mirror of
https://github.com/openclaw/openclaw.git
synced 2026-04-24 07:31:44 +00:00
49 lines
1.7 KiB
TypeScript
49 lines
1.7 KiB
TypeScript
import { describe, expect, it } from "vitest";
|
|
import type { OpenClawConfig } from "../config/config.js";
|
|
import { collectSmallModelRiskFindings } from "./audit-extra.summary.js";
|
|
|
|
describe("security audit small-model risk findings", () => {
|
|
it("scores small-model risk by tool/sandbox exposure", () => {
|
|
const cases: Array<{
|
|
name: string;
|
|
cfg: OpenClawConfig;
|
|
expectedSeverity: "info" | "critical";
|
|
detailIncludes: string[];
|
|
}> = [
|
|
{
|
|
name: "small model with web and browser enabled",
|
|
cfg: {
|
|
agents: { defaults: { model: { primary: "ollama/mistral-8b" } } },
|
|
tools: { web: { search: { enabled: true }, fetch: { enabled: true } } },
|
|
browser: { enabled: true },
|
|
},
|
|
expectedSeverity: "critical",
|
|
detailIncludes: ["mistral-8b", "web_search", "web_fetch", "browser"],
|
|
},
|
|
{
|
|
name: "small model with sandbox all and web/browser disabled",
|
|
cfg: {
|
|
agents: {
|
|
defaults: { model: { primary: "ollama/mistral-8b" }, sandbox: { mode: "all" } },
|
|
},
|
|
tools: { web: { search: { enabled: false }, fetch: { enabled: false } } },
|
|
browser: { enabled: false },
|
|
},
|
|
expectedSeverity: "info",
|
|
detailIncludes: ["mistral-8b", "sandbox=all"],
|
|
},
|
|
];
|
|
|
|
for (const testCase of cases) {
|
|
const [finding] = collectSmallModelRiskFindings({
|
|
cfg: testCase.cfg,
|
|
env: process.env,
|
|
});
|
|
expect(finding?.severity, testCase.name).toBe(testCase.expectedSeverity);
|
|
for (const snippet of testCase.detailIncludes) {
|
|
expect(finding?.detail, `${testCase.name}:${snippet}`).toContain(snippet);
|
|
}
|
|
}
|
|
});
|
|
});
|