mirror of
https://github.com/NanmiCoder/cc-haha
synced 2026-07-18 13:23:33 +08:00
fix: avoid misleading clawhub scan summaries
Tested: bun test src/server/__tests__/skill-market.test.ts Tested: git diff --check Confidence: high Scope-risk: narrow
This commit is contained in:
parent
3b1f190938
commit
05ec549e3d
@ -70,6 +70,32 @@ describe('skill market source normalization', () => {
|
||||
})
|
||||
})
|
||||
|
||||
it('does not use clean ClawHub scanner summaries for blocked scans', () => {
|
||||
expect(normalizeClawHubScan({
|
||||
status: 'malicious',
|
||||
scanners: {
|
||||
metadata: { status: 'clean', summary: 'No dangerous patterns detected.' },
|
||||
},
|
||||
})).toEqual({
|
||||
trustState: 'blocked',
|
||||
trustSummary: undefined,
|
||||
packageSha256: undefined,
|
||||
})
|
||||
})
|
||||
|
||||
it('does not use clean ClawHub scanner summaries for warning scans', () => {
|
||||
expect(normalizeClawHubScan({
|
||||
status: 'suspicious',
|
||||
scanners: {
|
||||
metadata: { status: 'clean', summary: 'No dangerous patterns detected.' },
|
||||
},
|
||||
})).toEqual({
|
||||
trustState: 'warning',
|
||||
trustSummary: undefined,
|
||||
packageSha256: undefined,
|
||||
})
|
||||
})
|
||||
|
||||
it('normalizes SkillHub list items as fallback candidates with Chinese summary', () => {
|
||||
const result = normalizeSkillHubList(SKILLHUB_TOP_SKILLS_RESPONSE)
|
||||
|
||||
|
||||
@ -67,14 +67,14 @@ export function normalizeClawHubScan(payload: ClawHubScanResponse): {
|
||||
if (payload.status === 'malicious' || payload.status === 'blocked') {
|
||||
return {
|
||||
trustState: 'blocked',
|
||||
trustSummary: scannerSummaryForStatuses(['malicious', 'blocked']) ?? scannerSummary,
|
||||
trustSummary: scannerSummaryForStatuses(['malicious', 'blocked']),
|
||||
packageSha256: payload.sha256,
|
||||
}
|
||||
}
|
||||
if (payload.status === 'suspicious' || payload.hasWarnings) {
|
||||
return {
|
||||
trustState: 'warning',
|
||||
trustSummary: scannerSummaryForStatuses(['suspicious', 'warning']) ?? scannerSummary,
|
||||
trustSummary: scannerSummaryForStatuses(['suspicious', 'warning']),
|
||||
packageSha256: payload.sha256,
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user