fix(site-event-logging): resolve SiteEventLogging-012..014 — fault dropped-event tasks, escape LIKE wildcards, re-triage startup-purge finding (Won't Fix)

2026-05-17 03:18:41 -04:00
parent a58cec5776
commit 6d63fef934
6 changed files with 226 additions and 23 deletions
--- a/tests/ScadaLink.SiteEventLogging.Tests/EventLogCoverageTests.cs
+++ b/tests/ScadaLink.SiteEventLogging.Tests/EventLogCoverageTests.cs
@@ -64,15 +64,19 @@ public class EventLogCoverageTests : IDisposable
    }

    [Fact]
-    public async Task LogEventAsync_AfterDispose_CompletesWithoutThrowing()
+    public async Task LogEventAsync_AfterDispose_FaultsTask_NotReportsSuccess()
    {
-        // Logging after disposal must not throw or hang — the event is simply
-        // dropped because the background writer has been completed.
+        // SiteEventLogging-012: when the logger has been disposed the event cannot
+        // be persisted. The returned Task must FAULT (not complete successfully) so
+        // an awaiting caller can distinguish a dropped audit event from a written
+        // one. Per the XML doc contract, the Task "faults if the write fails".
        var logger = NewLogger();
        logger.Dispose();

-        await logger.LogEventAsync("script", "Info", null, "Source", "After dispose")
-            .WaitAsync(TimeSpan.FromSeconds(5));
+        var task = logger.LogEventAsync("script", "Info", null, "Source", "After dispose");
+
+        await Assert.ThrowsAsync<ObjectDisposedException>(
+            () => task.WaitAsync(TimeSpan.FromSeconds(5)));
    }

    [Fact]
@@ -83,4 +87,48 @@ public class EventLogCoverageTests : IDisposable
        logger.Dispose();
        logger.Dispose();
    }
+
+    [Fact]
+    public async Task LogEventAsync_EnqueuedThenDisposed_FaultsTask_WhenWriteCannotComplete()
+    {
+        // SiteEventLogging-012, second path: an event enqueued onto the background
+        // writer just before disposal must NOT be reported as persisted if the
+        // writer's WithConnection returns false (logger disposed mid-drain). We
+        // flood the queue and dispose immediately; any event whose write did not
+        // actually run must have a faulted Task, never a successful one.
+        var logger = NewLogger();
+
+        var tasks = new List<Task>();
+        for (int i = 0; i < 200; i++)
+        {
+            tasks.Add(logger.LogEventAsync("script", "Info", null, "Source", $"event-{i}"));
+        }
+
+        logger.Dispose();
+
+        // Every task must reach a terminal state. None may be left as a successful
+        // completion for an event the writer never persisted: a task is either
+        // RanToCompletion (genuinely written before the connection closed) or
+        // Faulted (could not be persisted). Count persisted vs faulted and assert
+        // the persisted count matches the actual row count.
+        await Task.WhenAll(tasks.Select(t => t.ContinueWith(_ => { })));
+
+        var succeeded = tasks.Count(t => t.Status == TaskStatus.RanToCompletion);
+        var faulted = tasks.Count(t => t.IsFaulted);
+        Assert.Equal(tasks.Count, succeeded + faulted);
+
+        long rowCount;
+        using (var conn = new Microsoft.Data.Sqlite.SqliteConnection($"Data Source={_dbPath}"))
+        {
+            conn.Open();
+            using var cmd = conn.CreateCommand();
+            cmd.CommandText = "SELECT COUNT(*) FROM site_events";
+            rowCount = (long)cmd.ExecuteScalar()!;
+        }
+
+        // A successfully-completed Task must correspond to a row that was actually
+        // written. If the disposed-mid-drain path falsely reported success, the
+        // success count would exceed the row count.
+        Assert.Equal(rowCount, succeeded);
+    }
 }