LLM/moltbot
1
0
Fork 0
mirror of https://github.com/moltbot/moltbot.git synced 2026-05-13 15:47:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

test: tighten zalouser security audit assertions

Browse Source
This commit is contained in:
Shakker
2026-05-10 17:04:30 +01:00
parent 79220d7832
commit c2e9a5effe
1 changed files with 11 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
extensions/zalouser/src/security-audit.test.ts
View File

@@ -17,9 +17,10 @@ describe("Zalouser security audit findings", () => {
name: string;
config: ZalouserAccountConfig;
expectedSeverity: "info" | "warn";
expectedTitle: string;
expectedRemediation: string;
detailIncludes: string[];
detailExcludes?: string[];
expectFindingMatch?: { checkId: string; severity: "info" | "warn" };
}> = [
{
name: "warns when group routing contains mutable group entries",
@@ -31,6 +32,9 @@ describe("Zalouser security audit findings", () => {
},
} satisfies ZalouserAccountConfig,
expectedSeverity: "warn",
expectedTitle: "Zalouser group routing contains mutable group entries",
expectedRemediation:
"Prefer stable Zalo group IDs in channels.zalouser.groups, or explicitly opt in with dangerouslyAllowNameMatching=true if you accept mutable group-name matching.",
detailIncludes: ["channels.zalouser.groups:Ops Room"],
detailExcludes: ["group:g-123"],
},
@@ -44,11 +48,10 @@ describe("Zalouser security audit findings", () => {
},
} satisfies ZalouserAccountConfig,
expectedSeverity: "info",
expectedTitle: "Zalouser group routing uses break-glass name matching",
expectedRemediation:
"Prefer stable Zalo group IDs (for example group:<id> or provider-native g- ids), then disable dangerouslyAllowNameMatching.",
detailIncludes: ["out-of-scope"],
expectFindingMatch: {
checkId: "channels.zalouser.groups.mutable_entries",
severity: "info",
},
},
];
@@ -66,17 +69,15 @@ describe("Zalouser security audit findings", () => {
if (!finding) {
throw new Error("expected mutable Zalo User group finding");
}
expect(finding.checkId).toBe("channels.zalouser.groups.mutable_entries");
expect(finding.severity).toBe(testCase.expectedSeverity);
expect(finding.title).toBe(testCase.expectedTitle);
expect(finding.remediation).toBe(testCase.expectedRemediation);
for (const snippet of testCase.detailIncludes) {
expect(finding.detail).toContain(snippet);
}
for (const snippet of testCase.detailExcludes ?? []) {
expect(finding.detail).not.toContain(snippet);
}
if (testCase.expectFindingMatch) {
expect(findings).toEqual(
expect.arrayContaining([expect.objectContaining(testCase.expectFindingMatch)]),
);
}
});
});