fix: reject unknown ecosystems instead of silently defaulting to pypi

2026-05-11 19:59:47 +03:00
parent a6cd20e41c
commit fb5559b8b7
3 changed files with 25 additions and 5 deletions
--- a/tests/e2e/test_llm_and_edge_cases.py
+++ b/tests/e2e/test_llm_and_edge_cases.py
@@ -201,6 +201,22 @@ class TestErrorHandlingE2e:
        resp = await e2e_client.post("/webhooks/nexus", json=payload)
        assert resp.status_code == 400

+    @pytest.mark.asyncio
+    async def test_e2e_webhook_unknown_ecosystem(self, e2e_client):
+        """Verify that webhooks with unknown ecosystem are rejected."""
+        payload = {
+            "action": "UPDATED",
+            "repositoryName": "test-repo",
+            "asset": {
+                "format": "maven",
+                "name": "/packages/test/1.0/test-1.0.tar.gz",
+            },
+        }
+        resp = await e2e_client.post("/webhooks/nexus", json=payload)
+        assert resp.status_code == 200
+        assert resp.json()["status"] == "ignored"
+        assert resp.json()["reason"] == "unknown_ecosystem"
+

 class TestWebsocketFragmentE2e:
    """E2E tests for HTMX fragment responses."""
--- a/tests/test_webhooks.py
+++ b/tests/test_webhooks.py
@@ -112,8 +112,8 @@ def test_detect_ecosystem_npm():
 def test_detect_ecosystem_unknown():
    from guarddog_nexus.routes.webhooks import _detect_ecosystem

-    assert _detect_ecosystem({"format": "maven"}) == "pypi"  # unknown → default
-    assert _detect_ecosystem({}) == "pypi"  # default
+    assert _detect_ecosystem({"format": "maven"}) is None
+    assert _detect_ecosystem({}) is None


 # --- Go/npm webhook integration ---