>jVrpdZddlmZddlZddlmcmZddl Z ddl m Z ddl m Z mZe ej!j"dZeee j(vr"e j(j+deeddlmZmZmZmZmZmZmZmZmZm Z m!Z!m"Z"dZ#ddd ed d  d/d Z$d0d Z%d0dZ&d0dZ'd0dZ(d0dZ)d0dZ*d0dZ+d0dZ,d0dZ-d0dZ.d0dZ/d0dZ0d0dZ1d0dZ2d0dZ3d0dZ4d0dZ5d0dZ6d0dZ7d0d Z8d0d!Z9d0d"Z:d0d#Z;d0d$Zd0d'Z?d0d(Z@d0d)ZAd0d*ZBd0d+ZCd0d,ZDd-ZEd.ZFy)1uanu_v2.tests.test_auto_gemini_triage_2538 — 9 회귀 (회장 §명시 1:1 박제). 회귀 케이스 (회장 §명시): 1. false_positive dismiss — 회귀 fixture 매칭 시 dismiss 2. style_only dismiss — 코드 동작 무관 style 권고 dismiss 3. minor_fix_in_scope auto_apply — expected_files 내부 minor fix 자동 적용 4. scope_expansion escalate — expected_files 밖 수정 요구 → Critical 5. Security-High in scope — Security 권고는 minor 무관 적용 (단 scope 내부) 6. Security-High out of scope — escalate 7. interface contract — applied/dismissed/escalated 3 키 제공 8. token raw 0 — finding 처리 후 raw 토큰 노출 0 9. chat=6937032012 격리 — 다른 chat record 노출 0 본 회귀는 anu_v2/* 모듈만 import 한다 (one-way isolation). ) annotationsN)Path)AnyMapping) ACTION_AUTO_APPLY_MINOR_FIXACTION_DISMISS_FALSE_POSITIVEACTION_DISMISS_STYLE_ONLYACTION_ESCALATE_SCOPE_EXPANSIONACTIONSCRITICAL_GEMINI_SCOPE_EXPANSIONDEFAULT_CHAT_IDTOKEN_KEY_HINTSAutoGeminiTriageFalsePositiveFixture TriageResult_redact_tokens)anu_v2/auto_gemini_triage.pyz,anu_v2/tests/test_auto_gemini_triage_2538.pyz task-2538) audit_calls fix_applierfixtureschat_idtask_idc6gfd}t|||||S)Nc:jt|yNappenddictrecrs @/home/jay/workspace/anu_v2/tests/test_auto_gemini_triage_2538.py audit_writerz"_make_triage..audit_writer>49%)r$rfalse_positive_fixturesrr)r)rrrrrr$s` r# _make_triager(3s3 & ! (  r&c@g}tddf}t||}dddddd d }|j|t\}}|tk(}|st j d |fd |tfd tjvst j|rt j|nd dtjvst jtrt jtnddz}dd|iz}tt j|d}|d} d} | | k(} | slt j d | fd| | ft j| t j| dz}dd|iz} tt j| dx} x} } |d} d} | | k(} | slt j d | fd| | ft j| t j| dz}dd|iz} tt j| dx} x} } y)Nz unused-importz vendored stubrule_idreason)rrLowstylerzF401 unused importzmodule-level import not usedr+severitycategorypathtitlebody==z%(py0)s == %(py2)sactionr py0py2assert %(py4)spy4r+z%(py1)s == %(py4)spy1r=assert %(py6)spy6fixture_reason rr(classify_evidenceEXPECTED_FILES_DEFAULTr @pytest_ar_call_reprcompare @py_builtinslocals_should_repr_global_name _safereprAssertionError_format_explanation) auditrtriagefindingr8details @py_assert1 @py_format3 @py_format5 @py_assert0 @py_assert3 @py_assert2 @py_format7s r#)test_1_false_positive_dismiss_via_fixturerZKsk%'E__MHeh ?F#.%. G..w8NOOFG 2 22226222222262226222222222222222222 9 00  0000 000 0000000000 # $77 $ 7777 $777 $7777777777r&c.tdddf}t|}ddd}ddd}|j|t\}}|j|t\}}|tk(}|st j d |fd |tfd tjvst j|rt j|nd d tjvst jtrt jtnd d z}dd|iz} tt j| d}|tk7}|st j d|fd|tfdtjvst j|rt j|ndd tjvst jtrt jtnd d z}dd|iz} tt j| d}y)Nzredundant-castzint\(int_value\)zPython 3 idiomr+ signaturer,rzint(int_value) is redundant)r+r4zdifferent body contentr5r7a1r r9r<r=)!