deer-flow/backend/tests/blocking_io
AochenShen99 658c39ccf7
Some checks failed
Backend Blocking IO / backend-blocking-io (push) Waiting to run
Unit Tests / backend-unit-tests (push) Waiting to run
Frontend Unit Tests / frontend-unit-tests (push) Waiting to run
Lint Check / lint-backend (push) Waiting to run
Lint Check / lint-frontend (push) Waiting to run
Replay E2E (front-back contract) / Layer 1 — backend golden (no API key) (push) Waiting to run
Replay E2E (front-back contract) / Layer 2 — full-stack render (no API key) (push) Waiting to run
E2E Tests / e2e-tests (push) Has been cancelled
feat(skills): Add native SkillScan phase 1 for skills (#3033)
* Add phase 1 skill static scanning

* Rework SkillScan phase 1 as native scanner

* refactor(skillscan): align phase 1 with trimmed RFC contract

- SecurityFinding: 7 fields (rule_id, severity, file, line, message,
  remediation, evidence); category/analyzer derive from the rule_id
  prefix, confidence/column/fingerprint/metadata removed
- scan_archive_preflight()/scan_skill_dir() are pure functions: no
  ScanContext, no policy schema; CRITICAL-blocks is a code constant and
  skill_scan.enabled is applied by enforce_static_scan()/callers
- secret-* evidence is redacted before findings leave the scanner
- de-dup keys on (rule_id, file, line) so repeated occurrences keep
  distinct locations for agent self-correction
- cloud-metadata detection consolidated into network-cloud-metadata
- nested zip members get a one-level stdlib magic-byte peek; an
  executable member escalates package-nested-archive to CRITICAL
- install metadata sidecar removed (Phase 7 decides if it is needed)
- rule specs moved next to their analyzers; skillscan/rules/ removed
- tests updated + new anchors: redaction, dedup lines, nested-zip
  escalation, single cloud-metadata rule, bundled-skill zero-CRITICAL

* fix(skillscan): tighten reverse-shell/secret/archive scan rules from review

Address PR #3033 review feedback on the native SkillScan analyzers:

- Reverse-shell false positives: split shell detection by signal strength
  (/dev/tcp/, nc -e stay CRITICAL; bash -i, mkfifo -> new HIGH
  shell-reverse-shell-heuristic, warn->LLM). The Python check is now
  AST-anchored on real socket.socket/os.dup2/subprocess call sites instead
  of raw-text substring matching, so prose/docstrings no longer hard-block.
- Secret evidence: _redact_secret_evidence returns [redacted] with no secret
  bytes (was value[:6], which leaked 2 real token bytes past the prefix).
- Archive DoS: cap outer archive member count (_MAX_ARCHIVE_MEMBERS=4096);
  scan_archive_preflight early-aborts with a package-too-many-members CRITICAL
  finding (routes through the existing blocked->400 fail-closed path).
- shell-destructive-command: broaden the rm -rf matcher to sensitive system
  roots (/home, /usr, /*, --no-preserve-root /) while leaving safe subpaths
  unflagged.
- Dead code: collapse _decode_text_for_analysis to a single decode path and
  drop the unused _TEXT_SUFFIXES set and _has_text_shebang helper.
- local_skill_storage: document why the host_path branch keeps app_config
  possibly-None (lazy kill-switch resolution; avoids eager get_app_config in
  config-free environments such as CI).

Tests: new negative/positive coverage in test_skillscan_native.py. Full
backend suite 6616 passed, 26 skipped.
2026-07-07 21:44:28 +08:00
..
__init__.py feat(tests): add Blockbuster runtime gate for event-loop blocking IO (#3229) 2026-05-26 23:03:49 +08:00
conftest.py feat(tests): add Blockbuster runtime gate for event-loop blocking IO (#3229) 2026-05-26 23:03:49 +08:00
test_agents_router.py fix(agents): offload blocking filesystem IO in the custom-agent router off the event loop (#3457) 2026-06-09 22:24:53 +08:00
test_artifacts_router.py fix(artifacts): offload blocking filesystem IO in artifact serving (#3551) 2026-06-24 10:44:46 +08:00
test_channel_runtime_config_store.py fix(channels): harden runtime credential management APIs (#3581) 2026-06-18 10:45:33 +08:00
test_channels_ingest.py fix(channels): offload blocking filesystem IO in inbound file ingestion (#3529) 2026-06-13 06:38:54 +08:00
test_discord_channel_state.py fix(channels): offload blocking filesystem IO in Discord channel (#3927) 2026-07-04 16:16:09 +08:00
test_dynamic_context_middleware.py fix(middleware): offload memory injection off event loop to prevent tiktoken blocking (#3402) (#3411) 2026-06-08 12:21:55 +08:00
test_gate_smoke.py feat(tests): add Blockbuster runtime gate for event-loop blocking IO (#3229) 2026-05-26 23:03:49 +08:00
test_jsonl_run_event_store.py test(runtime): add Blockbuster runtime anchor for JsonlRunEventStore async IO (#3313) 2026-05-29 23:02:41 +08:00
test_persistence_bootstrap.py feat(persistence): wire alembic migrations, bootstrap schema on startup (#3706) 2026-06-24 13:57:12 +08:00
test_persistence_engine_sqlite.py feat(persistence): wire alembic migrations, bootstrap schema on startup (#3706) 2026-06-24 13:57:12 +08:00
test_skills_install.py feat(skills): Add native SkillScan phase 1 for skills (#3033) 2026-07-07 21:44:28 +08:00
test_skills_load.py feat(tests): add Blockbuster runtime gate for event-loop blocking IO (#3229) 2026-05-26 23:03:49 +08:00
test_sqlite_lifespan.py feat(tests): add Blockbuster runtime gate for event-loop blocking IO (#3229) 2026-05-26 23:03:49 +08:00
test_uploads_middleware.py fix(agents): offload UploadsMiddleware uploads scan off the event loop (#3311) 2026-05-30 21:46:35 +08:00
test_uploads_router.py fix(gateway): offload gateway upload file IO (#3935) 2026-07-04 21:31:01 +08:00
test_wechat_channel_state.py fix(channels): offload blocking filesystem IO in Wechat channel (#3925) 2026-07-04 21:35:05 +08:00