Hugging Face's logo

Darochin
/
openskynet

English
Spanish
agent
autonomy
research
typescript
nodejs
llm
Model card Files
xet
 Community
openskynet / src /security /audit-extra.sync.test.ts
Darochin's picture
Darochin
Mirror OpenSkyNet workspace snapshot from Git HEAD
fc93158 verified
raw
history blame contribute delete
2.09 kB
import { describe, expect, it } from "vitest";
import type { OpenClawConfig } from "../config/config.js";
import { collectAttackSurfaceSummaryFindings } from "./audit-extra.sync.js";
import { safeEqualSecret } from "./secret-equal.js";
describe("collectAttackSurfaceSummaryFindings", () => {
 it("distinguishes external webhooks from internal hooks when only internal hooks are enabled", () => {
 const cfg: OpenClawConfig = {
 hooks: { internal: { enabled: true } },
 };
const [finding] = collectAttackSurfaceSummaryFindings(cfg);
 expect(finding.checkId).toBe("summary.attack_surface");
 expect(finding.detail).toContain("hooks.webhooks: disabled");
 expect(finding.detail).toContain("hooks.internal: enabled");
 });
it("reports both hook systems as enabled when both are configured", () => {
 const cfg: OpenClawConfig = {
 hooks: { enabled: true, internal: { enabled: true } },
 };
const [finding] = collectAttackSurfaceSummaryFindings(cfg);
 expect(finding.detail).toContain("hooks.webhooks: enabled");
 expect(finding.detail).toContain("hooks.internal: enabled");
 });
it("reports both hook systems as disabled when neither is configured", () => {
 const cfg: OpenClawConfig = {};
const [finding] = collectAttackSurfaceSummaryFindings(cfg);
 expect(finding.detail).toContain("hooks.webhooks: disabled");
 expect(finding.detail).toContain("hooks.internal: disabled");
 });
});
describe("safeEqualSecret", () => {
 it("matches identical secrets", () => {
 expect(safeEqualSecret("secret-token", "secret-token")).toBe(true);
 });
it("rejects mismatched secrets", () => {
 expect(safeEqualSecret("secret-token", "secret-tokEn")).toBe(false);
 });
it("rejects different-length secrets", () => {
 expect(safeEqualSecret("short", "much-longer")).toBe(false);
 });
it("rejects missing values", () => {
 expect(safeEqualSecret(undefined, "secret")).toBe(false);
 expect(safeEqualSecret("secret", undefined)).toBe(false);
 expect(safeEqualSecret(null, "secret")).toBe(false);
 });
});