letsbe/LetsBeBiz-Redesign
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Include full contents of all nested repositories

Browse Source 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Matt
2026-02-27 16:25:02 +01:00
parent 14ff8fd54c
commit 2401ed446f
7271 changed files with 1310112 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
openclaw/test/fixtures/child-process-bridge/child.js vendored Normal file
View File

@@ -0,0 +1,11 @@
process.stdout.write("ready\n");
const keepAlive = setInterval(() => {}, 1000);
const shutdown = () => {
clearInterval(keepAlive);
process.exit(0);
};
process.on("SIGTERM", shutdown);
process.on("SIGINT", shutdown);

82
openclaw/test/fixtures/exec-allowlist-shell-parser-parity.json vendored Normal file
View File

@@ -0,0 +1,82 @@
{
"cases": [
{
"id": "simple-pipeline",
"command": "echo ok | jq .foo",
"ok": true,
"executables": ["echo", "jq"]
},
{
"id": "chained-commands",
"command": "ls && rm -rf /tmp/openclaw-allowlist",
"ok": true,
"executables": ["ls", "rm"]
},
{
"id": "quoted-chain-operators-remain-literal",
"command": "echo \"a && b\"",
"ok": true,
"executables": ["echo"]
},
{
"id": "reject-command-substitution-unquoted",
"command": "echo $(whoami)",
"ok": false,
"executables": []
},
{
"id": "reject-command-substitution-double-quoted",
"command": "echo \"output: $(whoami)\"",
"ok": false,
"executables": []
},
{
"id": "allow-command-substitution-literal-in-single-quotes",
"command": "echo 'output: $(whoami)'",
"ok": true,
"executables": ["echo"]
},
{
"id": "allow-escaped-command-substitution-double-quoted",
"command": "echo \"output: \\$(whoami)\"",
"ok": true,
"executables": ["echo"]
},
{
"id": "reject-backticks-unquoted",
"command": "echo `id`",
"ok": false,
"executables": []
},
{
"id": "reject-backticks-double-quoted",
"command": "echo \"output: `id`\"",
"ok": false,
"executables": []
},
{
"id": "reject-process-substitution-unquoted-input",
"command": "cat <(echo ok)",
"ok": false,
"executables": []
},
{
"id": "reject-process-substitution-unquoted-output",
"command": "echo >(cat)",
"ok": false,
"executables": []
},
{
"id": "allow-process-substitution-literal-double-quoted-input",
"command": "echo \"<(echo ok)\"",
"ok": true,
"executables": ["echo"]
},
{
"id": "allow-process-substitution-literal-double-quoted-output",
"command": "echo \">(cat)\"",
"ok": true,
"executables": ["echo"]
}
]
}

39
openclaw/test/fixtures/exec-wrapper-resolution-parity.json vendored Normal file
View File

@@ -0,0 +1,39 @@
{
"cases": [
{
"id": "direct-absolute-executable",
"argv": ["/usr/bin/printf", "ok"],
"expectedRawExecutable": "/usr/bin/printf"
},
{
"id": "env-assignment-prefix",
"argv": ["/usr/bin/env", "FOO=bar", "/usr/bin/printf", "ok"],
"expectedRawExecutable": "/usr/bin/env"
},
{
"id": "env-option-with-separate-value",
"argv": ["/usr/bin/env", "-u", "HOME", "/usr/bin/printf", "ok"],
"expectedRawExecutable": "/usr/bin/env"
},
{
"id": "env-option-with-inline-value",
"argv": ["/usr/bin/env", "-uHOME", "/usr/bin/printf", "ok"],
"expectedRawExecutable": "/usr/bin/env"
},
{
"id": "nested-env-wrappers",
"argv": ["/usr/bin/env", "/usr/bin/env", "FOO=bar", "printf", "ok"],
"expectedRawExecutable": "/usr/bin/env"
},
{
"id": "env-shell-wrapper-stops-at-shell",
"argv": ["/usr/bin/env", "bash", "-lc", "echo ok"],
"expectedRawExecutable": "bash"
},
{
"id": "env-missing-effective-command",
"argv": ["/usr/bin/env", "FOO=bar"],
"expectedRawExecutable": "/usr/bin/env"
}
]
}

BIN
openclaw/test/fixtures/hooks-install/npm-pack-hooks.tgz vendored Normal file
View File

Binary file not shown.

BIN
openclaw/test/fixtures/hooks-install/tar-evil-id.tar vendored Normal file
View File

Binary file not shown.

BIN
openclaw/test/fixtures/hooks-install/tar-hooks.tar vendored Normal file
View File

Binary file not shown.

BIN
openclaw/test/fixtures/hooks-install/tar-reserved-id.tar vendored Normal file
View File

Binary file not shown.

BIN
openclaw/test/fixtures/hooks-install/tar-traversal.tar vendored Normal file
View File

Binary file not shown.

BIN
openclaw/test/fixtures/hooks-install/zip-hooks.zip vendored Normal file
View File

Binary file not shown.

BIN
openclaw/test/fixtures/hooks-install/zip-traversal.zip vendored Normal file
View File

Binary file not shown.

115
openclaw/test/fixtures/system-run-approval-binding-contract.json vendored Normal file
View File

@@ -0,0 +1,115 @@
{
"cases": [
{
"name": "v1 matches when env key order changes",
"request": {
"host": "node",
"command": "git diff",
"bindingV1": {
"argv": ["git", "diff"],
"cwd": null,
"agentId": null,
"sessionKey": null,
"env": { "SAFE_A": "1", "SAFE_B": "2" }
}
},
"invoke": {
"argv": ["git", "diff"],
"binding": {
"cwd": null,
"agentId": null,
"sessionKey": null,
"env": { "SAFE_B": "2", "SAFE_A": "1" }
}
},
"expected": { "ok": true }
},
{
"name": "v1 rejects env mismatch",
"request": {
"host": "node",
"command": "git diff",
"bindingV1": {
"argv": ["git", "diff"],
"cwd": null,
"agentId": null,
"sessionKey": null,
"env": { "SAFE": "1" }
}
},
"invoke": {
"argv": ["git", "diff"],
"binding": {
"cwd": null,
"agentId": null,
"sessionKey": null,
"env": { "SAFE": "2" }
}
},
"expected": { "ok": false, "code": "APPROVAL_ENV_MISMATCH" }
},
{
"name": "v1 rejects unbound env overrides",
"request": {
"host": "node",
"command": "git diff",
"bindingV1": {
"argv": ["git", "diff"],
"cwd": null,
"agentId": null,
"sessionKey": null
}
},
"invoke": {
"argv": ["git", "diff"],
"binding": {
"cwd": null,
"agentId": null,
"sessionKey": null,
"env": { "GIT_EXTERNAL_DIFF": "/tmp/pwn.sh" }
}
},
"expected": { "ok": false, "code": "APPROVAL_ENV_BINDING_MISSING" }
},
{
"name": "missing binding rejects requests even with matching argv",
"request": {
"host": "node",
"command": "echo SAFE",
"commandArgv": ["echo", "SAFE"]
},
"invoke": {
"argv": ["echo", "SAFE"],
"binding": {
"cwd": null,
"agentId": null,
"sessionKey": null
}
},
"expected": { "ok": false, "code": "APPROVAL_REQUEST_MISMATCH" }
},
{
"name": "v1 stays authoritative when legacy command text diverges",
"request": {
"host": "node",
"command": "echo STALE",
"commandArgv": ["echo", "STALE"],
"bindingV1": {
"argv": ["echo", "SAFE"],
"cwd": null,
"agentId": null,
"sessionKey": null
}
},
"invoke": {
"argv": ["echo", "SAFE"],
"binding": {
"cwd": null,
"agentId": null,
"sessionKey": null
}
},
"expected": { "ok": true }
}
]
}

67
openclaw/test/fixtures/system-run-approval-mismatch-contract.json vendored Normal file
View File

