| Quellcodebibliothek Statistik Leitseite products/Sources/formale Sprachen/JAVA/Openclaw/src/security/ (KI Agentensystem Version 22©) Datei vom 26.3.2026 mit Größe 4 kB |
|
Quelle dangerous-config-flags.test.tsSprache: JAVA |
|||||||||
|
Spracherkennung für: .ts vermutete Sprache: Unknown {[0] [0] [0]} [Methode: Schwerpunktbildung, einfache Gewichte, sechs Dimensionen] import { beforeEach, describe, expect, it, vi } from "vitest";
import type { OpenClawConfig } from "../config/config.js"; import { collectEnabledInsecureOrDangerousFlags } from "./dangerous-config-flags.js"; const { loadPluginManifestRegistryMock } = vi.hoisted(() => ({ loadPluginManifestRegistryMock: vi.fn(), })); vi.mock("../plugins/manifest-registry.js", () => ({ loadPluginManifestRegistry: loadPluginManifestRegistryMock, })); function asConfig(value: unknown): OpenClawConfig { return value as OpenClawConfig; } describe("collectEnabledInsecureOrDangerousFlags", () => { beforeEach(() => { loadPluginManifestRegistryMock.mockReset(); }); it("collects manifest-declared dangerous plugin config values", () => { loadPluginManifestRegistryMock.mockReturnValue({ plugins: [ { id: "acpx", configContracts: { dangerousFlags: [{ path: "permissionMode", equals: "approve-all" }], }, }, ], diagnostics: [], }); expect( collectEnabledInsecureOrDangerousFlags( asConfig({ plugins: { entries: { acpx: { config: { permissionMode: "approve-all", }, }, }, }, }), ), ).toContain("plugins.entries.acpx.config.permissionMode=approve-all"); }); it("ignores plugin config values that are not declared as dangerous", () => { loadPluginManifestRegistryMock.mockReturnValue({ plugins: [ { id: "other", configContracts: { dangerousFlags: [{ path: "mode", equals: "danger" }], }, }, ], diagnostics: [], }); expect( collectEnabledInsecureOrDangerousFlags( asConfig({ plugins: { entries: { other: { config: { mode: "safe", }, }, }, }, }), ), ).toEqual([]); }); it("collects dangerous sandbox, hook, browser, and fs flags", () => { expect( collectEnabledInsecureOrDangerousFlags( asConfig({ agents: { defaults: { sandbox: { docker: { dangerouslyAllowReservedContainerTargets: true, dangerouslyAllowContainerNamespaceJoin: true, }, }, }, list: [ { id: "worker", sandbox: { docker: { dangerouslyAllowExternalBindSources: true, }, }, }, ], }, hooks: { allowRequestSessionKey: true, }, browser: { ssrfPolicy: { dangerouslyAllowPrivateNetwork: true, }, }, tools: { fs: { workspaceOnly: false, }, }, }), ), ).toEqual( expect.arrayContaining([ "agents.defaults.sandbox.docker.dangerouslyAllowReservedContainerTargets=true", "agents.defaults.sandbox.docker.dangerouslyAllowContainerNamespaceJoin=true", 'agents.list[id="worker"].sandbox.docker.dangerouslyAllowExternalBindSources=tru "hooks.allowRequestSessionKey=true", "browser.ssrfPolicy.dangerouslyAllowPrivateNetwork=true", "tools.fs.workspaceOnly=false", ]), ); }); it("uses stable agent ids for per-agent dangerous sandbox flags", () => { expect( collectEnabledInsecureOrDangerousFlags( asConfig({ agents: { list: [ { id: "worker", sandbox: { docker: { dangerouslyAllowContainerNamespaceJoin: true, }, }, }, { id: "helper", }, ], }, }), ), ).toContain( 'agents.list[id="worker"].sandbox.docker.dangerouslyAllowContainerNamespaceJoin= ); expect( collectEnabledInsecureOrDangerousFlags( asConfig({ agents: { list: [ { id: "helper", }, { id: "worker", sandbox: { docker: { dangerouslyAllowContainerNamespaceJoin: true, }, }, }, ], }, }), ), ).toContain( 'agents.list[id="worker"].sandbox.docker.dangerouslyAllowContainerNamespaceJoin= ); }); }); ¤ Dauer der Verarbeitung: 0.15 Sekunden (vorverarbeitet am 2026-04-27) ¤*© Formatika GbR, Deutschland |
|
2026-05-26