Add TestIsWeakHashAlgo tests for is_weak_hash_algo() in ssl.py

[Raavi29]

Proposed change

Summary

Adds 11 unit tests for is_weak_hash_algo() in nettacker/core/lib/ssl.py as a new TestIsWeakHashAlgo class appended to the existing test suite.

What was tested

• Weak algorithm detection: sha1, md5, md2, md4 (with RSA suffix variants)
• Case insensitivity: SHA1WithRSAEncryption correctly flagged
• Safe algorithms: sha256, sha384, sha512 return False
• Edge case: empty string, random string

Notes

• Original test suite is fully preserved - this PR only adds to it
• Previous PR Add unit tests for is_weak_hash_algo in ssl module #1448 accidently replaced the existing tests; this PR corrects that by appending instead
• is_weak_hash_algo() coverage: 0% -> 15% on nettacker/core/lib/ssl.py

Type of change

• New core framework functionality
• Bugfix (non-breaking change which fixes an issue)
• Code refactoring without any functionality changes
• New or existing module/payload change
• Documentation/localization improvement
• Test coverage improvement
• Dependency upgrade
• Other improvement (best practice, cleanup, optimization, etc)

Checklist

• I've followed the contributing guidelines
• I have digitally signed all my commits in this PR
• I've run make pre-commit and confirm it didn't generate any warnings/changes
• I've run make test, I confirm all tests passed locally
• I've added/updated any relevant documentation in the docs/ folder
• I've linked this PR with an open issue
• I've tested and verified that my code works as intended and resolves the issue as described
• I have attached screenshots demonstrating my code works as intended
• I've checked all other open PRs to avoid submitting duplicate work
• I confirm that the code and comments in this PR are not direct unreviewed outputs of AI
• I confirm that I am the Sole Responsible Author for every line of code, comment, and design decision

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 9a614441-5ef3-4517-abeb-96b3453f4a08

📥 Commits

Reviewing files that changed from the base of the PR and between 10c12fb and 26f6791.

📒 Files selected for processing (1)

• tests/core/lib/test_ssl.py

🚧 Files skipped from review as they are similar to previous changes (1)

• tests/core/lib/test_ssl.py

---

Summary by CodeRabbit

• Tests
  • Expanded test coverage for hash-algorithm validation: added a dedicated test class verifying detection of known weak hashes (MD2, MD4, MD5, SHA1), confirming strong hashes (SHA256, SHA384, SHA512) are treated as safe, ensuring case-insensitive handling of inputs, and covering edge cases such as empty strings, unrelated inputs, and detection of weak tokens occurring within longer strings.

Walkthrough

Added a new test class TestIsWeakHashAlgo in tests/core/lib/test_ssl.py with assertions for weak and strong hash algorithm names, case-insensitivity, and edge cases; also reordered two imports in the same test file.

Changes

Cohort / File(s)	Summary
Test file update tests/core/lib/test_ssl.py	Added TestIsWeakHashAlgo containing multiple assertions for is_weak_hash_algo() (weak algos: SHA1, MD2/MD4/MD5 variants; strong algos: SHA256/384/512; uppercase handling; empty and unrelated-string edge cases). Reordered imports to place is_weak_cipher_suite after is_weak_ssl_version.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: adding a new TestIsWeakHashAlgo test class for the is_weak_hash_algo() function in ssl.py.
Description check	✅ Passed	The description is comprehensive and directly related to the changeset, detailing the 11 new unit tests added, test coverage, and context about correcting a prior PR.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

tests/core/lib/test_ssl.py (1)

575-623: Good test coverage for is_weak_hash_algo().

The new tests add valuable coverage for RSA suffix variants, case insensitivity, additional safe algorithms (sha384, sha512), and edge cases. The docstring and section comments are helpful.

Note that there's an existing parameterized test at lines 457-469 in TestSslMethod that covers basic cases. Consider consolidating by extending that parameterized test with your new cases, which would reduce duplication and keep related tests together:

`@pytest.mark.parametrize`(
    "algo,expected",
    [
        # Weak algorithms
        ("md2", True),
        ("md4", True),
        ("md5", True),
        ("sha1", True),
        ("sha1WithRSAEncryption", True),
        ("md5WithRSAEncryption", True),
        ("SHA1WithRSAEncryption", True),  # case insensitivity
        ("MD5WithRSAEncryption", True),
        # Safe algorithms
        ("sha256", False),
        ("sha256WithRSAEncryption", False),
        ("sha384WithRSAEncryption", False),
        ("sha512WithRSAEncryption", False),
        # Edge cases
        ("", False),
        ("someRandomAlgorithm", False),
    ],
)
def test_is_weak_hash_algo(self, algo, expected):
    assert is_weak_hash_algo(algo) == expected

However, keeping a separate class for organizational clarity is also acceptable.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/core/lib/test_ssl.py` around lines 575 - 623, The new
TestIsWeakHashAlgo tests duplicate coverage of is_weak_hash_algo already
parameterized in TestSslMethod; update the existing pytest.mark.parametrize in
TestSslMethod to include the RSA-suffix, case-insensitive, safe-algorithm and
edge-case tuples (e.g., ("sha1WithRSAEncryption", True),
("md5WithRSAEncryption", True), ("SHA1WithRSAEncryption", True),
("MD5WithRSAEncryption", True), ("sha384WithRSAEncryption", False),
("sha512WithRSAEncryption", False), ("", False), ("someRandomAlgorithm", False))
and then remove or collapse the separate TestIsWeakHashAlgo class to avoid
duplication while keeping the same assertions (assert is_weak_hash_algo(algo) ==
expected).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@tests/core/lib/test_ssl.py`:
- Around line 622-623: The file ends without a trailing newline; open
tests/core/lib/test_ssl.py and add a single newline character at the end of the
file (after the closing line containing the test_random_string_is_not_weak
assertion) so the file terminates with a newline; no code changes to functions
(is_weak_hash_algo or test_random_string_is_not_weak) are required—just ensure
the EOF has a newline.

---

Nitpick comments:
In `@tests/core/lib/test_ssl.py`:
- Around line 575-623: The new TestIsWeakHashAlgo tests duplicate coverage of
is_weak_hash_algo already parameterized in TestSslMethod; update the existing
pytest.mark.parametrize in TestSslMethod to include the RSA-suffix,
case-insensitive, safe-algorithm and edge-case tuples (e.g.,
("sha1WithRSAEncryption", True), ("md5WithRSAEncryption", True),
("SHA1WithRSAEncryption", True), ("MD5WithRSAEncryption", True),
("sha384WithRSAEncryption", False), ("sha512WithRSAEncryption", False), ("",
False), ("someRandomAlgorithm", False)) and then remove or collapse the separate
TestIsWeakHashAlgo class to avoid duplication while keeping the same assertions
(assert is_weak_hash_algo(algo) == expected).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: bf035ee3-8d3c-4105-9fdb-c077c737c629

📥 Commits

Reviewing files that changed from the base of the PR and between 74d89e2 and 765a8f2.

📒 Files selected for processing (1)

• tests/core/lib/test_ssl.py

[Raavi29]

Latest commit adds a test for weak algo not at start of string (rsaWithSHA1Encryption) - addresses CodeRabbit suggestion about non-prefix cases.

[Copilot]

Pull request overview

Adds additional unit tests for is_weak_hash_algo() (in nettacker/core/lib/ssl.py) to improve coverage around algorithm string variants, casing, and edge inputs.

Changes:

• Appends a new TestIsWeakHashAlgo test class covering weak/safe algorithm variants and case-insensitivity.
• Adds edge-case tests for empty and unrecognized algorithm strings.
• Minor reordering within the from nettacker.core.lib.ssl import (...) list.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

PR description says this adds 11 tests, but TestIsWeakHashAlgo defines 12 new test methods (4 weak + 2 uppercase + 3 safe + 3 edge). Also, this file already has an is_weak_hash_algo test earlier, so the stated coverage delta / “no dedicated tests” may be outdated. Please update the PR description to match the actual changes.

[Copilot]

This file already contains a parametrized test_is_weak_hash_algo earlier. The new TestIsWeakHashAlgo class overlaps with several of those cases (md2/md4/md5/sha1) and adds variants. Consider folding these new inputs into the existing parametrized test to reduce duplication and keep related assertions in one place.

[securestep9]

@Raavi29 PRs unsigned commits will not be accepted ⚠️