Summary of What Needs to be Done:
backend/secuscan/validation.py contains helper functions that are only partially tested through the existing validate_target tests. Specifically, _net_within_allowed_networks (with its nested wildcard_to_net helper) and _parse_url_hostname have no dedicated unit tests. These functions handle complex edge cases in network validation logic.
Changes that Need to be Made:
- Add testing/backend/unit/test_validation_helpers.py
- Import the real production functions from backend.secuscan.validation
- Test _parse_url_hostname: valid https URL, valid http URL, non-HTTP scheme returns None, URL with port, URL with path, invalid URL
- Test _net_within_allowed_networks: IP within CIDR allowlist, IP outside allowlist, IP within wildcard pattern (e.g. 10...*), empty allowlist returns True, multi-address network within larger CIDR
- Test wildcard_to_net edge cases: 10...* -> 10.0.0.0/8, 192.168.. -> 192.168.0.0/16, invalid patterns (non-octet values, mixed wildcards)
- Mock settings.allowed_networks for isolation using monkeypatch
Impact that it would Provide:
- Validates network allowlist enforcement logic in isolation
- Documents expected behavior of URL parsing and network matching
- Enables safe refactoring of the validation logic without breaking guardrails
Note: This task is being handled by tmdeveloper007 — please assign to that account when picking it up.
Summary of What Needs to be Done:
backend/secuscan/validation.py contains helper functions that are only partially tested through the existing validate_target tests. Specifically, _net_within_allowed_networks (with its nested wildcard_to_net helper) and _parse_url_hostname have no dedicated unit tests. These functions handle complex edge cases in network validation logic.
Changes that Need to be Made:
Impact that it would Provide:
Note: This task is being handled by tmdeveloper007 — please assign to that account when picking it up.