mirror of https://github.com/openclaw/openclaw.git
69 lines
2.2 KiB
TypeScript
69 lines
2.2 KiB
TypeScript
import { afterEach, describe, expect, it, vi } from "vitest";
|
|
import { fetchWithSsrFGuard, GUARDED_FETCH_MODE } from "../../infra/net/fetch-guard.js";
|
|
import { withStrictWebToolsEndpoint, withTrustedWebToolsEndpoint } from "./web-guarded-fetch.js";
|
|
|
|
vi.mock("../../infra/net/fetch-guard.js", () => {
|
|
const GUARDED_FETCH_MODE = {
|
|
STRICT: "strict",
|
|
TRUSTED_ENV_PROXY: "trusted_env_proxy",
|
|
} as const;
|
|
return {
|
|
GUARDED_FETCH_MODE,
|
|
fetchWithSsrFGuard: vi.fn(),
|
|
withStrictGuardedFetchMode: (params: Record<string, unknown>) => ({
|
|
...params,
|
|
mode: GUARDED_FETCH_MODE.STRICT,
|
|
}),
|
|
withTrustedEnvProxyGuardedFetchMode: (params: Record<string, unknown>) => ({
|
|
...params,
|
|
mode: GUARDED_FETCH_MODE.TRUSTED_ENV_PROXY,
|
|
}),
|
|
};
|
|
});
|
|
|
|
describe("web-guarded-fetch", () => {
|
|
afterEach(() => {
|
|
vi.clearAllMocks();
|
|
});
|
|
|
|
it("uses trusted SSRF policy for trusted web tools endpoints", async () => {
|
|
vi.mocked(fetchWithSsrFGuard).mockResolvedValue({
|
|
response: new Response("ok", { status: 200 }),
|
|
finalUrl: "https://example.com",
|
|
release: async () => {},
|
|
});
|
|
|
|
await withTrustedWebToolsEndpoint({ url: "https://example.com" }, async () => undefined);
|
|
|
|
expect(fetchWithSsrFGuard).toHaveBeenCalledWith(
|
|
expect.objectContaining({
|
|
url: "https://example.com",
|
|
policy: expect.objectContaining({
|
|
dangerouslyAllowPrivateNetwork: true,
|
|
allowRfc2544BenchmarkRange: true,
|
|
}),
|
|
mode: GUARDED_FETCH_MODE.TRUSTED_ENV_PROXY,
|
|
}),
|
|
);
|
|
});
|
|
|
|
it("keeps strict endpoint policy unchanged", async () => {
|
|
vi.mocked(fetchWithSsrFGuard).mockResolvedValue({
|
|
response: new Response("ok", { status: 200 }),
|
|
finalUrl: "https://example.com",
|
|
release: async () => {},
|
|
});
|
|
|
|
await withStrictWebToolsEndpoint({ url: "https://example.com" }, async () => undefined);
|
|
|
|
expect(fetchWithSsrFGuard).toHaveBeenCalledWith(
|
|
expect.objectContaining({
|
|
url: "https://example.com",
|
|
}),
|
|
);
|
|
const call = vi.mocked(fetchWithSsrFGuard).mock.calls[0]?.[0];
|
|
expect(call?.policy).toBeUndefined();
|
|
expect(call?.mode).toBe(GUARDED_FETCH_MODE.STRICT);
|
|
});
|
|
});
|