268 lines
6.8 KiB
Markdown
268 lines
6.8 KiB
Markdown
# Pre-Existing Test Failures
|
|
|
|
**Discovery Date:** December 23, 2025
|
|
**Discovered During:** CrowdSec Startup Fix QA Audit
|
|
**Status:** Open
|
|
**Priority:** Medium
|
|
|
|
## Overview
|
|
|
|
During comprehensive QA audit of the CrowdSec startup fix (commit `c71c996`), two categories of pre-existing test failures were discovered. These failures are **NOT related** to the CrowdSec changes and exist on the base branch (`feature/beta-release`).
|
|
|
|
## Issue 1: Handler Tests Timeout
|
|
|
|
**Package:** `github.com/Wikid82/charon/backend/internal/api/handlers`
|
|
**Severity:** Medium
|
|
**Impact:** CI/CD pipeline delays
|
|
|
|
### Symptoms
|
|
|
|
```bash
|
|
FAIL: github.com/Wikid82/charon/backend/internal/api/handlers (timeout 441s)
|
|
```
|
|
|
|
- Test suite takes 7.35 minutes (441 seconds)
|
|
- Default timeout is 10 minutes, but this is too close
|
|
- All tests eventually pass, but timing is concerning
|
|
|
|
### Root Cause
|
|
|
|
- Test suite contains numerous integration tests that make real HTTP requests
|
|
- No apparent infinite loop or deadlock
|
|
- Tests are comprehensive but slow
|
|
|
|
### Affected Tests
|
|
|
|
All handler tests, including:
|
|
|
|
- Access list handlers
|
|
- Auth handlers
|
|
- Backup handlers
|
|
- CrowdSec handlers
|
|
- Docker handlers
|
|
- Import handlers
|
|
- Notification handlers
|
|
- Proxy host handlers
|
|
- Security handlers
|
|
- User handlers
|
|
|
|
### Recommended Fix
|
|
|
|
**Option 1: Increase Timeout**
|
|
|
|
```bash
|
|
go test -timeout 15m ./internal/api/handlers/...
|
|
```
|
|
|
|
**Option 2: Split Test Suite**
|
|
|
|
```bash
|
|
# Fast unit tests
|
|
go test -short ./internal/api/handlers/...
|
|
|
|
# Slow integration tests (separate)
|
|
go test -run Integration ./internal/api/handlers/...
|
|
```
|
|
|
|
**Option 3: Optimize Tests**
|
|
|
|
- Use mocks for external HTTP calls
|
|
- Parallelize independent tests with `t.Parallel()`
|
|
- Use table-driven tests to reduce setup/teardown overhead
|
|
|
|
### Priority Justification
|
|
|
|
- **Medium** because tests do eventually pass
|
|
- Not a functional issue, timing concern only
|
|
- Can workaround with increased timeout
|
|
- Should be fixed to improve CI/CD performance
|
|
|
|
---
|
|
|
|
## Issue 2: URL Connectivity Test Failures
|
|
|
|
**Package:** `github.com/Wikid82/charon/backend/internal/utils`
|
|
**Severity:** Medium
|
|
**Impact:** URL validation feature may not work correctly for localhost
|
|
|
|
### Symptoms
|
|
|
|
```bash
|
|
FAIL: github.com/Wikid82/charon/backend/internal/utils
|
|
Coverage: 51.5% (below 85% threshold)
|
|
|
|
Failed Tests:
|
|
- TestTestURLConnectivity_Success
|
|
- TestTestURLConnectivity_Redirect
|
|
- TestTestURLConnectivity_TooManyRedirects
|
|
- TestTestURLConnectivity_StatusCodes/200_OK
|
|
- TestTestURLConnectivity_StatusCodes/201_Created
|
|
- TestTestURLConnectivity_StatusCodes/204_No_Content
|
|
- TestTestURLConnectivity_StatusCodes/301_Moved_Permanently
|
|
- TestTestURLConnectivity_StatusCodes/302_Found
|
|
- TestTestURLConnectivity_StatusCodes/400_Bad_Request
|
|
- TestTestURLConnectivity_StatusCodes/401_Unauthorized
|
|
- TestTestURLConnectivity_StatusCodes/403_Forbidden
|
|
- TestTestURLConnectivity_StatusCodes/404_Not_Found
|
|
- TestTestURLConnectivity_StatusCodes/500_Internal_Server_Error
|
|
- TestTestURLConnectivity_StatusCodes/503_Service_Unavailable
|
|
- TestTestURLConnectivity_InvalidURL/Empty_URL
|
|
- TestTestURLConnectivity_InvalidURL/Invalid_scheme
|
|
- TestTestURLConnectivity_InvalidURL/No_scheme
|
|
- TestTestURLConnectivity_Timeout
|
|
```
|
|
|
|
### Root Cause
|
|
|
|
**Error Pattern:**
|
|
|
|
```
|
|
Error: "access to private IP addresses is blocked (resolved to 127.0.0.1)"
|
|
does not contain "status 404"
|
|
```
|
|
|
|
**Analysis:**
|
|
|
|
1. Tests use `httptest.NewServer()` which binds to `127.0.0.1` (localhost)
|
|
2. URL validation code has private IP blocking for security
|
|
3. Private IP check runs BEFORE HTTP request is made
|
|
4. Tests expect HTTP status codes but get IP validation errors instead
|
|
5. This creates a mismatch between expected and actual error messages
|
|
|
|
**Code Location:**
|
|
|
|
```go
|
|
// File: backend/internal/utils/url_connectivity_test.go
|
|
// Lines: 103, 127-128, 156
|
|
|
|
// Test expects:
|
|
assert.Contains(t, err.Error(), "status 404")
|
|
|
|
// But gets:
|
|
"access to private IP addresses is blocked (resolved to 127.0.0.1)"
|
|
```
|
|
|
|
### Recommended Fix
|
|
|
|
**Option 1: Use Public Test Endpoints**
|
|
|
|
```go
|
|
func TestTestURLConnectivity_StatusCodes(t *testing.T) {
|
|
tests := []struct {
|
|
name string
|
|
statusCode int
|
|
url string
|
|
}{
|
|
{"200 OK", 200, "https://httpstat.us/200"},
|
|
{"404 Not Found", 404, "https://httpstat.us/404"},
|
|
// ... use public endpoints
|
|
}
|
|
}
|
|
```
|
|
|
|
**Option 2: Add Test-Only Bypass**
|
|
|
|
```go
|
|
// In url_connectivity.go
|
|
func TestURLConnectivity(url string) error {
|
|
// Add env var to disable private IP check for tests
|
|
if os.Getenv("CHARON_ALLOW_PRIVATE_IPS_FOR_TESTS") == "true" {
|
|
// Skip private IP validation
|
|
}
|
|
|
|
// ... rest of validation
|
|
}
|
|
|
|
// In test setup:
|
|
func TestMain(m *testing.M) {
|
|
os.Setenv("CHARON_ALLOW_PRIVATE_IPS_FOR_TESTS", "true")
|
|
code := m.Run()
|
|
os.Unsetenv("CHARON_ALLOW_PRIVATE_IPS_FOR_TESTS")
|
|
os.Exit(code)
|
|
}
|
|
```
|
|
|
|
**Option 3: Mock DNS Resolution**
|
|
|
|
```go
|
|
// Use custom dialer that returns public IPs for test domains
|
|
type testDialer struct {
|
|
realDialer *net.Dialer
|
|
}
|
|
|
|
func (d *testDialer) DialContext(ctx context.Context, network, addr string) (net.Conn, error) {
|
|
// Intercept localhost and return mock IP
|
|
if strings.HasPrefix(addr, "127.0.0.1:") {
|
|
// Return connection to test server but with public IP appearance
|
|
}
|
|
return d.realDialer.DialContext(ctx, network, addr)
|
|
}
|
|
```
|
|
|
|
### Priority Justification
|
|
|
|
- **Medium** because feature works in production
|
|
- Tests are catching security feature (private IP blocking) working as intended
|
|
- Need to fix test design, not the security feature
|
|
- Affects coverage reporting (51.5% < 85% threshold)
|
|
|
|
---
|
|
|
|
## Issue 3: Pre-commit Auto-Fix Required
|
|
|
|
**Severity:** Low
|
|
**Impact:** None (auto-fixed)
|
|
|
|
### Symptoms
|
|
|
|
```
|
|
trim trailing whitespace.................................................Failed
|
|
- hook id: trailing-whitespace
|
|
- exit code: 1
|
|
- files were modified by this hook
|
|
Fixing backend/internal/services/crowdsec_startup.go
|
|
Fixing backend/cmd/api/main.go
|
|
```
|
|
|
|
### Resolution
|
|
|
|
Pre-commit hook automatically removed trailing whitespace. Files have been fixed.
|
|
|
|
**Action Required:** ✅ **NONE** (auto-fixed)
|
|
|
|
---
|
|
|
|
## Tracking
|
|
|
|
### Issue 1: Handler Tests Timeout
|
|
|
|
- **Tracking Issue:** [Create GitHub Issue]
|
|
- **Assignee:** Backend Team
|
|
- **Target Fix Date:** Next sprint
|
|
- **Workaround:** `go test -timeout 15m`
|
|
|
|
### Issue 2: URL Connectivity Tests
|
|
|
|
- **Tracking Issue:** [Create GitHub Issue]
|
|
- **Assignee:** Backend Team
|
|
- **Target Fix Date:** Next sprint
|
|
- **Workaround:** Skip tests with `-short` flag
|
|
|
|
### Issue 3: Trailing Whitespace
|
|
|
|
- **Status:** ✅ **RESOLVED** (auto-fixed)
|
|
|
|
---
|
|
|
|
## References
|
|
|
|
- QA Report: [docs/reports/qa_report_crowdsec_startup_fix.md](../reports/qa_report_crowdsec_startup_fix.md)
|
|
- Implementation Plan: [docs/plans/crowdsec_startup_fix.md](../plans/crowdsec_startup_fix.md)
|
|
- Commit: `c71c996`
|
|
- Branch: `feature/beta-release`
|
|
|
|
---
|
|
|
|
**Document Status:** Active
|
|
**Last Updated:** December 23, 2025 01:25 UTC
|