Peter Woolery
56fc58b843
device-id, location-id, wifi-ssid, and wifi-password were interpolated directly into the NVS partition CSV. A value containing comma, double quote, CR, or LF would split the field/row and silently provision the wrong NVS keys — easiest concrete failure: a Wi-Fi password containing a comma. Validate operator-supplied strings before generating the CSV. Add an empty tools/__init__.py so the regression tests can import the helper as 'tools.flash_device' (matches the existing 'server.*' test pattern). Found via adversarial review (run 2026-05-01-192928, gpt-5.5 reviewer). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
18 lines
653 B
Python
18 lines
653 B
Python
import pytest
|
|
|
|
from tools.flash_device import _reject_csv_metacharacters
|
|
|
|
|
|
def test_clean_value_accepted():
|
|
"""A value with no metacharacters should pass without exiting."""
|
|
_reject_csv_metacharacters("device-id", "dc-0042")
|
|
_reject_csv_metacharacters("location-id", "retailer-123")
|
|
_reject_csv_metacharacters("wifi-ssid", "StoreWiFi-2.4GHz")
|
|
_reject_csv_metacharacters("wifi-password", "p@ssw0rd!~#$%^&*()_+-=:;<>?/")
|
|
|
|
|
|
@pytest.mark.parametrize("bad", ["Home,Network", 'pa"ss', "ssid\nfoo", "name\rbar"])
|
|
def test_metacharacter_rejected(bad):
|
|
with pytest.raises(SystemExit):
|
|
_reject_csv_metacharacters("wifi-ssid", bad)
|