$imdZddlZddlmcmZddlZddl Z ddl Z ddl Z ddl m Z ddlmZmZddlZe ej&j&Ze j*j-deeedz Zej2j5deZdZeeuZesej<defdeefd ej>vsej@erejBend ejBed zZ"d d e"izZ#e$ejJe#dxZZej2jMeZ'ejPZdZ)ee)uZ*e*sej<de*fd ee)fd ej>vsej@erejBend ejBeejBe)dzZ#dde#izZ+e$ejJe+dxZxZ*Z)ejPjYe'GddZ-GddZ.GddZ/GddZ0GddZ1GddZ2GddZ3Gdd Z4Gd!d"Z5Gd#d$Z6y)%u test_code_review.py scripts/code-review.py 단위 테스트 (TDD) 테스트 항목: 1. check_hardcoded_secrets - 시크릿 탐지 2. check_todos - TODO/FIXME 탐지 3. check_unused_imports - 미사용 import 탐지 4. check_function_length - 과도한 함수 길이 탐지 5. review_file - 파일 종합 리뷰 6. review_all - 전체 리뷰 결과 집계 7. get_changed_files - git diff 기반 파일 목록 8. 에지 케이스: 빈 파일, 바이너리 파일, git 불가 환경 9. CLI 출력 형식 N)Path) MagicMockpatchzcode-review.py code_review)is not)z%(py0)s is not %(py3)sspecpy0py3assert %(py5)spy5)z2%(py2)s {%(py2)s = %(py0)s.loader } is not %(py5)s)r py2r zassert %(py7)spy7cXeZdZdZdZdZdZdZdZdZ dZ d Z d Z d Z d Zd Zy)TestCheckHardcodedSecretsu*하드코딩된 시크릿 탐지 테스트cd}tjd|}t|}d}||k\}|stjd|fd||fdt j vstjtrtjtnddt j vstj|rtj|ndtj|tj|dz}d d |iz}ttj|d x}x}}d |D}t|} | sd dt j vstjtrtjtndtj|tj| dz} ttj| d x}} d|D}t|} | sd dt j vstjtrtjtndtj|tj| dz} ttj| d x}} y )uAWS Access Key ID 탐지z*AWS_ACCESS_KEY_ID = "AKIAIOSFODNN7EXAMPLE"test.py>=z0%(py3)s {%(py3)s = %(py0)s(%(py1)s) } >= %(py6)slenfindingsr py1r py6assert %(py8)spy8Nc3,K|] }|ddk(yw)severitycriticalN.0fs 5/home/jay/workspace/scripts/tests/test_code_review.py zHTestCheckHardcodedSecrets.test_detects_aws_access_key..5sA11Z=J.A,assert %(py4)s {%(py4)s = %(py0)s(%(py2)s) }anyr rpy4c3,K|] }|ddk(yw)categoryhardcoded_secretNr"r#s r&r'zHTestCheckHardcodedSecrets.test_detects_aws_access_key..6sI11Z=$66Ir() rcheck_hardcoded_secretsr @pytest_ar_call_reprcompare @py_builtinslocals_should_repr_global_name _safereprAssertionError_format_explanationr*) selfcontentr @py_assert2 @py_assert5 @py_assert4 @py_format7 @py_format9 @py_assert1 @py_assert3 @py_format5s r&test_detects_aws_access_keyz5TestCheckHardcodedSecrets.test_detects_aws_access_key0sc>66y'J8}!!}!!!!}!!!!!!s!!!s!!!!!!8!!!8!!!}!!!!!!!!!!AAAsAAAAAAAAAsAAAsAAAAAAAAAAAAAAIIIsIIIIIIIIIsIIIsIIIIIIIIIIIIIIcZd}tjd|}t|}d}||k\}|stjd|fd||fdt j vstjtrtjtnddt j vstj|rtj|ndtj|tj|dz}d d |iz}ttj|d x}x}}|d d }d} || k(}|sltjd|fd|| ftj|tj| dz} dd| iz}ttj|d x}x}} y )uapi_key = '...' 패턴 탐지zapi_key = 'sk-1234567890abcdef'rrrrrrrrrNrr r!==z%(py1)s == %(py4)srr,assert %(py6)sr rr0rr1r2r3r4r5r6r7r8 r9r:rr;r<r=r>r? @py_assert0rArBs r&test_detects_api_key_assignmentz9TestCheckHardcodedSecrets.test_detects_api_key_assignment8s366y'J8}!!}!!!!}!!!!!!s!!!s!!!!!!8!!!8!!!}!!!!!!!!!!{:&4*4&*4444&*444&444*4444444rDcTd}tjd|}t|}d}||k\}|stjd|fd||fdt j vstjtrtjtnddt j vstj|rtj|ndtj|tj|dz}d d |iz}ttj|d x}x}}y ) upassword = '...' 패턴 탐지z&password = "super_secret_password_123"rrrrrrrrrNrKr9r:rr;r<r=r>r?s r& test_detects_password_assignmentz:TestCheckHardcodedSecrets.test_detects_password_assignment?s:66y'J8}!!}!!!!}!!!!!!s!!!s!!!!!!8!!!8!!!}!!!!!!!!!!rDcTd}tjd|}t|}d}||k\}|stjd|fd||fdt j vstjtrtjtnddt j vstj|rtj|ndtj|tj|dz}d d |iz}ttj|d x}x}}y ) utoken = '...' 패턴 탐지z"token = "ghp_1234567890abcdefghij"rrrrrrrrrNrKrPs r&test_detects_token_assignmentz7TestCheckHardcodedSecrets.test_detects_token_assignmentE666y'J8}!!}!!!!}!!!!!!s!!!s!!!!!!8!!!8!!!}!!!!!!!!!!rDcTd}tjd|}t|}d}||k\}|stjd|fd||fdt j vstjtrtjtnddt j vstj|rtj|ndtj|tj|dz}d d |iz}ttj|d x}x}}y ) u secret_key = '...' 패턴 탐지z"secret_key = "my-super-secret-key"rrrrrrrrrNrKrPs r&"test_detects_secret_key_assignmentzs r&test_finding_has_file_pathz4TestCheckHardcodedSecrets.test_finding_has_file_pathdst'667H'R{6"7&77"&77777"&7777"777&77777777rDc|tjdd}g}||k(}|stjd|fd||fdt j vstj |rtj|ndtj|dz}dd|iz}ttj|d x}}y u빈 파일에서 탐지 없음rrFz%(py0)s == %(py3)srr r r N) rr0r1r2r3r4r5r6r7r8r9rr;r@ @py_format4 @py_format6s r&&test_empty_content_returns_no_findingsz@TestCheckHardcodedSecrets.test_empty_content_returns_no_findingsjsl66y"Ex2~x2xx2rDcTd}tjd|}t|}d}||k\}|stjd|fd||fdt j vstjtrtjtnddt j vstj|rtj|ndtj|tj|dz}d d |iz}ttj|d x}x}}y ) u)-----BEGIN PRIVATE KEY----- 헤더 탐지z#key = '-----BEGIN PRIVATE KEY-----'rrrrrrrrrNrKrPs r&test_detects_private_key_headerz9TestCheckHardcodedSecrets.test_detects_private_key_headerorZrDcTd}tjd|}t|}d}||k\}|stjd|fd||fdt j vstjtrtjtnddt j vstj|rtj|ndtj|tj|dz}d d |iz}ttj|d x}x}}y ) u,여러 줄에 걸쳐 있는 시크릿 탐지zHx = 1 y = 2 api_key = "AKIAIOSFODNN7EXAMPLE" z = 3 password = "hunter2" rrrrrrrrNrKrPs r&test_multiline_detectionz2TestCheckHardcodedSecrets.test_multiline_detectionusm66y'J8}!!}!!!!}!!!!!!s!!!s!!!!!!8!!!8!!!}!!!!!!!!!!rDN)__name__ __module__ __qualname____doc__rCrNrQrSrVrYr\rarermrorrr"rDr&rr-sB4J5" " " " " (8  " "rDrcReZdZdZdZdZdZdZdZdZ dZ d Z d Z d Z d Zy )TestCheckTodosu"TODO/FIXME 잔존 탐지 테스트c`d}tjd|}t|}d}||k(}|stjd|fd||fdt j vstjtrtjtnddt j vstj|rtj|ndtj|tj|dz}d d |iz}ttj|d x}x}}|d d }d} || k(}|sltjd|fd|| ftj|tj| dz} dd| iz}ttj|d x}x}} |d d}d} || k(}|sltjd|fd|| ftj|tj| dz} dd| iz}ttj|d x}x}} y )u# TODO: 패턴 탐지# TODO: fix this laterrrrFrXrrrrrNrr.todorHrIrJrr info r check_todosrr1r2r3r4r5r6r7r8rLs r&test_detects_todo_commentz(TestCheckTodos.test_detects_todo_commentsQ***9g>8}!!}!!!!}!!!!!!s!!!s!!!!!!8!!!8!!!}!!!!!!!!!!{:&0&0&&0000&&000&000&0000000{:&0&0&&0000&&000&000&0000000rDcZd}tjd|}t|}d}||k(}|stjd|fd||fdt j vstjtrtjtnddt j vstj|rtj|ndtj|tj|dz}d d |iz}ttj|d x}x}}|d d }d} || k(}|sltjd|fd|| ftj|tj| dz} dd| iz}ttj|d x}x}} y )u# FIXME: 패턴 탐지z# FIXME: broken logic hererrrFrXrrrrrNrr.r{rHrIrJrr}rLs r&test_detects_fixme_commentz)TestCheckTodos.test_detects_fixme_comments.**9g>8}!!}!!!!}!!!!!!s!!!s!!!!!!8!!!8!!!}!!!!!!!!!!{:&0&0&&0000&&000&000&0000000rDcTd}tjd|}t|}d}||k(}|stjd|fd||fdt j vstjtrtjtnddt j vstj|rtj|ndtj|tj|dz}d d |iz}ttj|d x}x}}y ) u인라인 TODO 탐지zx = 1 # TODO: remove thisrrrFrXrrrrrNr}rPs r&test_detects_todo_inlinez'TestCheckTodos.test_detects_todo_inlines.**9g>8}!!}!!!!}!!!!!!s!!!s!!!!!!8!!!8!!!}!!!!!!!!!!rDcTd}tjd|}t|}d}||k\}|stjd|fd||fdt j vstjtrtjtnddt j vstj|rtj|ndtj|tj|dz}d d |iz}ttj|d x}x}}y ) u# HACK: 패턴 탐지z# HACK: temporary workaroundrrrrrrrrrNr}rPs r&test_detects_hack_commentz(TestCheckTodos.test_detects_hack_comments0**9g>8}!!}!!!!}!!!!!!s!!!s!!!!!!8!!!8!!!}!!!!!!!!!!rDcTd}tjd|}t|}d}||k\}|stjd|fd||fdt j vstjtrtjtnddt j vstj|rtj|ndtj|tj|dz}d d |iz}ttj|d x}x}}y ) u# XXX: 패턴 탐지z# XXX: this needs attentionrrrrrrrrrNr}rPs r&test_detects_xxx_commentz'TestCheckTodos.test_detects_xxx_comments/**9g>8}!!}!!!!}!!!!!!s!!!s!!!!!!8!!!8!!!}!!!!!!!!!!rDcTd}tjd|}t|}d}||k\}|stjd|fd||fdt j vstjtrtjtnddt j vstj|rtj|ndtj|tj|dz}d d |iz}ttj|d x}x}}y ) u대소문자 무관 탐지z# todo: lowercase todorrrrrrrrrNr}rPs r&test_case_insensitive_todoz)TestCheckTodos.test_case_insensitive_todos***9g>8}!!}!!!!}!!!!!!s!!!s!!!!!!8!!!8!!!}!!!!!!!!!!rDc8d}tjd|}d}|dd}||v}|sltjd|fd||ftj|tj|dz}d d |iz}t tj |d x}x}}y ) u&발견 메시지에 TODO 내용 포함rzrzfix this laterrmessageinz%(py1)s in %(py4)srIrJrNrr~r1r2r6r7r8rds r&'test_finding_message_contains_todo_textz6TestCheckTodos.test_finding_message_contains_todo_textsr***9g>98A;y#99#99999#9999999#99999999rDc:d}tjd|}|dd}d}||k(}|sltjd|fd||ftj|tj|dz}d d |iz}t tj |d x}x}}y ) u줄 번호 정확성zx = 1 # TODO: check y = 2rrr_rqrFrHrIrJrNrrds r& test_finding_line_number_correctz/TestCheckTodos.test_finding_line_number_correctso/**9g>{6"'a'"a''''"a'''"'''a'''''''rDcTd}tjd|}t|}d}||k(}|stjd|fd||fdt j vstjtrtjtnddt j vstj|rtj|ndtj|tj|dz}d d |iz}ttj|d x}x}}y ) u여러 TODO 탐지z+# TODO: first # FIXME: second # TODO: thirdrr`rFrXrrrrrNr}rPs r&test_multiple_todos_detectedz+TestCheckTodos.test_multiple_todos_detectedsA**9g>8}!!