wjC1dZddlmZddlZddlmcmZddl Z ddl Z ddl Z ddl Z ddl mZddlZeej#j$dZeee j*vr"e j*j-deeddlmZmZmZmZmZmZmZmZddl m!Z!dZ"d Z#d d d d Z$e#d d!dZ%dZ&dZ'dZ(dZ)dZ*dZ+dZ,dZ-dZ.dZ/dZ0dZ1dZ2dZ3dZ4dZ5dZ6y)"uanu_v2.tests.test_owner_trigger_security_boundaries_2554 — 보안 경계 회귀 (task-2554). system spec §10 #10 + 회장 §8 추가 5건 (#15~#19) 1:1 박제: #10 token value가 log에 출력되면 fail #15 single allowed endpoint 검증 (POST issues/{n}/comments only) #16 forbidden API list hard-block 정적/동적 검증 #17 OWNER_GEMINI_TRIGGER_TOKEN 외 token 사용 시 fail #18 GH_TOKEN fallback fail #19 BOT_GITHUB_TOKEN 사용 시 fail ) annotationsN)Path)FORBIDDEN_ENDPOINT_PATTERNSFORBIDDEN_TOKEN_ENV_NAMESForbiddenEndpointErrorOwnerTriggerOnlyTOKEN_ENV_NAMETokenBoundaryViolationassert_endpoint_allowedassert_token_boundary)OwnerTriggerAudit(aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa4ghp_REAL_OWNER_TOKEN_VALUE_MUST_NEVER_BE_LOGGED_zzzzg)prc dd|tdddddddd }|d z }|jtj|d |S) Nz anu_v2.owner_trigger_decision.v1z task-2554TFr"POST_GEMINI_REVIEW_TRIGGER_COMMENTz/gemini review) schematask_idr current_head queue_headcurrent_head_confirmedgemini_evidence_freshnudge_count_for_pr_headallowed_action comment_bodyallowedz decision.jsonutf-8encoding)_HEAD_A write_textjsondumps)tmp_pathrdecisionps O/home/jay/workspace/anu_v2/tests/test_owner_trigger_security_boundaries_2554.py_write_decisionr*+sT4"&!&#$>( H ?"ALLH%L8 Htokenc`gdfd }dfd }t|}t||||}||fS)Nc8j||||dddiS)N)methodpathbodyheadersstatus)append)r0r1r2r3postss r) http_postz _build_module..http_postAs" dwWX#r+cS)Nr,sr)token_providerz%_build_module..token_providerEs r+)workspace_rootr8r;audit) r0strr1r>r2dictr3r?returnr?)r@r>)rr )r&r-r8r;r=modr7s ` @r) _build_modulerB>sCE h 'E %  C u r+c:t|}t|\}}}|j|ddt|jj d}t |v}|stjd|fdt |fdtjvstjt rtjt ndd tjvstj|rtj|nd d z}d d |iz}ttj|d}d D]} | |v}|stjd|fd| |fdtjvstj| rtj| ndd tjvstj|rtj|nd d z}tjd| dzd |iz}ttj|d}y)Nor decision_pathownerrepocurrent_head_actualrr not inz%(py0)s not in %(py2)s_SECRET_SENTINELrawpy0py2zassert %(py4)spy4)ghp_ github_pat_zBearer ghu_ghs_ghr_sentzaudit contains token sentinel  >assert %(py4)s)r*rBtrigger_gemini_reviewr"r1 read_textrN @pytest_ar_call_reprcompare @py_builtinslocals_should_repr_global_name _safereprAssertionError_format_explanation_format_assertmsg) r&rGrA_r=rO @py_assert1 @py_format3 @py_format5rYs r)'test_token_raw_value_not_in_audit_jsonlrjTsJ#H-M!(+MCE# #  **    0C 3 &&&& 3&&&&&& &&& &&&&&&3&&&3&&&&&&&JJ3IIIt3IIIIIItIIItIIIIII3III3IIII"@ IIIIIIIJr+c t|}t|\}}}|jtj|j |ddt |j}|j}t|v}|stjd|fdt|fdtjvstjtrtjtnddtjvstj|rtj|ndtj|dz} d d | iz} t!tj"| dx}}|j$}t|v}|stjd|fd t|fdtjvstjtrtjtnddtjvstj|rtj|ndtj|dz} d d | iz} t!tj"| dx}}|j&D]} | j(} | } t+| }t|v}|sWtjd|fd t|fdtjvstjtrtjtndd tjvstjt*rtjt*nd dtjvstj| rtj| ndtj| tj| tj|dz}dd|iz}t!tj"|dx}x} x} }y)NrDrErFrK)z/%(py0)s not in %(py4)s {%(py4)s = %(py2)s.out }rNcaptured)rQrRrSassert %(py6)spy6)z/%(py0)s not in %(py4)s {%(py4)s = %(py2)s.err })zk%(py0)s not in %(py9)s {%(py9)s = %(py2)s(%(py7)s {%(py7)s = %(py5)s {%(py5)s = %(py3)s.getMessage }() }) }r>record)rQrRpy3py5py7py9assert %(py11)spy11)r*rB set_levelloggingDEBUGr[r" readouterroutrNr]r^r_r`rarbrcrderrrecords getMessager>)r&capsyscaplogrGrArfrl @py_assert3rgri @py_format7ro @py_assert4 @py_assert6 @py_assert8 @py_format10 @py_format12s r),test_token_raw_value_not_in_capsys_or_caplogrfsB#H-Mh'ICA W]]## #    "H#+<</ < //// <////// /// //////8///8///<///////#+<</ < //// <////// /// //////8///8///<///////..@+1+<+<?+<+>?s+>'??'?????'????????????????s???s??????6???6???+<???+>???'????????@r+ctdz dz jd}d}||v}|stjd|fd||ftj|dt j vstj|rtj|ndd z}d d |iz}ttj|d x}}d }||v}|stjd|fd||ftj|dt j vstj|rtj|ndd z}d d |iz}ttj|d x}}y )ul모듈 source 정적 검사: 'ghp_' / 'github_pat_' / 'Bearer ' 패턴이 실제 token처럼 하드코딩 X.anu_v2owner_trigger_only.pyrr rTrKz%(py1)s not in %(py3)ssrcpy1rpassert %(py5)srqNrU WORKSPACE_ROOTr\r]r^rbr_r`rarcrdr @py_assert0 @py_assert2 @py_format4 @py_format6s r)/test_module_source_has_no_hardcoded_token_valuer{s H $'> > I ISZ I [C 6 66 #= ####=###=################r+cddlm}|j}d}||}|sddtjvst j |rt j|ndt j|t j|t j|dz}tt j|dx}x}}dD] }|j}||}| }|st jd |d zdtjvst j |rt j|ndt j|d tjvst j |rt j|nd t j|d z}tt j|dx}x}} y) uGstatic check: _ALLOWED_PATH_RE 은 POST issues/{n}/comments 만 매치.r)_ALLOWED_PATH_RE/repos/o/r/issues/103/commentszGassert %(py6)s {%(py6)s = %(py2)s {%(py2)s = %(py0)s.match }(%(py4)s) }r)rQrRrSrnN)/repos/o/r/issues/103/repos/o/r/issues/103/labelsz/repos/o/r/pulls/103/comments/repos/o/r/pulls/103/reviews/repos/o/r/pulls/103/mergez/repos/o/r/issues/commentsz /repos/o/r/issues/103/comments/1zpath should NOT match: zM >assert not %(py5)s {%(py5)s = %(py2)s {%(py2)s = %(py0)s.match }(%(py3)s) }r1)rQrRrprq) anu_v2.owner_trigger_onlyrmatchr_r`r]rarbrcrdre)rrgr @py_assert5rr1rrs r)0test_only_one_allowed_endpoint_path_regex_staticrs.:  ! !C"BC !"B CC CCCCCC CCC CCC !CCC"BCCC CCCCCCC R$))Q)$/Q//Q/QQ3J4&1QQQQQQQ#QQQ#QQQ)QQQQQQ$QQQ$QQQ/QQQQQQ Rr+cbt|}t|\}}}|j|ddtt |}d}||k(}|st j d|fd||fdtjvst jtrt jtnddtjvst j|rt j|ndt j|t j|d z}d d |iz} tt j| dx}x}}|d } | d } d} | | k(}|slt j d|fd| | ft j| t j| dz} dd| iz}tt j|dx} x}} tj}d} | d}|| |}|sddtjvst jtrt jtndt j|t j| t j|t j|dz} tt j| dx}x} x}}y)NrDrErF==)z0%(py3)s {%(py3)s = %(py0)s(%(py1)s) } == %(py6)slenr7rQrrprnassert %(py8)spy8rr0POST)z%(py1)s == %(py4)s)rrSrmrnz(^/repos/[^/]+/[^/]+/issues/\d+/comments$r1zPassert %(py8)s {%(py8)s = %(py2)s {%(py2)s = %(py0)s.match }(%(py4)s, %(py6)s) }re)rQrRrSrnr)r*rBr[r"rr]r^r_r`rarbrcrdrr)r&rGrAr7rfrrrr @py_format9callrrrirg @py_assert7s r)1test_single_endpoint_runtime_one_call_per_triggerrs#H-M!(+MC# #  u::?:33uu: 8D >#V#>V ####>V###>###V####### 88N?NfN8? NN NNNNNN2NNN2NNN8NNN?NNNNNN NNNNNNNr+c<tt}d}||k\}|stjd|fd||fdt j vstj trtjtnddt j vstj trtjtndtj|tj|dz}dd|iz}ttj|d x}x}}y ) u,11 패턴 모두 정의됨을 정적 검증. )>=)z0%(py3)s {%(py3)s = %(py0)s(%(py1)s) } >= %(py6)srrrrrN) rrr]r^r_r`rarbrcrd)rrrrrs r)7test_forbidden_11_endpoints_static_pattern_completenessrs * +1r1 +r 1111 +r11111131113111111*111*111 +111r1111111r+cgd}|D]3\}}tjt5t||ddd5y#1swY@xYw)uL동적 호출 시 11 endpoint 케이스 모두 ForbiddenEndpointError raise.) )rr)rr)PATCHz/repos/o/r/git/refs/heads/main)rz/repos/o/r/git/refs)PUTz/repos/o/r/contents/file.py)rr)rr)DELETEz/repos/o/r/branches/main)rz/repos/o/r/actions/runs/1/rerun)rz!/repos/o/r/check-runs/1/rerequest)rz/repos/o/r/pulls/103Npytestraisesrr )forbidden_casesr0r1s r)0test_forbidden_endpoints_dynamic_block_each_casersO O(2  ]]1 2 2 #FD 1 2 22 2 2s >A ctjt5tdddddtjt5tdddddy#1swY8xYw#1swYyxYw)NGETrrrr:r+r)test_non_post_method_blockedrsj - .I'GHI - .K)IJKKIIKKs A A*A'*A3ctdz dz jd}gd}|j}d}||}d}||k(}|stjd|fd ||fd t j vstj|rtj|nd tj|tj|tj|tj|d z}d d |iz}ttj|dx}x}x}x}}|j}d}||}d}||k(}|stjd|fd ||fd t j vstj|rtj|nd tj|tj|tj|tj|d z}d d |iz}ttj|dx}x}x}x}}|j}d}||}d}||k(}|stjd|fd ||fd t j vstj|rtj|nd tj|tj|tj|tj|d z}d d |iz}ttj|dx}x}x}x}}gd}|D]} | |v}|stjd|fd| |fdt j vstj| rtj| ndd t j vstj|rtj|nd dz} tjd| dzd| iz} ttj| d}y)u정적 grep: owner_trigger_only.py 본문에 'pulls/.../merge' 등 금지 string literal 없음. 유일한 endpoint string 는 ``_build_post_comment_path`` 의 f-string이며 ``/repos/{owner}/{repo}/issues/{pr_number}/comments`` 만 사용. rrrr ) /pulls/{prz/pulls/{numberpulls/{n}/mergez/git/refs/headsz /contents/z/labels"z/labels{z/actions/runs/zdef _build_post_comment_path(rr)zK%(py6)s {%(py6)s = %(py2)s {%(py2)s = %(py0)s.count }(%(py4)s) } == %(py9)sr)rQrRrSrnrsrtruNz/issues/{pr_number}/commentsrzreturn f"/repos/)rrz/git/refs/heads/{z /contents/{rKrMfrPz%forbidden URL builder pattern found: rZrS) rr\countr]r^r_r`rarbrcrdre) rforbidden_url_buildersrgrrrrrrrrhris r)5test_module_source_has_no_call_to_forbidden_endpointsrs H $'> > I ISZ I [C  99:4:94 5:: 5 :::: 5::::::3:::3:::9:::4::: 5:::::::::: 9993993 499 4 9999 49999993999399999993999 49999999999 99-'-9' (-A- (A ---- (A------3---3---9---'--- (---A------- $I|HHHqHHHHHHqHHHqHHHHHHHHHHHHHDQCHHHHHHHIr+cpd}t|k(}|stjd|fdt|fdtjvstj trtj tndtj |dz}dd|iz}ttj|dx}}y)NOWNER_GEMINI_TRIGGER_TOKENrz%(py0)s == %(py3)sr rQrprrq) r r]r^r_r`rarbrcrd)rrgrrs r):test_token_env_name_constant_is_owner_gemini_trigger_tokenrs^99>9 9999>9999999>999>99999999999r+cd}|tv}|stjd|fd|tftj|dt j vstj trtjtnddz}dd|iz}ttj|dx}}d}|tv}|stjd|fd|tftj|dt j vstj trtjtnddz}dd|iz}ttj|dx}}d }|tv}|stjd|fd|tftj|dt j vstj trtjtnddz}dd|iz}ttj|dx}}d }|tv}|stjd|fd|tftj|dt j vstj trtjtnddz}dd|iz}ttj|dx}}y) NBOT_GITHUB_TOKEN)in)z%(py1)s in %(py3)srrrrqGH_TOKEN GITHUB_TOKEN OWNER_PAT) rr]r^rbr_r`rarcrd)rrrrs r)7test_forbidden_token_env_list_includes_bot_and_gh_tokenrsy : !: :::: !:::: ::::::!::::!:::::::: 2:2 2222:2222:222222222222222222 6>6 6666>6666>666666666666666666 3;3 3333;3333;333333333333333333r+cztjt5tddidddy#1swYyxYw)Nrx)rrr r r:r+r)5test_assert_token_boundary_blocks_owner_pat_injectionrs1 - .2{C01222s1:c t|}t|\}}}tjt5|j |ddt ddidddg}||k(}|stjd|fd||fdtjvstj|rtj|ndtj|d z}d d |iz}ttj|dx}}y#1swYxYw) NrDrErz fallback-xrGrHrIrJ env_overriderrr7rrrqr*rBrrr r[r"r]r^r_r`rarbrcrd r&rGrAr7rfrrgrrs r)test_gh_token_injection_failsrs#H-M!(+MC - .  !!' '$l3 "  5B;5B55B  DD c t|}t|\}}}tjt5|j |ddt ddidddg}||k(}|stjd|fd||fdtjvstj|rtj|ndtj|d z}d d |iz}ttj|dx}}y#1swYxYw) NrDrErrrrrr7rrrqrrs r)!test_github_token_injection_failsrs#H-M!(+MC - .  !!' '(#. "  5B;5B55B  rc t|}t|\}}}tjt5|j |ddt ddidddg}||k(}|stjd|fd||fdtjvstj|rtj|ndtj|d z}d d |iz}ttj|dx}}y#1swYxYw) NrDrErzbot-merge-tokenrrrr7rrrqrrs r)%test_bot_github_token_injection_failsr$s#H-M!(+MC - .  !!' ',.?@ "  5B;5B55B  rcdtdz dz jd}d}||v}|stjd|fd||ftj|dt j vstj|rtj|ndd z}d d |iz}ttj|d x}}d }||v}|stjd|fd||ftj|dt j vstj|rtj|ndd z}d d |iz}ttj|d x}}d}||v}|stjd|fd||ftj|dt j vstj|rtj|ndd z}d d |iz}ttj|d x}}d}||v}|stjd|fd||ftj|dt j vstj|rtj|ndd z}d d |iz}ttj|d x}}y )u*정적 grep: BOT_GITHUB_TOKEN 환경변수를 owner_trigger_only.py가 사용하지 않음. 유일한 등장 위치는 FORBIDDEN_TOKEN_ENV_NAMES tuple 와 docstring/주석 (boundary 설명용). 실제 ``os.environ['BOT_GITHUB_TOKEN']`` / ``os.getenv('BOT_GITHUB_TOKEN')`` 호출 0건. rrrr zos.environ["BOT_GITHUB_TOKEN"]rKrrrrrqNzos.environ['BOT_GITHUB_TOKEN']zos.getenv("BOT_GITHUB_TOKEN")zos.getenv('BOT_GITHUB_TOKEN')rrs r)0test_module_source_does_not_use_bot_github_tokenr2s H $'> > I ISZ I [C +6 +3 6666 +3666 +666666366636666666 +6 +3 6666 +3666 +666666366636666666 *5 *# 5555 *#555 *555555#555#5555555 *5 *# 5555 *#555 *555555#555#5555555r+ctdz dz jd}dD]}d|d}||v}|stjd|fd ||ftj|d t j vstj|rtj|nd d z}d d |iz}ttj|dx}}d|d}||v}|stjd|fd ||ftj|d t j vstj|rtj|nd d z}d d |iz}ttj|dx}}d|d}||v}|stjd|fd ||ftj|d t j vstj|rtj|nd d z}d d |iz}ttj|dx}}d|d}||v}|stjd|fd ||ftj|d t j vstj|rtj|nd d z}d d |iz}ttj|dx}}y)Nrrrr )rrrz os.environ["z"]rKrrrrrqz os.environ['z']z os.getenv("z")z os.getenv('z')r)rnamerrrrs r)9test_module_source_does_not_read_gh_token_or_github_tokenr?s H $'> > I ISZ I [C91dV2&1&c1111&c111&111111c111c1111111dV2&1&c1111&c111&111111c111c1111111TF"%0%S0000%S000%000000S000S0000000TF"%0%S0000%S000%000000S000S0000000 1r+)r&rrintr@r)r&rr-r>)7__doc__ __future__rbuiltinsr__pytest.assertion.rewrite assertionrewriter]r$rwrsyspathlibrr__file__resolveparentsrr>r1insertrrrrr r r r r anu_v2.owner_trigger_auditrr"rNr*rBrjrrrrrrrrrrrrrrrrr:r+r)rs #   h'')11!4~chh&HHOOAs>*+   9 I25 &3C,J$@*$R& O"22(K#IP:42    61r+