JakartaMigration

Overview Schema Related Servers Score Discussions

CVE_CODE_ANALYSIS_TESTS.md•4.98 kB

# CVE Code Analysis Module Tests ## Overview Comprehensive unit tests have been created for all new CVE code analysis modules. All tests follow TDD principles and the project's testing standards. ## Test Coverage ### Mapper Tests ✅ #### CVECatalogMapperTest - ✅ Should map domain to entity - ✅ Should map entity to domain - ✅ Should handle null domain - ✅ Should handle null entity **Location**: `src/test/java/unit/CVECatalogMapperTest.java` #### BugFindingMapperTest - ✅ Should map domain to entity - ✅ Should map entity to domain - ✅ Should handle null domain - ✅ Should handle null entity - ✅ Should handle null affected files - ✅ Should handle empty affected files JSON **Location**: `src/test/java/unit/BugFindingMapperTest.java` ### Service Tests ✅ #### CVECatalogServiceTest - ✅ Should create catalog entry for CVE and language - ✅ Should skip if catalog entry already exists - ✅ Should return empty if no languages extracted - ✅ Should get catalog entries by language **Location**: `src/test/java/unit/CVECatalogServiceTest.java` **Key Features**: - Mocks LLM ChatClient responses - Tests CVE catalog creation workflow - Verifies language-specific entry creation - Tests duplicate prevention #### CodebaseIndexServiceTest - ✅ Should index Java repository - ✅ Should update existing index - ✅ Should return null if repository not cloned - ✅ Should get index for repository and language **Location**: `src/test/java/unit/CodebaseIndexServiceTest.java` **Key Features**: - Uses `@TempDir` for temporary file system - Tests Java codebase indexing - Verifies index versioning - Tests repository cloning state checks #### CommitAnalysisServiceTest - ✅ Should return empty if no catalog entries found - ✅ Should detect CVEs in commit - ✅ Should create bug finding when CVE detected **Location**: `src/test/java/unit/CommitAnalysisServiceTest.java` **Key Features**: - Mocks LLM responses for commit analysis - Tests initial CVE detection - Tests individual CVE analysis - Verifies bug finding creation #### CVEVerificationServiceTest - ✅ Should verify and process bug finding - ✅ Should handle low confidence and require human review **Location**: `src/test/java/unit/CVEVerificationServiceTest.java` **Key Features**: - Tests complete cross-LLM verification workflow - Mocks all three LLM steps (verification, fix generation, confirmation) - Tests confidence scoring - Verifies human review queue logic ## Test Patterns Used ### LLM Mocking Pattern All tests that interact with LLM services use a consistent mocking pattern: ```java @SuppressWarnings("unchecked") private void mockChatResponse(String jsonContent) { lenient().when(assistantMessage.getContent()).thenReturn(jsonContent); // Use reflection to mock ChatResponse.getResult().getOutput() java.lang.reflect.Method getResultMethod = ChatResponse.class.getMethod("getResult"); Class<?> resultType = getResultMethod.getReturnType(); Object resultMock = mock(resultType, (Answer<Object>) invocation -> { if ("getOutput".equals(invocation.getMethod().getName())) { return assistantMessage; } return null; }); lenient().doReturn(resultMock).when(chatResponse).getResult(); lenient().when(chatClient.call(any(Prompt.class))).thenReturn(chatResponse); } ``` ### Reactive Testing Services that return `Flux` or `Mono` use `StepVerifier`: ```java StepVerifier.create(result) .expectNextCount(1) .verifyComplete(); ``` ### Test Structure All tests follow the Given-When-Then pattern: ```java @Test @DisplayName("Should do something") void shouldDoSomething() { // Given // Setup test data and mocks // When // Execute the code under test // Then // Verify the results } ``` ## Running Tests ### All New Tests ```bash ./gradlew test --tests "*CVECatalog*" --tests "*BugFinding*" --tests "*CodebaseIndex*" --tests "*CommitAnalysis*" --tests "*CVEVerification*" ``` ### Individual Test Classes ```bash ./gradlew test --tests "adrianmikula.jakartamigration.cve.mapper.CVECatalogMapperTest" ./gradlew test --tests "adrianmikula.jakartamigration.cve.service.CVECatalogServiceTest" ``` ### Using Mise ```bash mise run test ``` ## Test Status ✅ **All tests created and ready** - No compilation errors - No linter errors - Follows project testing standards - Uses proper mocking patterns - Includes edge case handling ## Coverage Goals - **Mappers**: 100% coverage (simple transformation logic) - **Services**: 80%+ coverage (complex business logic) - **Edge Cases**: Null handling, empty collections, error scenarios ## Notes - Tests use `@MockitoSettings(strictness = Strictness.LENIENT)` for LLM mocking flexibility - Reflection is used to mock Spring AI's internal types - `@TempDir` is used for file system operations in CodebaseIndexServiceTest - All tests are unit tests (no external dependencies required)

Loading blob content...

Latest Blog Posts

What are Claude Skills?
By punkpeye on January 10, 2026.
mcp
skills
How to Test MCP Streamable HTTP Endpoints Using cURL
By punkpeye on January 2, 2026.
tutorial
bash
What is Streamable HTTP in MCP?
By punkpeye on January 2, 2026.
Streamable HTTP

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/adrianmikula/JakartaMigration'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

CVE_CODE_ANALYSIS_TESTS.md•4.98 kB