Skip to content
Merged
Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
131 commits
Select commit Hold shift + click to select a range
bc40efb
Add hypothesis to poetry and fuzz test the index endpoint.
ahmedxgouda Mar 19, 2025
6c18da7
Refactor import statements in algolia_test.py for consistency
ahmedxgouda Mar 19, 2025
4a17780
Add the client ip address to the request META.
ahmedxgouda Mar 19, 2025
75aa9fe
Add fuzz testing for Slack event handlers and refactor algolia fuzz t…
ahmedxgouda Mar 21, 2025
625cc0e
Merge branch 'main' into feature/fuzz-testing
ahmedxgouda Mar 21, 2025
b078e92
Refactor fuzz tests for Slack event handlers to improve readability a…
ahmedxgouda Mar 21, 2025
f1f6718
Fix the poetry lock file.
ahmedxgouda Mar 21, 2025
c0ed1f9
Merge branch 'main' into feature/fuzz-testing
ahmedxgouda Mar 27, 2025
998bd29
Remove fuzz testing from algolia_search unit tests
ahmedxgouda Mar 28, 2025
6b240b4
Merge branch 'main' into feature/fuzz-testing
ahmedxgouda Mar 28, 2025
f060510
Merge branch 'main' into feature/fuzz-testing
ahmedxgouda Apr 1, 2025
ab68f1a
Create a docker file for fuzz-testing, add the run commands to the Ma…
ahmedxgouda Apr 1, 2025
d1d48ea
Refactor to improve quality
ahmedxgouda Apr 1, 2025
54f7fbe
Update fuzz testing setup: modify Makefile and Dockerfile, add entryp…
ahmedxgouda Apr 3, 2025
12b5139
Merge branch 'main' into feature/fuzz-testing
ahmedxgouda Apr 3, 2025
21283f7
Update poetry.lock to reflect dependency changes and version updates
ahmedxgouda Apr 3, 2025
c47b9fd
Create a fuzz configuration, update docker file, makefile, and the te…
ahmedxgouda Apr 4, 2025
de81b25
Merge branch 'main' into feature/fuzz-testing
ahmedxgouda Apr 4, 2025
5f79854
Refactor fuzz configuration by reorganizing imports and cleaning up w…
ahmedxgouda Apr 4, 2025
8330865
Update Dockerfile and entrypoint script to use Alpine base image and …
ahmedxgouda Apr 4, 2025
1ed4452
Run the server on port 8000 after the tests.
ahmedxgouda Apr 4, 2025
dd36f25
Merge branch 'main' into feature/fuzz-testing
ahmedxgouda Apr 5, 2025
0a9068d
Create a docker compose file for fuzz testing.
ahmedxgouda Apr 6, 2025
c5363db
Add 'graphqler' to custom dictionary
ahmedxgouda Apr 7, 2025
ccc28c8
Load data from nest.json and add graphqler to cspell dict.
ahmedxgouda Apr 7, 2025
ef20adb
Remove model-bakery dependency from pyproject.toml and update poetry.…
ahmedxgouda Apr 7, 2025
845e1c1
Merge branch 'main' into feature/fuzz-testing
ahmedxgouda Apr 7, 2025
8755056
Update graphqler command in docker compose and the healthcheck
ahmedxgouda Apr 8, 2025
6637d8c
Update graphql command to use backend service URL in docker-compose
ahmedxgouda Apr 8, 2025
decec65
Refactor docker-compose to build graphqler service from Dockerfile an…
ahmedxgouda Apr 9, 2025
672f097
Enhance fuzz testing setup: update Dockerfile and entrypoint scripts,…
ahmedxgouda Apr 10, 2025
ed62759
Merge branch 'main' into feature/fuzz-testing
ahmedxgouda Apr 10, 2025
49fa5f8
Update fuzz-test-backend command to abort on container exit
ahmedxgouda Apr 10, 2025
e1533ab
Merge branch 'main' into feature/fuzz-testing
ahmedxgouda Apr 10, 2025
dcba769
Add fuzz testing workflow and update image build steps
ahmedxgouda Apr 11, 2025
5e85b0b
Merge branch 'main' into feature/fuzz-testing
ahmedxgouda Apr 11, 2025
70312c5
Add .env file creation step for fuzz tests in CI/CD workflow
ahmedxgouda Apr 11, 2025
751f105
Add Docker Hub login step for fuzz tests in CI/CD workflow
ahmedxgouda Apr 11, 2025
4cb975a
Refactor for the checks
ahmedxgouda Apr 11, 2025
47daeda
Refactor fuzz testing workflow: replace Docker Hub login with buildx …
ahmedxgouda Apr 11, 2025
5e08107
Fix fuzz tests workflow: rename docker-compose file
ahmedxgouda Apr 11, 2025
de6bf2e
Refactor fuzz-tests job.
ahmedxgouda Apr 11, 2025
d908fcf
Add environment variables for fuzz tests configuration
ahmedxgouda Apr 11, 2025
d3f2987
Update fuzz tests environment variables
ahmedxgouda Apr 11, 2025
d3fd074
Merge branch 'main' into feature/fuzz-testing
ahmedxgouda Apr 19, 2025
7d5c20d
Resolve conflicts
ahmedxgouda Apr 22, 2025
03ecb0c
Fix poetry lock file
ahmedxgouda Apr 22, 2025
cf07402
Sort the custom-dict.
ahmedxgouda Apr 22, 2025
e0459d4
Merge branch 'main' into feature/fuzz-testing
ahmedxgouda May 2, 2025
54ce26a
Update content hash in poetry.lock
ahmedxgouda May 2, 2025
deaf1d0
Add docker cache mounts to the backend image
ahmedxgouda May 2, 2025
2236c73
Add Redis configuration
ahmedxgouda May 2, 2025
8ada3b9
Merge branch 'main' into feature/fuzz-testing
ahmedxgouda May 3, 2025
013537b
Merge branch 'main' into feature/fuzz-testing
ahmedxgouda May 6, 2025
8ec969f
refactor yaml
ahmedxgouda May 6, 2025
3839ef1
Add docker cache mounts to graphql file
ahmedxgouda May 6, 2025
f1e2c56
Remove unnecessary chmod command for cache directories in Dockerfile
ahmedxgouda May 6, 2025
2fabe70
Merge branch 'main' into feature/fuzz-testing
ahmedxgouda May 7, 2025
56acd52
Merge branch 'main' into 'feature/fuzz-testing'
ahmedxgouda May 27, 2025
a2436f5
Fix poetry lock file
ahmedxgouda May 27, 2025
25b98f5
Add cache mounts to backend tests
ahmedxgouda May 27, 2025
eb8c087
Update cache mounts in graphql image
ahmedxgouda May 27, 2025
e27ce00
Update mkdir in graphql image
ahmedxgouda May 27, 2025
8d8e3fe
Remove duplicates
ahmedxgouda May 27, 2025
303f825
Update tests
ahmedxgouda May 27, 2025
b57d2b2
Merge branch 'main' into feature/fuzz-testing
ahmedxgouda Oct 11, 2025
8bb36c9
Rename docker compose
ahmedxgouda Oct 11, 2025
c79570c
Update poetry lock
ahmedxgouda Oct 11, 2025
09fd7c5
Apply sonar
ahmedxgouda Oct 11, 2025
51a74b1
Migrate to OWASP repo
ahmedxgouda Oct 11, 2025
fdfc29d
Update docker
ahmedxgouda Oct 11, 2025
663b3e5
Use graphqler maintainer docker image
ahmedxgouda Oct 12, 2025
c4eab67
Add disable permissions, update docker compose, and update entrypoint
ahmedxgouda Oct 12, 2025
133c89f
Establish an e2e backend instance locally and in CI/CD (#2429)
ahmedxgouda Nov 23, 2025
59007a9
Fix running e2e backend (#2710)
ahmedxgouda Dec 12, 2025
2e4c7f8
Merge branch 'feature/e2e-backend' into feature/fuzz-testing
ahmedxgouda Dec 13, 2025
ab32308
Update code for e2e
ahmedxgouda Dec 13, 2025
166f387
Add runs-on
ahmedxgouda Dec 13, 2025
bf07032
Skip sonar and fix ci/cd
ahmedxgouda Dec 14, 2025
e7b6329
Apply rabbit suggestion and override entrypoint in ci/cd
ahmedxgouda Dec 14, 2025
a7862ac
Use env with csrf
ahmedxgouda Dec 14, 2025
958c84e
Add timeout
ahmedxgouda Dec 14, 2025
4076d72
Remove hypothesis and old test files
