Skip to content
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions pkg/api/audit/audit_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ func TestLogEmitsRequiredFields(t *testing.T) {
var buf bytes.Buffer
captureLog(&buf, func() {
req := httptest.NewRequest("POST", "/api/users/target-123/role", nil)
req.Host = "localhost"
req.Header.Set("X-Forwarded-For", "10.0.0.1")
//nolint:errcheck // test-only; response body is irrelevant
app.Test(req)
Expand Down Expand Up @@ -76,6 +77,7 @@ func TestLogOmitsDetailsWhenEmpty(t *testing.T) {
var buf bytes.Buffer
captureLog(&buf, func() {
req := httptest.NewRequest("DELETE", "/api/users/target-456", nil)
req.Host = "localhost"
//nolint:errcheck // test-only
app.Test(req)
})
Expand Down Expand Up @@ -104,6 +106,7 @@ func TestLogUnauthorizedAttempt(t *testing.T) {
var buf bytes.Buffer
captureLog(&buf, func() {
req := httptest.NewRequest("GET", "/api/users", nil)
req.Host = "localhost"
//nolint:errcheck // test-only
app.Test(req)
})
Expand Down Expand Up @@ -151,6 +154,7 @@ func TestLogPersistsAuditEntry(t *testing.T) {
})

req := httptest.NewRequest("PUT", "/api/settings", nil)
req.Host = "localhost"
req.Header.Set("X-Forwarded-For", "203.0.113.10")
_, err := app.Test(req)
if err != nil {
Expand Down Expand Up @@ -204,6 +208,7 @@ func TestLogStoreFailureLogsError(t *testing.T) {
var buf bytes.Buffer
captureLog(&buf, func() {
req := httptest.NewRequest("POST", "/api/login", nil)
req.Host = "localhost"
_, err := app.Test(req)
if err != nil {
t.Fatalf("app.Test() error = %v", err)
Expand Down
2 changes: 2 additions & 0 deletions pkg/api/handlers/agentic_detection_runs_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -153,6 +153,7 @@
env.App.Get("/api/detection-runs", h.GetDetectionRuns)

req, err := http.NewRequest("GET", "/api/detection-runs", nil)
req.Host = "localhost"

Check failure on line 156 in pkg/api/handlers/agentic_detection_runs_test.go

View workflow job for this annotation

GitHub Actions / pr-check

error: Potential nil panic detected. Observed nil flow from source to dereference point:
require.NoError(t, err)
req.Header.Set("X-Demo-Mode", "true")

Expand All @@ -178,6 +179,7 @@
env.App.Get("/api/detection-runs", h.GetDetectionRuns)

req, err := http.NewRequest("GET", "/api/detection-runs", nil)
req.Host = "localhost"

Check failure on line 182 in pkg/api/handlers/agentic_detection_runs_test.go

View workflow job for this annotation

GitHub Actions / pr-check

error: Potential nil panic detected. Observed nil flow from source to dereference point:
require.NoError(t, err)

resp, err := env.App.Test(req, 5000)
Expand Down
26 changes: 23 additions & 3 deletions pkg/api/handlers/auth/auth_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,7 @@ func TestDevModeLogin(t *testing.T) {
mockStore.On("UpdateLastLogin", mock.Anything).Return(nil).Once()

req, _ := http.NewRequest("GET", "/auth/dev", nil)
req.Host = "localhost"
resp, err := app.Test(req, 5000)

assert.NoError(t, err)
Expand All @@ -77,6 +78,7 @@ func TestDevModeLogin(t *testing.T) {
mockStore.On("UpdateLastLogin", existingUser.ID).Return(nil).Once()

req, _ := http.NewRequest("GET", "/auth/dev", nil)
req.Host = "localhost"
resp, err := app.Test(req, 5000)

assert.NoError(t, err)
Expand All @@ -94,6 +96,7 @@ func TestDevModeLogin(t *testing.T) {
// want to exercise the CSRF gate should build requests directly.
func refreshReq(authHeader string) *http.Request {
req, err := http.NewRequest("POST", "/auth/refresh", nil)
req.Host = "localhost"
if err != nil {
panic(err)
}
Expand Down Expand Up @@ -188,6 +191,7 @@ func TestRefreshToken(t *testing.T) {
token, _ := handler.generateJWT(user)

req, _ := http.NewRequest("POST", "/auth/refresh", nil)
req.Host = "localhost"
req.Header.Set("Authorization", "Bearer "+token)
resp, _ := app.Test(req, 5000)
assert.Equal(t, http.StatusForbidden, resp.StatusCode,
Expand Down Expand Up @@ -328,11 +332,11 @@ func TestGitHubLogin_Redirects(t *testing.T) {
app.Get("/auth/github", handler.GitHubLogin)

