Add TestIsWeakHashAlgo tests for is_weak_hash_algo() in ssl.py

[Raavi29]

Proposed change

Summary

Adds 11 unit tests for is_weak_hash_algo() in nettacker/core/lib/ssl.py as a new TestIsWeakHashAlgo class appended to the existing test suite.

What was tested

• Weak algorithm detection: sha1, md5, md2, md4 (with RSA suffix variants)
• Case insensitivity: SHA1WithRSAEncryption correctly flagged
• Safe algorithms: sha256, sha384, sha512 return False
• Edge case: empty string, random string

Notes

• Original test suite is fully preserved - this PR only adds to it
• Previous PR Add unit tests for is_weak_hash_algo in ssl module #1448 accidently replaced the existing tests; this PR corrects that by appending instead
• is_weak_hash_algo() coverage: 0% -> 15% on nettacker/core/lib/ssl.py

Type of change

• New core framework functionality
• Bugfix (non-breaking change which fixes an issue)
• Code refactoring without any functionality changes
• New or existing module/payload change
• Documentation/localization improvement
• Test coverage improvement
• Dependency upgrade
• Other improvement (best practice, cleanup, optimization, etc)

Checklist

• I've followed the contributing guidelines
• I have digitally signed all my commits in this PR
• I've run make pre-commit and confirm it didn't generate any warnings/changes
• I've run make test, I confirm all tests passed locally
• I've added/updated any relevant documentation in the docs/ folder
• I've linked this PR with an open issue
• I've tested and verified that my code works as intended and resolves the issue as described
• I have attached screenshots demonstrating my code works as intended
• I've checked all other open PRs to avoid submitting duplicate work
• I confirm that the code and comments in this PR are not direct unreviewed outputs of AI
• I confirm that I am the Sole Responsible Author for every line of code, comment, and design decision

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Expanded parametrized test cases in tests/core/lib/test_ssl.py to include additional weak hash algorithm name tokens (various MD2/MD4/MD5/SHA1 variants and case variants) and added one safe boundary case (sha256WithRSAEncryption); also reordered two imports in the same test file. No functional code or assertions were otherwise changed.

Changes

Cohort / File(s)

Summary

Test updates tests/core/lib/test_ssl.py

Reordered import order to place is_weak_cipher_suite after is_weak_ssl_version. Expanded the test_is_weak_hash_algo parametrization with additional weak algorithm token strings (e.g., md2WithRSAEncryption, md4WithRSAEncryption, md5WithRSAEncryption, sha1WithRSAEncryption, uppercase variants) expected True, and added a boundary safe case sha256WithRSAEncryption expected False. No other logic or assertions changed.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested reviewers

• arkid15r
• securestep9

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main change: adding test cases for the is_weak_hash_algo() function in ssl.py.
Description check	✅ Passed	The description is well-related to the changeset, providing context about adding tests for is_weak_hash_algo(), test coverage improvements, and addressing a prior issue.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

tests/core/lib/test_ssl.py (1)

575-623: Good test coverage for is_weak_hash_algo().

The new tests add valuable coverage for RSA suffix variants, case insensitivity, additional safe algorithms (sha384, sha512), and edge cases. The docstring and section comments are helpful.

Note that there's an existing parameterized test at lines 457-469 in TestSslMethod that covers basic cases. Consider consolidating by extending that parameterized test with your new cases, which would reduce duplication and keep related tests together:

`@pytest.mark.parametrize`(
    "algo,expected",
    [
        # Weak algorithms
        ("md2", True),
        ("md4", True),
        ("md5", True),
        ("sha1", True),
        ("sha1WithRSAEncryption", True),
        ("md5WithRSAEncryption", True),
        ("SHA1WithRSAEncryption", True),  # case insensitivity
        ("MD5WithRSAEncryption", True),
        # Safe algorithms
        ("sha256", False),
        ("sha256WithRSAEncryption", False),
        ("sha384WithRSAEncryption", False),
        ("sha512WithRSAEncryption", False),
        # Edge cases
        ("", False),
        ("someRandomAlgorithm", False),
    ],
)
def test_is_weak_hash_algo(self, algo, expected):
    assert is_weak_hash_algo(algo) == expected

However, keeping a separate class for organizational clarity is also acceptable.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/core/lib/test_ssl.py` around lines 575 - 623, The new
TestIsWeakHashAlgo tests duplicate coverage of is_weak_hash_algo already
parameterized in TestSslMethod; update the existing pytest.mark.parametrize in
TestSslMethod to include the RSA-suffix, case-insensitive, safe-algorithm and
edge-case tuples (e.g., ("sha1WithRSAEncryption", True),
("md5WithRSAEncryption", True), ("SHA1WithRSAEncryption", True),
("MD5WithRSAEncryption", True), ("sha384WithRSAEncryption", False),
("sha512WithRSAEncryption", False), ("", False), ("someRandomAlgorithm", False))
and then remove or collapse the separate TestIsWeakHashAlgo class to avoid
duplication while keeping the same assertions (assert is_weak_hash_algo(algo) ==
expected).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@tests/core/lib/test_ssl.py`:
- Around line 622-623: The file ends without a trailing newline; open
tests/core/lib/test_ssl.py and add a single newline character at the end of the
file (after the closing line containing the test_random_string_is_not_weak
assertion) so the file terminates with a newline; no code changes to functions
(is_weak_hash_algo or test_random_string_is_not_weak) are required—just ensure
the EOF has a newline.

