runtime-entry-<hash>.js",
]);
@@ -99,6 +99,16 @@ function normalizePackedFindingPath(packedPath: string): string {
return packedPath;
}
function expectedOptionalReviewedFindingsForPackedPath(
packageName: string,
packedPath: string,
): string[] {
const normalizedPath = normalizePackedFindingPath(packedPath);
return [...OPTIONAL_REVIEWED_PUBLISHABLE_DIST_CRITICAL_FINDINGS].filter(
(key) => key.startsWith(`${packageName}:`) && key.endsWith(`:${normalizedPath}`),
);
}
function stageScannerRelevantPackedFiles(
packageDir: string,
packedFiles: readonly string[],
@@ -182,8 +192,10 @@ async function scanPublishablePluginPackage(plugin: PublishablePluginPackage): P
const unexpectedCriticalFindings: string[] = [];
const packedFiles = await collectNpmPackedFiles(plugin.packageDir, plugin.packageName);
for (const packedFile of packedFiles) {
const key = `${plugin.packageName}:dangerous-exec:${normalizePackedFindingPath(packedFile)}`;
if (OPTIONAL_REVIEWED_PUBLISHABLE_DIST_CRITICAL_FINDINGS.has(key)) {
for (const key of expectedOptionalReviewedFindingsForPackedPath(
plugin.packageName,
packedFile,
)) {
expectedReviewedCriticalFindings.push(key);
}
}