}!!!!}!!!!!!s!!!s!!!!!!8!!!8!!!}!!!!!!!!!!rDc|tjdd}g}||k(}|stjd|fd||fdt j vstj |rtj|ndtj|dz}dd|iz}ttj|d x}}y rg rr~r1r2r3r4r5r6r7r8rjs r&rmz5TestCheckTodos.test_empty_content_returns_no_findingssl**9b9x2~x2xx2rDcd}tjd|}g}||k(}|stjd|fd||fdt j vstj |rtj|ndtj|dz}dd|iz}ttj|d x}}y ) u!일반 코드에서 오탐 없음z8message = 'This is working correctly' result = compute()rrFrirr r r Nrr9r:rr;r@rkrls r& test_no_false_positive_in_stringz/TestCheckTodos.test_no_false_positive_in_stringsqM**9g>x2~x2xx2rDN)rsrtrurvrrrrrrrrrrmrr"rDr&rxrxs<,11" " " " : ( "  rDrxcXeZdZdZdZdZdZdZdZdZ dZ d Z d Z d Z d Zd Zy)TestCheckUnusedImportsu!미사용 import 탐지 테스트cd}tjd|}d|D}t|}|sddtjvst j trt jtndt j|t j|dz}tt j|dx}}y)u미사용 import 탐지z%import os import sys print(sys.argv)rc3*K|] }d|dv yw)osrNr"r#s r&r'zDTestCheckUnusedImports.test_detects_unused_import..s:A41Y<':r)r*r+N rcheck_unused_importsr*r3r4r1r5r6r7r8r9r:rr@rArBs r&test_detects_unused_importz1TestCheckUnusedImports.test_detects_unused_importsx<33IwG:::s:::::::::s:::s::::::::::::::rDcTd}tjd|}t|}d}||k(}|stjd|fd||fdt j vstjtrtjtnddt j vstj|rtj|ndtj|tj|dz}d d |iz}ttj|d x}x}}y ) u"사용된 import는 탐지 안 함z*import os result = os.path.join('a', 'b')rrrFrXrrrrrN rrrr1r2r3r4r5r6r7r8rPs r&test_no_finding_for_used_importz6TestCheckUnusedImports.test_no_finding_for_used_imports@33IwG8}!!}!!!!}!!!!!!s!!!s!!!!!!8!!!8!!!}!!!!!!!!!!rDcTd}tjd|}t|}d}||k\}|stjd|fd||fdt j vstjtrtjtnddt j vstj|rtj|ndtj|tj|dz}d d |iz}ttj|d x}x}}y ) u여러 미사용 import 탐지z'import os import sys import json x = 1rrqrrrrrrrNrrPs r&$test_detects_multiple_unused_importsz;TestCheckUnusedImports.test_detects_multiple_unused_importss?33IwG8}!!}!!!!}!!!!!!s!!!s!!!!!!8!!!8!!!}!!!!!!!!!!rDcd}tjd|}d|D}t|}|sddtjvst j trt jtndt j|t j|dz}tt j|dx}}y)u%미사용 import 심각도는 warningimport os x = 1rc3,K|] }|ddk(yw)r warningNr"r#s r&r'zJTestCheckUnusedImports.test_finding_severity_is_warning..s@!1Z=I-@r(r)allr+N rrrr3r4r1r5r6r7r8rs r& test_finding_severity_is_warningz7TestCheckUnusedImports.test_finding_severity_is_warningsx&33IwG@x@@s@@@@@@@@@s@@@s@@@@@@@@@@@@@@rDcd}tjd|}d|D}t|}|sddtjvst j trt jtndt j|t j|dz}tt j|dx}}y)u발견 카테고리 확인rrc3,K|] }|ddk(yw)r. unused_importNr"r#s r&r'zPTestCheckUnusedImports.test_finding_category_is_unused_import..sF1Z=O3Fr(r)rr+Nrrs r&&test_finding_category_is_unused_importz=TestCheckUnusedImports.test_finding_category_is_unused_importsx&33IwGFXFFsFFFFFFFFFsFFFsFFFFFFFFFFFFFFrDcTd}tjd|}t|}d}||k(}|stjd|fd||fdt j vstjtrtjtnddt j vstj|rtj|ndtj|tj|dz}d d |iz}ttj|d x}x}}y ) u!import as 별칭 사용 케이스z-import numpy as np arr = np.array([1, 2, 3])rrrFrXrrrrrNrrPs r&test_import_as_alias_usedz0TestCheckUnusedImports.test_import_as_alias_usedsC33IwG8}!!}!!!!}!!!!!!s!!!s!!!!!!8!!!8!!!}!!!!!!!!!!rDcTd}tjd|}t|}d}||k\}|stjd|fd||fdt j vstjtrtjtnddt j vstj|rtj|ndtj|tj|dz}d d |iz}ttj|d x}x}}y ) uimport as 별칭 미사용zimport numpy as np x = 1rrrrrrrrrNrrPs r&test_import_as_alias_unusedz2TestCheckUnusedImports.test_import_as_alias_unuseds/33IwG8}!!}!!!!}!!!!!!s!!!s!!!!!!8!!!8!!!}!!!!!!!!!!rDcTd}tjd|}t|}d}||k(}|stjd|fd||fdt j vstjtrtjtnddt j vstj|rtj|ndtj|tj|dz}d d |iz}ttj|d x}x}}y ) u from X import Y 사용 케이스z1from os.path import join result = join('a', 'b')rrrFrXrrrrrNrrPs r&test_from_import_usedz,TestCheckUnusedImports.test_from_import_usedsG33IwG8}!!