From 8cf60bfb1f734fd724338c1b9786a17991ad6002 Mon Sep 17 00:00:00 2001 From: overtrue Date: Fri, 3 Apr 2026 14:05:22 +0800 Subject: [PATCH 1/2] test(phase-4): cover cors parser edge cases --- crates/cli/src/commands/cors.rs | 34 +++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/crates/cli/src/commands/cors.rs b/crates/cli/src/commands/cors.rs index 85c2ff9..1c7b8df 100644 --- a/crates/cli/src/commands/cors.rs +++ b/crates/cli/src/commands/cors.rs @@ -620,6 +620,28 @@ mod tests { assert_eq!(config.rules[0].allowed_headers, Some(vec!["*".to_string()])); } + #[test] + fn test_parse_cors_configuration_drops_blank_optional_headers() { + let config = parse_cors_configuration( + r#"{ + "rules": [ + { + "allowedOrigins": ["https://app.example.com"], + "allowedMethods": ["get"], + "allowedHeaders": [" "], + "exposeHeaders": ["", " "] + } + ] + }"#, + ) + .expect("parse config with blank optional headers"); + + assert_eq!(config.rules.len(), 1); + assert_eq!(config.rules[0].allowed_headers, None); + assert_eq!(config.rules[0].expose_headers, None); + assert_eq!(config.rules[0].allowed_methods, vec!["GET".to_string()]); + } + #[test] fn test_cors_input_source_prefers_positional_argument() { let args = SetCorsArgs { @@ -644,6 +666,18 @@ mod tests { assert_eq!(cors_input_source(&args).as_deref(), Ok("cors.json")); } + #[test] + fn test_cors_input_source_rejects_conflicting_inputs() { + let args = SetCorsArgs { + path: "local/my-bucket".to_string(), + source: Some("cors.xml".to_string()), + file: Some("cors.json".to_string()), + force: false, + }; + + assert!(cors_input_source(&args).is_err()); + } + #[test] fn test_cors_input_source_requires_source() { let args = SetCorsArgs { From fbb1b47588e894e450fc7419116c9e27bb84ece6 Mon Sep 17 00:00:00 2001 From: overtrue Date: Fri, 3 Apr 2026 18:05:22 +0800 Subject: [PATCH 2/2] test(cli): cover remaining cors validation gaps --- crates/cli/src/commands/cors.rs | 34 +++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/crates/cli/src/commands/cors.rs b/crates/cli/src/commands/cors.rs index 1c7b8df..4e74bed 100644 --- a/crates/cli/src/commands/cors.rs +++ b/crates/cli/src/commands/cors.rs @@ -588,6 +588,40 @@ mod tests { assert!(error.contains("unsupported method")); } + #[test] + fn test_parse_cors_configuration_rejects_empty_allowed_origin() { + let error = parse_cors_configuration( + r#"{ + "rules": [ + { + "allowedOrigins": [" https://app.example.com ", " "], + "allowedMethods": ["GET"] + } + ] + }"#, + ) + .expect_err("empty allowed origin"); + + assert!(error.contains("empty allowed origin")); + } + + #[test] + fn test_parse_cors_configuration_rejects_empty_allowed_method() { + let error = parse_cors_configuration( + r#"{ + "rules": [ + { + "allowedOrigins": ["*"], + "allowedMethods": ["GET", " "] + } + ] + }"#, + ) + .expect_err("empty allowed method"); + + assert!(error.contains("empty allowed method")); + } + #[test] fn test_parse_cors_configuration_accepts_xml() { let config = parse_cors_configuration(