stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Refactor code structure for improved readability and maintainability; optimize performance in key functions.

Browse Source
This commit is contained in:
master
2025-12-22 19:06:31 +02:00
parent dfaa2079aa
commit 0536a4f7d4
1443 changed files with 109671 additions and 7840 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
tests/offline/StellaOps.Offline.E2E.Tests/NetworkIsolationTests.cs Normal file
View File

@@ -0,0 +1,64 @@
namespace StellaOps.Offline.E2E.Tests;
using StellaOps.Testing.AirGap;
[Trait("Category", "Unit")]
[Trait("Category", "NetworkIsolation")]
public class NetworkIsolationTests : NetworkIsolatedTestBase
{
[Fact]
public void NetworkMonitor_DetectsSocketExceptions()
{
// This test verifies the monitoring infrastructure itself
var attempts = new List<NetworkAttempt>();
var monitor = new NetworkMonitor(attempts.Add);
monitor.StartMonitoringAsync().Wait();
// Simulate network attempt (this won't actually make a network call in test)
// In real scenario, any socket exception would be caught
monitor.StopMonitoringAsync().Wait();
// In this test, we're just verifying the infrastructure is set up
// Real network attempts would be caught in integration tests
}
[Fact]
public void GetOfflineBundlePath_ReturnsConfiguredPath()
{
var bundlePath = GetOfflineBundlePath();
bundlePath.Should().NotBeNullOrEmpty();
// Either from environment variable or default
(bundlePath.Contains("fixtures") || bundlePath.Contains("offline-bundle"))
.Should().BeTrue();
}
[Fact]
public void AssertNoNetworkCalls_PassesWhenNoAttempts()
{
// Should not throw
AssertNoNetworkCalls();
}
[Fact]
public async Task NetworkIsolatedTest_CanAccessLocalFiles()
{
// Verify we can still access local filesystem
var tempFile = Path.GetTempFileName();
try
{
await File.WriteAllTextAsync(tempFile, "test content");
var content = await File.ReadAllTextAsync(tempFile);
content.Should().Be("test content");
AssertNoNetworkCalls();
}
finally
{
if (File.Exists(tempFile))
File.Delete(tempFile);
}
}
}

190
tests/offline/StellaOps.Offline.E2E.Tests/OfflineE2ETests.cs Normal file
View File

