anti/DECNET
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(ttp): correct stale clip tests to ceiling semantics + document ATTACKER_FINGERPRINTED topic

Browse Source 
confidence_max is a ceiling (min(base, ceiling)), not a multiplier — the
ASVS pass fixed this (BUG-8: min(base, base*ceiling) -> min(base, ceiling)),
but 4 lifter clip tests still encoded the old base*ceiling math (0.45/0.4/
0.35) and were masked by the make test-web bundle error fail-fast. All four
now assert the 0.5 ceiling. Separately, test_topics_matches_documented_set
lacked attacker.fingerprinted, which worker.py legitimately subscribes to
(JARM/HASSH/tcpfp/ipv6_leak -> TTP tagging). Located via turbovec + git pickaxe.

(cherry picked from commit f83b467c35649a06fa36f4b350e6666379cd71cb)
This commit is contained in:
anti
2026-06-18 19:22:45 -04:00
parent 3a3392bdee
commit a26dfe4d47
5 changed files with 12 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
tests/ttp/test_identity_lifter.py
View File

@@ -114,8 +114,8 @@ def test_clipped_rule_caps_confidence() -> None:
payload = {"shared_password_hash": "x", "account_count": 9}
out = asyncio.run(lifter.tag(_ev(payload)))
assert len(out) == 1
# Base confidence 0.9 × 0.5 ceiling clamp.
assert out[0].confidence == pytest.approx(0.45)
# Base confidence 0.9 capped at the 0.5 ceiling — min(0.9, 0.5).
assert out[0].confidence == pytest.approx(0.5)
def test_expired_rule_does_not_fire() -> None: