test: improve branch coverage for CRE API and controllers

copi.owasp.org/test/copi_web/controllers/health_controller_test.exs

@@ -0,0 +1,8 @@
+defmodule CopiWeb.HealthControllerTest do
+  use CopiWeb.ConnCase
+
+  test "GET /health", %{conn: conn} do
+    conn = get(conn, "/health")
+    assert response(conn, 200)
+  end
+end

cornucopia.owasp.org/src/domain/cre/creController.test.ts

@@ -235,6 +235,41 @@ describe('CreController tests', () => {
             expect(result.links).toHaveLength(0);
         });
 
+        it('should handle missing CRE mapping data', () => {
+            mockMappingController.getCardMappings = vi.fn().mockReturnValue({});
+
+            const mockCard: Card = {
+                id: 'card-missing-cre',
+                edition: 'webapp',
+                suitNameLocal: 'Test',
+                desc: 'Test',
+                url: '/test',
+                suit: 'TS',
+                value: '4',
+                lang: 'en'
+            } as unknown as Card;
+
+            const result = creController.generateDoc(mockCard);
+            expect(result.links).toHaveLength(0);
+        });
+
+        it('should throw when card mapping is undefined', () => {
+            mockMappingController.getCardMappings = vi.fn().mockReturnValue(undefined);
+
+            const mockCard: Card = {
+                id: 'card-without-mapping',
+                edition: 'webapp',
+                suitNameLocal: 'Test',
+                desc: 'Test',
+                url: '/test',
+                suit: 'TS',
+                value: '5',
+                lang: 'en'
+            } as unknown as Card;
+
+            expect(() => creController.generateDoc(mockCard)).toThrow();
+        });
+
         it('should handle single CRE mapping', () => {
             mockMappingController.getCardMappings = vi.fn().mockReturnValue({
                 owasp_cre: {
@@ -342,4 +377,4 @@ describe('CreController tests', () => {
             expect(result.standards).toHaveLength(2);
         });
     });
-});
+});

cornucopia.owasp.org/src/domain/mapping/mappingController.test.ts

@@ -70,6 +70,24 @@ describe('MappingController tests', () => {
         expect(Object.keys(webAppMapping2).length).toBe(0);
     });
 
+    it("should return empty mapping when card id does not match existing cards.", async () => {
+        const mappingData = {
+            suits: [
+                {
+                    cards: [
+                        {
+                            id: "different-card"
+                        }
+                    ]
+                }
+            ]
+        };
+        const controller = new MappingController(mappingData);
+        const mapping = controller.getCardMappings("missing-card");
+        expect(mapping).toBeDefined();
+        expect(Object.keys(mapping).length).toBe(0);
+    });
+
     it("should return meta information.", async () => {
         const mappingData = {
             meta: { version: "1.0", date: "2024-01-01" },
@@ -81,4 +99,4 @@ describe('MappingController tests', () => {
         expect(meta.version).toBe("1.0");
         expect(meta.date).toBe("2024-01-01");
     });
-});
+});

cornucopia.owasp.org/src/routes/api/cre/[edition]/[lang]/server.test.ts

@@ -0,0 +1,120 @@
+import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
+import { GET } from './+server';
+import { DeckService } from '$lib/services/deckService';
+import { MappingService } from '$lib/services/mappingService';
+
+describe('GET /api/cre/[edition]/[lang]', () => {
+    beforeEach(() => {
+        vi.restoreAllMocks();
+    });
+
+    afterEach(() => {
+        vi.restoreAllMocks();
+    });
+
+    it('throws 404 when language is invalid', () => {
+        try {
+            GET({ url: new URL('http://localhost/api/cre/webapp/invalid') } as any);
+
+            expect.fail('Expected GET to throw 404 HttpError');
+        } catch (err: any) {
+            expect(err?.status || err?.body?.status).toBe(404);
+        }
+    });
+
+    it('throws 404 when edition is invalid', () => {
+        try {
+            GET({ url: new URL('http://localhost/api/cre/unknown/en') } as any);
+
+            expect.fail('Expected GET to throw 404 HttpError');
+        } catch (err: any) {
+            expect(err?.status || err?.body?.status).toBe(404);
+        }
+    });
+
+    it('throws 500 when cards are not found', () => {
+        vi.spyOn(DeckService, 'getLatestVersion').mockReturnValue('3.0');
+        vi.spyOn(DeckService.prototype, 'getCardDataForEditionVersionLang')
+            .mockReturnValue(null as any);
+
+        try {
+            GET({ url: new URL('http://localhost/api/cre/webapp/en') } as any);
+
+            expect.fail('Expected GET to throw 500 HttpError');
+        } catch (err: any) {
+            expect(err?.status || err?.body?.status).toBe(500);
+        }
+    });
+
+    it('throws 500 when mappings are not found', () => {
+        vi.spyOn(DeckService, 'getLatestVersion').mockReturnValue('3.0');
+
+        // Ensure cards exist so it reaches mapping check
+        vi.spyOn(DeckService.prototype, 'getCardDataForEditionVersionLang')
+            .mockReturnValue(new Map([
+                ['VE2', { id: 'VE2' }]
+            ]) as any);
+
+        vi.spyOn(MappingService.prototype, 'getCardMappingForLatestEdtions')
+            .mockReturnValue(null as any);
+
+        try {
+            GET({ url: new URL('http://localhost/api/cre/webapp/en') } as any);
+
+            expect.fail('Expected GET to throw 500 HttpError');
+        } catch (err: any) {
+            expect(err?.status || err?.body?.status).toBe(500);
+        }
+    });
+
+    it('handles missing mapping for specific edition', () => {
+        vi.spyOn(DeckService, 'getLatestVersion').mockReturnValue('3.0');
+
+        vi.spyOn(DeckService.prototype, 'getCardDataForEditionVersionLang')
+            .mockReturnValue(new Map([
+                ['VE2', { id: 'VE2' }]
+            ]) as any);
+
+        // mapping exists but edition missing
+        vi.spyOn(MappingService.prototype, 'getCardMappingForLatestEdtions')
+            .mockReturnValue(new Map([['other', {}]]) as any);
+
+        const response = GET({ url: new URL('http://localhost/api/cre/webapp/en') } as any);
+
+        expect(response).toBeDefined();
+    });
+
+    it('returns valid CRE mapping response', () => {
+  vi.spyOn(DeckService, 'getLatestVersion').mockReturnValue('3.0');
+
+  vi.spyOn(DeckService.prototype, 'getCardDataForEditionVersionLang')
+    .mockReturnValue(new Map([
+      ['VE2', {
+        id: 'VE2',
+        edition: 'webapp',
+        url: '/cards/VE2',
+        suitNameLocal: 'Validation',
+        desc: 'Validate input'
+      }]
+    ]) as any);
+
+  vi.spyOn(MappingService.prototype, 'getCardMappingForLatestEdtions')
+    .mockReturnValue(new Map([
+      ['webapp', {
+        meta: { version: '3.0' },
+        suits: [{
+          cards: [{
+            id: 'VE2',
+            owasp_cre: { owasp_asvs: ['123-456'] }
+          }]
+        }]
+      }]
+    ]) as any);
+
+  const response = GET({ url: new URL('http://localhost/api/cre/webapp/en') } as any);
+
+  expect(response).toBeDefined();
+});
+
+
+});