=)z%(py0)s != %(py2)sa2rD) rrPmatching non_matchingr__rarSrTrUs r#+test_1_false_positive_signature_regex_matchre`sB$)# H8 ,F+5RSH/9QRL  $ $X/E FEB  $ $\3I JEB . ....2.......2...2.................. . ....2.......2...2..................r&ct}ddddddd}|j|t\}}|tk(}|st j d|fd |tfd t jvst j|rt j|nd d t jvst jtrt jtnd d z}d d|iz}tt j|d}|d}d}||k(} | slt j d| fd||ft j|t j|dz}dd|iz} tt j| dx}x} }y)Nzindent-not-multiple-of-fourr-r.r indentationzuse 4-space indentr/r5r7r8r r9r<r=r1r>r?rArB r(rErFr rGrHrIrJrKrLrMrN rPrQr8rRrSrTrUrVrWrXrYs r#test_2_style_only_dismissrjus ^F0.$ G..w8NOOFG . ....6.......6...6.................. : )') ' )))) '))) )))')))))))r&ct}dddddd}|j|t\}}|tk(}|st j d|fd|tfd t jvst j|rt j|nd d t jvst jtrt jtnd d z}d d |iz}tt j|d}y)uKstyle 권고는 path 가 scope 밖이어도 dismiss (코드 동작 무관).ztrailing-whitespacer-r.zutils/some_other.pyztrailing whitespacer+r0r1r2r3r5r7r8r r9r<r=Nrh)rPrQr8rdrSrTrUs r#0test_2_style_only_dismiss_even_when_out_of_scoperms ^F(%& G((2HIIFA . ....6.......6...6..................r&cfg}t|}dddddd}|j|t\}}|tk(}|st j d|fd |tfd t jvst j|rt j|nd d t jvst jtrt jtnd d z}d d|iz}tt j|d}|d}d} || k(} | slt j d| fd|| ft j|t j| dz}dd|iz} tt j| dx}x} } |j|d} | d}d} || u} | slt j d| fd|| ft j|t j| dz}dd|iz} tt j| dx}x} } | d}d} || u} | slt j d| fd|| ft j|t j| dz}dd|iz} tt j| dx}x} } t|} d} | | k(}|st j d|fd| | fdt jvst jtrt jtnddt jvst j|rt j|ndt j| t j| dz} dd | iz}tt j|dx} x}} |d!d"}d#} || k(} | slt j d| fd|| ft j|t j| dz}dd|iz} tt j| dx}x} } y)$Nrzmissing-type-annotationMediumbugrz add type hintrlr5r7r8rr9r<r=r2r>r?rArBappliedTisz%(py1)s is %(py4)s escalatedFz0%(py3)s {%(py3)s = %(py0)s(%(py1)s) } == %(py6)slenrOr:r@py3rBassert %(py8)spy8rkindauto_apply_minor_fix)r(rErFrrGrHrIrJrKrLrMrNapply_minor_fixry)rOrPrQr8rRrSrTrUrVrWrXrYr" @py_assert5 @py_assert4 @py_format9s r#$test_3_minor_fix_in_scope_auto_applyrs%'E e ,F,. G..w8NOOFG 0 00006000000060006000000000000000000 6?<<!T!>T !!!!>T!!!>!!!T!!!!!!! { $u$ u $$$$ u$$$ $$$u$$$$$$$ u::?:33uu: 8F 555 5 5555 5555 55555555555r&c^g}dd}t||}ddddd}|j|d}|d}d }||u}|sltjd |fd ||ftj|tj|d z}d d|iz} t tj | dx}x}}|d}d}||u}|sltjd |fd ||ftj|tj|d z}d d|iz} t tj | dx}x}}|dd}d}||k(}|sltjd|fd||ftj|tj|d z}d d|iz} t tj | dx}x}}y)uPfix_applier 가 False 반환 시 record 가 escalate 로 전환되어야 한다.c ||f}y)NFr)rQ target_filerds r#failing_applierzAtest_3_minor_fix_apply_failure_escalates..failing_appliers k "r&)rrxrprqrr+r0r1r2rrFrsrur?rArBNrvTrr~auto_apply_failed_escalatedr5r>)rQzMapping[str, Any]rstrreturnbool)r(rrGrHrLrMrN) rOrrPrQr"rVrWrXrUrYs r#(test_3_minor_fix_apply_failure_escalatesrs<%'Ee IF. G  *H IC y>"U">U """">U""">"""U""""""" { #t# t #### t### ###t####### 8F <<< < <<<< <<<< <<<<<<<<<<r?rArB critical_codez%(py1)s == %(py3)sr r@r{assert %(py5)spy5r~scope_expansion_criticalrr(rErFr rGrHrIrJrKrLrMrNescalate_scope_expansionr