coulomb/markitect-main
2
0
Fork 0
Code Issues 60 Pull Requests Actions 1 Projects 12 Releases 1 Wiki Activity

Expand FileValidator.SAFE_EXTENSIONS for better test flexibility #161

New Issue
Open
opened 2025-10-14 22:07:07 +00:00 by tegwick · 0 comments
tegwick commented 2025-10-14 22:07:07 +00:00
Owner
Copy Link

Problem

Tests fail when using common file extensions like '.dat' because FileValidator.SAFE_EXTENSIONS has a limited whitelist. This makes test data creation restrictive and can block legitimate use cases.

Evidence

  • tests/test_issue_144_integration_workflow.py:504 had to change from .dat to .txt files
  • FileValidator.SAFE_EXTENSIONS only includes: '.md', '.mdx', '.txt', '.json', '.yaml', '.yml', '.png', '.jpg', '.jpeg', '.gif', '.svg', '.webp', '.pdf', '.zip', '.tar', '.gz'
  • Many legitimate file types are rejected

Impact

  • Test authors must use specific extensions, reducing test realism
  • Users might be blocked from importing legitimate file types
  • Creates unnecessary friction in testing workflows

Proposed Solution

Option A (Recommended): Make FileValidator configurable

Option B: Expand the default SAFE_EXTENSIONS list

  • Add common data/test extensions: '.dat', '.bin', '.tmp', '.test'
  • Add more document types: '.docx', '.xlsx', '.pptx', '.odt'

Option C: Add test-specific override mechanism

Benefits

  • More flexible testing without compromising security
  • Better user experience for legitimate file types
  • Configurable security policy per use case

Files Affected

  • markitect/assets/utils.py:FileValidator class
  • Tests that need broader file type support

Priority

Low - Quality of life improvement for testing and development

## Problem Tests fail when using common file extensions like '.dat' because FileValidator.SAFE_EXTENSIONS has a limited whitelist. This makes test data creation restrictive and can block legitimate use cases. ## Evidence - tests/test_issue_144_integration_workflow.py:504 had to change from .dat to .txt files - FileValidator.SAFE_EXTENSIONS only includes: '.md', '.mdx', '.txt', '.json', '.yaml', '.yml', '.png', '.jpg', '.jpeg', '.gif', '.svg', '.webp', '.pdf', '.zip', '.tar', '.gz' - Many legitimate file types are rejected ## Impact - Test authors must use specific extensions, reducing test realism - Users might be blocked from importing legitimate file types - Creates unnecessary friction in testing workflows ## Proposed Solution **Option A (Recommended)**: Make FileValidator configurable **Option B**: Expand the default SAFE_EXTENSIONS list - Add common data/test extensions: '.dat', '.bin', '.tmp', '.test' - Add more document types: '.docx', '.xlsx', '.pptx', '.odt' **Option C**: Add test-specific override mechanism ## Benefits - More flexible testing without compromising security - Better user experience for legitimate file types - Configurable security policy per use case ## Files Affected - markitect/assets/utils.py:FileValidator class - Tests that need broader file type support ## Priority Low - Quality of life improvement for testing and development
tegwick added this to the Images And File Attachments project 2025-10-14 22:21:06 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
priority:critical
Critical priority issue
 priority:high
High priority issue
 priority:low
Low priority issue
 priority:medium
Medium priority issue
 status:active
Issues currently being worked on
 status:blocked
Issues blocked by dependencies
 status:done
Completed issues
 status:review
Issues under review
 status:todo
Issues ready to be worked on
 type:bug
Bug report
 type:documentation
Documentation update
 type:enhancement
Enhancement to existing feature
 type:feature
New feature request
 wish
Feature wishlist item - idea to be discussed and refined
 wish/archived
Archived or rejected wishlist item
 wish/discussion
Wishlist item currently being discussed and refined
 wish/draft
Wishlist item with initial draft specification
 wish/ready
Wishlist item ready to become a regular issue
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project Images And File Attachments
Assignees
Clear assignees
bubble-reader tegwick
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: coulomb/markitect-main#161
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?