AjqVdZddlmZddlZddlmZddlmZmZee jjdZ e e ejvr"ejjde e ddlmZmZmZmZmZmZmZmZmZmZmZmZdZddd ed d  d/d Zd0d Zd0dZ d0dZ!d0dZ"d0dZ#d0dZ$d0dZ%d0dZ&d0dZ'd0dZ(d0dZ)d0dZ*d0dZ+d0dZ,d0dZ-d0dZ.d0dZ/d0dZ0d0dZ1d0d Z2d0d!Z3d0d"Z4d0d#Z5d0d$Z6d0d%Z7d0d&Z8d0d'Z9d0d(Z:d0d)Z;d0d*Zd-Z?d.Z@y)1uanu_v2.tests.test_auto_gemini_triage_2538 — 9 회귀 (회장 §명시 1:1 박제). 회귀 케이스 (회장 §명시): 1. false_positive dismiss — 회귀 fixture 매칭 시 dismiss 2. style_only dismiss — 코드 동작 무관 style 권고 dismiss 3. minor_fix_in_scope auto_apply — expected_files 내부 minor fix 자동 적용 4. scope_expansion escalate — expected_files 밖 수정 요구 → Critical 5. Security-High in scope — Security 권고는 minor 무관 적용 (단 scope 내부) 6. Security-High out of scope — escalate 7. interface contract — applied/dismissed/escalated 3 키 제공 8. token raw 0 — finding 처리 후 raw 토큰 노출 0 9. chat=6937032012 격리 — 다른 chat record 노출 0 본 회귀는 anu_v2/* 모듈만 import 한다 (one-way isolation). ) annotationsN)Path)AnyMapping) ACTION_AUTO_APPLY_MINOR_FIXACTION_DISMISS_FALSE_POSITIVEACTION_DISMISS_STYLE_ONLYACTION_ESCALATE_SCOPE_EXPANSIONACTIONSCRITICAL_GEMINI_SCOPE_EXPANSIONDEFAULT_CHAT_IDTOKEN_KEY_HINTSAutoGeminiTriageFalsePositiveFixture TriageResult_redact_tokens)anu_v2/auto_gemini_triage.pyz,anu_v2/tests/test_auto_gemini_triage_2538.pyz task-2538) audit_calls fix_applierfixtureschat_idtask_idc6gfd}t|||||S)Nc:jt|yNappenddictrecrs @/home/jay/workspace/anu_v2/tests/test_auto_gemini_triage_2538.py audit_writerz"_make_triage..audit_writer>49%)r$rfalse_positive_fixturesrr)r)rrrrrr$s` r# _make_triager(3s3 & ! (  r&cg}tddf}t||}dddddd d }|j|t\}}|tk(sJ|d dk(sJ|d dk(sJy) Nz unused-importz vendored stubrule_idreason)rrLowstylerzF401 unused importzmodule-level import not usedr+severitycategorypathtitlebodyr+fixture_reasonrr(classify_evidenceEXPECTED_FILES_DEFAULTr )auditrtriagefindingactiondetailss r#)test_1_false_positive_dismiss_via_fixturer>Ks%'E__MHeh ?F#.%. G..w8NOOFG 2 22 2 9  00 0 # $ 77 7r&ctdddf}t|}ddd}ddd}|j|t\}}|j|t\}}|tk(sJ|tk7sJy) Nzredundant-castzint\(int_value\)zPython 3 idiomr+ signaturer,rzint(int_value) is redundant)r+r4zdifferent body contentr6)rr:matching non_matchinga1_a2s r#+test_1_false_positive_signature_regex_matchrH`s$)# H8 ,F+5RSH/9QRL  $ $X/E FEB  $ $\3I JEB . .. . . .. .r&ct}ddddddd}|j|t\}}|tk(sJ|ddk(sJy) Nzindent-not-multiple-of-fourr-r.r indentationzuse 4-space indentr/r1r(r7r8r r:r;r<r=s r#test_2_style_only_dismissrMus] ^F0.$ G..w8NOOFG . .. . : ' )) )r&cpt}dddddd}|j|t\}}|tk(sJy)uKstyle 권고는 path 가 scope 밖이어도 dismiss (코드 동작 무관).ztrailing-whitespacer-r.zutils/some_other.pyztrailing whitespacer+r0r1r2r3NrK)r:r;r<rFs r#0test_2_style_only_dismiss_even_when_out_of_scoperPsG ^F(%& G((2HIIFA . .. .r&cg}t|}dddddd}|j|t\}}|tk(sJ|ddk(sJ|j |d}|d d usJ|d d usJt |d k(sJ|dddk(sJy)Nrzmissing-type-annotationMediumbugrz add type hintrOr2appliedT escalatedFrkindauto_apply_minor_fix)r(r7r8rapply_minor_fixlenr9r:r;r<r=r"s r#$test_3_minor_fix_in_scope_auto_applyr]s%'E e ,F,. G..w8NOOFG 0 00 0 6?