rOrPrQr8rRrSrTrUrVrWrXrYr" @py_format4 @py_format6s r#(test_4_scope_expansion_escalate_criticalrs2%'E e ,F'*' G..w8NOOFG 4 44446444444464446444444444444444444 8 : ::  : ::::  :::: ::: ::::::::  ) )' 2C  B #B BBBB #BBBB BBBBBB#BBBB#BBBBBBBB v;444;4 4444;4444;44444444444 8O $G $(G GGGG $(GGGG $GGGGGG(GGGG(GGGGGGGGr&ct}dddddd}|j|t\}}|tk(}|st j d|fd|tfd t jvst j|rt j|nd d t jvst jtrt jtnd d z}d d |iz}tt j|d}|d}d}||k(} | slt j d| fd||ft j|t j|dz}dd|iz} tt j| dx}x} }y)uXSecurity-High 권고는 style/minor 분류와 무관하게 우선 적용 (scope 내부).zowasp-a02-injectionHighsecurityrzSQL-like string concatenationrlr5r7r8rr9r<r=Nr,security_high_in_scoper>r?rArB) r(rErFrrGrHrIrJrKrLrMrNris r#*test_5_security_high_in_scope_auto_appliesrs ^F(.0 G..w8NOOFG 0 00006000000060006000000000000000000 8 8 88  8 8888  8888 888 88888888r&cg}t|}dddddd}|j|t\}}|tk(}|st j d|fd |tfd t jvst j|rt j|nd d t jvst jtrt jtnd d z}d d|iz}tt j|d}|d}d} || k(} | slt j d| fd|| ft j|t j| dz}dd|iz} tt j| dx}x} } |j|} | d}|tk(} | st j d| fd|tft j|dt jvst jtrt jtnddz} dd| iz}tt j|dx}} y)uNSecurity-High 라도 scope 밖이면 절대 자동 적용 X — 회장 보고.rozowasp-a01-broken-accessrrz utils/auth.pyz auth bypassrlr5r7r8r r9r<r=Nr,security_high_out_of_scoper>r?rArBrrr rrrrrs r#+test_6_security_high_out_of_scope_escalatesrsw%'E e ,F, G..w8NOOFG 4 44446444444464446444444444444444444 8 < <<  < <<<<  <<<< <<< <<<<<<<<  ) )' 2C  B #B BBBB #BBBB BBBBBB#BBBB#BBBBBBBBr&c 4 ttddf}dddddd d dddd d d ddd dd ddd g}|j|t}|j}|}t |}hd}||k(}|st jd|fd||fdtjvst jt rt jt nddtjvst j|rt j|ndt j|t j|t j|t j|dz}dd|iz} tt j| dx}x}x}x}}|d} t| } d}| |k(} | st jd| fd| |fdtjvst jtrt jtndt j| t j| t j|dz} dd | iz}tt j|dx} x} x} }|d!} t| } d"}| |k(} | st jd| fd| |fdtjvst jtrt jtndt j| t j| t j|dz} dd | iz}tt j|dx} x} x} }|d#} t| } d"}| |k(} | st jd| fd| |fdtjvst jtrt jtndt j| t j| t j|dz} dd | iz}tt j|dx} x} x} }|d#d$d%}|tk(}|st jd|fd&|tft j|d'tjvst jtrt jtnd'd(z}d)d*|iz}tt j|dx}}y)+Nzknown-fpfixturer*r^r-r.rrr+r0r1r2r4indentrz type-hintrprqzperf-x performancez utils/perf.py>rr dismissedrvr5)zb%(py7)s {%(py7)s = %(py0)s(%(py5)s {%(py5)s = %(py3)s {%(py3)s = %(py1)s.keys }() }) } == %(py10)ssetout)r:r@r{rpy7py10assert %(py12)spy12rrz0%(py4)s {%(py4)s = %(py0)s(%(py2)s) } == %(py7)sryr:r;r=rassert %(py9)spy9rrrwrvrrrr rrr)r(r triage_batchrFkeysrrGrHrIrJrKrLrMrNryr )rPfindingsrrXr @py_assert6 @py_assert9 @py_assert8 @py_format11 @py_format13rSrWr @py_format8 @py_format10rVrrs r#+test_7_triage_batch_interface_contract_keysrs7 &z)LNF Ew/ >%W/ 1 X5/ 1(   " H   h(> ?CxxCxzC3z?CCC?C CCCC?CCCCCCC3CCC3CCCCCCsCCCsCCCxCCCzCCC?CCCCCCCCCCC;%3 %A% A %%%% A%%%%%%3%%%3%%%%%% %%%A%%%%%%%9~#3~ #!# ! #### !######3###3###~### ###!