mirror of
https://github.com/prompt-security/clawsec.git
synced 2026-06-13 05:28:02 +03:00
davida-ps
c9a66d5c99
* refactor: extract shared test harness module from 9 test files Extract duplicated test utilities into a reusable test_harness.mjs module to eliminate ~200-250 lines of boilerplate code across test files. Changes: - Create skills/clawsec-suite/test/lib/test_harness.mjs with: - Test reporting: pass(), fail(), report(), exitWithResults() - Crypto utilities: generateEd25519KeyPair(), signPayload() - Temp directory: createTempDir() with cleanup - Environment helpers: withEnv() for isolated env vars - Test runner factory: createTestRunner() for isolated counters - Refactor 9 test files to use shared harness: - feed_verification.test.mjs - guarded_install.test.mjs - skill_catalog_discovery.test.mjs - advisory_suppression.test.mjs - advisory_application_scope.test.mjs - path_resolution.test.mjs - fuzz_properties.test.mjs - suppression_config.test.mjs - render_report_suppression.test.mjs Benefits: - Single source of truth for test utilities - Consistent test reporting across all files - Easier to add new test files - Reduced maintenance burden Verification: - All 80 tests pass (15+8+3+15+4+6+1+17+11) - Zero ESLint warnings - No behavior changes - only code deduplication - Cross-skill module sharing works (openclaw-audit-watchdog → clawsec-suite) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> * fix: update minimatch override to 10.2.4 to resolve ReDoS vulnerabilities Bump minimatch from 10.2.1 to 10.2.4 in overrides to fix 10 high-severity ReDoS vulnerabilities (GHSA-7r86-cg39-jmmj, GHSA-23c5-xmqv-rm74). Also add .venv/ to ESLint ignores to prevent linting Python venv files. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
84 lines
2.6 KiB
JavaScript
84 lines
2.6 KiB
JavaScript
#!/usr/bin/env node
|
|
|
|
/**
|
|
* Advisory application scope tests:
|
|
* - openclaw advisories are considered
|
|
* - nanoclaw advisories are ignored
|
|
* - legacy advisories without application remain eligible
|
|
*
|
|
* Run: node skills/clawsec-suite/test/advisory_application_scope.test.mjs
|
|
*/
|
|
|
|
import path from "node:path";
|
|
import { fileURLToPath } from "node:url";
|
|
import { pass, fail, report, exitWithResults } from "./lib/test_harness.mjs";
|
|
|
|
const __dirname = path.dirname(fileURLToPath(import.meta.url));
|
|
const LIB_PATH = path.resolve(__dirname, "..", "hooks", "clawsec-advisory-guardian", "lib");
|
|
const { advisoryAppliesToOpenclaw } = await import(`${LIB_PATH}/advisory_scope.mjs`);
|
|
|
|
function testFindMatchesFiltersByApplicationScope() {
|
|
const testName = "advisoryAppliesToOpenclaw: openclaw + legacy advisories are considered";
|
|
|
|
const inputs = [
|
|
{ id: "ADV-OPENCLAW-001", application: "openclaw", expect: true },
|
|
{ id: "ADV-NANOCLAW-001", application: "nanoclaw", expect: false },
|
|
{ id: "ADV-LEGACY-001", expect: true },
|
|
];
|
|
|
|
for (const input of inputs) {
|
|
const result = advisoryAppliesToOpenclaw({ application: input.application });
|
|
if (result !== input.expect) {
|
|
fail(testName, `Unexpected result for ${input.id}: expected ${input.expect}, got ${result}`);
|
|
return;
|
|
}
|
|
}
|
|
|
|
pass(testName);
|
|
}
|
|
|
|
function testApplicationAllAccepted() {
|
|
const testName = "advisoryAppliesToOpenclaw: application=all is considered";
|
|
const result = advisoryAppliesToOpenclaw({ application: "all" });
|
|
if (!result) {
|
|
fail(testName, "Expected true for application=all");
|
|
return;
|
|
}
|
|
pass(testName);
|
|
}
|
|
|
|
function testFindMatchesAcceptsApplicationArray() {
|
|
const testName = "advisoryAppliesToOpenclaw: application array containing openclaw is considered";
|
|
const result = advisoryAppliesToOpenclaw({ application: ["nanoclaw", "openclaw"] });
|
|
if (!result) {
|
|
fail(testName, "Expected true for application array containing openclaw");
|
|
return;
|
|
}
|
|
|
|
pass(testName);
|
|
}
|
|
|
|
function testInvalidApplicationValueFallsBackCompat() {
|
|
const testName = "advisoryAppliesToOpenclaw: invalid application values keep legacy compatibility";
|
|
const result = advisoryAppliesToOpenclaw({ application: { invalid: true } });
|
|
if (!result) {
|
|
fail(testName, "Expected true for non-string application to preserve backward compatibility");
|
|
return;
|
|
}
|
|
pass(testName);
|
|
}
|
|
|
|
function runTests() {
|
|
console.log("=== ClawSec Advisory Application Scope Tests ===\n");
|
|
|
|
testFindMatchesFiltersByApplicationScope();
|
|
testApplicationAllAccepted();
|
|
testFindMatchesAcceptsApplicationArray();
|
|
testInvalidApplicationValueFallsBackCompat();
|
|
|
|
report();
|
|
exitWithResults();
|
|
}
|
|
|
|
runTests();
|