Skip to content

test: add comprehensive validation coverage#146

Open
SHAURYAKSHARMA24 wants to merge 2 commits into
openshield-org:devfrom
SHAURYAKSHARMA24:test/comprehensive-validation-coverage-clean
Open

test: add comprehensive validation coverage#146
SHAURYAKSHARMA24 wants to merge 2 commits into
openshield-org:devfrom
SHAURYAKSHARMA24:test/comprehensive-validation-coverage-clean

Conversation

@SHAURYAKSHARMA24

@SHAURYAKSHARMA24 SHAURYAKSHARMA24 commented Jun 21, 2026

Copy link
Copy Markdown
Collaborator

Summary

This PR adds a comprehensive validation/test coverage pass for OpenShield against the current upstream/dev branch.

It adds scanner rule regression coverage for all 45 current scanner rules, extends MockAzureClient test support, adds ScanEngine integration tests, and documents the validation results in docs/validation/COMPREHENSIVE_VALIDATION_REPORT.md.

No production code is changed.

Verification

Local validation completed successfully:

pytest -q
# 170 passed

pytest tests/test_rules_*.py -q
# 92 passed

pytest tests/test_engine_integration.py -q
# 4 passed

Shaurya K Sharma added 2 commits June 21, 2026 20:43
test: add scanner rule and engine validation coverage
e66936a 
Expand scanner rule regression coverage so all 45 rules have dedicated
compliant and non-compliant cases (includes az_net_015). Add ScanEngine
integration tests for rule loading, score consistency, and rule-failure
isolation.

Extend MockAzureClient test support only; no production code is changed.

Full suite: 170 passed.
Rule regression slice: 92 passed.
Engine integration: 4 passed.

Note: AZ-NET-009 and AZ-NET-012 tests validate intended isolated rule
logic. The production integration defects discovered during validation are
documented separately in the validation report.
docs: add comprehensive validation report
995efcf 
Document the full OpenShield validation pass across environment setup,
static checks, backend tests, scanner rules, engine integration, local API
smoke tests, frontend build, AI/RAG, CVE/NVD, Sentinel review, security
checks, documentation accuracy, and live deployment status.

The report records remaining follow-up issues including AZ-NET-009,
AZ-NET-012, AI chunker syntax failure, Sentinel field mapping mismatch,
stale documentation counts, dependency CVEs, and deferred Azure/Sentinel
live validation.
@SHAURYAKSHARMA24 SHAURYAKSHARMA24 self-assigned this Jun 21, 2026
@Vishnu2707 Vishnu2707 added the enhancement New feature or request label Jun 21, 2026
parthrohit22
parthrohit22 requested changes Jun 22, 2026
View reviewed changes

@parthrohit22 parthrohit22 left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good work on this PR. The scope is valuable and the changed files look mostly aligned with the stated goal: validation report, rule regression tests, engine integration tests, and mock Azure client support.

I reviewed the PR at a high level and I think this is moving in the right direction, but I would not approve until the merge conflict is resolved and the tests are rerun.

Main blocker:

  • GitHub currently shows a merge conflict in tests/helpers/mock_azure.py.
  • Since this file is central to the new test coverage, please resolve it carefully instead of choosing one side blindly.
  • After resolving, please rerun:

pytest -q
pytest tests/test_rules_*.py -q
pytest tests/test_engine_integration.py -q

and confirm the final pass counts in the PR.

A few review notes:

  • The PR description says no production code is changed, and from the file list I can see the scope is limited to tests and validation docs, which is good.
  • The comprehensive validation report is useful, especially the documented findings around AZ-NET-009, AZ-NET-012, ai/chunker.py, Sentinel mapping, and scan observability.
  • The limitation around AZ-NET-009 and AZ-NET-012 should remain clearly documented because those tests validate intended/mock behavior, not current production behavior.
  • Please make sure the known issues found during validation are later raised as separate issues so they do not stay buried inside the report.

Suggested follow-up issues:

  • AZ-NET-009 false negative due to SDK method mismatch
  • AZ-NET-012 false positive due to missing get_nsg_flow_logs
  • ai/chunker.py SyntaxError
  • Sentinel compliance field mapping mismatch
  • ScanEngine missing errored-rule visibility in scan results

Once the mock_azure.py conflict is resolved, tests are rerun, and the PR is updated with the latest results, I think this will be ready for final review.

TFT444
TFT444 requested changes Jun 22, 2026
View reviewed changes

@TFT444 TFT444 left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seconding Parth's review he said everything.But One specific code change to make while you have the branch open for the conflict fix:

In [tests/test_engine_integration.py], test_engine_loads_all_45_rules asserts len(eng.rules) == 45. Change it to >= 45 .
Otherwise the next rule anyone adds will break this test for no reason, and it's not the count that matters here.

On the follow-up issues Parth listed — I'll open those once this PR merges so they don't get lost. No action needed from you on that side.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@TFT444 TFT444 TFT444 requested changes

@parthrohit22 parthrohit22 parthrohit22 requested changes

@Vishnu2707 Vishnu2707 Awaiting requested review from Vishnu2707

Requested changes must be addressed to merge this pull request.

Assignees

@SHAURYAKSHARMA24 SHAURYAKSHARMA24

Labels

enhancement New feature or request

Projects

OpenShield MVP — Phase 1
Status: 📋 Backlog

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@SHAURYAKSHARMA24 @TFT444 @parthrohit22 @Vishnu2707