#######;%3 %A% A %%%% A%%%%%%3%%%3%%%%%% %%%A%%%%%%% { A  /R /3R RRRR /3RRRR /RRRRRR3RRRR3RRRRRRRRr&ct}|jgt}gggd}||k(}|stjd|fd||fdt j vstj|rtj|ndtj|dz}dd|iz}ttj|dx}}y)N)rrrrvr5%(py0)s == %(py3)srr:r{rr) r(rrFrGrHrIrJrKrLrMrN)rPrrXrSrrs r#6test_7_triage_batch_empty_findings_returns_empty_listsrs ^F   b"8 9C rCC3C CCCC3CCCCCCC3CCC3CCCCCCCCCCCr&cvt}|j}d}||u}|stjd|fd||fdt j vstj |rtj|ndtj|tj|dz}dd|iz}ttj|dx}x}}|jjd ti|j}d }||u}|stjd|fd||fdt j vstj |rtj|ndtj|tj|dz}dd|iz}ttj|dx}x}}y) uIhas_escalation 은 Critical 보고 대상 존재 여부를 즉시 반환.Frs)z6%(py2)s {%(py2)s = %(py0)s.has_escalation } is %(py5)sr)r:r;rzassert %(py7)srNrT) rhas_escalationrGrHrIrJrKrLrMrNrvrr )rrSrrWrrs r#(test_7_triage_result_has_escalation_flagrsA  $u$ u $$$$ u$$$$$$1$$$1$$$ $$$u$$$$$$$KK)HIJ  #t# t #### t######1###1### ###t#######r&c g}t|}dddddddd d id }|j|gt}t|t|z}d }||v}|st j d |fd||ft j |dtjvst j|rt j |nddz}dd|iz}tt j|dx}}d}||v}|st j d |fd||ft j |dtjvst j|rt j |nddz}dd|iz}tt j|dx}}d}||v}|st j d |fd||ft j |dtjvst j|rt j |nddz}dd|iz}tt j|dx}}d}||v}|st j d|fd||ft j |dtjvst j|rt j |nddz}dd|iz}tt j|dx}}y)ucfinding 안에 BOT_GITHUB_TOKEN raw 가 박혀 들어와도 audit/결과에 노출되지 않는다.rozleak-xrprqrzToken leak in logz#found GH_TOKEN=ghs_LEAKED1234567890ghs_should_be_redacted_xxxxx github_token ghp_owner_pat_should_be_redacted)r+r0r1r2r3r4BOT_GITHUB_TOKENevidenceghs_should_be_redactednot inz%(py1)s not in %(py3)sblobrrrN ghp_owner_patghs_LEAKED1234567890***REDACTED***inz%(py1)s in %(py3)s) r(rrFreprrGrHrLrIrJrKrMrN) rOrPleaked_findingrrrVrXrrs r#)test_8_token_raw_zero_in_audit_and_resultr#s%'E e ,F.$5:#%GH N   ~.0F GC 9tE{ "D #/ #4 //// #4/// #//////4///4/////// &?$ &&&&?$&&&?&&&&&&$&&&$&&&&&&& !- ! ---- !--- !---------------- # t #### t### ######t###t#######r&c$ddddiddgd}t|}t|}d}||v}|stjd |fd ||ftj|d t j vstj|rtj|nd d z}d d|iz}ttj|dx}}d}||v}|stjd |fd ||ftj|d t j vstj|rtj|nd d z}d d|iz}ttj|dx}}d}||v}|stjd |fd ||ftj|d t j vstj|rtj|nd d z}d d|iz}ttj|dx}}|d}d}||k(}|sltjd|fd||ftj|tj|dz}dd|iz} ttj| dx}x}}y)NTghs_RAW_TOKEN_xxxxz x-api-keyghp_xxxxxxxxxxxxxxxxxxxxfineghs_inside_string_value)ok GITHUB_TOKENnested list_field ghs_RAW_TOKENrrsrrrrrr5r>r?rArB) rrrGrHrLrIrJrKrMrN) rawredactedrrVrXrrrWrUrYs r#5test_8_redact_tokens_helper_handles_nested_structuresr<s, :;89  C c"H XA #?! ####?!###?######!###!####### %. %Q .... %Q... %......Q...Q....... $- $A ---- $A--- $------A---A------- N #7'77 #'7 7777 #'7777 #777'77777777r&cZtd}ddddddddddd ddd d g}|j|}t|}d }||k(}|stjd |fd||fdt j vstjtrtjtnddt j vstj|rtj|ndtj|tj|dz}dd|iz}ttj|dx}x}}|Dchc]}|d } }dd h} | | k(}|sltjd |fd| | ftj| tj| dz} dd| iz}ttj|dx} x}} t|} d} | | v}|stjd|fd| | ftj| dt j vstj| rtj| nddz} dd | iz}ttj|dx} }d!