objectiveai-sdk 2.0.6

ObjectiveAI SDK, definitions, and utilities
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105

use super::{WhitelistEntry, check_plugin_whitelist, default_whitelist};

#[test]
fn default_whitelist_passes_objectiveai_owner() {
    let wl = default_whitelist();
    let ok = check_plugin_whitelist("ObjectiveAI", "anything", "anysha", "0.1.0", &wl).unwrap();
    assert!(ok);
}

#[test]
fn default_whitelist_rejects_other_owners() {
    let wl = default_whitelist();
    let ok = check_plugin_whitelist("evil-org", "anything", "anysha", "0.1.0", &wl).unwrap();
    assert!(!ok);
}

#[test]
fn default_whitelist_is_case_insensitive() {
    let wl = default_whitelist();
    for owner in ["objectiveai", "OBJECTIVEAI", "ObJeCtIvEaI", "ObjectiveAI"] {
        let ok = check_plugin_whitelist(owner, "anything", "anysha", "0.1.0", &wl).unwrap();
        assert!(ok, "expected case-insensitive match for {owner:?}");
    }
}

#[test]
fn anchored_pattern_does_not_partial_match() {
    let wl = vec![WhitelistEntry {
        owner: "Object".to_string(),
        repository: ".*".to_string(),
        commit_sha: ".*".to_string(),
        version: ".*".to_string(),
    }];
    let ok = check_plugin_whitelist("ObjectAttacker", "x", "x", "x", &wl).unwrap();
    assert!(!ok, "anchored `^Object$` must not match `ObjectAttacker`");
}

#[test]
fn anchored_pattern_does_not_match_prefix() {
    let wl = vec![WhitelistEntry {
        owner: ".*Owner".to_string(),
        repository: ".*".to_string(),
        commit_sha: ".*".to_string(),
        version: ".*".to_string(),
    }];
    let ok = check_plugin_whitelist("FakeOwnerExtra", "x", "x", "x", &wl).unwrap();
    assert!(!ok, "anchored `^.*Owner$` must not match `FakeOwnerExtra`");
}

#[test]
fn multiple_entries_or_semantics() {
    let wl = vec![
        WhitelistEntry {
            owner: "ObjectiveAI".to_string(),
            repository: ".*".to_string(),
            commit_sha: ".*".to_string(),
            version: ".*".to_string(),
        },
        WhitelistEntry {
            owner: "TrustedCorp".to_string(),
            repository: ".*".to_string(),
            commit_sha: ".*".to_string(),
            version: ".*".to_string(),
        },
    ];
    let ok = check_plugin_whitelist("TrustedCorp", "any", "any", "any", &wl).unwrap();
    assert!(ok, "any matching entry should allow the install");
}

#[test]
fn empty_whitelist_rejects_everything() {
    let ok = check_plugin_whitelist("ObjectiveAI", "anything", "anysha", "0.1.0", &[]).unwrap();
    assert!(!ok);
}

#[test]
fn invalid_regex_returns_error() {
    let wl = vec![WhitelistEntry {
        owner: "[invalid".to_string(),
        repository: ".*".to_string(),
        commit_sha: ".*".to_string(),
        version: ".*".to_string(),
    }];
    let result = check_plugin_whitelist("ObjectiveAI", "x", "x", "x", &wl);
    assert!(result.is_err(), "expected regex compile error");
}

#[test]
fn all_four_fields_must_match() {
    let wl = vec![WhitelistEntry {
        owner: "ObjectiveAI".to_string(),
        repository: "approved-repo".to_string(),
        commit_sha: "abc123".to_string(),
        version: "1\\.0\\.0".to_string(),
    }];

    // All match → ok
    assert!(check_plugin_whitelist("ObjectiveAI", "approved-repo", "abc123", "1.0.0", &wl).unwrap());

    // Single mismatch → reject
    assert!(!check_plugin_whitelist("ObjectiveAI", "approved-repo", "abc123", "2.0.0", &wl).unwrap());
    assert!(!check_plugin_whitelist("ObjectiveAI", "approved-repo", "deadbe", "1.0.0", &wl).unwrap());
    assert!(!check_plugin_whitelist("ObjectiveAI", "other-repo", "abc123", "1.0.0", &wl).unwrap());
    assert!(!check_plugin_whitelist("Other", "approved-repo", "abc123", "1.0.0", &wl).unwrap());
}