ahmedxgouda Dec 14, 2025
88858ca
Apply rabbit's suggestions
ahmedxgouda Dec 14, 2025
c65e4cb
Update ci/cd and makefile
ahmedxgouda Dec 14, 2025
7d33ba8
Use digest pinning with graphqler image
ahmedxgouda Dec 14, 2025
a48b578
Update dockerfile and fix the typeerror issue
ahmedxgouda Dec 16, 2025
27d468f
Apply sonar suggestion
ahmedxgouda Dec 16, 2025
6d9f6a1
Apply sonar and rabbit suggestions
ahmedxgouda Dec 16, 2025
891baaf
Remove cache from ci/cd
ahmedxgouda Dec 16, 2025
4247342
Use curl instead of wget
ahmedxgouda Dec 16, 2025
c75ff58
Separate e2e from fuzz
ahmedxgouda Dec 17, 2025
b697d7a
Update fuzz ci/cd
ahmedxgouda Dec 17, 2025
a4d740b
Update CI/CD
ahmedxgouda Dec 17, 2025
cd56848
Run precommit
ahmedxgouda Dec 17, 2025
1640b3b
Update code
arkid15r Dec 20, 2025
04c8f1d
Update code
arkid15r Dec 20, 2025
b7d7f5d
Update docs, ci/cd, and apply suggestions
ahmedxgouda Dec 21, 2025
fcc4927
Use digest pinning and parameters in workflow
ahmedxgouda Dec 21, 2025
240720b
Apply sonar suggestions
ahmedxgouda Dec 21, 2025
df73958
Apply rabbit suggestions
ahmedxgouda Dec 21, 2025
e308775
Run migrations for fuzz testing in ci/cd
ahmedxgouda Dec 21, 2025
c643ada
Apply rabbit suggestions
ahmedxgouda Dec 21, 2025
a6d5605
Fix exceptions
arkid15r Dec 24, 2025
52a9b68
Establish an e2e backend instance locally and in CI/CD (#2429)
ahmedxgouda Nov 23, 2025
029db6e
Fix running e2e backend (#2710)
ahmedxgouda Dec 12, 2025
de86aab
Add backend/data/nest.sql.gz
arkid15r Dec 24, 2025
47d0feb
Merge branch 'feature/e2e-backend' into pr/ahmedxgouda/1139
arkid15r Dec 24, 2025
e62fed6
Update code
arkid15r Dec 24, 2025
86184a7
Automate data loading
arkid15r Dec 24, 2025
5f7ad2d
Update dump_data to avoid exceptions
ahmedxgouda Dec 24, 2025
2f78434
Update dump_data and automated data_loading
ahmedxgouda Dec 24, 2025
c400be4
Update CI/CD
ahmedxgouda Dec 24, 2025
7ea774e
Update tests
ahmedxgouda Dec 24, 2025
fed517c
Add timeout for fuzz tests
ahmedxgouda Dec 24, 2025
02b5e63
Update timeout for fuzz
ahmedxgouda Dec 24, 2025
ea7e23d
Update CI/CD
ahmedxgouda Dec 24, 2025
2c59b86
Update CI/CD
ahmedxgouda Dec 24, 2025
f67d9ac
Update CI/CD
ahmedxgouda Dec 24, 2025
4edfb7b
Apply rabbit's suggestions
ahmedxgouda Dec 24, 2025
2fcf6b9
Update backend/Makefile
arkid15r Dec 24, 2025
db1a7a1
Update make targets and docker compose
ahmedxgouda Dec 25, 2025
cefb150
Add volume for graphql fuzzing results and add upload artifacts in ci/cd
ahmedxgouda Dec 25, 2025
7fb30f3
Update ci/cd
ahmedxgouda Dec 25, 2025
8444288
Update ci/cd
ahmedxgouda Dec 25, 2025
f79b403
Update ci/cd
ahmedxgouda Dec 25, 2025
6c2d0f0
Update ci/cd
ahmedxgouda Dec 25, 2025
6f15af2
Update docker compose and makefile
ahmedxgouda Dec 26, 2025
9886459
Apply rabbit's suggestions
ahmedxgouda Dec 26, 2025
c648ada
Update dump to match the last nest.json.gz
ahmedxgouda Dec 29, 2025
00b1f84
Merge branch 'feature/e2e-backend' into pr/ahmedxgouda/1139
arkid15r Dec 29, 2025
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 36 additions & 2 deletions backend/poetry.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions backend/pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@ slack-bolt = "^1.22.0"
djlint = "^1.36.4"
pre-commit = "^4.1.0"
ruff = "^0.11.0"
hypothesis = "^6.129.4"

