vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-10 02:10:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

test: tighten gateway exposure assertions

Browse Source
This commit is contained in:
Shakker
2026-05-08 21:11:30 +01:00
parent a0ef60eb4c
commit ab16feb5bf
1 changed files with 19 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
src/security/audit-gateway-exposure.test.ts
View File

@@ -10,6 +10,20 @@ function hasFinding(
return findings.some((finding) => finding.checkId === checkId && finding.severity === severity);
}
function requireDangerousFlagsFinding(
findings: ReturnType<typeof collectGatewayConfigFindings>,
label: string,
) {
const finding = findings.find((entry) => entry.checkId === "config.insecure_or_dangerous_flags");
expect(finding, label).toMatchObject({
checkId: "config.insecure_or_dangerous_flags",
});
if (!finding) {
throw new Error(`Expected dangerous flags finding for ${label}`);
}
return finding;
}
describe("security audit gateway exposure findings", () => {
it("warns on insecure or dangerous flags", () => {
const cases = [
@@ -69,15 +83,10 @@ describe("security audit gateway exposure findings", () => {
expect.arrayContaining([expect.objectContaining(testCase.expectedFinding)]),
);
}
const finding = findings.find(
(entry) => entry.checkId === "config.insecure_or_dangerous_flags",
);
expect(finding, testCase.name).toMatchObject({
checkId: "config.insecure_or_dangerous_flags",
});
expect(finding?.severity, testCase.name).toBe("warn");
const finding = requireDangerousFlagsFinding(findings, testCase.name);
expect(finding.severity, testCase.name).toBe("warn");
for (const snippet of testCase.expectedDangerousDetails) {
expect(finding?.detail, `${testCase.name}:${snippet}`).toContain(snippet);
expect(finding.detail, `${testCase.name}:${snippet}`).toContain(snippet);
}
}
});
@@ -150,10 +159,8 @@ describe("security audit gateway exposure findings", () => {
expect(
findings.some((finding) => finding.checkId === "gateway.control_ui.allowed_origins_required"),
).toBe(false);
const flags = findings.find(
(finding) => finding.checkId === "config.insecure_or_dangerous_flags",
);
expect(flags?.detail ?? "").toContain(
const flags = requireDangerousFlagsFinding(findings, "host header origin fallback");
expect(flags.detail).toContain(
"gateway.controlUi.dangerouslyAllowHostHeaderOriginFallback=true",
);
});