tgrosinger/magpie
1
0
Fork 0
Code Pull Requests Actions Activity
Files
main
magpie/tests/context-gatherer/history-collector.test.ts
T
Li Liu 38ff61471a fix: prevent command injection in history-collector via spawnSync 
Replace execSync with spawnSync in getFileHistory() and getPRDetails()
to prevent shell injection through file paths and PR numbers. Add input
validation for prNumber (must be a positive integer).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-05 13:51:12 +08:00

34 lines
1.1 KiB
TypeScript
Raw Permalink Blame History

// tests/context-gatherer/history-collector.test.ts
import { describe, it, expect } from 'vitest'
import { getDirectories, getPRDetails } from '../../src/context-gatherer/collectors/history-collector.js'
describe('getPRDetails', () => {
it('should return null for invalid PR numbers', () => {
expect(getPRDetails(-1)).toBeNull()
expect(getPRDetails(0)).toBeNull()
expect(getPRDetails(NaN)).toBeNull()
expect(getPRDetails(1.5)).toBeNull()
})
})
describe('getDirectories', () => {
it('should extract directories from file paths', () => {
const files = [
'src/services/order/create.ts',
'src/services/order/update.ts',
'src/api/routes.ts'
]
const dirs = getDirectories(files)
expect(dirs).toContain('src/services/order')
expect(dirs).toContain('src/services')
expect(dirs).toContain('src/api')
})
it('should handle root-level files', () => {
const files = ['package.json', 'src/index.ts']
const dirs = getDirectories(files)
expect(dirs).toContain('src')
expect(dirs).not.toContain('')
})
})
View Git Blame Copy Permalink