Fix high-severity test quality issues (#3854)

strawgate · claude · web-flow · commit fb03e8559232 · 2026-04-12T13:14:52.000-04:00
- Delete entirely commented-out test_run_server.py (99 lines dead code) - Fix test_pydantic_model_with_stringified_json_no_strict: replace try/except-both-branches-pass with clear pytest.raises assertion - Fix test_path_traversal_blocked: remove dead assertions after pytest.raises (lines after raise never execute) Error handling middleware test fixes are in a separate PR (#3858) which also fixes the underlying RetryMiddleware bug. 🤖 Generated with Claude Code Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
diff --git a/tests/server/providers/test_skills_provider.py b/tests/server/providers/test_skills_provider.py
@@ -653,14 +653,8 @@ async def test_path_traversal_blocked(self, tmp_path: Path):
         mcp.add_provider(SkillsDirectoryProvider(roots=skills_dir))
 
         async with Client(mcp) as client:
-            # Path traversal attempts should fail (either normalized away or blocked)
-            # The important thing is that SECRET DATA is never returned
+            # Path traversal attempts should fail — the secret must never be returned
             with pytest.raises(Exception):
-                result = await client.read_resource(
+                await client.read_resource(
                     AnyUrl("skill://test-skill/../../../secret.txt")
                 )
-                # If we somehow got here, ensure we didn't get the secret
-                if result:
-                    for content in result:
-                        if hasattr(content, "text"):
-                            assert "SECRET DATA" not in content.text
diff --git a/tests/server/test_input_validation.py b/tests/server/test_input_validation.py
@@ -13,6 +13,7 @@
 from pydantic import BaseModel
 
 from fastmcp import Client, FastMCP
+from fastmcp.exceptions import ToolError
 
 
 class UserProfile(BaseModel):
@@ -130,8 +131,13 @@ def create_user(profile: UserProfile) -> str:
             assert "Alice" in result.content[0].text
             assert "30" in result.content[0].text
 
-    async def test_pydantic_model_with_stringified_json_no_strict(self):
-        """Test if stringified JSON is accepted for Pydantic models without strict validation."""
+    async def test_stringified_json_not_auto_parsed_for_pydantic_models(self):
+        """Stringified JSON is rejected for Pydantic model parameters.
+
+        Some LLM clients send stringified JSON (a JSON string containing a
+        JSON object) instead of a proper JSON object.  FastMCP does not
+        auto-parse these; callers get a validation error.
+        """
         mcp = FastMCP("TestServer", strict_input_validation=False)
 
         @mcp.tool
@@ -140,33 +146,12 @@ def create_user(profile: UserProfile) -> str:
             return f"Created user {profile.name}, age {profile.age}"
 
         async with Client(mcp) as client:
-            # Some LLM clients send stringified JSON instead of actual JSON
             stringified = json.dumps(
                 {"name": "Bob", "age": 25, "email": "bob@example.com"}
             )
 
-            # This test verifies whether we handle stringified JSON
-            error_msg = ""
-            try:
-                result = await client.call_tool("create_user", {"profile": stringified})
-                # If this succeeds, we're handling stringified JSON
-                assert isinstance(result.content[0], TextContent)
-                assert "Bob" in result.content[0].text
-                stringified_json_works = True
-            except Exception as e:
-                # If this fails, we're not handling stringified JSON
-                stringified_json_works = False
-                error_msg = str(e)
-
-            # Document the behavior - we want to know if this works or not
-            if stringified_json_works:
-                # This is the desired behavior
-                pass
-            else:
-                # This means stringified JSON doesn't work - document it
-                assert (
-                    "validation" in error_msg.lower() or "invalid" in error_msg.lower()
-                )
+            with pytest.raises(ToolError, match="validation"):
+                await client.call_tool("create_user", {"profile": stringified})
 
     async def test_pydantic_model_with_coercion(self):
         """Pydantic models should benefit from coercion without strict validation."""
diff --git a/tests/server/test_run_server.py b/tests/server/test_run_server.py
