From 84a96ac18c793c7c705ab2244833b615834d5721 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 3 Jun 2026 13:50:51 +0000 Subject: [PATCH 1/3] Initial plan From bd16b5f9d9a8abc9f1591cc324013c9fde096ae6 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 3 Jun 2026 14:01:46 +0000 Subject: [PATCH 2/3] refactor(iptables): narrow isValidPortSpec to testHelpers export --- src/host-iptables-rules.ts | 6 +++++- src/host-iptables-setup.test.ts | 36 ++++++++++++++++----------------- 2 files changed, 23 insertions(+), 19 deletions(-) diff --git a/src/host-iptables-rules.ts b/src/host-iptables-rules.ts index 75b8bdec6..5da5dedad 100644 --- a/src/host-iptables-rules.ts +++ b/src/host-iptables-rules.ts @@ -40,7 +40,7 @@ export interface CliProxyHostConfig { * Validates a port specification string. * Accepts a single port (1-65535) or a port range ("N-M" where both are valid ports and N <= M). */ -export function isValidPortSpec(spec: string): boolean { +function isValidPortSpec(spec: string): boolean { const rangeMatch = spec.match(/^(\d+)-(\d+)$/); if (rangeMatch) { const start = parseInt(rangeMatch[1], 10); @@ -52,6 +52,10 @@ export function isValidPortSpec(spec: string): boolean { return !isNaN(port) && String(port) === spec && port >= 1 && port <= 65535; } +/** @internal Exposed only for unit tests — not part of the public API. */ +// ts-prune-ignore-next +export const iptablesRulesTestHelpers = { isValidPortSpec }; + function parseValidPortSpecs(input: string | undefined, label: string): string[] { if (!input) { return []; diff --git a/src/host-iptables-setup.test.ts b/src/host-iptables-setup.test.ts index e5ec3008f..06a2d9b96 100644 --- a/src/host-iptables-setup.test.ts +++ b/src/host-iptables-setup.test.ts @@ -1,6 +1,6 @@ import { API_PROXY_PORTS } from './types'; import { execaError, execaResult, mockedExeca, setupDefaultIptablesMocks, setupHostIptablesTestSuite } from './test-helpers/host-iptables-test-setup'; -import { isValidPortSpec } from './host-iptables-rules'; +import { iptablesRulesTestHelpers } from './host-iptables-rules'; import { setupHostIptables } from './host-iptables'; import { iptablesSharedTestHelpers } from './host-iptables-shared.test-utils'; @@ -294,29 +294,29 @@ describe('host-iptables (setup)', () => { describe('isValidPortSpec', () => { it('should accept valid single ports', () => { - expect(isValidPortSpec('1')).toBe(true); - expect(isValidPortSpec('80')).toBe(true); - expect(isValidPortSpec('443')).toBe(true); - expect(isValidPortSpec('65535')).toBe(true); + expect(iptablesRulesTestHelpers.isValidPortSpec('1')).toBe(true); + expect(iptablesRulesTestHelpers.isValidPortSpec('80')).toBe(true); + expect(iptablesRulesTestHelpers.isValidPortSpec('443')).toBe(true); + expect(iptablesRulesTestHelpers.isValidPortSpec('65535')).toBe(true); }); it('should accept valid port ranges', () => { - expect(isValidPortSpec('3000-3010')).toBe(true); - expect(isValidPortSpec('1-65535')).toBe(true); - expect(isValidPortSpec('80-80')).toBe(true); + expect(iptablesRulesTestHelpers.isValidPortSpec('3000-3010')).toBe(true); + expect(iptablesRulesTestHelpers.isValidPortSpec('1-65535')).toBe(true); + expect(iptablesRulesTestHelpers.isValidPortSpec('80-80')).toBe(true); }); it('should reject invalid port specs', () => { - expect(isValidPortSpec('abc')).toBe(false); - expect(isValidPortSpec('0')).toBe(false); - expect(isValidPortSpec('65536')).toBe(false); - expect(isValidPortSpec('-1')).toBe(false); - expect(isValidPortSpec('99999')).toBe(false); - expect(isValidPortSpec('3010-3000')).toBe(false); // reversed range - expect(isValidPortSpec('')).toBe(false); - expect(isValidPortSpec('080-090')).toBe(false); // leading zeros in range - expect(isValidPortSpec('01-100')).toBe(false); // leading zero in start - expect(isValidPortSpec('1-0100')).toBe(false); // leading zero in end + expect(iptablesRulesTestHelpers.isValidPortSpec('abc')).toBe(false); + expect(iptablesRulesTestHelpers.isValidPortSpec('0')).toBe(false); + expect(iptablesRulesTestHelpers.isValidPortSpec('65536')).toBe(false); + expect(iptablesRulesTestHelpers.isValidPortSpec('-1')).toBe(false); + expect(iptablesRulesTestHelpers.isValidPortSpec('99999')).toBe(false); + expect(iptablesRulesTestHelpers.isValidPortSpec('3010-3000')).toBe(false); // reversed range + expect(iptablesRulesTestHelpers.isValidPortSpec('')).toBe(false); + expect(iptablesRulesTestHelpers.isValidPortSpec('080-090')).toBe(false); // leading zeros in range + expect(iptablesRulesTestHelpers.isValidPortSpec('01-100')).toBe(false); // leading zero in start + expect(iptablesRulesTestHelpers.isValidPortSpec('1-0100')).toBe(false); // leading zero in end }); }); From 85c18ae2e6ba8bdb6a9c257fe7014a94615771dc Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 3 Jun 2026 15:57:19 +0000 Subject: [PATCH 3/3] test(iptables): use host-iptables-rules test utils --- src/host-iptables-rules.test-utils.ts | 5 +++++ src/host-iptables-setup.test.ts | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 src/host-iptables-rules.test-utils.ts diff --git a/src/host-iptables-rules.test-utils.ts b/src/host-iptables-rules.test-utils.ts new file mode 100644 index 000000000..6f4d9c51a --- /dev/null +++ b/src/host-iptables-rules.test-utils.ts @@ -0,0 +1,5 @@ +/** + * Test-only re-export of internal helpers from host-iptables-rules. + * Tests should import from this file, not directly from the production module. + */ +export { iptablesRulesTestHelpers } from './host-iptables-rules'; diff --git a/src/host-iptables-setup.test.ts b/src/host-iptables-setup.test.ts index 06a2d9b96..b787c1677 100644 --- a/src/host-iptables-setup.test.ts +++ b/src/host-iptables-setup.test.ts @@ -1,6 +1,6 @@ import { API_PROXY_PORTS } from './types'; import { execaError, execaResult, mockedExeca, setupDefaultIptablesMocks, setupHostIptablesTestSuite } from './test-helpers/host-iptables-test-setup'; -import { iptablesRulesTestHelpers } from './host-iptables-rules'; +import { iptablesRulesTestHelpers } from './host-iptables-rules.test-utils'; import { setupHostIptables } from './host-iptables'; import { iptablesSharedTestHelpers } from './host-iptables-shared.test-utils';