}!!!!}!!!!!!s!!!s!!!!!!8!!!8!!!}!!!!!!!!!!rDcd}tjd|}d|D}t|}|sddtjvst j trt jtndt j|t j|dz}tt j|dx}}y)u#from X import Y 미사용 케이스zfrom os.path import join x = 1rc3*K|] }d|dv yw)joinrNr"r#s r&r'zATestCheckUnusedImports.test_from_import_unused..sTestCheckFunctionLength._make_long_function..$sF6!Cs+Fr(rzdef z():  return x_0 )rrange)r9rrbodys r&_make_long_functionz+TestCheckFunctionLength._make_long_function"s5yyFU5195EFFdV5&899rDcx|jd}tjd|}t|}d}||k\}|st j d|fd||fdt jvst jtrt jtnddt jvst j|rt j|ndt j|t j|dz}d d |iz}tt j|d x}x}}|d d }d} || k(}|slt j d|fd|| ft j|t j| dz} dd| iz}tt j|d x}x}} y )u50줄 초과 함수 탐지7rrrrrrrrrNrr. long_functionrFrHrIrJr rrcheck_function_lengthrr1r2r3r4r5r6r7r8rLs r&test_detects_long_functionz2TestCheckFunctionLength.test_detects_long_function's**2.44YH8}!!}!!!!}!!!!!!s!!!s!!!!!!8!!!8!!!}!!!!!!!!!!{:&9/9&/9999&/999&999/9999999rDcr|jd}tjd|}t|}d}||k(}|st j d|fd||fdt jvst jtrt jtnddt jvst j|rt j|ndt j|t j|dz}d d |iz}tt j|d x}x}}y ) u%50줄 이하 함수는 탐지 안 함rrrFrXrrrrrNrrPs r&"test_no_finding_for_short_functionz:TestCheckFunctionLength.test_no_finding_for_short_function.s**2.44YH8}!!}!!!!}!!!!!!s!!!s!!!!!!8!!!8!!!}!!!!!!!!!!rDcr|jd}tjd|}t|}d}||k(}|st j d|fd||fdt jvst jtrt jtnddt jvst j|rt j|ndt j|t j|dz}d d |iz}tt j|d x}x}}y ) u정확히 50줄은 탐지 안 함 (>50 조건). _make_long_function(n)은 AST에서 n+1줄 함수를 생성하므로 정확히 50줄 함수를 만들려면 n=49를 사용한다. 1rrrFrXrrrrrNrrPs r&test_exact_50_lines_not_flaggedz7TestCheckFunctionLength.test_exact_50_lines_not_flagged4 **2.44YH8}!!}!!!!}!!!!!!s!!!s!!!!!!8!!!8!!!}!!!!!!!!!!rDcr|jd}tjd|}t|}d}||k(}|st j d|fd||fdt jvst jtrt jtnddt jvst j|rt j|ndt j|t j|dz}d d |iz}tt j|d x}x}}y ) u51줄 함수는 탐지됨. _make_long_function(n)은 AST에서 n+1줄 함수를 생성하므로 51줄 함수를 만들려면 n=50을 사용한다. 2rrrFrXrrrrrNrrPs r&test_51_lines_flaggedz-TestCheckFunctionLength.test_51_lines_flagged>rrDcX|jd}tjd|}|dd}d}||k(}|sltjd|fd||ftj |tj |dz}d d |iz}t tj|d x}x}}y ) u,과도한 함수 길이 심각도는 warning<rrr rrFrHrIrJrNrrrr1r2r6r7r8rds r&rz8TestCheckFunctionLength.test_finding_severity_is_warningHsz**2.44YH{:&3)3&)3333&)333&333)3333333rDcv|jd}tjd|d}t|}d}||k\}|st j d|fd||fdt jvst jtrt jtndd t jvst j|rt j|nd t j|t j|d z}d d |iz}tt j|d x}x}}y )u!사용자 정의 max_lines 사용r) max_linesrrrrrrrrNrrPs r&test_custom_max_linesz-TestCheckFunctionLength.test_custom_max_linesNs**2.44YSU4V8}!!}!!!!}!!!!!!s!!!s!!!!!!8!!!8!!!}!!!!!!!!!!rDc|jdd}|jdd}|dz|z}tjd|}t|}d}||k(}|st j d|fd ||fd t jvst jtrt jtnd d t jvst j|rt j|nd t j|t j|d z}d d|iz} tt j| dx}x}}y)u여러 개의 긴 함수 탐지rfunc_arfunc_brrrqrFrXrrrrrNr) r9func1func2r:rr;r<r=r>r?s r&test_multiple_long_functionsz4TestCheckFunctionLength.test_multiple_long_functionsTs((X6((X6$,&44YH8}!!}!!!!}!!!!!!s!!!s!!!!!!8!!!8!!!}!!!!!!!!!!rDcX|jdd}tjd|}d}|dd}||v}|sltjd|fd||ftj |tj |dz}d d |iz}t tj|d x}x}}y ) u$발견 메시지에 함수명 포함rmy_long_functionrrrrrrIrJrNrrds r&#test_finding_contains_function_namez;TestCheckFunctionLength.test_finding_contains_function_name\s**2/AB44YH!;Xa[%;;!%;;;;;!%;;;;!;;;%;;;;;;;;rDc^d|jdz}tjd|}|dd}d}||k(}|sltjd|fd||ftj |tj |d z}d d |iz}t tj|d x}x}}y ) u)발견 항목에 시작 줄 번호 포함z # header rrrr_rqrFrHrIrJrNrrds r&test_finding_has_start_linez3TestCheckFunctionLength.test_finding_has_start_linebs!9!9"!