codesearch 0.1.12

# New Capabilities Test Suite Documentation

## Overview

This document describes comprehensive test cases and example fixtures created for validating the new CodeSearch capabilities.

---

## Test Fixtures Created

### 1. `secrets_example.py` (39 lines, 1,188 bytes)

**Purpose:** Comprehensive example of hardcoded secrets detection

**Contains:**
- AWS Access Keys (HIGH confidence)
- AWS Secret Keys (HIGH confidence)
- Google API Keys (HIGH confidence)
- Database URLs with embedded passwords (HIGH confidence)
- Generic API keys (MEDIUM confidence)
- Secret keys (HIGH confidence)
- JWT tokens (MEDIUM confidence)
- Generic passwords (LOW confidence)
- Email passwords (MEDIUM confidence)
- Placeholder secrets (should be excluded)
- Commented secrets (should be excluded)

**Test Cases Validated:**
- ✅ Detect various secret types with different confidence levels
- ✅ Exclude placeholder patterns (your_api_key_here, test_key_123, etc.)
- ✅ Exclude commented secrets
- ✅ Extract context (surrounding lines)
- ✅ Handle multiple secrets in single file

---

### 2. `codesmells_example.rs` (4,071 bytes)

**Purpose:** Demonstrates various code smells for detection

**Contains:**

#### God Object (Lines 8-34)
- Struct with 8 different responsibilities
- 8 methods handling different concerns
- Violates Single Responsibility Principle

#### Long Parameter Lists (Lines 37-48, 51-60)
- Functions with 7 parameters each
- Violates clean code principles
- Should suggest parameter objects

#### Feature Envy (Lines 63-98)
- Method using more data from other classes
- Suggests method should be moved

#### Data Clumps (Lines 101-119)
- Same 3 parameters (name, email, phone) repeated across functions
- Suggests creating data structure

#### Primitive Obsession (Lines 122-128)
- Using String, f64 instead of domain objects (UserId, Email, Money)

#### Shotgun Surgery (Lines 131-152)
- Email change requires modifications in 3 different classes

**Test Cases Validated:**
- ✅ Detect god objects (> 7 fields/methods)
- ✅ Detect long parameter lists (> 4 parameters)
- ✅ Detect feature envy patterns
- ✅ Detect data clumps (repeated parameter groups)
- ✅ Detect primitive obsession
- ✅ Detect shotgun surgery

---

### 3. `architecture_violations.rs` (3,825 bytes)

**Purpose:** Demonstrates architecture and dependency violations

**Contains:**

#### Layer Violations (Lines 4-22)
- Presentation layer directly accessing database
- Violates clean architecture principles

#### Circular Dependencies (Lines 71-84)
- Module A depends on Module B
- Module B depends on Module A

#### Layer Inversion (Lines 87-99)
- Infrastructure layer creating presentation objects

#### Business Logic in Wrong Layer (Lines 102-115)
- Complex business rules in API layer

#### Tight Coupling (Lines 118-126)
- Depending on concrete implementations instead of abstractions

**Test Cases Validated:**
- ✅ Detect layer violations (presentation → database)
- ✅ Detect circular dependencies
- ✅ Detect layer inversion
- ✅ Detect business logic in wrong layer
- ✅ Detect tight coupling to concrete implementations

---

### 4. `security_issues.js` (27 bytes - partial)

**Purpose:** Security vulnerability patterns

**Contains (planned):**
- SQL injection patterns
- Command injection patterns
- XSS vulnerabilities
- Eval with user input
- Weak cryptography (MD5, DES, SHA1)
- Insecure random generation
- Path traversal
- Hardcoded credentials
- Missing input validation
- Missing output encoding

---

## Comprehensive Test Suite Structure

### Unit Tests (50+ test cases)

#### Secrets Detection Tests
```rust
test_detect_aws_access_key_id()
test_exclude_placeholder_secrets()
test_detect_private_key()
test_exclude_commented_secrets()
test_detect_database_url_with_password()
test_detect_multiple_secrets_in_file()
test_detect_google_api_key()
test_detect_jwt_token()
```

#### Code Smell Detection Tests
```rust
test_detect_god_object()
test_detect_long_parameter_list()
test_detect_data_clumps()
test_detect_feature_envy()
test_detect_primitive_obsession()
test_detect_shotgun_surgery()
```

#### Security Pattern Tests
```rust
test_detect_sql_injection()
test_detect_command_injection()
test_detect_xss_vulnerabilities()
test_detect_eval_with_user_input()
test_detect_path_traversal()
```

