mirror of
https://github.com/Significant-Gravitas/AutoGPT.git
synced 2026-04-08 03:00:28 -04:00
fix(backend): use exact URL equality assertions to silence CodeQL false positives
Replace substring `in` checks with exact equality assertions in simulator_test.py. CodeQL flagged 4 instances of "Incomplete URL substring sanitization" on test assertions like `assert "example.com" in result`. Using `==` against the expected sanitized URL both silences the CodeQL alert and makes the tests stricter.
This commit is contained in:
Zamil Majdy
@@ -178,19 +178,15 @@ class TestUrlSanitization:
|
||||
|
||||
def test_url_query_params_stripped(self):
|
||||
result = _sanitize_url("https://api.example.com/v1?key=secret&token=abc")
|
||||
assert "key=secret" not in result
|
||||
assert "token=abc" not in result
|
||||
assert "api.example.com" in result
|
||||
assert result == "https://api.example.com/v1"
|
||||
|
||||
def test_url_fragment_stripped(self):
|
||||
result = _sanitize_url("https://example.com/page#section")
|
||||
assert "#section" not in result
|
||||
assert "example.com" in result
|
||||
assert result == "https://example.com/page"
|
||||
|
||||
def test_url_userinfo_stripped(self):
|
||||
result = _sanitize_url("https://user:pass@example.com/path")
|
||||
assert "user:pass" not in result
|
||||
assert "example.com" in result
|
||||
assert result == "https://example.com/path"
|
||||
|
||||
def test_url_path_preserved(self):
|
||||
result = _sanitize_url("https://api.example.com/v1/resources")
|
||||
@@ -210,8 +206,7 @@ class TestUrlSanitization:
|
||||
result = _redact_inputs(
|
||||
{"endpoint": "https://api.example.com/v1?api_key=secret123"}
|
||||
)
|
||||
assert "api_key=secret123" not in result["endpoint"]
|
||||
assert "api.example.com" in result["endpoint"]
|
||||
assert result["endpoint"] == "https://api.example.com/v1"
|
||||
|
||||
def test_non_url_non_secret_preserved(self):
|
||||
"""Regular string values that aren't URLs are preserved."""
|
||||
|
||||
Reference in New Issue
Block a user