test(windows): harden pid-scan no-window assertion against captured-call leakage (#54707)

test_gateway_pid_scan_hides_wmic_and_powershell_windows flaked once in CI
(slice 7/8) with 'KeyError: creationflags' while passing 15/15 under exact
CI-parity locally. The positional 'kwargs["creationflags"]' indexing raises
a bare KeyError the moment any stray subprocess.run call is captured, masking
the real contract. Filter captured calls to the two intended Windows console
spawns (wmic + PowerShell fallback) and assert each is windowless via
.get('creationflags'); a leaked/extra call now surfaces as a readable
len-mismatch with the full captured list, not a cryptic KeyError.
This commit is contained in:
Teknium 2026-06-29 01:01:29 -07:00 committed by GitHub
parent 0434a9a5ec
commit 29f0968275
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -168,7 +168,21 @@ def test_gateway_pid_scan_hides_wmic_and_powershell_windows(monkeypatch):
monkeypatch.setattr(gateway.subprocess, "run", fake_run)
assert gateway._scan_gateway_pids(set()) == [123]
assert [kwargs["creationflags"] for _, kwargs in captured] == [
# The wmic probe and the PowerShell fallback are the two console spawns
# this scan makes on Windows; both must hide the window via
# ``creationflags``. Filter to those two commands (rather than indexing a
# positional list) so the contract — "every Windows pid-scan spawn is
# windowless" — is asserted directly and can't be tripped by an unrelated
# captured call leaking in from prior module-state churn in the same
# process. ``.get`` keeps a stray non-windowed call from masking the real
# assertion behind a bare KeyError.
scan_spawns = [
kwargs
for cmd, kwargs in captured
if cmd and cmd[0] in {"wmic", "powershell", "pwsh"}
]
assert len(scan_spawns) == 2, captured
assert [kwargs.get("creationflags") for kwargs in scan_spawns] == [
_CREATE_NO_WINDOW,
_CREATE_NO_WINDOW,
]