Skip to content

Latest commit

 

History

History
282 lines (206 loc) · 10.7 KB

adr-test-coverage.md

File metadata and controls

282 lines (206 loc) · 10.7 KB

ADR Test Coverage Summary

Date: 2025-12-17 Status: Test Stubs Created, Implementation Pending

This document tracks test case implementation for Architecture Decision Records.

Overview

ADR Test Cases Specified Test Classes Created Implementation Status
ADR-001: Transaction Isolation ✅ Yes ✅ TransactionIsolationTest ⚠️ Stub Only
ADR-002: SQL Injection Prevention ✅ Yes ✅ SQLInjectionPreventionTest ⚠️ Stub Only
ADR-003: Slovak Text Search ✅ Yes ✅ SlovakLanguageSearchTest ⚠️ Stub Only
ADR-006: Multi-Tenant Integrity ✅ Yes ✅ MultiTenantIntegrityTest ⚠️ Stub Only

ADR-001: Transaction Isolation Strategy

Test File: com.cloudempiere.searchindex.test/src/.../integration/TransactionIsolationTest.java

Test Cases from ADR (Phase 2: Lines 215-229)

Test Method Type ADR Reference Status
testTransactionIsolation() Unit Lines 217 ⚠️ Stub
testRollbackScenario() Unit Lines 218 ⚠️ Stub
testErrorHandling_IndexFailureDoesntBlockPO() Unit Lines 219 ⚠️ Stub
testPOSaveSuccess_AndIndexUpdateSuccess() Integration Lines 221 ⚠️ Stub
testPOSaveSuccess_ButIndexUpdateFailure() Integration Lines 222 ⚠️ Stub
testPOSaveFailure_IndexUpdateNotTriggered() Integration Lines 223 ⚠️ Stub
testConcurrentPOChanges_NoDeadlocks() Stress Lines 225-228 ⚠️ Stub

Coverage

  • Unit Tests: 3/3 stub created
  • Integration Tests: 3/3 stub created
  • Stress Tests: 1/1 stub created
  • Total Coverage: 7/7 test cases specified in ADR

ADR-002: SQL Injection Prevention Strategy

Test File: com.cloudempiere.searchindex.test/src/.../unit/SQLInjectionPreventionTest.java

Test Cases from ADR (Phase 1: Lines 276-291, Validation: Lines 346-392)

Test Method Type ADR Reference Status
testSQLInjection_DropTable_ShouldFail() Unit Phase 1, Lines 278-284 ⚠️ Stub
testSQLInjection_UnionAttack_ShouldFail() Unit Validation, Line 354 ⚠️ Stub
testSQLInjection_DeleteAttack_ShouldFail() Unit Validation, Line 355 ⚠️ Stub
testSQLInjection_CommentInjection_ShouldFail() Unit Validation, Lines 362-363 ⚠️ Stub
testSQLInjection_MultipleStatements_ShouldFail() Unit Validation, Line 122 ⚠️ Stub
testValidWhereClause_ShouldPass() Unit Phase 1, Lines 286-291 ⚠️ Stub
testValidWhereClause_WithLike_ShouldPass() Unit Validation, Line 370 ⚠️ Stub
testValidWhereClause_WithIn_ShouldPass() Unit Validation, Line 371 ⚠️ Stub
testTableNameValidation_ValidTable_ShouldPass() Unit Layer 2, Lines 155-173 ⚠️ Stub
testTableNameValidation_InvalidTable_ShouldFail() Unit Layer 2 ⚠️ Stub
testTableNameValidation_InjectionAttempt_ShouldFail() Unit Validation, Lines 357-359 ⚠️ Stub
testColumnNameValidation_ValidColumn_ShouldPass() Unit Layer 2, Lines 177-192 ⚠️ Stub
testColumnNameValidation_InvalidColumn_ShouldFail() Unit Layer 2 ⚠️ Stub

