fix(test): stabilize tooling guard probes (#95114) · openclaw/openclaw@be7807f
vincentkoc
·
2026-06-20
·
via Recent Commits to openclaw:main
| Original file line number | Diff line number | Diff line change |
|---|
@@ -996,25 +996,31 @@ export async function readBoundedResponseText(response, byteLimit, timeoutPromis
|
996 | 996 | } |
997 | 997 | const chunks = []; |
998 | 998 | let totalBytes = 0; |
999 | | -for (;;) { |
1000 | | -const read = reader.read(); |
1001 | | -const { done, value } = await withOptionalTimeout( |
1002 | | -read, |
1003 | | -timeoutPromise?.catch((error) => { |
1004 | | -cancelReaderSoon(reader); |
1005 | | -throw error; |
1006 | | -}), |
1007 | | -); |
1008 | | -if (done) { |
1009 | | -break; |
1010 | | -} |
1011 | | -const chunk = Buffer.from(value); |
1012 | | -totalBytes += chunk.byteLength; |
1013 | | -if (totalBytes > resolvedByteLimit) { |
1014 | | -await reader.cancel().catch(() => undefined); |
1015 | | -throw createFetchBodyTooLargeError(resolvedByteLimit); |
| 999 | +try { |
| 1000 | +for (;;) { |
| 1001 | +const read = reader.read(); |
| 1002 | +const { done, value } = await withOptionalTimeout( |
| 1003 | +read, |
| 1004 | +timeoutPromise?.catch((error) => { |
| 1005 | +cancelReaderSoon(reader); |
| 1006 | +throw error; |
| 1007 | +}), |
| 1008 | +); |
| 1009 | +if (done) { |
| 1010 | +break; |
| 1011 | +} |
| 1012 | +const chunk = Buffer.from(value); |
| 1013 | +totalBytes += chunk.byteLength; |
| 1014 | +if (totalBytes > resolvedByteLimit) { |
| 1015 | +await reader.cancel().catch(() => undefined); |
| 1016 | +throw createFetchBodyTooLargeError(resolvedByteLimit); |
| 1017 | +} |
| 1018 | +chunks.push(chunk); |
1016 | 1019 | } |
1017 | | -chunks.push(chunk); |
| 1020 | +} finally { |
| 1021 | +try { |
| 1022 | +reader.releaseLock?.(); |
| 1023 | +} catch {} |
1018 | 1024 | } |
1019 | 1025 | return Buffer.concat(chunks, totalBytes).toString("utf8"); |
1020 | 1026 | } |
|
| Original file line number | Diff line number | Diff line change |
|---|
@@ -1976,6 +1976,30 @@ describe("kitchen-sink RPC process sampling", () => {
|
1976 | 1976 | ); |
1977 | 1977 | }); |
1978 | 1978 | |
| 1979 | +it("releases HTTP probe response stream readers after bounded reads", async () => { |
| 1980 | +const releaseLock = vi.fn(); |
| 1981 | +const response = { |
| 1982 | +headers: new Headers(), |
| 1983 | +body: { |
| 1984 | +getReader() { |
| 1985 | +return { |
| 1986 | +read: vi |
| 1987 | +.fn() |
| 1988 | +.mockResolvedValueOnce({ done: false, value: new TextEncoder().encode("ok") }) |
| 1989 | +.mockResolvedValueOnce({ done: true }), |
| 1990 | + releaseLock, |
| 1991 | +}; |
| 1992 | +}, |
| 1993 | +}, |
| 1994 | +text: vi.fn(async () => "not read"), |
| 1995 | +}; |
| 1996 | + |
| 1997 | +await expect(readBoundedResponseText(response, 1024)).resolves.toBe("ok"); |
| 1998 | + |
| 1999 | +expect(releaseLock).toHaveBeenCalledOnce(); |
| 2000 | +expect(response.text).not.toHaveBeenCalled(); |
| 2001 | +}); |
| 2002 | + |
1979 | 2003 | it("cancels stalled HTTP probe response streams when the timeout wins", async () => { |
1980 | 2004 | let canceled = false; |
1981 | 2005 | const timeoutError = Object.assign(new Error("fetch probe timed out"), { |
|
| Original file line number | Diff line number | Diff line change |
|---|
@@ -136,14 +136,16 @@ describe("security-sensitive guard workflow", () => {
|
136 | 136 | it("uses a dedicated checked-in script and detects the intended file surfaces", () => { |
137 | 137 | const workflow = readFileSync(WORKFLOW, "utf8"); |
138 | 138 | const script = readFileSync("scripts/github/security-sensitive-guard.mjs", "utf8"); |
| 139 | +const sharedScript = readFileSync("scripts/github/guard-shared.mjs", "utf8"); |
| 140 | +const guardSources = `${script}\n${sharedScript}`; |
139 | 141 | |
140 | 142 | expect(workflow).toContain("scripts/github/security-sensitive-guard.mjs"); |
141 | 143 | expect(script).toContain('"security-sensitive-changed"'); |
142 | 144 | expect(script).toContain('path: ".gitignore"'); |
143 | 145 | expect(script).toContain(".env"); |
144 | 146 | expect(script).toContain("/allow-security-sensitive-change"); |
145 | 147 | expect(script).toContain("openclaw-secops"); |
146 | | -expect(script).toContain("/memberships/"); |
| 148 | +expect(guardSources).toContain("/memberships/"); |
147 | 149 | expect(script).toContain("A later push requires a fresh approval."); |
148 | 150 | expect(script).toContain("process.exitCode = 1"); |
149 | 151 | }); |
|
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。