ScadaBridge

dohertj2/ScadaBridge

Fork 0

Commit Graph

Author	SHA1	Message	Date
Joseph Doherty	e7b6fe33a4	test(configdb): guard test for AuditLog append-only invariant (M2.10, #18 ) Adds AuditLogAppendOnlyGuardTests.cs to tests/ZB.MOM.WW.ScadaBridge.ConfigurationDatabase.Tests/ — a code-level backstop for the DB-role DENY UPDATE / DENY DELETE control established in migration 20260602174346_CollapseAuditLogToCanonical. The guard scans every non-Designer, non-Snapshot .cs file in the ConfigurationDatabase source tree and fails the test run if any line matches the DML-syntax pattern: UPDATE\s+(?:dbo\.)?AuditLog\b DELETE\s+(?:FROM\s+)?(?:dbo\.)?AuditLog\b The tight DML-syntax pattern naturally excludes false positives without extra exclusion checks: DENY UPDATE ON dbo.AuditLog is not matched (UPDATE is followed by ON, not the table name); ALTER TABLE … SWITCH and TRUNCATE contain no UPDATE/ DELETE keyword; comments with UPDATE/AuditLog in separate clauses are not matched. Self-verifying unit tests (ContainsAuditLogMutation_) prove the helper: - returns false on clean-source lines (INSERT, SELECT, DENY DDL, ALTER SWITCH, TRUNCATE, DELETE FROM Notifications); - returns TRUE on planted violations (UPDATE AuditLog SET …, DELETE FROM dbo.AuditLog WHERE …, lower-case variants); - returns false on the exact DENY/GRANT/partition-switch strings from the production migration files. All 256 ConfigurationDatabase.Tests pass; solution builds 0 W / 0 E.	2026-06-16 05:49:51 -04:00

Author

SHA1

Message

Date

Joseph Doherty

e7b6fe33a4

test(configdb): guard test for AuditLog append-only invariant (M2.10, #18 )

Adds AuditLogAppendOnlyGuardTests.cs to
tests/ZB.MOM.WW.ScadaBridge.ConfigurationDatabase.Tests/ — a code-level backstop
for the DB-role DENY UPDATE / DENY DELETE control established in migration
20260602174346_CollapseAuditLogToCanonical.

The guard scans every non-Designer, non-Snapshot *.cs file in the
ConfigurationDatabase source tree and fails the test run if any line matches the
DML-syntax pattern:

    UPDATE\s+(?:dbo\.)?AuditLog\b
    DELETE\s+(?:FROM\s+)?(?:dbo\.)?AuditLog\b

The tight DML-syntax pattern naturally excludes false positives without extra
exclusion checks: DENY UPDATE ON dbo.AuditLog is not matched (UPDATE is followed
by ON, not the table name); ALTER TABLE … SWITCH and TRUNCATE contain no UPDATE/
DELETE keyword; comments with UPDATE/AuditLog in separate clauses are not matched.

Self-verifying unit tests (ContainsAuditLogMutation_*) prove the helper:
- returns false on clean-source lines (INSERT, SELECT, DENY DDL, ALTER SWITCH,
  TRUNCATE, DELETE FROM Notifications);
- returns TRUE on planted violations (UPDATE AuditLog SET …, DELETE FROM
  dbo.AuditLog WHERE …, lower-case variants);
- returns false on the exact DENY/GRANT/partition-switch strings from the
  production migration files.

All 256 ConfigurationDatabase.Tests pass; solution builds 0 W / 0 E.

2026-06-16 05:49:51 -04:00

1 Commits