fifth-domain/zero-point/core-channel/gatekeeper/engine-v3.2-security.test.js

33 lines
1.6 KiB
JavaScript
Raw Normal View History

"use strict";
const test = require("node:test");
const assert = require("node:assert/strict");
const fs = require("node:fs");
const source = fs.readFileSync(__dirname + "/engine-v3.js", "utf8");
const actions = require(__dirname + "/authorized-actions.js");
test("direct email bypass is removed", () => {
assert.doesNotMatch(source, /requestEmail|email_mode:\s*requestEmail|直接使用,不查白名单/);
assert.match(source, /禁止客户端指定邮箱/);
});
test("work-session lifecycle endpoints exist", () => {
for (const route of ["/auth/session/request", "/auth/session/confirm", "/auth/session/exec", "/auth/session/end"]) assert.match(source, new RegExp(route.replaceAll("/", "\\/")));
});
test("Zhulan and Canger identities are registered", () => {
assert.match(source, /ICE-GL-ZL-001/);
assert.match(source, /TCS-GL-009/);
assert.match(source, /PTS-VA-001-EED/);
assert.match(source, /ICE-GL-CA001/);
});
test("arbitrary shell commands are not accepted by the authorization flow", () => {
assert.doesNotMatch(source, /execCmd\(body\.cmd/);
assert.doesNotMatch(source, /execCmd\(op\.cmd/);
assert.match(source, /必须指定已登记 action/);
assert.deepEqual(actions.listActions().map((item) => item.id), ["inspect-gatekeeper", "sync-status"]);
assert.equal(actions.getAction("not-registered"), null);
});
test("Gatekeeper and sync-agent ports are separated", () => {
assert.match(source, /process\.argv\[2\] \|\| '3911'/);
const syncConfig = fs.readFileSync(__dirname + "/../../../server-tools/fifth-domain-sync-agent/config.example.json", "utf8");
assert.match(syncConfig, /"listen_port": 3982/);
});