openclaw-mission-control

yunxiafei/openclaw-mission-control

Fork 0

Commit Graph

Author	SHA1	Message	Date
Hugh Brown	858575cf6c	test: add comprehensive tests for all security fixes Add 20 tests covering: - require_user_actor: rejects agents and null users, passes valid users - Webhook HMAC: rejects missing/invalid signatures, accepts valid ones, allows unsigned when no secret configured - Prompt injection: sanitized skill name/URL, fenced external data in dispatch messages, system instructions precede data - Security headers: verify nosniff, DENY, referrer-policy defaults - Payload size: rejects oversized body and content-length - Rate limiting: blocks after threshold, independent per-key - Gateway token: has_token field present, token field absent - Agent auth logs: no token_prefix in source Also fix deprecated HTTP_413_REQUEST_ENTITY_TOO_LARGE status code. All 407 tests pass. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-07 23:35:10 +05:30

Author

SHA1

Message

Date

Hugh Brown

858575cf6c

test: add comprehensive tests for all security fixes

Add 20 tests covering:
- require_user_actor: rejects agents and null users, passes valid users
- Webhook HMAC: rejects missing/invalid signatures, accepts valid ones,
  allows unsigned when no secret configured
- Prompt injection: sanitized skill name/URL, fenced external data in
  dispatch messages, system instructions precede data
- Security headers: verify nosniff, DENY, referrer-policy defaults
- Payload size: rejects oversized body and content-length
- Rate limiting: blocks after threshold, independent per-key
- Gateway token: has_token field present, token field absent
- Agent auth logs: no token_prefix in source

Also fix deprecated HTTP_413_REQUEST_ENTITY_TOO_LARGE status code.

All 407 tests pass.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-07 23:35:10 +05:30

1 Commits