From ac3f298f1ebd0e7d5b2e6cadac99a051e38fa2db Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 11 May 2026 00:07:43 +0000 Subject: [PATCH 1/3] Improve tests for auth package (GenerateRandomAPIKey) Add comprehensive tests for GenerateRandomAPIKey: - Validate hex encoding by decoding with encoding/hex - Verify lowercase hex charset via regex - Test uniqueness across 20 iterations - Test length consistency across repeated calls Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- internal/auth/apikey_test.go | 46 ++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/internal/auth/apikey_test.go b/internal/auth/apikey_test.go index 0f10dca1..186d0771 100644 --- a/internal/auth/apikey_test.go +++ b/internal/auth/apikey_test.go @@ -1,6 +1,8 @@ package auth_test import ( + "encoding/hex" + "regexp" "testing" "github.com/github/gh-aw-mcpg/internal/auth" @@ -22,3 +24,47 @@ func TestGenerateRandomAPIKey(t *testing.T) { require.NoError(t, err) assert.NotEqual(t, key, key2, "successive calls should produce unique keys") } + +// TestGenerateRandomAPIKey_IsValidHex verifies the returned key is a valid +// lowercase hex-encoded string that decodes to exactly 32 bytes. +func TestGenerateRandomAPIKey_IsValidHex(t *testing.T) { + key, err := auth.GenerateRandomAPIKey() + require.NoError(t, err) + + decoded, decodeErr := hex.DecodeString(key) + require.NoError(t, decodeErr, "key should be valid hex-encoded string; got %q", key) + assert.Len(t, decoded, 32, "decoded key should be 32 bytes") +} + +// TestGenerateRandomAPIKey_IsLowercaseHex verifies the key uses only lowercase +// hex characters (0-9, a-f) as produced by hex.EncodeToString. +func TestGenerateRandomAPIKey_IsLowercaseHex(t *testing.T) { + key, err := auth.GenerateRandomAPIKey() + require.NoError(t, err) + + matched, _ := regexp.MatchString(`^[0-9a-f]{64}$`, key) + assert.True(t, matched, "key should consist of exactly 64 lowercase hex chars; got %q", key) +} + +// TestGenerateRandomAPIKey_Uniqueness verifies that repeated calls produce +// distinct keys, confirming that crypto/rand entropy is used. +func TestGenerateRandomAPIKey_Uniqueness(t *testing.T) { + const n = 20 + seen := make(map[string]bool, n) + for i := 0; i < n; i++ { + key, err := auth.GenerateRandomAPIKey() + require.NoError(t, err, "call %d: GenerateRandomAPIKey() should not fail", i+1) + assert.False(t, seen[key], "call %d: generated duplicate key %q", i+1, key) + seen[key] = true + } +} + +// TestGenerateRandomAPIKey_LengthConsistency verifies that every call returns +// a key of exactly 64 characters, regardless of call order. +func TestGenerateRandomAPIKey_LengthConsistency(t *testing.T) { + for i := 0; i < 10; i++ { + key, err := auth.GenerateRandomAPIKey() + require.NoError(t, err, "call %d: GenerateRandomAPIKey() should not fail", i+1) + assert.Len(t, key, 64, "call %d: key should always be 64 characters", i+1) + } +} From 9958fd6c5878f2214ea23522ccb658b77356556d Mon Sep 17 00:00:00 2001 From: Landon Cox Date: Mon, 11 May 2026 07:38:03 -0700 Subject: [PATCH 2/3] Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- internal/auth/apikey_test.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/internal/auth/apikey_test.go b/internal/auth/apikey_test.go index 186d0771..4759967c 100644 --- a/internal/auth/apikey_test.go +++ b/internal/auth/apikey_test.go @@ -42,7 +42,8 @@ func TestGenerateRandomAPIKey_IsLowercaseHex(t *testing.T) { key, err := auth.GenerateRandomAPIKey() require.NoError(t, err) - matched, _ := regexp.MatchString(`^[0-9a-f]{64}$`, key) + matched, matchErr := regexp.MatchString(`^[0-9a-f]{64}$`, key) + require.NoError(t, matchErr) assert.True(t, matched, "key should consist of exactly 64 lowercase hex chars; got %q", key) } From 45bb5c3e4a3d8fdb94d0266a67a894d7f04200a6 Mon Sep 17 00:00:00 2001 From: Landon Cox Date: Mon, 11 May 2026 07:38:13 -0700 Subject: [PATCH 3/3] Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- internal/auth/apikey_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/auth/apikey_test.go b/internal/auth/apikey_test.go index 4759967c..c17fd81d 100644 --- a/internal/auth/apikey_test.go +++ b/internal/auth/apikey_test.go @@ -26,7 +26,7 @@ func TestGenerateRandomAPIKey(t *testing.T) { } // TestGenerateRandomAPIKey_IsValidHex verifies the returned key is a valid -// lowercase hex-encoded string that decodes to exactly 32 bytes. +// hex-encoded string that decodes to exactly 32 bytes. func TestGenerateRandomAPIKey_IsValidHex(t *testing.T) { key, err := auth.GenerateRandomAPIKey() require.NoError(t, err)