Fix CI formatting issue.

This commit is contained in:
Nathan Hangen 2026-01-29 01:43:11 -05:00
parent ea1339720b
commit 5e12318954

View File

@ -547,39 +547,42 @@ describe("applyMediaUnderstanding", () => {
expect(ctx.Body).toContain("a\tb\tc"); expect(ctx.Body).toContain("a\tb\tc");
}); });
it.skipIf(process.platform === "win32")("escapes XML special characters in filenames to prevent injection", async () => { it.skipIf(process.platform === "win32")(
const { applyMediaUnderstanding } = await loadApply(); "escapes XML special characters in filenames to prevent injection",
const dir = await fs.mkdtemp(path.join(os.tmpdir(), "moltbot-media-")); async () => {
// Create file with XML special characters in the name (what filesystem allows) const { applyMediaUnderstanding } = await loadApply();
// Note: The sanitizeFilename in store.ts would strip most dangerous chars, const dir = await fs.mkdtemp(path.join(os.tmpdir(), "moltbot-media-"));
// but we test that even if some slip through, they get escaped in output // Create file with XML special characters in the name (what filesystem allows)
const filePath = path.join(dir, "file<test>.txt"); // Note: The sanitizeFilename in store.ts would strip most dangerous chars,
await fs.writeFile(filePath, "safe content"); // but we test that even if some slip through, they get escaped in output
const filePath = path.join(dir, "file<test>.txt");
await fs.writeFile(filePath, "safe content");
const ctx: MsgContext = { const ctx: MsgContext = {
Body: "<media:document>", Body: "<media:document>",
MediaPath: filePath, MediaPath: filePath,
MediaType: "text/plain", MediaType: "text/plain",
}; };
const cfg: MoltbotConfig = { const cfg: MoltbotConfig = {
tools: { tools: {
media: { media: {
audio: { enabled: false }, audio: { enabled: false },
image: { enabled: false }, image: { enabled: false },
video: { enabled: false }, video: { enabled: false },
},
}, },
}, };
};
const result = await applyMediaUnderstanding({ ctx, cfg }); const result = await applyMediaUnderstanding({ ctx, cfg });
expect(result.appliedFile).toBe(true); expect(result.appliedFile).toBe(true);
// Verify XML special chars are escaped in the output // Verify XML special chars are escaped in the output
expect(ctx.Body).toContain("&lt;"); expect(ctx.Body).toContain("&lt;");
expect(ctx.Body).toContain("&gt;"); expect(ctx.Body).toContain("&gt;");
// The raw < and > should not appear unescaped in the name attribute // The raw < and > should not appear unescaped in the name attribute
expect(ctx.Body).not.toMatch(/name="[^"]*<[^"]*"/); expect(ctx.Body).not.toMatch(/name="[^"]*<[^"]*"/);
}); },
);
it("normalizes MIME types to prevent attribute injection", async () => { it("normalizes MIME types to prevent attribute injection", async () => {
const { applyMediaUnderstanding } = await loadApply(); const { applyMediaUnderstanding } = await loadApply();