8bfd79fe8e
* chore: dedupe src/search/cache.py into a re-export shim src/search/cache.py was a byte-identical copy of services/search/cache.py. Convert it to a sys.modules alias of the canonical services module (matching src/search/core.py, providers.py, ranking.py) so the two cannot drift, and add an identity assertion to test_search_module_consolidation.py. content.py and query.py are intentionally left as-is: the copies have drifted and services lacks fixes that src has, so they need services reconciled first before they can be shimmed safely. * chore: dedupe src/search content.py and query.py into shims Convert src/search/content.py and query.py to sys.modules aliases of the canonical services/search/* (matching cache.py, core.py, providers.py, ranking.py) so the duplicate copies cannot drift. Repoint the two tests that were coupled to the src-copy internals onto the canonical services surface (behaviour is equivalent): - test_src_search_query_nonstring.py: import services.search.query instead of loading the src file by path. - test_security_regressions.py::test_web_fetch_guard_blocks_redirect_into_private: mock httpx.get (services uses the module-level get, not httpx.Client) and assert on the canonical 'Blocked' message. Drop the now-redundant [src_content, service_content] parametrization in test_search_content_extraction_parity.py and test_search_content_url_guards.py (after the shim both params are the same object); add content/query identity assertions to test_search_module_consolidation.py.
37 lines
1.1 KiB
Python
37 lines
1.1 KiB
Python
import ipaddress
|
|
|
|
import pytest
|
|
|
|
from services.search import content as service_content
|
|
|
|
|
|
@pytest.mark.parametrize("module", [service_content])
|
|
@pytest.mark.parametrize("url", [
|
|
"http://printer.local/",
|
|
"http://nas.lan/",
|
|
"http://admin.internal/",
|
|
"http://service.intranet/",
|
|
"http://[::ffff:169.254.169.254]/latest/meta-data/",
|
|
"http://224.0.0.1/",
|
|
"http://[ff02::1]/",
|
|
"http://[::]/",
|
|
])
|
|
def test_search_content_url_guard_blocks_internal_names_and_address_classes(module, url):
|
|
assert module._public_http_url(url) is False
|
|
|
|
|
|
@pytest.mark.parametrize("module", [service_content])
|
|
def test_search_content_url_guard_blocks_dns_to_multicast(monkeypatch, module):
|
|
monkeypatch.setattr(
|
|
module,
|
|
"_resolve_hostname_ips",
|
|
lambda host: [ipaddress.ip_address("224.0.0.1")],
|
|
)
|
|
|
|
assert module._public_http_url("https://example.test/page") is False
|
|
|
|
|
|
@pytest.mark.parametrize("module", [service_content])
|
|
def test_search_content_url_guard_still_allows_public_ip(module):
|
|
assert module._public_http_url("https://93.184.216.34/") is True
|