Skip to content

Commit 28be62d

Browse files
committed
fix(tests): update cancel endpoint mock to match DELETE requests with session UUID
1 parent 49bfbf3 commit 28be62d

3 files changed

Lines changed: 195 additions & 5 deletions

File tree

docs/reports/qa_report.md

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,9 @@
1-
## QA Report - PR #779
1+
## QA Report — Import/Save Route Regression Test Suite
22

3-
- Date: 2026-03-01
4-
- Scope: Post-remediation merge-readiness gates after Caddy Import E2E fix
3+
- Date: 2026-03-02
4+
- Branch: `feature/beta-release` (HEAD `2f90d936`)
5+
- Scope: Regression test coverage for import and save function routes
6+
- Full report: [docs/reports/qa_report_import_save_regression.md](qa_report_import_save_regression.md)
57

68
## E2E Status
79

Lines changed: 188 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,188 @@
1+
## QA Report — Import/Save Route Regression Test Suite
2+
3+
- **Date**: 2026-03-02
4+
- **Branch**: `feature/beta-release`
5+
- **HEAD**: `2f90d936``fix(tests): simplify back/cancel button handling in cross-browser import tests`
6+
- **Scope**: Regression test implementation for import and save function routes
7+
8+
---
9+
10+
## Summary
11+
12+
| DoD Gate | Result | Notes |
13+
|---|---|---|
14+
| Patch Coverage Preflight | ✅ PASS | 100% — 12/12 changed lines covered |
15+
| Backend Unit Tests + Coverage | ✅ PASS | 87.9% statements (threshold: 87%) |
16+
| Frontend Unit Tests + Coverage | ✅ PASS | 89.63% lines (threshold: 87%) |
17+
| TypeScript Type Check | ✅ PASS | 0 type errors |
18+
| Pre-commit Hooks | ✅ PASS | 17/17 hooks passed |
19+
| GORM Security Scan | ⏭️ SKIP | No model files changed |
20+
| Trivy FS Scan | ✅ PASS | 0 HIGH/CRITICAL in npm packages |
21+
| Docker Image Scan | ✅ PASS | 0 HIGH/CRITICAL (13 LOW/MED total) |
22+
| CodeQL Analysis | ✅ PASS | 1 pre-existing warning (not a regression) |
23+
24+
**Overall Verdict: PASS** — All gated checks passed. Two pre-existing items documented below.
25+
26+
---
27+
28+
## New Test Files
29+
30+
Eight test files were added as part of this feature:
31+
32+
| File | Type | Tests |
33+
|---|---|---|
34+
| `backend/internal/api/routes/routes_import_contract_test.go` | Backend unit | Route contract coverage |
35+
| `backend/internal/api/routes/routes_save_contract_test.go` | Backend unit | Route contract coverage |
36+
| `backend/internal/api/routes/endpoint_inventory_test.go` | Backend unit | Endpoint inventory/matrix |
37+
| `frontend/src/api/__tests__/npmImport.test.ts` | Frontend unit | 6 tests |
38+
| `frontend/src/api/__tests__/jsonImport.test.ts` | Frontend unit | 6 tests |
39+
| `frontend/src/hooks/__tests__/useNPMImport.test.tsx` | Frontend unit | 5 tests |
40+
| `frontend/src/hooks/__tests__/useJSONImport.test.tsx` | Frontend unit | 5 tests |
41+
| `tests/integration/import-save-route-regression.spec.ts` | Integration | Route regression spec |
42+
43+
All 22 new frontend tests passed. Backend route package runs clean.
44+
45+
---
46+
47+
## Step 1 — Patch Coverage Preflight
48+
49+
- **Command**: `bash scripts/local-patch-report.sh`
50+
- **Artifacts**: `test-results/local-patch-report.md`, `test-results/local-patch-report.json`
51+
- **Result**: PASS
52+
- **Metrics**:
53+
- Overall patch coverage: 100% (12/12 changed lines)
54+
- Backend changed lines: 8/8 covered (100%)
55+
- Frontend changed lines: 4/4 covered (100%)
56+
57+
---
58+
59+
## Step 2 — Backend Unit Tests + Coverage
60+
61+
- **Command**: `bash scripts/go-test-coverage.sh`
62+
- **Result**: PASS
63+
- **Metrics**:
64+
- Total statements: 87.9%
65+
- `internal/api/routes` package: 87.8%
66+
- Gate threshold: 87%
67+
- **Package results**: 25/26 packages `ok`
68+
- **Known exception**: `internal/api/handlers` — 1 test fails in full suite only
69+
70+
### Pre-existing Backend Failure
71+
72+
| Item | Detail |
73+
|---|---|
74+
| Test | `TestSecurityHandler_UpsertRuleSet_XSSInContent` |
75+
| Package | `internal/api/handlers` |
76+
| File | `security_handler_audit_test.go` |
77+
| Behaviour | Fails in full suite (`FAIL: expected 200, got {"error":"failed to list rule sets"}`); passes in isolation |
78+
| Cause | Parallel test state pollution — shared in-memory SQLite DB contaminated by another test in the same package |
79+
| Introduced by this PR | No — file shows no git changes in this session |
80+
| Regression | No |
81+
82+
---
83+
84+
## Step 3 — Frontend Unit Tests + Coverage
85+
86+
- **Command**: `bash scripts/frontend-test-coverage.sh`
87+
- **Result**: PASS
88+
- **Metrics**:
89+
- Lines: 89.63% (threshold: 87%)
90+
- Statements: 88.96%
91+
- Functions: 86.06%
92+
- Branches: 81.41%
93+
- **Test counts**: 589 passed, 23 skipped, 0 failed, 24 test suites
94+
95+
### New Frontend Test Results
96+
97+
All four new test files passed explicitly:
98+
99+
```
100+
✅ npmImport.test.ts 6 tests passed
101+
✅ jsonImport.test.ts 6 tests passed
102+
✅ useNPMImport.test.tsx 5 tests passed
103+
✅ useJSONImport.test.tsx 5 tests passed
104+
```
105+
106+
---
107+
108+
## Step 4 — TypeScript Type Check
109+
110+
- **Command**: `npm run type-check`
111+
- **Result**: PASS — 0 errors, clean exit
112+
113+
---
114+
115+
## Step 5 — Pre-commit Hooks
116+
117+
- **Command**: `pre-commit run --all-files`
118+
- **Result**: PASS — 17/17 hooks passed
119+
120+
Hooks verified include: `fix-end-of-files`, `trim-trailing-whitespace`, `check-yaml`, `shellcheck`, `actionlint`, `dockerfile-validation`, `go-vet`, `golangci-lint (Fast Linters - BLOCKING)`, `frontend-typecheck`, `frontend-lint`.
121+
122+
---
123+
124+
## Step 6 — GORM Security Scan
125+
126+
- **Result**: SKIPPED
127+
- **Reason**: No files under `backend/internal/models/**` or GORM service/repository paths were modified in this session.
128+
129+
---
130+
131+
## Step 7 — Security Scans
132+
133+
### Trivy Filesystem Scan
134+
135+
- **Command**: `trivy fs . --severity HIGH,CRITICAL --exit-code 1 --skip-dirs .git,node_modules,...`
136+
- **Result**: PASS — 0 HIGH/CRITICAL vulnerabilities
137+
- **Scope**: `package-lock.json` (npm)
138+
- **Report**: `trivy-report.json`
139+
140+
### Docker Image Scan
141+
142+
- **Command**: `.github/skills/scripts/skill-runner.sh security-scan-docker-image`
143+
- **Result**: PASS — 0 HIGH/CRITICAL vulnerabilities
144+
- **Total findings**: 13 (all LOW or MEDIUM severity)
145+
- **Verdict**: Gate passed — no action required
146+
147+
### CodeQL Analysis
148+
149+
- **SARIF files**:
150+
- `codeql-results-go.sarif` — generated 2026-03-02
151+
- `codeql-results-javascript.sarif` — generated 2026-03-02
152+
- **Go results**: 1 finding — `go/cookie-secure-not-set` (warning level)
153+
- **JavaScript results**: 0 findings
154+
- **Result**: PASS (no error-level findings)
155+
156+
#### Pre-existing CodeQL Finding
157+
158+
| Item | Detail |
159+
|---|---|
160+
| Rule | `go/cookie-secure-not-set` |
161+
| File | `internal/api/handlers/auth_handler.go:151–159` |
162+
| Severity | Warning (non-blocking) |
163+
| Description | Cookie does not set `Secure` attribute to `true` |
164+
| Context | Intentional design: `secure` flag defaults to `true`; set to `false` **only** for local loopback requests without TLS. This allows the management UI to function over HTTP on `localhost` during development. The code comment explicitly documents this decision: _"Secure: true for HTTPS; false only for local non-HTTPS loopback flows"_ |
165+
| Introduced by this PR | No — `auth_handler.go` was last modified in commits predating HEAD (`e348b5b2`, `00349689`) |
166+
| Regression | No |
167+
| Action | None — accepted as intentional design trade-off for local-dev UX |
168+
169+
---
170+
171+
## Pre-existing Issues Register
172+
173+
| ID | Location | Nature | Regression? | Action |
174+
|---|---|---|---|---|
175+
| PE-001 | `handlers.TestSecurityHandler_UpsertRuleSet_XSSInContent` | Test isolation failure — parallel SQLite state pollution | No | Track separately; fix with test DB isolation |
176+
| PE-002 | `auth_handler.go:151``go/cookie-secure-not-set` | CodeQL warning; intentional local-dev design | No | Accepted; document as acknowledged finding |
177+
178+
---
179+
180+
## Related Commits
181+
182+
| Hash | Message |
183+
|---|---|
184+
| `63e79664` | `test(routes): add strict route matrix tests for import and save workflows` |
185+
| `077e3c1d` | `chore: add integration tests for import/save route regression coverage` |
186+
| `f60a99d0` | `fix(tests): update route validation functions to ensure canonical success responses in import/save regression tests` |
187+
| `b5fd5d57` | `fix(tests): update import handler test to use temporary directory for Caddyfile path` |
188+
| `2f90d936` | `fix(tests): simplify back/cancel button handling in cross-browser import tests` |

tests/core/caddy-import/caddy-import-cross-browser.spec.ts

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -160,8 +160,8 @@ async function setupImportMocks(
160160
}
161161
});
162162

163-
// Mock cancel endpoint
164-
await page.route('**/api/v1/import/cancel', async (route) => {
163+
// Mock cancel endpoint — pattern ends with * to match DELETE ?session_uuid=... query param
164+
await page.route('**/api/v1/import/cancel*', async (route) => {
165165
hasSession = false;
166166
await route.fulfill({ status: 204 });
167167
});

0 commit comments

Comments
 (0)