4j':dZddlmZddlZddlmcmZddl Z ddl Z ddl Z ddl Z ddl Z ddlmZddlZedZedz dz Zedz d z Ze j(j+deedd lmZmZmZmZmZd d d dZd(dZej>d)dZ dZ!dZ"dZ#ejHjKdgddZ&dZ'dZ(dZ)dZ*dZ+gdZ,ejHjKde,dZ-dZ.d Z/ejHjKd!e0ejcd"Z2d*d#Z3d$Z4d%Z5d&Z6d'Z7y)+uRegression — task-2617 CLI output-path guard (회장 직접 승인 2026-05-19). 검증 범위 (task-2617 §5): * guard 모듈 import-only (argparse/main/CLI/__main__ 부재) * policy 허용 경로(memory/events|reports 직하위·task-id prefix)만 write * absolute · ../ · ws-escape · symlink-component · hardlink · overwrite = fail-closed (write 전 차단·부분파일 미잔존) * 3 CLI 호출부(batch_hold_adjudicator/batch_dependency_classifier/ pre_authorized_evidence_bundle_builder) 가 guard 경유 * stdout-only 3건(auto_remediation_planner/codex_high_classifier/ critical7_classifier) byte-0 불변 * 변경 3파일의 stdout 기본 동작 불변(--out 없을 때) ) annotationsN)Path/home/jay/workspaceanu_v3zcli_output_path_guard.pyconfigzcli_output_path_policy.yaml) GuardError GuardPolicyatomic_guarded_write load_policyvalidate_output_path@150e79992dbbfe41a432abf6096a8ade0e897f0eef23c86e585103b1eaa5b364@214af21eac48b184e37d4ed86403417636098c84f4e573cad949454ec3964006@6143a2d25fff1f15201feb461c9ce28e62d3400f5893264fe445d311fe4877f2)z"anu_v3/auto_remediation_planner.pyzanu_v3/codex_high_classifier.pyzanu_v3/critical7_classifier.pycdtj|jjSN)hashlibsha256 read_bytes hexdigest)ps G/home/jay/workspace/tests/regression/test_cli_output_path_guard_2617.py_shar3s >>!,,. ) 3 3 55c ttSr)r POLICYrrpolicyr7s v rc tjd}tj|}tj|D]}t |tj tjfr|j}d}||k7}|stjd|fd||fdtjvstj|rtj|ndtj|tj|dz}tjdd zd |iz}t!tj"|dx}x}}t |tj$r|j&D]}|j}d }||k7}|stjd|fd||fd tjvstj|rtj|nd tj|tj|dz}tjd d zd |iz}t!tj"|dx}x}}t |tj(r|j*}d }||k7}|stjd|fd||fdtjvstj|rtj|ndtj|tj|dz}tjd d zd |iz}t!tj"|dx}x}}t |tj,s)tj.|j0} g}d} | | v}|} |sd} | | v} | } | sntjd|fd| | ftj| dtjvstj| rtj| nddz}dd |iz}|j3||stjd fd | ftj| dtjvstj| rtj| nddz}dd|iz}|j3|tj4|diz}tjddzd|iz}t!tj"|dx} x}x} x}x} } g}t7t8}|} |rt7t:} | } | sddtjvstjt6rtjt6ndd tjvstjt8rtjt8nd tj|d!z}|j3||rd"dtjvstjt6rtjt6ndd#tjvstjt:rtjt:nd#tj d$z}|j3|tj4|d%iz}d&d'|iz}t!tj"|dx} x}x}} y)(Nutf-8encodingmain!=)z,%(py2)s {%(py2)s = %(py0)s.name } != %(py5)snodepy0py2py5uguard 에 main() 금지 >assert %(py7)spy7argparseauguard 에 argparse 금지)z.%(py2)s {%(py2)s = %(py0)s.module } != %(py5)s__name____main__not in)z%(py3)s not in %(py5)scond)py3r)z%(py7)s)z%(py10)s not in %(py12)s)py10py12z%(py14)spy14u,guard 에 __main__ 엔트리포인트 금지z >assert %(py17)spy17z%%(py5)s {%(py5)s = %(py2)s(%(py3)s) }callabler )r(r3r)z'%(py10)s {%(py10)s = %(py7)s(%(py8)s) }r )r+py8r4rzassert %(py13)spy13) GUARD_MOD read_textastparsewalk isinstance FunctionDefAsyncFunctionDefname @pytest_ar_call_reprcompare @py_builtinslocals_should_repr_global_name _saferepr_format_assertmsgAssertionError_format_explanationImportnames ImportFrommoduleIfdumptestappend_format_boolopr9r r )srctreer% @py_assert1 @py_assert4 @py_assert3 @py_format6 @py_format8r-r2 @py_assert2 @py_assert0 @py_assert9 @py_assert11 @py_format13 @py_format15 @py_format16 @py_format18 @py_format11 @py_format12 @py_format14s r'test_guard_module_is_import_only_no_cliri=s^   w  /C 99S>D  dS__c.B.BC D99 A A9& A A A9 A A A A A A4 A A A4 A A A9 A A A A A A(A A A A A A A A dCJJ 'ZZ IvvHHv+HHHvHHHHHHqHHHqHHHvHHHHHH-HHHHHHHH I dCNN +;; I* I;*, I I I;* I I I I I I4 I I I4 I I I; I I I* I I I.I I I I I I I I dCFF #88DII&D : :T) Z Zt-C   :T   I   v  &*   I&*    v    Zt   I.8   v  @D   I@D    v     ?       M8( )L )L )h7K.LL.LLLLLLL8LLL8LLLLLL(LLL(LLL )LLLL )LLLLLhLLLhLLLLLL7KLLL7KLLL.LLLLLLLLLLLLLLrctdd|}d}t|z }||k(}|stjd|fd||fdt j vstj |rtj|nddt j vstj trtjtndtj|dz}dd |iz}ttj|dx}x}}y) Nz!memory/events/task-2617.unit.jsontask_idr==z%(py0)s == (%(py2)s / %(py4)s)rWSr'r(py4assert %(py7)sr+ r rprErFrGrHrIrJrLrMrrr[ @py_assert5rYr\r]s rtest_allowed_event_path_passrwTs+T& A9888818 8888188888881888188888888888888888888rctdd|}d}t|z }||k(}|stjd|fd||fdt j vstj |rtj|nddt j vstj trtjtndtj|dz}d d |iz}ttj|dx}x}}y) Nz memory/reports/task-2617.unit.md task-2617rkrmrorrprqrsr+rtrus rtest_allowed_report_path_passrz[s*K A8777717 7777177777771777177777777777777777777rbad) z /etc/passwdz2/home/jay/workspace/memory/events/task-2617.x.jsonz+memory/events/../../../etc/task-2617.x.jsonz)memory/events/../reports/task-2617.x.jsonzanu_v3/task-2617.evil.pyzconfig/task-2617.evil.yamlz memory/fixtures/task-2617.x.jsonz!memory/events/no_task_prefix.jsonzmemory/events/2617.jsonz"memory/events/sub/task-2617.x.json.zmemory/events/c|tjt5t|d|dddy#1swYyxYwNrkpytestraisesrr )rr{s rtest_reject_paths_fail_closedrcs1& z "?S$v>???2;c|tjt5tdd|dddy#1swYyxYw)Nzmemory/events/task-2610.x.jsonryrkrrs rtest_taskid_mismatch_rejectedrzs4 z "  ,    rc|tjt5tdd|dddy#1swYyxYwrrrs rtest_none_rejectedrs3 z "@T4?