[tool.poetry.group.test.dependencies]
pytest = "^8.3.4"
Expand Down
27 changes: 27 additions & 0 deletions backend/tests/core/api/algolia_test.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
import pytest
import requests
from django.core.cache import cache
from hypothesis import given, strategies

from apps.core.api.algolia import algolia_search

Expand Down Expand Up @@ -138,3 +139,29 @@ def test_algolia_search_invalid_request(

assert response.status_code == requests.codes.bad_request
assert response_data["error"] == error_message

@given(
index_name=strategies.text(),
query=strategies.text(),
page=strategies.integers(),
hits_per_page=strategies.integers(),
facet_filters=strategies.lists(strategies.text()),

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Constrain strategy value ranges for page and hits_per_page.

Currently, the page and hits_per_page strategies allow any integer value, including negatives and zero, which are likely invalid inputs in the production code. The existing unit tests in this file (lines 107-110) show that validation is needed for these parameters.

-        page=strategies.integers(),
-        hits_per_page=strategies.integers(),
+        page=strategies.integers(min_value=1),
+        hits_per_page=strategies.integers(min_value=1, max_value=1000),

This change aligns with the validation being performed in the implementation and matches the constraints in the parametrized tests above.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
query=strategies.text(),
page=strategies.integers(),
hits_per_page=strategies.integers(),
facet_filters=strategies.lists(strategies.text()),
query=strategies.text(),
page=strategies.integers(min_value=1),
hits_per_page=strategies.integers(min_value=1, max_value=1000),
facet_filters=strategies.lists(strategies.text()),

)
def test_fuzz_algolia_search(self, index_name, query, page, hits_per_page, facet_filters):
"""Test the algolia_search function with fuzz testing."""
mock_request = Mock()
mock_request.method = "POST"
mock_request.META = {"HTTP_X_FORWARDED_FOR": CLIENT_IP_ADDRESS}
mock_request.body = json.dumps(
{
"facetFilters": facet_filters,
"hitsPerPage": hits_per_page,
"indexName": index_name,
"page": page,
"query": query,
}
)

response = algolia_search(mock_request)

assert response.status_code in [requests.codes.ok, requests.codes.bad_request]
Empty file.
Empty file.
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
from unittest.mock import MagicMock, patch

from django.conf import settings

from apps.slack.constants import (
OWASP_CONTRIBUTE_CHANNEL_ID,
)
from apps.slack.events.member_joined_channel.contribute import contribute_handler

