test: add file-backed service unit tests (mapper, digest, version, changelog, KEV)

CyberSecDef · claude · CyberSecDef · commit 15d5cceac545 · 2026-06-08T19:21:25.000-04:00
Second batch of service-layer unit tests (32 tests), covering the
deterministic file-backed services.

- R4ToR5Mapper: structural invariants of map() against the committed r4/r5
  catalogs — totals populated, kind-counts sum to row count, kinds within the
  known set, family-ordered, deterministic. Robust to catalog refreshes.
- StigDigestBuilder::findPreviousEntry: pure date-sort resolution — immediate
  predecessor, oldest/unknown/single-entry edges, array + stdClass inputs.
- AppVersion: temp-dir — baked VERSION read, whitespace trim, empty-file
  fallthrough to compute(), result caching, __toString, compute() shape.
- Changelog: temp-dir — frozen-JSON load, malformed / missing-key / empty
  fallthrough, frozenPath().
- Vulns\KevLoader: temp-dir — missing-file degradation, load/meta, case-
  insensitive byCve, deterministic summary() (far-past/future dates only).

Verified on PHP 8.4 (deploy target): OK (102 tests, 3415 assertions).

Co-Authored-By: Claude Opus 4.8 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/cyber.trackr.live/tests/Service/AppVersionTest.php b/cyber.trackr.live/tests/Service/AppVersionTest.php
@@ -0,0 +1,84 @@
+<?php
+
+namespace App\Tests\Service;
+
+use App\Service\AppVersion;
+use PHPUnit\Framework\TestCase;
+
+class AppVersionTest extends TestCase
+{
+    /** @var string[] */
+    private array $tmpDirs = [];
+
+    protected function tearDown(): void
+    {
+        foreach ($this->tmpDirs as $d) {
+            if (is_dir($d)) {
+                foreach (scandir($d) as $f) {
+                    if ($f !== '.' && $f !== '..') {
+                        @unlink($d . '/' . $f);
+                    }
+                }
+                @rmdir($d);
+            }
+        }
+        $this->tmpDirs = [];
+    }
+
+    private function tmpDir(): string
+    {
+        $d = sys_get_temp_dir() . '/avtest_' . uniqid('', true);
+        mkdir($d, 0777, true);
+        $this->tmpDirs[] = $d;
+        return $d;
+    }
+
+    public function testReadsBakedVersionFile(): void
+    {
+        $d = $this->tmpDir();
+        file_put_contents($d . '/VERSION', '9.2601.42');
+        $this->assertSame('9.2601.42', (new AppVersion($d))->get());
+    }
+
+    public function testTrimsWhitespaceFromVersionFile(): void
+    {
+        $d = $this->tmpDir();
+        file_put_contents($d . '/VERSION', "  1.2.3\n");
+        $this->assertSame('1.2.3', (new AppVersion($d))->get());
+    }
+
+    public function testEmptyVersionFileFallsThroughToCompute(): void
+    {
+        $d = $this->tmpDir();
+        file_put_contents($d . '/VERSION', "   \n");
+        // No VERSION value → live compute → MAJOR.YYMM.commits shape.
+        $this->assertMatchesRegularExpression('/^3\.\d{4}\.\d+$/', (new AppVersion($d))->get());
+    }
+
+    public function testGetCachesFirstResult(): void
+    {
+        $d = $this->tmpDir();
+        file_put_contents($d . '/VERSION', '5.5.5');
+        $v = new AppVersion($d);
+        $first = $v->get();
+        // Mutating the file after the first read must not change the cached value.
+        file_put_contents($d . '/VERSION', '6.6.6');
+        $this->assertSame('5.5.5', $v->get());
+        $this->assertSame($first, $v->get());
+    }
+
+    public function testToStringMatchesGet(): void
+    {
+        $d = $this->tmpDir();
+        file_put_contents($d . '/VERSION', '7.7.7');
+        $v = new AppVersion($d);
+        $this->assertSame('7.7.7', (string) $v);
+    }
+
+    public function testComputeAlwaysProducesMajorYymmCommitsShape(): void
+    {
+        // compute() ignores any VERSION file and derives the string live.
+        // In a throwaway dir with no git repo, commit count resolves to 0.
