LLM/moltbot
1
0
Fork 0
mirror of https://github.com/moltbot/moltbot.git synced 2026-03-07 22:44:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

tests: fix detect-secrets false positives (#39084)

Browse Source 
* Tests: rename gateway status env token fixture

* Tests: allowlist feishu onboarding fixtures

* Tests: allowlist Google Chat private key fixture

* Docs: allowlist Brave API key example

* Tests: allowlist pairing password env fixtures

* Chore: refresh detect-secrets baseline
This commit is contained in:
Vincent Koc
2026-03-07 13:21:29 -05:00
committed by GitHub
parent 3acf46ed45
commit f966dde476
6 changed files with 20 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
.secrets.baseline
View File

@@ -12877,14 +12877,14 @@
"filename": "src/pairing/setup-code.test.ts",
"hashed_secret": "4914c103484773b5a8e18448b11919bb349cbff8",
"is_verified": false,
"line_number": 30
"line_number": 31
},
{
"type": "Secret Keyword",
"filename": "src/pairing/setup-code.test.ts",
"hashed_secret": "e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4",
"is_verified": false,
"line_number": 370
"line_number": 357
}
],
"src/security/audit.test.ts": [
@@ -12971,7 +12971,7 @@
"filename": "src/tui/gateway-chat.test.ts",
"hashed_secret": "6255675480f681df08c1704b7b3cd2c49917f0e2",
"is_verified": false,
"line_number": 60
"line_number": 121
}
],
"src/web/login.test.ts": [
@@ -13011,5 +13011,5 @@
}
]
},
"generated_at": "2026-03-07T18:01:25Z"
"generated_at": "2026-03-07T18:17:47Z"
}

2
docs/tools/web.md
View File

@@ -104,7 +104,7 @@ Brave provides paid plans; check the Brave API portal for the current limits and
search: {
enabled: true,
provider: "brave",
apiKey: "BSA...", // optional if BRAVE_API_KEY is set
apiKey: "YOUR_BRAVE_API_KEY", // optional if BRAVE_API_KEY is set // pragma: allowlist secret
},
},
},

10
extensions/feishu/src/onboarding.test.ts
View File

@@ -99,7 +99,7 @@ describe("feishuOnboardingAdapter.getStatus", () => {
accounts: {
main: {
appId: "",
appSecret: "secret_123",
appSecret: "sample-app-credential", // pragma: allowlist secret
},
},
},
@@ -113,11 +113,11 @@ describe("feishuOnboardingAdapter.getStatus", () => {
it("treats env SecretRef appId as not configured when env var is missing", async () => {
const appIdKey = "FEISHU_APP_ID_STATUS_MISSING_TEST";
const appSecretKey = "FEISHU_APP_SECRET_STATUS_MISSING_TEST";
const appSecretKey = "FEISHU_APP_CREDENTIAL_STATUS_MISSING_TEST"; // pragma: allowlist secret
await withEnvVars(
{
[appIdKey]: undefined,
[appSecretKey]: "secret_env_456",
[appSecretKey]: "env-credential-456", // pragma: allowlist secret
},
async () => {
const status = await getStatusWithEnvRefs({ appIdKey, appSecretKey });
@@ -128,11 +128,11 @@ describe("feishuOnboardingAdapter.getStatus", () => {
it("treats env SecretRef appId/appSecret as configured in status", async () => {
const appIdKey = "FEISHU_APP_ID_STATUS_TEST";
const appSecretKey = "FEISHU_APP_SECRET_STATUS_TEST";
const appSecretKey = "FEISHU_APP_CREDENTIAL_STATUS_TEST"; // pragma: allowlist secret
await withEnvVars(
{
[appIdKey]: "cli_env_123",
[appSecretKey]: "secret_env_456",
[appSecretKey]: "env-credential-456", // pragma: allowlist secret
},
async () => {
const status = await getStatusWithEnvRefs({ appIdKey, appSecretKey });

2
extensions/googlechat/src/channel.outbound.test.ts
View File

@@ -20,7 +20,7 @@ function createGoogleChatCfg(): OpenClawConfig {
serviceAccount: {
type: "service_account",
client_email: "bot@example.com",
private_key: "test-key",
private_key: "test-key", // pragma: allowlist secret
token_uri: "https://oauth2.googleapis.com/token",
},
},

8
src/commands/gateway-status.test.ts
View File

@@ -149,7 +149,7 @@ function makeRemoteGatewayConfig(url: string, token = "rtok", localToken = "ltok
};
}
function mockLocalTokenSecretRefConfig(secretId = "MISSING_GATEWAY_TOKEN") {
function mockLocalTokenEnvRefConfig(envTokenId = "MISSING_GATEWAY_TOKEN") {
loadConfig.mockReturnValueOnce({
secrets: {
providers: {
@@ -160,7 +160,7 @@ function mockLocalTokenSecretRefConfig(secretId = "MISSING_GATEWAY_TOKEN") {
mode: "local",
auth: {
mode: "token",
token: { source: "env", provider: "default", id: secretId },
token: { source: "env", provider: "default", id: envTokenId },
},
},
} as unknown as ReturnType<typeof loadConfig>);
@@ -204,7 +204,7 @@ describe("gateway-status command", () => {
it("surfaces unresolved SecretRef auth diagnostics in warnings", async () => {
const { runtime, runtimeLogs, runtimeErrors } = createRuntimeCapture();
await withEnvAsync({ MISSING_GATEWAY_TOKEN: undefined }, async () => {
mockLocalTokenSecretRefConfig();
mockLocalTokenEnvRefConfig();
await runGatewayStatus(runtime, { timeout: "1000", json: true });
});
@@ -232,7 +232,7 @@ describe("gateway-status command", () => {
MISSING_GATEWAY_TOKEN: undefined,
},
async () => {
mockLocalTokenSecretRefConfig();
mockLocalTokenEnvRefConfig();
await runGatewayStatus(runtime, { timeout: "1000", json: true });
},

10
src/pairing/setup-code.test.ts
View File

@@ -72,7 +72,7 @@ describe("pairing setup code", () => {
},
{
env: {
GW_PASSWORD: "resolved-password",
GW_PASSWORD: "resolved-password", // pragma: allowlist secret
},
},
);
@@ -104,7 +104,7 @@ describe("pairing setup code", () => {
},
{
env: {
OPENCLAW_GATEWAY_PASSWORD: "password-from-env",
OPENCLAW_GATEWAY_PASSWORD: "password-from-env", // pragma: allowlist secret
},
},
);
@@ -221,7 +221,7 @@ describe("pairing setup code", () => {
},
{
env: {
OPENCLAW_GATEWAY_PASSWORD: "password-from-env",
OPENCLAW_GATEWAY_PASSWORD: "password-from-env", // pragma: allowlist secret
},
},
);
@@ -275,7 +275,7 @@ describe("pairing setup code", () => {
{
env: {
GW_TOKEN: "resolved-token",
GW_PASSWORD: "resolved-password",
GW_PASSWORD: "resolved-password", // pragma: allowlist secret
},
},
),
@@ -302,7 +302,7 @@ describe("pairing setup code", () => {
},
{
env: {
GW_PASSWORD: "resolved-password",
GW_PASSWORD: "resolved-password", // pragma: allowlist secret
},
},
),