From 10b55b5ddd0615f31129a6db21dbe67bf902d543 Mon Sep 17 00:00:00 2001 From: sususu98 Date: Tue, 14 Apr 2026 15:46:02 +0800 Subject: [PATCH] fix(antigravity): use E-prefixed fake signature in strict bypass test The strict bypass test used testGeminiSignaturePayload() which produces a base64 string starting with 'C'. Since StripInvalidSignatureThinkingBlocks now strips all non-E/R signatures unconditionally, the test payload was stripped before reaching ValidateClaudeBypassSignatures, causing the test to pass the request through instead of rejecting it with 400. Replace with testFakeClaudeSignature() which produces a base64 string starting with 'E' (valid at the lightweight check) but with invalid protobuf content (no valid field 2), so strict mode correctly rejects it at the deep validation layer. --- .../executor/antigravity_executor_signature_test.go | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/internal/runtime/executor/antigravity_executor_signature_test.go b/internal/runtime/executor/antigravity_executor_signature_test.go index 31955d35a..226daf5c6 100644 --- a/internal/runtime/executor/antigravity_executor_signature_test.go +++ b/internal/runtime/executor/antigravity_executor_signature_test.go @@ -21,6 +21,14 @@ func testGeminiSignaturePayload() string { return base64.StdEncoding.EncodeToString(payload) } +// testFakeClaudeSignature returns a base64 string starting with 'E' that passes +// the lightweight hasValidClaudeSignature check but has invalid protobuf content +// (first decoded byte 0x12 is correct, but no valid protobuf field 2 follows), +// so it fails deep validation in strict mode. +func testFakeClaudeSignature() string { + return base64.StdEncoding.EncodeToString([]byte{0x12, 0xFF, 0xFE, 0xFD}) +} + func testAntigravityAuth(baseURL string) *cliproxyauth.Auth { return &cliproxyauth.Auth{ Attributes: map[string]string{ @@ -40,7 +48,7 @@ func invalidClaudeThinkingPayload() []byte { { "role": "assistant", "content": [ - {"type": "thinking", "thinking": "bad", "signature": "` + testGeminiSignaturePayload() + `"}, + {"type": "thinking", "thinking": "bad", "signature": "` + testFakeClaudeSignature() + `"}, {"type": "text", "text": "hello"} ] }