jfraeysd/fetch_ml
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
fetch_ml/tests/unit/worker
History
Jeremie Fraeys 9434f4c8e6
feat(security): Artifact ingestion caps enforcement 
Add MaxArtifactFiles and MaxArtifactTotalBytes to SandboxConfig:
- Default MaxArtifactFiles: 10,000 (configurable via SecurityDefaults)
- Default MaxArtifactTotalBytes: 100GB (configurable via SecurityDefaults)
- ApplySecurityDefaults() sets defaults if not specified

Enforce caps in scanArtifacts() during directory walk:
- Returns error immediately when MaxArtifactFiles exceeded
- Returns error immediately when MaxArtifactTotalBytes exceeded
- Prevents resource exhaustion attacks from malicious artifact trees

Update all call sites to pass SandboxConfig for cap enforcement:
- Native bridge libs updated to pass caps argument
- Benchmark tests updated with nil caps (unlimited for benchmarks)
- Unit tests updated with nil caps

Closes: artifact ingestion caps items from security plan
2026-02-23 19:43:28 -05:00
..
artifacts_test.go feat(security): Artifact ingestion caps enforcement 2026-02-23 19:43:28 -05:00
config_test.go test: Reorganize and add unit tests 2026-02-18 21:28:13 -05:00
hash_bench_test.go fix: resolve undefined DirOverallSHA256HexParallel in benchmark files 2026-02-21 14:30:22 -05:00
jupyter_task_test.go refactor(worker): update worker tests and native bridge 2026-02-23 18:04:22 -05:00
prewarm_v1_test.go refactor(worker): update worker tests and native bridge 2026-02-23 18:04:22 -05:00
run_manifest_execution_test.go refactor(worker): update worker tests and native bridge 2026-02-23 18:04:22 -05:00
snapshot_stage_test.go test: expand unit/integration/e2e coverage for new worker/api behavior 2026-01-05 12:31:36 -05:00
snapshot_store_test.go test: expand unit/integration/e2e coverage for new worker/api behavior 2026-01-05 12:31:36 -05:00
worker_test.go refactor(worker): update worker tests and native bridge 2026-02-23 18:04:22 -05:00