test(strict,cascade): pin documented enforcement limits and audit coverage gaps#1485
Open
dimitri-yatsenko wants to merge 1 commit into
Open
test(strict,cascade): pin documented enforcement limits and audit coverage gaps#1485dimitri-yatsenko wants to merge 1 commit into
dimitri-yatsenko wants to merge 1 commit into
Conversation
…erage gaps Locks the behaviors the post-2.3 audit verified, so regressions in either direction — a documented bypass silently closing, or a blocking path silently opening — become visible. test_strict_provenance_limits.py: len/bool and query-expression 'in' bypass (documented); CLASS-form 'in' RAISES (gated __iter__); restriction-by-table bypasses; join with undeclared operand RAISES (the one gated read path, previously untested); Aggregation __len__ bypasses while its fetch RAISES; delete_quick ungated (documented); INSERT...SELECT skips per-row key consistency (documented exception); self.upstream[SelfPart] raises while direct self.PartName read is allowed; context cleared after raising make(); nested push/pop token restore. test_cascade_integrity.py: enforce post-check raises 'before its master' AND rolls back; empty-materialization sentinel previews master at 0 and deletes cleanly; U3 upward arm with SECONDARY -> master FK restricts only the correct master (bare proj() would restrict both). Also corrects the provenance.py module docstring (audit item B6): context is pushed/popped inside _populate_one in whichever process/thread runs make() — the old across-threads/fork-inheritance rationale was inaccurate. Behavior unchanged. New files only — no conflicts with the open #1480/#1484 branches.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Final piece of the post-2.3 audit remediation (companions: #1480 update1 gate, #1484 cascade fix, datajoint/datajoint-docs#195 docs batch). These tests lock the documented best-effort limits of
strict_provenanceand the untested cascade part-integrity paths — so a regression in either direction (a documented bypass silently closing, or a blocking path silently opening) becomes visible.test_strict_provenance_limits.py— the read/write-gate surface, empirically pinnedmake())len(Undeclared & key),bool(Undeclared & c){...} in (Undeclared & r)(query-expr form){...} in Undeclared(class form)__iter__routes through the gated cursor (real asymmetry, now locked)(Ancestor & Undeclared).fetch()restriction-by-table(Undeclared * Ancestor).fetch()joinlen(dj.U(...).aggr(Undeclared, ...)).fetch()RAISESdelete_quick()on another/undeclared tableself.insert(<QueryExpression>)self.upstream[SelfPart]vsself.PartNamereadmake(); nested push/pop token restoretest_cascade_integrity.py"before its master"and rolls back completely (previously only thePart.deletepre-guard had a test).-> masterFK —proj(*attr_map.keys())correctly restricts only the right master; a bareproj()would have restricted both (assertion distinguishes the exact fix(#1429): cascade through FK chain for part_integrity="cascade" #1468 code path).Also
provenance.pymodule docstring (audit item B6): context is pushed/popped inside_populate_onein whichever process/thread runs themake()— the old "inherits at fork time / across threads" rationale was inaccurate (behavior unchanged).New files only — no conflicts with the #1480/#1484 branches. All 12 new tests green locally on MySQL + PostgreSQL; existing strict suite unaffected (8/8).
Note: the schema in the read-limits test gives
Undeclaredan FK from the declared ancestor so the semijoin probe has shared attribute lineage (semantic matching requires it) whileUndeclaredstays outside the allowed set — a descendant, not an ancestor.