negodiy/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

perf(test): fold secret equality assertions into audit extra suite

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-15 23:56:28 +00:00
parent a508c34731
commit 6288c51774
2 changed files with 21 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
src/security/audit-extra.sync.test.ts
View File

@@ -1,6 +1,7 @@
import { describe, expect, it } from "vitest";
import type { OpenClawConfig } from "../config/config.js";
import { collectAttackSurfaceSummaryFindings } from "./audit-extra.sync.js";
import { safeEqualSecret } from "./secret-equal.js";
describe("collectAttackSurfaceSummaryFindings", () => {
it("distinguishes external webhooks from internal hooks when only internal hooks are enabled", () => {
@@ -32,3 +33,23 @@ describe("collectAttackSurfaceSummaryFindings", () => {
expect(finding.detail).toContain("hooks.internal: disabled");
});
});
describe("safeEqualSecret", () => {
it("matches identical secrets", () => {
expect(safeEqualSecret("secret-token", "secret-token")).toBe(true);
});
it("rejects mismatched secrets", () => {
expect(safeEqualSecret("secret-token", "secret-tokEn")).toBe(false);
});
it("rejects different-length secrets", () => {
expect(safeEqualSecret("short", "much-longer")).toBe(false);
});
it("rejects missing values", () => {
expect(safeEqualSecret(undefined, "secret")).toBe(false);
expect(safeEqualSecret("secret", undefined)).toBe(false);
expect(safeEqualSecret(null, "secret")).toBe(false);
});
});

22
src/security/secret-equal.test.ts
View File

@@ -1,22 +0,0 @@
import { describe, expect, it } from "vitest";
import { safeEqualSecret } from "./secret-equal.js";
describe("safeEqualSecret", () => {
it("matches identical secrets", () => {
expect(safeEqualSecret("secret-token", "secret-token")).toBe(true);
});
it("rejects mismatched secrets", () => {
expect(safeEqualSecret("secret-token", "secret-tokEn")).toBe(false);
});
it("rejects different-length secrets", () => {
expect(safeEqualSecret("short", "much-longer")).toBe(false);
});
it("rejects missing values", () => {
expect(safeEqualSecret(undefined, "secret")).toBe(false);
expect(safeEqualSecret("secret", undefined)).toBe(false);
expect(safeEqualSecret(null, "secret")).toBe(false);
});
});