mimic

knacky/mimic

Fork 0

Commit Graph

Author	SHA1	Message	Date
Knacky	3725d4415e	chore: code-review cleanups (NITs + filename defense-in-depth test) - NIT-1: remove dead _technique_names() and _technique_ids() helpers (no callers) - NIT-2: rename engagement → _engagement in render_engagement_csv signature - NIT-4: remove duplicate inline User import in test_export_csv_escapes_special_characters - NIT-5: add comment on _CSV_FORMULA_TRIGGERS explaining \t and \r inclusion - REUSE: replace custom _html_escape with stdlib html.escape (quote=True default) - Remove now-unnecessary type: ignore comments on weasyprint (stubs resolve cleanly) - Add test_export_filename_never_contains_quote_or_crlf defense-in-depth test Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-06-08 18:23:39 +02:00
Knacky	5471c8fd89	test: add export endpoint + render unit tests (226 → 249 passing) - test_export_engagement.py: 13 endpoint tests — RBAC (admin/redteam ok, SOC 403, 401 unauthenticated), CSV column contract, CSV special char escaping, PDF magic bytes, 400 on missing/unknown format, 404 on missing engagement, zero-simulations edge case, filename slugification. - test_export_render.py: 10 unit tests on pure render functions — header fields, simulation order, techniques/tactics enrichment, SOC fields always rendered, backtick safety in commands, CSV header row, multi-technique pipe join, PDF magic bytes, MITRE bundle not loaded does not crash. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-06-08 17:57:40 +02:00

Author

SHA1

Message

Date

Knacky

3725d4415e

chore: code-review cleanups (NITs + filename defense-in-depth test)

- NIT-1: remove dead _technique_names() and _technique_ids() helpers (no callers)
- NIT-2: rename engagement → _engagement in render_engagement_csv signature
- NIT-4: remove duplicate inline User import in test_export_csv_escapes_special_characters
- NIT-5: add comment on _CSV_FORMULA_TRIGGERS explaining \t and \r inclusion
- REUSE: replace custom _html_escape with stdlib html.escape (quote=True default)
- Remove now-unnecessary type: ignore comments on weasyprint (stubs resolve cleanly)
- Add test_export_filename_never_contains_quote_or_crlf defense-in-depth test

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-06-08 18:23:39 +02:00

Knacky

5471c8fd89

test: add export endpoint + render unit tests (226 → 249 passing)

- test_export_engagement.py: 13 endpoint tests — RBAC (admin/redteam ok, SOC 403,
  401 unauthenticated), CSV column contract, CSV special char escaping, PDF magic bytes,
  400 on missing/unknown format, 404 on missing engagement, zero-simulations edge case,
  filename slugification.
- test_export_render.py: 10 unit tests on pure render functions — header fields,
  simulation order, techniques/tactics enrichment, SOC fields always rendered,
  backtick safety in commands, CSV header row, multi-technique pipe join, PDF magic
  bytes, MITRE bundle not loaded does not crash.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-06-08 17:57:40 +02:00

2 Commits