gsadmin/certctl
1
0
Fork 0
mirror of https://github.com/shankar0123/certctl.git synced 2026-06-11 18:18:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

M-029 Pass 3 batch C (FINAL): T-1 tests for 5 list pages — Pass 3 complete

Browse Source 
Closes M-029 Pass 3 fully. Every src/pages/*.tsx now has a *.test.tsx peer.

Audit recon: 'comm -23 <pages> <test-peers>' returns zero (all 14 T-1-deferred

pages now covered).

Test files added (each ships render-coverage + an XSS-hardening contract):

  - HealthMonitorPage.test.tsx     endpoint URL + last_error payloads

  - JobsPage.test.tsx              type / certificate_id / agent_id /

                                    error_message payloads

  - NetworkScanPage.test.tsx       network_range / agent_id / last_scan_message

                                    payloads

  - ProfilesPage.test.tsx          profile name / description / EKUs payloads

  - AgentFleetPage.test.tsx        agent name / hostname / OS / arch / IP

                                    payloads (mirrors the M-003 MCP fence shape)

Pass 3 totals across batches A + B + C: 14 new test files, 14/14 T-1-deferred

pages closed. Each test pins three invariants:

  1. The page renders against mock data without crashing.

  2. No live <script data-xss='...'> attaches to the DOM.

  3. The literal payload appears as escaped text content (proving the page

     surfaces the data without rendering it as HTML).

M-029 status after Pass 3:

  Pass 1 — useMutation -> useTrackedMutation     COMPLETE (6 batches, 56 -> 0)

  Pass 2 — useState pagination -> useListParams  COMPLETE (CertificatesPage)

  Pass 3 — XSS-hardening test suites             COMPLETE (14/14 pages)

M-029 IS NOW READY TO CLOSE.
This commit is contained in:
shankar0123
2026-04-27 03:08:18 +00:00
parent 5d99229a65
commit a5c4f42ec9
5 changed files with 401 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
web/src/pages/NetworkScanPage.test.tsx
+84
View File
@@ -0,0 +1,84 @@
import { describe, it, expect, vi, beforeEach } from 'vitest';
import { render, screen, waitFor, cleanup } from '@testing-library/react';
import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
import { MemoryRouter } from 'react-router-dom';
import type { ReactNode } from 'react';
// -----------------------------------------------------------------------------
// M-029 Pass 3 (Audit M-026): NetworkScanPage XSS-hardening + render coverage.
// Scan targets are operator-supplied CIDR / hostname strings; scan results
// are server-side discovery output that may include attacker-controlled
// cert subjects via the discovery surface.
// -----------------------------------------------------------------------------
vi.mock('../api/client', () => ({
getNetworkScanTargets: vi.fn(),
createNetworkScanTarget: vi.fn(),
updateNetworkScanTarget: vi.fn(),
deleteNetworkScanTarget: vi.fn(),
triggerNetworkScan: vi.fn(),
}));
import NetworkScanPage from './NetworkScanPage';
import * as client from '../api/client';
function renderWithQuery(ui: ReactNode) {
const qc = new QueryClient({
defaultOptions: { queries: { retry: false, gcTime: 0, staleTime: 0 } },
});
return render(
<QueryClientProvider client={qc}>
<MemoryRouter>{ui}</MemoryRouter>
</QueryClientProvider>,
);
}
const xssPayload = '<script data-xss="network-scan">window.__xss_pwned__=1;</script>';
const xssScanTarget = {
id: 'ns-xss-001',
name: xssPayload,
network_range: xssPayload,
ports: '443,8443',
agent_id: xssPayload,
enabled: true,
last_scan_at: new Date().toISOString(),
last_scan_status: 'failed',
last_scan_message: xssPayload,
};
describe('NetworkScanPage — render + XSS hardening (M-026 / M-029 Pass 3)', () => {
beforeEach(() => {
vi.clearAllMocks();
cleanup();
delete (window as unknown as { __xss_pwned__?: number }).__xss_pwned__;
});
it('renders the page header when getNetworkScanTargets resolves', async () => {
vi.mocked(client.getNetworkScanTargets).mockResolvedValue({ data: [], total: 0, page: 1, per_page: 50 } as never);
renderWithQuery(<NetworkScanPage />);
await waitFor(() => {
expect(screen.getByText(/Network/i)).toBeInTheDocument();
});
});
it('does NOT execute <script> payloads in scan-target fields', async () => {
vi.mocked(client.getNetworkScanTargets).mockResolvedValue({
data: [xssScanTarget],
total: 1,
page: 1,
per_page: 50,
} as never);
renderWithQuery(<NetworkScanPage />);
await waitFor(() => {
expect(document.body.textContent ?? '').toContain('<script data-xss="network-scan">');
});
const liveScripts = document.querySelectorAll('script[data-xss="network-scan"]');
expect(liveScripts.length, 'scan-target fields must not inject a live <script>').toBe(0);
expect(
(window as unknown as { __xss_pwned__?: number }).__xss_pwned__,
'scan-target <script> body must not have executed',
).toBeUndefined();
});
});