chore: exclude potentially dangerous tests by default#996
Merged
Conversation
simonresch
force-pushed
the
tag-tests-with-potential-sideeffects
branch
from
cdea77a to
f010e09
Compare
There was a problem hiding this comment.
Pull Request Overview
This PR introduces safety guardrails for potentially dangerous tests by tagging them with "dangerous" and excluding them from local test runs by default. The CI pipeline continues to execute all tests including the dangerous ones.
Key changes:
- Tagged 11 test targets that exercise vulnerable code (deserialization, OS command injection, SSRF, etc.) with "dangerous"
- Modified
.bazelrcto exclude "dangerous" tests by default locally while ensuring CI runs all tests - Added documentation explaining the dangerous test handling and how to run all tests when needed
Reviewed Changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| sanitizers/src/test/java/com/example/BUILD.bazel | Tagged 9 security-related fuzz tests (deserialization, command injection, SSRF) as "dangerous" |
| examples/BUILD.bazel | Added "dangerous" tag to SpringCloudFunctionRoutingFuzzer test |
| CONTRIBUTING.md | Documented the dangerous test tagging system and how to run all tests locally |
| .bazelrc | Configured default test filters to exclude dangerous tests locally and override in CI |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
simonresch
force-pushed
the
tag-tests-with-potential-sideeffects
branch
from
f010e09 to
d04be6c
Compare
kyakdan
reviewed
Oct 27, 2025
simonresch
force-pushed
the
tag-tests-with-potential-sideeffects
branch
from
d04be6c to
f5c97d8
Compare
All tests that can perform potentially harmful side effects are tagged and excluded by default. The CI still tests all. Closes #971
simonresch
force-pushed
the
tag-tests-with-potential-sideeffects
branch
from
f5c97d8 to
a34193f
Compare
kyakdan
approved these changes
Oct 28, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
All tests that can perform potentially harmful side effects are tagged and excluded by default. The CI still tests all.
Closes #971