fed8b2eed7
Backend release / release (push) Waiting to run
Bandit Security Scan / bandit_scan (push) Waiting to run
Build and push multi-arch DocsGPT Docker image / build (linux/amd64, ubuntu-latest, amd64) (push) Waiting to run
Build and push multi-arch DocsGPT Docker image / build (linux/arm64, ubuntu-24.04-arm, arm64) (push) Waiting to run
Build and push multi-arch DocsGPT Docker image / manifest (push) Blocked by required conditions
Build and push DocsGPT FE Docker image for development / build (linux/amd64, ubuntu-latest, amd64) (push) Waiting to run
Build and push DocsGPT FE Docker image for development / build (linux/arm64, ubuntu-24.04-arm, arm64) (push) Waiting to run
Build and push DocsGPT FE Docker image for development / manifest (push) Blocked by required conditions
Python linting / ruff (push) Waiting to run
Run python tests with pytest / Run tests and count coverage (3.12) (push) Waiting to run
React Widget Build / build (push) Waiting to run
45 lines
1.3 KiB
Python
45 lines
1.3 KiB
Python
"""Input validation for the add-auto-approve-pattern route.
|
|
|
|
These exercise ``add_auto_approve_pattern`` directly. The non-string and
|
|
missing-command cases short-circuit with a 400 before any DB access, so no
|
|
Postgres fixture is needed.
|
|
"""
|
|
|
|
from __future__ import annotations
|
|
|
|
import pytest
|
|
from flask import Flask
|
|
|
|
from application.api.devices import routes as routes_module
|
|
|
|
|
|
@pytest.fixture
|
|
def app():
|
|
return Flask(__name__)
|
|
|
|
|
|
def _call(app: Flask, body):
|
|
with app.test_request_context(
|
|
"/api/devices/dev_x/auto-approve",
|
|
method="POST",
|
|
json=body,
|
|
):
|
|
from flask import request as flask_request
|
|
|
|
flask_request.decoded_token = {"sub": "user_abc"}
|
|
return routes_module.add_auto_approve_pattern("dev_x")
|
|
|
|
|
|
@pytest.mark.parametrize("bad_command", [123, 12.5, True, ["ls"], {"c": 1}])
|
|
def test_add_auto_approve_rejects_non_string_command(app, bad_command):
|
|
# A truthy-but-non-string command must 400 rather than crash in shlex.
|
|
response = _call(app, {"command": bad_command})
|
|
assert response.status_code == 400
|
|
assert response.get_json()["error"] == "invalid_command"
|
|
|
|
|
|
def test_add_auto_approve_missing_command(app):
|
|
response = _call(app, {})
|
|
assert response.status_code == 400
|
|
assert response.get_json()["error"] == "missing_command"
|