Skip to content

Commit 3a0c9e7

Browse files
github-actions[bot]Copilot
github-actions[bot]
and
Copilot
authored
test: reduce and improve tests in src/validate.rs (#649)
- test_reject_pipeline_injection: replace duplicate {{ copilot_params }} template-marker assertion with $[variables.x] runtime expression, covering the untested $[ ADO expression form - test_validate_container_image: add message-content assertions for both invalid cases (is_empty() alone did not verify the warning reason) - test_validate_docker_args_volume_flag_calls_mount_validation: assert on warnings[1] content to verify the sensitive-path sub-warning is generated - test_validate_mcp_url: assert the warning message mentions the expected schemes instead of only checking is_empty() - test_validate_feed_url_rejects_double_quote + test_validate_feed_url_rejects_single_quote: merge into single test_validate_feed_url_rejects_quotes (two trivially single-assertion tests for the same feature) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
1 parent f63a1a6 commit 3a0c9e7

1 file changed

Lines changed: 12 additions & 9 deletions

File tree

src/validate.rs

Lines changed: 12 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -607,7 +607,7 @@ mod tests {
607607
assert!(reject_pipeline_injection("$(SYSTEM_ACCESSTOKEN)", "field").is_err());
608608
assert!(reject_pipeline_injection("value\ninjected", "field").is_err());
609609
assert!(reject_pipeline_injection("{{ agent_content }}", "field").is_err());
610-
assert!(reject_pipeline_injection("{{ copilot_params }}", "field").is_err());
610+
assert!(reject_pipeline_injection("$[variables.x]", "field").is_err());
611611
assert!(reject_pipeline_injection("##vso[task.setvariable]x", "field").is_err());
612612
assert!(reject_pipeline_injection("##[section]foo", "field").is_err());
613613
}
@@ -632,8 +632,12 @@ mod tests {
632632
fn test_validate_container_image() {
633633
assert!(validate_container_image("node:20-slim", "mcp").is_empty());
634634
assert!(validate_container_image("ghcr.io/org/tool:latest", "mcp").is_empty());
635-
assert!(!validate_container_image("", "mcp").is_empty());
636-
assert!(!validate_container_image("$(malicious)", "mcp").is_empty());
635+
let empty_warnings = validate_container_image("", "mcp");
636+
assert!(!empty_warnings.is_empty());
637+
assert!(empty_warnings[0].contains("empty"));
638+
let injection_warnings = validate_container_image("$(malicious)", "mcp");
639+
assert!(!injection_warnings.is_empty());
640+
assert!(injection_warnings[0].contains("unexpected characters"));
637641
}
638642

639643
#[test]
@@ -661,13 +665,16 @@ mod tests {
661665
);
662666
assert!(warnings.len() >= 2); // bypass warning + sensitive path
663667
assert!(warnings[0].contains("bypasses mounts"));
668+
assert!(warnings[1].contains("sensitive"));
664669
}
665670

666671
#[test]
667672
fn test_validate_mcp_url() {
668673
assert!(validate_mcp_url("https://mcp.example.com", "mcp").is_empty());
669674
assert!(validate_mcp_url("http://localhost:8080", "mcp").is_empty());
670-
assert!(!validate_mcp_url("ftp://example.com", "mcp").is_empty());
675+
let warnings = validate_mcp_url("ftp://example.com", "mcp");
676+
assert!(!warnings.is_empty());
677+
assert!(warnings[0].contains("http://") || warnings[0].contains("https://"));
671678
}
672679

673680
#[test]
@@ -705,12 +712,8 @@ mod tests {
705712
}
706713

707714
#[test]
708-
fn test_validate_feed_url_rejects_double_quote() {
715+
fn test_validate_feed_url_rejects_quotes() {
709716
assert!(validate_feed_url("https://example.com/feed\"name", "test").is_err());
710-
}
711-
712-
#[test]
713-
fn test_validate_feed_url_rejects_single_quote() {
714717
assert!(validate_feed_url("https://example.com/feed'name", "test").is_err());
715718
}
716719
}

0 commit comments

Comments
 (0)