From a177b10b79bcfeefed1a9970294fadf56f31ad1e Mon Sep 17 00:00:00 2001 From: Peter Steinberger Date: Wed, 25 Feb 2026 01:11:47 +0000 Subject: [PATCH] test(windows): normalize risky-path assertions --- src/agents/sandbox-paths.test.ts | 2 +- src/security/audit.test.ts | 10 +++++++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/src/agents/sandbox-paths.test.ts b/src/agents/sandbox-paths.test.ts index 6111980e1..fd6998994 100644 --- a/src/agents/sandbox-paths.test.ts +++ b/src/agents/sandbox-paths.test.ts @@ -50,7 +50,7 @@ describe("resolveSandboxedMediaSource", () => { media, sandboxRoot: sandboxDir, }); - expect(result).toBe(expected); + expect(result).toBe(path.resolve(expected)); }); }); diff --git a/src/security/audit.test.ts b/src/security/audit.test.ts index 04c459070..93e9d1131 100644 --- a/src/security/audit.test.ts +++ b/src/security/audit.test.ts @@ -439,10 +439,14 @@ describe("security audit", () => { }); it("warns for risky safeBinTrustedDirs entries", async () => { + const riskyGlobalTrustedDirs = + process.platform === "win32" + ? [String.raw`C:\Users\ci-user\bin`, String.raw`C:\Users\ci-user\.local\bin`] + : ["/usr/local/bin", "/tmp/openclaw-safe-bins"]; const cfg: OpenClawConfig = { tools: { exec: { - safeBinTrustedDirs: ["/usr/local/bin", "/tmp/openclaw-safe-bins"], + safeBinTrustedDirs: riskyGlobalTrustedDirs, }, }, agents: { @@ -464,8 +468,8 @@ describe("security audit", () => { (f) => f.checkId === "tools.exec.safe_bin_trusted_dirs_risky", ); expect(finding?.severity).toBe("warn"); - expect(finding?.detail).toContain("/usr/local/bin"); - expect(finding?.detail).toContain("/tmp/openclaw-safe-bins"); + expect(finding?.detail).toContain(riskyGlobalTrustedDirs[0]); + expect(finding?.detail).toContain(riskyGlobalTrustedDirs[1]); expect(finding?.detail).toContain("agents.list.ops.tools.exec"); });