move inline imports to top-level

Suresh Kumar Moharajan · Suresh Kumar Moharajan · commit fa7d04643584 · 2026-04-02T15:44:03.000+01:00
Signed-off-by: Suresh Kumar Moharajan &lt;suresh.kumar.m@ibm.com&gt;
diff --git a/tests/e2e/test_admin_apis.py b/tests/e2e/test_admin_apis.py
@@ -46,6 +46,9 @@
 import pytest  # noqa: E402
 import pytest_asyncio  # noqa: E402
 
+# First-Party
+from mcpgateway.config import settings  # noqa: E402
+
 logging.basicConfig(level=logging.DEBUG, format="%(asctime)s - %(levelname)s - %(message)s")
 
 
@@ -673,9 +676,6 @@ async def test_admin_add_resource_accepts_parameterized_mime_types(self, client:
 
     async def test_admin_add_resource_rejects_disallowed_mime_type(self, client: AsyncClient, mock_settings, monkeypatch):
         """Test that resources with disallowed MIME types are rejected with 415 status."""
-        # First-Party
-        from mcpgateway.config import settings
-
         # Configure a very restrictive MIME type list that excludes application/evil
         # We need to set both validation lists to ensure the error reaches ContentSecurityService
         allowed_types = [
diff --git a/tests/unit/mcpgateway/services/test_content_security.py b/tests/unit/mcpgateway/services/test_content_security.py
@@ -1,10 +1,13 @@
 # -*- coding: utf-8 -*-
 """Unit tests for content security service."""
 
+import sys
+import threading
 import pytest
 import mcpgateway.services.content_security as cs_mod
 from unittest.mock import patch, MagicMock
 
+from mcpgateway import config
 from mcpgateway.services.content_security import (
     ContentSecurityService,
     ContentSizeError,
@@ -213,8 +216,6 @@ def test_get_service_returns_singleton(self):
 
     def test_get_service_thread_safe(self):
         """Test that singleton is thread-safe."""
-        import threading
-
         results = []
 
         def get_service():
@@ -327,7 +328,6 @@ def test_validate_empty_mime_type(self):
 
     def test_validate_allowed_mime_type(self, monkeypatch):
         """Test validation passes for allowed MIME types."""
-        from mcpgateway import config
         # Ensure strict mode is off so this test is independent of .env settings
         monkeypatch.setattr(config.settings, "content_strict_mime_validation", False)
         service = ContentSecurityService()
@@ -339,7 +339,6 @@ def test_validate_allowed_mime_type(self, monkeypatch):
 
     def test_validate_vendor_mime_type_log_only_mode(self, monkeypatch):
         """Test that vendor types (x- prefix) are allowed in log-only mode."""
-        from mcpgateway import config
         monkeypatch.setattr(config.settings, "content_strict_mime_validation", False)
 
         service = ContentSecurityService()
@@ -349,7 +348,6 @@ def test_validate_vendor_mime_type_log_only_mode(self, monkeypatch):
 
     def test_validate_vendor_mime_type_strict_mode(self, monkeypatch):
         """Test that vendor types (x- prefix) are rejected in strict mode unless in allowlist."""
-        from mcpgateway import config
         monkeypatch.setattr(config.settings, "content_strict_mime_validation", True)
         monkeypatch.setattr(config.settings, "content_allowed_resource_mimetypes", ["text/plain"])
 
@@ -365,7 +363,6 @@ def test_validate_vendor_mime_type_strict_mode(self, monkeypatch):
 
     def test_validate_suffix_mime_type_log_only_mode(self, monkeypatch):
         """Test that suffix types (with +) are allowed in log-only mode."""
-        from mcpgateway import config
         monkeypatch.setattr(config.settings, "content_strict_mime_validation", False)
 
         service = ContentSecurityService()
@@ -375,7 +372,6 @@ def test_validate_suffix_mime_type_log_only_mode(self, monkeypatch):
 
     def test_validate_suffix_mime_type_strict_mode(self, monkeypatch):
         """Test that suffix types (with +) are rejected in strict mode unless in allowlist."""
-        from mcpgateway import config
         monkeypatch.setattr(config.settings, "content_strict_mime_validation", True)
         monkeypatch.setattr(config.settings, "content_allowed_resource_mimetypes", ["text/plain"])
 
