Test: Add missing coverage for DatabaseManager, API routes, Sentinel ingest and RAG pipeline#174
Test: Add missing coverage for DatabaseManager, API routes, Sentinel ingest and RAG pipeline#174emon22-ts wants to merge 8 commits into
Conversation
|
@parthrohit22 , @ritiksah141 - assigning the review to u both, seems like you are the code owners and do know the codebase well and what value add this brings in, please do touch base with this. |
|
Container scan - Broken CI, the push for the fix has been done to dev which triggers in the next commit, hence go ahead without minding that CI response. |
ritiksah141
left a comment
There was a problem hiding this comment.
I pulled the branch and reviewed it against the current architecture and latest dev. All 72 added tests pass, ruff passes, and the branch has no merge conflicts. The earlier Trivy failure is not part of this review, as requested in the PR discussion.
I found three coverage gaps that should be corrected before approval:
- The score tests reproduce arithmetic locally instead of executing DatabaseManager.get_score(), so regressions in production SQL aggregation and floor handling would not be detected.
- The Sentinel retry tests only assert the final False result and do not prove that three attempts occurred.
- The RAG chunking tests pass a chunk_overlap value but never verify overlap behavior.
Please also update the PR description because Closes #174 refers to this pull request itself rather than a related issue.
| class TestScoreCalculation: | ||
| """Tests for score calculation logic.""" | ||
|
|
||
| def test_score_starts_at_100(self): |
There was a problem hiding this comment.
These tests recreate the scoring arithmetic inside the test instead of calling DatabaseManager.get_score(). A regression in the query aggregation or the production floor logic would still pass. Please mock the connection rows and assert results returned by db.get_score(). Also add coverage for at least one persistence method or narrow the stated CRUD scope, since _make_db is currently unused.
| with patch("requests.post", return_value=mock_response): | ||
| with patch("time.sleep"): | ||
| result = ingest.send([ingest.normalise(RAW_FINDING, "scan-001")]) | ||
| assert result is False |
There was a problem hiding this comment.
This only verifies the final False result. It would still pass if send() stopped retrying after one request. Keep the requests.post mock and assert call_count == 3. The exception path should make the same assertion so the claimed retry behavior is protected.
| long_content = "word " * 300 | ||
| docs = [self._make_doc(long_content)] | ||
| chunks = chunk_documents(docs, chunk_size=100, chunk_overlap=10) | ||
| assert len(chunks) > 1 |
There was a problem hiding this comment.
The PR says chunk overlap is covered, but this assertion only proves that a long document creates multiple chunks. Please assert that adjacent chunk contents contain the requested overlap, or adjust the stated coverage scope.
m-khan-97
left a comment
There was a problem hiding this comment.
Went through this against the actual source for the three areas Ritik flagged, since I wanted to confirm they're real before piling on rather than just trusting the summary. All three check out:
- Score tests never call the real code path.
TestScoreCalculationintest_database_manager.pyreproduces the arithmetic inline (score -= SEVERITY_WEIGHTS["HIGH"]) instead of callingDatabaseManager.get_score(). A bug in the actual SQL aggregation/floor logic would sail through untouched. - Sentinel retry tests don't verify retry count. I checked
sentinel/ingest.py:64—send()genuinely doesfor attempt in range(1, 4)(3 attempts). Buttest_send_returns_false_after_retriesandtest_send_retries_on_exceptiononly assert the finalFalse, nevermock_post.call_count == 3. Change that loop torange(1, 2)and both tests would still pass. - Chunk overlap is asserted by count, not content. Confirmed in
ai/chunker.py:51—chunk_overlapdirectly controlsstart = split_pos - chunk_overlapfor the next chunk. None of the chunker tests check that consecutive chunks actually share the expected overlapping text; they only check chunk count andchunk_indexpresence.
Agreeing with Ritik's request for changes on this basis — the coverage numbers are real (72 tests, all passing), but for the specific claims this PR makes (CI-001 through CI-004 "closed"), these three gaps mean the corresponding regressions could land undetected. Worth fixing before merge rather than as a fast-follow, since the whole point of this PR is closing coverage gaps precisely so regressions get caught.
