Added security check report field and variable

This commit is contained in:
2026-06-22 14:13:08 +02:00
parent 7a9f8e770a
commit 372ca5f66b
10 changed files with 74 additions and 4 deletions

View File

@@ -36,6 +36,23 @@ class SecurityCheckProcessTest extends TestCase
$this->assertContains('external_systems', $keys);
}
public function testReportStepRequiresOfficialCustomerReportField(): void
{
$process = new SecurityCheckProcess();
$fields = $process->stepFields(SecurityCheckProcess::STEP_REPORT);
$this->assertSame(
[SecurityCheckProcess::FIELD_CUSTOMER_REPORT],
array_column($fields, 'key')
);
// The owner must fill it before the final step can be completed.
$this->assertContains(
SecurityCheckProcess::FIELD_CUSTOMER_REPORT,
$process->requiredFieldKeys(SecurityCheckProcess::STEP_REPORT)
);
}
public function testRequiredFieldKeysExcludeOptionalFields(): void
{
$keys = (new SecurityCheckProcess())->requiredFieldKeys(SecurityCheckProcess::STEP_INFORMATION);

View File

@@ -128,6 +128,9 @@ class SecurityCheckServiceTest extends TestCase
'blocker_start' => '2026-07-01T08:00',
'blocker_end' => '2026-07-02T18:00',
];
$step[SecurityCheckProcess::STEP_REPORT]['fields'] = [
SecurityCheckProcess::FIELD_CUSTOMER_REPORT => 'All checks passed; no action required.',
];
$input = [
'step' => $step,
'tech' => ['tls' => ['done' => '1', 'note' => 'verified']],
@@ -143,6 +146,10 @@ class SecurityCheckServiceTest extends TestCase
$this->assertSame(77, $process_state['beauftragung']['by']);
$this->assertNotEmpty($process_state['beauftragung']['at']);
$this->assertSame('Jane', $process_state[SecurityCheckProcess::STEP_INFORMATION]['fields']['technical_contact']);
$this->assertSame(
'All checks passed; no action required.',
$process_state[SecurityCheckProcess::STEP_REPORT]['fields'][SecurityCheckProcess::FIELD_CUSTOMER_REPORT]
);
$tech_state = json_decode((string) $captured['tech_state_json'], true);
$this->assertTrue($tech_state['tls']['done']);

View File

@@ -30,6 +30,9 @@ class SecurityReportPdfServiceTest extends TestCase
foreach ($process->manualStepKeys() as $key) {
$processState[$key] = ['done' => true, 'at' => '2026-06-18 10:00:00'];
}
$processState[SecurityCheckProcess::STEP_REPORT]['fields'] = [
SecurityCheckProcess::FIELD_CUSTOMER_REPORT => 'No critical findings.',
];
$snapshot = ['version' => 1, 'items' => [
['type' => 'section', 'label' => 'Transport'],
['type' => 'check', 'key' => 'tls', 'label' => 'TLS enforced'],
@@ -68,6 +71,7 @@ class SecurityReportPdfServiceTest extends TestCase
$this->assertSame('acme.de', $context['domain']);
$this->assertSame('Intranet', $context['product']);
$this->assertSame('Jane Doe', $context['owner']);
$this->assertSame('No critical findings.', $context['customer_report']);
$this->assertNotSame('', $context['title']);
// Summary mirrors the progress math (3 tech items, 2 done).
@@ -99,6 +103,7 @@ class SecurityReportPdfServiceTest extends TestCase
$this->assertSame('', $context['customer_name']);
$this->assertSame('', $context['domain']);
$this->assertSame('', $context['customer_report']);
$this->assertSame([], $context['tech_sections']);
$this->assertSame(0, $context['summary']['total']);
$this->assertSame(0, $context['summary']['percent']);

View File

@@ -22,6 +22,7 @@ class SecurityReportTemplateServiceTest extends TestCase
'status_label' => 'In progress',
'generated_at' => '2026-06-22 10:00',
'app_name' => 'CoreCore',
'customer_report' => "Line one\nLine two",
'logo_data_uri' => 'data:image/png;base64,AAAA',
'summary' => ['percent' => 72, 'tech_done' => 2, 'tech_total' => 3],
'tech_sections' => [
@@ -55,6 +56,22 @@ class SecurityReportTemplateServiceTest extends TestCase
$this->assertStringNotContainsString('<b>Acme</b>', $out);
}
public function testRenderCustomerReportEscapesAndPreservesLineBreaks(): void
{
$service = new SecurityReportTemplateService();
$context = $this->context();
$context['customer_report'] = "First line <script>\nSecond line";
$out = $service->render('<section>{{customer_report}}</section>', $context);
// HTML in the owner's text is escaped...
$this->assertStringContainsString('First line &lt;script&gt;', $out);
$this->assertStringNotContainsString('<script>', $out);
// ...and author line breaks survive as <br>.
$this->assertMatchesRegularExpression('/First line &lt;script&gt;<br\s*\/?>\s*Second line/', $out);
}
public function testRenderBuildsChecklistAndProcessHtml(): void
{
$service = new SecurityReportTemplateService();
@@ -111,6 +128,7 @@ class SecurityReportTemplateServiceTest extends TestCase
{
$variables = (new SecurityReportTemplateService())->availableVariables();
$this->assertArrayHasKey('customer_report', $variables);
$this->assertArrayHasKey('logo_src', $variables);
$this->assertArrayHasKey('checklist', $variables);
$this->assertArrayHasKey('process', $variables);