Fix CI formatting issue.
This commit is contained in:
parent
ea1339720b
commit
5e12318954
@ -547,39 +547,42 @@ describe("applyMediaUnderstanding", () => {
|
|||||||
expect(ctx.Body).toContain("a\tb\tc");
|
expect(ctx.Body).toContain("a\tb\tc");
|
||||||
});
|
});
|
||||||
|
|
||||||
it.skipIf(process.platform === "win32")("escapes XML special characters in filenames to prevent injection", async () => {
|
it.skipIf(process.platform === "win32")(
|
||||||
const { applyMediaUnderstanding } = await loadApply();
|
"escapes XML special characters in filenames to prevent injection",
|
||||||
const dir = await fs.mkdtemp(path.join(os.tmpdir(), "moltbot-media-"));
|
async () => {
|
||||||
// Create file with XML special characters in the name (what filesystem allows)
|
const { applyMediaUnderstanding } = await loadApply();
|
||||||
// Note: The sanitizeFilename in store.ts would strip most dangerous chars,
|
const dir = await fs.mkdtemp(path.join(os.tmpdir(), "moltbot-media-"));
|
||||||
// but we test that even if some slip through, they get escaped in output
|
// Create file with XML special characters in the name (what filesystem allows)
|
||||||
const filePath = path.join(dir, "file<test>.txt");
|
// Note: The sanitizeFilename in store.ts would strip most dangerous chars,
|
||||||
await fs.writeFile(filePath, "safe content");
|
// but we test that even if some slip through, they get escaped in output
|
||||||
|
const filePath = path.join(dir, "file<test>.txt");
|
||||||
|
await fs.writeFile(filePath, "safe content");
|
||||||
|
|
||||||
const ctx: MsgContext = {
|
const ctx: MsgContext = {
|
||||||
Body: "<media:document>",
|
Body: "<media:document>",
|
||||||
MediaPath: filePath,
|
MediaPath: filePath,
|
||||||
MediaType: "text/plain",
|
MediaType: "text/plain",
|
||||||
};
|
};
|
||||||
const cfg: MoltbotConfig = {
|
const cfg: MoltbotConfig = {
|
||||||
tools: {
|
tools: {
|
||||||
media: {
|
media: {
|
||||||
audio: { enabled: false },
|
audio: { enabled: false },
|
||||||
image: { enabled: false },
|
image: { enabled: false },
|
||||||
video: { enabled: false },
|
video: { enabled: false },
|
||||||
|
},
|
||||||
},
|
},
|
||||||
},
|
};
|
||||||
};
|
|
||||||
|
|
||||||
const result = await applyMediaUnderstanding({ ctx, cfg });
|
const result = await applyMediaUnderstanding({ ctx, cfg });
|
||||||
|
|
||||||
expect(result.appliedFile).toBe(true);
|
expect(result.appliedFile).toBe(true);
|
||||||
// Verify XML special chars are escaped in the output
|
// Verify XML special chars are escaped in the output
|
||||||
expect(ctx.Body).toContain("<");
|
expect(ctx.Body).toContain("<");
|
||||||
expect(ctx.Body).toContain(">");
|
expect(ctx.Body).toContain(">");
|
||||||
// The raw < and > should not appear unescaped in the name attribute
|
// The raw < and > should not appear unescaped in the name attribute
|
||||||
expect(ctx.Body).not.toMatch(/name="[^"]*<[^"]*"/);
|
expect(ctx.Body).not.toMatch(/name="[^"]*<[^"]*"/);
|
||||||
});
|
},
|
||||||
|
);
|
||||||
|
|
||||||
it("normalizes MIME types to prevent attribute injection", async () => {
|
it("normalizes MIME types to prevent attribute injection", async () => {
|
||||||
const { applyMediaUnderstanding } = await loadApply();
|
const { applyMediaUnderstanding } = await loadApply();
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user