(t *testing.T)
| 653 | } |
| 654 | |
| 655 | func TestGraphQLControlPlaneSecurityQuery(t *testing.T) { |
| 656 | svc := newControlPlaneGraphQLTestService(t, MCPConfig{ |
| 657 | AllowConfigUpdates: true, |
| 658 | AllowSchemaUpdates: true, |
| 659 | AllowWorkflowUpdates: true, |
| 660 | AllowRawQueries: true, |
| 661 | }, createSQLiteDBFile(t, "app.sqlite3", true)) |
| 662 | svc.conf.Serv.Production = true |
| 663 | svc.conf.Core.Production = true |
| 664 | if err := svc.refreshSystemNanoDB(); err != nil { |
| 665 | t.Fatalf("refresh system nanodb: %v", err) |
| 666 | } |
| 667 | |
| 668 | res, err := svc.gj.GraphQL(sourceModeAdminTestContext(), `query { |
| 669 | summary: gj_security(id: "summary") { |
| 670 | id |
| 671 | kind |
| 672 | mode |
| 673 | summary_json |
| 674 | } |
| 675 | findings: gj_security( |
| 676 | where: { |
| 677 | kind: { eq: "finding" } |
| 678 | severity: { in: ["high", "critical"] } |
| 679 | } |
| 680 | order_by: { severity_rank: desc } |
| 681 | ) { |
| 682 | id |
| 683 | kind |
| 684 | severity |
| 685 | severity_rank |
| 686 | title |
| 687 | capability |
| 688 | recommendation |
| 689 | evidence_json |
| 690 | } |
| 691 | }`, nil, &core.RequestConfig{}) |
| 692 | if err != nil { |
| 693 | t.Fatalf("security query error: %v", err) |
| 694 | } |
| 695 | if len(res.Errors) != 0 { |
| 696 | t.Fatalf("security query returned errors: %+v", res.Errors) |
| 697 | } |
| 698 | |
| 699 | var out struct { |
| 700 | Summary struct { |
| 701 | ID string `json:"id"` |
| 702 | Kind string `json:"kind"` |
| 703 | Mode string `json:"mode"` |
| 704 | SummaryJSON map[string]any `json:"summary_json"` |
| 705 | } `json:"summary"` |
| 706 | Findings []struct { |
| 707 | ID string `json:"id"` |
| 708 | Kind string `json:"kind"` |
| 709 | Severity string `json:"severity"` |
| 710 | SeverityRank int `json:"severity_rank"` |
| 711 | Title string `json:"title"` |
| 712 | Capability string `json:"capability"` |
nothing calls this directly
no test coverage detected