Skip to content

Add comprehensive test coverage for failure scenarios in plugin system #29

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Jun 12, 2025
Merged

Add comprehensive test coverage for failure scenarios in plugin system #29

merged 5 commits into from
Jun 12, 2025

Conversation

Copilot
Copy link
Contributor

@Copilot Copilot AI commented Jun 12, 2025
edited
Loading

This PR significantly improves test coverage for failure cases across the core plugin system components, addressing missing coverage for raise statements and error handling paths.

Changes Made

Enhanced Plugin Loader Error Handling

  • Fixed SyntaxError handling: Updated plugin loading methods to properly catch SyntaxError exceptions in addition to StandardError, ensuring malformed plugin files are handled gracefully
  • Added comprehensive failure tests: 248 lines of new tests covering all failure scenarios including:
    • Malformed plugin files (syntax errors)
    • Path traversal security violations
    • Invalid class names
    • Incorrect inheritance hierarchies
    • File loading failures

Builder Configuration Error Coverage

  • Added tests for configuration validation failures
  • Added tests for endpoint validation failures
  • Added tests for plugin loading failures during application startup

Helpers JSON Security Limits

  • Added test for JSON payload size limit enforcement
  • Ensures the security protection against oversized JSON payloads is properly tested

Lifecycle Plugin Component Access

  • Added test coverage for global component accessor methods
  • Ensures the plugin system's integration points are properly tested

Test Coverage Improvement

  • Before: 91.03% line coverage
  • After: 92.65% line coverage
  • All 464 tests pass
  • Linting is clean with no offenses

Security Benefits

The new tests specifically cover important security scenarios:

  • Path traversal attempts in plugin loading
  • Class name validation to prevent dangerous class loading
  • JSON size limits to prevent denial of service attacks

Example of New Test Coverage

it "raises error for auth plugin path traversal attempt" do
  expect {
    described_class.send(:load_custom_auth_plugin, outside_file, temp_auth_dir)
  }.to raise_error(SecurityError, /Auth plugin path outside of auth plugin directory/)
end

it "raises error when JSON payload exceeds size limit" do
  expect {
    helper.send(:safe_json_parse, large_json)
  }.to raise_error(ArgumentError, "JSON payload too large for parsing")
end

All changes follow existing code patterns and maintain consistency with the project's testing approach.

Fixes #28.

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.

Copilot AI and others added 2 commits June 12, 2025 17:39
@Copilot Copilot AI changed the title [WIP] task: test coverage for lib/hooks/core/plugin_loader.rb Add comprehensive test coverage for failure scenarios in plugin system Jun 12, 2025
@Copilot Copilot AI requested a review from GrantBirki June 12, 2025 17:49
Copilot finished work on behalf of GrantBirki June 12, 2025 17:49
@GrantBirki GrantBirki marked this pull request as ready for review June 12, 2025 21:03
@Copilot Copilot AI review requested due to automatic review settings June 12, 2025 21:03
@GrantBirki GrantBirki merged commit 652e398 into main Jun 12, 2025
21 checks passed
@GrantBirki GrantBirki deleted the copilot/fix-28 branch June 12, 2025 21:06
Copilot
Copilot AI reviewed Jun 12, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR bolsters test coverage for various failure paths in the plugin system and updates the plugin loader to handle syntax errors during file loading.

  • Added SyntaxError to rescue clauses in PluginLoader
  • Introduced extensive specs for auth, handler, lifecycle, and instrument plugin loading failures
  • Added tests for builder configuration plugin failures and JSON size limit enforcement

Reviewed Changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
spec/unit/lib/hooks/plugins/lifecycle_spec.rb Added require_relative for spec_helper
spec/unit/lib/hooks/core/plugin_loader_spec.rb New failure‐scenario specs for all plugin types
spec/unit/lib/hooks/core/builder_spec.rb Test for plugin‐loading failure raising ConfigurationError
spec/unit/lib/hooks/app/helpers_spec.rb Test for safe_json_parse JSON payload size limit
lib/hooks/core/plugin_loader.rb Rescue SyntaxError alongside StandardError in loader methods
Comments suppressed due to low confidence (1)

spec/unit/lib/hooks/plugins/lifecycle_spec.rb:3

  • The relative path to spec_helper.rb appears to be off by one level and may load spec/unit/spec_helper.rb instead of the top‐level spec/spec_helper.rb. Consider using require_relative "../../../../spec_helper" or require 'spec_helper' if your load path is configured.
require_relative "../../../spec_helper"

lib/hooks/core/plugin_loader.rb
Comment on lines 124 to 127
begin
load_custom_auth_plugin(file_path, auth_plugin_dir)
rescue => e
rescue StandardError, SyntaxError => e
raise StandardError, "Failed to load auth plugin from #{file_path}: #{e.message}"
Copy link
Preview

Copilot AI Jun 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[nitpick] The same rescue/raise pattern is duplicated across multiple plugin-loading methods. Consider extracting this into a helper (e.g. handle_load_error(file_path, &block)) to reduce duplication and make future changes easier.

Copilot uses AI. Check for mistakes.

spec/unit/lib/hooks/app/helpers_spec.rb
describe "#safe_json_parse" do
it "raises ArgumentError when JSON payload exceeds size limit" do
# Test the actual size limit by temporarily setting a small limit
stub_const("ENV", ENV.to_h.merge("JSON_MAX_SIZE" => "10"))
Copy link
Preview

Copilot AI Jun 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[nitpick] Stubbing the entire ENV constant can have unintended side effects. Consider using allow(ENV).to receive(:[]).with("JSON_MAX_SIZE").and_return("10") or a dedicated environment‐variable helper (e.g. the climate_control gem) to isolate this change.

Suggested change
stub_const("ENV", ENV.to_h.merge("JSON_MAX_SIZE" => "10"))
allow(ENV).to receive(:[]).with("JSON_MAX_SIZE").and_return("10")

Copilot uses AI. Check for mistakes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@GrantBirki GrantBirki Awaiting requested review from GrantBirki GrantBirki is a code owner

Assignees

@GrantBirki GrantBirki

Copilot code review Copilot

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

task: test coverage for lib/hooks/core/plugin_loader.rb
2 participants
@Copilot @GrantBirki