Skip to content

test: improve branch coverage for CRE API and controllers#2829

Merged
sydseter merged 1 commit intoOWASP:masterfrom
theanand108:fix/cre-api-coverage
Apr 18, 2026
Merged

test: improve branch coverage for CRE API and controllers#2829
sydseter merged 1 commit intoOWASP:masterfrom
theanand108:fix/cre-api-coverage

Conversation

@theanand108
Copy link
Copy Markdown
Contributor

@theanand108 theanand108 commented Apr 16, 2026

Description

Adds targeted tests to improve branch coverage for CRE API, MappingController, and CRE Controller.

Changes
• Added CRE API tests:
• Invalid language and edition (404)
• Missing cards and mappings (500)
• Partial/missing mapping scenarios
• Successful response case
• Added MappingController test:
• Handles missing card mapping scenario
• Added CRE Controller tests:
• Handles missing mapping data
• Throws when mapping is undefined
• Added minimal health endpoint test for COPI

Coverage
• Improved overall branch coverage to ~93%
• Focused on covering meaningful and reachable execution paths

Coverage Note
The remaining uncovered branches are associated with:
• Environment-dependent logic (import.meta.url in fileSystemHelper.ts)
• Defensive or non-reachable branches in CRE controller and API flow

These branches cannot be reliably triggered via unit tests without modifying production code. All practically reachable execution paths have been covered.

Builds on previous test coverage improvements introduced in #2807.

AI Tool Disclosure

•	My contribution includes AI-generated content, as disclosed below:
•	AI Tools: ChatGPT
•	LLMs: GPT-5 class **model**
•	Prompts: Used for debugging, identifying uncovered branches, and structuring targeted tests

Affirmation

•	My code follows the CONTRIBUTING.md guidelines

@theanand108
Copy link
Copy Markdown
Contributor Author

theanand108 commented Apr 16, 2026

Hi! 👋

I noticed that both CI jobs are failing due to the global coverage threshold (95%).

I’ve added targeted tests for CRE API, MappingController, and CRE Controller, which improved coverage to ~93%. I also explored additional edge cases, but the remaining uncovered branches seem to be:
• environment-dependent logic (e.g. import.meta.url in FileSystemHelper)
• defensive/unreachable branches in CRE-related flows
• router-level paths on the COPI side

These don’t appear to be straightforward to cover via unit tests without either introducing artificial test setups or modifying production code.

Would you prefer:
1. Further attempts to increase coverage via tests (even if less meaningful), or
2. Adjusting the coverage threshold / excluding certain paths?

Happy to proceed in whichever direction you suggest 🙂

@sydseter sydseter merged commit 5567e28 into OWASP:master Apr 18, 2026
7 of 9 checks passed
@theanand108 theanand108 deleted the fix/cre-api-coverage branch April 18, 2026 10:11
@theanand108
Copy link
Copy Markdown
Contributor Author

theanand108 commented Apr 18, 2026

Thanks for reviewing and merging!
I appreciate it.

@sydseter
Copy link
Copy Markdown
Collaborator

sydseter commented Apr 18, 2026

@theanand108 The pleasure is mine. ;)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sydseter sydseter sydseter approved these changes

@cw-owasp cw-owasp Awaiting requested review from cw-owasp cw-owasp is a code owner

@rewtd rewtd Awaiting requested review from rewtd rewtd is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@theanand108 @sydseter