Coverage

  • SQL Injection Blocking: 5/5 test cases
  • Valid Input Acceptance: 3/3 test cases
  • Whitelist Validation: 5/5 test cases
  • Total Coverage: 13/13 test cases specified in ADR

Prerequisites

These tests require implementation of:

  • SearchIndexSecurityValidator class (ADR-002 Phase 1)
  • validateWhereClause(String) method
  • validateTableName(String, String) method
  • validateColumnName(String, String, String) method

ADR-003: Slovak Text Search Configuration Architecture

Test File: com.cloudempiere.searchindex.test/src/.../integration/SlovakLanguageSearchTest.java

Test Cases from ADR (Phase 4: Lines 324-328)

Test Method Type ADR Reference Status
testSlovakSearchQuality_ExactVsUnaccented() Integration Lines 188-197 ⚠️ Stub
testSlovakDiacritics_AllVariants() Integration Lines 18-20 ⚠️ Stub
testSlovakVsCzech_Differentiation() Integration Lines 94-96 ⚠️ Stub
testPerformanceBenchmark_TSRankVsPosition() Performance Lines 181-186 ⚠️ Stub
testScalability_100KRows() Performance Lines 50, 154 ⚠️ Stub
testCzechLanguage_DiacriticHandling() Integration Phase 4, Line 327 ⚠️ Stub
testPolishLanguage_DiacriticHandling() Integration Phase 4, Line 327 ⚠️ Stub
testHungarianLanguage_DiacriticHandling() Integration Phase 4, Line 327 ⚠️ Stub
testMultiWeightTsvector_Structure() Unit Lines 118-133, 262-276 ⚠️ Stub
testGINIndexUsage_ExplainAnalyze() Integration Phase 3, Line 322 ⚠️ Stub
testRegression_ExistingSearchesContinueWorking() Regression Phase 4, Line 328 ⚠️ Stub
testSlovakStopWords_Optional() Integration Phase 1, Line 310 ⚠️ Stub
testWeightArray_RankingPreferences() Unit Line 141 ⚠️ Stub
testIndexSize_AcceptableIncrease() Performance Risks, Line 360 ⚠️ Stub
testLanguageDetection_SlovakClient() Unit Phase 2, Line 313 ⚠️ Stub
testLanguageDetection_FallbackToEnglish() Unit Phase 2 ⚠️ Stub
testSlovakSearch_SpecialCharacters() Integration ADR Context ⚠️ Stub

Coverage

  • Slovak Language Quality: 3/3 test cases (exact vs unaccented, all diacritics, Slovak vs Czech)
  • Performance Benchmarks: 3/3 test cases (TS_RANK vs POSITION, scalability, index size)
  • Multi-Language Support: 3/3 test cases (Czech, Polish, Hungarian)
  • Technical Validation: 5/5 test cases (tsvector structure, GIN index, weights, language detection)
  • Regression: 1/1 test case (existing searches)
  • Optional Features: 2/2 test cases (stop words, special characters)
  • Total Coverage: 17/17 test cases specified in ADR

Prerequisites

These tests require:

  • Slovak text search configuration: sk_unaccent (ADR-003 Phase 1)
  • Database migration: build_slovak_tsvector() function
  • Code changes in PGTextSearchIndexProvider.java (Lines 94-95, 426-454, 657-669)
  • Test dataset with Slovak/Czech/Polish/Hungarian product names
  • GIN index on idx_tsvector column

Success Criteria from ADR

  • Performance: <100ms for 100,000 rows (vs current 50s timeout)
  • Scalability: O(log n) using GIN index (vs current O(n × 6t))
  • Quality: Exact diacritic matches rank higher than unaccented
  • Languages: Support Slovak (sk_SK), Czech (cs_CZ), Polish (pl_PL), Hungarian (hu_HU)

ADR-006: Multi-Tenant Data Integrity

Test File: com.cloudempiere.searchindex.test/src/.../integration/MultiTenantIntegrityTest.java

Test Cases from ADR (Testing Strategy: Lines 283-351)

