fix: respect OSS_FUZZ_CONTAINER_ORG environment variable

[dguido]

Summary

This PR fixes a bug in the common module where the OSS_FUZZ_CONTAINER_ORG environment variable was not being respected, causing test failures when using alternative container registries.

Problem

The oss_fuzz_container_org property in challenge_task.py was hardcoded to always parse the organization from the helper_path file, ignoring the OSS_FUZZ_CONTAINER_ORG environment variable that should take precedence.

Solution

Added a check to respect the OSS_FUZZ_CONTAINER_ORG environment variable before falling back to parsing the helper_path file:

@cached_property
def oss_fuzz_container_org(self) -> str:
    # Check environment variable first
    if env_org := os.environ.get("OSS_FUZZ_CONTAINER_ORG"):
        return env_org
    
    # Fall back to parsing helper_path file
    # ... existing code ...

Impact

This fix allows tests and development environments to use alternative container registries (e.g., for testing with local or private registries) by setting the OSS_FUZZ_CONTAINER_ORG environment variable.

Testing

• The change has been tested locally with the environment variable set
• Existing behavior is preserved when the environment variable is not set
• Tests continue to pass in CI

Related

See #270 for separate issue tracking the patcher integration test redesign needs.

[claude]

Claude finished @dguido's task —— View job

---

PR Review Complete

I'll review this PR focusing on:

• Analyze the main code change in challenge_task.py
• Review pyproject.toml modifications
• Check for potential bugs or issues
• Evaluate security and performance considerations
• Assess test coverage needs
• Provide comprehensive feedback

---

Code Review Summary

This PR addresses a legitimate bug where the OSS_FUZZ_CONTAINER_ORG environment variable was being ignored. The fix is well-implemented and safe.

Main Changes Analysis

1. Core Fix (challenge_task.py:455-458)

@cached_property
def oss_fuzz_container_org(self) -> str:
    # Check environment variable first
    if env_org := os.environ.get("OSS_FUZZ_CONTAINER_ORG"):
        return env_org
    
    # Fall back to parsing helper_path file
    # ... existing code ...

Strengths:

• ✅ Correct prioritization: environment variable takes precedence over file parsing
• ✅ Clean implementation using walrus operator (:=) - compatible with Python ≥3.10 requirement
• ✅ No breaking changes - existing behavior preserved when env var not set
• ✅ Proper use of @cached_property - environment variable checked only once per instance

2. Lint Configuration Changes (pyproject.toml files)

• ✅ Consistent ruff ignore rules across all components
• ✅ Temporary rules to address CI failures during standardization work
• ✅ Well-documented with clear comments explaining purpose

Security & Performance Considerations

Security: ✅ No concerns

• Environment variable directly controls container organization name in container_image() method
• Value is used in container image references like {org}/{project_name}
• This is appropriate for testing/development environments with alternative registries
• No input validation needed since container runtimes will reject invalid image names

Performance: ✅ Optimal

• @cached_property ensures environment variable is only read once per instance
• No performance regression

Test Coverage Assessment

Excellent test coverage:

• ✅ test_container_image_custom_org specifically validates the new environment variable behavior
• ✅ Comprehensive existing tests cover edge cases (missing files, malformed content, etc.)
• ✅ Tests use proper mocking with patch.dict(os.environ, ...)

Minor Considerations

1. Documentation Gap: The OSS_FUZZ_CONTAINER_ORG environment variable isn't documented anywhere (as noted by reviewer ret2libc). Consider adding to deployment docs or CLAUDE.md.

2. Environment Variable Validation: While not strictly necessary (Docker will validate), could consider basic validation for developer experience:

   if env_org := os.environ.get("OSS_FUZZ_CONTAINER_ORG"):
       if not re.match(r'^[a-z0-9._/-]+$', env_org):
           logger.warning(f"OSS_FUZZ_CONTAINER_ORG contains unusual characters: {env_org}")
       return env_org

Recommendations

1. ✅ Approve - This is a solid bug fix with proper testing
2. Optional: Add brief documentation for OSS_FUZZ_CONTAINER_ORG in deployment/README or CLAUDE.md
3. Optional: Consider adding validation as shown above for better developer experience

Overall Assessment

Rating: ✅ APPROVED

This PR successfully fixes the reported bug while maintaining code quality and backward compatibility. The implementation is clean, well-tested, and follows Python best practices.

[ret2libc]

We don't have OSS_FUZZ_CONTAINER_ORG described anywhere at the moment, I think, but I think this is still nice to have as it allows to force a specific container if necessary.