---

Nitpick comments:
In `@tests/core/lib/test_ssl.py`:
- Around line 575-623: The new TestIsWeakHashAlgo tests duplicate coverage of
is_weak_hash_algo already parameterized in TestSslMethod; update the existing
pytest.mark.parametrize in TestSslMethod to include the RSA-suffix,
case-insensitive, safe-algorithm and edge-case tuples (e.g.,
("sha1WithRSAEncryption", True), ("md5WithRSAEncryption", True),
("SHA1WithRSAEncryption", True), ("MD5WithRSAEncryption", True),
("sha384WithRSAEncryption", False), ("sha512WithRSAEncryption", False), ("",
False), ("someRandomAlgorithm", False)) and then remove or collapse the separate
TestIsWeakHashAlgo class to avoid duplication while keeping the same assertions
(assert is_weak_hash_algo(algo) == expected).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: bf035ee3-8d3c-4105-9fdb-c077c737c629

📥 Commits

Reviewing files that changed from the base of the PR and between 74d89e2 and 765a8f2.

📒 Files selected for processing (1)

• tests/core/lib/test_ssl.py

[Raavi29]

Latest commit adds a test for weak algo not at start of string (rsaWithSHA1Encryption) - addresses CodeRabbit suggestion about non-prefix cases.

[Copilot]

Pull request overview

Adds additional unit tests for is_weak_hash_algo() (in nettacker/core/lib/ssl.py) to improve coverage around algorithm string variants, casing, and edge inputs.

Changes:

• Appends a new TestIsWeakHashAlgo test class covering weak/safe algorithm variants and case-insensitivity.
• Adds edge-case tests for empty and unrecognized algorithm strings.
• Minor reordering within the from nettacker.core.lib.ssl import (...) list.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[securestep9]

@Raavi29 PRs unsigned commits will not be accepted ⚠️

[coderabbitai]

🧹 Nitpick comments (1)

tests/core/lib/test_ssl.py (1)

466-472: New parametrized cases look correct and align with the implementation.

The added cases exercise case-insensitivity (SHA1WithRSAEncryption, MD5WithRSAEncryption), non-prefix substring matches for MD2/MD4/MD5/SHA1 within realistic OID-style names, and a safe boundary (sha256WithRSAEncryption). All expected values match the substring-based, lowercased check in is_weak_hash_algo (nettacker/core/lib/ssl.py:13-18).

Optional: the PR description mentions empty-string and random-string edge cases — consider also adding ("", False) and e.g. ("random_string", False) here so they live in the same parametrize list rather than as separate tests. Not blocking.

♻️ Optional additions

             ("sha256WithRSAEncryption", False),
+            ("", False),
+            ("random_string", False),

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/core/lib/test_ssl.py` around lines 466 - 472, Add the two optional
edge-case parametrized inputs suggested by the reviewer to the same parametrize
list so they live with the other hash-name test cases: include ("", False) and
("random_string", False) alongside the existing entries that test
is_weak_hash_algo (the substring-based, lowercased check implemented in
nettacker/core/lib/ssl.py); update the parameter tuple list in
tests/core/lib/test_ssl.py where the current cases (e.g.,
"md2WithRSAEncryption", "sha256WithRSAEncryption", "MD5WithRSAEncryption") are
defined so these two new entries are covered by the same test function.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@tests/core/lib/test_ssl.py`:
- Around line 466-472: Add the two optional edge-case parametrized inputs
suggested by the reviewer to the same parametrize list so they live with the
other hash-name test cases: include ("", False) and ("random_string", False)
alongside the existing entries that test is_weak_hash_algo (the substring-based,
lowercased check implemented in nettacker/core/lib/ssl.py); update the parameter
tuple list in tests/core/lib/test_ssl.py where the current cases (e.g.,
"md2WithRSAEncryption", "sha256WithRSAEncryption", "MD5WithRSAEncryption") are
defined so these two new entries are covered by the same test function.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: a8bbf1e4-82ca-4db0-aa32-b57a757db1ff

📥 Commits

Reviewing files that changed from the base of the PR and between 26f6791 and bbb872c.

📒 Files selected for processing (1)

• tests/core/lib/test_ssl.py

[Raavi29]

@Raavi29 PRs unsigned commits will not be accepted ⚠️

@securestep9 Duly noted.
I have resigned all the commits.