Skip to content

Commit ecda7a4

Browse files
synthesis: add container registry token examples
1 parent aa17ef1 commit ecda7a4

1 file changed

Lines changed: 30 additions & 0 deletions

File tree

rust/modality/src/cmds/synthesize.rs

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -491,6 +491,8 @@ const FORMULA_EXAMPLE_GROUPS: &[FormulaExampleGroup] = &[
491491
r#"always([+ROTATE_DATABASE_PASSWORD] true -> eventually(<+NOTIFY_DATABASE_OWNER> true))"#,
492492
r#"always([+SERVICE_ACCOUNT_KEY_COMPROMISED] true -> (<+REVOKE_SERVICE_ACCOUNT_KEY> true | <+DISABLE_SERVICE_ACCOUNT> true))"#,
493493
r#"always([+REVOKE_SERVICE_ACCOUNT_KEY] true -> eventually(<+NOTIFY_SERVICE_OWNER> true))"#,
494+
r#"always([+CONTAINER_REGISTRY_TOKEN_LEAKED] true -> (<+ROTATE_REGISTRY_TOKEN> true | <+DISABLE_REGISTRY_PUSH> true))"#,
495+
r#"always([+ROTATE_REGISTRY_TOKEN] true -> eventually(<+NOTIFY_REGISTRY_OWNER> true))"#,
494496
r#"next(<+APPROVE> true)"#,
495497
r#"next((<+APPROVE> true | [<+REJECT>] true))"#,
496498
r#"<+WAIT> true until <+APPROVE> true"#,
@@ -4991,6 +4993,18 @@ F2: formula generated_2 {
49914993
));
49924994
}
49934995

4996+
#[test]
4997+
fn synthesis_list_includes_container_registry_token_leak_prompt_examples() {
4998+
let output = synthesis_list_text();
4999+
5000+
assert!(output.contains(
5001+
"always([+CONTAINER_REGISTRY_TOKEN_LEAKED] true -> (<+ROTATE_REGISTRY_TOKEN> true | <+DISABLE_REGISTRY_PUSH> true))"
5002+
));
5003+
assert!(output.contains(
5004+
"always([+ROTATE_REGISTRY_TOKEN] true -> eventually(<+NOTIFY_REGISTRY_OWNER> true))"
5005+
));
5006+
}
5007+
49945008
#[test]
49955009
fn synthesis_list_includes_escrow_progression_prompt_examples() {
49965010
let output = synthesis_list_text();
@@ -14920,6 +14934,22 @@ gfp(X, []((X)) & ([<+ARCHIVE>] true))
1492014934
verify_synthesized_model(&model, &formulas).unwrap();
1492114935
}
1492214936

14937+
#[test]
14938+
fn verify_synthesized_model_accepts_container_registry_token_leak_prompt_examples() {
14939+
let formulas = parse_formula_strings(&[
14940+
"always([+CONTAINER_REGISTRY_TOKEN_LEAKED] true -> (<+ROTATE_REGISTRY_TOKEN> true | <+DISABLE_REGISTRY_PUSH> true))"
14941+
.to_string(),
14942+
"always([+ROTATE_REGISTRY_TOKEN] true -> eventually(<+NOTIFY_REGISTRY_OWNER> true))"
14943+
.to_string(),
14944+
]);
14945+
let model = modality_lang::formula_synthesis::synthesize_from_formulas(
14946+
"ContainerRegistryTokenLeak",
14947+
&formulas,
14948+
);
14949+
14950+
verify_synthesized_model(&model, &formulas).unwrap();
14951+
}
14952+
1492314953
#[test]
1492414954
fn verify_synthesized_model_accepts_mixed_alternatives_with_signer_requirement() {
1492514955
let formulas = parse_formula_strings(&[

0 commit comments

Comments
 (0)