< << <  *H IC y>T !! ! { u $$ $ u:?? 8F 5 55 5r&cg}dd}t||}ddddd}|j|d}|dd usJ|d d usJ|d d dk(sJy)uPfix_applier 가 False 반환 시 record 가 escalate 로 전환되어야 한다.c ||f}y)NFr)r; target_filerFs r#failing_applierzAtest_3_minor_fix_apply_failure_escalates..failing_appliers k "r&)rrxrSrTrr+r0r1r2rUFrVTrrXauto_apply_failed_escalatedN)r;zMapping[str, Any]r`strreturnbool)r(rZ)r9rar:r;r"s r#(test_3_minor_fix_apply_failure_escalatesrhs%'Ee IF. G  *H IC y>U "" " { t ## # 8F < << rU dismissedrVr}rrUrWrVrrk)r(r triage_batchr8setkeysr[r )r:findingsouts r#+test_7_triage_batch_interface_contract_keysrs &z)LNF Ew/ >%W/ 1 X5/ 1(   " H   h(> ?C sxxz?C CC C s; A %% % s9~ ! ## # s; A %% % { A  /3R RR Rr&cZt}|jgt}|gggdk(sJy)N)rUr}rV)r(r~r8)r:rs r#6test_7_triage_batch_empty_findings_returns_empty_listsrs1 ^F   b"8 9C brC CC Cr&ct}|jdusJ|jjdti|jdusJy)uIhas_escalation 은 Critical 보고 대상 존재 여부를 즉시 반환.FrkTN)rhas_escalationrVrr )rs r#(test_7_triage_result_has_escalation_flagrsIA  u $$ $KK)HIJ  t ## #r&c g}t|}dddddddd d id }|j|gt}t|t|z}d |vsJd |vsJd|vsJd|vsJy)ucfinding 안에 BOT_GITHUB_TOKEN raw 가 박혀 들어와도 audit/결과에 노출되지 않는다.rRzleak-xrSrTrzToken leak in logz#found GH_TOKEN=ghs_LEAKED1234567890ghs_should_be_redacted_xxxxx github_token ghp_owner_pat_should_be_redacted)r+r0r1r2r3r4BOT_GITHUB_TOKENevidenceghs_should_be_redacted ghp_owner_patghs_LEAKED1234567890***REDACTED***N)r(r~r8repr)r9r:leaked_findingrblobs r#)test_8_token_raw_zero_in_audit_and_resultr#s%'E e ,F.$5:#%GH N   ~.0F GC 9tE{ "D #4 // / $ && & ! -- - t ## #r&c~ddddiddgd}t|}t|}d|vsJd|vsJd|vsJ|d d k(sJy) NTghs_RAW_TOKEN_xxxxz x-api-keyghp_xxxxxxxxxxxxxxxxxxxxfineghs_inside_string_value)ok GITHUB_TOKENnested list_field ghs_RAW_TOKENrrrr)rawredactedss r#5test_8_redact_tokens_helper_handles_nested_structuresr<st, :;89  C c"H XA ! ## # %Q .. . $A -- - N #'7 77 7r&ctd}ddddddddddd ddd d g}|j|}t|d k(sJ|Dchc]}|d  c}dd hk(sJt|}d|vsJd|vsJycc}w)uHlist_chat_audit 가 본 인스턴스 chat_id 외 record 를 0건 노출. 6937032012)rrYa)rrXr+ 9999999999brlcd)rXr+rr+z"b"z'b'N)r(list_chat_auditr[r)r: mixed_recordsvisiblerrs r#0test_9_chat_isolation_filters_other_chat_recordsrLs , /F *@SQ *@SQ *DQTU'C8 M$$]3G w<1  ") *QAiL *sCj 88 8 =D       +s A5cg}t|d}ddddd}|j|gttd|DsJy ) u]audit_writer 호출 시점에 chat_id 가 박혀 있어야 list_chat_audit 가 격리 가능.r)rrzrSrTrrcc3DK|]}|jddk(yw)rrN)get).0rs r# zItest_9_audit_records_tagged_with_chat_id_at_write_time..is?AquuY</?s N)r(r~r8all)r9r:r;s r#6test_9_audit_records_tagged_with_chat_id_at_write_timer_sM%'E e\ BFH%.G  #9: ?? ?? ?r&ctdk(sJy)u)회장 §명시: default chat=6937032012.rN)rrr&r#'test_9_default_chat_id_is_chairman_chatrls l ** *r&c|ttdk(sJttttt t hk(sJy)uE회장 §명시 4 분류 외 action 일체 금지 → 정확히 4개.N)r[r frozensetr r rr rr&r# test_actions_set_is_exactly_fourrrs> w<1   i%!#' !  r&ct}ddh}|jd|dusJ|jd|dusJ|jd|dusJ|jd|dusJ|jd |dusJy ) uHexpected_files 가 glob 패턴인 경우도 매칭 정확 (`anu_v2/**`).z anu_v2/**z tests/**/*.pyrTzanu_v2/sub/x.pyztests/regression/test_x.pyzutils/forbidden.pyFNr( is_in_scope)r:expecteds r#&test_is_in_scope_handles_glob_patternsr}s ^F_-H   ?NH%.G ((.AIFA 0 00 0))'>BJGQ))'>BJGQ g D  ,, ,r&cpddlm}|}d|d<d|d<t|}|ddk(sJ|ddk(sJy) uSGemini 6차 Security-High #2: dict 외 Mapping (OrderedDict 등) 도 동일 처리.r) OrderedDictghs_LEAKED_xxxrr safe_fieldrN) collectionsrr)rrrs r#6test_gemini_security_high_supports_ordereddict_mappingr!sQ' -C*CC c"H N #'7 77 7 L !T )) )r&c ddlm}|jdJ|jdJ|jdJ|jdJ|jdJd d zd zd d zz}t|d k(sJy)uGemini 5차 medium: _TOKEN_VALUE_RE 컴파일 IGNORECASE 정규식 박제. re.IGNORECASE + compiled regex 로 lower() 복사본 생성 + substring 루프 제거. 동작 회귀: case-insensitive 매칭 결과는 동일. r)_TOKEN_VALUE_REghp_xxxN GHP_UPPER_xxxGhs_Mixed_Casegithub_PAT_xxxrzPREFIX iGHP_LEAKED_xxxz SUFFIX r)anu_v2.auto_gemini_triagersearchr)rbig_bodys r#8test_gemini_medium_redact_uses_compiled_regex_ignorecaser.s :  ! !) , 88 8  ! !/ 2 >> >  ! !"2 3 ?? ?  ! !"2 3 ?? ?  ! !- 0 88 84"22Z$5FFH ( #'7 77 7r&ctddtddf}t|}dddd d }|j|t\}}|tk(sJy ) uGemini 4차 medium: signature=None fixture 만 있을 때 body 문자열 생성 생략 박제. body 가 lazy init 라도 분류 결과는 정확해야 한다. z rule-only-1usignature 없음r*z rule-only-2usignature 없음 2rBrSrTrrcNr6)rr:r;r<rFs r#Etest_gemini_medium_match_fp_lazy_body_init_with_no_signature_fixturesr@sh ];MN];OPH8 ,F . G((2HIIFA 2 22 2r&ctdddtdddf}t|}dd d d d d }|j|t\}}|tk(sJdd d d dd }|j|t\}}|t k(sJy)uGemini 3차 medium #2: fp.signature == "" 가 모든 finding 매칭하지 않게 가드. 빈 문자열 signature 는 re.search 가 항상 매칭하는 함정 회귀 박제. zempty-sig-ruleremptyr@zreal-fpNz rule-onlyrBrSrTrzany random body contentrzanything)rr(r7r8rr )rr: candidater<rF candidate2rs r#5test_gemini_medium_empty_signature_does_not_match_allr Us %5GTY${SH8 ,F$.) I((4JKIFA 0 00 0. J))*6LMJGQ 3 33 3r&cddlm}|dddhi}|d}t|tsJd|vsJd|vsJ|t ddh}t|tsJd|vsJd|vsJy ) uWGemini 7차 medium #1 박제: set/frozenset 안의 token 도 마스킹되어야 한다.rrrghp_LEAKsafer ghs_TOKENrN)rrrrr)rresult redacted_list fset_results r#@test_gemini_7_medium_redact_set_and_frozenset_normalizes_to_listrys8 Vj&%9: ;F6NM mT ** * } ,, , ] ** * K+>!?@K k4 (( ( { ** * k )) )r&cddlm}m}gfd}||d}|ddf|_dd d d d }|j d|}|JDcgc]}|j d}}d|vsJy cc}w)uPGemini 7차 medium #2 박제: 잘못된 regex fixture 는 audit 로깅 후 skip.r)rrc:jt|yrrr!s r#r$zQtest_gemini_7_medium_fixture_regex_error_emits_audit_record..audit_writerr%r&lL5:)r$rzbad-rulez (unclosed)r+rAzany bodyz any titler)r+r4r3r2NrXfixture_regex_error)rrr _fixtures_match_false_positiver) rrr$r:r;matchedr"kindsrs @r#;test_gemini_7_medium_fixture_regex_error_emits_audit_recordrsP K&!F Z;GF . G**:w?G ??)4 4SWWV_ 4E 4 E )) ) 5s A-)rzlist[Mapping[str, Any]] | Nonerrerrerfr)rfNone)A__doc__ __future__rsyspathlibrtypingrr__file__resolveparentsWORKSPACE_ROOTrer2insertrrr r r r r rrrrrrr8r(r>rHrMrPr]rhrortrwrrrrrrrrrrrrrrrrrrrrrrr rrrr&r#r'si # h'')11!4~chh&HHOOAs>*+    "37 " /    08*/* * /6,=,H* 9 C(S8D $$2 8 & @+  5!" # A-(/0>0 B - *8$3* 4H*"*r&