openharmonyinsight/skills/check-test-code-quality/rules/R007
skills/check-test-code-quality/rules/R007/SKILL.md
# R007: Test.json禁止配置项 ## 规则信息 | 属性 | 值 | |------|------| | 规则编号 | R007 | | 问题类型 | Test.json禁止配置项 | | 严重级别 | Critical | | 规则复杂度 | simple | ## 问题描述 Test.json配置文件中存在禁止的配置项: - `setenforce 0` — 会关闭SELinux,引入安全问题 - `rerun: true` — 会导致测试报告出现异常 - `appfreeze.filter_bundle_name` — 会屏蔽appfreeze异常 **规范来源**: - 用例低级问题.md 第9条 — "禁止配置setenforce 0,会关闭selinux引入问题" - 用例低级问题.md 第10条 — "禁止配置rerun:true,会导致报告出现异常" - 用例低级问题.md 第11条 — "禁止配置appfreeze.filter_bundle_name,会屏蔽appfreeze异常" ## 扫描范围 | 应扫描 | 文件名 | |-----
$ install --global
skillsauthnpx skillsauth add openharmonyinsight/openharmony-skills skills/check-test-code-quality/rules/R007Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 23, 2026, 6:31 AM215.6s1 file scanned
SKILL.md
R007: Test.json禁止配置项
规则信息
| 属性 | 值 | |------|------| | 规则编号 | R007 | | 问题类型 | Test.json禁止配置项 | | 严重级别 | Critical | | 规则复杂度 | simple |
问题描述
Test.json配置文件中存在禁止的配置项:
setenforce 0— 会关闭SELinux,引入安全问题rerun: true— 会导致测试报告出现异常appfreeze.filter_bundle_name— 会屏蔽appfreeze异常
规范来源:
- 用例低级问题.md 第9条 — "禁止配置setenforce 0,会关闭selinux引入问题"
- 用例低级问题.md 第10条 — "禁止配置rerun:true,会导致报告出现异常"
- 用例低级问题.md 第11条 — "禁止配置appfreeze.filter_bundle_name,会屏蔽appfreeze异常"
扫描范围
| 应扫描 | 文件名 |
|--------|--------|
| Test.json文件 | 所有名为 Test.json 的文件(不区分大小写) |
R007只扫描Test.json配置文件,不扫描源代码文件。
检测逻辑
步骤1: 定位Test.json文件
import os
import re
def get_r007_scan_files(directory: str) -> list[str]:
test_json_files = []
for root, dirs, files in os.walk(directory):
for f in files:
if f.lower() == 'test.json':
test_json_files.append(os.path.join(root, f))
return test_json_files
步骤2: 逐行检测禁止配置项
def check_r007(file_path: str) -> list[dict]:
issues = []
with open(file_path, 'r', encoding='utf-8') as f:
lines = f.readlines()
for i, line in enumerate(lines, 1):
stripped = line.strip()
# 检测1: setenforce 0(不检测 setenforce 1)
if 'setenforce 0' in stripped:
issues.append({
'rule': 'R007',
'type': 'Test.json禁止配置项',
'severity': 'Critical',
'file': file_path,
'line': i,
'testcase': '-',
'snippet': stripped,
'suggestion': (
f'路径: {file_path}, 行号: {i}, '
f'问题描述: 禁止配置setenforce 0,会关闭SELinux引入安全问题。请移除该配置。'
),
'detail': 'setenforce 0'
})
continue
# 检测2: rerun 配置
# 匹配 "rerun": true, "rerun":"true", "rerun":"ture", "rerun": 1 等
if re.search(r'"rerun"\s*:\s*(true|1|"true"|"ture")', stripped, re.IGNORECASE):
issues.append({
'rule': 'R007',
'type': 'Test.json禁止配置项',
'severity': 'Critical',
'file': file_path,
'line': i,
'testcase': '-',
'snippet': stripped,
'suggestion': (
f'路径: {file_path}, 行号: {i}, '
f'问题描述: 禁止配置rerun:true,会导致测试报告出现异常。请移除该配置。'
),
'detail': 'rerun'
})
continue
# 检测3: appfreeze.filter_bundle_name
if 'appfreeze.filter_bundle_name' in stripped:
issues.append({
'rule': 'R007',
'type': 'Test.json禁止配置项',
'severity': 'Critical',
'file': file_path,
'line': i,
'testcase': '-',
'snippet': stripped,
'suggestion': (
f'路径: {file_path}, 行号: {i}, '
f'问题描述: 禁止配置appfreeze.filter_bundle_name,会屏蔽appfreeze异常。请移除该配置。'
),
'detail': 'appfreeze.filter_bundle_name'
})
return issues
检测要点
- setenforce 0: 只检测
setenforce 0,不检测setenforce 1(setenforce 1是允许的) - rerun: 检测
"rerun": true、"rerun": 1、"rerun": "true"、"rerun": "ture"(注意常见拼写错误) - appfreeze.filter_bundle_name: 检测完整字段名,无论值是什么
- 行号: 必须准确报告问题所在行号
- testcase字段: 固定为
-(配置文件,无对应用例)
输出格式
| 列名 | 说明 |
|------|------|
| 问题ID | R007 |
| 问题类型 | Test.json禁止配置项 |
| 严重级别 | Critical |
| 文件路径 | 相对路径 |
| 行号 | 问题所在行号 |
| 所属用例 | -(配置文件) |
| 代码片段 | 匹配到的代码行 |
| 修复建议 | 路径+行号+问题描述 |
错误示例
// 错误1: 配置setenforce 0
{
"kits": [
{
"type": "ShellKit",
"run-command": [
"setenforce 0",
"hilog -Q pidoff"
]
}
]
}
// 错误2: 配置rerun
{
"driver": {
"type": "OHJSUnitTest",
"rerun": true
}
}
// 错误3: 配置appfreeze.filter_bundle_name
{
"kits": [
{
"type": "ShellKit",
"run-command": [
"param set hiviewdfx.appfreeze.filter_bundle_name com.example.myapplication"
]
}
]
}
正确示例
// 正确: 不配置setenforce 0、rerun、appfreeze.filter_bundle_name
{
"kits": [
{
"type": "ShellKit",
"run-command": [
"setenforce 1",
"hilog -Q pidoff"
]
}
],
"driver": {
"type": "OHJSUnitTest"
}
}
扫描命令参考
# 扫描setenforce 0
grep -rn 'setenforce 0' --include='Test.json' /path/to/code
# 扫描rerun
grep -rn '"rerun"' --include='Test.json' /path/to/code
# 扫描appfreeze
grep -rn 'appfreeze.filter_bundle_name' --include='Test.json' /path/to/code
注意事项
- 文件名匹配不区分大小写(
Test.json、test.json、TEST.JSON均匹配) - 同一行中可能存在多个违规配置,每个违规配置分别报告
setenforce 1是允许的,不应报告rerun: false或rerun: 0不视为违规- testcase字段始终为
-,因为Test.json是配置文件
Related Skills
openharmonyinsight/oh-precommit-codecheck
development
VerifiedTrustedCommunity
Run local code quality checks covering a subset of OpenHarmony gate CI (copyright, CodeArts C/C++) plus additional local checks (pylint/flake8, shellcheck/bashate, gn format). Use before committing to reduce gate failures. Triggers on: /oh-precommit-codecheck, "门禁检查", "门禁预检", "检查代码", "run codecheck", "check code quality", "lint my code", "代码检查", or after completing code implementation. WHEN to use: before git commit, before creating PR, after modifying C/C++/Python/Shell/GN files, when gate CI fails with codecheck defects, or when you want to preview what gate will flag.
25SKILL.mdUpdated May 29, 2026
openharmonyinsight/oh-pr-workflow
development
VerifiedTrustedCommunity
OpenHarmony PR full lifecycle workflow. Five modes: - Commit: standardized commit with DCO sign-off and Issue linking - Create PR: commit + push to fork + create Issue + create PR on upstream - Fix Codecheck: fetch gate CI codecheck defects from a PR and auto-fix them - Review PR: fetch a PR's changes to local for code review - Fix Review: fetch unresolved review comments from a PR and auto-fix them Triggers on: /oh-pr-workflow, "提交代码", "创建PR", "提个PR", "commit", "修复告警", "修复门禁", "修复codecheck", "fix codecheck", "review pr", "review这个pr", "看下这个pr", "检视pr", "修复review", "修复检视意见", "fix review", or a GitCode PR URL with fix/review intent.
25SKILL.mdUpdated May 29, 2026
openharmonyinsight/oh-pdd-prd-analysis
testing
VerifiedTrustedCommunity
分析 HM Desktop PRD 文档,提取需求信息、验证完整性、检查章节顺序(需求来源→需求背景→需求价值分析→竞品分析→需求描述)、检查 KEP 定义、检测需求冲突并生成结构化分析报告。适用于用户请求:(1) 分析或审查 PRD 文档, (2) 从需求中提取 KEP 列表, (3) 检查 PRD 完整性或一致性, (4) 将需求映射到模块架构, (5) 验证 PRD 格式合规性, (6) 验证竞品分析章节完整性。关键词:PRD分析, requirement extraction, KEP验证, completeness check, chapter order validation, 竞品分析检查, analyze PRD, 需求提取, 完整性检查, 章节顺序验证
25SKILL.mdUpdated May 29, 2026
openharmonyinsight/oh-pdd-design-doc-generator
development
VerifiedTrustedCommunity
基于 PRD 文档自动生成鸿蒙系统设计文档,包括架构设计文档和功能设计文档。生成前会分析 OpenHarmony 存量代码结构,确保与现有架构兼容。架构设计文档第2章必须为竞品方案分析,位于需求背景之后。适用于用户请求:(1) 生成架构设计文档, (2) 生成功能设计文档, (3) 从 PRD 生成设计文档, (4) 创建系统架构设计, (5) 编写功能规格说明, (6) 分析 OH 代码结构。关键词:architecture design, functional design, design doc, 竞品方案分析, OpenHarmony code analysis, 架构设计, 功能设计, 设计文档生成, OH代码分析, analyze codebase, competitor analysis
25SKILL.mdUpdated May 29, 2026