docs: document sandbox path tests · openclaw/openclaw@58f0070
steipete
·
2026-06-05
·
via Recent Commits to openclaw:main
| Original file line number | Diff line number | Diff line change |
|---|
|
| 1 | +// Verifies sandbox config merge precedence across global, agent, and shared scopes. |
1 | 2 | import { describe, expect, it } from "vitest"; |
2 | 3 | import { |
3 | 4 | resolveSandboxBrowserConfig, |
@@ -60,6 +61,7 @@ describe("sandbox config merges", () => {
|
60 | 61 | }); |
61 | 62 | |
62 | 63 | it("resolves docker binds and shared-scope override behavior", () => { |
| 64 | +// Shared scope intentionally ignores agent-specific Docker overrides. |
63 | 65 | for (const scenario of [ |
64 | 66 | { |
65 | 67 | name: "merges sandbox docker binds (global + agent combined)", |
|
| Original file line number | Diff line number | Diff line change |
|---|
|
| 1 | +// Verifies sandbox media path admission for workspace, tmp, managed, and remote sources. |
1 | 2 | import fs from "node:fs/promises"; |
2 | 3 | import os from "node:os"; |
3 | 4 | import path from "node:path"; |
@@ -7,6 +8,7 @@ import { resolvePreferredOpenClawTmpDir } from "../infra/tmp-openclaw-dir.js";
|
7 | 8 | import { resolveAllowedManagedMediaPath, resolveSandboxedMediaSource } from "./sandbox-paths.js"; |
8 | 9 | |
9 | 10 | async function withSandboxRoot<T>(run: (sandboxDir: string) => Promise<T>) { |
| 11 | +// Real temp roots exercise path normalization and symlink/hardlink behavior. |
10 | 12 | const sandboxDir = await fs.mkdtemp(path.join(os.tmpdir(), "sandbox-media-")); |
11 | 13 | try { |
12 | 14 | return await run(sandboxDir); |
@@ -49,6 +51,7 @@ async function withOutsideHardlinkInOpenClawTmp<T>(
|
49 | 51 | }, |
50 | 52 | run: (paths: { hardlinkPath: string; symlinkPath?: string }) => Promise<T>, |
51 | 53 | ): Promise<void> { |
| 54 | +// Hardlinks in allowed temp roots must still be rejected when inode points outside. |
52 | 55 | const outsideDir = await fs.mkdtemp(path.join(process.cwd(), "sandbox-media-hardlink-outside-")); |
53 | 56 | const outsideFile = path.join(outsideDir, "outside-secret.txt"); |
54 | 57 | const hardlinkPath = path.join(params.openClawTmpDir, makeTmpProbePath(params.hardlinkPrefix)); |
|
| Original file line number | Diff line number | Diff line change |
|---|
|
| 1 | +// Verifies Windows drive-letter paths are treated as absolute under POSIX hosts. |
1 | 2 | import path from "node:path"; |
2 | 3 | import { describe, expect, it } from "vitest"; |
3 | 4 | import { resolveToolPathAgainstWorkspaceRoot } from "./agent-tools.read.js"; |
|
| Original file line number | Diff line number | Diff line change |
|---|
|
| 1 | +// Verifies sandbox tool allow/deny policy extraction and additive alsoAllow behavior. |
1 | 2 | import { describe, expect, it } from "vitest"; |
2 | 3 | import type { OpenClawConfig } from "../config/config.js"; |
3 | 4 | import { resolveEffectiveToolPolicy } from "./agent-tools.policy.js"; |
@@ -33,6 +34,7 @@ describe("pickSandboxToolPolicy", () => {
|
33 | 34 | }); |
34 | 35 | |
35 | 36 | it("preserves allow-all semantics for allow: [] plus alsoAllow", () => { |
| 37 | +// Empty allow means allow-all; alsoAllow remains additive, not restrictive. |
36 | 38 | expect( |
37 | 39 | pickSandboxToolPolicy({ |
38 | 40 | allow: [], |
|
| Original file line number | Diff line number | Diff line change |
|---|
|
| 1 | +// Verifies sandbox context resolution, backend registration, and main-session bypass. |
1 | 2 | import fs from "node:fs/promises"; |
2 | 3 | import os from "node:os"; |
3 | 4 | import path from "node:path"; |
@@ -49,6 +50,7 @@ let sandboxFixtureRoot = "";
|
49 | 50 | let sandboxFixtureCount = 0; |
50 | 51 | |
51 | 52 | async function createSandboxFixtureDir(prefix: string): Promise<string> { |
| 53 | +// Shared fixture root avoids repeated temp-dir setup across sandbox context cases. |
52 | 54 | const dir = path.join(sandboxFixtureRoot, `${prefix}-${sandboxFixtureCount++}`); |
53 | 55 | await fs.mkdir(dir, { recursive: true }); |
54 | 56 | return dir; |
@@ -102,6 +104,7 @@ describe("resolveSandboxContext", () => {
|
102 | 104 | }, 15_000); |
103 | 105 | |
104 | 106 | it("does not touch sandbox backends for cron or sub-agent sessions when sandbox mode is off", async () => { |
| 107 | +// Mode=off should short-circuit before resolving any backend implementation. |
105 | 108 | const backendFactory = vi.fn(async () => ({ |
106 | 109 | id: "test-off-backend", |
107 | 110 | runtimeId: "unexpected-runtime", |
|
| Original file line number | Diff line number | Diff line change |
|---|
|
| 1 | +// Verifies prompt literals and data blocks strip control/spoofing characters. |
1 | 2 | import { describe, expect, it } from "vitest"; |
2 | 3 | import { |
3 | 4 | sanitizeForPromptLiteral, |
|
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。