Merge branch 'quantumlib:main' into main

Author: mhucka

dev_tools/prepared_env.py

@@ -97,14 +97,14 @@ def report_status_to_github(
         if target_url is not None:
             payload['target_url'] = target_url
 
-        url = "https://api.github.com/repos/{}/{}/statuses/{}?access_token={}".format(
-            self.repository.organization,
-            self.repository.name,
-            self.actual_commit_id,
-            self.repository.access_token,
+        if self.actual_commit_id is None:
+            return
+        url = "https://api.github.com/repos/{}/{}/statuses/{}".format(
+            self.repository.organization, self.repository.name, self.actual_commit_id
         )
+        headers = {'Authorization': 'Bearer {}'.format(self.repository.access_token)}
 
-        response = requests.post(url, json=payload)
+        response = requests.post(url, json=payload, headers=headers, timeout=30)
 
         if response.status_code != 201:
             raise IOError(

dev_tools/prepared_env_security_test.py

@@ -0,0 +1,38 @@
+import unittest
+from unittest.mock import patch, MagicMock
+from dev_tools.prepared_env import PreparedEnv
+from dev_tools.github_repository import GithubRepository
+
+
+class TestPreparedEnvSecurity(unittest.TestCase):
+    @patch('requests.post')
+    def test_report_status_to_github_token_in_header(self, mock_post):
+        # Setup
+        mock_response = MagicMock()
+        mock_response.status_code = 201
+        mock_post.return_value = mock_response
+
+        repo = GithubRepository('my-org', 'my-repo', 'my-token')
+        env = PreparedEnv(repo, 'my-commit', 'compare-commit', None, None)
+
+        # Execute
+        env.report_status_to_github('success', 'desc', 'ctx')
+
+        # Verify
+        args, kwargs = mock_post.call_args
+        url = args[0]
+        headers = kwargs.get('headers', {})
+
+        # Security check: Token should NOT be in the URL
+        self.assertNotIn('access_token=my-token', url, "Token should not be passed in the URL")
+
+        # Security check: Token should be in the Authorization header
+        self.assertEqual(
+            headers.get('Authorization'),
+            'Bearer my-token',
+            "Token should be passed in the Authorization header",
+        )
+
+
+if __name__ == '__main__':
+    unittest.main()

src/openfermion/utils/commutators_test.py

@@ -217,6 +217,38 @@ def test_double_commtator_more_info_both_hopping(self):
             com, (FermionOperator('4^ 3^ 4 2', 2.73) + FermionOperator('4^ 2^ 4 3', 2.73))
         )
 
+    def test_double_commutator_hopping_no_intersection(self):
+        # Case where intersection is empty
+        op1 = FermionOperator('0^ 0')
+        op2 = FermionOperator('1^ 2') + FermionOperator('2^ 1')
+        op3 = FermionOperator('3^ 4') + FermionOperator('4^ 3')
+        res = double_commutator(
+            op1,
+            op2,
+            op3,
+            indices2={1, 2},
+            indices3={3, 4},
+            is_hopping_operator2=True,
+            is_hopping_operator3=True,
+        )
+        self.assertEqual(res, FermionOperator.zero())
+
+    def test_double_commutator_hopping_multi_intersection(self):
+        # Case where intersection has more than one element
+        op1 = FermionOperator('0^ 0')
+        op2 = FermionOperator('1^ 2') + FermionOperator('2^ 1')
+        op3 = FermionOperator('1^ 2') + FermionOperator('2^ 1')
+        res = double_commutator(
+            op1,
+            op2,
+            op3,
+            indices2={1, 2},
+            indices3={1, 2},
+            is_hopping_operator2=True,
+            is_hopping_operator3=True,
+        )
+        self.assertEqual(res, FermionOperator.zero())
+
 
 class TriviallyDoubleCommutesDualBasisUsingTermInfoTest(unittest.TestCase):
     def test_number_operators_trivially_commute(self):