fix(security): classify public MCP aggregate readback
This commit is contained in:
@@ -146,6 +146,7 @@ def test_public_federation_route_is_anonymous_aggregate_only(monkeypatch):
|
||||
from flask import Flask
|
||||
from routes import system_public_routes as routes
|
||||
from services import external_mcp_rag_integration_service as service
|
||||
from services.http_access_policy_service import INTENTIONALLY_PUBLIC_ENDPOINTS
|
||||
|
||||
monkeypatch.setattr(service, "build_public_mcp_federation_receipt", lambda **_: {
|
||||
"success": True,
|
||||
@@ -170,3 +171,7 @@ def test_public_federation_route_is_anonymous_aggregate_only(monkeypatch):
|
||||
"ewoooc",
|
||||
"momo-pro-system",
|
||||
}
|
||||
assert (
|
||||
"system_public.public_mcp_federation_readback_api"
|
||||
in INTENTIONALLY_PUBLIC_ENDPOINTS
|
||||
)
|
||||
|
||||
@@ -38,7 +38,7 @@ def test_security_governance_review_is_honest_and_release_gate_passes():
|
||||
access = checks["PR.AA-route-access-control"]["evidence"]
|
||||
assert access["mutating_unguarded_count"] == 0
|
||||
assert access["unclassified_unguarded_count"] == 0
|
||||
assert access["unguarded_count"] == 7
|
||||
assert access["unguarded_count"] == 8
|
||||
dependencies = checks["ID.RA-dependency-vulnerability-management"]["evidence"]
|
||||
assert dependencies["sbom_files"] == []
|
||||
supply = checks["GV.SC-gitea-only-supply-chain"]
|
||||
|
||||
Reference in New Issue
Block a user