032d475fba
Complete lint remediation addressing errcheck, gosec, and staticcheck violations across backend test files. Tighten pre-commit configuration to prevent future blind spots. Key Changes: - Fix 61 Go linting issues (errcheck, gosec G115/G301/G304/G306, bodyclose) - Add proper error handling for json.Unmarshal, os.Setenv, db.Close(), w.Write() - Fix gosec G115 integer overflow with strconv.FormatUint - Add #nosec annotations with justifications for test fixtures - Fix SecurityService goroutine leaks (add Close() calls) - Fix CrowdSec tar.gz non-deterministic ordering with sorted keys Pre-commit Hardening: - Remove test file exclusion from golangci-lint hook - Add gosec to .golangci-fast.yml with critical checks (G101, G110, G305) - Replace broad .golangci.yml exclusions with targeted path-specific rules - Test files now linted on every commit Test Fixes: - Fix emergency route count assertions (1→2 for dual-port setup) - Fix DNS provider service tests with proper mock setup - Fix certificate service tests with deterministic behavior Backend: 27 packages pass, 83.5% coverage Frontend: 0 lint warnings, 0 TypeScript errors Pre-commit: All 14 hooks pass (~37s)
193 lines
5.3 KiB
Go
193 lines
5.3 KiB
Go
package main
|
|
|
|
import (
|
|
"os"
|
|
"os/exec"
|
|
"path/filepath"
|
|
"testing"
|
|
|
|
"github.com/Wikid82/charon/backend/internal/database"
|
|
"github.com/Wikid82/charon/backend/internal/models"
|
|
)
|
|
|
|
func TestResetPasswordCommand_Succeeds(t *testing.T) {
|
|
if os.Getenv("CHARON_TEST_RUN_MAIN") == "1" {
|
|
// Child process: emulate CLI args and run main().
|
|
email := os.Getenv("CHARON_TEST_EMAIL")
|
|
newPassword := os.Getenv("CHARON_TEST_NEW_PASSWORD")
|
|
os.Args = []string{"charon", "reset-password", email, newPassword}
|
|
main()
|
|
return
|
|
}
|
|
|
|
tmp := t.TempDir()
|
|
dbPath := filepath.Join(tmp, "data", "test.db")
|
|
// #nosec G301 -- Test fixture directory with standard permissions
|
|
if err := os.MkdirAll(filepath.Dir(dbPath), 0o755); err != nil {
|
|
t.Fatalf("mkdir db dir: %v", err)
|
|
}
|
|
|
|
db, err := database.Connect(dbPath)
|
|
if err != nil {
|
|
t.Fatalf("connect db: %v", err)
|
|
}
|
|
if err := db.AutoMigrate(&models.User{}); err != nil {
|
|
t.Fatalf("automigrate: %v", err)
|
|
}
|
|
|
|
email := "user@example.com"
|
|
user := models.User{UUID: "u-1", Email: email, Name: "User", Role: "admin", Enabled: true}
|
|
user.PasswordHash = "$2a$10$example_hashed_password"
|
|
if err := db.Create(&user).Error; err != nil {
|
|
t.Fatalf("seed user: %v", err)
|
|
}
|
|
|
|
cmd := exec.Command(os.Args[0], "-test.run=TestResetPasswordCommand_Succeeds") //nolint:gosec // G204: Test subprocess pattern using os.Args[0] is safe
|
|
cmd.Dir = tmp
|
|
cmd.Env = append(os.Environ(),
|
|
"CHARON_TEST_RUN_MAIN=1",
|
|
"CHARON_TEST_EMAIL="+email,
|
|
"CHARON_TEST_NEW_PASSWORD=new-password",
|
|
"CHARON_DB_PATH="+dbPath,
|
|
"CHARON_CADDY_CONFIG_DIR="+filepath.Join(tmp, "caddy"),
|
|
"CHARON_IMPORT_DIR="+filepath.Join(tmp, "imports"),
|
|
)
|
|
|
|
out, err := cmd.CombinedOutput()
|
|
if err != nil {
|
|
t.Fatalf("expected exit 0; err=%v; output=%s", err, string(out))
|
|
}
|
|
}
|
|
|
|
func TestMigrateCommand_Succeeds(t *testing.T) {
|
|
if os.Getenv("CHARON_TEST_RUN_MAIN") == "1" {
|
|
// Child process: emulate CLI args and run main().