@@ -392,7 +388,6 @@ def test_validate_suffix_mime_type_strict_mode(self, monkeypatch):
     def test_validate_disallowed_mime_type_strict_mode(self, monkeypatch):
         """Test validation fails for disallowed MIME types in strict mode."""
         # Enable strict validation
-        from mcpgateway import config
         monkeypatch.setattr(config.settings, "content_strict_mime_validation", True)
 
         service = ContentSecurityService()
@@ -406,7 +401,6 @@ def test_validate_disallowed_mime_type_strict_mode(self, monkeypatch):
     def test_validate_disallowed_mime_type_log_only_mode(self, monkeypatch):
         """Test validation logs but doesn't raise in log-only mode."""
         # Disable strict validation (log-only mode)
-        from mcpgateway import config
         monkeypatch.setattr(config.settings, "content_strict_mime_validation", False)
 
         service = ContentSecurityService()
@@ -415,7 +409,6 @@ def test_validate_disallowed_mime_type_log_only_mode(self, monkeypatch):
 
     def test_validate_with_logging_context(self, monkeypatch):
         """Test validation with full logging context."""
-        from mcpgateway import config
         monkeypatch.setattr(config.settings, "content_strict_mime_validation", True)
 
         service = ContentSecurityService()
@@ -429,7 +422,6 @@ def test_validate_with_logging_context(self, monkeypatch):
 
     def test_validate_case_sensitive(self, monkeypatch):
         """Test that MIME type validation is case-sensitive."""
-        from mcpgateway import config
         monkeypatch.setattr(config.settings, "content_strict_mime_validation", True)
 
         service = ContentSecurityService()
@@ -447,7 +439,6 @@ class TestMimeTypeIntegration:
 
     def test_size_and_mime_validation_order(self, monkeypatch):
         """Test that size validation happens before MIME validation."""
-        from mcpgateway import config
         monkeypatch.setattr(config.settings, "content_strict_mime_validation", True)
 
         service = ContentSecurityService()
@@ -473,7 +464,6 @@ class TestVendorSuffixMimeTypeInStrictMode:
 
     def test_vendor_type_rejected_in_strict_mode_without_allowlist(self, monkeypatch):
         """Test that application/x- vendor types are rejected in strict mode if not in allowlist."""
-        from mcpgateway import config
         monkeypatch.setattr(config.settings, "content_strict_mime_validation", True)
         # Use a custom allowlist that does NOT include application/x-custom
         monkeypatch.setattr(config.settings, "content_allowed_resource_mimetypes", ["text/plain"])
@@ -486,7 +476,6 @@ def test_vendor_type_rejected_in_strict_mode_without_allowlist(self, monkeypatch
 
     def test_vendor_type_allowed_when_in_allowlist(self, monkeypatch):
         """Test that vendor types pass when explicitly added to allowlist."""
-        from mcpgateway import config
         monkeypatch.setattr(config.settings, "content_strict_mime_validation", True)
         # Add vendor type to allowlist
         monkeypatch.setattr(config.settings, "content_allowed_resource_mimetypes", ["text/plain", "application/x-custom"])
@@ -497,7 +486,6 @@ def test_vendor_type_allowed_when_in_allowlist(self, monkeypatch):
 
     def test_text_vendor_type_rejected_in_strict_mode_without_allowlist(self, monkeypatch):
         """Test that text/x- vendor types are rejected in strict mode if not in allowlist."""
-        from mcpgateway import config
         monkeypatch.setattr(config.settings, "content_strict_mime_validation", True)
         monkeypatch.setattr(config.settings, "content_allowed_resource_mimetypes", ["application/json"])
 
