Test Gap Analysis — jarspect
Automated by Nightshift v3 (GLM 5.1).
Task: test-gap | Category: analysis
Summary
Total source files: 28 Rust files across src/ and src/detectors/.
Existing test functions: ~79 #[test] annotations across 22 files.
Files with zero tests: 6 files (1,151 lines of untested code).
Files with inadequate test coverage: 3 files (2,124 lines with disproportionately few tests).
P1 — High: Untested Core Modules
1. src/lib.rs (486 lines, 0 tests)
The central orchestration module with 6 public functions and zero test coverage:
run_scan() (line 126) — Main async scan pipeline entry point. No tests for happy path, error handling, or input validation.run_static_analysis() (line 134) — Static analysis orchestrator. No tests for rule loading failures, empty inputs, or partial results.parse_active_rulepacks() (line 401) — Parses rulepack configuration. No tests for malformed TOML, missing fields, or empty configs.load_signatures() (line 439) — Loads signature data from disk. No tests for missing directories, corrupted files.load_yara_rules() (line 457) — Compiles YARA rules. No tests for invalid rule syntax, empty rule sets.validate_artifact_id() (line 480) — Input validation. Low-hanging fruit — test with valid IDs, empty strings, special characters, path traversal attempts.
Recommendation: Start with validate_artifact_id() (pure function, easy to test) and parse_active_rulepacks() (deterministic TOML parsing). Then add integration tests for run_static_analysis() with fixture JARs.
2. src/malwarebazaar.rs (140 lines, 0 tests)
External API integration with zero test coverage:
check_hash() (line 35) — Makes HTTP call to MalwareBazaar API. No tests for: network errors, malformed JSON responses, rate limiting, hash format validation.
Recommendation: Add unit tests with mocked HTTP responses (using mockito or similar). Test cases: known-malicious hash, clean hash, API error (500), invalid hash format, empty response.
3. src/classfile_evidence.rs (254 lines, 0 tests)
Class file data extraction with zero test coverage:
Recommendation: Test against known bytecode fixtures. Verify extraction of: string constants, method signatures, field references, edge cases (truncated class files, malformed constant pools).
P2 — Medium: Under-tested Core Modules
4. src/verdict.rs (1,060 lines, only 3 tests)
The verdict module has the most complex logic (AI verdict generation, heuristic fallback, severity classification) but only 3 tests for 1,060 lines:
ai_verdict() (line 322) — Critical path: AI-powered malware verdict. No tests for prompt construction, response parsing, or error handling.fallback_verdict() (line 523) — Fallback heuristic. Easy to unit test but currently untested.heuristic_verdict() (line 533) — Multi-factor heuristic scoring. Complex branching logic with no coverage.
Recommendation: Add tests for fallback_verdict() (pure function), then heuristic_verdict() with various indicator combinations. At minimum 8-10 more tests needed.
5. src/profile.rs (532 lines, only 2 tests)
Profile building logic:
- Tests only cover basic profile creation.
- Missing: environment variable parsing edge cases, profile merge conflicts, default value fallbacks.
Recommendation: 4-6 additional tests for env var parsing and profile defaults.
6. src/main.rs (320 lines, 0 tests)
HTTP server (Axum) with API routes:
- No route handler tests for
/scan, /health, etc.
- No tests for multipart upload handling, file size limits, content-type validation.
Recommendation: Use Axum's test utilities (tower::ServiceExt) to test route handlers without network. 5-8 integration tests.
P3 — Low: Minor Gaps
7. src/build-regression-fixtures.rs (91 lines, 0 tests)
Dev-only tool for building test fixtures. Low priority — only runs during development, not in production.
8. Test file coverage in tests/
Only 1 integration test file: tests/regression-fixtures.rs (1 test). Consider adding:
- End-to-end scan pipeline tests with known-benign and known-malicious fixtures
- HTTP API integration tests
Statistics
| Category |
Files |
Lines |
Tests |
Test-to-Line Ratio |
| Well-tested (>1:50) |
17 |
~4,200 |
~65 |
~1:65 |
| Under-tested |
5 |
~2,124 |
~7 |
~1:303 |
| Untested |
6 |
~1,151 |
0 |
— |
Priority Order for Test Addition
lib.rs::validate_artifact_id() — pure function, 10 minlib.rs::parse_active_rulepacks() — TOML parsing, 15 minverdict.rs::fallback_verdict() — pure function, 10 minverdict.rs::heuristic_verdict() — complex branching, 30 minmalwarebazaar.rs::check_hash() — needs mock HTTP, 30 minmain.rs route handlers — needs Axum test utils, 45 minlib.rs::run_static_analysis() — integration test with fixtures, 60 min
Test Gap Analysis — jarspect
Automated by Nightshift v3 (GLM 5.1).
Task: test-gap | Category: analysis
Summary
Total source files: 28 Rust files across
src/andsrc/detectors/.Existing test functions: ~79
#[test]annotations across 22 files.Files with zero tests: 6 files (1,151 lines of untested code).
Files with inadequate test coverage: 3 files (2,124 lines with disproportionately few tests).
P1 — High: Untested Core Modules
1.
src/lib.rs(486 lines, 0 tests)The central orchestration module with 6 public functions and zero test coverage:
run_scan()(line 126) — Main async scan pipeline entry point. No tests for happy path, error handling, or input validation.run_static_analysis()(line 134) — Static analysis orchestrator. No tests for rule loading failures, empty inputs, or partial results.parse_active_rulepacks()(line 401) — Parses rulepack configuration. No tests for malformed TOML, missing fields, or empty configs.load_signatures()(line 439) — Loads signature data from disk. No tests for missing directories, corrupted files.load_yara_rules()(line 457) — Compiles YARA rules. No tests for invalid rule syntax, empty rule sets.validate_artifact_id()(line 480) — Input validation. Low-hanging fruit — test with valid IDs, empty strings, special characters, path traversal attempts.Recommendation: Start with
validate_artifact_id()(pure function, easy to test) andparse_active_rulepacks()(deterministic TOML parsing). Then add integration tests forrun_static_analysis()with fixture JARs.2.
src/malwarebazaar.rs(140 lines, 0 tests)External API integration with zero test coverage:
check_hash()(line 35) — Makes HTTP call to MalwareBazaar API. No tests for: network errors, malformed JSON responses, rate limiting, hash format validation.Recommendation: Add unit tests with mocked HTTP responses (using
mockitoor similar). Test cases: known-malicious hash, clean hash, API error (500), invalid hash format, empty response.3.
src/classfile_evidence.rs(254 lines, 0 tests)Class file data extraction with zero test coverage:
Recommendation: Test against known bytecode fixtures. Verify extraction of: string constants, method signatures, field references, edge cases (truncated class files, malformed constant pools).
P2 — Medium: Under-tested Core Modules
4.
src/verdict.rs(1,060 lines, only 3 tests)The verdict module has the most complex logic (AI verdict generation, heuristic fallback, severity classification) but only 3 tests for 1,060 lines:
ai_verdict()(line 322) — Critical path: AI-powered malware verdict. No tests for prompt construction, response parsing, or error handling.fallback_verdict()(line 523) — Fallback heuristic. Easy to unit test but currently untested.heuristic_verdict()(line 533) — Multi-factor heuristic scoring. Complex branching logic with no coverage.Recommendation: Add tests for
fallback_verdict()(pure function), thenheuristic_verdict()with various indicator combinations. At minimum 8-10 more tests needed.5.
src/profile.rs(532 lines, only 2 tests)Profile building logic:
Recommendation: 4-6 additional tests for env var parsing and profile defaults.
6.
src/main.rs(320 lines, 0 tests)HTTP server (Axum) with API routes:
/scan,/health, etc.Recommendation: Use Axum's test utilities (
tower::ServiceExt) to test route handlers without network. 5-8 integration tests.P3 — Low: Minor Gaps
7.
src/build-regression-fixtures.rs(91 lines, 0 tests)Dev-only tool for building test fixtures. Low priority — only runs during development, not in production.
8. Test file coverage in
tests/Only 1 integration test file:
tests/regression-fixtures.rs(1 test). Consider adding:Statistics
Priority Order for Test Addition
lib.rs::validate_artifact_id()— pure function, 10 minlib.rs::parse_active_rulepacks()— TOML parsing, 15 minverdict.rs::fallback_verdict()— pure function, 10 minverdict.rs::heuristic_verdict()— complex branching, 30 minmalwarebazaar.rs::check_hash()— needs mock HTTP, 30 minmain.rsroute handlers — needs Axum test utils, 45 minlib.rs::run_static_analysis()— integration test with fixtures, 60 min