dohertj2/scadaproj
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Mark all baseline code-review findings resolved

Browse Source 
All 35 findings fixed in 544a6dd and marked Status: Resolved with resolution
notes. README regenerated: 0 pending / 35 total across 6 libraries.
This commit is contained in:
Joseph Doherty
2026-06-01 11:22:37 -04:00
parent 544a6ddb77
commit ae0ccc9a3a
7 changed files with 112 additions and 131 deletions
Download Patch File Download Diff File Expand all files Collapse all files
code-reviews/Audit/findings.md
+11 -11
View File
@@ -10,7 +10,7 @@
| Last reviewed | 2026-06-01 |
| Reviewer | Claude (automated baseline) |
| Commit reviewed | `5f75cd4` |
| Open findings | 5 |
| Open findings | 0 |
## Summary
@@ -54,7 +54,7 @@ family-wide baseline pattern), and a couple of missing edge-case tests (Audit-00
|--|--|
| Severity | Medium |
| Category | Error handling & resilience |
| Status | Open |
| Status | Resolved |
| Location | `ZB.MOM.WW.Audit/src/ZB.MOM.WW.Audit/CompositeAuditWriter.cs:24` |
**Description**
@@ -92,7 +92,7 @@ surface. Option (a) is the lower-blast-radius choice and matches the seam's stat
**Resolution**
_Unresolved._
Resolved in `544a6dd`, 2026-06-01 — `CompositeAuditWriter.WriteAsync` now swallows `OperationCanceledException` like any other writer failure (single bare `catch`), so cancellation never surfaces to the caller; XML doc and the cancellation test updated to assert non-propagation.
### Audit-002 — `TruncatingAuditRedactor` over-redaction is partial: the catch path scrubs only `DetailsJson`, leaving `Target` unredacted
@@ -100,7 +100,7 @@ _Unresolved._
|--|--|
| Severity | Low |
| Category | Error handling & resilience |
| Status | Open |
| Status | Resolved |
| Location | `ZB.MOM.WW.Audit/src/ZB.MOM.WW.Audit/TruncatingAuditRedactor.cs:27-31`, `:34-40` |
**Description**
@@ -128,7 +128,7 @@ unexpected failures rather than a predictable negative-length misconfiguration.
**Resolution**
_Unresolved._
Resolved in `544a6dd`, 2026-06-01 — the over-redact catch now returns `rawEvent with { DetailsJson = null, Target = null }` (strictly safer), and `Truncate` clamps a negative `max` to 0 so a negative-length misconfiguration fails safe instead of throwing; new tests pin both behaviours.
### Audit-003 — `TruncatingAuditRedactorOptions` is a mutable class, not the immutable "options record" the contract describes
@@ -136,7 +136,7 @@ _Unresolved._
|--|--|
| Severity | Low |
| Category | Public API surface & compatibility |
| Status | Open |
| Status | Resolved |
| Location | `ZB.MOM.WW.Audit/src/ZB.MOM.WW.Audit/TruncatingAuditRedactorOptions.cs:4-12` |
**Description**
@@ -160,7 +160,7 @@ readonly fields at construction so post-construction mutation cannot affect it.
**Resolution**
_Unresolved._
Resolved in `544a6dd`, 2026-06-01 — `TruncatingAuditRedactorOptions` is now a `sealed record` with `init`-only properties, matching the contract's "options record" and removing the post-construction mutation footgun on the singleton redactor.
### Audit-004 — XML documentation is authored but not emitted, so IntelliSense docs do not ship to consumers
@@ -168,7 +168,7 @@ _Unresolved._
|--|--|
| Severity | Low |
| Category | Documentation & XML docs |
| Status | Open |
| Status | Resolved |
| Location | `ZB.MOM.WW.Audit/src/ZB.MOM.WW.Audit/ZB.MOM.WW.Audit.csproj:1-18`, `ZB.MOM.WW.Audit/Directory.Build.props:1-10` |
**Description**
@@ -189,7 +189,7 @@ documented, no CS1591 "missing XML comment" warnings should appear.
**Resolution**
_Unresolved._
Resolved in `544a6dd`, 2026-06-01 — set `<GenerateDocumentationFile>true</GenerateDocumentationFile>` in the packable `ZB.MOM.WW.Audit.csproj`; `ZB.MOM.WW.Audit.xml` now builds with zero CS1591 warnings and packs into the nupkg under `lib/net10.0/`.
### Audit-005 — Missing edge-case tests for the redactor never-throw/over-redact contract and composite null/empty handling
@@ -197,7 +197,7 @@ _Unresolved._
|--|--|
| Severity | Low |
| Category | Testing coverage |
| Status | Open |
| Status | Resolved |
| Location | `ZB.MOM.WW.Audit/tests/ZB.MOM.WW.Audit.Tests/TruncatingAuditRedactorTests.cs`, `.../CompositeAuditWriterTests.cs` |
**Description**
@@ -224,4 +224,4 @@ guarded — pair with the chosen fix for the null case).
**Resolution**
_Unresolved._
Resolved in `544a6dd`, 2026-06-01 — added four tests: redactor over-redact catch branch scrubs both fields, negative-max clamp, and `CompositeAuditWriter` empty-list no-op + null-writer-entry swallow (19 → 23 tests).