feat: Add CD001-MCP FinDrive Server Tests (CD001, #27)

[steadhac]

PR #317 — FinDrive Server Tests
Add a comprehensive unit test suite for the FinDrive MCP server — the mock file storage
system used by agents to upload, retrieve, list, delete, and search files. Tests cover
all 5 tools, namespace isolation, vendor session access boundaries, filename security,
file type validation, upload limits, and edge cases.
 
Bug-exposing tests document missing input validation, insecure filename acceptance,
dangerous file type gaps, vendor cross-access vulnerabilities, and unbounded storage.
 
Tests follow the established pattern with:
 

• Title / Basically question / Steps / Expected Results / Impact
• Bug-exposing tests included for each confirmed production defect.
   
  📁 Test Files
  tests/unit/mcp/test_findrive.py
   

TestUploadFile

Test ID	Title
test_fd_upload_001	upload_file returns correct file metadata
test_fd_upload_002	File size calculated from content length
test_fd_upload_003	Content exceeding max_size returns error
test_fd_upload_004	Default folder is 'invoices'
test_fd_upload_005	Custom folder stored correctly
test_fd_upload_006	Namespace isolation on upload
test_fd_upload_007 ⚠️	Empty filename accepted without validation
test_fd_upload_008 ⚠️	Empty content accepted without validation
test_fd_upload_009 ⚠️	Path traversal in folder parameter accepted

TestFileNameValidation

Test ID	Title
test_fd_fname_001 ⚠️	Prompt injection in filename accepted and stored
test_fd_fname_002 ⚠️	Path traversal in filename accepted without sanitisation
test_fd_fname_003 ⚠️	Newline in filename enables log injection
test_fd_fname_004 ⚠️	Null byte in filename accepted
test_fd_fname_005	Filename returned verbatim in list_files

TestGetFile

Test ID	Title
test_fd_get_001	get_file returns all fields including content
test_fd_get_002	Returns error for unknown file_id
test_fd_get_003	Namespace isolation on get_file
test_fd_get_004	Vendor session blocked from admin-uploaded files
test_fd_get_005 ⚠️	Cross-vendor file access not blocked

TestListFiles

Test ID	Title
test_fd_list_001	list_files returns files and count
test_fd_list_002	Filter by folder
test_fd_list_003	Empty for namespace with no files
test_fd_list_004	Namespace isolation on list_files
test_fd_list_005	Respects limit parameter
test_fd_list_006 ⚠️	Cross-vendor list not blocked

TestDeleteFile

Test ID	Title
test_fd_del_001	delete_file returns deleted=True
test_fd_del_002	File not retrievable after deletion
test_fd_del_003	Returns error for unknown file_id
test_fd_del_004	Namespace isolation on delete_file
test_fd_del_005	Vendor cannot delete admin-uploaded files
test_fd_del_006 ⚠️	Cross-vendor deletion not blocked

TestSearchFiles

Test ID	Title
test_fd_srch_001	Matches by filename keyword
test_fd_srch_002	Matches by content keyword
test_fd_srch_003	No match returns empty results
test_fd_srch_004	Namespace isolation on search
test_fd_srch_005	Prompt injection payload is searchable

TestFinDriveServerConfig

Test ID	Title
test_fd_cfg_001	Default config used when None provided
test_fd_cfg_002	Custom max_file_size from server_config
test_fd_cfg_003	Empty config uses all defaults

TestFinDriveToolDiscovery

Test ID	Title
test_fd_tools_001	Server exposes exactly 5 tools

TestIntFieldEdgeCases

Test ID	Title
test_fd_int_001	get_file with id=0 returns error
test_fd_int_002	get_file with negative id returns error
test_fd_int_003	delete_file with id=0 returns error
test_fd_int_004	list_files limit=0 returns empty
test_fd_int_005 ⚠️	list_files negative limit raises
test_fd_int_006 ⚠️	search_files negative limit raises
test_fd_int_007	list_files large limit returns all files

TestStrFieldEdgeCases

Test ID	Title
test_fd_str_001 ⚠️	Whitespace filename accepted without validation
test_fd_str_002 ⚠️	Very long filename accepted without validation
test_fd_str_003	SQL injection in filename stored safely
test_fd_str_004	Unicode filename stored correctly
test_fd_str_005	Unicode content stored correctly
test_fd_str_006	Prompt injection in filename stored verbatim
test_fd_str_007	Empty query returns all files
test_fd_str_008 ⚠️	Whitespace content accepted without validation
test_fd_str_009	Exact max_size content accepted

TestMaxFilesPerVendor

Test ID	Title
test_fd_limit_001 ⚠️	max_files_per_vendor limit not enforced
test_fd_limit_002	Default max_files_per_vendor is 50

TestFileTypeValidation

Test ID	Title
test_fd_ftype_001	Default file_type is pdf
test_fd_ftype_002 ⚠️	Dangerous file types accepted without validation
test_fd_ftype_005	Valid document types accepted
Related Bug Tickets
Bug_143, Bug_144, Bug_145, Bug_146, Bug_147, Bug_148, Bug_149, Bug_150, Bug_151, Bug_152, Bug_153, Bug_154, Bug_155, Bug_156, Bug_157, Bug_158, Bug_159