fix(scripts): standardize timestamps in Test-DependencyPinning.ps1 and SecurityClasses.psm1#1282
fix(scripts): standardize timestamps in Test-DependencyPinning.ps1 and SecurityClasses.psm1#1282chaosdinosaur wants to merge 4 commits intomainfrom
Conversation
…d SecurityClasses.psm1 Replace fake UTC format in ComplianceReport.ToHashtable() and local-offset ScanTimestamp in Test-DependencyPinning.ps1 with Get-StandardTimestamp from CIHelpers.psm1 for genuine UTC timestamps. Add CIHelpers import to SecurityClasses.psm1 and update Pester test pattern to match full-precision ISO 8601 format. Fixes #998
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #1282 +/- ##
==========================================
- Coverage 87.72% 87.71% -0.02%
==========================================
Files 61 61
Lines 9320 9320
==========================================
- Hits 8176 8175 -1
- Misses 1144 1145 +1
Flags with carried forward coverage won't be shown. Click here to find out more.
🚀 New features to boost your workflow:
|
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
PR Review: fix/998-standardize-timestamp-dependency-pinning
The goal is clear, the issue link is valid, the PR template is properly completed, and all automation checks pass. The approach of using Get-StandardTimestamp from CIHelpers.psm1 is the right direction. Three focused issues worth addressing are noted below.
Issue Alignment
✅ PR correctly targets #998. The fake-UTC format (ToString('yyyy-MM-ddTHH:mm:ss.fffZ')) is replaced in both files, and the CIHelpers.psm1 import is added to SecurityClasses.psm1. The note about the markdown display format (yyyy-MM-dd HH:mm:ss) being intentionally left unchanged is accurate and appreciated.
PR Template Compliance
✅ Description is substantive, issue is linked, Type of Change checkboxes are checked and match the diff (bug fix + script/automation), testing evidence is provided, and all required automated checks are checked.
Coding Standards
✅ Import-Module placement in SecurityClasses.psm1 (between the header comment block and the first class definition) follows the module structure convention from the PowerShell instructions. The CIHelpers.psm1 import path uses the Join-Path $PSScriptRoot pattern correctly.
Code Quality Findings
Both ToHashtable() and Get-ComplianceReportData now call Get-StandardTimestamp at serialization time, discarding the $this.Timestamp value that was set at object-construction time (scan start). The ComplianceReport class still stores a [datetime]$Timestamp property that is never used in the JSON output path after this change. See inline comments for a concrete remediation.
💡 Loosened test assertion (SecurityClasses.Tests.ps1)
The regex change from \d{3} to \d+ is technically correct for Get-StandardTimestamp's full-precision output, but overly permissive. A bounded quantifier like \d{3,7} better documents the expected range. See inline comment.
Suggested Action Items
- In
SecurityClasses.psm1constructors, stamp with UTC at construction ((Get-Date).ToUniversalTime()) and format$this.TimestampinToHashtable()— or rename the output key to make the serialization-time semantics explicit. - Apply the same pattern to the
ScanTimestampfield inTest-DependencyPinning.ps1to keep both call sites consistent with the object's own timestamp. - Tighten the test regex to
\d{3,7}for a more intentional assertion.
- SecurityClasses.psm1: use stored $this.Timestamp for ToHashtable()
instead of Get-StandardTimestamp to preserve scan-start time. Remove
now-unnecessary CIHelpers import.
- Test-DependencyPinning.ps1: use stored $report.Timestamp for
ScanTimestamp metadata instead of generating a new timestamp.
- SecurityClasses.Tests.ps1: tighten regex from \d+ to \d{3,7} for
fractional second validation.
2 participants
Pull Request
Description
Standardized timestamps in
Test-DependencyPinning.ps1andSecurityClasses.psm1:SecurityClasses.psm1: Replaced the fake UTC format$this.Timestamp.ToString('yyyy-MM-ddTHH:mm:ss.fffZ')inComplianceReport.ToHashtable()withGet-StandardTimestampfor genuine UTC timestamps. AddedCIHelpers.psm1import since the module had no previous import.Test-DependencyPinning.ps1: Replaced$report.Timestamp.ToString('yyyy-MM-ddTHH:mm:ss.fffZ')in the metadataScanTimestampfield withGet-StandardTimestamp.CIHelpers.psm1was already imported at line 122.Updated the Pester test assertion for
ToHashtabletimestamp format to accept full-precision ISO 8601 output (\d+instead of\d{3}for fractional seconds).Related Issue(s)
Fixes #998
Type of Change
Select all that apply:
Code & Documentation:
Infrastructure & Configuration:
AI Artifacts:
prompt-builderagent and addressed all feedback.github/instructions/*.instructions.md).github/prompts/*.prompt.md).github/agents/*.agent.md).github/skills/*/SKILL.md)Other:
.ps1,.sh,.py)Testing
Get-StandardTimestampinSecurityClasses.psm1ToHashtable().ScanTimestampreplaced withGet-StandardTimestampinTest-DependencyPinning.ps1.\d{3}Zto\d+Zfor full-precision matching.npm run lint:pspassed.npm run test:pspassed (41 SecurityClasses tests, 118 Test-DependencyPinning tests).Checklist
Required Checks
Required Automated Checks
The following validation commands must pass before merging:
npm run lint:mdnpm run spell-checknpm run lint:frontmatternpm run validate:skillsnpm run lint:md-linksnpm run lint:psnpm run plugin:generateSecurity Considerations
Additional Notes
The
ComplianceReportclassTimestampproperty remains typed[datetime]for backward compatibility — theGet-StandardTimestampcall is used only in theToHashtable()serialization method and the metadata hashtable, which are the JSON output paths. The markdown report display format (yyyy-MM-dd HH:mm:ss) was left unchanged as it serves a different human-readable purpose.This is part of the timestamp standardization series (issues #994-#1002). The prerequisite
Get-StandardTimestampfunction was merged in #993.