vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-26 18:15:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

test: make root permission assertions deterministic

Browse Source
This commit is contained in:
Vincent Koc
2026-05-11 10:33:42 +08:00
parent f3361dc928
commit a504cd0190
2 changed files with 67 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
src/node-host/invoke-system-run-plan.test.ts
View File

@@ -65,6 +65,22 @@ function sha256FileSync(filePath: string): string {
return createHash("sha256").update(fs.readFileSync(filePath)).digest("hex");
}
function canWritePathSync(targetPath: string): boolean {
try {
fs.accessSync(targetPath, fs.constants.W_OK);
return true;
} catch {
return false;
}
}
function canMutateNativeBinaryFixturePath(binaryPath: string): boolean {
const realPath = fs.realpathSync(binaryPath);
return [binaryPath, path.dirname(binaryPath), realPath, path.dirname(realPath)].some((entry) =>
canWritePathSync(entry),
);
}
function createScriptOperandFixture(tmp: string, fixture?: RuntimeFixture): ScriptOperandFixture {
if (fixture) {
return {
@@ -646,7 +662,7 @@ describe("hardenApprovedExecutionPaths", () => {
);
});
it("allows shell payloads that invoke absolute-path native binaries", () => {
it("handles shell payloads that invoke absolute-path native binaries", () => {
if (process.platform === "win32") {
return;
}
@@ -656,6 +672,10 @@ describe("hardenApprovedExecutionPaths", () => {
rawCommand: binaryPath,
cwd: process.cwd(),
});
if (canMutateNativeBinaryFixturePath(binaryPath)) {
expect(prepared).toEqual(DENIED_RUNTIME_APPROVAL);
return;
}
expect(prepared.ok).toBe(true);
if (!prepared.ok) {
throw new Error("unreachable");