@@@rcd}t|z }|jr|j t|dd|}g}||k(}|}|r|j}|}d} || k(} | }|st j d|fd||fdtjvst j|rt j|nddtjvst j|rt j|nddz} d d | iz} |j| |rt j d fd  fdtjvst j|rt j|ndt jt j|t j| d z} d d| iz}|j|t j|diz}dd|iz}tt j|dx}x}x}x}x}x} } t|}t!j"t$5t|dd|dddt|}||k(}|s9t j d|fd||fdtjvst jtrt jtnddtjvst j|rt j|ndt j|dtjvst j|rt j|nddz}t j&ddzd|iz}tt j|dx}}|jr|jyy#1swY|xYw#|jr|jwwxYw)Nz(memory/events/task-2617._regr_probe.json {"ok":1} rkrmz%(py2)s == %(py4)sretfullr(rr%(py6)spy6zM%(py12)s {%(py12)s = %(py10)s {%(py10)s = %(py8)s.read_text }() } == %(py15)sr:r4r5py15%(py17)sr8rassert %(py20)spy20TAMPER)z0%(py3)s {%(py3)s = %(py0)s(%(py1)s) } == %(py5)srbefore)r'py1r3r)u0overwrite 차단 후 원본 byte 불변이어야r*r+)rpexistsunlinkr r=rErFrGrHrIrJrUrVrLrMrrrrrK)rrelrrrYr[r_r`ra @py_assert14 @py_assert13 @py_format5 @py_format7rdre @py_format19 @py_format21rr^rZr\r]s r/test_atomic_write_allowed_and_overwrite_blockedrsH 4C 8D {{}  "3 d6R?sd{?t~~?~/?<?/<?????sd??????s???s??????d???d???????/<??????t???t???~???/???<??????????????d ]]: & M hV L MDzWzV#WWWzVWWWWWWtWWWtWWWWWWDWWWDWWWzWWWWWWVWWWVWWWW%WWWWWWW ;;= KKM   M M ;;= KKM s%HOOEOOO#O?c bd}tjt5t|dd|dddt|z }|j }|}| }|st jddzdtjvst jtrt jtnddtjvst j|rt j|ndt j|t j|dz}tt j|dx}x}x}}d }t|z }|j}d }||}t|} | } | sd d tjvst jtrt jtnd dtjvst jtrt jtndt j|t j|t j|t j|t j| d z} tt j| dx}x}x}x}x}x} } y#1swYzxYw)Nz$anu_v3/task-2617.should_not_exist.pyPARTIALrku0거부 시 어떤 파일도 생성되면 안 됨zS >assert not %(py6)s {%(py6)s = %(py4)s {%(py4)s = (%(py0)s / %(py1)s).exists }() }rpr)r'rrrrrz.*task-2617.tmp*xassert not %(py12)s {%(py12)s = %(py0)s(%(py10)s {%(py10)s = %(py6)s {%(py6)s = (%(py1)s / %(py3)s).glob }(%(py8)s) }) }listr'rr3rr:r4r5)rrrr rprrErKrGrHrIrJrLrMglobr) rrr^r[rv @py_assert7r]rZr`rarrhs r*test_rejected_write_leaves_no_partial_filers 0C z "JS)T&IJSV  V "V" "V "VV$VVVVVVVVVVVVVVVVSVVVSVVV VVV"VVVVVV"=R(]=]((=);=();<=t<=== == ======t===t======R===R===(===(===);===<=========== JJs J$$J.cj|dz }|jtdz }|js|jr|j t j || tjt5tddd|dddd}||z }|j}|}| }|sdd tjvstj|rtj|nd tj|tj|tj|d z} t!tj"| dx}x}x}x}}|jr|j yy#1swYxYw#|jr|j wwxYw) umemory/events 하위에 symlink 디렉터리를 만들어 통과 시도 → 거부. single-segment 정책상 events 직하위 파일만 허용되므로, symlink component 경유 경로는 문법(중첩) 또는 O_NOFOLLOW 단계에서 거부된다. outsidez"memory/events/task-2617-symlinkdirz3memory/events/task-2617-symlinkdir/task-2617.x.jsonXNrkztask-2617.x.jsonQassert not %(py7)s {%(py7)s = %(py5)s {%(py5)s = (%(py0)s / %(py2)s).exists }() }victimr'r(r)r+)mkdirrp is_symlinkrrossymlinkrrrr rGrHrErIrJrLrM) tmp_pathrrlinkrYr[rZ @py_assert6 @py_assert8 @py_format9s r"test_symlink_component_fail_closedrsA  !F LLN 4 4D DKKM JJvt  ]]: &  E   09F//9/779799999999999F999F999/999799999999999 ??  KKM    ??  KKM s%&F?FCFF F#F2)z anu_v3/batch_hold_adjudicator.pyz%anu_v3/batch_dependency_classifier.pyz0anu_v3/pre_authorized_evidence_bundle_builder.pyrc^t|z jd}d}||v}|stjd|fd||ftj|dt j vstj|rtj|nddz}dd |iz}ttj|dx}}d }||v}|stjd|fd||ftj|dt j vstj|rtj|nddz}dd |iz}ttj|dx}}d }||v}|stjd |fd ||ftj|dt j vstj|rtj|nddz}dd |iz}ttj|dx}}d}||v}|stjd |fd ||ftj|dt j vstj|rtj|nddz}dd |iz}ttj|dx}}y)Nrr z=from anu_v3.cli_output_path_guard import atomic_guarded_writeinz%(py1)s in %(py3)srWrr3assert %(py5)sr)zatomic_guarded_write(zPath(a.output).write_textr0)z%(py1)s not in %(py3)szPath(args.out).write_text) rpr=rErFrJrGrHrIrLrM)rrWr_r^ @py_format4r\s r"test_cli_sinks_route_through_guardrs 8    0C JQ Jc QQQQ JcQQQ JQQQQQQcQQQcQQQQQQQ ") "c )))) "c))) "))))))c)))c))))))) &1 &c 1111 &c111 &111111c111c1111111 &1 &c 1111 &c111 &111111c111c1111111rc |dz }|jddtjtjdddt |gt t dd }|j}d }||k(}|stjd |fd ||fd tjvstj|rtj|nd tj|tj|dz}tj|jdzd|iz}t!tj"|dx}x}}|j$}|j&}|}|stjddzd tjvstj|rtj|nd tj|tj|tj|dz} t!tj"| dx}x}}d}t |z }|j(}|} | } | sddtjvstjt rtjt ndtj|tj|tj| dz} t!tj"| dx}x}x}x} } y)u=--output 없으면 stdout 으로 그대로 — 동작 불변.p.json{}rr -manu_v3.batch_hold_adjudicator--inputTcwdcapture_outputtextrrm)z2%(py2)s {%(py2)s = %(py0)s.returncode } == %(py5)srr&r*r+Nu)stdout 출력이 있어야(동작 불변)z^ >assert %(py6)s {%(py6)s = %(py4)s {%(py4)s = %(py2)s {%(py2)s = %(py0)s.stdout }.strip }() })r'r(rrrrrpr) write_text subprocessrunsys executablestrrp returncoderErFrGrHrIrJrKstderrrLrMstdoutstripr) rpayloadrrYrZr[r\r]rvrrrrs r4test_batch_hold_adjudicator_stdout_default_unchangedrs!G tg. > CL " GDt A <<&1&<1 &&&<1&&&&&&1&&&1&&&<&&&1&&&ahh&&&&&&& 88H8>>H> H HHHHHHHHH1HHH1HHH8HHH>HHH HHHHHH'X ' %%'%''' '' ''''''''''''X'''%'''''''''''rc z|dz }|jdd|dz }tjtjdddt |d t |gt t d d }|j}d }||k7}|stjd |fd||fdtjvstj|rtj|ndtj|tj|dz}tjddzd|iz}ttj |dx}x}}|j"}|}| } | stjddzdtjvstj|rtj|ndtj|tj|dz}ttj |dx}x}} d} |j$}|j&} || z} | | v} | stjd| fd| | ftj| dtjvstj|rtj|ndtj|dtjvstj|rtj|ndtj| dz}dd|iz}ttj |dx} x} x}x} } y)uQ--output 이 비허용 경로면 fail-closed(비정상 종료·파일 미생성).rrrr z evil_out.jsonrrrz--outputTrrr#)z2%(py2)s {%(py2)s = %(py0)s.returncode } != %(py5)srr&u'비허용 경로 write 는 실패해야r*r+Nufail-closed: 파일 미생성zG >assert not %(py4)s {%(py4)s = %(py2)s {%(py2)s = %(py0)s.exists }() }evilrqz fail-closedr)zV%(py1)s in (%(py5)s {%(py5)s = %(py3)s.stderr } + %(py8)s {%(py8)s = %(py6)s.stdout }))rr3r)rr:zassert %(py11)spy11)rrrrrrrprrErFrGrHrIrJrKrLrMrrr)rrrrrYrZr[r\r]rvr_rr`r^ @py_format10rgs r+test_cli_out_to_disallowed_path_fail_closedrs!G tg. o %D > CL*c$i 9 GDt A <<G1G<1 GGG<1GGGGGG1GGG1GGG<GGG1GGGGGGGGGGG{{={}=} = =========t===t==={===}====== 1QXX11X01=0 1111=0111=111111Q111Q111X11111111111111111111rzrel,shacRt|z }t|}||k(}|stjd|fd||fdt j vstj trtjtnddt j vstj trtjtnddt j vstj |rtj|ndtj|dt j vstj |rtj|nddz}tj|dd zd |iz}ttj|dx}x}}y) Nrm)z<%(py5)s {%(py5)s = %(py0)s((%(py1)s / %(py2)s)) } == %(py7)srrprsha)r'rr(r)r+u+ 는 본 remediation 으로 불변이어야z >assert %(py9)spy9) rprrErFrGrHrIrJrKrLrM)rrr[rZrr]rs r(test_stdout_only_modules_byte0_unchangedrsSU4>U>S UUU>SUUUUUU4UUU4UUUUUUUUUUUUUUUSUUUSUUU>UUUUUUSUUUSUUUUSE)T"UUUUUUUUrc@|dz }|dz dz jd|S)NwsmemoryeventsT)parents)r)rrs r_mk_sandbox_wsrs* DB(]X$$T$2 Irc 2 ddlm}t|}|dz dz |dz t|}tj dddfd }|j |jd |tjt5}td d d| dddd }j}t|} || v} | s tjd| fd|| ftj|dt!j"vstj$trtjtnddt!j"vstj$|rtj|ndtj|tj| dz} dd| iz} t'tj(| dx}x} x}} d} | z }|j*}|}| }|sddt!j"vstj$rtjndtj| tj|tj|dz} t'tj(| dx} x}x}x}}d } || z }|j*}|}| }|sddt!j"vstj$|rtj|ndtj| tj|tj|dz} t'tj(| dx} x}x}x}}j,} d}| |}t/|}| }|sddt!j"vstj$t.rtjt.nddt!j"vstj$rtjndtj| tj|tj|tj|dz} t'tj(| dx} x}x}x}}y#1swYxYw)ucontainment 체크 ~ os.link 사이 부모 dir 가 ws 밖으로 rename 되면 post-link final-inode bound 재검증이 이를 탐지해 final 을 즉시 unlink 하고 fail-closed(SystemExit). (잔여 HIGH 재현·차단)rNrr evil_movedcanonical_ws_root src_dir_fd dst_dir_fdcjr(tjtt||||S)Nr)rrrenamer)rWdstrrrr real_links r toctou_linkz?test_dir_rename_after_check_toctou_blocked..toctou_links8 ==? IIc&k3w< 0    rrz#memory/events/task-2617.toctou.json{"x":1} rk"post-link final-inode bound 이탈r)zK%(py1)s in %(py8)s {%(py8)s = %(py3)s(%(py6)s {%(py6)s = %(py4)s.value }) }rei)rr3rrrr:assert %(py10)sr4ztask-2617.toctou.jsonrrrr.