from hypothesis import given, strategies as st

class TestContributeEventHandler:
@given(
events_enabled=st.booleans(),
project_count=st.integers(),
issue_count=st.integers(),
)
@patch("apps.owasp.models.project.Project.active_projects_count")
@patch("apps.github.models.issue.Issue.open_issues_count")
def test_handler_responses(
self,
mock_open_issues_count,
mock_active_projects_count,
events_enabled,
project_count,
issue_count,
):
settings.SLACK_EVENTS_ENABLED = events_enabled
mock_active_projects_count.return_value = project_count
mock_open_issues_count.return_value = issue_count
mock_slack_event = {"user": "U123456", "channel": OWASP_CONTRIBUTE_CHANNEL_ID}
mock_slack_client = MagicMock()
mock_slack_client.conversations_open.return_value = {"channel": {"id": "C123456"}}


contribute_handler(event=mock_slack_event, client=mock_slack_client, ack=MagicMock())

assert True

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Add constraints to fuzz test parameters and strengthen assertions

The current test doesn't place constraints on generated integers and uses a trivial assertion.

Update the test with improved constraints and assertions:

    @given(
        events_enabled=st.booleans(),
-       project_count=st.integers(),
-       issue_count=st.integers(),
+       project_count=st.integers(min_value=0),
+       issue_count=st.integers(min_value=0),
    )
    @patch("apps.owasp.models.project.Project.active_projects_count")
    @patch("apps.github.models.issue.Issue.open_issues_count")
    def test_handler_responses(
        self,
        mock_open_issues_count,
        mock_active_projects_count,
        events_enabled,
        project_count,
        issue_count,
    ):
        settings.SLACK_EVENTS_ENABLED = events_enabled
        mock_active_projects_count.return_value = project_count
        mock_open_issues_count.return_value = issue_count
        mock_slack_event = {"user": "U123456", "channel": OWASP_CONTRIBUTE_CHANNEL_ID}
        mock_slack_client = MagicMock()
        mock_slack_client.conversations_open.return_value = {"channel": {"id": "C123456"}}
        
        contribute_handler(event=mock_slack_event, client=mock_slack_client, ack=MagicMock())
        
-       assert True
+       # Verify the behavior based on whether events are enabled
+       if events_enabled:
+           mock_slack_client.conversations_open.assert_called_once_with(user="U123456")
+           mock_slack_client.chat_postMessage.assert_called()
+           # You could also verify that the message contains the project_count and issue_count
+       else:
+           mock_slack_client.conversations_open.assert_not_called()
+           mock_slack_client.chat_postMessage.assert_not_called()

Using non-negative integers for counts makes the test more realistic, as negative counts wouldn't make sense in this context.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
@given(
events_enabled=st.booleans(),
project_count=st.integers(),
issue_count=st.integers(),
)
@patch("apps.owasp.models.project.Project.active_projects_count")
@patch("apps.github.models.issue.Issue.open_issues_count")
def test_handler_responses(
self,
mock_open_issues_count,
mock_active_projects_count,
events_enabled,
project_count,
issue_count,
):
settings.SLACK_EVENTS_ENABLED = events_enabled
mock_active_projects_count.return_value = project_count
mock_open_issues_count.return_value = issue_count
mock_slack_event = {"user": "U123456", "channel": OWASP_CONTRIBUTE_CHANNEL_ID}
mock_slack_client = MagicMock()
mock_slack_client.conversations_open.return_value = {"channel": {"id": "C123456"}}
contribute_handler(event=mock_slack_event, client=mock_slack_client, ack=MagicMock())
assert True
@given(
events_enabled=st.booleans(),
project_count=st.integers(min_value=0),
issue_count=st.integers(min_value=0),
)
@patch("apps.owasp.models.project.Project.active_projects_count")
@patch("apps.github.models.issue.Issue.open_issues_count")
def test_handler_responses(
self,
mock_open_issues_count,
mock_active_projects_count,
events_enabled,
project_count,
issue_count,
):
settings.SLACK_EVENTS_ENABLED = events_enabled
mock_active_projects_count.return_value = project_count
mock_open_issues_count.return_value = issue_count
mock_slack_event = {"user": "U123456", "channel": OWASP_CONTRIBUTE_CHANNEL_ID}
mock_slack_client = MagicMock()
mock_slack_client.conversations_open.return_value = {"channel": {"id": "C123456"}}
contribute_handler(event=mock_slack_event, client=mock_slack_client, ack=MagicMock())
# Verify the behavior based on whether events are enabled
if events_enabled:
mock_slack_client.conversations_open.assert_called_once_with(user="U123456")
mock_slack_client.chat_postMessage.assert_called()
# You could also verify that the message contains the project_count and issue_count
else:
mock_slack_client.conversations_open.assert_not_called()
mock_slack_client.chat_postMessage.assert_not_called()
🧰 Tools
🪛 Ruff (0.8.2)