==44YH{6"'a'"a''''"a'''"'''a'''''''rDc|tjdd}g}||k(}|stjd|fd||fdt j vstj |rtj|ndtj|dz}dd|iz}ttj|d x}}y rg) rrr1r2r3r4r5r6r7r8rjs r&rmz>TestCheckFunctionLength.test_empty_content_returns_no_findingshsl44YCx2~x2xx2rDc|jd}tjd|}g}||k(}|stjd|fd||fdt j vstj|rtj|ndtj|dz}dd|iz}ttj|d x}}y ) rrrrFrirr r r N) rrrr1r2r3r4r5r6r7r8rs r&rz:TestCheckFunctionLength.test_non_python_file_returns_emptyms|**2.44YHx2~x2xx2rDN) long_func)rsrtrurvintstrrrrrrrrrrrrmrr"rDr&rrsV2::C:#: :" ""4 " "< (  rDrc.eZdZdZdZdZdZdZdZy)TestReviewFileu파일 종합 리뷰 테스트ctjt|dz }g}||k(}|stjd|fd||fdt j vstj|rtj|ndtj|dz}dd|iz}ttj|dx}}y) u/존재하지 않는 파일은 빈 결과 반환znonexistent.pyrFrirr r r N) r review_filerr1r2r3r4r5r6r7r8)r9tmp_pathrr;r@rkrls r&test_review_nonexistent_filez+TestReviewFile.test_review_nonexistent_file|su**3x:J/J+KLx2~x2xx2rDc|dz }|jddtjt|}g}||k(}|st j d|fd||fdt jvst j|rt j|ndt j|dz}d d |iz}tt j|d x}}y ) u빈 파일은 탐지 없음zempty.pyrhutf-8encodingrFrirr r r N) write_textrrrr1r2r3r4r5r6r7r8)r9rr%rr;r@rkrls r&test_review_empty_filez%TestReviewFile.test_review_empty_files z ! R' ***3q62x2~x2xx2rDc6d}|dz }|j|dtjt|}|Dchc]}|d }}d}||v}|st j d|fd||ft j |d tjvst j|rt j |nd d z} d d | iz} tt j| d x}}d}||v}|st j d|fd||ft j |d tjvst j|rt j |nd d z} d d | iz} tt j| d x}}y cc}w)u"모든 이슈 포함 파일 리뷰zGimport os import sys # TODO: fix this api_key = "AKIAIOSFODNN7EXAMPLE" z problem.pyrrr.r/rz%(py1)s in %(py3)s categoriesrr r r Nr{ rrrrr1r2r6r3r4r5r7r8) r9rr:r%rfir rMr;rkrls r& test_review_file_with_all_issuesz/TestReviewFile.test_review_file_with_all_issuessh | # Ww /**3q62/78bn8 8!/!Z////!Z///!//////Z///Z///////#v####v###v################9s Fc|dz }|jttdtj t |}t |t}|s ddtjvstjt rtjt nddtjvstj|rtj|nddtjvstjtrtjtndtj|dz}ttj|d}y) u&바이너리 파일은 graceful 처리z binary.bin5assert %(py4)s {%(py4)s = %(py0)s(%(py1)s, %(py2)s) } isinstancerlistr rrr,N) write_bytesbytesrrrrrrr3r4r1r5r6r7r8)r9rr%rrArBs r& test_review_binary_file_gracefulz/TestReviewFile.test_review_binary_file_gracefuls | # eE#J'(**3q62(D))))))))z)))z))))))()))())))))D)))D))))))))))rDc|dz }|jddtjt|}t |t }|s ddt jvstjtrtjtnddt jvstj|rtj|nddt jvstjt rtjt ndtj|d z}ttj|d }y ) u&review_file은 항상 리스트 반환rx = 1 rrrrresultrrN rrrrrrr3r4r1r5r6r7r8)r9rr%rrArBs r&test_review_file_returns_listz,TestReviewFile.test_review_file_returns_lists y  Y 1((Q0&$''''''''z'''z''''''&'''&''''''$'''$''''''''''rDN) rsrtrurvrrrrrr"rDr&rrys( $*(rDrc4eZdZdZdZdZdZdZdZdZ y) TestReviewAllu%전체 리뷰 결과 집계 테스트cJ|dz }|jddtjt|g}d}||v}|st j d|fd||ft j |dtjvst j|rt j |ndd z}d d |iz}tt j|d x}}d }||v}|st j d|fd||ft j |dtjvst j|rt j |ndd z}d d |iz}tt j|d x}}d}||v}|st j d|fd||ft j |dtjvst j|rt j |ndd z}d d |iz}tt j|d x}}d}|d}||v}|slt j d|fd||ft j |t j |dz} dd| iz} tt j| d x}x}}d}|d}||v}|slt j d|fd||ft j |t j |dz} dd| iz} tt j| d x}x}}d}|d}||v}|slt j d|fd||ft j |t j |dz} dd| iz} tt j| d x}x}}y )ureview_all 결과 구조 검증rrrrfiles_analyzedrr rr r r Nrsummaryr!rrIrJrrr|) rr review_allrr1r2r6r3r4r5r7r8) r9rr%rrMr;rkrlrArBr>s r&test_review_all_structurez'TestReviewAll.test_review_all_structures6 y  Y 1''Q1)6))))6)))))))))6)))6)))))))#zV####zV###z######V###V#######"yF""""yF"""y""""""F"""F""""""".VI..z.....z....z...........-F9--y-----y----y-----------* **v*****v****v***********rDcg}tdD]8}|d|dz }|jdd|jt|:tj |}|d}d}||k(}|slt jd|fd ||ft j|t j|d z} d d | iz} tt j| d x}x}}y )u분석된 파일 수 정확성r`test_.pyrrrr rFrHrIrJrN) rrappendrrr"r1r2r6r7r8) r9rfilesrr%rrMrAr;rBr>s r&$test_review_all_files_analyzed_countz2TestReviewAll.test_review_all_files_analyzed_countsq !AU1#S>)A LLWL 5 LLQ  !''.