} | | v}|stjd|fd| | ftj| dt j vstj| rtj| nddz} dd | iz}ttj|dx} }ycc}w)"uHlist_chat_audit 가 본 인스턴스 chat_id 외 record 를 0건 노출. 6937032012)rra)rr~r+ 9999999999brcd)r~r+rr5rxryvisiblerzr|r}Nr+r>r?rArBz"b"rrrrrrz'b') r(list_chat_auditryrGrHrIrJrKrLrMrNr)rP mixed_recordsrrXrrrYrrrVrWrUrrrs r#0test_9_chat_isolation_filters_other_chat_recordsrLs , /F *@SQ *@SQ *DQTU'C8 M$$]3G w<1<1 <133ww<1") *QAiL *8 *sCj8 *j 8888 *j888 *888j8888888 =D 5 55 5 55 +s L(cg}t|d}ddddd}|j|gtd|D}t|}|sd d t j vst jtrt jtnd t j|t j|d z}tt j|d x}}y ) u]audit_writer 호출 시점에 chat_id 가 박혀 있어야 list_chat_audit 가 격리 가능.r)rrzrprqrrc3DK|]}|jddk(yw)rrN)get).0rs r# zItest_9_audit_records_tagged_with_chat_id_at_write_time..is?AquuY</?s z,assert %(py4)s {%(py4)s = %(py0)s(%(py2)s) }all)r:r;r=N) r(rrFrrIrJrGrKrLrMrN)rOrPrQrSrWrUs r#6test_9_audit_records_tagged_with_chat_id_at_write_timer_s%'E e\ BFH%.G  #9:???3? ?? ??????3???3??????? ???????r&cpd}t|k(}|stjd|fdt|fdtjvstj trtj tndtj |dz}dd|iz}ttj|dx}}y) u)회장 §명시: default chat=6937032012.rr5rrrrrN) rrGrHrIrJrKrLrMrN)rXrSrrs r#'test_9_default_chat_id_is_chairman_chatrls[**?l ****?l******?***?***l*******r&cbttttth}|j }|t }|sddtjvstj|rtj|ndtj|dtjvstjt rtjt ndtj|dz}ttj|dx}}tt }d}||k\}|stjd|fd||fd tjvstjtrtjtnd dtjvstjt rtjt ndtj|tj|d z}d d |iz}ttj|dx}x}}y) u 회장 §명시 v0 4 분류는 보존 (제거/이름 변경 금지). task-2558 §명시 (2026-05-12) 가 ACTIONS 를 5번째 분류 (minor_in_expected_files) + cascade reply+resolve 용으로 확장. v0 doctrine 4 action 자체는 변형 0 이어야 함. zJassert %(py5)s {%(py5)s = %(py2)s {%(py2)s = %(py0)s.issubset }(%(py3)s) } v0_actionsr )r:r;r{rN)>=)z0%(py3)s {%(py3)s = %(py0)s(%(py1)s) } >= %(py6)sryrzr|r}) frozensetr r rr issubsetr rIrJrGrKrLrMrNryrH)rrSrrrXrrYrs r# test_actions_set_is_exactly_fourrrs, %!#' J   ' w '' '''''':''':''' ''''''w'''w''' ''''''' w<1<1 <133ww<1r&c  t}ddh}|j}d}|||}d}||u}|stjd|fd||fdt j vstj |rtj|ndtj|tj|dt j vstj |rtj|ndtj|tj|d z}d d |iz}ttj|d x}x}x}x}}|j}d }|||}d}||u}|stjd|fd||fdt j vstj |rtj|ndtj|tj|dt j vstj |rtj|ndtj|tj|d z}d d |iz}ttj|d x}x}x}x}}|j}d}|||}d}||u}|stjd|fd||fdt j vstj |rtj|ndtj|tj|dt j vstj |rtj|ndtj|tj|d z}d d |iz}ttj|d x}x}x}x}}|j}d}|||}d}||u}|stjd|fd||fdt j vstj |rtj|ndtj|tj|dt j vstj |rtj|ndtj|tj|d z}d d |iz}ttj|d x}x}x}x}}|j}d}|||}d}||u}|stjd|fd||fdt j vstj |rtj|ndtj|tj|dt j vstj |rtj|ndtj|tj|d z}d d |iz}ttj|d x}x}x}x}}y )uHexpected_files 가 glob 패턴인 경우도 매칭 정확 (`anu_v2/**`).z anu_v2/**z tests/**/*.pyrTrsz[%(py7)s {%(py7)s = %(py2)s {%(py2)s = %(py0)s.is_in_scope }(%(py4)s, %(py5)s) } is %(py10)srPexpectedr:r;r=rrrrrNzanu_v2/sub/x.pyztests/regression/test_x.pyzutils/forbidden.pyF r( is_in_scoperGrHrIrJrKrLrMrN) rPr rSrWrrrrrs r#&test_is_in_scope_handles_glob_patternsrs ^F_-H   O<O r?rArB) rrGrHrLrIrJrKrMrNr) rVrXrrrrrWrUrYs r#2test_gemini_medium_token_hints_includes_github_patr"s +=O ++++=O+++=++++++O+++O+++++++ "$D ECc"H + ,@0@@ ,0@ @@@@ ,0@@@@ ,@@@0@@@@@@@@r&ct}d}t||}| }|sddtjvst j trt j tnddtjvst j |rt j |ndt j |t j |dz}tt j|dx}x}}y)uGemini medium #2: audit_dir 인자 제거 박제 — 미사용 속성 0건. 