apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-27 20:29:39 +02:00
Code Issues Projects Releases Packages Wiki Activity

Python fp and docs updtes (#58)

Browse source 
* refactor: Update comments for clarity and add expectations.json files for performance metrics

* feat: Implement FP guard for JS/TS local-collection receivers to suppress missing ownership checks

* feat: Enhance Rust parameter handling to classify local collections and prevent false ownership checks

* refactor: Simplify code formatting for better readability in multiple files

* refactor: Improve UTF-8 sequence length handling and enhance clarity in loop iteration

* feat: Update Java and Python patterns to include new security rules

* refactor: Improve comment clarity and consistency across multiple Rust files

* refactor: Simplify code formatting for improved readability in integration tests and module files

* refactor: Improve comment formatting and enhance clarity in assertions across multiple files
This commit is contained in:
Eli Peter 2026-04-29 19:53:34 -04:00 committed by GitHub
parent 4db0805de6
commit a438886217
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
291 changed files with 9485 additions and 3851 deletions
Download patch file Download diff file Expand all files Collapse all files

8
tests/auth_analysis_tests.rs
View file

@ -649,7 +649,7 @@ fn hashmap_local_noise_is_clean() {
#[test]
fn row_ownership_equality_is_clean() {
// `if owner_id != user.id { return ... }` is a row-level
// ownership check both the row-fetching call and any downstream
// ownership check, both the row-fetching call and any downstream
// uses of the row's fields should be considered authorized.
assert_absent(
"row_ownership_equality.rs",
@ -670,7 +670,7 @@ fn row_ownership_no_early_exit_flags() {
#[test]
fn helper_scoped_params_is_clean() {
// A library helper whose internal work is `result.insert(..)`
// on a locally-constructed HashSet is not a sink the call is
// on a locally-constructed HashSet is not a sink, the call is
// classified as non-sink because the receiver is the locally-bound
// collection.
assert_absent("helper_scoped_params.rs", "rs.auth.missing_ownership_check");
@ -688,7 +688,7 @@ fn self_scoped_user_is_clean() {
fn true_positive_missing_check_flags() {
// Positive control: an authenticated handler that deletes a doc
// and publishes against a group without any ownership/membership
// check must still flag.
// check, must still flag.
assert_has(
"true_positive_missing_check.rs",
"rs.auth.missing_ownership_check",
@ -763,7 +763,7 @@ fn db_connection_type_inferred_is_clean() {
// inferred as a `DatabaseConnection` via SSA `constructor_type`
// (through `peel_identity_suffix`). The handler logs the caller's
// own id; no foreign scoped id reaches the sink, so the ownership
// gate has nothing to flag the type-facts refinement must not
// gate has nothing to flag, the type-facts refinement must not
// introduce a false positive here.
assert_absent(
"db_connection_type_inferred.rs",