test: raise coverage 71.7% -> 90.9% with httptest-driven fetchOnce#1
Merged
Conversation
Adds zz_fetch_test.go covering the previously-untested fetchOnce path via an http.RoundTripper that rewrites raw.githubusercontent.com requests at a local httptest server. Also pins the iter-1 audit HIGH finding (no signature verification on runtime-fetched allowlist) as a regression-detection test, and drives the Service.Stop ctx-done branch. Includes zz_service_test.go which had been left untracked. Per-function coverage: - fetchOnce 0.0% -> 94.7% - Stop 85.7% -> 100% - Total 71.7% -> 90.9% Remaining ceiling lines (not fixable without source changes): - init malformed-embed branch (//go:embed payload is valid by construction) - Run timer.C fetch arm (fetchInterval=1h, defaultURL const = cannot drive a fast second iteration without real network) - fetchOnce http.NewRequestWithContext error branch (defaultURL is a const, nil ctx panics inside NewRequestWithContext) - jitter rand.Reader failure branch (rand.Reader is not injectable)
Welcome to Codecov 🎉Once you merge this PR into your default branch, you're all set! Codecov will compare coverage reports and display results in all future pull requests. ℹ️ You can also turn on project coverage checks and project coverage reporting on Pull Request comment Thanks for integrating Codecov - We've got you covered ☂️ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
zz_fetch_test.gocovering the previously 0%-coveredfetchOncevia anhttp.RoundTripperthat rewrites the constdefaultURLto a localhttptest.NewServer— no real network.Service.Stop'sctx.Done()branch (85.7% -> 100%).zz_service_test.gowhich had been left untracked in the working tree.Coverage delta
fetchOnceStopCeiling lines — why each one stays uncovered without source changes
initmalformed-embed branch (20%) — the only way to drive it is to ship a brokentrusted-agents.json, which//go:embedand CI already prevent.Runtimer.C fetch arm (66.7%) —fetchInterval = 1 * time.HouranddefaultURLare package consts; a second iteration can't be driven in test time without either modifying source or hitting the real GitHub URL.fetchOncehttp.NewRequestWithContexterror branch (94.7%) — only fires on parse failure of the constdefaultURLor a nil ctx (which panics insideNewRequestWithContext).jitterrand.Readerfailure branch (83.3%) —crypto/rand.Readeris a package var the function references directly; not injectable without source change.Test plan
go test -race -count=1 -timeout 180s ./...passes (2.7s, 0 failures)go vet ./...clean*_test.gofileshttptestAudit note for reviewers
TestFetchOnce_AcceptsAnyJSON_NoSignatureCheckis intentionally a guard test for the missing signature-verification gap, not a passive coverage hit. If signature verification ships, that test will fail and should be updated alongside the trust-model change.