Summary of What Needs to be Done:
backend/secuscan/parser_sandbox.py contains two testable units: _sanitised_env (which returns a minimal environment dict with credentials stripped) and run_parser_in_sandbox (the main sandboxed execution function). Both currently lack dedicated unit tests.
Changes that Need to be Made:
- Add testing/backend/unit/test_parser_sandbox.py
- Test _sanitised_env: retains PATH, PYTHONPATH, HOME, TEMP; strips API keys and secrets
- Test run_parser_in_sandbox: parser.py not found raises ParserSandboxError; timeout path; oversized output path; non-zero exit code path; non-JSON output path; success path with mocked subprocess
- Mock subprocess.Popen to isolate tests from actual subprocess spawning
- Patch os.environ to verify credential stripping behavior
Impact that it would Provide:
- Ensures secrets are never leaked to plugin parser subprocesses
- Validates sandbox boundaries (timeout, output size, exit code handling)
- Enables CI without requiring real plugin parser files
Note: This task is being handled by tmdeveloper007 — please assign to that account when picking it up.
Summary of What Needs to be Done:
backend/secuscan/parser_sandbox.py contains two testable units: _sanitised_env (which returns a minimal environment dict with credentials stripped) and run_parser_in_sandbox (the main sandboxed execution function). Both currently lack dedicated unit tests.
Changes that Need to be Made:
Impact that it would Provide:
Note: This task is being handled by tmdeveloper007 — please assign to that account when picking it up.