From b17687b775c3e0f20ea320f5e554fe00e03aaebd Mon Sep 17 00:00:00 2001 From: Peter Steinberger Date: Tue, 3 Mar 2026 01:44:33 +0000 Subject: [PATCH] refactor(tests): dedupe security fix scenario helpers --- src/security/fix.test.ts | 61 ++++++++++++++++++++++++---------------- 1 file changed, 37 insertions(+), 24 deletions(-) diff --git a/src/security/fix.test.ts b/src/security/fix.test.ts index 75e753d018b..895a8dbf50e 100644 --- a/src/security/fix.test.ts +++ b/src/security/fix.test.ts @@ -55,6 +55,25 @@ describe("security fix", () => { }; }; + const expectTightenedStateAndConfigPerms = async (stateDir: string, configPath: string) => { + const stateMode = (await fs.stat(stateDir)).mode & 0o777; + expectPerms(stateMode, 0o700); + + const configMode = (await fs.stat(configPath)).mode & 0o777; + expectPerms(configMode, 0o600); + }; + + const runWhatsAppFixScenario = async (params: { + stateDir: string; + configPath: string; + whatsapp: Record; + allowFromStore: string[]; + }) => { + await writeWhatsAppConfig(params.configPath, params.whatsapp); + await writeWhatsAppAllowFromStore(params.stateDir, params.allowFromStore); + return runFixAndReadChannels(params.stateDir, params.configPath); + }; + const writeWhatsAppAllowFromStore = async (stateDir: string, allowFrom: string[]) => { const credsDir = path.join(stateDir, "credentials"); await fs.mkdir(credsDir, { recursive: true }); @@ -109,11 +128,7 @@ describe("security fix", () => { ]), ); - const stateMode = (await fs.stat(stateDir)).mode & 0o777; - expectPerms(stateMode, 0o700); - - const configMode = (await fs.stat(configPath)).mode & 0o777; - expectPerms(configMode, 0o600); + await expectTightenedStateAndConfigPerms(stateDir, configPath); const parsed = await readParsedConfig(configPath); const channels = parsed.channels as Record>; @@ -128,16 +143,17 @@ describe("security fix", () => { it("applies allowlist per-account and seeds WhatsApp groupAllowFrom from store", async () => { const stateDir = await createStateDir("per-account"); - const configPath = path.join(stateDir, "openclaw.json"); - await writeWhatsAppConfig(configPath, { - accounts: { - a1: { groupPolicy: "open" }, + const { res, channels } = await runWhatsAppFixScenario({ + stateDir, + configPath, + whatsapp: { + accounts: { + a1: { groupPolicy: "open" }, + }, }, + allowFromStore: ["+15550001111"], }); - - await writeWhatsAppAllowFromStore(stateDir, ["+15550001111"]); - const { res, channels } = await runFixAndReadChannels(stateDir, configPath); expect(res.ok).toBe(true); const whatsapp = channels.whatsapp; @@ -149,15 +165,16 @@ describe("security fix", () => { it("does not seed WhatsApp groupAllowFrom if allowFrom is set", async () => { const stateDir = await createStateDir("no-seed"); - const configPath = path.join(stateDir, "openclaw.json"); - await writeWhatsAppConfig(configPath, { - groupPolicy: "open", - allowFrom: ["+15552223333"], + const { res, channels } = await runWhatsAppFixScenario({ + stateDir, + configPath, + whatsapp: { + groupPolicy: "open", + allowFrom: ["+15552223333"], + }, + allowFromStore: ["+15550001111"], }); - - await writeWhatsAppAllowFromStore(stateDir, ["+15550001111"]); - const { res, channels } = await runFixAndReadChannels(stateDir, configPath); expect(res.ok).toBe(true); expect(channels.whatsapp.groupPolicy).toBe("allowlist"); @@ -177,11 +194,7 @@ describe("security fix", () => { const res = await fixSecurityFootguns({ env, stateDir, configPath }); expect(res.ok).toBe(false); - const stateMode = (await fs.stat(stateDir)).mode & 0o777; - expectPerms(stateMode, 0o700); - - const configMode = (await fs.stat(configPath)).mode & 0o777; - expectPerms(configMode, 0o600); + await expectTightenedStateAndConfigPerms(stateDir, configPath); }); it("tightens perms for credentials + agent auth/sessions + include files", async () => {