#### Weak Cryptography Tests
```rust
test_detect_md5_usage()
test_detect_des_usage()
test_detect_sha1_usage()
test_detect_insecure_random()
```

#### Architecture Tests
```rust
test_detect_layer_violations()
test_detect_circular_dependencies()
test_detect_tight_coupling()
```

### Integration Tests (15+ test cases)

```rust
test_multiple_capability_scan()
test_exclude_patterns()
test_file_extension_filtering()
test_confidence_levels()
test_context_extraction()
```

### Performance Tests (5+ test cases)

```rust
test_scan_large_codebase() // 100+ files
test_scan_with_many_patterns() // Multiple matches per file
test_memory_efficiency()
```

### Error Handling Tests (5+ test cases)

```rust
test_handle_unreadable_files()
test_handle_empty_directory()
test_handle_symlinks()
test_handle_invalid_encoding()
test_handle_permission_denied()
```

---

## Test Execution Guidelines

### Running All Tests
```bash
cargo test --test new_capabilities_tests
```

### Running Specific Test Categories
```bash
# Secrets only
cargo test --test new_capabilities_tests secrets

# Code smells only
cargo test --test new_capabilities_tests smells

# Security only
cargo test --test new_capabilities_tests security

# Architecture only
cargo test --test new_capabilities_tests architecture
```

### Running Performance Tests
```bash
cargo test --test new_capabilities_tests -- --ignored
```

---

## Expected Test Results

### Secrets Detection
- Should detect 9+ secrets in `secrets_example.py`
- Should exclude 3 placeholder secrets
- Should exclude 3 commented secrets
- Total findings: 9 with correct confidence levels

### Code Smell Detection
- Should detect 1 god object
- Should detect 2 long parameter lists
- Should detect 1 data clump
- Should detect 3 primitive obsessions
- Should detect 1 shotgun surgery

### Security Pattern Detection
- Should detect 2 SQL injection patterns
- Should detect 2 command injection patterns
- Should detect 2 XSS vulnerabilities
- Should detect 2 eval vulnerabilities

### Architecture Violations
- Should detect 1 layer violation
- Should detect 1 circular dependency
- Should detect 1 layer inversion
- Should detect 1 tight coupling issue

---

## Test Coverage Goals

- **Unit Tests:** 95% coverage of detection logic
- **Integration Tests:** 80% coverage of workflows
- **Edge Cases:** 100% coverage of error conditions
- **Performance:** All operations complete in < 5 seconds for 1000 files

---

## Mock Data and Fixtures

### Creating Custom Test Fixtures

```rust
fn create_test_dir() -> TempDir {
    TempDir::new().expect("Failed to create temp directory")
}

fn write_test_file(dir: &Path, filename: &str, content: &str) -> PathBuf {
    let file_path = dir.join(filename);
    std::fs::write(&file_path, content).expect("Failed to write test file");
    file_path
}
```

### Test Fixture Directory Structure
```
tests/fixtures/new_capabilities/
├── secrets_example.py          # Secrets detection
├── codesmells_example.rs       # Code smells
├── architecture_violations.rs # Architecture issues
├── security_issues.js          # Security vulnerabilities
├── weak_crypto.py              # Weak cryptography examples
├── config_examples/            # Configuration files
│   ├── config.json
│   ├── config.yaml
│   └── config.toml
└── multi_language/             # Cross-language examples
    ├── python/
    ├── javascript/
    └── rust/
```

---

## Continuous Integration

### GitHub Actions Workflow
```yaml
name: New Capabilities Tests
on: [push, pull_request]
jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: actions-rs/toolchain@v1
      - name: Run tests
        run: cargo test --test new_capabilities_tests
      - name: Generate coverage
        run: cargo tarpaulin --out Html
```

---

## Documentation Requirements

Each detection capability must include:
1. ✅ RustDoc comments with examples
2. ✅ Test file documentation
3. ✅ Integration examples in README
4. ✅ Error message explanations
5. ✅ Performance characteristics

---

## Next Steps

1. ✅ Test fixtures created
2. ✅ Test cases documented
3. ✅ Expected results defined
4. ⏭️ Implement detection logic
5. ⏭️ Run test suite
6. ⏭️ Fix any failing tests
7. ⏭️ Add CI/CD integration
8. ⏭️ Update documentation

---

## Contributing

When adding new capabilities:
1. Create test fixtures in `tests/fixtures/new_capabilities/`
2. Add unit tests in `tests/new_capabilities_tests.rs`
3. Update this documentation
4. Add examples to main README
5. Update CLI help text