[Test Coverage] test: expand host-iptables branch coverage#1022
[Test Coverage] test: expand host-iptables branch coverage#1022github-actions[bot] wants to merge 1 commit intomainfrom
Conversation
Add 8 new tests targeting previously uncovered branches: - setupHostIptables: throws when bridge name cannot be determined - setupHostIptables: allows API proxy traffic when apiProxyIp provided - setupHostIptables: skips duplicate DOCKER-USER rule when already exists - setupHostIptables: creates DOCKER-USER chain on non-permission error - setupHostIptables: throws when DOCKER-USER chain creation fails - cleanupHostIptables: flushes chain even when bridge name is null - setupHostIptables: warns and skips IPv6 when ip6tables unavailable - cleanupHostIptables: skips IPv6 cleanup when ip6tables unavailable Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
This PR adds comprehensive test coverage for previously untested branches in the security-critical host-iptables.ts module, which manages iptables rules for network egress control. The changes improve branch coverage from approximately 55% to near 100% by adding 8 targeted tests that exercise error paths, conditional logic, and platform-specific behavior (IPv6 availability).
Changes:
- Added 8 new test cases targeting uncovered branches in
setupHostIptablesandcleanupHostIptablesfunctions - Introduced tests for edge cases including null bridge names, duplicate rule prevention, chain creation failures, and IPv6 unavailability scenarios
- Utilized
jest.isolateModulesAsyncto properly test module-level cache behavior for ip6tables availability
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Build Test: Node.js Results
Overall: ✅ PASS
|
.NET Build Test Results
Overall: PASS Run outputhello-world:
|
Build Test: Bun Results
Overall: ✅ PASS Bun version: 1.3.9
|
Deno Build Test Results
Overall: ✅ PASS Deno version: 2.7.1
|
🦀 Rust Build Test Results
Overall: ✅ PASS
|
C++ Build Test Results
Overall: PASS
|
Java Build Test Results
Overall: PASS ✅ All Maven projects compiled and all tests passed successfully.
|
Go Build Test Results ✅
Overall: PASS
|
Smoke Test Results — Copilot Engine ✅ PASS
Overall: PASS · PR author:
|
|
Smoke Test Results — FAIL
|
|
Smoke Test Results — PASS
|
Adds 8 new tests to
src/host-iptables.test.tstargeting previously uncovered branches insrc/host-iptables.ts, improving branch coverage from ~55% to near 100%.Coverage Before/After
host-iptables.tsNew Tests Added
setupHostIptables– uncovered branches:if (!bridgeName)throw pathapiProxyIpconfigured – coversif (apiProxyIp)port-range rule (OPENAI:10000–COPILOT:10002)if (!existingRules.includes(...))false branch (no duplicate insertion)cleanupHostIptables– uncovered branches:if (bridgeName)false branch (IPv4 flush still runs, DOCKER-USER lookup skipped)ip6tablesunavailability (usingjest.isolateModulesAsyncfor fresh module cache):setupHostIptableswith ip6tables unavailable – coversif (!ip6tablesAvailable)warn path; verifies no IPv6 chain is createdcleanupHostIptableswith ip6tables unavailable – coversif (ip6tablesAvailable)false path; verifies no IPv6 flush/delete commands runSecurity Relevance
host-iptables.tsis security-critical — it manages the iptables rules that enforce network egress control. The new tests verify:10000:10002)