You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Address 16th PR review: real redirect-rebind test, faithful raise_for_status
All test/doc-only (production logic unchanged):
- Finding 1 (genuine gap): the pre-existing test_redirect_to_private_ip_rejected
used Location https://127.0.0.1/, which is rejected by the ALLOWLIST check
(127.0.0.1 not allowlisted) before _assert_public_ip ever runs — so the actual
threat (an allowlisted .gov host that resolves private on a redirect hop) had
no coverage. Renamed that test to ..._rejected_by_allowlist (with a match=
"allowlist" assertion) and added test_redirect_to_allowlisted_host_resolving_
private_rejected, which 302-redirects to an allowlisted host (ecfr.gov) whose
DNS resolves to 127.0.0.1 and asserts the rejection comes from _assert_public_ip
(match="non-public").
- Finding 3 (premise was wrong, but test fidelity improved): httpx
raise_for_status DOES raise for any non-2xx incl. 3xx (verified 301/304/302),
so a 301-without-Location raises, not "silently returns a body". _mock_stream
now mirrors that (raise for non-2xx), and the 304 test is rewritten + para-
metrized over 301/304 to assert it raises HTTPStatusError rather than the
prior mocked body-return artifact.
- Finding 2: promoted the params-drop-on-redirect constraint into safe_fetch_bytes'
docstring (was inline-comment only) so callers reading the signature see it.
- Finding 4 (strip-list vs keep-allowlist) declined: the reviewer flags it as an
out-of-scope Phase-5 architectural note; the limitation is already documented.
0 commit comments