#9333: Tests: add test coverage for security/audit-fs.ts
stale
Cluster:
Test Coverage Enhancements
## Summary
Adds comprehensive unit tests for the previously untested `src/security/audit-fs.ts` module.
This module handles file permission inspection for security auditing, supporting both POSIX and Windows ACL systems.
## Tests Added (32 tests)
- **modeBits**: permission bit extraction from file mode
- **formatOctal**: formatting bits as 3-digit octal strings
- **isWorldWritable/isGroupWritable**: write permission bit checks
- **isWorldReadable/isGroupReadable**: read permission bit checks
- **formatPermissionDetail**: human-readable permission formatting
- **formatPermissionRemediation**: chmod/icacls command generation
- **safeStat**: error-safe file stat wrapper with symlink detection
- **inspectPathPermissions**: full permission inspection on POSIX/Windows
## Test plan
- [x] All 32 tests passing
- [x] Tests use temporary files for filesystem operations
- [x] Tests clean up after themselves
- [x] Covers edge cases (null inputs, non-existent paths, symlinks)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- greptile_comment -->
<h2>Greptile Overview</h2>
<h3>Greptile Summary</h3>
Adds a new Vitest suite (`src/security/audit-fs.test.ts`) covering the permission-auditing helpers in `src/security/audit-fs.ts` (POSIX mode bit handling, formatting, and higher-level permission inspection), including basic coverage of the Windows ACL branch via dependency injection.
Most assertions are straightforward and exercise the key bitmask/formatting behavior. The main gap is that the Windows-branch test doesn’t assert observable behavior (e.g., `exec` invocation, `source/error` shape), so it can pass even if the Windows ACL inspection path regresses.
<h3>Confidence Score: 4/5</h3>
- This PR is mostly safe to merge; remaining issues are around test effectiveness rather than production behavior.
- Only a new test file is added. However, a couple of Windows-related assertions are currently too weak and can allow regressions to slip through or produce brittle expectations depending on how the Windows command string is formatted.
- src/security/audit-fs.test.ts
<!-- greptile_other_comments_section -->
<sub>(5/5) You can turn off certain types of comments like style [here](https://app.greptile.com/review/github)!</sub>
<!-- /greptile_comment -->
Most Similar PRs
#15569: test: comprehensive test coverage expansion (57 new test files)
by tangcruz · 2026-02-13
82.8%
#12684: Test: add missing unit tests for src/utils modules
by shaynhornik · 2026-02-09
81.5%
#20496: test(utils): add comprehensive unit tests for utility functions
by masifislamm · 2026-02-19
81.5%
#11421: Tests: add unit tests for infra/format-duration
by PythonUser42 · 2026-02-07
81.3%
#7507: test(ci): make tests cross-platform (Windows) + add basic sanitizat...
by ThinkIbrokeIt · 2026-02-02
80.9%
#4095: Test/add format duration tests
by TechWizard9999 · 2026-01-29
78.9%
#4137: [AI-assisted] test(cli): add missing test cases for parseDurationMs
by sind00 · 2026-01-29
78.6%
#8964: test(msteams): add comprehensive tests for graph-upload module
by RajdeepKushwaha5 · 2026-02-04
78.4%
#21733: security(exec): platform-aware allowlist matching and restricted sa...
by Esubaalew · 2026-02-20
76.3%
#14734: test(agents): guard against stale allowAgents in existing sessions
by davidahmann · 2026-02-12
76.2%