Add pytest suite for critical plugin scripts (241 tests)#40
Add pytest suite for critical plugin scripts (241 tests)#40AnExiledDev merged 2 commits intomainfrom
Conversation
Security guards, workspace scope enforcement, readonly bash guard, and agent redirect logic had zero test coverage. This adds pytest tests for the pure functions in each script, covering all regex patterns, edge cases, bypass vectors, and false positive checks.
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review infoConfiguration used: defaults Review profile: CHILL Plan: Pro 📒 Files selected for processing (3)
🚧 Files skipped from review as they are similar to previous changes (1)
📝 WalkthroughWalkthroughAdds a comprehensive pytest plugin test suite (241 tests) plus a test loader in Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Poem
🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches
🧪 Generate unit tests (beta)
Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
tests/conftest.py (1)
36-39: Add null check for spec.loader.
spec_from_file_locationcan returnNonefor the spec, and even when it succeeds,spec.loadercould theoretically beNone. Adding a guard prevents crypticAttributeErrorif the path or module type is unexpected.🛡️ Proposed defensive check
spec = importlib.util.spec_from_file_location(module_name, script_path) + if spec is None or spec.loader is None: + raise ImportError(f"Cannot load module from {script_path}") module = importlib.util.module_from_spec(spec) spec.loader.exec_module(module)🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@tests/conftest.py` around lines 36 - 39, The current code calls spec.loader.exec_module(module) without guarding against spec or spec.loader being None; update the import block that uses importlib.util.spec_from_file_location and the local variable spec to check that spec is not None and spec.loader is not None before calling spec.loader.exec_module(module), and raise or log a clear error (or skip) if either is missing so you avoid an AttributeError when loading unexpected paths or module types.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@tests/plugins/test_redirect_builtin_agents.py`:
- Around line 21-37: The run_main helper must always return an int exit code;
update the SystemExit handling in run_main so you normalize exc.code to an int
(e.g., treat None as 0, and coerce non-int codes with a safe fallback like
int(...) in a try/except and default to 1 on failure) and also return a
deterministic int when main() returns normally (replace the current return of
None with 0). Modify the logic around redirect_builtin_agents.main() and the
final return so the function signature tuple[int, str] is always honored.
---
Nitpick comments:
In `@tests/conftest.py`:
- Around line 36-39: The current code calls spec.loader.exec_module(module)
without guarding against spec or spec.loader being None; update the import block
that uses importlib.util.spec_from_file_location and the local variable spec to
check that spec is not None and spec.loader is not None before calling
spec.loader.exec_module(module), and raise or log a clear error (or skip) if
either is missing so you avoid an AttributeError when loading unexpected paths
or module types.
ℹ️ Review info
Configuration used: defaults
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (11)
.devcontainer/CHANGELOG.mdpackage.jsontests/__init__.pytests/conftest.pytests/plugins/__init__.pytests/plugins/test_block_dangerous.pytests/plugins/test_guard_protected.pytests/plugins/test_guard_protected_bash.pytests/plugins/test_guard_readonly_bash.pytests/plugins/test_guard_workspace_scope.pytests/plugins/test_redirect_builtin_agents.py
- Resolve CHANGELOG.md merge conflict (testing section + main's fixes) - Fix run_main() return type in test_redirect_builtin_agents.py (CodeRabbit review) - Update block-dangerous tests for new source patterns: - --force-with-lease now intentionally blocked (was documented as bug) - Bare force push message changed to FORCE_PUSH_SUGGESTION - Add tests for remote branch deletion patterns (--delete, colon-refspec)
Summary
npm testunaffectedCoverage
block-dangerous.pyguard-workspace-scope.pyguard-protected.pyguard-protected-bash.pyguard-readonly-bash.pyredirect-builtin-agents.pyBugs Discovered During Testing
The test suite documents several existing bugs in the source code (tests are written to match current behavior):
--force-with-leasefalse positive inblock-dangerous.py— the\bgit\s+push\s+--force\bregex matches--force-with-leasebecause\btreats the-as a word boundaryrm -rf /etcnot caught — only barerm -rf /andrm -rf ~are blocked;rm -rf /etcpasses through>>parsing inguard-protected-bash.py— regex(?:>|>>)matches>before>>due to alternation ordercat >targets inguard-protected-bash.py— both generic redirect and cat-specific patterns matchTest Infrastructure
tests/conftest.py—importlib.utilloader for plugin scripts (no package structure)npm run test:plugins— runs pytest suitenpm run test:all— runs both JS and Python testsTest plan
pytest tests/ -v— 241 passednpm test— existing JS tests unaffectedSummary by CodeRabbit
Tests
Chores
test:pluginsandtest:allto run the plugin tests.Documentation