Ayuriel/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor(media-tests): share telegram redaction assertion

Browse Source
This commit is contained in:
Peter Steinberger 2026-03-17 07:08:46 +00:00
parent f8f6ae4673
commit d698d8c5a5
1 changed files with 33 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
src/media/fetch.test.ts
View File

@ -31,6 +31,29 @@ function makeLookupFn() {
>; >;
} }
async function expectRedactedTelegramFetchError(params: {
telegramFileUrl: string;
telegramToken: string;
redactedTelegramToken: string;
fetchImpl: Parameters<typeof fetchRemoteMedia>[0]["fetchImpl"];
}) {
const error = await fetchRemoteMedia({
url: params.telegramFileUrl,
fetchImpl: params.fetchImpl,
lookupFn: makeLookupFn(),
maxBytes: 1024,
ssrfPolicy: {
allowedHostnames: ["api.telegram.org"],
allowRfc2544BenchmarkRange: true,
},
}).catch((err: unknown) => err as Error);
expect(error).toBeInstanceOf(Error);
const errorText = error instanceof Error ? String(error) : "";
expect(errorText).not.toContain(params.telegramToken);
expect(errorText).toContain(`bot${params.redactedTelegramToken}`);
}
describe("fetchRemoteMedia", () => { describe("fetchRemoteMedia", () => {
const telegramToken = "123456789:ABCDEFGHIJKLMNOPQRSTUVWXYZabcd"; const telegramToken = "123456789:ABCDEFGHIJKLMNOPQRSTUVWXYZabcd";
const redactedTelegramToken = `${telegramToken.slice(0, 6)}${telegramToken.slice(-4)}`; const redactedTelegramToken = `${telegramToken.slice(0, 6)}${telegramToken.slice(-4)}`;
@ -100,41 +123,23 @@ describe("fetchRemoteMedia", () => {
throw new Error(`dial failed for ${telegramFileUrl}`); throw new Error(`dial failed for ${telegramFileUrl}`);
}); });
const error = await fetchRemoteMedia({ await expectRedactedTelegramFetchError({
url: telegramFileUrl, telegramFileUrl,
telegramToken,
redactedTelegramToken,
fetchImpl, fetchImpl,
lookupFn: makeLookupFn(), });
maxBytes: 1024,
ssrfPolicy: {
allowedHostnames: ["api.telegram.org"],
allowRfc2544BenchmarkRange: true,
},
}).catch((err: unknown) => err as Error);
expect(error).toBeInstanceOf(Error);
const errorText = error instanceof Error ? String(error) : "";
expect(errorText).not.toContain(telegramToken);
expect(errorText).toContain(`bot${redactedTelegramToken}`);
}); });
it("redacts Telegram bot tokens from HTTP error messages", async () => { it("redacts Telegram bot tokens from HTTP error messages", async () => {
const fetchImpl = vi.fn(async () => new Response("unauthorized", { status: 401 })); const fetchImpl = vi.fn(async () => new Response("unauthorized", { status: 401 }));
const error = await fetchRemoteMedia({ await expectRedactedTelegramFetchError({
url: telegramFileUrl, telegramFileUrl,
telegramToken,
redactedTelegramToken,
fetchImpl, fetchImpl,
lookupFn: makeLookupFn(), });
maxBytes: 1024,
ssrfPolicy: {
allowedHostnames: ["api.telegram.org"],
allowRfc2544BenchmarkRange: true,
},
}).catch((err: unknown) => err as Error);
expect(error).toBeInstanceOf(Error);
const errorText = error instanceof Error ? String(error) : "";
expect(errorText).not.toContain(telegramToken);
expect(errorText).toContain(`bot${redactedTelegramToken}`);
}); });
it("blocks private IP literals before fetching", async () => { it("blocks private IP literals before fetching", async () => {