stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 12 Releases Wiki Activity
Files
394b57f6bf8f5e663a5213e465ac0bb42c15bca6
git.stella-ops.org/docs/testing/mutation-testing-baselines.md
master 2170a58734
Some checks failed
Lighthouse CI / Lighthouse Audit (push) Waiting to run
Details
Lighthouse CI / Axe Accessibility Audit (push) Waiting to run
Details
Manifest Integrity / Validate Schema Integrity (push) Waiting to run
Details
Manifest Integrity / Validate Contract Documents (push) Waiting to run
Details
Manifest Integrity / Validate Pack Fixtures (push) Waiting to run
Details
Manifest Integrity / Audit SHA256SUMS Files (push) Waiting to run
Details
Manifest Integrity / Verify Merkle Roots (push) Waiting to run
Details
Policy Lint & Smoke / policy-lint (push) Waiting to run
Details
Policy Simulation / policy-simulate (push) Waiting to run
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Export Center CI / export-ci (push) Has been cancelled
Details
Findings Ledger CI / build-test (push) Has been cancelled
Details
Findings Ledger CI / migration-validation (push) Has been cancelled
Details
Findings Ledger CI / generate-manifest (push) Has been cancelled
Details
Add comprehensive security tests for OWASP A02, A05, A07, and A08 categories 
- Implemented tests for Cryptographic Failures (A02) to ensure proper handling of sensitive data, secure algorithms, and key management.
- Added tests for Security Misconfiguration (A05) to validate production configurations, security headers, CORS settings, and feature management.
- Developed tests for Authentication Failures (A07) to enforce strong password policies, rate limiting, session management, and MFA support.
- Created tests for Software and Data Integrity Failures (A08) to verify artifact signatures, SBOM integrity, attestation chains, and feed updates.
2025-12-16 16:40:44 +02:00

81 lines
2.4 KiB
Markdown
Raw Blame History

# Mutation Testing Baselines
> Sprint: SPRINT_0353_0001_0001_mutation_testing_integration
> Task: MUT-0353-005
This document tracks mutation testing baselines for critical modules.
## Baseline Scores
| Module | Initial Score | Target Score | Date Established |
|--------|--------------|--------------|------------------|
| Scanner.Core | 72% | ≥ 80% | 2025-12-16 |
| Policy.Engine | 68% | ≥ 80% | 2025-12-16 |
| Authority.Core | 75% | ≥ 85% | 2025-12-16 |
| Signer.Core | 70% | ≥ 80% | TBD |
| Attestor.Core | 65% | ≥ 80% | TBD |
| Reachability.Core | 60% | ≥ 75% | TBD |
## Threshold Configuration
See `stryker-thresholds.json` for per-module threshold configuration.
## Mutation Operators Applied
| Operator | Description | Enabled |
|----------|-------------|---------|
| Arithmetic | Replace +, -, *, /, % | ✓ |
| Boolean | Flip true/false | ✓ |
| Comparison | Replace <, >, <=, >=, ==, != | ✓ |
| Logical | Replace &&, ||, ! | ✓ |
| String | Mutate string literals | ✓ |
| Linq | Mutate LINQ methods | ✓ |
| NullCoalescing | Mutate ?? operators | ✓ |
| Assignment | Mutate assignment operators | ✓ |
## Exclusions
The following patterns are excluded from mutation testing:
- `**/Migrations/**` - Database migrations (tested via integration tests)
- `**/Generated/**` - Generated code
- `**/*.g.cs` - Source-generated files
- `**/Models/**` - Simple data transfer objects
- `**/Exceptions/**` - Exception types (tested via integration)
## Running Mutation Tests
### Local Execution
```bash
# Run mutation tests for a specific module
cd src/Scanner/__Libraries/StellaOps.Scanner.Core
dotnet stryker
# Run with specific configuration
dotnet stryker -f stryker-config.json --reporter html
# Quick mode (fewer mutations, faster feedback)
dotnet stryker --since:main
```
### CI Execution
Mutation tests run on:
- Merge requests targeting main
- Weekly scheduled runs (comprehensive)
Results are uploaded as artifacts and published to the mutation testing dashboard.
## Improving Mutation Score
1. **Add missing test cases** - Cover edge cases revealed by surviving mutants
2. **Strengthen assertions** - Replace weak assertions with specific ones
3. **Test boundary conditions** - Cover off-by-one and boundary scenarios
4. **Add negative tests** - Test that invalid inputs are rejected
## References
- [Stryker.NET Documentation](https://stryker-mutator.io/docs/stryker-net/)
- [Mutation Testing Guide](../testing/mutation-testing-guide.md)
Reference in New Issue View Git Blame Copy Permalink