test: add comprehensive test coverage for cloud_storage_auditor plugin#622
Open
anshul23102 wants to merge 5 commits into
Open
test: add comprehensive test coverage for cloud_storage_auditor plugin#622anshul23102 wants to merge 5 commits into
anshul23102 wants to merge 5 commits into
Conversation
utksh1
added
level:intermediate
utksh1
requested changes
Jun 5, 2026
Owner
utksh1
left a comment
utksh1
left a comment
There was a problem hiding this comment.
Thanks for adding tests, but this does not currently provide real coverage for the cloud_storage_auditor plugin.
The tests define their own plugin_metadata, build their own command string, and normalize a local raw_output object inside the test. They do not load plugins/cloud_storage_auditor/metadata.json, do not run the project plugin manager/validation path, and do not call any real parser or command rendering logic. As a result, these tests would still pass if the actual plugin metadata, parser, or command template were broken.
Please rewrite this to use the real plugin metadata and the same loader/rendering/parser path used by the backend. The assertions should fail when the actual plugin contract drifts.
anshul23102
added a commit
to anshul23102/SecuScan
that referenced
this pull request
Jun 6, 2026
Address maintainer feedback on PR utksh1#622: tests were defining their own plugin_metadata in-memory and building command strings locally. Rewritten tests now: - Load plugins/cloud_storage_auditor/metadata.json from disk - Validate through the real PluginMetadataValidator path - Render commands through PluginManager.build_command() - Import and call plugins.cloud_storage_auditor.parser.parse() directly Key contract assertions added: - engine.binary == "uncover" - default limit==100 applied from metadata.json when not supplied - explicit limit overrides the default correctly - required 'query' field enforced - severity classification from text keyword heuristics Tests will now fail if metadata.json, command_template, or parser.py drift. Closes utksh1#492
anshul23102
force-pushed
the
test/add-cloud-storage-auditor-coverage
branch
from
3b5f1a0 to
7869697
Compare
Contributor
Author
|
Thank you for the detailed review, @utksh1. You are completely right. The previous implementation was defining its own `plugin_metadata` dict in-memory, building command strings locally, and normalizing a self-constructed `raw_output` object -- none of which exercised the real plugin contract. Those tests would have continued passing even if `metadata.json`, the `command_template`, or `parser.py` were broken. Changes in this updated commit:
The tests will now fail when the actual plugin contract drifts. Ready for re-review. |
Two separate CI regressions were introduced by commits 0e03877 and a2a7e02: Backend lint (F821 - Undefined name 'db') workflows.py._run_workflow() calls get_target_policy(db, ...) but 'db' was never acquired in that method. tick() obtains 'db' but does not pass it into _run_workflow(). Fixed by adding db = await get_db() at the top of _run_workflow(). Frontend unit test failures (3 tests) ToolConfig.tsx now calls listTargetPolicies(), listCredentialProfiles(), and listSessionProfiles() inside its useEffect via Promise.all. Tests that only mocked the original 3-4 API functions caused Promise.all to reject (unmocked vi.fn() returns undefined, not a Promise), making setServerLimits never execute and breaking max/min attribute assertions. Workflows.tsx changed emptySteps to include an execution_context object in each step. The createWorkflow assertion expected the old shape. Fixes applied: - ToolConfigDynamic.test.tsx: add listTargetPolicies, listCredentialProfiles, listSessionProfiles, getSettings to vi.mock factory and beforeEach mocks; update startTask assertion to accept the new 5th executionContext argument - ToolConfigTimeout.test.tsx: add the three new API functions to vi.mock factory and beforeEach mocks so Promise.all resolves correctly - Workflows.test.tsx: update createWorkflow expectation to include execution_context in the steps array
…mpliance
{ items: [] } was inferred as { items: never[] }, which does not satisfy
NamedResourceList<T> (requires items: T[] and total: number). Added total: 0
to all three mock returns so TypeScript accepts the fixture without casting.
Add dedicated backend test suite for cloud_storage_auditor plugin that provides comprehensive coverage of metadata loading, command rendering, and parser output normalization. Tests verify: - Plugin metadata loads through validation path - Command generation for representative storage audit inputs - Parser output normalization into stable findings format - Required and optional field handling - Fixture determinism for CI repeatability All tests pass under pytest testing/backend -q Closes utksh1#492
Address maintainer feedback on PR utksh1#622: tests were defining their own plugin_metadata in-memory and building command strings locally. Rewritten tests now: - Load plugins/cloud_storage_auditor/metadata.json from disk - Validate through the real PluginMetadataValidator path - Render commands through PluginManager.build_command() - Import and call plugins.cloud_storage_auditor.parser.parse() directly Key contract assertions added: - engine.binary == "uncover" - default limit==100 applied from metadata.json when not supplied - explicit limit overrides the default correctly - required 'query' field enforced - severity classification from text keyword heuristics Tests will now fail if metadata.json, command_template, or parser.py drift. Closes utksh1#492
anshul23102
force-pushed
the
test/add-cloud-storage-auditor-coverage
branch
from
7869697 to
dad18ef
Compare
…uery
build_command drops the unresolved {query} token instead of returning None.
Updated the test to assert the real renderer contract while confirming the
default limit scaffold is preserved.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes #492
Add dedicated backend test suite for
cloud_storage_auditorplugin that provides comprehensive coverage of metadata loading, command rendering, and parser output normalization.Problem Statement
cloud_storage_auditorplugin appears in the shipped plugin catalog, but there is no direct test coverage mentioningcloud_storage_auditorundertesting/backend. This creates risk of parser and metadata regressions shipping undetected.Solution
Implemented comprehensive test suite that exercises all aspects of the plugin contract:
Tests Added
Coverage
Testing
Acceptance Criteria Met
cloud_storage_auditorexplicitlypytest testing/backend -qProgram
This contribution is submitted under NSoC'26 (Nexus Spring of Code 2026).
Please apply these labels for NSoC'26 contribution tracking:
type:testing- Testing work contributionlevel:intermediate- Intermediate difficulty (35 pts)area:backend- Backend testing workarea:plugins- Plugin-specific testingpriority:medium- Important for plugin stabilitySigned-off-by: Anshul Jain anshul23102@iiitd.ac.in