

























@@ -107,6 +107,23 @@ function hasFinding(
107107);
108108}
109109110+function expectFindingCode(report: Awaited<ReturnType<typeof runSecretsAudit>>, code: string) {
111+expect(hasFinding(report, (entry) => entry.code === code)).toBe(true);
112+}
113+114+function expectFindingFile(report: Awaited<ReturnType<typeof runSecretsAudit>>, filePath: string) {
115+expect(hasFinding(report, (entry) => entry.file === filePath)).toBe(true);
116+}
117+118+async function expectPathMissing(filePath: string): Promise<void> {
119+try {
120+await fs.stat(filePath);
121+throw new Error(`Expected ${filePath} to be missing`);
122+} catch (error) {
123+expect((error as NodeJS.ErrnoException).code).toBe("ENOENT");
124+}
125+}
126+110127async function createAuditFixture(): Promise<AuditFixture> {
111128const rootDir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-secrets-audit-"));
112129const stateDir = path.join(rootDir, ".openclaw");
@@ -230,12 +247,8 @@ describe("secrets audit", () => {
230247expect(report.status).toBe("findings");
231248expect(report.summary.plaintextCount).toBeGreaterThan(0);
232249expect(report.summary.shadowedRefCount).toBeGreaterThan(0);
233-expect(report.findings).toEqual(
234-expect.arrayContaining([
235-expect.objectContaining({ code: "REF_SHADOWED" }),
236-expect.objectContaining({ code: "PLAINTEXT_FOUND" }),
237-]),
238-);
250+expectFindingCode(report, "REF_SHADOWED");
251+expectFindingCode(report, "PLAINTEXT_FOUND");
239252});
240253241254it("does not mutate legacy auth.json during audit", async () => {
@@ -248,26 +261,20 @@ describe("secrets audit", () => {
248261});
249262250263const report = await runSecretsAudit({ env: fixture.env });
251-expect(report.findings).toEqual(
252-expect.arrayContaining([expect.objectContaining({ code: "LEGACY_RESIDUE" })]),
253-);
264+expectFindingCode(report, "LEGACY_RESIDUE");
254265const authJsonStat = await fs.stat(fixture.authJsonPath);
255266expect(authJsonStat.isFile()).toBe(true);
256-await expect(fs.stat(fixture.authStorePath)).rejects.toMatchObject({ code: "ENOENT" });
267+await expectPathMissing(fixture.authStorePath);
257268});
258269259270it("reports malformed sidecar JSON as findings instead of crashing", async () => {
260271await fs.writeFile(fixture.authStorePath, "{invalid-json", "utf8");
261272await fs.writeFile(fixture.authJsonPath, "{invalid-json", "utf8");
262273263274const report = await runSecretsAudit({ env: fixture.env });
264-expect(report.findings).toEqual(
265-expect.arrayContaining([
266-expect.objectContaining({ file: fixture.authStorePath }),
267-expect.objectContaining({ file: fixture.authJsonPath }),
268-expect.objectContaining({ code: "REF_UNRESOLVED" }),
269-]),
270-);
275+expectFindingFile(report, fixture.authStorePath);
276+expectFindingFile(report, fixture.authJsonPath);
277+expectFindingCode(report, "REF_UNRESOLVED");
271278});
272279273280it("skips exec ref resolution during audit unless explicitly allowed", async () => {
@@ -302,7 +309,7 @@ describe("secrets audit", () => {
302309expect(report.resolution.resolvabilityComplete).toBe(false);
303310expect(report.resolution.skippedExecRefs).toBe(1);
304311expect(report.summary.unresolvedRefCount).toBe(0);
305-await expect(fs.stat(execLogPath)).rejects.toMatchObject({ code: "ENOENT" });
312+await expectPathMissing(execLogPath);
306313});
307314308315it("batches ref resolution per provider during audit when --allow-exec is enabled", async () => {
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。