Skip to content

[Test Improver] tests: improve coverage for security scanner and audit command#317

Draft
danielmeppiel wants to merge 1 commit intomainfrom
test-assist/security-scanner-coverage-73623316-856bf4f138e805c5
Draft

[Test Improver] tests: improve coverage for security scanner and audit command#317
danielmeppiel wants to merge 1 commit intomainfrom
test-assist/security-scanner-coverage-73623316-856bf4f138e805c5

Conversation

@danielmeppiel
Copy link
Collaborator

@danielmeppiel danielmeppiel commented Mar 16, 2026

🤖 This is a draft PR from Test Improver, an automated AI assistant focused on improving tests.

Goal and rationale

The apm audit command and ContentScanner security module were merged in #313 with good initial tests (26 tests), but several meaningful code paths were untested — particularly the classify() utility method, error-handling branches, and edge cases that guard against malformed lockfiles and filesystem issues. Since this is security-critical code (detecting hidden Unicode prompt injection), strong test coverage is especially valuable.

Approach

Targeted tests for uncovered code paths, organized into logical classes:

test_content_scanner.py — new TestClassify class:

  • ContentScanner.classify() method (lines 195–201): combined has_critical + summarize in one pass — not tested at all previously.

test_audit_command.py — new and extended tests:

  • Corrupt lockfile (line 87): lockfile exists but has invalid YAML → graceful exit
  • Missing deployed file (line 104): file listed in lockfile but absent on disk → silently skipped
  • Symlink skipping (line 65): symlinked files inside skill directories are not followed
  • TestApplyStripEdgeCases:
    • Nonexistent absolute path (line 302): returns modified=0 without crashing
    • Write error handling (lines 311–312): PermissionError on write → warning logged, no crash
  • Info + warning combined (line 270): _render_summary shows combined note when both info and warning findings are present

Coverage impact

File Before After
security/content_scanner.py 91% 100%
commands/audit.py 92% 96%
Combined total 92% 97%

Tests added: 67 → 79 (+12)

The only remaining uncovered lines (205–220) are the Rich→plaintext fallback rendering path, which would require mocking Rich's import mechanism and adds test complexity disproportionate to the value.

Test status

79 passed in 0.43s
1868 passed in 13.43s  (full suite)

All existing tests continue to pass. Black + isort applied.

Reproducibility

uv sync --extra dev
uv run pytest tests/unit/test_audit_command.py tests/unit/test_content_scanner.py \
  --cov=apm_cli.security --cov=apm_cli.commands.audit --cov-report=term-missing

Generated by Daily Test Improver ·

To install this agentic workflow, run

gh aw add githubnext/agentics/workflows/daily-test-improver.md@b87234850bf9664d198f28a02df0f937d0447295

@github-actions
tests: improve coverage for security scanner and audit command
dc6b125 
- Add TestClassify for ContentScanner.classify() (lines 195-201)
- Add tests for corrupt/invalid lockfile path (audit.py line 87)
- Add test for missing deployed file skipped silently (line 104)
- Add test for symlink skipping in directory scans (line 65)
- Add TestApplyStripEdgeCases: nonexistent abs path (line 302)
  and write error handling (lines 311-312)
- Add test for _render_summary info+warning combined note (line 270)

content_scanner.py: 91% → 100%
audit.py: 92% → 96%
Total new tests: +12 (67 → 79)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Awaiting requested review from Copilot Copilot will automatically review once the pull request is marked ready for review

At least 0 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

automation testing

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@danielmeppiel