Skip to content

test: OWASP mapping fixtures for GSoC ETL validation#950

Open
Bornunique911 wants to merge 2 commits into
OWASP:mainfrom
Bornunique911:test/gsoc-owasp-mapping-fixtures
Open

test: OWASP mapping fixtures for GSoC ETL validation#950
Bornunique911 wants to merge 2 commits into
OWASP:mainfrom
Bornunique911:test/gsoc-owasp-mapping-fixtures

Conversation

@Bornunique911

@Bornunique911 Bornunique911 commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Summary

This PR is split out from #900 to make review smaller and more focused.

It adds test-only OWASP mapping fixtures for GSoC ETL validation by extracting the OWASP mapping JSON files into a dedicated test fixture location and adding focused validation coverage. The intent is to let reviewers assess the fixture data independently from production importer/runtime changes.

Issue reference:

Problem Fixed

PR #900 grouped multiple different concerns into a single larger review, including:

  • upstream sync retry logic
  • OWASP mapping fixture data
  • importer-related follow-up work

That made it harder to review the mapping fixture portion on its own.

For this part of the work, the useful standalone contribution is:

  • preserving the OWASP mapping fixture JSON in a test-owned location
  • validating that those fixtures are structurally usable for ETL work
  • keeping this review separate from production parser decisions and runtime behavior

Solution

This PR:

  • moves OWASP mapping JSON into application/tests/fixtures/owasp_mappings/
  • keeps the fixture set reviewable as test data only
  • adds a focused validation test to ensure:
    • each fixture loads as valid JSON
    • each fixture has the expected list-of-mappings shape
    • required fields such as section, hyperlink, and cre_ids are present
    • cre_ids values are non-empty and structurally valid

Files in scope:

  • application/tests/fixtures/owasp_mappings/owasp_aisvs_1_0.json
  • application/tests/fixtures/owasp_mappings/owasp_api_top10_2023.json
  • application/tests/fixtures/owasp_mappings/owasp_cheatsheets_supplement.json
  • application/tests/fixtures/owasp_mappings/owasp_kubernetes_top10_2022.json
  • application/tests/fixtures/owasp_mappings/owasp_kubernetes_top10_2025.json
  • application/tests/fixtures/owasp_mappings/owasp_llm_top10_2025.json
  • application/tests/fixtures/owasp_mappings/owasp_top10_2025.json
  • application/tests/owasp_mapping_fixtures_test.py

Tests

./venv/bin/python -m pytest application/tests/owasp_mapping_fixtures_test.py -q

@coderabbitai

coderabbitai Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yml

Review profile: CHILL

Plan: Pro

Run ID: 023b9e14-ab7c-432a-a209-4cce1c40d19c

📥 Commits

Reviewing files that changed from the base of the PR and between ebfd3c7 and 7841f89.

📒 Files selected for processing (8)
  • application/tests/fixtures/owasp_mappings/owasp_aisvs_1_0.json
  • application/tests/fixtures/owasp_mappings/owasp_api_top10_2023.json
  • application/tests/fixtures/owasp_mappings/owasp_cheatsheets_supplement.json
  • application/tests/fixtures/owasp_mappings/owasp_kubernetes_top10_2022.json
  • application/tests/fixtures/owasp_mappings/owasp_kubernetes_top10_2025.json
  • application/tests/fixtures/owasp_mappings/owasp_llm_top10_2025.json
  • application/tests/fixtures/owasp_mappings/owasp_top10_2025.json
  • application/tests/owasp_mapping_fixtures_test.py
✅ Files skipped from review due to trivial changes (4)
  • application/tests/fixtures/owasp_mappings/owasp_kubernetes_top10_2025.json
  • application/tests/fixtures/owasp_mappings/owasp_llm_top10_2025.json
  • application/tests/fixtures/owasp_mappings/owasp_cheatsheets_supplement.json
  • application/tests/fixtures/owasp_mappings/owasp_top10_2025.json
🚧 Files skipped from review as they are similar to previous changes (4)
  • application/tests/fixtures/owasp_mappings/owasp_kubernetes_top10_2022.json
  • application/tests/fixtures/owasp_mappings/owasp_api_top10_2023.json
  • application/tests/fixtures/owasp_mappings/owasp_aisvs_1_0.json
  • application/tests/owasp_mapping_fixtures_test.py

Summary by CodeRabbit

  • Tests
    • Added stricter validation for OWASP mapping fixtures, ensuring the expected security reference files are present and payloads follow a consistent schema.
    • Verifies identifiers are in the correct format and that section identifiers are non-empty and not duplicated within a fixture.
  • Content Updates
    • Added and populated OWASP mapping fixtures covering AISVS 1.0, OWASP API Security Top 10 (2023), OWASP cheat sheet supplements, OWASP Kubernetes Top 10 (2022/2025), OWASP LLM Top 10 (2025), and OWASP Top 10 (2025).

Walkthrough

This PR adds OWASP mapping JSON fixtures and a unittest module that verifies the fixture directory contents and validates each fixture’s schema, identifier format, uniqueness rules, and fallback section references.