&',1,'1,,,,'1,,,',,,1,,,,,,,rDc|dz }d}|j|dtjt|g}|dd}d}||k\}|slt j d|fd ||ft j |t j |d z}d d |iz} tt j| d x}x}}|dd}d}||k\}|slt j d|fd ||ft j |t j |d z}d d |iz} tt j| d x}x}}y )u'심각도별 요약 카운트 정확성r7api_key = "AKIAIOSFODNN7EXAMPLE" import os # TODO: fix rrr!r!rr)z%(py1)s >= %(py4)srIrJrNr|) rrr"rr1r2r6r7r8) r9rr%r:rrMrAr;rBr>s r&test_review_all_summary_countsz,TestReviewAll.test_review_all_summary_countss y T Ww /''Q1i ,11,1111,111,1111111111i (-A-(A----(A---(---A-------rDc@tjg}|d}d}||k(}|sltjd|fd||ftj|tj|dz}dd|iz}t tj |dx}x}}|d }g}||k(}|sltjd|fd||ftj|tj|dz}dd|iz}t tj |dx}x}}|d d }d}||k(}|sltjd|fd||ftj|tj|dz}dd|iz}t tj |dx}x}}|d d }d}||k(}|sltjd|fd||ftj|tj|dz}dd|iz}t tj |dx}x}}|d d }d}||k(}|sltjd|fd||ftj|tj|dz}dd|iz}t tj |dx}x}}y)u빈 파일 목록 처리r rrFrHrIrJrNrr!r!rr|)rr"r1r2r6r7r8)r9rrMrAr;rBr>s r&test_review_all_empty_listz(TestReviewAll.test_review_all_empty_lists''+&',1,'1,,,,'1,,,',,,1,,,,,,,j!'R'!R''''!R'''!'''R'''''''i ,11,1111,111,1111111111i +0q0+q0000+q000+000q0000000i (-A-(A----(A---(---A-------rDcd|dz }|jddtjt|g}|d}t |t }|sddt jvstjtrtjtndtj|dt jvstjt rtjt ndtj|d z}ttj|d x}}y ) u"findings가 리스트인지 확인rz # TODO: test rrr5assert %(py5)s {%(py5)s = %(py0)s(%(py2)s, %(py3)s) }rrr rr r N) rrr"rrrr3r4r1r5r6r7r8)r9rr%rr@r=rls r&test_review_all_findings_listz+TestReviewAll.test_review_all_findings_lists y  % 8''Q1 ,3z,d33333333z333z333,333333d333d3333333333rDc|dz }|jddtjt|g}t j |}t j |}|d}d}||k(}|sltjd|fd||ftj|tj|d z} d d | iz} ttj| d x}x}}y ) u,결과가 JSON 직렬화 가능한지 확인rz!api_key = "AKIAIOSFODNN7EXAMPLE" rrr rrFrHrIrJrN) rrr"rjsondumpsloadsr1r2r6r7r8) r9rr%rjson_strparsedrMrAr;rBr>s r&!test_review_all_json_serializablez/TestReviewAll.test_review_all_json_serializables y  9G L''Q1::f%H%&',1,'1,,,,'1,,,',,,1,,,,,,,rDN) rsrtrurvr#r)r,r.r2r9r"rDr&rrs#/ +-..4-rDrc4eZdZdZdZdZdZdZdZdZ y) TestGetChangedFilesu"get_changed_files 함수 테스트cd}td5}t|d|_tj d}dddddg}|k(}|st j d |fd ||fd tjvst j|rt j|nd t j|d z}d d|iz}tt j|dx}}y#1swYxYw)u파일 목록 반환 확인zscripts/foo.py scripts/bar.py subprocess.runrstdout returncode HEAD~1..HEADNzscripts/foo.pyzscripts/bar.pyrFrir(r r r rr return_valuerget_changed_filesr1r2r3r4r5r6r7r8)r9 mock_outputmock_runr(r;r@rkrls r&test_returns_list_of_filesz.TestGetChangedFiles.test_returns_list_of_filess8 # $ B$-"%H ! 11.AE  B *+;<rANrFrir(r r r rBr9rFr(r;r@rkrls r&"test_empty_diff_returns_empty_listz6TestGetChangedFiles.test_empty_diff_returns_empty_lists # $ B$-%H ! 11.AE  B u{uuu  B Bs (C##C,ctd5}tjddd|_tj d}dddg}|k(}|st jd|fd ||fd tjvst j|rt j|nd t j|d z}d d |iz}tt j|dx}}y#1swYxYw)u.git 실패 시 빈 리스트 반환 (graceful)r=rgitznot a git repository)stderrrANrFrir(r r r )r subprocessCalledProcessError side_effectrrDr1r2r3r4r5r6r7r8rIs r&#test_git_failure_returns_empty_listz7TestGetChangedFiles.test_git_failure_returns_empty_lists # $ B#-#@#@ERh#iH 11.AE Bu{uuu B Bs 3C..C7ctd5}td|_tj d}dddg}|k(}|st j d|fd||fdtjvst j|rt j|ndt j|dz}d d |iz}tt j|dx}}y#1swYxYw) u*git 명령 없을 때 빈 리스트 반환r=z git not foundrANrFrir(r r r ) rFileNotFoundErrorrPrrDr1r2r3r4r5r6r7r8rIs r&%test_git_not_found_returns_empty_listz9TestGetChangedFiles.test_git_not_found_returns_empty_lists # $ B#4_#EH 11.AE Bu{uuu B Bs &C!!C*cd}td5}t|d|_tj d}ddddD}t |}|sdd t jvstjt rtjt nd tj|tj|d z}ttj|dx}}y#1swYxYw) u&Python 파일만 필터링 (선택적)z(scripts/foo.py README.md scripts/bar.py r=rr>rANc3>K|]}|jdyw)r&N)endswithr#s r&r'zDTestGetChangedFiles.test_filters_non_python_files..s41::e$4sr)r*r+) rrrCrrDr*r3r4r1r5r6r7r8)r9rErFr(r@rArBs r&test_filters_non_python_filesz1TestGetChangedFiles.test_filters_non_python_files sC # $ B$-"%H ! 11.AE  B5e44s444444444s444s44444444444444 B Bs (C..C7ctd5}tdd|_tj }dddt t }|s ddtjvstjt rtjt nddtjvstj|rtj|ndd tjvstjt rtjt nd tj|d z}ttj|d}y#1swY+xYw) u기본 diff range (HEAD) 사용r=zscripts/foo.py rr>Nrrr(rr)rrrCrrDrrr3r4r1r5r6r7r8)r9rFr(rArBs r&test_default_diff_rangez+TestGetChangedFiles.test_default_diff_ranges # $ 4$-)%H ! 