2026-05-17 19:06:47 +02:00
1 changed files with 36 additions and 0 deletions
--- a/ocr-service/test_main.py
+++ b/ocr-service/test_main.py
@@ -0,0 +1,36 @@
+"""Tests for main.py — startup behavior."""
+
+import logging
+from unittest.mock import patch
+
+import pytest
+from httpx import ASGITransport, AsyncClient
+
+from main import app
+
+
+# ─── Root canary ──────────────────────────────────────────────────────────────
+
+
+@pytest.mark.asyncio
+async def test_startup_logs_warning_when_running_as_root(caplog):
+    """Lifespan emits a WARNING when the process uid is 0 (running as root)."""
+    with patch("main.os.getuid", return_value=0), \
+         patch("main.kraken_engine.load_models"), \
+         patch("main.load_spell_checker"), \
+         caplog.at_level(logging.WARNING, logger="main"):
+        async with AsyncClient(transport=ASGITransport(app=app), base_url="http://test"):
+            pass
+    assert "Running as root" in caplog.text
+
+
+@pytest.mark.asyncio
+async def test_startup_does_not_warn_when_running_as_non_root(caplog):
+    """Lifespan does not emit a root warning when running as a non-root user."""
+    with patch("main.os.getuid", return_value=1000), \
+         patch("main.kraken_engine.load_models"), \
+         patch("main.load_spell_checker"), \
+         caplog.at_level(logging.WARNING, logger="main"):
+        async with AsyncClient(transport=ASGITransport(app=app), base_url="http://test"):
+            pass
+    assert "Running as root" not in caplog.text