mirror of
https://github.com/github/spec-kit.git
synced 2026-07-03 12:28:06 +08:00
Address code review: fix import style and rename local aliases
Agent-Logs-Url: https://github.com/github/spec-kit/sessions/9fb9a8ea-0967-4baf-b95c-7101e423ff58 Co-authored-by: mnriem <15701806+mnriem@users.noreply.github.com>
This commit is contained in:
committed by
GitHub
parent
a434e5a8ed
commit
b37f117cf9
@@ -4321,14 +4321,14 @@ def extension_update(
|
||||
try:
|
||||
# 6. Validate extension ID from archive BEFORE modifying installation
|
||||
# Handle both root-level and nested extension.yml (GitHub auto-generated archives)
|
||||
from .extensions import _detect_archive_format as _det_fmt_upd
|
||||
import tarfile as _tarfile_upd
|
||||
archive_fmt_upd = _det_fmt_upd(str(zip_path))
|
||||
from .extensions import _detect_archive_format as _ext_det_fmt
|
||||
import tarfile as _tarfile
|
||||
archive_fmt = _ext_det_fmt(str(zip_path))
|
||||
import yaml
|
||||
manifest_data = None
|
||||
|
||||
if archive_fmt_upd == "tar.gz":
|
||||
with _tarfile_upd.open(zip_path, "r:gz") as tf:
|
||||
if archive_fmt == "tar.gz":
|
||||
with _tarfile.open(zip_path, "r:gz") as tf:
|
||||
# First try root-level extension.yml
|
||||
try:
|
||||
m = tf.getmember("extension.yml")
|
||||
@@ -5009,7 +5009,6 @@ def workflow_add(
|
||||
from urllib.parse import urlparse
|
||||
from urllib.request import urlopen # noqa: S310
|
||||
from .extensions import _detect_archive_format as _wf_det_fmt
|
||||
import tarfile as _wf_tarfile
|
||||
|
||||
parsed_src = urlparse(source)
|
||||
src_host = parsed_src.hostname or ""
|
||||
|
||||
@@ -1103,9 +1103,9 @@ class TestInstallFromTarball:
|
||||
def test_install_from_tar_gz_no_manifest(self, project_dir, temp_dir):
|
||||
"""install_from_zip raises ValidationError when tarball has no extension.yml."""
|
||||
import tarfile
|
||||
import io
|
||||
archive = temp_dir / "bad.tar.gz"
|
||||
with tarfile.open(archive, "w:gz") as tf:
|
||||
import io
|
||||
data = b"no manifest here"
|
||||
info = tarfile.TarInfo(name="readme.txt")
|
||||
info.size = len(data)
|
||||
@@ -1117,7 +1117,8 @@ class TestInstallFromTarball:
|
||||
|
||||
def test_install_from_tar_gz_rejects_path_traversal(self, project_dir, temp_dir):
|
||||
"""install_from_zip must reject tarballs with path traversal entries."""
|
||||
import tarfile, io
|
||||
import tarfile
|
||||
import io
|
||||
archive = temp_dir / "evil.tar.gz"
|
||||
with tarfile.open(archive, "w:gz") as tf:
|
||||
info = tarfile.TarInfo(name="../../evil.txt")
|
||||
|
||||
@@ -691,7 +691,8 @@ class TestPresetManager:
|
||||
|
||||
def test_install_from_tar_gz_no_manifest(self, project_dir, temp_dir):
|
||||
"""Test installing a preset from a .tar.gz without preset.yml raises error."""
|
||||
import tarfile, io
|
||||
import tarfile
|
||||
import io
|
||||
archive = temp_dir / "bad.tar.gz"
|
||||
with tarfile.open(archive, "w:gz") as tf:
|
||||
data = b"no manifest here"
|
||||
@@ -705,7 +706,8 @@ class TestPresetManager:
|
||||
|
||||
def test_install_from_tar_gz_rejects_path_traversal(self, project_dir, temp_dir):
|
||||
"""install_from_zip must reject tarballs with path traversal entries."""
|
||||
import tarfile, io
|
||||
import tarfile
|
||||
import io
|
||||
archive = temp_dir / "evil.tar.gz"
|
||||
with tarfile.open(archive, "w:gz") as tf:
|
||||
info = tarfile.TarInfo(name="../../evil.txt")
|
||||
|
||||
Reference in New Issue
Block a user