stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

5100* tests strengthtenen work

Browse Source
This commit is contained in:
StellaOps Bot
2025-12-24 12:38:34 +02:00
parent 9a08d10b89
commit 02772c7a27
117 changed files with 29941 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

242
tests/parity/StellaOps.Parity.Tests/ParityTestFixtureSet.cs Normal file
View File

@@ -0,0 +1,242 @@
// -----------------------------------------------------------------------------
// ParityTestFixtureSet.cs
// Sprint: SPRINT_5100_0008_0001_competitor_parity
// Task: PARITY-5100-002 - Define parity test fixture set
// Description: Container image fixtures for parity testing against competitors
// -----------------------------------------------------------------------------
namespace StellaOps.Parity.Tests;
/// <summary>
/// Defines the standard fixture set for competitor parity testing.
/// Each fixture represents a container image with known vulnerabilities
/// that is used to compare StellaOps against Syft, Grype, and Trivy.
/// </summary>
public static class ParityTestFixtureSet
{
/// <summary>
/// Gets the list of container image fixtures for parity testing.
/// These images are chosen to cover:
/// - Different base OS distributions (Alpine, Debian, RHEL, Ubuntu)
/// - Different package managers (apk, apt, rpm, npm, pip, maven)
/// - Known vulnerabilities for validation
/// - Multi-language applications
/// </summary>
public static IReadOnlyList<ParityImageFixture> Fixtures { get; } =
[
// Alpine-based images
new ParityImageFixture
{
Name = "alpine-base",
Image = "alpine:3.19.0",
Description = "Alpine Linux base image with minimal packages",
PackageManagers = ["apk"],
ExpectedMinPackages = 10,
Category = ImageCategory.BaseOS
},
new ParityImageFixture
{
Name = "alpine-python",
Image = "python:3.12-alpine",
Description = "Python on Alpine with pip packages",
PackageManagers = ["apk", "pip"],
ExpectedMinPackages = 50,
Category = ImageCategory.LanguageRuntime
},
// Debian-based images
new ParityImageFixture
{
Name = "debian-base",
Image = "debian:bookworm-slim",
Description = "Debian bookworm slim base image",
PackageManagers = ["apt"],
ExpectedMinPackages = 50,
Category = ImageCategory.BaseOS
},
new ParityImageFixture
{
Name = "node-debian",
Image = "node:20-bookworm-slim",
Description = "Node.js on Debian with npm packages",
PackageManagers = ["apt", "npm"],
ExpectedMinPackages = 100,
Category = ImageCategory.LanguageRuntime
},
// Ubuntu-based images
new ParityImageFixture
{
Name = "ubuntu-base",
Image = "ubuntu:22.04",
Description = "Ubuntu 22.04 LTS base image",
PackageManagers = ["apt"],
ExpectedMinPackages = 80,
Category = ImageCategory.BaseOS
},
// RHEL/CentOS-based images
new ParityImageFixture
{
Name = "rhel-base",
Image = "rockylinux:9-minimal",
Description = "Rocky Linux 9 minimal (RHEL compatible)",
PackageManagers = ["rpm"],
ExpectedMinPackages = 30,
Category = ImageCategory.BaseOS
},
// Multi-language application images
new ParityImageFixture
{
Name = "go-app",
Image = "golang:1.22-bookworm",
Description = "Go application with standard library",
PackageManagers = ["apt", "go"],
ExpectedMinPackages = 150,
Category = ImageCategory.LanguageRuntime
},
new ParityImageFixture
{
Name = "java-app",
Image = "eclipse-temurin:21-jdk-jammy",
Description = "Java 21 with Maven dependencies",
PackageManagers = ["apt", "maven"],
ExpectedMinPackages = 100,
Category = ImageCategory.LanguageRuntime
},
new ParityImageFixture
{
Name = "rust-app",
Image = "rust:1.75-bookworm",
Description = "Rust with cargo dependencies",
PackageManagers = ["apt", "cargo"],
ExpectedMinPackages = 100,
Category = ImageCategory.LanguageRuntime
},
new ParityImageFixture
{
Name = "dotnet-app",
Image = "mcr.microsoft.com/dotnet/aspnet:8.0-bookworm-slim",
Description = ".NET 8 ASP.NET runtime",
PackageManagers = ["apt", "nuget"],
ExpectedMinPackages = 80,
Category = ImageCategory.LanguageRuntime
},
// Images with known CVEs (for vulnerability comparison)
new ParityImageFixture
{
Name = "vuln-nginx",
Image = "nginx:1.24",
Description = "nginx with known vulnerabilities",
PackageManagers = ["apt"],
ExpectedMinPackages = 100,
Category = ImageCategory.KnownVulnerable,
ExpectedMinCVEs = 5
},
new ParityImageFixture
{
Name = "vuln-postgres",
Image = "postgres:14",
Description = "PostgreSQL with known vulnerabilities",
PackageManagers = ["apt"],
ExpectedMinPackages = 100,
Category = ImageCategory.KnownVulnerable,
ExpectedMinCVEs = 3
},
// Complex multi-layer images
new ParityImageFixture
{
Name = "complex-wordpress",
Image = "wordpress:6.4-php8.2-apache",
Description = "WordPress with PHP and Apache (complex layers)",
PackageManagers = ["apt", "composer"],
ExpectedMinPackages = 200,
Category = ImageCategory.ComplexApp
},
new ParityImageFixture
{
Name = "complex-redis",
Image = "redis:7.2-bookworm",
Description = "Redis server with multiple dependencies",
PackageManagers = ["apt"],
ExpectedMinPackages = 50,
Category = ImageCategory.ComplexApp
}
];
/// <summary>
/// Gets fixtures filtered by category.
/// </summary>
public static IEnumerable<ParityImageFixture> GetByCategory(ImageCategory category)
=> Fixtures.Where(f => f.Category == category);
/// <summary>
/// Gets fixtures that have expected CVEs (for vulnerability comparison).
/// </summary>
public static IEnumerable<ParityImageFixture> GetVulnerableFixtures()
=> Fixtures.Where(f => f.ExpectedMinCVEs > 0);
}
/// <summary>
/// Represents a container image fixture for parity testing.
/// </summary>
public sealed class ParityImageFixture
{
/// <summary>
/// Unique name for this fixture.
/// </summary>
public required string Name { get; init; }
/// <summary>
/// Docker image reference (e.g., "alpine:3.19.0").
/// </summary>
public required string Image { get; init; }
/// <summary>
/// Human-readable description of the fixture.
/// </summary>
public required string Description { get; init; }
/// <summary>
/// Package managers expected in this image.
/// </summary>
public required string[] PackageManagers { get; init; }
/// <summary>
/// Minimum expected package count (for validation).
/// </summary>
public int ExpectedMinPackages { get; init; }
/// <summary>
/// Category of this fixture.
/// </summary>
public ImageCategory Category { get; init; }
/// <summary>
/// Minimum expected CVE count (for vulnerable images).
/// </summary>
public int ExpectedMinCVEs { get; init; }
public override string ToString() => $"{Name} ({Image})";
}
/// <summary>
/// Categories for fixture images.
/// </summary>
public enum ImageCategory
{
/// <summary>Base OS image (Alpine, Debian, Ubuntu, RHEL).</summary>
BaseOS,
/// <summary>Language runtime image (Python, Node, Go, Java, Rust, .NET).</summary>
LanguageRuntime,
/// <summary>Image with known vulnerabilities for CVE comparison.</summary>
KnownVulnerable,
/// <summary>Complex multi-layer application image.</summary>
ComplexApp
}