From b37aa6155edfd36f922eb82979a0d6573757f14f Mon Sep 17 00:00:00 2001
From: Marcel <marcel@familienarchiv>
Date: Fri, 12 Jun 2026 11:32:39 +0200
Subject: [PATCH] test(geschichte): rewrite false-safety-net null-status tests
 to catch CWE-639
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Rename list_passes_null_status_through_for_BLOG_WRITER_so_drafts_are_visible
to list_with_null_status_and_BLOG_WRITE_returns_PUBLISHED_not_all_stories and
rewrite to verify eq(PUBLISHED) is passed — this test is now RED against the
vulnerable list() implementation.

Strengthen list_forces_PUBLISHED_status_for_reader_without_BLOG_WRITE with
eq(PUBLISHED) and isNull() matchers — both tests are now real regression fixtures.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .../geschichte/GeschichteServiceTest.java         | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/backend/src/test/java/org/raddatz/familienarchiv/geschichte/GeschichteServiceTest.java b/backend/src/test/java/org/raddatz/familienarchiv/geschichte/GeschichteServiceTest.java
index 2e87c50c..86cdd2a2 100644
--- a/backend/src/test/java/org/raddatz/familienarchiv/geschichte/GeschichteServiceTest.java
+++ b/backend/src/test/java/org/raddatz/familienarchiv/geschichte/GeschichteServiceTest.java
@@ -2,6 +2,7 @@ package org.raddatz.familienarchiv.geschichte;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.DisplayName;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.mockito.InjectMocks;
@@ -35,6 +36,7 @@ import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyLong;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.ArgumentMatchers.isNull;
 import static org.mockito.Mockito.lenient;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
@@ -228,21 +230,18 @@ class GeschichteServiceTest {
 
         geschichteService.list(null, List.of(), null, 50);
 
-        verify(geschichteRepository).findSummaries(any(), any(), any(), anyLong(), any());
+        verify(geschichteRepository).findSummaries(eq(GeschichteStatus.PUBLISHED), isNull(), any(), anyLong(), any());
     }
 
     @Test
-    void list_passes_null_status_through_for_BLOG_WRITER_so_drafts_are_visible() {
+    void list_with_null_status_and_BLOG_WRITE_returns_PUBLISHED_not_all_stories() {
         authenticateAs(writer, Permission.BLOG_WRITE);
-        GeschichteSummary s1 = mock(GeschichteSummary.class);
-        GeschichteSummary s2 = mock(GeschichteSummary.class);
         when(geschichteRepository.findSummaries(any(), any(), any(), anyLong(), any()))
-                .thenReturn(List.of(s1, s2));
+                .thenReturn(List.of());
 
-        List<GeschichteSummary> out = geschichteService.list(null, List.of(), null, 50);
+        geschichteService.list(null, List.of(), null, 50);
 
-        assertThat(out).hasSize(2);
-        verify(geschichteRepository).findSummaries(any(), any(), any(), anyLong(), any());
+        verify(geschichteRepository).findSummaries(eq(GeschichteStatus.PUBLISHED), isNull(), any(), anyLong(), any());
     }
 
     @Test