mathias/gitea-mcp
1
0
Fork 0
Code Issues 6 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9013c8ff9cd1d7b5848e8e6bd5bdd4a30a049991
gitea-mcp/internal/tools/repo_search_test.go
Mathias Bergqvist 61cce37ff5 feat(tools): repo_search with allowlist post-filter 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-04 22:44:44 +02:00

62 lines
2.4 KiB
Go
Raw Blame History

package tools_test
import (
"context"
"encoding/json"
"errors"
"net/http"
"net/http/httptest"
"testing"
"gitea.d-ma.be/mathias/gitea-mcp/internal/allowlist"
"gitea.d-ma.be/mathias/gitea-mcp/internal/gitea"
"gitea.d-ma.be/mathias/gitea-mcp/internal/tools"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestRepoSearchWithOwner(t *testing.T) {
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
assert.Equal(t, "/api/v1/repos/search", r.URL.Path)
assert.Equal(t, "infra", r.URL.Query().Get("q"))
assert.Equal(t, "mathias", r.URL.Query().Get("owner"))
w.Header().Set("Content-Type", "application/json")
_, _ = w.Write([]byte(`{"data":[{"name":"infra","full_name":"mathias/infra","default_branch":"main"}],"ok":true}`))
}))
defer srv.Close()
tool := tools.NewRepoSearch(gitea.NewClient(srv.URL, "tok"), allowlist.New([]string{"mathias"}))
out, err := tool.Call(context.Background(), json.RawMessage(`{"q":"infra","owner":"mathias"}`))
require.NoError(t, err)
assert.Contains(t, string(out), `"full_name":"mathias/infra"`)
}
func TestRepoSearchPostFiltersWithoutOwner(t *testing.T) {
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// No owner param expected when owner is empty
assert.Empty(t, r.URL.Query().Get("owner"))
w.Header().Set("Content-Type", "application/json")
_, _ = w.Write([]byte(`{"data":[{"name":"x","full_name":"mathias/x"},{"name":"y","full_name":"evil/y"}],"ok":true}`))
}))
defer srv.Close()
tool := tools.NewRepoSearch(gitea.NewClient(srv.URL, "tok"), allowlist.New([]string{"mathias"}))
out, err := tool.Call(context.Background(), json.RawMessage(`{"q":"x"}`))
require.NoError(t, err)
assert.Contains(t, string(out), `"mathias/x"`)
assert.NotContains(t, string(out), `"evil/y"`)
}
func TestRepoSearchAllowlistRejectsExplicitOwner(t *testing.T) {
tool := tools.NewRepoSearch(gitea.NewClient("http://unused", ""), allowlist.New([]string{"mathias"}))
_, err := tool.Call(context.Background(), json.RawMessage(`{"q":"infra","owner":"evil"}`))
require.Error(t, err)
}
func TestRepoSearchRequiresQ(t *testing.T) {
tool := tools.NewRepoSearch(gitea.NewClient("http://unused", ""), allowlist.New([]string{"mathias"}))
_, err := tool.Call(context.Background(), json.RawMessage(`{}`))
require.Error(t, err)
assert.True(t, errors.Is(err, gitea.ErrValidation))
}
Reference in New Issue View Git Blame Copy Permalink