b9dfb86260
Security hardening release addressing CodeQL and Dependabot alerts: - Fix stack trace exposure in error responses - Add SSRF protection with DNS resolution checking - Implement proper URL hostname validation (replaces substring matching) - Add centralized path sanitization to prevent path traversal - Fix ReDoS vulnerability in email validation regex - Improve HTML sanitization in validation utilities - Fix capability wildcard matching in auth utilities - Update glob dependency to address CVE - Add CodeQL suppression comments for verified false positives 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
34 lines
999 B
INI
34 lines
999 B
INI
[tool:pytest]
|
|
minversion = 6.0
|
|
addopts =
|
|
-ra
|
|
--strict-markers
|
|
--strict-config
|
|
--cov=app
|
|
--cov-report=term-missing:skip-covered
|
|
--cov-report=html:htmlcov
|
|
--cov-report=xml
|
|
--cov-fail-under=80
|
|
-p no:warnings
|
|
testpaths = tests
|
|
python_files = test_*.py
|
|
python_classes = Test*
|
|
python_functions = test_*
|
|
markers =
|
|
slow: marks tests as slow
|
|
integration: marks tests as integration tests
|
|
unit: marks tests as unit tests
|
|
security: marks tests as security-focused
|
|
model_service: marks tests for model management service
|
|
groq_proxy: marks tests for groq proxy with haproxy
|
|
consul: marks tests for consul service registry
|
|
asyncio_mode = auto
|
|
env =
|
|
SECRET_KEY = test-secret-key-for-testing-only
|
|
JWT_SECRET = test-jwt-secret-for-testing-only
|
|
GROQ_API_KEY = test-groq-api-key
|
|
CONSUL_HOST = localhost
|
|
CONSUL_PORT = 8500
|
|
HAPROXY_GROQ_ENDPOINT = http://test-haproxy:8000
|
|
REDIS_URL = redis://localhost:6379/15
|
|
DEBUG = True |