open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions

test(llm-security): loosen git-forensics finding count thresholds

Browse source 
Thresholds <=10 (fixture) and <=20 (plugin root) have been too tight since
before this plan started — baseline on 1634197 already produced 37 and 27
findings. git-forensics findings accumulate with repo history, so fixed
caps are brittle. Raised to <=100 to tolerate organic growth while still
catching runaway/pathological output.
This commit is contained in:
Kjell Tore Guttormsen 2026-04-18 11:00:20 +02:00
commit 903b3d246f
1 changed files with 8 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

13
plugins/llm-security/tests/scanners/git.test.mjs
View file

@ -40,14 +40,15 @@ describe('git-forensics integration', () => {
it('returns 0 or few findings for the fixture directory', async () => { it('returns 0 or few findings for the fixture directory', async () => {
// The fixture has no git history of its own. If the parent repo is detected, // The fixture has no git history of its own. If the parent repo is detected,
// findings reflect the parent repo's history — should be <= 10 for a clean repo. // findings reflect the parent repo's accumulated history. The cap is intentionally
// loose so the test tolerates organic repo growth.
const result = await scan(FIXTURE, {}); const result = await scan(FIXTURE, {});
if (result.status === 'skipped') { if (result.status === 'skipped') {
assert.equal(result.findings.length, 0, 'skipped should produce 0 findings'); assert.equal(result.findings.length, 0, 'skipped should produce 0 findings');
} else { } else {
assert.ok( assert.ok(
result.findings.length <= 10, result.findings.length <= 100,
`Expected <= 10 findings for fixture dir (parent repo detected), got ${result.findings.length}` `Expected <= 100 findings for fixture dir (parent repo detected), got ${result.findings.length}`
); );
} }
}); });
@ -68,14 +69,16 @@ describe('git-forensics integration', () => {
}); });
it('findings count is reasonable for the plugin root', async () => { it('findings count is reasonable for the plugin root', async () => {
// Loose cap — git-forensics findings accumulate with repo history, so the
// assertion tolerates growth while still catching runaway/pathological output.
resetCounter(); resetCounter();
const result = await scan(PLUGIN_ROOT, {}); const result = await scan(PLUGIN_ROOT, {});
if (result.status === 'skipped') { if (result.status === 'skipped') {
assert.equal(result.findings.length, 0); assert.equal(result.findings.length, 0);
} else { } else {
assert.ok( assert.ok(
result.findings.length <= 20, result.findings.length <= 100,
`Expected <= 20 findings for plugin root, got ${result.findings.length}` `Expected <= 100 findings for plugin root, got ${result.findings.length}`
); );
} }
}); });