|
|
os.Args = []string{"charon", "migrate"}
|
|
main()
|
|
return
|
|
}
|
|
|
|
tmp := t.TempDir()
|
|
dbPath := filepath.Join(tmp, "data", "test.db")
|
|
// #nosec G301 -- Test fixture directory with standard permissions
|
|
if err := os.MkdirAll(filepath.Dir(dbPath), 0o755); err != nil {
|
|
t.Fatalf("mkdir db dir: %v", err)
|
|
}
|
|
|
|
// Create database without security tables
|
|
db, err := database.Connect(dbPath)
|
|
if err != nil {
|
|
t.Fatalf("connect db: %v", err)
|
|
}
|
|
// Only migrate User table to simulate old database
|
|
if err := db.AutoMigrate(&models.User{}); err != nil {
|
|
t.Fatalf("automigrate user: %v", err)
|
|
}
|
|
|
|
// Verify security tables don't exist
|
|
if db.Migrator().HasTable(&models.SecurityConfig{}) {
|
|
t.Fatal("SecurityConfig table should not exist yet")
|
|
}
|
|
|
|
cmd := exec.Command(os.Args[0], "-test.run=TestMigrateCommand_Succeeds") //nolint:gosec // G204: Test subprocess pattern using os.Args[0] is safe
|
|
cmd.Dir = tmp
|
|
cmd.Env = append(os.Environ(),
|
|
"CHARON_TEST_RUN_MAIN=1",
|
|
"CHARON_DB_PATH="+dbPath,
|
|
"CHARON_CADDY_CONFIG_DIR="+filepath.Join(tmp, "caddy"),
|
|
"CHARON_IMPORT_DIR="+filepath.Join(tmp, "imports"),
|
|
)
|
|
|
|
out, err := cmd.CombinedOutput()
|
|
if err != nil {
|
|
t.Fatalf("expected exit 0; err=%v; output=%s", err, string(out))
|
|
}
|
|
|
|
// Reconnect and verify security tables were created
|
|
db2, err := database.Connect(dbPath)
|
|
if err != nil {
|
|
t.Fatalf("reconnect db: %v", err)
|
|
}
|
|
|
|
securityModels := []any{
|
|
&models.SecurityConfig{},
|
|
&models.SecurityDecision{},
|
|
&models.SecurityAudit{},
|
|
&models.SecurityRuleSet{},
|
|
&models.CrowdsecPresetEvent{},
|
|
&models.CrowdsecConsoleEnrollment{},
|
|
}
|
|
|
|
for _, model := range securityModels {
|
|
if !db2.Migrator().HasTable(model) {
|
|
t.Errorf("Table for %T was not created by migrate command", model)
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestStartupVerification_MissingTables(t *testing.T) {
|
|
tmp := t.TempDir()
|
|
dbPath := filepath.Join(tmp, "data", "test.db")
|
|
if err := os.MkdirAll(filepath.Dir(dbPath), 0o750); err != nil {
|
|
t.Fatalf("mkdir db dir: %v", err)
|
|
}
|
|
|
|
// Create database without security tables
|
|
db, err := database.Connect(dbPath)
|
|
if err != nil {
|
|
t.Fatalf("connect db: %v", err)
|
|
}
|
|
// Only migrate User table to simulate old database
|
|
if err := db.AutoMigrate(&models.User{}); err != nil {
|
|
t.Fatalf("automigrate user: %v", err)
|
|
}
|
|
|
|
// Verify security tables don't exist
|
|
if db.Migrator().HasTable(&models.SecurityConfig{}) {
|
|
t.Fatal("SecurityConfig table should not exist yet")
|
|
}
|
|
|
|
// Close and reopen to simulate startup scenario
|
|
sqlDB, _ := db.DB()
|
|
_ = sqlDB.Close()
|
|
|
|
db, err = database.Connect(dbPath)
|
|
if err != nil {
|
|
t.Fatalf("reconnect db: %v", err)
|
|
}
|
|
|
|
// Simulate startup verification logic from main.go
|
|
securityModels := []any{
|
|
&models.SecurityConfig{},
|
|
&models.SecurityDecision{},
|
|
&models.SecurityAudit{},
|
|
&models.SecurityRuleSet{},
|
|
&models.CrowdsecPresetEvent{},
|
|
&models.CrowdsecConsoleEnrollment{},
|
|
}
|
|
|
|
missingTables := false
|
|
for _, model := range securityModels {
|
|
if !db.Migrator().HasTable(model) {
|
|
missingTables = true
|
|
t.Logf("Missing table for model %T", model)
|
|
}
|
|
}
|
|
|
|
if !missingTables {
|
|
t.Fatal("Expected to find missing tables but all were present")
|
|
}
|
|
|
|
// Run auto-migration (simulating startup verification logic)
|
|
if err := db.AutoMigrate(securityModels...); err != nil {
|
|
t.Fatalf("failed to migrate security tables: %v", err)
|
|
}
|
|
|
|
// Verify all tables now exist
|
|
for _, model := range securityModels {
|
|
if !db.Migrator().HasTable(model) {
|
|
t.Errorf("Table for %T was not created by auto-migration", model)
|
|
}
|
|
}
|
|
}
|