| import pytest |
|
|
| from app.agents.config_agent import ConfigAgent |
| from app.schemas import CodeChunk, Severity |
|
|
|
|
| def make_chunk(content: str, file_path: str = "config.py") -> CodeChunk: |
| return CodeChunk( |
| file_path=file_path, |
| language="Python", |
| line_start=1, |
| line_end=max(1, len(content.splitlines())), |
| content=content, |
| ) |
|
|
|
|
| @pytest.mark.anyio |
| async def test_config_agent_detects_debug_mode(): |
| output = await ConfigAgent().analyze([make_chunk("DEBUG = True")]) |
|
|
| assert output.findings[0].title == "Debug mode enabled" |
| assert output.findings[0].severity == Severity.high |
| assert output.findings[0].category == "config" |
| assert output.findings[0].confidence is not None |
|
|
|
|
| @pytest.mark.anyio |
| async def test_config_agent_detects_wildcard_cors(): |
| output = await ConfigAgent().analyze([make_chunk('allow_origins=["*"]')]) |
|
|
| assert output.findings[0].title == "Wildcard CORS origin" |
| assert output.findings[0].severity == Severity.medium |
|
|
|
|
| @pytest.mark.anyio |
| async def test_config_agent_detects_disabled_tls_verification(): |
| output = await ConfigAgent().analyze([make_chunk("session.verify = False")]) |
|
|
| assert output.findings[0].title == "TLS verification disabled in configuration" |
| assert output.findings[0].severity == Severity.high |
|
|
|
|
| @pytest.mark.anyio |
| async def test_config_agent_detects_weak_default_secret(): |
| output = await ConfigAgent().analyze([make_chunk("SECRET_KEY = 'django-insecure-demo'")]) |
|
|
| assert output.findings[0].title == "Weak default secret configured" |
| assert output.findings[0].severity == Severity.high |
|
|
|
|
| @pytest.mark.anyio |
| async def test_config_agent_returns_empty_output_for_clean_config(): |
| output = await ConfigAgent().analyze([make_chunk("DEBUG = env.bool('DEBUG', default=False)")]) |
|
|
| assert output.findings == [] |
| assert output.metadata["mode"] == "static-rules" |
|
|