*tmp*hassert not %(py9)s {%(py9)s = %(py0)s(%(py7)s {%(py7)s = %(py3)s {%(py3)s = %(py1)s.glob }(%(py5)s) }) }rr'rr3r)r+r)anu_v3.cli_output_path_guardcli_output_path_guardrr rrsetattrrr SystemExitr valuerrErFrJrGrHrIrLrMrrr)r monkeypatchgrpolrrr_rvrr^rrfrYr[rZrr @py_assert10rrrs @@@r*test_dir_rename_after_check_toctou_blockedrs-  !B (]X %F%G  +CI,0T  fk2 z " b 1     0@rxx@3x=@ /= @@@@ /=@@@ /@@@@@@3@@@3@@@@@@r@@@r@@@x@@@=@@@@@@@1;11;199;9;;; ;; ;;;;;;;;;;;;1;;;9;;;;;;;;;;;:D::D:BBDBDDD DD DDDDDDDDDDDD:DDDBDDDDDDDDDDDLL++L*+t*+++ ++ ++++++t+++t++++++G+++G+++L++++++*+++++++++++  s ?R  Rc t|}t|}tddd|}|dz }g}||k(}|}|r|j}|} d} | | k(} | }|st j d|fd||fdt jvst j|rt j|ndd t jvst j|rt j|nd d z} d d | iz} |j| |rt j d fd   fd t jvst j|rt j|nd t jt j| t j| dz}dd|iz}|j|t j|diz}dd|iz}tt j|dx}x}x}x}x} x} } d}||z }|j}d}||}t|} | } | sddt jvst jtrt jtnddt jvst j|rt j|ndt j|t j|t j|t j|t j| dz}tt j|dx}x}x}x}x}x} } y)urename 주입 없을 때(정상 경로): 변경 후에도 write 성공·final 이 ws 안에 안착 — 기존 task-2617 통과 경로 동작 불변 입증.rzmemory/events/task-2617.ok.jsonrNrkrmrrfinalrrrrrrr8rrr memory/eventsrrrrr)rr r r=rErFrGrHrIrJrUrVrLrMrr)rrrrr rYr[r_r`rarrrrrdrerrr^rZrvrrhs r0test_post_link_check_passes_for_legitimate_writer !s  !B  +C )  C 2 2E=3%<=EOO=O-==-=====3%======3===3======%===%=======-======E===E===O===-=================):R/):)//::/9:t9::: :: ::::::t:::t::::::R:::R:::/:::/::::::9:::::::::::rc  ddlm}t|}|dz dz }t|}tj dddfd }|j |jd|tjt5}td d d| dddtj}d } | |v} | stjd | fd| |ftj| dt!j"vstj$|rtj|nddz} dd| iz} t'tj(| dx} } d} | |v} | stjd | fd| |ftj| dt!j"vstj$|rtj|nddz} tj*|dzd| iz} t'tj(| dx} } d} | |v} | stjd | fd| |ftj| dt!j"vstj$|rtj|nddz} tj*|dzd| iz} t'tj(| dx} } d} || z }|j,}|}| }|sddt!j"vstj$|rtj|ndtj| tj|tj|dz}t'tj(|dx} x}x}x}}|j.} d}| |}t1|}| }|sddt!j"vstj$t0rtjt0nddt!j"vstj$|rtj|ndtj| tj|tj|tj|dz}t'tj(|dx} x}x}x}}y#1swY3xYw)u잔여 HIGH 재현: ``os.link()`` 직후·재오픈 직전 fname 이 *다른 in-ws inode* 로 치환되는 reopen-by-name substitution race. 