Unclassified32CharacterString

Problem #1 in the strange test code paths Ross found suspicious: the test data generated by this rule was not in strict conformance across all its logic.

Basically, we have no general testing of the UnclassifiedPotentialSecurityKeys patterns list, which I could go slam into some other bucketing test. I am deferring that work for now.

For now, I'm ripping this rule out because it's noisy and not useful. The intent here was to capture an ancient variation of an generated AAD SPN secret, then the rule was renamed as a generic Unclassified32CharacterString because it fired too frequently and really it should have been deleted entirely. If there's an analysis here, it will argue its way back in.

002

boo. cut and paste error. I added invariant tests that ensure no rules collide with each other in core metadata expression and also that GetMatchIdAndName results always match the declared rule id and name.

This is what we get for being 'cute' and allowing a single rule to be flexible in what ids it covers. That's useful but it tortures the design more than a little and leaves us vulnerable to bugs of this kind.

AdoLegacyPat

This rule no longer applies to the latest ADO PAT format and thefore I'm renaming it.

AdoLegacyPat_InvalidBase32Input

Boo. For all my talk of test-driven development in the last PR, I ended up not shipping a correct fix! The reason? Late-breaking changes to a test I authored altered the code coverage and then at the very end a conversion from generated exception type (from FormatException to ArgumentException) left the code in a crashing condition,

Sigh. Even while waiting on a good unit test pattern, I should have started with simple, atomic tests to reveal bugs and prove they are fixed. Duly chastened, I return here with this review. #Resolved

Sigh. Even while waiting on a good unit test pattern, I should have started with simple, atomic tests to reveal bugs and prove they are fixed. Duly chastened, I return here with this review.

❤️

Sigh. Even while waiting on a good unit test pattern, I should have started with simple, atomic tests to reveal bugs and prove they are fixed. Duly chastened, I return here with this review.

❤️

Yay! This is a very easy to understand test <3.

For due diligence, if you have not already, run this test attached with a debugger and ensure the null is resulting from the expected error line getting hit. i.e. this is null for a particular reason, and not a general indeterminate reason.

Depending on perf constraints, there's more formal methods to handle this kinda testing — e.g. internal logging and asserting on specific logs are hit even if everything publicly is turned into a null. Out of scope for this PR, of course, but food for thought. #Resolved

nit: these renames will make the loop code easier to read #Resolved

nit: instead of using generic result everywhere some more specific names will increase readability. #WontFix

I don't do this. I set result to my test condition so that it's on one line. Then I follow it with an assertion with a strong readable message.

result isn't intended to encode something useful, the detailed, highly authored message it.

i could allocate new variables with names but this tends to consume more space and i worry about readability.

let's punt for now i will think about your suggestion.

I read the code top to bottom. A well-named variable means I know how to read/check the line without the out-of-order flow.

Better yet if you want the because to be the sole communicator, skip using the variable altogether:

alreadySeeanRullName.Should().Not().Contains(pattern.Name, because: "…");

These are nits, so keep thinking on it.

It is a good suggestion to encode more information about the test expectation in the variable name, I will keep this in mind moving forward.