@@ -509,7 +497,6 @@ def test_text_vendor_type_rejected_in_strict_mode_without_allowlist(self, monkey
 
     def test_suffix_type_rejected_in_strict_mode_without_allowlist(self, monkeypatch):
         """Test that suffix types (+json, +xml) are rejected in strict mode if not in allowlist."""
-        from mcpgateway import config
         monkeypatch.setattr(config.settings, "content_strict_mime_validation", True)
         monkeypatch.setattr(config.settings, "content_allowed_resource_mimetypes", ["text/plain"])
 
@@ -521,7 +508,6 @@ def test_suffix_type_rejected_in_strict_mode_without_allowlist(self, monkeypatch
 
     def test_suffix_type_allowed_when_in_allowlist(self, monkeypatch):
         """Test that suffix types pass when explicitly added to allowlist."""
-        from mcpgateway import config
         monkeypatch.setattr(config.settings, "content_strict_mime_validation", True)
         # Add suffix type to allowlist
         monkeypatch.setattr(config.settings, "content_allowed_resource_mimetypes", ["text/plain", "application/vnd.api+json"])
@@ -554,8 +540,6 @@ def inc(self, amount=1):
 
     def test_noop_counter_import_fallback(self):
         """Test that content_security module handles missing metrics gracefully (line 26)."""
-        import sys
-
         # Temporarily hide the metrics module to trigger the ImportError fallback
         original_metrics = sys.modules.get("mcpgateway.services.metrics")
         original_cs = sys.modules.get("mcpgateway.services.content_security")
diff --git a/tests/unit/mcpgateway/test_main.py b/tests/unit/mcpgateway/test_main.py
@@ -45,6 +45,7 @@
     ToolMetrics,
     ToolRead,
 )
+from mcpgateway.services.content_security import ContentSizeError, ContentTypeError
 
 # --------------------------------------------------------------------------- #
 # Constants                                                                   #
@@ -1143,9 +1144,6 @@ def test_create_resource_endpoint(self, mock_create, test_client, auth_headers):
     @patch("mcpgateway.main.resource_service.register_resource")
     def test_create_resource_content_size_error(self, mock_create, test_client, auth_headers):
         """Test create_resource returns 413 for content size limit exceeded."""
-        # First-Party
-        from mcpgateway.services.content_security import ContentSizeError
-
         mock_create.side_effect = ContentSizeError("Resource", 150000, 102400)
         req = {"resource": {"uri": "test/resource", "name": "Test Resource", "content": "x" * 150000}, "team_id": None, "visibility": "private"}
         response = test_client.post("/resources/", json=req, headers=auth_headers)
@@ -1158,8 +1156,6 @@ def test_create_resource_content_size_error(self, mock_create, test_client, auth
     @patch("mcpgateway.main.resource_service.register_resource")
     def test_create_resource_content_type_error(self, mock_create, test_client, auth_headers):
         """Test create_resource returns 415 for unsupported MIME type."""
-        from mcpgateway.services.content_security import ContentTypeError
-
         mock_create.side_effect = ContentTypeError("application/x-malicious", ["text/plain", "application/json"])
         req = {"resource": {"uri": "test/resource", "name": "Test Resource", "mime_type": "text/plain", "content": "hello"}, "team_id": None, "visibility": "private"}
         response = test_client.post("/resources/", json=req, headers=auth_headers)
@@ -1174,9 +1170,6 @@ def test_create_resource_content_type_error(self, mock_create, test_client, auth
     @patch("mcpgateway.main.resource_service.register_resource")
     def test_create_resource_content_size_error(self, mock_create, test_client, auth_headers):
         """Test create_resource returns 413 for content size limit exceeded."""
-        # First-Party
-        from mcpgateway.services.content_security import ContentSizeError
-
         mock_create.side_effect = ContentSizeError("Resource", 150000, 102400)
         req = {"resource": {"uri": "test/resource", "name": "Test Resource", "content": "x" * 150000}, "team_id": None, "visibility": "private"}
         response = test_client.post("/resources/", json=req, headers=auth_headers)
@@ -1368,9 +1361,6 @@ def test_update_prompt_validation_and_integrity_errors(self, mock_update, exc, s
     @patch("mcpgateway.main.prompt_service.register_prompt")
     def test_create_prompt_content_size_error(self, mock_create, test_client, auth_headers):
         """Test create_prompt returns 413 for content size limit exceeded."""
-        # First-Party
-        from mcpgateway.services.content_security import ContentSizeError
-
         mock_create.side_effect = ContentSizeError("Prompt", 15000, 10240)
         req = {"prompt": {"name": "test_prompt", "template": "x" * 15000}, "team_id": None, "visibility": "private"}
         response = test_client.post("/prompts/", json=req, headers=auth_headers)
@@ -1383,9 +1373,6 @@ def test_create_prompt_content_size_error(self, mock_create, test_client, auth_h
     @patch("mcpgateway.main.prompt_service.update_prompt")
     def test_update_prompt_content_size_error(self, mock_update, test_client, auth_headers):
         """Test update_prompt returns 413 for content size limit exceeded."""
-        # First-Party
-        from mcpgateway.services.content_security import ContentSizeError
-
         mock_update.side_effect = ContentSizeError("Prompt", 15000, 10240)
         req = {"template": "x" * 15000}
         response = test_client.put("/prompts/test_prompt", json=req, headers=auth_headers)
@@ -1398,9 +1385,6 @@ def test_update_prompt_content_size_error(self, mock_update, test_client, auth_h
     @patch("mcpgateway.main.prompt_service.register_prompt")
     def test_create_prompt_content_size_error(self, mock_create, test_client, auth_headers):
         """Test create_prompt returns 413 for content size limit exceeded."""
-        # First-Party
-        from mcpgateway.services.content_security import ContentSizeError
-
         mock_create.side_effect = ContentSizeError("Prompt", 15000, 10240)
         req = {"prompt": {"name": "test_prompt", "template": "x" * 15000}, "team_id": None, "visibility": "private"}
         response = test_client.post("/prompts/", json=req, headers=auth_headers)
@@ -1413,9 +1397,6 @@ def test_create_prompt_content_size_error(self, mock_create, test_client, auth_h
     @patch("mcpgateway.main.prompt_service.update_prompt")
     def test_update_prompt_content_size_error(self, mock_update, test_client, auth_headers):
         """Test update_prompt returns 413 for content size limit exceeded."""
-        # First-Party
-        from mcpgateway.services.content_security import ContentSizeError
-
         mock_update.side_effect = ContentSizeError("Prompt", 15000, 10240)
         req = {"template": "x" * 15000}
         response = test_client.put("/prompts/test_prompt", json=req, headers=auth_headers)
diff --git a/tests/unit/mcpgateway/test_main_error_handlers.py b/tests/unit/mcpgateway/test_main_error_handlers.py
@@ -9,17 +9,22 @@
 """
 
 # Standard
+import asyncio
+import json
 from unittest.mock import AsyncMock, MagicMock, patch
 
 # Third-Party
 from fastapi.testclient import TestClient
 from pydantic import SecretStr, ValidationError
 from sqlalchemy.exc import IntegrityError
+from starlette.requests import Request
 import jwt
 import pytest
 
 # First-Party
 from mcpgateway.config import settings
+from mcpgateway.main import content_type_exception_handler
+from mcpgateway.services.content_security import ContentTypeError
 from mcpgateway.services.gateway_service import (
     GatewayConnectionError,
     GatewayDuplicateConflictError,
@@ -590,11 +595,6 @@ def test_update_server_permission_error(self, test_client, auth_headers):
 
 def test_content_type_exception_handler():
     """Test ContentTypeError exception handler returns 415 with proper format."""
-    # First-Party
-    from mcpgateway.main import content_type_exception_handler
-    from mcpgateway.services.content_security import ContentTypeError
-    from starlette.requests import Request
-
     # Create a mock request
     mock_request = MagicMock(spec=Request)
 
@@ -605,13 +605,11 @@ def test_content_type_exception_handler():
     )
 
     # Call the exception handler
-    import asyncio
     response = asyncio.run(content_type_exception_handler(mock_request, exc))
 
     # Verify response
     assert response.status_code == 415
     content = response.body.decode()
-    import json
     result = json.loads(content)
     assert "detail" in result
     assert result["detail"]["error"] == "Unsupported MIME type"
