Alan-Jowett / sonde / 23458324849
82%

DEFAULT BRANCH: main
Ran
Jobs 1
Files 74
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 85.233% (+0.7%) from 84.576%
23458324849

push

github

web-flow 
Add security-critical validation tests (T-N927, T-N929, T-N940, T-N941) (#411)

* test: add security-critical validation tests (T-N927, T-N929, T-N940, T-N941)

- Add T-N927: RNG health-check failure aborts wake cycle
- Add T-N929: write to read-only context silently ignored
- Add T-N940: BLE envelope length validation
- Add T-N941: PEER_ACK corrupted HMAC discarded
- Fix: mem_store bounds-validates before suppressing context writes
- Fix: atomic on read-only context silently ignored (not error)
- Add RNG health_check() call at wake cycle start

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: cargo fmt + clippy

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: address review feedback on security validation tests

- Fix misleading comment in peer_request.rs: say 'flipping the last
  byte' instead of 'last 32 bytes' since only one byte is XOR'd.
- Avoid consuming early-wake flag on RNG health-check failure by not
  calling determine_wake_reason(); use base_interval_s directly so the
  flag is preserved for the next wake cycle.
- Make ctx binding mutable in write-to-read-only-context test so the
  raw pointer derivation is sound even if a regression causes a write.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: use constants in truncated-payload test, fix ne_bytes comment, use last_mut()

- Use \NODE_PROVISION_MIN_LEN\ and \PEER_PAYLOAD_MAX_LEN\ constants
  instead of hard-coded values in truncated-payload test to avoid
  hitting the wrong error branch if constants change.
- Fix comment to say 'native-endian timestamp byte' instead of
  'low byte' since \	o_ne_bytes()[0]\ is platform-dependent.
- Use \last_mut().expect()\ instead of manual len-1 indexing for
  clearer panics if frame is empty.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: address review feedback on security validation tests

- Replace magic number 37 with NODE_PROVISION... (continued)

162 of 164 new or added lines in 7 files covered. (98.78%)

133 existing lines in 4 files now uncovered.

19913 of 23363 relevant lines covered (85.23%)

173.76 hits per line

Uncovered Changes

Lines Coverage File
2
95.58
 0.44% crates/sonde-node/src/wake_cycle.rs

Coverage Regressions

Lines Coverage File
51
95.8
 0.24% crates/sonde-modem/src/bridge.rs
50
85.27
 -3.17% crates/sonde-e2e/src/harness.rs
23
95.58
 0.44% crates/sonde-node/src/wake_cycle.rs
9
0.0
 0.0% crates/sonde-pair-ui/src-tauri/src/lib.rs
Jobs
ID Job ID Ran Files Coverage
1 23458324849.1 74
85.23
 GitHub Action Run
Source Files on build 23458324849