Skip to content

Commit 55947a9

Browse files
claudeclaude
committed
test: filesystem chmod + ClickHouse env detection — credential security and driver coverage
Cover the ENOENT+chmod branch in Filesystem.write (credential file permissions on first run) and add ClickHouse env var detection tests missing since the ClickHouse driver was added in #574. Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]> https://claude.ai/code/session_01E1RJQ6pYP6VF3nNmWifq9b
1 parent 0d34855 commit 55947a9

File tree

2 files changed

+73
-0
lines changed

2 files changed

+73
-0
lines changed

packages/opencode/test/tool/project-scan.test.ts

Lines changed: 59 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -312,6 +312,8 @@ describe("detectEnvVars", () => {
312312
"PGHOST", "PGPORT", "PGDATABASE", "PGUSER", "PGPASSWORD", "DATABASE_URL",
313313
"MYSQL_HOST", "MYSQL_TCP_PORT", "MYSQL_DATABASE", "MYSQL_USER", "MYSQL_PASSWORD",
314314
"REDSHIFT_HOST", "REDSHIFT_PORT", "REDSHIFT_DATABASE", "REDSHIFT_USER", "REDSHIFT_PASSWORD",
315+
"CLICKHOUSE_HOST", "CLICKHOUSE_PORT", "CLICKHOUSE_DB", "CLICKHOUSE_DATABASE",
316+
"CLICKHOUSE_USER", "CLICKHOUSE_USERNAME", "CLICKHOUSE_PASSWORD", "CLICKHOUSE_URL",
315317
]
316318
for (const v of vars) {
317319
delete process.env[v]
@@ -554,6 +556,63 @@ describe("detectEnvVars", () => {
554556
expect(conn.name).toBe(`env_${conn.type}`)
555557
}
556558
})
559+
560+
test("detects ClickHouse via CLICKHOUSE_HOST", async () => {
561+
clearWarehouseEnvVars()
562+
process.env.CLICKHOUSE_HOST = "clickhouse.example.com"
563+
process.env.CLICKHOUSE_PORT = "8443"
564+
process.env.CLICKHOUSE_DB = "analytics"
565+
process.env.CLICKHOUSE_USER = "default"
566+
process.env.CLICKHOUSE_PASSWORD = "secret"
567+
568+
const result = await detectEnvVars()
569+
const ch = result.find((r) => r.type === "clickhouse")
570+
expect(ch).toBeDefined()
571+
expect(ch!.name).toBe("env_clickhouse")
572+
expect(ch!.source).toBe("env-var")
573+
expect(ch!.signal).toBe("CLICKHOUSE_HOST")
574+
expect(ch!.config.host).toBe("clickhouse.example.com")
575+
expect(ch!.config.port).toBe("8443")
576+
expect(ch!.config.database).toBe("analytics")
577+
expect(ch!.config.user).toBe("default")
578+
expect(ch!.config.password).toBe("***")
579+
})
580+
581+
test("detects ClickHouse via CLICKHOUSE_URL", async () => {
582+
clearWarehouseEnvVars()
583+
process.env.CLICKHOUSE_URL = "https://clickhouse.example.com:8443"
584+
585+
const result = await detectEnvVars()
586+
const ch = result.find((r) => r.type === "clickhouse")
587+
expect(ch).toBeDefined()
588+
expect(ch!.name).toBe("env_clickhouse")
589+
expect(ch!.source).toBe("env-var")
590+
expect(ch!.signal).toBe("CLICKHOUSE_URL")
591+
expect(ch!.config.connection_string).toBe("***")
592+
})
593+
594+
test("detects ClickHouse via DATABASE_URL with clickhouse scheme", async () => {
595+
clearWarehouseEnvVars()
596+
process.env.DATABASE_URL = "clickhouse://user:pass@host:8123/db"
597+
598+
const result = await detectEnvVars()
599+
const ch = result.find((r) => r.type === "clickhouse")
600+
expect(ch).toBeDefined()
601+
expect(ch!.signal).toBe("DATABASE_URL")
602+
expect(ch!.config.connection_string).toBe("***")
603+
})
604+
605+
test("detects ClickHouse via DATABASE_URL with clickhouse+https scheme", async () => {
606+
clearWarehouseEnvVars()
607+
process.env.DATABASE_URL = "clickhouse+https://user:pass@host:8443/db"
608+
609+
const result = await detectEnvVars()
610+
const ch = result.find((r) => r.type === "clickhouse")
611+
expect(ch).toBeDefined()
612+
expect(ch!.name).toBe("env_clickhouse")
613+
expect(ch!.signal).toBe("DATABASE_URL")
614+
expect(ch!.config.connection_string).toBe("***")
615+
})
557616
})
558617

559618
// ---------------------------------------------------------------------------

packages/opencode/test/util/filesystem.test.ts

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -217,6 +217,20 @@ describe("filesystem", () => {
217217

218218
expect(await fs.readFile(filepath, "utf-8")).toBe(content)
219219
})
220+
221+
test("writes with permissions when parent directory does not exist", async () => {
222+
await using tmp = await tmpdir()
223+
const filepath = path.join(tmp.path, "new-parent", "nested", "secret.json")
224+
225+
await Filesystem.write(filepath, '{"key":"value"}', 0o600)
226+
227+
const content = await fs.readFile(filepath, "utf-8")
228+
expect(content).toBe('{"key":"value"}')
229+
const stats = await fs.stat(filepath)
230+
if (process.platform !== "win32") {
231+
expect(stats.mode & 0o777).toBe(0o600)
232+
}
233+
})
220234
})
221235

222236
describe("writeJson()", () => {

0 commit comments

Comments
 (0)