One separate housekeeping item, also from Ritik's review and still true: the PR description says "Closes #174" but #174 is this PR's own tracking issue for the coverage gaps — please point it at the actual issue number if there is one, or drop the auto-close keyword if #174 is just this PR.
Nice test for the HMAC signature itself, by the way — test_build_signature_uses_hmac_sha256 independently recomputes the expected signature and compares against the real function's output rather than mocking it away. That's the right pattern; would be good to see the retry-count and chunk-overlap tests follow the same approach.
|
@emon22-ts , there are quite some changes to be done, please do touch base with this PR. |
parthrohit22
left a comment
There was a problem hiding this comment.
I reviewed PR #174 against its four changed test files, the existing review threads, and the underlying testing requirements in issue #153.
I agree with @ritiksah141’s three unresolved findings, which @m-khan-97 also independently confirmed:
- The score tests reproduce the arithmetic instead of calling
DatabaseManager.get_score(). - The Sentinel tests assert only the final
Falseresult and do not prove that all three retry attempts occur. - The chunker tests verify the number of chunks but not the configured overlap between adjacent chunks.
I will not repeat those inline comments. I found two additional coverage gaps:
- Issue #153 explicitly identifies
ai/embed.pyas part of the untested RAG pipeline, but this PR does not testbuild_vectorstore()or the vector-store creation path. - The drift, resources, and prioritization success tests use empty database results and assert only
200/JSON. Their main comparison, aggregation, ranking, and response-mapping behavior is therefore not exercised.
The DatabaseManager concern is particularly important: this PR’s current head contains a duplicated GROUP BY severity inside get_score(), while all the new tests still pass because none execute the real method. This defect is inherited from the older base rather than introduced by this PR, and updating the branch from current dev should incorporate its correction. A real get_score() test should nevertheless be added to prevent recurrence.
The HMAC-SHA256 test is well designed and independently verifies the production function. Most CI checks are green, and I am not attributing the acknowledged Trivy failure to this PR.
Before approval, please:
- Address the three existing unresolved review threads.
- Add non-empty success-path tests for drift, resources, and prioritization.
- Add mocked coverage for
ai/embed.py. - Update the branch from
devand rerun CI. - Correct the related issue reference:
Closes #174currently refers to this pull request itself; the matching OpenShield testing issue is #153. - Correct the per-file test counts to 20 DatabaseManager, 20 API route, 13 Sentinel, and 19 RAG tests, which total the stated 72.
Requesting changes until the claimed coverage gaps and the underlying acceptance criteria are fully addressed.
TFT444
left a comment
There was a problem hiding this comment.
@emon22-ts fix the following changes. they asking for
Vishnu2707
left a comment
There was a problem hiding this comment.
This PR is in an idle state, the contributor hasn't responded yet.
I'll takeover from the same branch remotely , expect updated pr within 12 hours, Thank you. |
|
Hi i will do the changes that are required and really sorry i was busy with my personal stuff |
|
Hi, all review feedback addressed:
80 tests passing, ruff check and ruff format both clean. Ready for re-review. Thank you! @Vishnu2707 @parthrohit22 @ritiksah141 @TFT444 @m-khan-97 |
parthrohit22
left a comment
There was a problem hiding this comment.
Thanks for addressing the earlier feedback. I re-reviewed commit d1a2c3d against the current test files and production implementations.
The DatabaseManager.get_score() tests now execute the real method with mocked query rows, and the Sentinel retry tests correctly verify three attempts and early exit after success. Those points are resolved.
A few blockers remain before approval:
- Update the branch from dev. The PR is currently 26 commits behind, and its inherited get_score() SQL still contains a duplicated GROUP BY severity. Current dev already contains the correction. Please rebase or merge dev and rerun CI.
- Add non-empty success-path coverage for drift, resources and prioritization. These tests remain unchanged: they use empty query results and assert only 200/JSON. They do not exercise drift comparison, resource aggregation/risk mapping, prioritization scoring, sorting or response construction.