34-34: Blank line contains whitespace

Remove whitespace from blank line

(W293)


37-37: Blank line contains whitespace

Remove whitespace from blank line

(W293)

Comment thread
coderabbitai[bot] marked this conversation as resolved.
Outdated
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
from unittest.mock import MagicMock


from django.conf import settings
from hypothesis import given, strategies as st

from apps.slack.constants import OWASP_GSOC_CHANNEL_ID
from apps.slack.events.member_joined_channel.gsoc import gsoc_handler

class TestGsocEventHandler:
@given(
channel_id=st.text(),
)
def test_check_gsoc_handler(self, channel_id):
gsoc_module = __import__(
"apps.slack.events.member_joined_channel.gsoc",
fromlist=["gsoc_handler"],
)
check_gsoc_handler = getattr(
gsoc_module,
"check_gsoc_handler",
lambda x: x.get("channel") == OWASP_GSOC_CHANNEL_ID,
)

check_gsoc_handler({"channel": channel_id})

assert True
Comment thread
coderabbitai[bot] marked this conversation as resolved.
Outdated

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Simplify the dynamic import approach in test_check_gsoc_handler.

The current implementation uses a complex dynamic import approach with a fallback lambda. This makes the test harder to understand and may hide issues with the actual check_gsoc_handler function.

-    def test_check_gsoc_handler(self, channel_id):
-        gsoc_module = __import__(
-            "apps.slack.events.member_joined_channel.gsoc",
-            fromlist=["gsoc_handler"],
-        )
-        check_gsoc_handler = getattr(
-            gsoc_module,
-            "check_gsoc_handler",
-            lambda x: x.get("channel") == OWASP_GSOC_CHANNEL_ID,
-        )
-        
-        check_gsoc_handler({"channel": channel_id})
-        
-        assert True
+    def test_check_gsoc_handler(self, channel_id):
+        """Test that check_gsoc_handler correctly identifies the GSOC channel."""
+        from apps.slack.events.member_joined_channel.gsoc import check_gsoc_handler
+        
+        result = check_gsoc_handler({"channel": channel_id})
+        
+        # Verify the function returns True only for the GSOC channel
+        expected = (channel_id == OWASP_GSOC_CHANNEL_ID)
+        assert result == expected

This approach directly imports the function, tests it with the generated channel_id, and verifies it returns the expected result based on whether the channel matches the GSOC channel ID.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
def test_check_gsoc_handler(self, channel_id):
gsoc_module = __import__(
"apps.slack.events.member_joined_channel.gsoc",
fromlist=["gsoc_handler"],
)
check_gsoc_handler = getattr(
gsoc_module,
"check_gsoc_handler",
lambda x: x.get("channel") == OWASP_GSOC_CHANNEL_ID,
)
check_gsoc_handler({"channel": channel_id})
assert True
def test_check_gsoc_handler(self, channel_id):
"""Test that check_gsoc_handler correctly identifies the GSOC channel."""
from apps.slack.events.member_joined_channel.gsoc import check_gsoc_handler
result = check_gsoc_handler({"channel": channel_id})
# Verify the function returns True only for the GSOC channel
expected = (channel_id == OWASP_GSOC_CHANNEL_ID)
assert result == expected
🧰 Tools
🪛 Ruff (0.8.2)

