From 6d1e6999a4eb75bcb803003fb8253e75543d05d6 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Sat, 23 May 2026 13:04:12 +0000
Subject: [PATCH] test: fix weak and near-duplicate assertions in sanitize.rs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- test_sanitize_preserves_markdown_headings: replaced three weak
  contains() assertions with a single assert_eq! on the full output.
  The old assertion result.contains("#123") would pass even if the
  implementation incorrectly wrapped bare #123 in backticks, hiding
  a regression in the bot-trigger neutralization guard.

- test_sanitize_config_removes_control_chars: rewrote to use a
  distinct ANSI-sequence input (val + ESC[0m + ue → value) instead
  of duplicating the exact null/bell bytes already covered by
  test_remove_null_and_bell. The new input exercises ANSI sequence
  stripping through the config pipeline, which the old duplicate
  did not uniquely verify.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---
 src/sanitize.rs | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/src/sanitize.rs b/src/sanitize.rs
index 43c19748..fa44c059 100644
--- a/src/sanitize.rs
+++ b/src/sanitize.rs
@@ -587,11 +587,12 @@ mod tests {
 
     #[test]
     fn test_sanitize_preserves_markdown_headings() {
+        // Markdown headings and bare issue references must not be neutralized.
+        // A bare "#123" (without a preceding bot keyword like "fixes") must NOT
+        // be wrapped in backticks — this assertion would pass even if "#123"
+        // were wrapped, so we assert the exact output instead.
         let input = "# Heading\n## Sub-heading\nIssue #123";
-        let result = sanitize(input);
-        assert!(result.contains("# Heading"));
-        assert!(result.contains("## Sub-heading"));
-        assert!(result.contains("#123"));
+        assert_eq!(sanitize(input), input);
     }
 
     // ── sanitize_config tests ─────────────────────────────────────────────
@@ -622,8 +623,10 @@ mod tests {
 
     #[test]
     fn test_sanitize_config_removes_control_chars() {
-        let input = "hello\x00world\x07!";
-        assert_eq!(sanitize_config(input), "helloworld!");
+        // ANSI escape sequences must be stripped through the config pipeline.
+        // "\x1b[0m" is the ANSI reset code; it should be removed, joining "val" and "ue".
+        let input = "val\x1b[0mue";
+        assert_eq!(sanitize_config(input), "value");
     }
 
     #[test]