회귀: AutoGeminiTriage 인스턴스에 _audit_dir 속성이 존재하지 않음을 확인. _audit_dirz9assert not %(py5)s {%(py5)s = %(py0)s(%(py1)s, %(py3)s) }hasattrrP)r:r@r{rN) r(r%rIrJrGrKrLrMrN)rPrXrrrYs r#0test_gemini_medium_no_unused_audit_dir_attributer&s ^F+,wv|,,, ,, ,,,,,,w,,,w,,,,,,v,,,v,,,|,,,,,,,,,,r&c Jt}dh}|j}d}|||}d}||u}|stjd|fd||fdt j vstj |rtj|ndtj|tj|dt j vstj |rtj|ndtj|tj|dz}dd |iz}ttj|d x}x}x}x}}|j}d }|||}d }||u}|stjd|fd||fdt j vstj |rtj|ndtj|tj|dt j vstj |rtj|ndtj|tj|dz}dd |iz}ttj|d x}x}x}x}}|j}d}d } ||| } d} | | u}|stjd|fd| | fdt j vstj |rtj|ndtj|tj|tj| tj| tj| dz} dd| iz} ttj| d x}x}x} x} x}} y )uGemini medium #3: is_in_scope 가 이미 set 인 expected_files 재정규화 생략. 회귀: 동일 set 인스턴스를 반복 전달해도 복사가 일어나지 않음 (id 비교). `triage_batch` 핫패스 최적화의 박제. rTrsr rP expected_setr rrNz utils/x.pyF)z anu_v2/auto_gemini_triage.py )z[%(py8)s {%(py8)s = %(py2)s {%(py2)s = %(py0)s.is_in_scope }(%(py4)s, %(py6)s) } is %(py11)s)r:r;r=rBr}py11zassert %(py13)spy13r )rPr(rSrWrrrrrr @py_assert7 @py_assert10 @py_format12 @py_format14s r#7test_gemini_medium_is_in_scope_skips_renormalize_on_setr/s ^F<=L   S<S  ^F'.1 L((7MNIFA . ....6.......6...6..................6,5 H5H((3IJIFA . ....6.......6...6..................r&ct}dh}ddddd}|j||\}}|tk(}|stjd|fd|tfdt j vstj|rtj|ndd t j vstjtrtjtnd d z}d d |iz}ttj|d }|j||\}}|j||\} }|| k(}| tk(} |r| stjd|| fd|| tfdt j vstj|rtj|nddt j vstj| rtj| ndd t j vstjtrtjtnd dz}dd|iz} ttj| d x}} dh} || k(}|stjd|fd|| fdt j vstj|rtj|ndtj| dz} dd| iz} ttj| d x}} y )uGemini 2차 medium #2: classify_evidence 도 set 입력 재정규화 생략 박제. `triage_batch` 가 한 번 정규화한 set 을 매 finding 처리에 그대로 전달하므로 재정규화 비용 0 — 핫패스 최적화. rrrprqrr5r7r8rr9r<r=N)r6r6)rz%(py3)s == %(py4)saction2action3)r:r{r=rArBrpre_normalizedrrr) r(rErrGrHrIrJrKrLrMrN)rPr8rQr8rdrSrTrUr6r7rXrYrrs r#=test_gemini_medium_classify_evidence_skips_renormalize_on_setr9s ^F >?NH%.G ((.AIFA 0 00006000000060006000000000000000000))'>BJGQ))'>BJGQ g <= ====>=======>===>===========r&c d}t|}d}||k(}|stjd|fd||fdtjvstj trtj tndtj |tj |tj |dz}dd|iz}ttj|d x}x}x}}d }t|}d}||k(}|stjd|fd||fdtjvstj trtj tndtj |tj |tj |dz}dd|iz}ttj|d x}x}x}}d }t|}d}||k(}|stjd|fd||fdtjvstj trtj tndtj |tj |tj |dz}dd|iz}ttj|d x}x}x}}d }t|}d }||k(}|stjd|fd||fdtjvstj trtj tndtj |tj |tj |dz}dd|iz}ttj|d x}x}x}}d }t|}d}||k(}|stjd|fd||fdtjvstj trtj tndtj |tj |tj |dz}dd|iz}ttj|d x}x}x}}y )uGemini 3차 medium #1: _redact_tokens 가 value.lower() 를 루프당 1회만 호출. 회귀 fixture: prefix 검출 결과는 동일하되, 동일 결과를 보장. ghp_TEST_abc123rr5rrrrrNGHP_UPPERCASE_xxgithub_pat_TEST normal textghs_BOT_session_) rrGrHrIrJrKrLrMrN)rSrWrrrrs r#+test_gemini_medium_redact_lowers_value_oncer@ s ,@>+ ,@0@@ ,0@ @@@@ ,0@@@@@@@>@@@>@@@+@@@ ,@@@0@@@@@@@@,A>, -A1AA -1A AAAA -1AAAAAAA>AAA>AAA,AAA -AAA1AAAAAAAA+@>+ ,@0@@ ,0@ @@@@ ,0@@@@@@@>@@@>@@@+@@@ ,@@@0@@@@@@@@'9>- (9M9 (M 9999 (M999999>999>999-999 (999M9999999,A>, -A1AA -1A AAAA -1AAAAAAA>AAA>AAA,AAA -AAA1AAAAAAAAr&cddi}t|}d}||v}|stjd|fd||ftj|dt j vstj |rtj|nddz}dd|iz}ttj|d x}}d }||v}|stjd |fd ||ftj|dt j vstj |rtj|nddz}dd|iz}ttj|d x}}t|}d}||v}|stjd|fd||ftj|d t j vstj |rtj|nd dz}dd|iz}ttj|d x}}y )uGemini 6차 Security-High #1: dict key 자체에 박힌 raw token 도 redact. 