test+docs(cms): internal pkg tests, mutation baseline, honest README#17
Merged
Merged
Conversation
Round 5 of the audit-equivalent hardening: close the largest remaining
mutation-testing coverage gap (the internal/ package was invisible to
gremlins because no test file linked it), document the lived-mutant
inventory, and update the README to reflect the testing methodology
without overstating it as an external audit.
What's added:
1. pkg/cms/internal/asn1util_test.go
Direct table tests for MarshalSequenceHeader, MarshalSetHeader,
MarshalImplicitHeader and MarshalSafe β parallel to the
length_boundary_test.go work on the sister helpers in pkg/cms.
Achieves 100% mutation efficacy on the internal/ package (18
killed, 0 lived). Side-effect: mutation efficacy on pkg/cms itself
rises from 82.19% to 83.40% because gremlins now sees more
coverage flowing through the internal helpers when pkg/cms tests
run.
2. MUTATION_BASELINE.md
Inventory of the 44 lived + 23 not-covered mutants on pkg/cms,
categorised:
A β Logically equivalent (no fix possible without weakening code)
B β Defensive bounds (effectively unreachable at scale)
C β Error-message format strings (low security value)
D β Genuine boundary cases (addressable, low return)
Plus promotion criteria for future PRs and an explicit note that
the project has not been independently audited.
3. README.md "Testing & Hardening" section
Honest framing: every layer of testing the repo ships, mapped to
the files that implement it. Lists the bugs found and fixed by the
methodology with PR links. Explicit "not independently audited"
header. Also fixes a stale claim in Limits ("SHA-256 only" β all
of SHA-256/384/512 per RFC 8419).
Why pkg/cms/internal mutation jumped to 100%:
The internal package's helpers had no tests linking them, so
gremlins reported every mutant as NOT COVERED. The new test file
provides table-driven byte-exact coverage at every length-encoding
boundary, killing every covered mutant.
Validation: full suite passes under -race; mutation efficacy now
83.40% on pkg/cms, 100% on pkg/cms/internal, CI gate of 80% stays
comfortably below the new floor.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
1f2f754 to
a5310a7
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Round 5 of the audit-equivalent hardening β closes the largest remaining mutation-testing gap, documents the lived-mutant inventory, and updates the README to reflect the testing methodology honestly.
Stacked on PR #16 β when #16 merges, this PR auto-retargets to main.
Why this round, explicitly
After rounds 1β4 we hit 82.19% efficacy with three real bugs fixed. But there were three structural gaps the prior work couldn't address:
pkg/cms/internalwas invisible to mutation testing. No test file linked it, so gremlins reported every mutant as NOT COVERED.What's added
1. Internal package tests (
pkg/cms/internal/asn1util_test.go)Direct table tests for `MarshalSequenceHeader`, `MarshalSetHeader`, `MarshalImplicitHeader` and `MarshalSafe` β same byte-exact boundary-table approach as `pkg/cms/length_boundary_test.go` from round 3, plus `TestConstants` to pin the documented size limits.
Side effect: `pkg/cms` itself rises from 82.19% β 83.40% because gremlins now sees additional coverage flowing through the internal helpers when `pkg/cms` tests run.
2.
MUTATION_BASELINE.mdAn explicit inventory of the 44 lived + 23 not-covered mutants on `pkg/cms`, decomposed into four categories with one-line justifications each:
Plus promotion criteria for future PRs and an explicit "not independently audited" disclaimer at the top.
3. README "Testing & Hardening" section
Honest framing throughout β leads with "not independently audited." Tabulates every test layer with the file that implements it. Lists the four real bugs found and fixed by the methodology with PR links. Documents what the methodology does not cover (cryptographic primitives β stdlib, side-channels β not tested, HSM β out of scope).
Also fixes a stale claim in Limits β "SHA-256 only" β SHA-256/384/512 per RFC 8419.
What this PR does not do
Validation
make test)Test plan
π€ Generated with Claude Code