fix(security): resolve TLS inventory in runtime image

This commit is contained in:
ogt
2026-07-14 20:13:12 +08:00
parent 89cbc292da
commit 0e28fbc1dc
2 changed files with 31 additions and 3 deletions

View File

@@ -2,6 +2,7 @@ from __future__ import annotations
import asyncio
import json
from pathlib import Path
from src.jobs import asset_scanner_job
@@ -609,6 +610,17 @@ def test_domain_tls_inventory_projects_fingerprints_without_raw_paths() -> None:
assert "privkey.pem" not in public_text
def test_domain_tls_inventory_candidates_support_shallow_runtime_paths() -> None:
candidates = asset_scanner_job._domain_tls_inventory_candidates(
cwd=Path("/runtime"),
source_path=Path("/app/src/jobs/asset_scanner_job.py"),
)
assert Path(
"/app/docs/security/domain-tls-certbot-inventory.snapshot.json"
) in candidates
def test_public_tls_expiry_classification_is_conservative() -> None:
now_epoch = 1_700_000_000.0