curo/kite
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(6.1): close WR-01/WR-02 code review findings in test_audit.py

Browse Source 
WR-01: extend nested metadata_ forbidden-key check to all 4 keys
WR-02: assert no forbidden fields in CSV export body (D-15)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
curo1305
2026-05-30 23:24:26 +02:00
parent 5762f65b09
commit 57784f9f80
1 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/tests/test_audit.py
+9 -2
View File
@@ -95,10 +95,10 @@ async def test_audit_log_no_doc_content(async_client, admin_user, db_session):
f"forbidden key '{key}' found at top level of audit item"
)
# Nested metadata_ check
# Nested metadata_ check — same forbidden set as top-level (WR-01)
meta = item.get("metadata_")
if isinstance(meta, dict):
for key in ("filename", "extracted_text"):
for key in forbidden_keys:
assert key not in meta, (
f"forbidden key '{key}' found inside metadata_ of audit item"
)
@@ -143,3 +143,10 @@ async def test_audit_log_export_csv(async_client, admin_user, db_session):
f"CSV header line not found in response. "
f"First 200 chars: {response.text[:200]!r}"
)
# D-15: CSV export must not contain document content or sensitive fields (WR-02)
forbidden_csv = ("filename", "extracted_text", "password_hash", "credentials_enc")
for key in forbidden_csv:
assert key not in response.text, (
f"forbidden field '{key}' found in CSV export body"
)