Changes

OWASP Mapping Fixtures

Layer / File(s) Summary
OWASP mapping fixture data files
application/tests/fixtures/owasp_mappings/owasp_aisvs_1_0.json, owasp_api_top10_2023.json, owasp_cheatsheets_supplement.json, owasp_kubernetes_top10_2022.json, owasp_kubernetes_top10_2025.json, owasp_llm_top10_2025.json, owasp_top10_2025.json
New JSON arrays define section metadata, hyperlinks, and cre_ids for the OWASP mapping fixtures, with Kubernetes 2025 also including fallback_section_ids.
Fixture validation test suite
application/tests/owasp_mapping_fixtures_test.py
Adds fixture-directory and regex constants, checks the exact JSON fixture set, and validates each loaded fixture for required fields, cre_ids format, unique section_id values, and valid fallback references.

Estimated code review effort: 2 (Simple) | ~10 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly summarizes the main change: adding OWASP mapping fixtures for ETL validation.
Description check ✅ Passed The description is directly related to the fixture and validation test changes in this PR.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (2)
application/tests/owasp_mapping_fixtures_test.py (1)

25-50: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

Consider asserting section_id uniqueness per fixture.

The shape test validates individual field types/formats but doesn't check that section_id values are unique within a fixture, which would catch copy-paste errors in future fixture additions.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@application/tests/owasp_mapping_fixtures_test.py` around lines 25 - 50, The
fixture shape test in test_fixtures_have_expected_mapping_shape should also
verify that section_id values are unique within each fixture. Add per-fixture
tracking in the existing loop over payload entries so duplicate section_id
values are detected while still preserving the current type/format checks for
section, hyperlink, and cre_ids.
application/tests/fixtures/owasp_mappings/owasp_kubernetes_top10_2025.json (1)

1-73: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

fallback_section_ids field isn't validated by the fixture test.

This is the only fixture with a fallback_section_ids array, but application/tests/owasp_mapping_fixtures_test.py doesn't assert its shape (list of strings, non-empty, referencing valid section IDs). Not a blocker since the field is optional/fixture-specific, but worth a light assertion if this field becomes load-bearing for the ETL logic being validated.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@application/tests/fixtures/owasp_mappings/owasp_kubernetes_top10_2025.json`
around lines 1 - 73, The fixture test currently ignores the shape of
fallback_section_ids in the OWASP Kubernetes mapping fixture, so add a
lightweight assertion in owasp_mapping_fixtures_test.py alongside the existing
section validation. Use the fixture’s section_id set to verify each
fallback_section_ids entry is a non-empty list of strings and that every
referenced ID matches a known section_id. Keep the check optional/fixture-aware
so it only applies when the field is present, and anchor the change near the
existing OWASP mapping fixture validation logic.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@application/tests/fixtures/owasp_mappings/owasp_kubernetes_top10_2025.json`:
- Around line 1-73: The fixture test currently ignores the shape of
fallback_section_ids in the OWASP Kubernetes mapping fixture, so add a
lightweight assertion in owasp_mapping_fixtures_test.py alongside the existing
section validation. Use the fixture’s section_id set to verify each
fallback_section_ids entry is a non-empty list of strings and that every
referenced ID matches a known section_id. Keep the check optional/fixture-aware
so it only applies when the field is present, and anchor the change near the
existing OWASP mapping fixture validation logic.

In `@application/tests/owasp_mapping_fixtures_test.py`:
- Around line 25-50: The fixture shape test in
test_fixtures_have_expected_mapping_shape should also verify that section_id
values are unique within each fixture. Add per-fixture tracking in the existing
loop over payload entries so duplicate section_id values are detected while
still preserving the current type/format checks for section, hyperlink, and
cre_ids.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yml

Review profile: CHILL

Plan: Pro

Run ID: c1fc8608-6f0b-4fd6-9e8f-d06311dd0deb

📥 Commits

Reviewing files that changed from the base of the PR and between 0e16c2e and 0e97a81.

📒 Files selected for processing (8)
  • application/tests/fixtures/owasp_mappings/owasp_aisvs_1_0.json
  • application/tests/fixtures/owasp_mappings/owasp_api_top10_2023.json
  • application/tests/fixtures/owasp_mappings/owasp_cheatsheets_supplement.json
  • application/tests/fixtures/owasp_mappings/owasp_kubernetes_top10_2022.json
  • application/tests/fixtures/owasp_mappings/owasp_kubernetes_top10_2025.json
  • application/tests/fixtures/owasp_mappings/owasp_llm_top10_2025.json
  • application/tests/fixtures/owasp_mappings/owasp_top10_2025.json
  • application/tests/owasp_mapping_fixtures_test.py

@Bornunique911

Copy link
Copy Markdown
Contributor Author

@coderabbitai review

@coderabbitai

coderabbitai Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor
✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@Bornunique911

Copy link
Copy Markdown
Contributor Author

@coderabbitai review

@coderabbitai

coderabbitai Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor
✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@Bornunique911 Bornunique911 force-pushed the test/gsoc-owasp-mapping-fixtures branch from ebfd3c7 to 7841f89 Compare July 9, 2026 17:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant