"""``api/resource.py`` 中的脱敏纯函数。""" import pytest from kilostar.api.resource import _mask_config, _mask_secret @pytest.mark.parametrize( "value,expected", [ ("", ""), ("short", "***"), ("12345678", "***"), ("1234567890", "1234***7890"), ("a-very-long-token-string", "a-ve***ring"), (None, None), (12345, 12345), ], ) def test_mask_secret_behaviour(value, expected): assert _mask_secret(value) == expected def test_mask_config_masks_known_sensitive_keys(): raw = { "api_key": "1234567890", "TOKEN": "1234567890", "secret_value": "1234567890", "DB_PASSWORD": "1234567890", "non_sensitive": "1234567890", "extra": 42, } masked = _mask_config(raw) assert masked["api_key"] == "1234***7890" assert masked["TOKEN"] == "1234***7890" assert masked["secret_value"] == "1234***7890" assert masked["DB_PASSWORD"] == "1234***7890" assert masked["non_sensitive"] == "1234567890" assert masked["extra"] == 42 def test_mask_config_handles_empty_input(): assert _mask_config({}) == {} def test_mask_config_does_not_mutate_input(): raw = {"api_key": "1234567890", "url": "https://x"} snapshot = dict(raw) _mask_config(raw) assert raw == snapshot