up

src/Scanner/__Tests/StellaOps.Scanner.Analyzers.OS.Pkgutil.Tests/Fixtures/var/db/receipts/com.apple.pkg.Safari.plist

@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PackageIdentifier</key>
+	<string>com.apple.pkg.Safari</string>
+	<key>PackageVersion</key>
+	<string>17.1</string>
+	<key>InstallDate</key>
+	<date>2024-01-15T12:00:00Z</date>
+	<key>InstallPrefixPath</key>
+	<string>/</string>
+	<key>VolumePath</key>
+	<string>/</string>
+	<key>InstallProcessName</key>
+	<string>installer</string>
+</dict>
+</plist>

src/Scanner/__Tests/StellaOps.Scanner.Analyzers.OS.Pkgutil.Tests/Fixtures/var/db/receipts/com.example.app.plist

@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PackageIdentifier</key>
+	<string>com.example.app</string>
+	<key>PackageVersion</key>
+	<string>2.5.0</string>
+	<key>VolumePath</key>
+	<string>/</string>
+	<key>InstallProcessName</key>
+	<string>installer</string>
+</dict>
+</plist>

src/Scanner/__Tests/StellaOps.Scanner.Analyzers.OS.Pkgutil.Tests/PkgutilPackageAnalyzerTests.cs

@@ -0,0 +1,171 @@
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Logging.Abstractions;
+using StellaOps.Scanner.Analyzers.OS.Pkgutil;
+using Xunit;
+
+namespace StellaOps.Scanner.Analyzers.OS.Pkgutil.Tests;
+
+public sealed class PkgutilPackageAnalyzerTests
+{
+    private static readonly string FixturesRoot = Path.Combine(
+        AppContext.BaseDirectory,
+        "Fixtures");
+
+    private readonly PkgutilPackageAnalyzer _analyzer;
+    private readonly ILogger _logger;
+
+    public PkgutilPackageAnalyzerTests()
+    {
+        _logger = NullLoggerFactory.Instance.CreateLogger<PkgutilPackageAnalyzer>();
+        _analyzer = new PkgutilPackageAnalyzer((ILogger<PkgutilPackageAnalyzer>)_logger);
+    }
+
+    private OSPackageAnalyzerContext CreateContext(string rootPath)
+    {
+        return new OSPackageAnalyzerContext(
+            rootPath,
+            workspacePath: null,
+            TimeProvider.System,
+            _logger);
+    }
+
+    [Fact]
+    public void AnalyzerId_ReturnsPkgutil()
+    {
+        Assert.Equal("pkgutil", _analyzer.AnalyzerId);
+    }
+
+    [Fact]
+    public async Task AnalyzeAsync_WithValidReceipts_ReturnsPackages()
+    {
+        // Arrange
+        var context = CreateContext(FixturesRoot);
+
+        // Act
+        var result = await _analyzer.AnalyzeAsync(context, CancellationToken.None);
+
+        // Assert
+        Assert.NotNull(result);
+        Assert.Equal("pkgutil", result.AnalyzerId);
+        Assert.True(result.Packages.Count > 0, "Expected at least one package");
+    }
+
+    [Fact]
+    public async Task AnalyzeAsync_FindsSafariPackage()
+    {
+        // Arrange
+        var context = CreateContext(FixturesRoot);
+
+        // Act
+        var result = await _analyzer.AnalyzeAsync(context, CancellationToken.None);
+
+        // Assert
+        var safari = result.Packages.FirstOrDefault(p => p.Name == "Safari");
+        Assert.NotNull(safari);
+        Assert.Equal("17.1", safari.Version);
+        Assert.Contains("pkg:generic/apple/com.apple.pkg.Safari@17.1", safari.PackageUrl);
+    }
+
+    [Fact]
+    public async Task AnalyzeAsync_ExtractsVendorFromIdentifier()
+    {
+        // Arrange
+        var context = CreateContext(FixturesRoot);
+
+        // Act
+        var result = await _analyzer.AnalyzeAsync(context, CancellationToken.None);
+
+        // Assert
+        var safari = result.Packages.FirstOrDefault(p => p.Name == "Safari");
+        Assert.NotNull(safari);
+        Assert.Equal("apple", safari.SourcePackage);
+    }
+
+    [Fact]
+    public async Task AnalyzeAsync_SetsEvidenceSourceToPkgutilReceipt()
+    {
+        // Arrange
+        var context = CreateContext(FixturesRoot);
+
+        // Act
+        var result = await _analyzer.AnalyzeAsync(context, CancellationToken.None);
+
+        // Assert
+        foreach (var package in result.Packages)
+        {
+            Assert.Equal(PackageEvidenceSource.PkgutilReceipt, package.EvidenceSource);
+        }
+    }
+
+    [Fact]
+    public async Task AnalyzeAsync_ExtractsVendorMetadata()
+    {
+        // Arrange
+        var context = CreateContext(FixturesRoot);
+
+        // Act
+        var result = await _analyzer.AnalyzeAsync(context, CancellationToken.None);
+
+        // Assert
+        var safari = result.Packages.FirstOrDefault(p => p.Name == "Safari");
+        Assert.NotNull(safari);
+        Assert.Equal("com.apple.pkg.Safari", safari.VendorMetadata["pkgutil:identifier"]);
+        Assert.Equal("/", safari.VendorMetadata["pkgutil:volume"]);
+    }
+
+    [Fact]
+    public async Task AnalyzeAsync_ResultsAreDeterministicallySorted()
+    {
+        // Arrange
+        var context = CreateContext(FixturesRoot);
+
+        // Act
+        var result1 = await _analyzer.AnalyzeAsync(context, CancellationToken.None);
+        var result2 = await _analyzer.AnalyzeAsync(context, CancellationToken.None);
+
+        // Assert
+        Assert.Equal(result1.Packages.Count, result2.Packages.Count);
+        for (int i = 0; i < result1.Packages.Count; i++)
+        {
+            Assert.Equal(result1.Packages[i].PackageUrl, result2.Packages[i].PackageUrl);
+        }
+    }
+
+    [Fact]
+    public async Task AnalyzeAsync_NoReceiptsDirectory_ReturnsEmptyPackages()
+    {
+        // Arrange - use temp directory without receipts
+        var tempPath = Path.Combine(Path.GetTempPath(), Guid.NewGuid().ToString());
+        Directory.CreateDirectory(tempPath);
+
+        try
+        {
+            var context = CreateContext(tempPath);
+
+            // Act
+            var result = await _analyzer.AnalyzeAsync(context, CancellationToken.None);
+
+            // Assert
+            Assert.Empty(result.Packages);
+        }
+        finally
+        {
+            Directory.Delete(tempPath, recursive: true);
+        }
+    }
+
+    [Fact]
+    public async Task AnalyzeAsync_PopulatesTelemetry()
+    {
+        // Arrange
+        var context = CreateContext(FixturesRoot);
+
+        // Act
+        var result = await _analyzer.AnalyzeAsync(context, CancellationToken.None);
+
+        // Assert
+        Assert.NotNull(result.Telemetry);
+        Assert.True(result.Telemetry.PackageCount > 0);
+        Assert.True(result.Telemetry.Duration > TimeSpan.Zero);
+    }
+}

src/Scanner/__Tests/StellaOps.Scanner.Analyzers.OS.Pkgutil.Tests/StellaOps.Scanner.Analyzers.OS.Pkgutil.Tests.csproj

@@ -0,0 +1,27 @@
+<?xml version='1.0' encoding='utf-8'?>
+<Project Sdk="Microsoft.NET.Sdk">
+  <PropertyGroup>
+    <TargetFramework>net10.0</TargetFramework>
+    <LangVersion>preview</LangVersion>
+    <Nullable>enable</Nullable>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
+    <UseConcelierTestInfra>false</UseConcelierTestInfra>
+  </PropertyGroup>
+  <ItemGroup>
+    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="10.0.0-rc.2.25502.107" />
+  </ItemGroup>
+  <ItemGroup>
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.14.0" />
+    <PackageReference Include="xunit" Version="2.9.2" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="2.8.2" />
+    <PackageReference Include="coverlet.collector" Version="6.0.4" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="../../__Libraries/StellaOps.Scanner.Analyzers.OS/StellaOps.Scanner.Analyzers.OS.csproj" />
+    <ProjectReference Include="../../__Libraries/StellaOps.Scanner.Analyzers.OS.Pkgutil/StellaOps.Scanner.Analyzers.OS.Pkgutil.csproj" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="Fixtures\**\*" CopyToOutputDirectory="PreserveNewest" />
+  </ItemGroup>
+</Project>