예전 동작: 끼='ghp_TOKEN' 인 경우 끼는 raw 그대로 노출 (token leak). 수정 후: key 자체에 _redact_tokens 재귀 → '***REDACTED***' 로 마스킹. ghp_LEAKED_KEY_NAMEzok-valuerrrrrrNrrrr) rrGrHrLrIrJrKrMrNr)rrrVrXrrrs r#5test_gemini_security_high_dict_key_itself_is_redactedrCs5 !* -Cc"H 0  0000 000 0000000000000000 ' x '''' x''' ''''''x'''x''''''' >D ,  ,,,, ,,, ,,,,,,,,,,,,,,,,r&cHddlm}|}d|d<d|d<t|}|d}d}||k(}|sltjd|fd ||ftj |tj |d z}d d |iz}t tj|d x}x}}|d}d}||k(}|sltjd|fd ||ftj |tj |d z}d d |iz}t tj|d x}x}}y )uSGemini 6차 Security-High #2: dict 외 Mapping (OrderedDict 등) 도 동일 처리.r) OrderedDictghs_LEAKED_xxxrr safe_fieldrr5r>r?rArBN) collectionsrErrGrHrLrMrN)rErrrVrWrXrUrYs r#6test_gemini_security_high_supports_ordereddict_mappingrI(s' -C*CC c"H N #7'77 #'7 7777 #'7777 #777'77777777 L !)T) !T )))) !T))) !)))T)))))))r&c. ddlm}|j}d}||}d}||u}|stjd|fd||fdt j vstj|rtj|ndtj|tj|tj|tj|dz}d d |iz}ttj|dx}x}x}x}}|j}d }||}d}||u}|stjd|fd||fdt j vstj|rtj|ndtj|tj|tj|tj|dz}d d |iz}ttj|dx}x}x}x}}|j}d }||}d}||u}|stjd|fd||fdt j vstj|rtj|ndtj|tj|tj|tj|dz}d d |iz}ttj|dx}x}x}x}}|j}d }||}d}||u}|stjd|fd||fdt j vstj|rtj|ndtj|tj|tj|tj|dz}d d |iz}ttj|dx}x}x}x}}|j}d}||}d}||u}|stjd|fd||fdt j vstj|rtj|ndtj|tj|tj|tj|dz}d d |iz}ttj|dx}x}x}x}}ddzdzddzz}t|} d}| |k(} | stjd| fd| |fdt j vstjtrtjtnddt j vstj|rtj|ndtj| tj|dz} dd| iz} ttj| dx} x} }y)uGemini 5차 medium: _TOKEN_VALUE_RE 컴파일 IGNORECASE 정규식 박제. re.IGNORECASE + compiled regex 로 lower() 복사본 생성 + substring 루프 제거. 동작 회귀: case-insensitive 매칭 결과는 동일. r)_TOKEN_VALUE_REghp_xxxN)is not)zP%(py6)s {%(py6)s = %(py2)s {%(py2)s = %(py0)s.search }(%(py4)s) } is not %(py9)srK)r:r;r=rBrzassert %(py11)sr) GHP_UPPER_xxxGhs_Mixed_Casegithub_PAT_xxxr>rs)zL%(py6)s {%(py6)s = %(py2)s {%(py2)s = %(py0)s.search }(%(py4)s) } is %(py9)szPREFIX iGHP_LEAKED_xxxz SUFFIX rr5rxrbig_bodyrzr|r}) anu_v2.auto_gemini_triagerKsearchrGrHrIrJrKrLrMrNr) rKrSrWrrr+rr-rRrXrrYrs r#8test_gemini_medium_redact_uses_compiled_regex_ignorecaserU5s :  ! !8)8 !) ,8D8 ,D 8888 ,D888888?888?888 !888)888 ,888D8888888  ! !>/> !/ 2>$> 2$ >>>> 2$>>>>>>?>>>?>>> !>>>/>>> 2>>>$>>>>>>>  ! !?"2? !"2 3?4? 34 ???? 34?????????????? !???"2??? 3???4???????  ! !?"2? !"2 3?4? 34 ???? 34?????????????? !???"2??? 3???4???????  ! !8-8 !- 08D8 0D 8888 0D888888?888?888 !888-888 0888D88888884"22Z$5FFH ( #7'77 #'7 7777 #'7777777>777>777777(777(777 #777'77777777r&cNtddtddf}t|}dddd d }|j|t\}}|tk(}|st j d |fd |tfd tjvst j|rt j|nd dtjvst jtrt jtnddz}dd|iz}tt j|d}y)uGemini 4차 medium: signature=None fixture 만 있을 때 body 문자열 생성 생략 박제. body 가 lazy init 라도 분류 결과는 정확해야 한다. z rule-only-1usignature 없음r*z rule-only-2usignature 없음 2r^rprqrrr5r7r8r r9r<r=NrD)rrPrQr8rdrSrTrUs r#Etest_gemini_medium_match_fp_lazy_body_init_with_no_signature_fixturesrWGs ];MN];OPH8 ,F . G((2HIIFA 2 22226222222262226222222222222222222r&cTtdddtdddf}t|}dd d d d d }|j|t\}}|tk(}|st j d|fd|tfdtjvst j|rt j|nddtjvst jtrt jtnddz}dd|iz}tt j|d}dd d d dd }|j|t\} }| tk(}|st j d|fd| tfdtjvst j| rt j| nddtjvst jtrt jtnddz}dd|iz}tt j|d}y)uGemini 3차 medium #2: fp.signature == "" 가 모든 finding 매칭하지 않게 가드. 