req, _ := http.NewRequest("GET", "/auth/github", nil)
req.Host = "localhost"
resp, err := app.Test(req, 5000)

assert.NoError(t, err)
assert.Equal(t, http.StatusTemporaryRedirect, resp.StatusCode)

loc, _ := resp.Location()
assert.Contains(t, loc.String(), "github.com/login/oauth/authorize")
assert.Contains(t, loc.String(), "client_id=client-id")
Expand Down Expand Up @@ -362,6 +366,7 @@ func TestGitHubCallback_MissingCode(t *testing.T) {
app.Get("/auth/callback", handler.GitHubCallback)

req, _ := http.NewRequest("GET", "/auth/callback", nil)
req.Host = "localhost"
resp, err := app.Test(req, 5000)
if err != nil || resp == nil {
t.Fatalf("app.Test failed: %v", err)
Expand All @@ -378,6 +383,7 @@ func TestGitHubCallback_InvalidState(t *testing.T) {

// Provide code but no state
req, _ := http.NewRequest("GET", "/auth/callback?code=123", nil)
req.Host = "localhost"
resp, err := app.Test(req, 5000)
if err != nil || resp == nil {
t.Fatalf("app.Test failed: %v", err)
Expand All @@ -394,6 +400,7 @@ func TestGitHubCallback_GitHubError(t *testing.T) {

t.Run("Access denied by user", func(t *testing.T) {
req, _ := http.NewRequest("GET", "/auth/callback?error=access_denied&error_description=The+user+denied+access", nil)
req.Host = "localhost"
resp, err := app.Test(req, 5000)
if err != nil || resp == nil {
t.Fatalf("app.Test failed: %v", err)
Expand All @@ -407,6 +414,7 @@ func TestGitHubCallback_GitHubError(t *testing.T) {

t.Run("Generic GitHub error", func(t *testing.T) {
req, _ := http.NewRequest("GET", "/auth/callback?error=application_suspended&error_description=App+is+suspended", nil)
req.Host = "localhost"
resp, err := app.Test(req, 5000)
if err != nil || resp == nil {
t.Fatalf("app.Test failed: %v", err)
Expand Down Expand Up @@ -468,6 +476,7 @@ func TestGitHubCallback_RecoversFromValidCookieOnStateFailure(t *testing.T) {
assert.NoError(t, err)

req, _ := http.NewRequest("GET", "/auth/callback?code=123&state=bogus", nil)
req.Host = "localhost"
req.AddCookie(&http.Cookie{Name: jwtCookieName, Value: cookieToken})

resp, err := app.Test(req, 5000)
Expand All @@ -483,6 +492,7 @@ func TestGitHubCallback_RecoversFromValidCookieOnStateFailure(t *testing.T) {

t.Run("missing cookie + invalid state redirects to error page", func(t *testing.T) {
req, _ := http.NewRequest("GET", "/auth/callback?code=123&state=bogus", nil)
req.Host = "localhost"

resp, err := app.Test(req, 5000)
assert.NoError(t, err)
Expand All @@ -505,6 +515,7 @@ func TestGitHubCallback_RecoversFromValidCookieOnStateFailure(t *testing.T) {
expiredSigned, _ := expiredJWT.SignedString([]byte("test-secret"))

req, _ := http.NewRequest("GET", "/auth/callback?code=123&state=bogus", nil)
req.Host = "localhost"
req.AddCookie(&http.Cookie{Name: jwtCookieName, Value: expiredSigned})

resp, err := app.Test(req, 5000)
Expand All @@ -530,6 +541,7 @@ func TestGitHubCallback_RecoversFromValidCookieOnStateFailure(t *testing.T) {
forgedSigned, _ := forgedJWT.SignedString([]byte("not-the-real-secret"))

req, _ := http.NewRequest("GET", "/auth/callback?code=123&state=bogus", nil)
req.Host = "localhost"
req.AddCookie(&http.Cookie{Name: jwtCookieName, Value: forgedSigned})

resp, err := app.Test(req, 5000)
Expand All @@ -548,6 +560,7 @@ func TestGitHubCallback_RecoversFromValidCookieOnStateFailure(t *testing.T) {
assert.NoError(t, err)

req, _ := http.NewRequest("GET", "/auth/callback?code=123", nil)
req.Host = "localhost"
req.AddCookie(&http.Cookie{Name: jwtCookieName, Value: cookieToken})

resp, err := app.Test(req, 5000)
Expand Down Expand Up @@ -752,9 +765,12 @@ func TestGitHubCallback_SanitizesErrorDescription(t *testing.T) {