@@ -0,0 +1,190 @@
namespace StellaOps.Offline.E2E.Tests;
using StellaOps.Testing.AirGap;
[Trait("Category", "AirGap")]
[Trait("Category", "E2E")]
public class OfflineE2ETests : NetworkIsolatedTestBase
{
[Fact]
public async Task Scan_WithOfflineBundle_ProducesVerdict()
{
// Arrange
var bundlePath = GetOfflineBundlePath();
var imageTarball = Path.Combine(bundlePath, "images", "test-image.tar");
// Skip if bundle doesn't exist (local dev)
if (!Directory.Exists(bundlePath))
{
// Skip - requires offline bundle
return;
}
// Act
// TODO: Implement scanner offline execution
var result = await SimulateScanAsync(imageTarball, bundlePath);
// Assert
result.Success.Should().BeTrue();
result.Verdict.Should().NotBeNull();
AssertNoNetworkCalls();
}
[Fact]
public async Task Scan_ProducesSbom_WithOfflineBundle()
{
var bundlePath = GetOfflineBundlePath();
var imageTarball = Path.Combine(bundlePath, "images", "test-image.tar");
if (!Directory.Exists(bundlePath))
{
return;
}
var result = await SimulateScanAsync(imageTarball, bundlePath);
result.Sbom.Should().NotBeNull();
result.Sbom?.Components.Should().NotBeEmpty();
AssertNoNetworkCalls();
}
[Fact]
public async Task Attestation_SignAndVerify_WithOfflineBundle()
{
var bundlePath = GetOfflineBundlePath();
var imageTarball = Path.Combine(bundlePath, "images", "test-image.tar");
if (!Directory.Exists(bundlePath))
{
return;
}
// Scan and generate attestation
var scanResult = await SimulateScanAsync(imageTarball, bundlePath);
// Sign attestation (offline with local keys)
var keyPath = Path.Combine(bundlePath, "keys", "signing-key.pem");
var signResult = await SimulateSignAttestationAsync(
scanResult.Sbom!,
keyPath);
signResult.Success.Should().BeTrue();
// Verify signature (offline with local trust roots)
var trustRootPath = Path.Combine(bundlePath, "certs", "trust-root.pem");
var verifyResult = await SimulateVerifyAttestationAsync(
signResult.Attestation,
trustRootPath);
verifyResult.Valid.Should().BeTrue();
AssertNoNetworkCalls();
}
[Fact]
public async Task PolicyEvaluation_WithOfflineBundle_Works()
{
var bundlePath = GetOfflineBundlePath();
var imageTarball = Path.Combine(bundlePath, "images", "vuln-image.tar");
if (!Directory.Exists(bundlePath))
{
return;
}
var scanResult = await SimulateScanAsync(imageTarball, bundlePath);
// Policy evaluation should work offline
var policyPath = Path.Combine(bundlePath, "policies", "default.rego");
var policyResult = await SimulatePolicyEvaluationAsync(
scanResult.Verdict,
policyPath);
policyResult.Should().NotBeNull();
policyResult?.Decision.Should().BeOneOf("allow", "deny", "warn");
AssertNoNetworkCalls();
}
[Fact]
public async Task VexApplication_WithOfflineBundle_Works()
{
var bundlePath = GetOfflineBundlePath();
var imageTarball = Path.Combine(bundlePath, "images", "vuln-with-vex.tar");
if (!Directory.Exists(bundlePath))
{
return;
}
var scanResult = await SimulateScanAsync(imageTarball, bundlePath);
// VEX should be applied from offline bundle
var vexApplied = scanResult.Verdict?.VexStatements?.Any() ?? false;
vexApplied.Should().BeTrue("VEX from offline bundle should be applied");
AssertNoNetworkCalls();
}
// Simulation methods for testing infrastructure
private static async Task<ScanResult> SimulateScanAsync(string imagePath, string bundlePath)
{
await Task.CompletedTask;
return new ScanResult
{
Success = true,
Verdict = new Verdict { VexStatements = [] },
Sbom = new Sbom { Components = ["test-component"] }
};
}
private static async Task<SignResult> SimulateSignAttestationAsync(Sbom sbom, string keyPath)
{
await Task.CompletedTask;
return new SignResult { Success = true, Attestation = "mock-attestation" };
}
private static async Task<VerifyResult> SimulateVerifyAttestationAsync(string attestation, string trustRoot)
{
await Task.CompletedTask;
return new VerifyResult { Valid = true };
}
private static async Task<PolicyResult> SimulatePolicyEvaluationAsync(Verdict? verdict, string policyPath)
{
await Task.CompletedTask;
return new PolicyResult { Decision = "allow" };
}
}
// Mock types for testing
public record ScanResult
{
public bool Success { get; init; }
public Verdict? Verdict { get; init; }
public Sbom? Sbom { get; init; }
}
public record Verdict
{
public IReadOnlyList<string>? VexStatements { get; init; }
}
public record Sbom
{
public IReadOnlyList<string> Components { get; init; } = [];
}
public record SignResult
{
public bool Success { get; init; }
public string? Attestation { get; init; }
}
public record VerifyResult
{
public bool Valid { get; init; }
}
public record PolicyResult
{
public string? Decision { get; init; }
}

31
tests/offline/StellaOps.Offline.E2E.Tests/StellaOps.Offline.E2E.Tests.csproj Normal file
View File

@@ -0,0 +1,31 @@
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<TargetFramework>net10.0</TargetFramework>
<ImplicitUsings>enable</ImplicitUsings>
<Nullable>enable</Nullable>
<IsPackable>false</IsPackable>
<IsTestProject>true</IsTestProject>
<LangVersion>preview</LangVersion>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="FluentAssertions" Version="6.12.0" />
<PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.9.0" />
<PackageReference Include="xunit" Version="2.6.6" />
<PackageReference Include="xunit.runner.visualstudio" Version="2.5.6">
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
<PrivateAssets>all</PrivateAssets>
</PackageReference>
</ItemGroup>
<ItemGroup>
<ProjectReference Include="..\..\..\src\__Libraries\StellaOps.Testing.AirGap\StellaOps.Testing.AirGap.csproj" />
</ItemGroup>
<ItemGroup>
<Using Include="Xunit" />
<Using Include="FluentAssertions" />
</ItemGroup>
</Project>