@@ -0,0 +1,67 @@
{
"cases": [
{
"name": "request mismatch preserves base details",
"runId": "approval-req-1",
"match": {
"ok": false,
"code": "APPROVAL_REQUEST_MISMATCH",
"message": "approval id does not match request"
},
"expected": {
"ok": false,
"message": "approval id does not match request",
"details": {
"code": "APPROVAL_REQUEST_MISMATCH",
"runId": "approval-req-1"
}
}
},
{
"name": "missing env binding keeps env key details",
"runId": "approval-env-missing",
"match": {
"ok": false,
"code": "APPROVAL_ENV_BINDING_MISSING",
"message": "approval id missing env binding for requested env overrides",
"details": {
"envKeys": ["GIT_EXTERNAL_DIFF"]
}
},
"expected": {
"ok": false,
"message": "approval id missing env binding for requested env overrides",
"details": {
"code": "APPROVAL_ENV_BINDING_MISSING",
"runId": "approval-env-missing",
"envKeys": ["GIT_EXTERNAL_DIFF"]
}
}
},
{
"name": "env mismatch preserves hash diagnostics",
"runId": "approval-env-mismatch",
"match": {
"ok": false,
"code": "APPROVAL_ENV_MISMATCH",
"message": "approval id env binding mismatch",
"details": {
"envKeys": ["SAFE_A"],
"expectedEnvHash": "expected-hash",
"actualEnvHash": "actual-hash"
}
},
"expected": {
"ok": false,
"message": "approval id env binding mismatch",
"details": {
"code": "APPROVAL_ENV_MISMATCH",
"runId": "approval-env-mismatch",
"envKeys": ["SAFE_A"],
"expectedEnvHash": "expected-hash",
"actualEnvHash": "actual-hash"
}
}
}
]
}

75
openclaw/test/fixtures/system-run-command-contract.json vendored Normal file
View File

@@ -0,0 +1,75 @@
{
"cases": [
{
"name": "direct argv infers display command",
"command": ["echo", "hi there"],
"expected": {
"valid": true,
"displayCommand": "echo \"hi there\""
}
},
{
"name": "direct argv rejects mismatched raw command",
"command": ["uname", "-a"],
"rawCommand": "echo hi",
"expected": {
"valid": false,
"errorContains": "rawCommand does not match command"
}
},
{
"name": "shell wrapper accepts shell payload raw command when no positional argv carriers",
"command": ["/bin/sh", "-lc", "echo hi"],
"rawCommand": "echo hi",
"expected": {
"valid": true,
"displayCommand": "echo hi"
}
},
{
"name": "shell wrapper positional argv carrier requires full argv display binding",
"command": ["/bin/sh", "-lc", "$0 \"$1\"", "/usr/bin/touch", "/tmp/marker"],
"rawCommand": "$0 \"$1\"",
"expected": {
"valid": false,
"errorContains": "rawCommand does not match command"
}
},
{
"name": "shell wrapper positional argv carrier accepts canonical full argv raw command",
"command": ["/bin/sh", "-lc", "$0 \"$1\"", "/usr/bin/touch", "/tmp/marker"],
"rawCommand": "/bin/sh -lc \"$0 \\\"$1\\\"\" /usr/bin/touch /tmp/marker",
"expected": {
"valid": true,
"displayCommand": "/bin/sh -lc \"$0 \\\"$1\\\"\" /usr/bin/touch /tmp/marker"
}
},
{
"name": "env wrapper shell payload accepted when prelude has no env modifiers",
"command": ["/usr/bin/env", "bash", "-lc", "echo hi"],
"rawCommand": "echo hi",
"expected": {
"valid": true,
"displayCommand": "echo hi"
}
},
{
"name": "env assignment prelude requires full argv display binding",
"command": ["/usr/bin/env", "BASH_ENV=/tmp/payload.sh", "bash", "-lc", "echo hi"],
"rawCommand": "echo hi",
"expected": {
"valid": false,
"errorContains": "rawCommand does not match command"
}
},
{
"name": "env assignment prelude accepts canonical full argv raw command",
"command": ["/usr/bin/env", "BASH_ENV=/tmp/payload.sh", "bash", "-lc", "echo hi"],
"rawCommand": "/usr/bin/env BASH_ENV=/tmp/payload.sh bash -lc \"echo hi\"",
"expected": {
"valid": true,
"displayCommand": "/usr/bin/env BASH_ENV=/tmp/payload.sh bash -lc \"echo hi\""
}
}
]
}