DOCTOR IMPROVEMENTS: visual improvements/grouping + add comprehensive tests + fix gosec warnings (#656)
* test(doctor): add comprehensive tests for fix and check functions Add edge case tests, e2e tests, and improve test coverage for: - database_test.go: database integrity and sync checks - git_test.go: git hooks, merge driver, sync branch tests - gitignore_test.go: gitignore validation - prefix_test.go: ID prefix handling - fix/fix_test.go: fix operations - fix/e2e_test.go: end-to-end fix scenarios - fix/fix_edge_cases_test.go: edge case handling * docs: add testing philosophy and anti-patterns guide - Create TESTING_PHILOSOPHY.md covering test pyramid, priority matrix, what NOT to test, and 5 anti-patterns with code examples - Add cross-reference from README_TESTING.md - Document beads-specific guidance (well-covered areas vs gaps) - Include target metrics (test-to-code ratio, execution time targets) * chore: revert .beads/ to upstream/main state * refactor(doctor): add category grouping and Ayu theme colors - Add Category field to DoctorCheck for organizing checks by type - Define category constants: Core, Git, Runtime, Data, Integration, Metadata - Update thanks command to use shared Ayu color palette from internal/ui - Simplify test fixtures by removing redundant test cases * fix(doctor): prevent test fork bomb and fix test failures - Add ErrTestBinary guard in getBdBinary() to prevent tests from recursively executing the test binary when calling bd subcommands - Update claude_test.go to use new check names (CLI Availability, Prime Documentation) - Fix syncbranch test path comparison by resolving symlinks (/var vs /private/var on macOS) - Fix permissions check to use exact comparison instead of bitmask - Fix UntrackedJSONL to use git commit --only to preserve staged changes - Fix MergeDriver edge case test by making both .git dir and config read-only - Add skipIfTestBinary helper for E2E tests that need real bd binary * test(doctor): skip read-only config test in CI environments GitHub Actions containers may have CAP_DAC_OVERRIDE or similar capabilities that allow writing to read-only files, causing the test to fail. Skip the test when CI=true or GITHUB_ACTIONS=true.
This commit is contained in:
Ryan
GitHub
@@ -8,8 +8,13 @@ import (
|
||||
"strings"
|
||||
)
|
||||
|
||||
// ErrTestBinary is returned when getBdBinary detects it's running as a test binary.
|
||||
// This prevents fork bombs when tests call functions that execute bd subcommands.
|
||||
var ErrTestBinary = fmt.Errorf("running as test binary - cannot execute bd subcommands")
|
||||
|
||||
// getBdBinary returns the path to the bd binary to use for fix operations.
|
||||
// It prefers the current executable to avoid command injection attacks.
|
||||
// Returns ErrTestBinary if running as a test binary to prevent fork bombs.
|
||||
func getBdBinary() (string, error) {
|
||||
// Prefer current executable for security
|
||||
exe, err := os.Executable()
|
||||
@@ -17,8 +22,16 @@ func getBdBinary() (string, error) {
|
||||
// Resolve symlinks to get the real binary path
|
||||
realPath, err := filepath.EvalSymlinks(exe)
|
||||
if err == nil {
|
||||
return realPath, nil
|
||||
exe = realPath
|
||||
}
|
||||
|
||||
// Check if we're running as a test binary - this prevents fork bombs
|
||||
// when tests call functions that execute bd subcommands
|
||||
baseName := filepath.Base(exe)
|
||||
if strings.HasSuffix(baseName, ".test") || strings.Contains(baseName, ".test.") {
|
||||
return "", ErrTestBinary
|
||||
}
|
||||
|
||||
return exe, nil
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user