113E  4 %&&&&&&&&z&&&z&&&&&&%&&&%&&&&&&&&&&&&&&&&&&&  4 4s 'EE&N) rsrtrurvrGrJrQrTrXrZr"rDr&r;r;s#, = 5'rDr;c4eZdZdZdZdZdZdZdZdZ y) TestEdgeCasesu!에지 케이스 처리 테스트cdgdz}|dz }|jdj|dtjt |}t |t }|s ddtjvstjt rtjt ndd tjvstj|rtj|nd d tjvstjt rtjt nd tj|d z}ttj|d }y ) u대용량 파일 처리ri'zlarge.pyrhrrrrrrrN)rrrrrrrr3r4r1r5r6r7r8)r9rrr%rrArBs r&test_very_large_filez"TestEdgeCases.test_very_large_file,s e# z ! RWWU^g 6**3q62(D))))))))z)))z))))))()))())))))D)))D))))))))))rDcd}|dz }|j|dtjt|}t |t }|s ddt jvstjtrtjtnddt jvstj|rtj|nddt jvstjt rtjt ndtj|d z}ttj|d }y ) u주석만 있는 파일z&# This is a comment # Another comment z comments.pyrrrrrrrNrr9rr:r%rrArBs r&test_file_with_only_commentsz*TestEdgeCases.test_file_with_only_comments4s< } $ Ww /**3q62(D))))))))z)))z))))))()))())))))D)))D))))))))))rDcd}|dz }|j|dtjt|}t |t }|s ddt jvstjtrtjtnddt jvstj|rtj|nddt jvstjt rtjt ndtj|d z}ttj|d }y ) u유니코드 내용 처리u:# 한글 주석 # TODO: 한글 TODO x = '안녕하세요' z unicode.pyrrrrrrrNrr`s r&test_unicode_contentz"TestEdgeCases.test_unicode_content<sQ | # Ww /**3q62(D))))))))z)))z))))))()))())))))D)))D))))))))))rDcd}|dz }|j|jdtjt |}t |t }|s ddtjvstjt rtjt nddtjvstj|rtj|nddtjvstjt rtjt ndtj|dz}ttj|d }y ) uWindows 줄 끝 처리zimport os # TODO: fix x = 1 z windows.pyrrrrrrN)rencoderrrrrr3r4r1r5r6r7r8r`s r&test_windows_line_endingsz'TestEdgeCases.test_windows_line_endingsDs9 | # gnnW-.**3q62(D))))))))z)))z))))))()))())))))D)))D))))))))))rDc d}|dz }|j|dtjt|}t |}d}||k\}|st j d|fd||fdtjvst jtrt jtndd tjvst j|rt j|nd t j|t j|d z}d d |iz} tt j| d x}x}}|D]<} d} | | v}|st j d|fd| | ft j| dtjvst j| rt j| nddz} dd| iz} tt j| d x} }d} | | v}|st j d|fd| | ft j| dtjvst j| rt j| nddz} dd| iz} tt j| d x} }d} | | v}|st j d|fd| | ft j| dtjvst j| rt j| nddz} dd| iz} tt j| d x} }d} | | v}|st j d|fd| | ft j| dtjvst j| rt j| nddz} dd| iz} tt j| d x} }d} | | v}|st j d|fd| | ft j| dtjvst j| rt j| nddz} dd| iz} tt j| d x} }?y )uFinding 구조 완전성 검증z# TODO: test finding structurerrrrrrrrrrrNrcrr findingr r r r_r r.r) rrrrrr1r2r3r4r5r6r7r8)r9rr:r%rr;r<r=r>r?rhrMrkrls r&test_finding_structure_completez-TestEdgeCases.test_finding_structure_completeLs2 y  Ww /**3q628}!!}!!!!}!!!!!!s!!!s!!!!!!8!!!8!!!}!!!!!!!!!! (G $6W$ $ $ $6W $ $ $6 $ $ $ $ $ $W $ $ $W $ $ $ $ $ $ $ $6W$ $ $ $6W $ $ $6 $ $ $ $ $ $W $ $ $W $ $ $ $ $ $ $ (:( ( ( (: ( ( (: ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( (:( ( ( (: ( ( (: ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( '9' ' ' '9 ' ' '9 ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' '  (rDcd}|dz }|j|dtjt|}hd}|D]}|d}||v}|st j d|fd||ft j |d tjvst j|rt j |nd d z} d d | iz} tt j| d x}}y )u2심각도 값이 유효한 범위 내인지 확인r+rrr>r|rr!r rr valid_severitiesr r r Nr ) r9rr:r%rrkrhrMr;rkrls r&test_severity_values_validz(TestEdgeCases.test_severity_values_validZsT y  Ww /**3q62: ;G:& :&*:: : : :&*: : : :& : : : : : :*: : : :*: : : : : : : : ;rDN) rsrtrurvr^rarcrfrirlr"rDr&r\r\)s#+**** (;rDr\c(eZdZdZdZdZdZdZy)TestFindingStructureu"Finding 데이터 구조 테스트cld}tjd|}t|t}|s ddt j vst jtrt jtnddt j vst j|rt j|nddt j vst jtrt jtndt j|dz}tt j|d}|r|d }t|t}|sd dt j vst jtrt jtndt j|d t j vst jtrt jtnd t j|d z}tt j|dx}}yy) u0check_hardcoded_secrets가 dict 리스트 반환zapi_key = "secret123"rrrrrrNrr0dictr1) rr0rrr3r4r1r5r6r7r8rpr9r:rrArBr@r=rls r&.test_check_hardcoded_secrets_returns_dict_listzCTestFindingStructure.test_check_hardcoded_secrets_returns_dict_listms&)66y'J(D))))))))z)))z))))))()))())))))D)))D)))))))))) &qk 0:k40 00 0 0 0 0 0: 0 0 0: 0 0 0k 0 0 0 0 0 04 0 0 04 0 0 00 0 