vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-12 07:20:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor(tests): dedupe security fix scenario helpers

Browse Source
This commit is contained in:
Peter Steinberger
2026-03-03 01:44:33 +00:00
parent eca242b971
commit b17687b775
1 changed files with 37 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
src/security/fix.test.ts
View File

@@ -55,6 +55,25 @@ describe("security fix", () => {
};
};
const expectTightenedStateAndConfigPerms = async (stateDir: string, configPath: string) => {
const stateMode = (await fs.stat(stateDir)).mode & 0o777;
expectPerms(stateMode, 0o700);
const configMode = (await fs.stat(configPath)).mode & 0o777;
expectPerms(configMode, 0o600);
};
const runWhatsAppFixScenario = async (params: {
stateDir: string;
configPath: string;
whatsapp: Record<string, unknown>;
allowFromStore: string[];
}) => {
await writeWhatsAppConfig(params.configPath, params.whatsapp);
await writeWhatsAppAllowFromStore(params.stateDir, params.allowFromStore);
return runFixAndReadChannels(params.stateDir, params.configPath);
};
const writeWhatsAppAllowFromStore = async (stateDir: string, allowFrom: string[]) => {
const credsDir = path.join(stateDir, "credentials");
await fs.mkdir(credsDir, { recursive: true });
@@ -109,11 +128,7 @@ describe("security fix", () => {
]),
);
const stateMode = (await fs.stat(stateDir)).mode & 0o777;
expectPerms(stateMode, 0o700);
const configMode = (await fs.stat(configPath)).mode & 0o777;
expectPerms(configMode, 0o600);
await expectTightenedStateAndConfigPerms(stateDir, configPath);
const parsed = await readParsedConfig(configPath);
const channels = parsed.channels as Record<string, Record<string, unknown>>;
@@ -128,16 +143,17 @@ describe("security fix", () => {
it("applies allowlist per-account and seeds WhatsApp groupAllowFrom from store", async () => {
const stateDir = await createStateDir("per-account");
const configPath = path.join(stateDir, "openclaw.json");
await writeWhatsAppConfig(configPath, {
accounts: {
a1: { groupPolicy: "open" },
const { res, channels } = await runWhatsAppFixScenario({
stateDir,
configPath,
whatsapp: {
accounts: {
a1: { groupPolicy: "open" },
},
},
allowFromStore: ["+15550001111"],
});
await writeWhatsAppAllowFromStore(stateDir, ["+15550001111"]);
const { res, channels } = await runFixAndReadChannels(stateDir, configPath);
expect(res.ok).toBe(true);
const whatsapp = channels.whatsapp;
@@ -149,15 +165,16 @@ describe("security fix", () => {
it("does not seed WhatsApp groupAllowFrom if allowFrom is set", async () => {
const stateDir = await createStateDir("no-seed");
const configPath = path.join(stateDir, "openclaw.json");
await writeWhatsAppConfig(configPath, {
groupPolicy: "open",
allowFrom: ["+15552223333"],
const { res, channels } = await runWhatsAppFixScenario({
stateDir,
configPath,
whatsapp: {
groupPolicy: "open",
allowFrom: ["+15552223333"],
},
allowFromStore: ["+15550001111"],
});
await writeWhatsAppAllowFromStore(stateDir, ["+15550001111"]);
const { res, channels } = await runFixAndReadChannels(stateDir, configPath);
expect(res.ok).toBe(true);
expect(channels.whatsapp.groupPolicy).toBe("allowlist");
@@ -177,11 +194,7 @@ describe("security fix", () => {
const res = await fixSecurityFootguns({ env, stateDir, configPath });
expect(res.ok).toBe(false);
const stateMode = (await fs.stat(stateDir)).mode & 0o777;
expectPerms(stateMode, 0o700);
const configMode = (await fs.stat(configPath)).mode & 0o777;
expectPerms(configMode, 0o600);
await expectTightenedStateAndConfigPerms(stateDir, configPath);
});
it("tightens perms for credentials + agent auth/sessions + include files", async () => {