24-24: Blank line contains whitespace

Remove whitespace from blank line

(W293)


26-26: Blank line contains whitespace

Remove whitespace from blank line

(W293)


Comment thread
coderabbitai[bot] marked this conversation as resolved.
Outdated
@given(
events_enabled=st.booleans(),
)
def test_handler_responses(self, events_enabled):
settings.SLACK_EVENTS_ENABLED = events_enabled
mock_slack_event = {"user": "U123456", "channel": OWASP_GSOC_CHANNEL_ID}
mock_slack_client = MagicMock()
mock_slack_client.conversations_open.return_value = {"channel": {"id": "C123456"}}

gsoc_handler(event=mock_slack_event, client=mock_slack_client, ack=MagicMock())

assert True

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Strengthen handler_responses test with mock verifications

The current test executes the handler but doesn't verify that it behaves correctly based on the events_enabled value.

Update the test to verify the expected behavior:

    @given(
        events_enabled=st.booleans(),
    )
    def test_handler_responses(self, events_enabled):
        settings.SLACK_EVENTS_ENABLED = events_enabled
        mock_slack_event = {"user": "U123456", "channel": OWASP_GSOC_CHANNEL_ID}
        mock_slack_client = MagicMock()
        mock_slack_client.conversations_open.return_value = {"channel": {"id": "C123456"}}
        
        gsoc_handler(event=mock_slack_event, client=mock_slack_client, ack=MagicMock())
        
-        assert True
+        # Verify that the Slack client was used appropriately based on events_enabled
+        if events_enabled:
+            mock_slack_client.conversations_open.assert_called_once_with(user="U123456")
+            mock_slack_client.chat_postMessage.assert_called()
+        else:
+            # If events are disabled, no Slack client operations should be performed
+            mock_slack_client.conversations_open.assert_not_called()
+            mock_slack_client.chat_postMessage.assert_not_called()
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
@given(
events_enabled=st.booleans(),
)
def test_handler_responses(self, events_enabled):
settings.SLACK_EVENTS_ENABLED = events_enabled
mock_slack_event = {"user": "U123456", "channel": OWASP_GSOC_CHANNEL_ID}
mock_slack_client = MagicMock()
mock_slack_client.conversations_open.return_value = {"channel": {"id": "C123456"}}
gsoc_handler(event=mock_slack_event, client=mock_slack_client, ack=MagicMock())
assert True
@given(
events_enabled=st.booleans(),
)
def test_handler_responses(self, events_enabled):
settings.SLACK_EVENTS_ENABLED = events_enabled
mock_slack_event = {"user": "U123456", "channel": OWASP_GSOC_CHANNEL_ID}
mock_slack_client = MagicMock()
mock_slack_client.conversations_open.return_value = {"channel": {"id": "C123456"}}
gsoc_handler(event=mock_slack_event, client=mock_slack_client, ack=MagicMock())
# Verify that the Slack client was used appropriately based on events_enabled
if events_enabled:
mock_slack_client.conversations_open.assert_called_once_with(user="U123456")
mock_slack_client.chat_postMessage.assert_called()
else:
# If events are disabled, no Slack client operations should be performed
mock_slack_client.conversations_open.assert_not_called()
mock_slack_client.chat_postMessage.assert_not_called()
🧰 Tools
🪛 Ruff (0.8.2)

37-37: Blank line contains whitespace

Remove whitespace from blank line

(W293)


39-39: Blank line contains whitespace

Remove whitespace from blank line

(W293)

