keisei/KeiSeiKit-1.0
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
KeiSeiKit-1.0/_primitives/_rust/kei-runtime/tests/discover_smoke.rs
Parfii-bot 990f5e3711 fix(substrate): E1 — kei-atom-discovery shared crate + 4 critical security fixes 
Extracts authoritative atom discovery + frontmatter parsing into new crate
_primitives/_rust/kei-atom-discovery/. kei-sage and kei-runtime now both
consume the same implementation, eliminating Frontmatter drift.

Resolved findings:
- F-3/crit#3: path traversal via md_dir.join() — safe_join helper rejects
  absolute paths + .. components + post-canonicalise escapes (4 sites)
- crit#6/architect P0-a: Frontmatter drift — single AtomMeta struct
- SA supply-chain: serde_yaml archived — migrated to serde_yaml_ng 0.10
- crit#2: JSON Schema $ref SSRF — jsonschema 0.17→0.18 with resolve-file
  feature only, custom LocalFileResolver denies non-file:// schemes
- F-4: symlink traversal — walkdir follow_links(false) explicit everywhere
- F-5: YAML billion-laughs — 64 KiB pre-parse cap

Tests: 9/9 new crate + 23/23 sage + 2/2 runtime + 7/7 kei-task = 41/41 green.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-23 00:49:49 +08:00

58 lines
1.7 KiB
Rust
Raw Blame History

//! Integration test — walk_atoms returns 2 well-formed records from temp root.
use kei_runtime::discover::{walk_atoms, AtomKind};
use std::fs;
use std::path::Path;
fn write_atom(root: &Path, crate_name: &str, verb: &str) {
let atoms = root.join(crate_name).join("atoms");
let schemas = atoms.join("schemas");
fs::create_dir_all(&schemas).unwrap();
let input = format!("{verb}-input.json");
let output = format!("{verb}-output.json");
fs::write(schemas.join(&input), "{}").unwrap();
fs::write(schemas.join(&output), "{}").unwrap();
let md = format!(
r#"---
atom: {crate_name}::{verb}
kind: query
version: "0.1.0"
input:
schema: schemas/{input}
output:
schema: schemas/{output}
side_effects: []
idempotent: true
stability: stable
---
# {crate_name}::{verb}
"#,
);
fs::write(atoms.join(format!("{verb}.md")), md).unwrap();
}
#[test]
fn walk_atoms_finds_two_records() {
let tmp = tempfile::tempdir().unwrap();
write_atom(tmp.path(), "kei-alpha", "search");
write_atom(tmp.path(), "kei-beta", "fetch");
let mut atoms = walk_atoms(tmp.path());
atoms.sort_by(|a, b| a.full_id.cmp(&b.full_id));
assert_eq!(atoms.len(), 2);
assert_eq!(atoms[0].full_id, "kei-alpha::search");
assert_eq!(atoms[0].crate_name, "kei-alpha");
assert_eq!(atoms[0].verb, "search");
assert_eq!(atoms[0].kind, AtomKind::Query);
assert_eq!(atoms[1].full_id, "kei-beta::fetch");
assert!(atoms[1]
.input_schema
.as_ref()
.unwrap()
.ends_with("schemas/fetch-input.json"));
assert!(atoms[1]
.output_schema
.as_ref()
.unwrap()
.ends_with("schemas/fetch-output.json"));
}
Reference in a new issue View git blame Copy permalink