negodiy/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
1a42ea3abfa2a9124e113edefbb5965d128e37bf
openclaw/src/infra/host-env-security.policy-parity.test.ts

63 lines
2.3 KiB
TypeScript
Raw Blame History

import fs from "node:fs";
import path from "node:path";
import { describe, expect, it } from "vitest";
type HostEnvSecurityPolicy = {
blockedKeys: string[];
blockedOverrideKeys?: string[];
blockedPrefixes: string[];
};
function parseSwiftStringArray(source: string, marker: string): string[] {
const escapedMarker = marker.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
const re = new RegExp(`${escapedMarker}[\\s\\S]*?=\\s*\\[([\\s\\S]*?)\\]`, "m");
const match = source.match(re);
if (!match) {
throw new Error(`Failed to parse Swift array for marker: ${marker}`);
}
return Array.from(match[1].matchAll(/"([^"]+)"/g), (m) => m[1]);
}
describe("host env security policy parity", () => {
it("keeps generated macOS host env policy in sync with shared JSON policy", () => {
const repoRoot = process.cwd();
const policyPath = path.join(repoRoot, "src/infra/host-env-security-policy.json");
const generatedSwiftPath = path.join(
repoRoot,
"apps/macos/Sources/OpenClaw/HostEnvSecurityPolicy.generated.swift",
);
const sanitizerSwiftPath = path.join(
repoRoot,
"apps/macos/Sources/OpenClaw/HostEnvSanitizer.swift",
);
const policy = JSON.parse(fs.readFileSync(policyPath, "utf8")) as HostEnvSecurityPolicy;
const generatedSource = fs.readFileSync(generatedSwiftPath, "utf8");
const sanitizerSource = fs.readFileSync(sanitizerSwiftPath, "utf8");
const swiftBlockedKeys = parseSwiftStringArray(generatedSource, "static let blockedKeys");
const swiftBlockedOverrideKeys = parseSwiftStringArray(
generatedSource,
"static let blockedOverrideKeys",
);
const swiftBlockedPrefixes = parseSwiftStringArray(
generatedSource,
"static let blockedPrefixes",
);
expect(swiftBlockedKeys).toEqual(policy.blockedKeys);
expect(swiftBlockedOverrideKeys).toEqual(policy.blockedOverrideKeys ?? []);
expect(swiftBlockedPrefixes).toEqual(policy.blockedPrefixes);
expect(sanitizerSource).toContain(
"private static let blockedKeys = HostEnvSecurityPolicy.blockedKeys",
);
expect(sanitizerSource).toContain(
"private static let blockedOverrideKeys = HostEnvSecurityPolicy.blockedOverrideKeys",
);
expect(sanitizerSource).toContain(
"private static let blockedPrefixes = HostEnvSecurityPolicy.blockedPrefixes",
);
});
});
Reference in New Issue View Git Blame Copy Permalink