10582872f9
- Added IDs to input fields in CrowdSecConfig for better accessibility. - Updated labels to use <label> elements for checkboxes and inputs. - Improved error handling and user feedback in the CrowdSecConfig tests. - Enhanced test coverage for console enrollment and banned IP functionalities. fix: Update SecurityHeaders to include aria-label for delete button - Added aria-label to the delete button for better screen reader support. test: Add comprehensive tests for proxyHostsHelpers and validation utilities - Implemented tests for formatting and help text functions in proxyHostsHelpers. - Added validation tests for email and IP address formats. chore: Update vitest configuration for dynamic coverage thresholds - Adjusted coverage thresholds to be dynamic based on environment variables. - Included additional coverage reporters. chore: Update frontend-test-coverage script to reflect new coverage threshold - Increased minimum coverage requirement from 85% to 87.5%. fix: Ensure tests pass with consistent data in passwd file - Updated tests/etc/passwd to ensure consistent content.
3.3 KiB
QA & Security Report
Date: 2026-02-06 Status: 🔴 FAILED Evaluator: GitHub Copilot (QA Security Mode)
Executive Summary
The codebase currently fails to meet the strict QA thresholds defined for the project. While the backend binaries are secure, the frontend falls short of coverage targets, contains type errors, and leaks sensitive tokens in test artifacts.
| Check | Status | Details |
|---|---|---|
| Frontend Coverage | 🔴 FAIL | 87.25% (Threshold: 87.5%) |
| Type Check | 🔴 FAIL | 13 Errors in test files |
| Pre-commit | 🔴 FAIL | Blocked by Type Check & Formatting |
| Filesystem Security | 🟠 WARN | Secrets in Playwright artifacts |
| Container Security | 🟠 WARN | 2 HIGH CVEs in Base Image (Debian) |
1. Frontend Quality
Coverage Gap
Target: 87.5% | Actual: 87.25% (Statements)
The following files have 0% or low coverage and require immediate attention:
src/api/client.tssrc/components/CrowdSecKeyWarning.tsxsrc/locales/*
Metrics:
- Statements: 87.25% (❌ < 87.5%)
- Branches: 78.87%
- Functions: 84.32%
- Lines: 87.25%
Type Safety Violations
Total Errors: 13 Primary Cause: Outdated mock objects in tests missing fields added to the source types.
Key Failures:
AccessListForm.test.tsx:ProxyHostmock missingmetafield.DNSProviderForm.test.tsx: Unused variables (fireEvent,within).CrowdSecConfig.test.tsx: Type mismatch onid(expected number, got string).metrics.test.ts: Missinguuidin mock metrics object.
Remediation:
Run npm run type-check in frontend/ and update test mocks to match strict tsconfig.json.
2. Security Findings
Container Security (charon:local)
Base Image: Debian 13.3 (Trixie)
Binaries: All Go binaries (charon, caddy, crowdsec) are CLEAN.
Vulnerabilities:
| Library | CVE | Severity | Description |
|---|---|---|---|
libc-bin / libc6 |
CVE-2026-0861 | HIGH | Integer overflow in memalign (Heap Corruption) |
Action: Inspect upstream Debian updates or consider switching to distroless or alpine if Debian patches are delayed.
Filesystem Scan (Trivy)
🔴 ACTION REQUIRED: Secrets Detected
- File:
playwright/.auth/user.json - Finding: Generic High Entropy Secret (JWT Token)
- Remediation: Add
playwright/.auth/to.gitignoreand.trivyignore. Revoke token if used in production environment.
⚪ Low Priority: CodeQL Artifacts
- Multiple vulnerabilities detected in
backend/codeql-custom-queries-go/ql/test/. These are test fixtures and can be safely ignored.
3. Pre-commit Status
The pre-commit hook pipeline failed.
- Hook:
frontend-type-check - Result: Failed (Exit code 2)
- Hook:
trailing-whitespace - Result: Failed (Files were modified/fixed automatically)
4. Recommendations
- Immediate Fix: Update
frontend/src/setupTests.tsor individual test files to fix the 13 Type Errors. - Coverage Push: Add a single unit test for
CrowdSecKeyWarning.tsxto push coverage over 87.5%. - Security Hygiene:
- Add
playwright/.auth/to.gitignore. - Run
trivy clean --all.
- Add
- CI/CD: Do not merge PRs until Frontend Coverage > 87.5% and Type Check passes.