Comment thread
coderabbitai[bot] marked this conversation as resolved.
Outdated

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Verification agent

❓ Verification inconclusive

Verify handler behavior with concrete assertions

Similar to the previous test method, this test only checks that the code runs without exceptions, but doesn't validate that the handler behaves as expected when events are enabled or disabled.

    def test_handler_responses(self, events_enabled):
        settings.SLACK_EVENTS_ENABLED = events_enabled
        mock_slack_event = {"user": "U123456", "channel": OWASP_GSOC_CHANNEL_ID}
        mock_slack_client = MagicMock()
        mock_slack_client.conversations_open.return_value = {"channel": {"id": "C123456"}}
        
        gsoc_handler(event=mock_slack_event, client=mock_slack_client, ack=MagicMock())
        
-       assert True
+       # When events are enabled, the client should attempt to open a conversation
+       if events_enabled:
+           mock_slack_client.conversations_open.assert_called_once_with(user=mock_slack_event["user"])
+       else:
+           mock_slack_client.conversations_open.assert_not_called()

Additionally, fix the formatting issues highlighted by the static analyzer:


🏁 Script executed:

#!/bin/bash
# Replace trailing whitespace and ensure a newline at end of file
sed -i 's/[[:space:]]*$//' backend/tests/slack/events/fuzz_tests/user_joind_channel/gsoc_test.py
echo '' >> backend/tests/slack/events/fuzz_tests/user_joind_channel/gsoc_test.py

Length of output: 108


Action Required: Add concrete assertions for Slack handler behavior

The current test in
backend/tests/slack/events/fuzz_tests/user_joind_channel/gsoc_test.py
merely ensures that no exceptions occur instead of validating the actual behavior. Please update the test as follows:

  • When events are enabled: Assert that mock_slack_client.conversations_open is called once with the proper user attribute from mock_slack_event.
  • When events are disabled: Assert that mock_slack_client.conversations_open is never called.

For example, consider replacing:

    gsoc_handler(event=mock_slack_event, client=mock_slack_client, ack=MagicMock())
    
-    assert True
+    if events_enabled:
+        mock_slack_client.conversations_open.assert_called_once_with(user=mock_slack_event["user"])
+    else:
+        mock_slack_client.conversations_open.assert_not_called()

Additionally, the formatting issues reported (trailing whitespace removal and ensuring a trailing newline) have been addressed by the static analyzer script. Please verify manually that these formatting fixes have been applied correctly to the file.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
@given(
events_enabled=st.booleans(),
)
def test_handler_responses(self, events_enabled):
settings.SLACK_EVENTS_ENABLED = events_enabled
mock_slack_event = {"user": "U123456", "channel": OWASP_GSOC_CHANNEL_ID}
mock_slack_client = MagicMock()
mock_slack_client.conversations_open.return_value = {"channel": {"id": "C123456"}}
gsoc_handler(event=mock_slack_event, client=mock_slack_client, ack=MagicMock())
assert True
@given(
events_enabled=st.booleans(),
)
def test_handler_responses(self, events_enabled):
settings.SLACK_EVENTS_ENABLED = events_enabled
mock_slack_event = {"user": "U123456", "channel": OWASP_GSOC_CHANNEL_ID}
mock_slack_client = MagicMock()
mock_slack_client.conversations_open.return_value = {"channel": {"id": "C123456"}}
gsoc_handler(event=mock_slack_event, client=mock_slack_client, ack=MagicMock())
# When events are enabled, the client should attempt to open a conversation
if events_enabled:
mock_slack_client.conversations_open.assert_called_once_with(user=mock_slack_event["user"])
else:
mock_slack_client.conversations_open.assert_not_called()
🧰 Tools
🪛 Ruff (0.8.2)

37-37: Blank line contains whitespace

Remove whitespace from blank line

(W293)


39-39: Blank line contains whitespace

Remove whitespace from blank line

(W293)


41-41: Blank line contains whitespace

Remove whitespace from blank line

(W293)


41-41: No newline at end of file

Add trailing newline

(W292)