+        $this->assertMatchesRegularExpression('/^3\.\d{4}\.\d+$/', (new AppVersion($this->tmpDir()))->compute());
+    }
+}
diff --git a/cyber.trackr.live/tests/Service/ChangelogTest.php b/cyber.trackr.live/tests/Service/ChangelogTest.php
@@ -0,0 +1,93 @@
+<?php
+
+namespace App\Tests\Service;
+
+use App\Service\Changelog;
+use PHPUnit\Framework\TestCase;
+
+class ChangelogTest extends TestCase
+{
+    /** @var string[] */
+    private array $tmpDirs = [];
+
+    protected function tearDown(): void
+    {
+        foreach ($this->tmpDirs as $d) {
+            $this->rrmdir($d);
+        }
+        $this->tmpDirs = [];
+    }
+
+    private function tmpDir(): string
+    {
+        $d = sys_get_temp_dir() . '/cltest_' . uniqid('', true);
+        mkdir($d, 0777, true);
+        $this->tmpDirs[] = $d;
+        return $d;
+    }
+
+    private function writeChangelog(string $projectDir, string $rawJson): void
+    {
+        $dir = $projectDir . '/resources/data';
+        mkdir($dir, 0777, true);
+        file_put_contents($dir . '/changelog.json', $rawJson);
+    }
+
+    private function rrmdir(string $d): void
+    {
+        if (!is_dir($d)) {
+            return;
+        }
+        foreach (scandir($d) as $f) {
+            if ($f === '.' || $f === '..') {
+                continue;
+            }
+            $p = $d . '/' . $f;
+            is_dir($p) ? $this->rrmdir($p) : @unlink($p);
+        }
+        @rmdir($d);
+    }
+
+    public function testFrozenPathIsUnderProjectDir(): void
+    {
+        $d = $this->tmpDir();
+        $this->assertSame($d . '/resources/data/changelog.json', (new Changelog($d))->frozenPath());
+    }
+
+    public function testLoadsFrozenEntries(): void
+    {
+        $d = $this->tmpDir();
+        $this->writeChangelog($d, json_encode(['entries' => [
+            ['hash' => 'abc123', 'subject' => 'first'],
+            ['hash' => 'def456', 'subject' => 'second'],
+        ]]));
+
+        $entries = (new Changelog($d))->getEntries();
+        $this->assertCount(2, $entries);
+        $this->assertSame('abc123', $entries[0]['hash']);
+        $this->assertSame('second', $entries[1]['subject']);
+    }
+
+    public function testMalformedJsonFallsThroughToEmpty(): void
+    {
+        // Invalid JSON → loadFrozen() returns null; the throwaway dir has no
+        // .git, so the git fallback also yields nothing → empty array.
+        $d = $this->tmpDir();
+        $this->writeChangelog($d, 'not valid json {');
+        $this->assertSame([], (new Changelog($d))->getEntries());
+    }
+
+    public function testMissingEntriesKeyFallsThroughToEmpty(): void
+    {
+        $d = $this->tmpDir();
+        $this->writeChangelog($d, json_encode(['something_else' => true]));
+        $this->assertSame([], (new Changelog($d))->getEntries());
+    }
+
+    public function testEmptyEntriesArrayIsReturnedAsIs(): void
+    {
+        $d = $this->tmpDir();
+        $this->writeChangelog($d, json_encode(['entries' => []]));
+        $this->assertSame([], (new Changelog($d))->getEntries());
+    }
+}
diff --git a/cyber.trackr.live/tests/Service/R4ToR5MapperTest.php b/cyber.trackr.live/tests/Service/R4ToR5MapperTest.php
@@ -0,0 +1,81 @@
+<?php
+
+namespace App\Tests\Service;
+
+use App\Service\R4ToR5Mapper;
+use PHPUnit\Framework\TestCase;
+
+/**
+ * R4ToR5Mapper reads the committed 800-53 r4/r5 catalogs and curated mapping
+ * from resources/data/rmf/. These tests assert deterministic structural
+ * invariants of map() against that real data rather than pinning exact counts
+ * (which legitimately shift when the catalogs are refreshed).
+ */
+class R4ToR5MapperTest extends TestCase
+{
+    private const ALLOWED_KINDS = ['unchanged', 'withdrawn', 'incorporated-into', 'new-in-r5'];
+
+    private function map(): array
+    {
+        return (new R4ToR5Mapper())->map();
+    }
+
+    public function testTopLevelStructure(): void
+    {
+        $r = $this->map();
+        $this->assertArrayHasKey('rows', $r);
+        $this->assertArrayHasKey('kinds', $r);
+        $this->assertArrayHasKey('families', $r);
+        $this->assertArrayHasKey('totals', $r);
+    }
+
+    public function testTotalsArePopulated(): void
+    {
+        $t = $this->map()['totals'];
+        $this->assertGreaterThan(0, $t['r4_total']);
+        $this->assertGreaterThan(0, $t['r5_total']);
+        $this->assertArrayHasKey('curated_count', $t);
+    }
+
+    public function testRowsAreNonEmptyAndShaped(): void
+    {
+        $rows = $this->map()['rows'];
+        $this->assertNotEmpty($rows);
+        foreach (['r4', 'r5', 'kind', 'family', 'source'] as $key) {
+            $this->assertArrayHasKey($key, $rows[0]);
+        }
+    }
+
+    public function testKindCountsSumToRowCount(): void
+    {
+        $r = $this->map();
+        $this->assertSame(count($r['rows']), array_sum($r['kinds']));
+    }
+
+    public function testEveryKindIsFromTheKnownSet(): void
+    {
+        foreach (array_keys($this->map()['kinds']) as $kind) {
+            $this->assertContains($kind, self::ALLOWED_KINDS);
+        }
+    }
+
+    public function testRowSourceIsCuratedOrMechanical(): void
+    {
+        foreach ($this->map()['rows'] as $row) {
+            $this->assertContains($row['source'], ['curated', 'mechanical']);
+        }
+    }
+
+    public function testRowsSortByFamilyThenNumber(): void
+    {
+        // AC-1 carries the smallest sort key, so the AC family leads the list.