0 0 0 0 0 rDcld}tjd|}t|t}|s ddt j vst jtrt jtnddt j vst j|rt j|nddt j vst jtrt jtndt j|dz}tt j|d}|r|d }t|t}|sd dt j vst jtrt jtndt j|d t j vst jtrt jtnd t j|d z}tt j|dx}}yy) u$check_todos가 dict 리스트 반환z # TODO: testrrrrrrNrr0rpr1) rr~rrr3r4r1r5r6r7r8rprqs r&"test_check_todos_returns_dict_listz7TestFindingStructure.test_check_todos_returns_dict_listus& **9g>(D))))))))z)))z))))))()))())))))D)))D)))))))))) &qk 0:k40 00 0 0 0 0 0: 0 0 0: 0 0 0k 0 0 0 0 0 04 0 0 04 0 0 00 0 0 0 0 0 0 rDcld}tjd|}t|t}|s ddt j vst jtrt jtnddt j vst j|rt j|nddt j vst jtrt jtndt j|dz}tt j|d}|r|d }t|t}|sd dt j vst jtrt jtndt j|d t j vst jtrt jtnd t j|d z}tt j|dx}}yy) u-check_unused_imports가 dict 리스트 반환zimport os x = 1rrrrrrNrr0rpr1) rrrrr3r4r1r5r6r7r8rprqs r&+test_check_unused_imports_returns_dict_listz@TestFindingStructure.test_check_unused_imports_returns_dict_list}s&$33IwG(D))))))))z)))z))))))()))())))))D)))D)))))))))) &qk 0:k40 00 0 0 0 0 0: 0 0 0: 0 0 0k 0 0 0 0 0 04 0 0 04 0 0 00 0 0 0 0 0 0 rDcdjdtdD}d|d}tjd|}t |t }|s ddt jvstjtrtjtndd t jvstj|rtj|nd d t jvstjt rtjt nd tj|d z}ttj|d }|r|d }t |t}|sddt jvstjtrtjtndtj|dt jvstjtrtjtndtj|dz}ttj|d x}}y y )u.check_function_length가 dict 리스트 반환rc3,K|] }d|d|ywrr"rs r&r'zTTestFindingStructure.test_check_function_length_returns_dict_list..s?6!Cs+?r(4z def func(): rrrrrrrNrr0rpr1)rrrrrrr3r4r1r5r6r7r8rp) r9rr:rrArBr@r=rls r&,test_check_function_length_returns_dict_listzATestFindingStructure.test_check_function_length_returns_dict_listsHyy?U2Y??!$'9:44YH(D))))))))z)))z))))))()))())))))D)))D)))))))))) &qk 0:k40 00 0 0 0 0 0: 0 0 0: 0 0 0k 0 0 0 0 0 04 0 0 04 0 0 00 0 0 0 0 0 0 rDN)rsrtrurvrrrtrvrzr"rDr&rnrnjs,1111rDrnc(eZdZdZdZdZdZdZy)TestAdditionalSecretPatternsu(추가 시크릿 패턴 탐지 테스트cTd}tjd|}t|}d}||k\}|stjd|fd||fdt j vstjtrtjtnddt j vstj|rtj|ndtj|tj|dz}d d |iz}ttj|d x}x}}y ) u+DB URL에 자격증명 포함 패턴 탐지z3DATABASE_URL = "postgresql://user:password@host/db"rrrrrrrrrNrKrPs r&*test_detects_database_url_with_credentialszGTestAdditionalSecretPatterns.test_detects_database_url_with_credentialssG66y'J8}!!}!!!!}!!!!!!s!!!s!!!!!!8!!!8!!!}!!!!!!!!!!rDctd}tjd|}t|t}|s ddt j vst jtrt jtnddt j vst j|rt j|nddt j vst jtrt jtndt j|dz}tt j|d}y) u<localhost URL은 탐지 안 함 (자격증명 없는 경우)z,DATABASE_URL = "postgresql://localhost/mydb"rrrrrrN rr0rrr3r4r1r5r6r7r8r9r:rrArBs r& test_no_false_positive_localhostz=TestAdditionalSecretPatterns.test_no_false_positive_localhosts@66y'J(D))))))))z)))z))))))()))())))))D)))D))))))))))rDcTd}tjd|}t|}d}||k\}|stjd|fd||fdt j vstjtrtjtnddt j vstj|rtj|ndtj|tj|dz}d d |iz}ttj|d x}x}}y ) uBearer 토큰 패턴 탐지zJheaders = {"Authorization": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9"}rrrrrrrrrNrKrPs r&test_detects_bearer_tokenz6TestAdditionalSecretPatterns.test_detects_bearer_tokens^66y'J8}!!}!!!!}!!!!!!s!!!s!!!!!!8!!!8!!!}!!!!!!!!!!rDctd}tjd|}t|t}|s ddt j vst jtrt jtnddt j vst j|rt j|nddt j vst jtrt jtndt j|dz}tt j|d}y) u$플레이스홀더는 탐지 안 함zapi_key = ""rrrrrrNrrs r&"test_no_false_positive_placeholderz?TestAdditionalSecretPatterns.test_no_false_positive_placeholders.66y'J(D))))))))z)))z))))))()))())))))D)))D))))))))))rDN)rsrtrurvr~rrrr"rDr&r|r|s2" *" *rDr|)7rvbuiltinsr3_pytest.assertion.rewrite assertionrewriter1importlib.util importlibr4rNsyspathlibr unittest.mockrrpytest__file__parent _SCRIPTS_DIRpathinsertr _MODULE_PATHutilspec_from_file_locationrr;r@r2r4r5r6rkrlr7r8module_from_specrloaderr=rA @py_format8 exec_modulerrxrrrrr;r\rnr|r"rDr&rs"  * H~$$++ 3|$%.. ~~--m\Jt4t4tt4nn--d3  {{${${$tt{$  $L"L"hEEZIIbRRt%(%(Z9-9-B:':'D9;9;B"1"1T**rD