치환된 파일은 ws 안(events 직하위)이라 realpath containment 만으로는 통과한다 — 그러나 post-link 재검증이 inode-bound(link 가 만든 temp inode 의 st_dev/st_ino 와 동치) 이므로 inode 불일치를 탐지해 final 을 즉시 unlink 하고 fail-closed(SystemExit). containment=True 인데도 inode_bound=False 로 차단됨을 입증한다.rNrrrrc||||}tj||tjtjztjz}t tdr|tj z}tj||d|}tj|dtj||S)Nr)dir_fd O_NOFOLLOWisDECOY-DIFFERENT-INODE ) rrO_WRONLYO_CREATO_EXCLhasattrropenwriteclose)rWrrrrvdflagsdecoy_fdrs rsubstituting_linkzHtest_reopen_by_name_substitution_race_blocked..substituting_linkCs     #j)rzz)BII5 2| $ bmm #F773jA 56  rrz"memory/events/task-2617.subst.jsonrrkrrrmsgrrr)zinode_bound=Falsez >assert %(py5)szcontainment=Trueztask-2617.subst.jsonrrrrrr)rrrr rrrrrrr rrrErFrJrGrHrIrLrMrKrrr)rrrrrrrrrr_r^rr\rYr[rZrrrrrfrs @r-test_reopen_by_name_substitution_race_blockedr2s-  !B (]X %F  +CI264"f&78 z " b 0     bhh-C /6 /3 6666 /3666 /666666366636666666 * # %*** #*** ******#***#****s****** )  $))) ))) )))))))))))))c))))))/9//9/7797999 99 999999999999/999799999999999KK**K)*t)*** ** ******t***t******F***F***K******)***********  s 6R77Sctt}|j}t|}d}||k(}|s t j d|fd||fdt jvst jtrt jtnddt jvst j|rt j|ndt j|t j|t j|dz}dd|iz}tt j|dx}x}x}}|j}t|}d d h}||k(}|s t j d|fd ||fd t jvst jtrt jtnd dt jvst j|rt j|ndt j|t j|t j|dz}dd|iz}tt j|dx}x}x}}|j}d }||u}|st j d|fd||fdt jvst j|rt j|ndt j|t j|dz} dd| iz} tt j| dx}x}}|j}d }||u}|st j d|fd||fdt jvst j|rt j|ndt j|t j|dz} dd| iz} tt j| dx}x}}y)Nrrm)zW%(py5)s {%(py5)s = %(py0)s(%(py3)s {%(py3)s = %(py1)s.canonical_ws_root }) } == %(py8)srr)r'rr3r)r:rr4r zmemory/reports)zS%(py5)s {%(py5)s = %(py0)s(%(py3)s {%(py3)s = %(py1)s.allowed_roots }) } == %(py8)ssetT)is)z?%(py2)s {%(py2)s = %(py0)s.task_id_prefix_required } is %(py5)sr&rsr+)zI%(py2)s {%(py2)s = %(py0)s.single_segment_under_allowed_root } is %(py5)s)r rrrrErFrGrHrIrJrLrM allowed_rootsrtask_id_prefix_required!single_segment_under_allowed_root) rr^rZrrrrfrYr[r\r]s r(test_guard_policy_file_present_and_validr#hsM f C$$>3$ %>)>> %)> >>>> %)>>>>>>>3>>>3>>>>>>s>>>s>>>$>>> %>>>)>>>>>>>>  H3 !Ho7G%HH !%H HHHH !%HHHHHHH3HHH3HHHHHHsHHHsHHH HHH !HHH%HHHHHHHH  & &.$. &$ .... &$......3...3... &...$.......  0 08D8 0D 8888 0D88888838883888 0888D8888888r)rrreturnr)r$r )r$r)8__doc__ __future__rbuiltinsrG_pytest.assertion.rewrite assertionrewriterEr>rrrrpathlibrrrpr<rpathinsertrrrr r r r STDOUT_ONLY_BASELINErfixturerrirwrzmark parametrizerrrrrr TARGET_SINKSrrrritemsrrrr rr#rrrr4s #       M6 6 h6 63r7 KJJ 6 M.98 $?%$?  @ $>6  -2.2 ( 2 D)=)C)C)E$FGVHV  #,L ;"3+l9r