Test Method Type ADR Reference Status
testMultiTenantIsolation() Integration Lines 288-306 ⚠️ Stub
testUniqueConstraintEnforced() Integration Lines 308-318 ⚠️ Stub
testMultiClientSearch() Integration Lines 320-351 ⚠️ Stub
testUniqueIndexStructure() Integration Lines 475-485 ⚠️ Stub
testCrossClientDataLeakage() Integration ADR Context ⚠️ Stub
testIndexUpdateIsolation() Integration Phase 4, Lines 260-273 ⚠️ Stub
testOriginalBug_ClientBOverwritesClientA() Regression Lines 32-53 ⚠️ Stub

Coverage

  • Core Isolation Tests: 3/3 test cases
  • Regression Tests: 1/1 test case (original bug)
  • Additional Validation: 3/3 test cases
  • Total Coverage: 7/7 test cases specified in ADR

Prerequisites

These tests require:

  • Database migration applied (ADR-006 Phase 2)
  • UNIQUE constraint: (ad_client_id, ad_table_id, record_id)
  • Code fix in PGTextSearchIndexProvider.java:115

Implementation Priority

Phase 1: Critical Security (Week 1)

  1. ADR-002: SQL Injection Prevention (Highest Priority)

    • Implement SearchIndexSecurityValidator
    • Implement all 13 test cases
    • Run security scan validation

  2. ADR-006: Multi-Tenant Integrity (Critical)

    • Apply database migration
    • Implement all 7 test cases
    • Run integrity validation

Phase 2: Performance & Reliability (Week 2)

  1. ADR-001: Transaction Isolation (High Priority)
    • Refactor SearchIndexEventHandler
    • Implement all 7 test cases
    • Run stress tests

Test Execution

Run All ADR Tests

# From test fragment directory
cd com.cloudempiere.searchindex.test

# Run all tests
mvn clean test

# Run specific ADR tests
mvn test -Dtest=TransactionIsolationTest
mvn test -Dtest=SQLInjectionPreventionTest
mvn test -Dtest=MultiTenantIntegrityTest

In Eclipse

  1. Right-click test class → Run As → JUnit Plug-in Test
  2. Or use launch config: Run → com.cloudempiere.searchindex.test

Current Status

✅ Completed

  • Test framework setup (fragment plugin architecture)
  • Test stub classes created for all ADRs
  • Test cases documented from ADR specifications

⚠️ Pending Implementation

  • SearchIndexSecurityValidator implementation (ADR-002)
  • Database migration script (ADR-006)
  • Event handler refactoring (ADR-001)
  • Actual test implementation (all 27 test methods)

📊 Test Coverage Goals

ADR Test Cases Implemented Coverage
ADR-001 7 0 0%
ADR-002 13 0 0%
ADR-006 7 0 0%
Total 27 0 0%

Target: 100% test coverage for all critical ADRs before production deployment

Next Steps

  1. Implement ADR-002 (SQL Injection Prevention)

    • Create SearchIndexSecurityValidator class
    • Implement validation methods
    • Complete all 13 test cases
    • Run security scan

  2. Implement ADR-006 (Multi-Tenant Integrity)

    • Apply database migration
    • Fix PGTextSearchIndexProvider.java
    • Complete all 7 test cases
    • Run data integrity checks

  3. Implement ADR-001 (Transaction Isolation)

    • Refactor SearchIndexEventHandler
    • Complete all 7 test cases
    • Run stress tests (100+ concurrent operations)

  4. Continuous Integration

    • Add ADR tests to CI/CD pipeline
    • Enforce 100% pass rate before merge
    • Monitor test execution time

References

  • ADR-001: docs/adr/adr-001-transaction-isolation.md
  • ADR-002: docs/adr/adr-002-sql-injection-prevention.md
  • ADR-006: docs/adr/adr-006-multi-tenant-integrity.md
  • Test Framework: CLAUDE.md (Development Standards)

Last Updated: 2025-12-17 Reviewed By: [Pending]