test: use canonical tmpdir so non-existent deny paths match Seatbelt's resolved syscall paths

2026-05-06 21:52:30 +08:00 · 2026-04-23 11:01:09 +00:00
parent 97601041cb
commit 22a54816b4
1 changed files with 10 additions and 3 deletions
--- a/test/sandbox/macos-seatbelt.test.ts
+++ b/test/sandbox/macos-seatbelt.test.ts
@@ -6,6 +6,7 @@ import {
  rmSync,
  writeFileSync,
  readFileSync,
+  realpathSync,
 } from 'node:fs'
 import { tmpdir } from 'node:os'
 import { join } from 'node:path'
@@ -669,11 +670,17 @@ describe.if(isMacOS)('macOS Seatbelt Write Bypass Prevention', () => {
 describe.if(isMacOS)(
  'macOS Seatbelt Symlink Creation Bypass Prevention',
  () => {
-    const TEST_BASE_DIR = join(tmpdir(), 'seatbelt-create-test-' + Date.now())
+    // Use the canonical tmpdir (/private/var/... on macOS) so the deny rules —
+    // whose paths cannot be realpath-resolved because they don't exist yet —
+    // match the canonical syscall paths Seatbelt evaluates.
+    const TEST_BASE_DIR = join(
+      realpathSync(tmpdir()),
+      'seatbelt-create-test-' + Date.now(),
+    )
    const TEST_ALLOWED_DIR = join(TEST_BASE_DIR, 'allowed')
-    // Protected file whose parent (.claude) does NOT exist on disk
-    const TEST_DENIED_FILE = join(TEST_ALLOWED_DIR, '.claude', 'settings.json')
+    // Protected directory that does NOT exist on disk
    const TEST_DENIED_PARENT = join(TEST_ALLOWED_DIR, '.claude')
+    const TEST_DENIED_FILE = join(TEST_DENIED_PARENT, 'settings.json')
    const TEST_DECOY_DIR = join(TEST_ALLOWED_DIR, 'decoy')

    beforeAll(() => {