forked from molecule-ai/molecule-core
eb42f7d145
Per the 2026-04-23 audit, wsauth_middleware.go had two coverage holes
on auth-boundary code:
CanvasOrBearer 50.0% (only fail-open + Origin paths covered)
IsSameOriginCanvas 0.0% (exported wrapper never exercised)
This adds focused tests for the missing branches:
CanvasOrBearer:
- ValidBearer_Passes (path-1 success)
- InvalidBearer_Returns401 (auth-escape regression: bad
bearer + matching Origin must
NOT fall through to Origin)
- AdminTokenEnv_Passes (ADMIN_TOKEN constant-time match)
- DBError_FailOpen (documented fail-open behavior)
- SameOriginCanvas_Passes (path-3 combined-tenant image)
IsSameOriginCanvas / isSameOriginCanvas:
- ExportedWrapper_DelegatesToInternal
- DisabledByEnv (CANVAS_PROXY_URL unset short-circuit)
- BranchCoverage (table-driven: 11 host/referer/origin
cases incl. the h.example.com.evil.com
suffix-attack rejection)
Coverage moves CanvasOrBearer 50% → 100%, IsSameOriginCanvas 0% → 100%,
and middleware-package overall 81.6% → 86.0%. No production code change.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
||
|---|---|---|
| .. | ||
| cmd/server | ||
| internal | ||
| migrations | ||
| pkg/provisionhook | ||
| .ci-force | ||
| .gitignore | ||
| .golangci.yaml | ||
| Dockerfile | ||
| Dockerfile.tenant | ||
| entrypoint-tenant.sh | ||
| go.mod | ||
| go.sum | ||