dohertj2/ScadaBridge
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
77cb0ad0e2f4f8daba8a80a50bfadd0fbffa3d83
ScadaBridge/tests/ScadaLink.SiteEventLogging.Tests/SiteEventLoggerTests.cs
T
Joseph Doherty 819f1b4665 fix(validation): close Theme 3 — 11 input-validation / unbounded-input findings 
Each finding is a focused validation guard or upper bound at a trust boundary.
Highlights:
- Commons-015: EncryptionMetadata ctor now validates Algorithm (AES-256-GCM
  only), Kdf (PBKDF2-SHA256 only), Iterations ([100k, 10M]), non-null Salt/IV.
- Transport-004: new BundleUnlockRateLimiter (sliding-window, per-key,
  singleton) wired into BundleImporter.LoadAsync; over-budget callers see
  BundleUnlockRateLimitedException. Per-bundle 3-strike + per-window cap.
- ESG-022: ExternalSystemClient.InvokeHttpAsync allow-lists the documented
  GET/POST/PUT/PATCH/DELETE set (case-insensitive); unknown verbs throw.
- SEL-015: SiteEventLogger queue now bounded (10k cap, DropOldest); dropped
  events fault their Task and increment FailedWriteCount so the drop is
  observable instead of an unbounded memory growth.
- SEL-017: EventLogQueryService clamps caller-supplied PageSize to a new
  MaxQueryPageSize cap (default 500) so int.MaxValue can't OOM the host.
- SEL-020: LogEventAsync rejects severities outside {Info, Warning, Error}
  (matches SQLite BINARY-collation query filter).
- InboundAPI-020: ContentType "json" check now case-insensitive
  (application/JSON no longer slips through as not-json).
- InboundAPI-024: _knownBadMethods capped at 1000 entries (drops new entries
  once full); per-request DB lookup remains the correctness path.
- SR-025: HandleSetStaticAttribute validates the attribute name against the
  deployed config; unknown names now return Success=false instead of
  leaking orphan override rows into the SQLite store.
- TE-021: MoveTemplateAsync runs the sibling-name-collision check at the
  destination, mirroring TemplateFolderService.MoveFolderAsync.
- TE-022: LockEnforcer's once-locked-stays-locked rule now also covers
  LockedInDerived (was previously only IsLocked).

New regression tests across 8 test projects (EncryptionMetadata, rate
limiter, ESG client allow-list, SEL bounded channel / PageSize clamp /
severity validation, InboundAPI ContentType + bad-methods cap, SiteRT
unknown-attribute, TemplateEngine MoveTemplate + LockedInDerived).
Build clean; affected suites all green. README regenerated: 93 open (was 104).

Note: a separate manual re-run was needed for the SiteEventLogging hunk
because its initial subagent's source edits never landed on disk despite
reporting success (file-collision-style failure mode).
2026-05-28 06:58:25 -04:00

