Background
Two Critical (π΄) findings from the Fable5 automated scan were postponed from PR #955 (issue #953) because they require architectural scope beyond a single PR. This issue tracks both.
Finding 2.1 β import hera performs network I/O, filesystem writes, and DB writes at import time
Location:
hera/datalayer/document/__init__.py:324-328 β calls createDBConnection for each user on module importhera/__init__.py:33 β instantiates ToolkitHome() which constructs Project, writes to MongoDB, and runs os.makedirs
Impact: Any process that does import hera hits the network and potentially raises IOError if ~/.pyhera/config.json is absent (item 2.13 is a symptom of this). Tests cannot import the package in a clean environment without a live MongoDB.
Required work:
- Redesign DB connection lifecycle to be lazy (connect only on first actual DB call, not at import time)
ToolkitHome instantiation in __init__.py must be deferred or made conditional- All callers that currently rely on the implicit connection must be audited
Finding 5.2 β Zero test coverage for simulations/ and riskassessment/
Scope: 233 source modules total; only 13 test modules exist. The following subtrees have no tests at all:
hera/simulations/openFoam/ (~30 modules)hera/simulations/LSM/hera/simulations/gaussian/hera/simulations/windProfile/hera/simulations/WRF/hera/simulations/machineLearningDeepLearning/hera/riskassessment/ (~17 modules)
Related: tracked under #943 (unit test improvements campaign)
Required work:
- Add session-scoped fixtures for each simulation toolkit following the pattern in
hera/tests/conftest.py
- Write smoke tests (instantiate toolkit, register a datasource, retrieve it) for each untested toolkit
- Add integration tests for critical calculation paths in
riskassessment/
- Add expected output files to
hera/tests/expected/ for regression tests
Acceptance criteria
Background
Two Critical (π΄) findings from the Fable5 automated scan were postponed from PR #955 (issue #953) because they require architectural scope beyond a single PR. This issue tracks both.
Finding 2.1 β
import heraperforms network I/O, filesystem writes, and DB writes at import timeLocation:
hera/datalayer/document/__init__.py:324-328β callscreateDBConnectionfor each user on module importhera/__init__.py:33β instantiatesToolkitHome()which constructsProject, writes to MongoDB, and runsos.makedirsImpact: Any process that does
import herahits the network and potentially raisesIOErrorif~/.pyhera/config.jsonis absent (item 2.13 is a symptom of this). Tests cannot import the package in a clean environment without a live MongoDB.Required work:
ToolkitHomeinstantiation in__init__.pymust be deferred or made conditionalFinding 5.2 β Zero test coverage for
simulations/andriskassessment/Scope: 233 source modules total; only 13 test modules exist. The following subtrees have no tests at all:
hera/simulations/openFoam/(~30 modules)hera/simulations/LSM/hera/simulations/gaussian/hera/simulations/windProfile/hera/simulations/WRF/hera/simulations/machineLearningDeepLearning/hera/riskassessment/(~17 modules)Related: tracked under #943 (unit test improvements campaign)
Required work:
hera/tests/conftest.pyriskassessment/hera/tests/expected/for regression testsAcceptance criteria
import herain a clean environment (no config.json, no MongoDB) does not raise any exception and does not open any network connectionpytest hera/tests/covers at least one test per toolkit insimulations/andriskassessment/