// Include CR/LF in the query param; after URL decoding the handler
// should strip the control characters before reflecting them.
req, _ := http.NewRequest("GET",
req, _ := http.NewRequest(
"GET",
"/auth/callback?error=access_denied&error_description=bad%0D%0Ainjected",
nil)
nil,
)
req.Host = "localhost"
resp, err := app.Test(req, 5000)
require.NoError(t, err)
assert.Equal(t, http.StatusTemporaryRedirect, resp.StatusCode)
Expand All @@ -778,6 +794,7 @@ func TestLogout_RequiresCSRFHeader(t *testing.T) {

// Without the CSRF header: 403.
req, err := http.NewRequest("POST", "/auth/logout", nil)
req.Host = "localhost"
require.NoError(t, err)
req.Header.Set("Authorization", "Bearer "+token)
resp, err := app.Test(req, 5000)
Expand All @@ -786,6 +803,7 @@ func TestLogout_RequiresCSRFHeader(t *testing.T) {

// With the CSRF header: 200.
req2, err := http.NewRequest("POST", "/auth/logout", nil)
req2.Host = "localhost"
require.NoError(t, err)
req2.Header.Set("Authorization", "Bearer "+token)
req2.Header.Set("X-Requested-With", "XMLHttpRequest")
Expand Down Expand Up @@ -813,6 +831,7 @@ func TestLogout_ExpiredTokenIdempotent(t *testing.T) {
signed, _ := tok.SignedString([]byte("test-secret"))

req, err := http.NewRequest("POST", "/auth/logout", nil)
req.Host = "localhost"
require.NoError(t, err)
req.Header.Set("Authorization", "Bearer "+signed)
req.Header.Set("X-Requested-With", "XMLHttpRequest")
Expand All @@ -836,6 +855,7 @@ func TestCookieSameSiteStrict(t *testing.T) {
mockStore.On("UpdateLastLogin", mock.Anything).Return(nil).Once()

req, _ := http.NewRequest("GET", "/auth/dev", nil)
req.Host = "localhost"
resp, err := app.Test(req, 5000)
require.NoError(t, err)

Expand Down
3 changes: 3 additions & 0 deletions pkg/api/handlers/card_proxy_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -121,6 +121,7 @@
app.Get("/api/card-proxy", handler.Proxy)

req, err := http.NewRequest(http.MethodGet, "/api/card-proxy?url=https://example.com", nil)
req.Host = "localhost"

Check failure on line 124 in pkg/api/handlers/card_proxy_test.go

View workflow job for this annotation

GitHub Actions / pr-check

error: Potential nil panic detected. Observed nil flow from source to dereference point:
require.NoError(t, err)

resp, err := app.Test(req, -1)
Expand Down Expand Up @@ -148,6 +149,7 @@
app.Get("/api/card-proxy", handler.Proxy)

req, err := http.NewRequest(http.MethodGet, "/api/card-proxy", nil)
req.Host = "localhost"

Check failure on line 152 in pkg/api/handlers/card_proxy_test.go

View workflow job for this annotation

GitHub Actions / pr-check

error: Potential nil panic detected. Observed nil flow from source to dereference point:
require.NoError(t, err)

resp, err := app.Test(req, -1)
Expand All @@ -168,6 +170,7 @@
app.Get("/api/card-proxy", handler.Proxy)

req, err := http.NewRequest(http.MethodGet, "/api/card-proxy", nil)
req.Host = "localhost"

Check failure on line 173 in pkg/api/handlers/card_proxy_test.go

View workflow job for this annotation

GitHub Actions / pr-check

error: Potential nil panic detected. Observed nil flow from source to dereference point:
require.NoError(t, err)

resp, err := app.Test(req, -1)
Expand Down
2 changes: 2 additions & 0 deletions pkg/api/handlers/compliance/acmm_scan_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ func TestACMMScanHandler_Demo(t *testing.T) {
env.App.Get("/api/acmm/scan", ACMMScanHandler)

req, err := http.NewRequest("GET", "/api/acmm/scan?repo=kubestellar/console", nil)
req.Host = "localhost"
require.NoError(t, err)
req.Header.Set("X-Demo-Mode", "true")

