Skip to content

test(coverage): slack/policies-id/webhooks-id/scan-GET routes + repo-bundle/policy-service lib#87

Merged
LanNguyenSi merged 1 commit into
masterfrom
test/depsight-coverage-residual
Jun 29, 2026
Merged

test(coverage): slack/policies-id/webhooks-id/scan-GET routes + repo-bundle/policy-service lib#87
LanNguyenSi merged 1 commit into
masterfrom
test/depsight-coverage-residual

Conversation

@LanNguyenSi

Copy link
Copy Markdown
Owner

What

Closes the highest-risk residual test-coverage gaps in depsight after #86 (which covered safe-fetch, the tokens routes, webhooks/policies route exemplars, and the CI coverage ratchet). Adds 36 vitest tests across 6 previously-untested targets, plus per-file coverage thresholds.

Covered

Each target asserts the success path AND every failure/edge branch; the guard mutations were independently killed by a reviewer.

  • app/api/slack/route.ts (GET/POST/DELETE): auth 401, missing webhookUrl 400, SSRF block (assertPublicUrl rejects SsrfBlockedError, upsert not called), invalid minSeverity 400, upsert/delete success.
  • app/api/policies/[id]/route.ts (GET/PUT/DELETE): auth 401, not-found 404, the three PUT validation 400s (type/severity/rule), DELETE 404.
  • app/api/webhooks/[id]/route.ts (DELETE/PATCH): auth 401, ownership 404 on both methods, explicit enable/disable, and toggle.
  • app/api/scan/route.ts (GET, added to the existing file): auth 401, missing repoId 400, scan:null, full scan with advisories.
  • lib/export/repo-bundle.ts: getMissingExportScans across all scan-presence combinations, and buildRepoExportArchive (missing-scan throw plus real ZIP byte output).
  • lib/policy/service.ts: all 6 CRUD functions including the userId-scoped IDOR / not-found branches (update, delete, and toggle ownership all pinned).

Verification

  • 411 tests pass (was 375). npm run test:coverage is green with the new per-file thresholds enforced, negative-control verified (each floor raised above measured produced a hard build failure, then restored).
  • An independent reviewer ran 15 source mutations across all 6 targets; every security and validation guard kills a test (auth gates, SSRF reject, the three PUT validations, ownership 404s, IDOR where-clauses). The one surviving mutation, togglePolicy userId-scoping, was folded into a fix in this PR.
  • lint: 0 errors. tsc --noEmit: clean.

Deferred to follow-up

This batch is the high-security-density subset. Still untested, tracked by the depsight test-coverage umbrella and a follow-up task: dependabot/* routes, ci/analytics routes and lib modules, the export/route 5-branch flow, ci/sync and ci/ingest, the pr-scan/repos-sync/deps/license/sbom/history/me/overview routes, lib/cron/auto-scan, lib/pr/pr-scanner, lib/github, the mcp tool handlers, the mint-api-token CLI, and the prisma DB layer in lib/export/repo-bundle.ts (loadRepoExportData IDOR plus the scan loaders, out of this PR's pure-function scope).

Refs: tc-audit-2026-06-27 (depsight test-coverage umbrella)

… repo-bundle/policy-service lib

Closes residual HIGH route-handler + MED lib gaps after #86: 36 tests across
6 targets, each asserting success + every failure/edge branch (12 security/
validation guard mutations killed). Per-file coverage thresholds added.

Refs: tc-audit-2026-06-27 (depsight test-coverage umbrella)

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@LanNguyenSi LanNguyenSi merged commit 110aaa8 into master Jun 29, 2026
4 checks passed
@LanNguyenSi LanNguyenSi deleted the test/depsight-coverage-residual branch June 29, 2026 14:01
LanNguyenSi added a commit that referenced this pull request Jun 30, 2026
…p gates (#88)

* test(coverage): cover remaining 18 API route handlers + per-file gates

Adds unit tests for every previously-untested app/api route handler,
closing the depsight route-handler HIGH/MED surface after #86/#87:
dependabot trio, ci/sync, repos/sync, pr-scan, export, sbom, me, health,
deps, license, ci/analytics/[repoId], ci/analytics/cross-repo, history,
overview, policies/evaluate, repos. 117 new tests (411 -> 528 suite).

Each route covers all auth/ownership/IDOR/validation/error branches with
value-level assertions (exact prisma where clauses incl userId, exact
status + body). Per-file coverage thresholds added (S/F/L 95, branch
floors ~5-8 below measured), negative-control verified.

Refs: tc-audit-2026-06-27

* test(coverage): fold reviewer findings: assert ownership/IDOR boundaries

Adversarial mutation-verify (34 mutations, 30 killed, 4 survived) found
inert ownership assertions; this folds the fixes (each re-mutation-killed
independently):
- dependabot/check: assert prisma.repo.findMany is scoped to
  { userId, tracked:true }; removing userId was a cross-tenant IDOR
  that 100% line coverage masked (HIGH).
- export: assert the primary loadRepoExportData(userId, repoId) call on
  the happy path (MED).
- ci/analytics/[repoId]: mock owned repo.id distinct from the path param
  and assert analytics keyed on the ownership-verified id, not the raw
  param (LOW).

Refs: tc-audit-2026-06-27

---------

Co-authored-by: Lan Nguyen Si <nguyen-si@publicplan.de>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants