fix(core-scripting): resolve Low code-review findings (Core.Scripting-005,006,008,009,011)

- Core.Scripting-005: DependencyExtractor.HandleTagCall now recognises raw-string literal paths by checking the StringLiteralExpression node kind instead of the legacy StringLiteralToken kind. - Core.Scripting-006: scope CompiledScriptCache failed-compile eviction with TryRemove(KeyValuePair) so a racing retry entry is not evicted. - Core.Scripting-008: document the per-publish assembly accretion as an accepted limitation in docs/VirtualTags.md. - Core.Scripting-009: enumerate the authoritative deny-list (namespace prefixes + type-granular denies) in the Phase 7 decision-#6 entry to match ForbiddenTypeAnalyzer. - Core.Scripting-011: pin ScriptSandbox.Build, ScriptContext.Deadband boundary semantics, and end-to-end factory + companion-sink integration. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-23 07:23:42 -04:00
parent 99354bfaf2
commit 0a20de728d
10 changed files with 300 additions and 16 deletions
--- a/tests/Core/ZB.MOM.WW.OtOpcUa.Core.Scripting.Tests/DependencyExtractorTests.cs
+++ b/tests/Core/ZB.MOM.WW.OtOpcUa.Core.Scripting.Tests/DependencyExtractorTests.cs
@@ -209,4 +209,33 @@ public sealed class DependencyExtractorTests
        result.IsValid.ShouldBeTrue();
        result.Reads.Count.ShouldBe(2);
    }
+
+    [Fact]
+    public void Accepts_single_line_raw_string_literal_path()
+    {
+        // A single-line raw string literal ("""Line1/Speed""") tokenizes as
+        // SingleLineRawStringLiteralToken, not StringLiteralToken — the old check
+        // would mis-reject it as a "dynamic path". Confirm static raw-string paths are
+        // harvested. (Core.Scripting-005.)
+        var src = "return ctx.GetTag(\"\"\"Line1/Speed\"\"\").Value;";
+        var result = DependencyExtractor.Extract(src);
+        result.IsValid.ShouldBeTrue();
+        result.Reads.ShouldContain("Line1/Speed");
+        result.Rejections.ShouldBeEmpty();
+    }
+
+    [Fact]
+    public void Accepts_multi_line_raw_string_literal_path()
+    {
+        // A multi-line raw string literal tokenizes as MultiLineRawStringLiteralToken.
+        // Even though it is unusual for a tag path, it is still a static string and
+        // must not be mis-rejected. (Core.Scripting-005.)
+        // Note: the multi-line raw string strips the common leading indent and the
+        // surrounding newlines, leaving exactly the body text.
+        var src = "return ctx.GetTag(\"\"\"\nLine1/Speed\n\"\"\").Value;";
+        var result = DependencyExtractor.Extract(src);
+        result.IsValid.ShouldBeTrue();
+        result.Reads.ShouldContain("Line1/Speed");
+        result.Rejections.ShouldBeEmpty();
+    }
 }