mirror of
https://github.com/openclaw/openclaw.git
synced 2026-05-03 12:30:21 +00:00
62 lines
1.9 KiB
TypeScript
62 lines
1.9 KiB
TypeScript
import { describe, expect, it } from "vitest";
|
|
import { collectFeishuSecurityAuditFindings } from "../../test/helpers/channels/security-audit-contract.js";
|
|
import type { OpenClawConfig } from "../config/config.js";
|
|
|
|
describe("security audit Feishu doc risk findings", () => {
|
|
it.each([
|
|
{
|
|
name: "warns when Feishu doc tool is enabled because create can grant requester access",
|
|
cfg: {
|
|
channels: {
|
|
feishu: {
|
|
appId: "cli_test",
|
|
appSecret: "secret_test",
|
|
},
|
|
},
|
|
} satisfies OpenClawConfig,
|
|
expectedFinding: "channels.feishu.doc_owner_open_id",
|
|
},
|
|
{
|
|
name: "treats Feishu SecretRef appSecret as configured for doc tool risk detection",
|
|
cfg: {
|
|
channels: {
|
|
feishu: {
|
|
appId: "cli_test",
|
|
appSecret: {
|
|
source: "env",
|
|
provider: "default",
|
|
id: "FEISHU_APP_SECRET",
|
|
},
|
|
},
|
|
},
|
|
} satisfies OpenClawConfig,
|
|
expectedFinding: "channels.feishu.doc_owner_open_id",
|
|
},
|
|
{
|
|
name: "does not warn for Feishu doc grant risk when doc tools are disabled",
|
|
cfg: {
|
|
channels: {
|
|
feishu: {
|
|
appId: "cli_test",
|
|
appSecret: "secret_test",
|
|
tools: { doc: false },
|
|
},
|
|
},
|
|
} satisfies OpenClawConfig,
|
|
expectedNoFinding: "channels.feishu.doc_owner_open_id",
|
|
},
|
|
])("$name", ({ cfg, expectedFinding, expectedNoFinding }) => {
|
|
const findings = collectFeishuSecurityAuditFindings({ cfg });
|
|
if (expectedFinding) {
|
|
expect(
|
|
findings.some(
|
|
(finding) => finding.checkId === expectedFinding && finding.severity === "warn",
|
|
),
|
|
).toBe(true);
|
|
}
|
|
if (expectedNoFinding) {
|
|
expect(findings.some((finding) => finding.checkId === expectedNoFinding)).toBe(false);
|
|
}
|
|
});
|
|
});
|