Pj6dZddlmZddlZddlmcmZddl Z ddl Z ddl m Z ddl Z e ejj dZeee j&vr"e j&j)deeddlmZmZmZmZmZddZddZdd Zdd Zdd Zdd Z dd Z!ddZ"ddZ#ddZ$ddZ%ddZ&ddZ'ddZ(y)uanu_v2.tests.test_owner_trigger_pat_phase0_2553 — Phase 0 secret 인프라 단위 테스트. 회장 §명시 Phase 0 (task-2553): - token env name `OWNER_GEMINI_TRIGGER_PAT` 상수 정의 확인 - token loader fail-fast (token 누락 → 즉시 예외, default GH_TOKEN fallback 금지) - token redaction guard (`_redact_token` 외부 출력 경로 안전성) - audit 박제 시 token_present + token_hash 만, token raw 0 본 회귀는 anu_v2/* 모듈만 import 한다 (one-way isolation). ) annotationsN)Path)OWNER_PAT_ENV_NAMEREDACTED_PLACEHOLDER _hash_token _redact_tokenload_owner_patcpd}t|k(}|stjd|fdt|fdtjvstj trtj tndtj |dz}dd|iz}ttj|dx}}y) uJtoken env 이름은 정확히 `OWNER_GEMINI_TRIGGER_PAT` 상수로 박제.OWNER_GEMINI_TRIGGER_PAT==z%(py0)s == %(py3)srpy0py3assert %(py5)spy5N) r @pytest_ar_call_reprcompare @py_builtinslocals_should_repr_global_name _safereprAssertionError_format_explanation) @py_assert2 @py_assert1 @py_format4 @py_format6s F/home/jay/workspace/anu_v2/tests/test_owner_trigger_pat_phase0_2553.py'test_phase0_owner_pat_env_name_constantr"#sb!;; !; ;;;; !;;;;;;; ;;; ;;;!;;;;;;;;c|jtdt}d}||k(}|stjd|fd||fdt j vstj|rtj|ndtj|dz}dd|iz}ttj|dx}}y)Ngithub_pat_FAKE_OWNER_TOKENr rtokenrrr) setenvrr rrrrrrrr monkeypatchr&rrrr s r!1test_phase0_load_owner_pat_returns_token_when_setr*)sx)+HI  E1151 1111511111115111511111111111r#c|jtdtjt5}t dddj }t|}t|v}|sCtjd|fdt|fdtjvstjtrtjtnddtjvstjtrtjtnddtjvstj|rtj|ndtj|tj|d z}d d |iz}ttj|dx}x}}d }|j }t|} || v} | s tjd| fd || ftj|dtjvstjtrtjtnddtjvstj|rtj|ndtj|tj| dz} dd| iz} ttj| dx}x} x}} y#1swYxYw)uNtoken 누락 시 RuntimeError — silent fallback / default 값 반환 금지.FraisingNin)zK%(py0)s in %(py7)s {%(py7)s = %(py2)s(%(py5)s {%(py5)s = %(py3)s.value }) }rstrexcinfo)rpy2rrpy7assert %(py9)spy9OWNER_PAT_MISSING)zK%(py1)s in %(py8)s {%(py8)s = %(py3)s(%(py6)s {%(py6)s = %(py4)s.value }) })py1rpy4py6py8assert %(py10)spy10)delenvrpytestraises RuntimeErrorr valuer0rrrrrrrr) r)r1 @py_assert4 @py_assert6r @py_format8 @py_format10 @py_assert0 @py_assert5 @py_assert7r @py_format9 @py_format11s r!1test_phase0_load_owner_pat_fail_fast_when_missingrK/s)59 | $&-]]3]!33 !3 3333 !3333333 333 333333333333333W333W333]333!33333333 4gmm4#m"44 "4 4444 "4444 444444#444#444444g444g444m444"44444444 s K""K,c|jtdtjt5t dddy#1swYyxYw)uG빈 문자열 / 공백 only token 도 fail-fast (silent 통과 금지).z N)r'rr>r?r@r r)s r!6test_phase0_load_owner_pat_fail_fast_when_empty_stringrN9s:)51 | $s AA c|jtd|jdd|jddtjt 5t dddy#1swYyxYw)uOWNER_GEMINI_TRIGGER_PAT 미설정 시, GH_TOKEN/GITHUB_TOKEN 이 환경에 있어도 fallback X. 