gnezim/clawsec
1
0
Fork 0
mirror of https://github.com/prompt-security/clawsec.git synced 2026-06-15 14:31:21 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
dependabot/github_actions/github/codeql-action-4.36.2
clawsec/wiki/platform-verification.md
T
davida-ps fefecaa60a feat(wiki): add full in-app wiki browser and llms index (#80) 
* feat(wiki): add full in-app wiki browser and llms index

* feat(wiki): auto-generate per-page llms exports

* vuln package

* fix(wiki): guard malformed route decoding

* fix(wiki): preserve markdown anchor fragments across page links

* refactor(markdown): share default render components

* fix(wiki): block unsafe markdown link schemes

* fix(wiki): block unsafe markdown image schemes

* docs(wiki): migrate root docs into wiki pages

* chore(wiki): de-track generated llms exports

* chore(wiki): ignore generated public wiki artifacts

* fix(wiki): align llms urls with per-page endpoint pattern

* fix(wiki): derive llms index from wiki index page

* refactor(markdown): share frontmatter and title helpers

* refactor(wiki): share route and llms path mapping

* ci(pages): add pr verify workflow and tighten deploy triggers
2026-02-26 10:43:36 +02:00

99 lines
3.5 KiB
Markdown
Raw Permalink Blame History

# Platform Verification Checklist
Use this checklist to validate portability and path-handling behavior after changes.
## Linux Verification
1. Run core Node tests:
```bash
node skills/clawsec-suite/test/path_resolution.test.mjs
node skills/clawsec-suite/test/guarded_install.test.mjs
node skills/clawsec-suite/test/advisory_suppression.test.mjs
node skills/openclaw-audit-watchdog/test/suppression_config.test.mjs
```
Expected: all tests pass.
2. Verify no literal `$HOME` path acceptance:
```bash
CLAWSEC_LOCAL_FEED='\$HOME/advisories/feed.json' \
node skills/clawsec-suite/scripts/guarded_skill_install.mjs --skill test-skill --dry-run
```
Expected: exits non-zero with `Unexpanded home token` error.
3. Verify `$HOME` expansion works:
```bash
HOME=/tmp/clawsec-home node skills/clawsec-suite/test/path_resolution.test.mjs
```
Expected: `$HOME` expansion tests pass.
## macOS Verification
1. Run the same Node test suite as Linux.
2. Confirm OpenSSL tooling path assumptions are documented:
- If using LibreSSL/OpenSSL variations, ensure checks use tested command forms from docs.
3. Verify tilde expansion in config path:
```bash
OPENCLAW_AUDIT_CONFIG=~/.openclaw/security-audit.json \
node skills/openclaw-audit-watchdog/scripts/load_suppression_config.mjs --enable-suppressions
```
Expected: path resolves correctly (or clear file-not-found error at expanded location).
## Windows Verification (PowerShell)
1. Run Node tests:
```powershell
node skills/clawsec-suite/test/path_resolution.test.mjs
node skills/clawsec-suite/test/guarded_install.test.mjs
node skills/clawsec-suite/test/advisory_suppression.test.mjs
```
Expected: all pass.
2. Verify PowerShell env path expansion behavior:
```powershell
$env:CLAWSEC_LOCAL_FEED = '$env:USERPROFILE\advisories\feed.json'
node skills/clawsec-suite/scripts/guarded_skill_install.mjs --skill test-skill --dry-run
```
Expected: path token is expanded/normalized or fails with a clear error if target files are missing.
3. Verify escaped literal token rejection:
```powershell
$env:CLAWSEC_LOCAL_FEED = '\$HOME\advisories\feed.json'
node skills/clawsec-suite/scripts/guarded_skill_install.mjs --skill test-skill --dry-run
```
Expected: `Unexpanded home token` error; no directory creation with literal `$HOME`.
## Line Endings Sanity
1. Confirm LF policy is present:
```bash
test -f .gitattributes && grep -n "eol=lf" .gitattributes
```
Expected: script/config file patterns enforce LF.
2. After a CRLF-prone checkout, verify scripts still parse:
```bash
bash -n scripts/populate-local-feed.sh
bash -n scripts/populate-local-skills.sh
```
Expected: no `^M` shebang/parse errors.
## Explicit Bug Check: No Literal `$HOME` Directory Creation
1. Configure a path with a literal/escaped token.
2. Run setup/install command.
3. Verify command fails early with token error.
4. Confirm no `$HOME` segment directory was created under working directories.
Expected outcome: **no directories containing literal `$HOME` are created by supported setup scripts.**
## Source References
- .gitattributes
- scripts/populate-local-feed.sh
- scripts/populate-local-skills.sh
- skills/clawsec-suite/test/path_resolution.test.mjs
- skills/clawsec-suite/test/guarded_install.test.mjs
- skills/clawsec-suite/test/advisory_suppression.test.mjs
- skills/clawsec-suite/scripts/guarded_skill_install.mjs
- skills/openclaw-audit-watchdog/scripts/load_suppression_config.mjs
- skills/openclaw-audit-watchdog/test/suppression_config.test.mjs
Reference in New Issue View Git Blame Copy Permalink