+        $rows = $this->map()['rows'];
+        $this->assertSame('AC', $rows[0]['family']);
+    }
+
+    public function testMapIsDeterministic(): void
+    {
+        $mapper = new R4ToR5Mapper();
+        $this->assertSame(count($mapper->map()['rows']), count($mapper->map()['rows']));
+    }
+}
diff --git a/cyber.trackr.live/tests/Service/StigDigestBuilderTest.php b/cyber.trackr.live/tests/Service/StigDigestBuilderTest.php
@@ -0,0 +1,76 @@
+<?php
+
+namespace App\Tests\Service;
+
+use App\Service\StigDigestBuilder;
+use PHPUnit\Framework\TestCase;
+
+class StigDigestBuilderTest extends TestCase
+{
+    /** @return array<int,array<string,string>> date-descending is NOT assumed; the SUT sorts. */
+    private function entries(): array
+    {
+        return [
+            ['version' => '2', 'release' => '1', 'filename' => 'v2r1.xml', 'date' => '2021-01-01', 'released' => 'Jan 2021'],
+            ['version' => '1', 'release' => '3', 'filename' => 'v1r3.xml', 'date' => '2020-06-01', 'released' => 'Jun 2020'],
+            ['version' => '1', 'release' => '1', 'filename' => 'v1r1.xml', 'date' => '2019-01-01', 'released' => 'Jan 2019'],
+        ];
+    }
+
+    public function testReturnsImmediatelyOlderEntry(): void
+    {
+        $prev = (new StigDigestBuilder())->findPreviousEntry($this->entries(), '2', '1');
+        $this->assertNotNull($prev);
+        $this->assertSame('1', $prev['version']);
+        $this->assertSame('3', $prev['release']);
+        $this->assertSame('v1r3.xml', $prev['filename']);
+    }
+
+    public function testMiddleEntryPreviousIsTheOldest(): void
+    {
+        $prev = (new StigDigestBuilder())->findPreviousEntry($this->entries(), '1', '3');
+        $this->assertSame('v1r1.xml', $prev['filename']);
+    }
+
+    public function testOldestEntryHasNoPrevious(): void
+    {
+        $this->assertNull((new StigDigestBuilder())->findPreviousEntry($this->entries(), '1', '1'));
+    }
+
+    public function testUnknownVersionReturnsNull(): void
+    {
+        $this->assertNull((new StigDigestBuilder())->findPreviousEntry($this->entries(), '9', '9'));
+    }
+
+    public function testSingleEntryReturnsNull(): void
+    {
+        $only = [['version' => '1', 'release' => '1', 'filename' => 'x.xml', 'date' => '2020-01-01']];
+        $this->assertNull((new StigDigestBuilder())->findPreviousEntry($only, '1', '1'));
+    }
+
+    public function testIgnoresInputOrderAndSortsByDate(): void
+    {
+        // Deliberately oldest-first; the SUT must still resolve by date.
+        $shuffled = [
+            ['version' => '1', 'release' => '1', 'filename' => 'v1r1.xml', 'date' => '2019-01-01'],
+            ['version' => '2', 'release' => '1', 'filename' => 'v2r1.xml', 'date' => '2021-01-01'],
+            ['version' => '1', 'release' => '3', 'filename' => 'v1r3.xml', 'date' => '2020-06-01'],
+        ];
+        $prev = (new StigDigestBuilder())->findPreviousEntry($shuffled, '2', '1');
+        $this->assertSame('v1r3.xml', $prev['filename']);
+    }
+
+    public function testAcceptsStdClassEntries(): void
+    {
+        $objs = array_map(fn($e) => (object) $e, $this->entries());
+        $prev = (new StigDigestBuilder())->findPreviousEntry($objs, '2', '1');
+        $this->assertSame('v1r3.xml', $prev['filename']);
+    }
+
+    public function testMatchesVersionReleaseAsStrings(): void
+    {
+        // version/release passed as ints must still match string TOC values.
+        $prev = (new StigDigestBuilder())->findPreviousEntry($this->entries(), (string) 2, (string) 1);
+        $this->assertSame('v1r3.xml', $prev['filename']);
+    }
+}
diff --git a/cyber.trackr.live/tests/Service/Vulns/KevLoaderTest.php b/cyber.trackr.live/tests/Service/Vulns/KevLoaderTest.php