Expand All @@ -38,6 +39,7 @@ func TestACMMScanHandler_InvalidRepo(t *testing.T) {
env.App.Get("/api/acmm/scan", ACMMScanHandler)

req, err := http.NewRequest("GET", "/api/acmm/scan?repo=invalid-repo", nil)
req.Host = "localhost"
require.NoError(t, err)

resp, err := env.App.Test(req, 5000)
Expand Down
9 changes: 9 additions & 0 deletions pkg/api/handlers/compliance/compliance_frameworks_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ func TestListFrameworks(t *testing.T) {
app, _ := setupComplianceFrameworksTest()

req, err := http.NewRequest("GET", "/api/compliance/frameworks/", nil)
req.Host = "localhost"
require.NoError(t, err)
resp, err := app.Test(req, 5000)
assert.NoError(t, err)
Expand All @@ -42,6 +43,7 @@ func TestGetFramework(t *testing.T) {
app, _ := setupComplianceFrameworksTest()

req, err := http.NewRequest("GET", "/api/compliance/frameworks/pci-dss-4.0", nil)
req.Host = "localhost"
require.NoError(t, err)
resp, err := app.Test(req, 5000)
assert.NoError(t, err)
Expand All @@ -58,6 +60,7 @@ func TestGetFrameworkNotFound(t *testing.T) {
app, _ := setupComplianceFrameworksTest()

req, err := http.NewRequest("GET", "/api/compliance/frameworks/nonexistent", nil)
req.Host = "localhost"
require.NoError(t, err)
resp, err := app.Test(req, 5000)
assert.NoError(t, err)
Expand All @@ -70,6 +73,7 @@ func TestEvaluateFrameworkDemo(t *testing.T) {
body := `{"cluster":"demo-cluster"}`
req, err := http.NewRequest("POST", "/api/compliance/frameworks/pci-dss-4.0/evaluate",
strings.NewReader(body))
req.Host = "localhost"
require.NoError(t, err)
req.Header.Set("Content-Type", "application/json")
resp, err := app.Test(req, 5000)
Expand All @@ -89,6 +93,7 @@ func TestEvaluateFrameworkNotFound(t *testing.T) {
body := `{"cluster":"c"}`
req, err := http.NewRequest("POST", "/api/compliance/frameworks/nonexistent/evaluate",
strings.NewReader(body))
req.Host = "localhost"
require.NoError(t, err)
req.Header.Set("Content-Type", "application/json")
resp, err := app.Test(req, 5000)
Expand All @@ -102,6 +107,7 @@ func TestEvaluateFrameworkMissingCluster(t *testing.T) {
body := `{}`
req, err := http.NewRequest("POST", "/api/compliance/frameworks/pci-dss-4.0/evaluate",
strings.NewReader(body))
req.Host = "localhost"
require.NoError(t, err)
req.Header.Set("Content-Type", "application/json")
resp, err := app.Test(req, 5000)
Expand All @@ -114,6 +120,7 @@ func TestEvaluateFrameworkBadBody(t *testing.T) {

req, err := http.NewRequest("POST", "/api/compliance/frameworks/pci-dss-4.0/evaluate",
strings.NewReader("not json"))
req.Host = "localhost"
require.NoError(t, err)
req.Header.Set("Content-Type", "application/json")
resp, err := app.Test(req, 5000)
Expand Down Expand Up @@ -172,6 +179,7 @@ func TestEvaluateLiveCluster(t *testing.T) {
body := `{"cluster":"live-cluster"}`
req, err := http.NewRequest("POST", "/api/compliance/frameworks/pci-dss-4.0/evaluate",
strings.NewReader(body))
req.Host = "localhost"
require.NoError(t, err)
req.Header.Set("Content-Type", "application/json")
resp, err := app.Test(req, 10000)
Expand Down Expand Up @@ -231,6 +239,7 @@ func TestEvaluateFrameworkLiveError(t *testing.T) {
body := `{"cluster":"bad-cluster"}`
req, err := http.NewRequest("POST", "/api/compliance/frameworks/pci-dss-4.0/evaluate",
strings.NewReader(body))
req.Host = "localhost"
require.NoError(t, err)
req.Header.Set("Content-Type", "application/json")
resp, err := app.Test(req, 10000)
Expand Down
2 changes: 2 additions & 0 deletions pkg/api/handlers/crds_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,7 @@
require.NoError(t, err)

req, err := http.NewRequest(http.MethodGet, "/api/crds", nil)
req.Host = "localhost"

Check failure on line 55 in pkg/api/handlers/crds_test.go

View workflow job for this annotation

GitHub Actions / pr-check

error: Potential nil panic detected. Observed nil flow from source to dereference point:
require.NoError(t, err)

resp, err := env.App.Test(req, 5000)
Expand All @@ -72,6 +73,7 @@
env.App.Get("/api/crds", handler.ListCRDs)

req, err := http.NewRequest(http.MethodGet, "/api/crds", nil)
req.Host = "localhost"

Check failure on line 76 in pkg/api/handlers/crds_test.go

View workflow job for this annotation

GitHub Actions / pr-check

error: Potential nil panic detected. Observed nil flow from source to dereference point:
require.NoError(t, err)

resp, err := env.App.Test(req, 5000)
Expand Down
Loading
Loading