akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 7 Packages Projects Releases Wiki Activity
Files
9ec23cd48b5e798847d857e9cf43c6d0103251de
Charon/docs/reports/qa_report.md
GitHub Actions 10582872f9 fix(tests): Enhance CrowdSecConfig with new input fields and improve accessibility 
- Added IDs to input fields in CrowdSecConfig for better accessibility.
- Updated labels to use <label> elements for checkboxes and inputs.
- Improved error handling and user feedback in the CrowdSecConfig tests.
- Enhanced test coverage for console enrollment and banned IP functionalities.

fix: Update SecurityHeaders to include aria-label for delete button

- Added aria-label to the delete button for better screen reader support.

test: Add comprehensive tests for proxyHostsHelpers and validation utilities

- Implemented tests for formatting and help text functions in proxyHostsHelpers.
- Added validation tests for email and IP address formats.

chore: Update vitest configuration for dynamic coverage thresholds

- Adjusted coverage thresholds to be dynamic based on environment variables.
- Included additional coverage reporters.

chore: Update frontend-test-coverage script to reflect new coverage threshold

- Increased minimum coverage requirement from 85% to 87.5%.

fix: Ensure tests pass with consistent data in passwd file

- Updated tests/etc/passwd to ensure consistent content.
2026-02-06 17:38:08 +00:00

92 lines
3.3 KiB
Markdown
Raw Blame History

# QA & Security Report
**Date:** 2026-02-06
**Status:** 🔴 FAILED
**Evaluator:** GitHub Copilot (QA Security Mode)
## Executive Summary
The codebase currently **fails** to meet the strict QA thresholds defined for the project. While the backend binaries are secure, the frontend falls short of coverage targets, contains type errors, and leaks sensitive tokens in test artifacts.
| Check | Status | Details |
| :--- | :--- | :--- |
| **Frontend Coverage** | 🔴 FAIL | **87.25%** (Threshold: 87.5%) |
| **Type Check** | 🔴 FAIL | **13 Errors** in test files |
| **Pre-commit** | 🔴 FAIL | Blocked by Type Check & Formatting |
| **Filesystem Security** | 🟠 WARN | Secrets in Playwright artifacts |
| **Container Security** | 🟠 WARN | 2 HIGH CVEs in Base Image (Debian) |
---
## 1. Frontend Quality
### Coverage Gap
**Target:** 87.5% | **Actual:** 87.25% (Statements)
The following files have 0% or low coverage and require immediate attention:
- `src/api/client.ts`
- `src/components/CrowdSecKeyWarning.tsx`
- `src/locales/*`
**Metrics:**
- **Statements**: 87.25% (❌ < 87.5%)
- **Branches**: 78.87%
- **Functions**: 84.32%
- **Lines**: 87.25%
### Type Safety Violations
**Total Errors:** 13
**Primary Cause:** Outdated mock objects in tests missing fields added to the source types.
**Key Failures:**
1. **`AccessListForm.test.tsx`**: `ProxyHost` mock missing `meta` field.
2. **`DNSProviderForm.test.tsx`**: Unused variables (`fireEvent`, `within`).
3. **`CrowdSecConfig.test.tsx`**: Type mismatch on `id` (expected number, got string).
4. **`metrics.test.ts`**: Missing `uuid` in mock metrics object.
**Remediation:**
Run `npm run type-check` in `frontend/` and update test mocks to match strict `tsconfig.json`.
---
## 2. Security Findings
### Container Security (`charon:local`)
**Base Image:** Debian 13.3 (Trixie)
**Binaries:** All Go binaries (`charon`, `caddy`, `crowdsec`) are **CLEAN**.
**Vulnerabilities:**
| Library | CVE | Severity | Description |
| :--- | :--- | :--- | :--- |
| `libc-bin` / `libc6` | CVE-2026-0861 | **HIGH** | Integer overflow in memalign (Heap Corruption) |
*Action*: Inspect upstream Debian updates or consider switching to `distroless` or `alpine` if Debian patches are delayed.
### Filesystem Scan (Trivy)
**🔴 ACTION REQUIRED: Secrets Detected**
- **File:** `playwright/.auth/user.json`
- **Finding:** Generic High Entropy Secret (JWT Token)
- **Remediation:** Add `playwright/.auth/` to `.gitignore` and `.trivyignore`. Revoke token if used in production environment.
**⚪ Low Priority: CodeQL Artifacts**
- Multiple vulnerabilities detected in `backend/codeql-custom-queries-go/ql/test/`. These are test fixtures and can be safely ignored.
---
## 3. Pre-commit Status
The `pre-commit` hook pipeline failed.
- **Hook:** `frontend-type-check`
- **Result:** Failed (Exit code 2)
- **Hook:** `trailing-whitespace`
- **Result:** Failed (Files were modified/fixed automatically)
## 4. Recommendations
1. **Immediate Fix**: Update `frontend/src/setupTests.ts` or individual test files to fix the 13 Type Errors.
2. **Coverage Push**: Add a single unit test for `CrowdSecKeyWarning.tsx` to push coverage over 87.5%.
3. **Security Hygiene**:
- Add `playwright/.auth/` to `.gitignore`.
- Run `trivy clean --all`.
4. **CI/CD**: Do not merge PRs until Frontend Coverage > 87.5% and Type Check passes.
Reference in New Issue View Git Blame Copy Permalink