회장 §15 금지 14: default GH_TOKEN fallback 절대 금지. Fr,GH_TOKENghp_BOT_TOKEN_LEAK_FALLBACK GITHUB_TOKENN)r=rr'r>r?r@r rMs r!7test_phase0_load_owner_pat_no_default_gh_token_fallbackrS@sa )59z#@A~'DE | $s  A))A2c|jddtd}d}||k(}|stjd|fd||fdt j vstj |rtj|ndtj|dz}dd |iz}ttj|d x}}y ) u7token_env 인자 override 가능 (테스트 격리용).CUSTOM_TEST_PATgithub_pat_TEST_OVERRIDE) token_envr rr&rrrN) r'r rrrrrrrrr(s r!*test_phase0_load_owner_pat_custom_env_namerXLs{(*DE %6 7E..5. ....5.......5...5...........r#cd}d|d}t||}||v}|stjd|fd||fdtjvstj |rtj |nddtjvstj |rtj |nddz}d d |iz}ttj|d}t|v}|stjd |fd t|fd tjvstj trtj tnd dtjvstj |rtj |nddz}d d |iz}ttj|d}y)Ngithub_pat_VERYSECRETTOKENz'error: HTTP 401 unauthorized for token z (PR #81)not inz%(py0)s not in %(py2)sr&redactedrr2assert %(py4)sr8r.)z%(py0)s in %(py2)sr) r rrrrrrrrr)r&textr^r @py_format3 @py_format5s r!+test_phase0_redact_token_replaces_substringrdTs (E 4UG9 EDT5)H     5      5   5                8 ++++ 8++++++ +++ ++++++8+++8+++++++r#c8d}|d|d|}t||}||v}|stjd|fd||fdtjvstj |rtj |nddtjvstj |rtj |nddz}d d |iz}ttj|d}|j}|t}d }||k(}|s tjd |fd ||fdtjvstj |rtj |ndtj |dtjvstj trtj tndtj |tj |dz} dd| iz} ttj| dx}x}x}}y)Nghp_AAAz ... and again z and once more r[r]r&r^r_r`r8r )zK%(py5)s {%(py5)s = %(py2)s {%(py2)s = %(py0)s.count }(%(py3)s) } == %(py8)sr)rr2rrr:r;r<) r rrrrrrrrcountr) r&rar^rrbrcrBrHrCrIrJs r!1test_phase0_redact_token_replaces_all_occurrencesri\s8 EWOE7/% ADT5)H     5      5   5                >>4>. /414 /1 4444 /144444484448444>444444.444.444 /44414444444r#cd}d}t||}d}||k(}|stjd|fd||fdtjvstj trtj tndtj |tj |tj |tj |dz}dd |iz}ttj|dx}x}x}x}}y) u.text=None → "" 반환 (직렬화 안전성).Nghp_Xr )z9%(py6)s {%(py6)s = %(py0)s(%(py2)s, %(py4)s) } == %(py9)sr )rr2r8r9r5zassert %(py11)spy11 r rrrrrrrr)r @py_assert3rG @py_assert8rHrE @py_format12s r!*test_phase0_redact_token_handles_none_textrrds-w-=w '-2- '2 ---- '2------=---=------w--- '---2--------r#cd}d}t||}||k(}|s7tjd|fd||fdtjvstj trtj tnddtjvstj |rtj |ndtj |tj |dtjvstj |rtj |nddz}dd |iz}ttj|d x}x}}y ) utoken 이 빈 문자열이면 redaction 의미 없음 → 원본 그대로 반환. 빈 문자열로 replace 호출 시 무한 치환 등의 부작용을 방지하는 가드. zno token here, just plain textrlr )z9%(py5)s {%(py5)s = %(py0)s(%(py1)s, %(py3)s) } == %(py7)sr ra)rr7rrr3r4r5Nrn)rarrBrCrDrEs r!0test_phase0_redact_token_empty_token_passthroughrtis ,D!*=r "* "d **** "d******=***=************r*** "******d***d*******r#cd}d|jd|}t||}||v}|stjd|fd||fdt j vstj |rtj|nddt j vstj |rtj|nddz}d d |iz}ttj|d }|j}|}||v}|stjd |fd ||fdt j vstj |rtj|ndtj|tj|dt j vstj |rtj|nddz}dd|iz} ttj| d x}x}}y )uafine-grained PAT 은 case-sensitive — 대소문자 다르면 매칭 안 됨 (의도된 동작). ghp_AbCdEfzupper z mixed r[r]r&r^r_r`r8Nr.)zD%(py4)s {%(py4)s = %(py2)s {%(py2)s = %(py0)s.upper }() } in %(py6)s)rr2r8r9assert %(py8)sr:) upperr rrrrrrrr) r&rar^rrbrcrorG @py_format7rIs r!'test_phase0_redact_token_case_sensitiverzrs! E EKKM?'% 1DT5)H     5      5   5                ;;$;=$=H $$$$=H$$$$$$5$$$5$$$;$$$=$$$$$$H$$$H$$$$$$$r#cd}t|}t|}d}||k(}|stjd|fd||fdt j vstj trtjtnddt j vstj |rtj|ndtj|tj|dz}dd |iz}ttj|dx}x}}tj|jd j}|dd}||k(}|stjd|fd ||fdt j vstj |rtj|ndtj|d z} d d| iz} ttj| dx}}||v}|stjd|fd||fdt j vstj |rtj|nddt j vstj |rtj|nddz} dd| iz} ttj| d}y)Nr% r )z0%(py3)s {%(py3)s = %(py0)s(%(py1)s) } == %(py6)slenh)rr7rr9rwr:zutf-8rrrrr[r]r&r_r`r8)rr}rrrrrrrrhashlibsha256encode hexdigest) r&r~rrGrBryrI expected_fullrrr rbrcs r!1test_phase0_hash_token_returns_12_char_hex_prefixr}s )EEA q6R6R<6R33qq6RNN5<<#89CCEMcr""1" """"1"""""""1"""1""""""""""" >555r#ctd}td}||k7}|stjd|fd||fdtjvstj |rtj |nddtjvstj |rtj |nddz}dd |iz}ttj|d}y) Nrfghp_BBB)!=)z%(py0)s != %(py2)sh1h2r_r`r8 rrrrrrrrr)rrrrbrcs r!8test_phase0_hash_token_different_tokens_different_hashesrsa Y B Y B 8OOO2OOOOOO2OOO2OOOOOOOOOOOOOOOOr#c Pd}t|}t|}||k(}|stjd|fd||fdtjvstj trtj tnddtjvstj |rtj |ndtj |dtjvstj trtj tnddtjvstj |rtj |ndtj |dz}dd|iz}ttj|d x}x}}y ) uB동일 token 은 동일 hash — dedupe / 비교에 사용 가능.github_pat_REPEATr )zN%(py3)s {%(py3)s = %(py0)s(%(py1)s) } == %(py8)s {%(py8)s = %(py5)s(%(py6)s) }rr&)rr7rrr9r:r;r<Nr)r&rrHrBrIrJs r!$test_phase0_hash_token_deterministicrs E u 3U!33 !3 3333 !3333333;333;333333u333u333 333333333333333U333U333!33333333r#)returnNone)r)zpytest.MonkeyPatchrr))__doc__ __future__rbuiltinsr_pytest.assertion.rewrite assertionrewriterrsyspathlibrr>__file__resolveparentsWORKSPACE_ROOTr0pathinsertanu_v2.owner_trigger_patrrrr r r"r*rKrNrSrXrdrirrrtrzrrrr#r!rs #  h'')11!4~chh&HHOOAs>*+< 2 5 /,5. +% 4r#