174 lines
6.3 KiB
C#
Raw Blame History

using Microsoft.Data.Sqlite;
using Microsoft.Extensions.Logging.Abstractions;
using Microsoft.Extensions.Options;
namespace ScadaLink.SiteEventLogging.Tests;
public class SiteEventLoggerTests : IDisposable
{
private readonly SiteEventLogger _logger;
private readonly SqliteConnection _verifyConnection;
private readonly string _dbPath;
public SiteEventLoggerTests()
{
_dbPath = Path.Combine(Path.GetTempPath(), $"test_events_{Guid.NewGuid()}.db");
var options = Options.Create(new SiteEventLogOptions { DatabasePath = _dbPath });
_logger = new SiteEventLogger(options, NullLogger<SiteEventLogger>.Instance);
// Separate connection for verification queries
_verifyConnection = new SqliteConnection($"Data Source={_dbPath}");
_verifyConnection.Open();
}
public void Dispose()
{
_verifyConnection.Dispose();
_logger.Dispose();
if (File.Exists(_dbPath)) File.Delete(_dbPath);
}
[Fact]
public async Task LogEventAsync_InsertsRecord()
{
await _logger.LogEventAsync("script", "Error", "inst-1", "ScriptActor:Monitor", "Script failed", "{\"stack\":\"...\"}");
using var cmd = _verifyConnection.CreateCommand();
cmd.CommandText = "SELECT COUNT(*) FROM site_events";
var count = (long)cmd.ExecuteScalar()!;
Assert.Equal(1, count);
}
[Fact]
public async Task LogEventAsync_StoresAllFields()
{
await _logger.LogEventAsync("alarm", "Warning", "inst-2", "AlarmActor:TempHigh", "Alarm triggered", "{\"value\":95}");
using var cmd = _verifyConnection.CreateCommand();
cmd.CommandText = "SELECT event_type, severity, instance_id, source, message, details FROM site_events LIMIT 1";
using var reader = cmd.ExecuteReader();
Assert.True(reader.Read());
Assert.Equal("alarm", reader.GetString(0));
Assert.Equal("Warning", reader.GetString(1));
Assert.Equal("inst-2", reader.GetString(2));
Assert.Equal("AlarmActor:TempHigh", reader.GetString(3));
Assert.Equal("Alarm triggered", reader.GetString(4));
Assert.Equal("{\"value\":95}", reader.GetString(5));
}
[Fact]
public async Task LogEventAsync_NullableFieldsAllowed()
{
await _logger.LogEventAsync("deployment", "Info", null, "DeploymentManager", "Deployed instance");
using var cmd = _verifyConnection.CreateCommand();
cmd.CommandText = "SELECT instance_id, details FROM site_events LIMIT 1";
using var reader = cmd.ExecuteReader();
Assert.True(reader.Read());
Assert.True(reader.IsDBNull(0));
Assert.True(reader.IsDBNull(1));
}
[Fact]
public async Task LogEventAsync_StoresIso8601UtcTimestamp()
{
await _logger.LogEventAsync("connection", "Info", null, "DCL", "Connected");
using var cmd = _verifyConnection.CreateCommand();
cmd.CommandText = "SELECT timestamp FROM site_events LIMIT 1";
var ts = (string)cmd.ExecuteScalar()!;
var parsed = DateTimeOffset.Parse(ts);
Assert.Equal(TimeSpan.Zero, parsed.Offset);
}
[Fact]
public async Task LogEventAsync_ThrowsOnEmptyEventType()
{
await Assert.ThrowsAsync<ArgumentException>(() =>
_logger.LogEventAsync("", "Info", null, "Source", "Message"));
}
[Fact]
public async Task LogEventAsync_ThrowsOnEmptySeverity()
{
await Assert.ThrowsAsync<ArgumentException>(() =>
_logger.LogEventAsync("script", "", null, "Source", "Message"));
}
[Fact]
public async Task LogEventAsync_ThrowsOnEmptySource()
{
await Assert.ThrowsAsync<ArgumentException>(() =>
_logger.LogEventAsync("script", "Info", null, "", "Message"));
}
[Fact]
public async Task LogEventAsync_ThrowsOnEmptyMessage()
{
await Assert.ThrowsAsync<ArgumentException>(() =>
_logger.LogEventAsync("script", "Info", null, "Source", ""));
}
[Fact]
public async Task LogEventAsync_MultipleEvents_AutoIncrementIds()
{
await _logger.LogEventAsync("script", "Info", null, "S1", "First");
await _logger.LogEventAsync("script", "Info", null, "S2", "Second");
await _logger.LogEventAsync("script", "Info", null, "S3", "Third");
using var cmd = _verifyConnection.CreateCommand();
cmd.CommandText = "SELECT id FROM site_events ORDER BY id";
using var reader = cmd.ExecuteReader();
var ids = new List<long>();
while (reader.Read()) ids.Add(reader.GetInt64(0));
Assert.Equal(3, ids.Count);
Assert.True(ids[0] < ids[1] && ids[1] < ids[2]);
}
[Fact]
public async Task AllEventTypes_Accepted()
{
var types = new[] { "script", "alarm", "deployment", "connection", "store_and_forward", "instance_lifecycle" };
foreach (var t in types)
{
await _logger.LogEventAsync(t, "Info", null, "Test", $"Event type: {t}");
}
using var cmd = _verifyConnection.CreateCommand();
cmd.CommandText = "SELECT COUNT(DISTINCT event_type) FROM site_events";
var count = (long)cmd.ExecuteScalar()!;
Assert.Equal(6, count);
}
// --- SiteEventLogging-020: severity validation against the closed set ---
[Theory]
[InlineData("info")] // wrong casing
[InlineData("warn")] // abbreviation
[InlineData("ERROR")] // wrong casing
[InlineData("Debug")] // not in set
[InlineData("Critical")] // not in set
public async Task LogEventAsync_ThrowsOnUnknownSeverity(string badSeverity)
{
var ex = await Assert.ThrowsAsync<ArgumentException>(
() => _logger.LogEventAsync("script", badSeverity, null, "Source", "Message"));
Assert.Contains(badSeverity, ex.Message);
Assert.Contains("Info, Warning, Error", ex.Message);
}
[Theory]
[InlineData("Info")]
[InlineData("Warning")]
[InlineData("Error")]
public async Task LogEventAsync_AcceptsAllDocumentedSeverities(string severity)
{
await _logger.LogEventAsync("script", severity, null, "Source", "Message");
using var cmd = _verifyConnection.CreateCommand();
cmd.CommandText = "SELECT severity FROM site_events";
var stored = (string)cmd.ExecuteScalar()!;
Assert.Equal(severity, stored);
}
}
Reference in New Issue View Git Blame Copy Permalink