vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-21 14:11:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
925a499d847ceb6164fec01e8f355116ff3dac10
openclaw/extensions/browser/src/browser/cdp.helpers.test.ts
Peter Steinberger 925a499d84 ci: fix additional guard failures
2026-04-10 19:23:10 +01:00

54 lines
2.0 KiB
TypeScript
Raw Blame History

import { afterEach, describe, expect, it, vi } from "vitest";
import { SsrFBlockedError } from "../infra/net/ssrf.js";
vi.mock("./cdp-proxy-bypass.js", () => ({
getDirectAgentForCdp: vi.fn(() => null),
withNoProxyForCdpUrl: vi.fn(async (_url: string, fn: () => Promise<unknown>) => await fn()),
}));
const { assertCdpEndpointAllowed, fetchCdpChecked } = await import("./cdp.helpers.js");
const { BrowserCdpEndpointBlockedError } = await import("./errors.js");
describe("fetchCdpChecked", () => {
afterEach(() => {
vi.unstubAllGlobals();
});
it("disables automatic redirect following for CDP HTTP probes", async () => {
const fetchSpy = vi.fn().mockResolvedValue(
new Response(null, {
status: 302,
headers: { Location: "http://127.0.0.1:9222/json/version" },
}),
);
vi.stubGlobal("fetch", fetchSpy);
await expect(fetchCdpChecked("https://example.com/json/version", 50)).rejects.toThrow(
"CDP endpoint redirects are not allowed",
);
const init = fetchSpy.mock.calls[0]?.[1];
expect(init?.redirect).toBe("manual");
});
});
describe("assertCdpEndpointAllowed", () => {
it("rethrows SSRF policy failures as BrowserCdpEndpointBlockedError so mapping can distinguish endpoint vs navigation", async () => {
await expect(
assertCdpEndpointAllowed("http://10.0.0.42:9222", { dangerouslyAllowPrivateNetwork: false }),
).rejects.toBeInstanceOf(BrowserCdpEndpointBlockedError);
});
it("does not wrap non-SSRF failures", async () => {
await expect(
assertCdpEndpointAllowed("file:///etc/passwd", { dangerouslyAllowPrivateNetwork: false }),
).rejects.not.toBeInstanceOf(BrowserCdpEndpointBlockedError);
});
it("leaves navigation-target SsrFBlockedError alone for callers that never hit the endpoint helper", () => {
// Sanity check that raw SsrFBlockedError is still its own class and is not
// accidentally converted by the endpoint helper import.
expect(new SsrFBlockedError("blocked")).toBeInstanceOf(SsrFBlockedError);
});
});
Reference in New Issue View Git Blame Copy Permalink