vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-13 19:10:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
bafdbb6f112409a65decd3d4e7350fbd637c7754
openclaw/src/security/audit-extra.sync.test.ts

56 lines
2.0 KiB
TypeScript
Raw Blame History

import { describe, expect, it } from "vitest";
import type { OpenClawConfig } from "../config/config.js";
import { collectAttackSurfaceSummaryFindings } from "./audit-extra.sync.js";
import { safeEqualSecret } from "./secret-equal.js";
describe("collectAttackSurfaceSummaryFindings", () => {
it("distinguishes external webhooks from internal hooks when only internal hooks are enabled", () => {
const cfg: OpenClawConfig = {
hooks: { internal: { enabled: true } },
};
const [finding] = collectAttackSurfaceSummaryFindings(cfg);
expect(finding.checkId).toBe("summary.attack_surface");
expect(finding.detail).toContain("hooks.webhooks: disabled");
expect(finding.detail).toContain("hooks.internal: enabled");
});
it("reports both hook systems as enabled when both are configured", () => {
const cfg: OpenClawConfig = {
hooks: { enabled: true, internal: { enabled: true } },
};
const [finding] = collectAttackSurfaceSummaryFindings(cfg);
expect(finding.detail).toContain("hooks.webhooks: enabled");
expect(finding.detail).toContain("hooks.internal: enabled");
});
it("reports both hook systems as disabled when neither is configured", () => {
const cfg: OpenClawConfig = {};
const [finding] = collectAttackSurfaceSummaryFindings(cfg);
expect(finding.detail).toContain("hooks.webhooks: disabled");
expect(finding.detail).toContain("hooks.internal: disabled");
});
});
describe("safeEqualSecret", () => {
it("matches identical secrets", () => {
expect(safeEqualSecret("secret-token", "secret-token")).toBe(true);
});
it("rejects mismatched secrets", () => {
expect(safeEqualSecret("secret-token", "secret-tokEn")).toBe(false);
});
it("rejects different-length secrets", () => {
expect(safeEqualSecret("short", "much-longer")).toBe(false);
});
it("rejects missing values", () => {
expect(safeEqualSecret(undefined, "secret")).toBe(false);
expect(safeEqualSecret("secret", undefined)).toBe(false);
expect(safeEqualSecret(null, "secret")).toBe(false);
});
});
Reference in New Issue View Git Blame Copy Permalink