- Make the overlap assertion deterministic. The new overlap test uses repetitive content and accepts any matching suffix, so it can pass even with chunk_overlap=0. Use unique input and assert the exact configured overlap between adjacent chunks.
- Strengthen the build_vectorstore() success test. It currently catches and ignores all exceptions and only asserts load_all_documents() was called. Remove the catch-all and verify collection creation, add() calls, final rename through modify(), and the returned chunk count.
- Update the PR description. It still references Closes #174 and retains the old test counts. The related testing issue is #153; since it is already closed, Refs #153 would be clearer.
Requesting changes until these items are addressed. The current CI run is green, but it must be rerun after synchronising the branch with dev.
|
hey @parthrohit22 it will be done soon in next 12 hours . |
…eManager and API routes
… count, add chunk overlap and embed.py tests
…ion success paths and rebase from dev
d1a2c3d to
b580064
Compare
- Rework _make_prioritization_db to use a single cursor with fetchone.side_effect for the two sequential fetchone() calls (scan_id, then total count), matching the route's actual single-cursor usage pattern. - Add missing resource_name field to high_rule/low_rule test fixtures, which the route reads unconditionally. - Add 'from __future__ import annotations' to cbom.py to fix a TypeError on Python 3.9 caused by the 'Dict[str, Any] | None' union syntax (PEP 604, requires 3.10+), which was crashing create_app() and every test that depends on it.
|
Hi @parthrohit22 @ritiksah141 , all review feedback addressed: 1.Fixed prioritization test mocks — _make_prioritization_db now uses a single cursor with fetchone.side_effect for the two sequential fetchone() calls (scan_id, then total count), matching the route's actual single-cursor query pattern 2.Added missing resource_name field to high_rule/low_rule fixtures in test_prioritization_high_severity_ranked_first, which the route reads unconditionally 3.Fixed Python 3.9 compatibility crash in cbom.py — added from future import annotations to support the Dict[str, Any] | None union syntax (PEP 604), which was breaking create_app() for the entire test suite 4.Fixed lint failures — added trailing newline to test_api_routes.py (W292) and ran ruff format on cbom.py and test_api_routes.py 24 tests passing, ruff check and ruff format both clean, all CI jobs green. |
parthrohit22
left a comment
There was a problem hiding this comment.
Reviewed the PR end-to-end — commits, changed files, and mapped everything back to issue #153. All four coverage gaps (CI-001 → CI-004) are addressed, the tests were verified against the actual source (get_score() weights/floor, build_signature() HMAC-SHA256, normalise() severity map + defaults, send() 3-attempt retry), the cbom.py from future import annotations is a legitimate and necessary Python 3.9 compat fix, and CI is fully green (19/19).
Thanks a lot @emon22-ts for turning this around and addressing every piece of review feedback — the score tests now exercise the real DatabaseManager.get_score() via a mocked cursor instead of re-implementing the arithmetic, the sentinel retry tests assert call_count == 3 (plus the early-exit-on-success case), and the chunker tests now verify actual shared overlap content between adjacent chunks. All three of the earlier review threads are genuinely resolved in code. 🙌
A couple of non-blocking nits I'll defer to @Vishnu2707 as maintainer, since the merge decision is yours:
_make_db() in test_database_manager.py is still unused — either wire it into a persistence-method test or drop it.
The test_database_manager.py docstring mentions "CRUD" but there's no actual CRUD/persistence-method test — worth trimming the docstring or adding one small insert/save test to match scope.
Neither of these blocks the merge in my view — happy to see them handled in a follow-up if you'd prefer to keep this one moving. @Vishnu2707 over to you on whether to merge as-is or fold the nits in first.
What does this PR do?
Closes the four test coverage gaps identified in the audit by adding unit tests for DatabaseManager, five API route files, Sentinel HMAC signing and field mappings, and the RAG pipeline.
Type of change
Coverage gaps addressed
Files added
tests/test_database_manager.py— 16 teststests/test_api_routes.py— 17 teststests/test_sentinel_ingest.py— 13 teststests/test_rag_pipeline.py— 18 testsTesting
Related issue
Closes #174