빈 문자열 signature 는 re.search 가 항상 매칭하는 함정 회귀 박제. zempty-sig-ruler emptyr\zreal-fpNz rule-onlyr^rprqrzany random body contentrr5r7r8rr9r<r=anythingr6r )rr(rErFrrGrHrIrJrKrLrMrNr ) rrP candidater8rdrSrTrU candidate2r6s r#5test_gemini_medium_empty_signature_does_not_match_allr]\sj %5GTY${SH8 ,F$.) I((4JKIFA 0 00006000000060006000000000000000000. J))*6LMJGQ 3 33337333333373337333333333333333333r&c ddlm}|dddhi}|d}t|t}|s ddt j vst jtrt jtnddt j vst j|rt j|ndd t j vst jtrt jtnd t j|d z}tt j|d }d }||v}|st jd |fd||ft j|dt j vst j|rt j|nddz}dd|iz}tt j|d x}}d}||v}|st jd|fd||ft j|dt j vst j|rt j|nddz}dd|iz}tt j|d x}}|tddh} t| t}|s ddt j vst jtrt jtnddt j vst j| rt j| ndd t j vst jtrt jtnd t j|d z}tt j|d }d }|| v}|st jd |fd|| ft j|dt j vst j| rt j| nddz}dd|iz}tt j|d x}}d}|| v}|st jd|fd|| ft j|dt j vst j| rt j| nddz}dd|iz}tt j|d x}}y )uWGemini 7차 medium #1 박제: set/frozenset 안의 token 도 마스킹되어야 한다.r)rrghp_LEAKsaferr redacted_listrrNrrrrrrrr ghs_TOKENr fset_result) rSrrrrIrJrGrKrLrMrNrHr) rresultrarWrUrVrXrrrcs r#@test_gemini_7_medium_redact_set_and_frozenset_normalizes_to_listres8 Vj&%9: ;F6NM mT ** ******:***:******m***m******T***T*** ******* , } ,,,, },,, ,,,,,,},,,},,,,,,, *:] ****:]***:******]***]******* K+>!?@K k4 (( ((((((:(((:((((((k(((k((((((4(((4((( ((((((( * { **** {*** ******{***{******* );k ))));k)));))))))k)))k)))))))r&cd ddlm}m}g fd}||d}|ddf|_dd d d d }|j d|}d }||u}|st j d|fd||fdtjvst j|rt j|ndt j|dz}dd|iz} tt j| d x}} D cgc]} | jd} } d} | | v}|st j d|fd| | ft j| dtjvst j| rt j| nddz}dd|iz} tt j| d x} }y cc} w)uPGemini 7차 medium #2 박제: 잘못된 regex fixture 는 audit 로깅 후 skip.r)rrc:jt|yrrr!s r#r$zQtest_gemini_7_medium_fixture_regex_error_emits_audit_record..audit_writerr%r&lL5:)r$rzbad-rulez (unclosed)r+r]zany bodyz any titler)r+r4r3r2Nrs)z%(py0)s is %(py3)smatchedrrrr~fixture_regex_errorrrkindsr)rSrr _fixtures_match_false_positiverGrHrIrJrKrLrMrNr)rrr$rPrQrhrXrSrrr"rjrVrs @r#;test_gemini_7_medium_fixture_regex_error_emits_audit_recordrms7P K&!F Z;GF . G**:w?G7d?7d77d)4 4SWWV_ 4E 4 ) E )))) E))) ))))))E)))E))))))) 5s-F-)rzlist[Mapping[str, Any]] | Nonerrrrrr)rNone)G__doc__ __future__rbuiltinsrI_pytest.assertion.rewrite assertionrewriterGsyspathlibrtypingrr__file__resolveparentsWORKSPACE_ROOTrr2insertrSrr r r r r rrrrrrrFr(rZrerjrmrrrrrrrrrrrrrrrrrr"r&r/r4r9r@rCrIrUrWr]rermrr&r#r}sm # h'')11!4~chh&HHOOAs>*+    "37 " /    08*/* * /6,=,H* 9 C(S8D $$2 8 & @+ $ 5!" # A-(/0>0 B - *8$3* 4H*"*r&