Skip to content

increase unit test coverage #120

New issue
New issue
Open
Open
increase unit test coverage#120
@zohayb23

Description

@zohayb23
zohayb23
opened on Aug 28, 2025

Overview

Conducting a comprehensive review of all test files to identify and implement missing test cases across the codebase. This systematic review ensures our test suite provides thorough coverage of all functionality.

Missing Test Cases Identified

(No outstanding items currently identified)

Missing Test Cases Completed

  • OSPS-LE-03.02: License verification

    • Fixed missing "Passed" scenario test case in TestReleasesLicensed
    • Added test case for repositories with valid licenses and releases
    • Implemented stubGraphqlRepo helper for consistent test data
    • Now covers success path: repositories with releases + valid license → layer4.Passed

  • SPDX License Expression Handling

    • Implemented complex license expression testing
    • Added splitSpdxExpression function with proper AND/OR handling
    • Covers complex expressions like "MIT AND Apache-2.0 OR GPL-3.0"
    • Handles edge cases and malformed expressions

  • OSPS-LE-02.01: License Validation (goodLicense function testing)

    • Fixed TestGetLicenseList to test actual production code
    • Eliminated duplicate testGetLicenseListLogic function
    • Implemented dependency injection in getLicenseList for testability
    • Test now validates the real code path used by goodLicense function
    • Added comprehensive unit tests with dependency injection pattern (PR test: Add comprehensive unit tests for goodLicense with dependency injection #136)
    • Implemented mock GitHub client for isolated testing
    • Covers all scenarios: valid licenses, invalid licenses, API errors, fallback logic

  • OSPS-VM-01.01: Vulnerability Disclosure Policy Testing (PR feat: implement OSPS-VM-01.01 vulnerability disclosure policy assessment #153)

    • Added TestHasVulnerabilityDisclosurePolicy with comprehensive coverage
    • Tests policy present, missing, and invalid payload scenarios
    • Validates Security Insights SecurityPolicy field checking
    • Ensures proper error handling and clear messaging

  • OSPS-VM-03.01: Private Vulnerability Reporting Testing (PR feat: implement OSPS-VM-03.01 private vulnerability reporting assessment #154)

    • Added TestHasPrivateVulnerabilityReporting with 5 comprehensive test cases
    • Tests direct security contact email and security champions fallback
    • Validates ReportsAccepted policy enforcement
    • Covers no contact methods and invalid payload scenarios
    • Ensures proper private vulnerability reporting channel validation

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions