hongming-kimi-laptop (Molecule AI agent)
290773ecbc
Some checks failed
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 5s
Lint curl status-code capture / Scan workflows for curl status-capture pollution (pull_request) Successful in 10s
CI / Detect changes (pull_request) Successful in 21s
E2E API Smoke Test / detect-changes (pull_request) Successful in 21s
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 22s
Handlers Postgres Integration / detect-changes (pull_request) Successful in 23s
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 18s
qa-review / approved (pull_request) Failing after 20s
sop-checklist / all-items-acked (pull_request) acked: 0/7 — missing: comprehensive-testing, local-postgres-e2e, staging-smoke, +4 — body-unfilled: 7
security-review / approved (pull_request) Failing after 17s
sop-checklist-gate / gate (pull_request) Successful in 17s
gate-check-v3 / gate-check (pull_request) Successful in 30s
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 37s
CI / Platform (Go) (pull_request) Successful in 8s
sop-tier-check / tier-check (pull_request) Successful in 13s
CI / Canvas (Next.js) (pull_request) Successful in 8s
CI / Shellcheck (E2E scripts) (pull_request) Successful in 5s
CI / Canvas Deploy Reminder (pull_request) Has been skipped
CI / Python Lint & Test (pull_request) Successful in 5s
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 5s
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 5s
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 5s
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 4s
CI / all-required (pull_request) Successful in 3s
lint-continue-on-error-tracking / lint-continue-on-error-tracking (pull_request) Failing after 1m15s
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m19s
Lint pre-flip continue-on-error / Verify continue-on-error flips have run-log proof (pull_request) Successful in 1m35s
Lint workflow YAML (Gitea-1.22.6-hostile shapes) / Lint workflow YAML for Gitea-1.22.6-hostile shapes (pull_request) Successful in 1m28s
audit-force-merge / audit (pull_request) Successful in 17s
89 lines
2.2 KiB
Python
89 lines
2.2 KiB
Python
"""Tests for `.gitea/scripts/lint-curl-status-capture.py`.
|
|
|
|
Run:
|
|
python3 -m pytest tests/test_lint_curl_status_capture.py -v
|
|
"""
|
|
from __future__ import annotations
|
|
|
|
import importlib.util
|
|
from pathlib import Path
|
|
|
|
|
|
SCRIPT_PATH = (
|
|
Path(__file__).resolve().parent.parent
|
|
/ ".gitea"
|
|
/ "scripts"
|
|
/ "lint-curl-status-capture.py"
|
|
)
|
|
|
|
|
|
def _load_module():
|
|
spec = importlib.util.spec_from_file_location("lint_curl_status_capture", SCRIPT_PATH)
|
|
module = importlib.util.module_from_spec(spec)
|
|
spec.loader.exec_module(module)
|
|
return module
|
|
|
|
|
|
def test_finds_quoted_echo_fallback_pollution():
|
|
lint = _load_module()
|
|
content = """
|
|
HTTP_CODE=$(curl -sS -o /tmp/body -w "%{http_code}" https://example.test || echo "000")
|
|
"""
|
|
|
|
findings = lint.scan_content("workflow.yml", content)
|
|
|
|
assert len(findings) == 1
|
|
assert "echo" in findings[0].snippet
|
|
|
|
|
|
def test_finds_unquoted_echo_fallback_pollution():
|
|
lint = _load_module()
|
|
content = """
|
|
HTTP_CODE=$(curl -sS -o /tmp/body -w '%{http_code}' https://example.test || echo 000)
|
|
"""
|
|
|
|
findings = lint.scan_content("workflow.yml", content)
|
|
|
|
assert len(findings) == 1
|
|
assert "echo" in findings[0].snippet
|
|
|
|
|
|
def test_finds_printf_fallback_pollution():
|
|
lint = _load_module()
|
|
content = """
|
|
HTTP_CODE=$(curl -sS -o /tmp/body -w '%{http_code}' https://example.test || printf '000')
|
|
"""
|
|
|
|
findings = lint.scan_content("workflow.yml", content)
|
|
|
|
assert len(findings) == 1
|
|
assert "printf" in findings[0].snippet
|
|
|
|
|
|
def test_ignores_tempfile_fallback_after_curl():
|
|
lint = _load_module()
|
|
content = """
|
|
set +e
|
|
curl -sS -o /tmp/body -w '%{http_code}' https://example.test >/tmp/code
|
|
rc=$?
|
|
set -e
|
|
HTTP_CODE=$(cat /tmp/code 2>/dev/null || echo "000")
|
|
[ -z "$HTTP_CODE" ] && HTTP_CODE="000"
|
|
"""
|
|
|
|
assert lint.scan_content("workflow.yml", content) == []
|
|
|
|
|
|
def test_collapses_bash_line_continuations():
|
|
lint = _load_module()
|
|
content = """
|
|
HTTP_CODE=$(curl -sS -o /tmp/body \\
|
|
-w "%{http_code}" \\
|
|
https://example.test \\
|
|
|| echo "000")
|
|
"""
|
|
|
|
findings = lint.scan_content("workflow.yml", content)
|
|
|
|
assert len(findings) == 1
|