stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

feat(api): Implement Console Export Client and Models
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
Findings Ledger CI / build-test (push) Has been cancelled
Details
Findings Ledger CI / migration-validation (push) Has been cancelled
Details
Findings Ledger CI / generate-manifest (push) Has been cancelled
Details
mock-dev-release / package-mock-release (push) Has been cancelled
Details

Browse Source 
- Added ConsoleExportClient for managing export requests and responses.
- Introduced ConsoleExportRequest and ConsoleExportResponse models.
- Implemented methods for creating and retrieving exports with appropriate headers.

feat(crypto): Add Software SM2/SM3 Cryptography Provider

- Implemented SmSoftCryptoProvider for software-only SM2/SM3 cryptography.
- Added support for signing and verification using SM2 algorithm.
- Included hashing functionality with SM3 algorithm.
- Configured options for loading keys from files and environment gate checks.

test(crypto): Add unit tests for SmSoftCryptoProvider

- Created comprehensive tests for signing, verifying, and hashing functionalities.
- Ensured correct behavior for key management and error handling.

feat(api): Enhance Console Export Models

- Expanded ConsoleExport models to include detailed status and event types.
- Added support for various export formats and notification options.

test(time): Implement TimeAnchorPolicyService tests

- Developed tests for TimeAnchorPolicyService to validate time anchors.
- Covered scenarios for anchor validation, drift calculation, and policy enforcement.
This commit is contained in:
StellaOps Bot
2025-12-07 00:27:33 +02:00
parent 9bd6a73926
commit 0de92144d2
229 changed files with 32351 additions and 1481 deletions
Download Patch File Download Diff File Expand all files Collapse all files

277
src/Policy/StellaOps.Policy.Registry/Testing/PolicyRegistryTestFixtures.cs Normal file
View File

@@ -0,0 +1,277 @@
using StellaOps.Policy.Registry.Contracts;
using StellaOps.Policy.Registry.Services;
namespace StellaOps.Policy.Registry.Testing;
/// <summary>
/// Test fixtures and data generators for Policy Registry testing.
/// </summary>
public static class PolicyRegistryTestFixtures
{
/// <summary>
/// Creates basic policy rules for testing.
/// </summary>
public static IReadOnlyList<PolicyRule> CreateBasicRules()
{
return
[
new PolicyRule
{
RuleId = "test-rule-001",
Name = "Deny Critical CVEs",
Description = "Blocks any image with critical CVEs",
Severity = Severity.Critical,
Rego = @"
package stellaops.policy.test
default deny = false
deny {
input.vulnerabilities[_].severity == ""critical""
}
",
Enabled = true
},
new PolicyRule
{
RuleId = "test-rule-002",
Name = "Require SBOM",
Description = "Requires valid SBOM for all images",
Severity = Severity.High,
Rego = @"
package stellaops.policy.test
default require_sbom = false
require_sbom {
input.sbom != null
count(input.sbom.packages) > 0
}
",
Enabled = true
},
new PolicyRule
{
RuleId = "test-rule-003",
Name = "Warn on Medium CVEs",
Description = "Warns when medium severity CVEs are present",
Severity = Severity.Medium,
Rego = @"
package stellaops.policy.test
warn[msg] {
vuln := input.vulnerabilities[_]
vuln.severity == ""medium""
msg := sprintf(""Medium CVE found: %s"", [vuln.id])
}
",
Enabled = true
}
];
}
/// <summary>
/// Creates rules with Rego syntax errors for testing compilation failures.
/// </summary>
public static IReadOnlyList<PolicyRule> CreateInvalidRegoRules()
{
return
[
new PolicyRule
{
RuleId = "invalid-rule-001",
Name = "Invalid Syntax",
Description = "Rule with syntax errors",
Severity = Severity.High,
Rego = @"
package stellaops.policy.test
deny {
input.something == ""value
} // missing closing quote
",
Enabled = true
}
];
}
/// <summary>
/// Creates rules without Rego code for testing name-based matching.
/// </summary>
public static IReadOnlyList<PolicyRule> CreateRulesWithoutRego()
{
return
[
new PolicyRule
{
RuleId = "no-rego-001",
Name = "Vulnerability Check",
Description = "Checks for vulnerabilities",
Severity = Severity.High,
Enabled = true
},
new PolicyRule
{
RuleId = "no-rego-002",
Name = "License Compliance",
Description = "Verifies license compliance",
Severity = Severity.Medium,
Enabled = true
}
];
}
/// <summary>
/// Creates test simulation input.
/// </summary>
public static IReadOnlyDictionary<string, object> CreateTestSimulationInput()
{
return new Dictionary<string, object>
{
["subject"] = new Dictionary<string, object>
{
["type"] = "container_image",
["name"] = "myregistry.io/myapp",
["digest"] = "sha256:abc123"
},
["vulnerabilities"] = new[]
{
new Dictionary<string, object>
{
["id"] = "CVE-2024-1234",
["severity"] = "critical",
["package"] = "openssl",
["version"] = "1.1.1"
},
new Dictionary<string, object>
{
["id"] = "CVE-2024-5678",
["severity"] = "medium",
["package"] = "curl",
["version"] = "7.88.0"
}
},
["sbom"] = new Dictionary<string, object>
{
["format"] = "spdx",
["packages"] = new[]
{
new Dictionary<string, object> { ["name"] = "openssl", ["version"] = "1.1.1" },
new Dictionary<string, object> { ["name"] = "curl", ["version"] = "7.88.0" }
}
},
["context"] = new Dictionary<string, object>
{
["environment"] = "production",
["namespace"] = "default"
}
};
}
/// <summary>
/// Creates batch simulation inputs.
/// </summary>
public static IReadOnlyList<BatchSimulationInput> CreateBatchSimulationInputs(int count = 5)
{
var inputs = new List<BatchSimulationInput>();
for (int i = 0; i < count; i++)
{
inputs.Add(new BatchSimulationInput
{
InputId = $"input-{i:D3}",
Input = CreateTestSimulationInput(),
Tags = new Dictionary<string, string>
{
["test_batch"] = "true",
["index"] = i.ToString()
}
});
}
return inputs;
}
/// <summary>
/// Creates a verification policy request.
/// </summary>
public static CreateVerificationPolicyRequest CreateVerificationPolicyRequest(
string? policyId = null)
{
return new CreateVerificationPolicyRequest
{
PolicyId = policyId ?? $"test-policy-{Guid.NewGuid():N}",
Version = "1.0.0",
Description = "Test verification policy",
TenantScope = "*",
PredicateTypes = ["https://slsa.dev/provenance/v1", "https://spdx.dev/Document"],
SignerRequirements = new SignerRequirements
{
MinimumSignatures = 1,
TrustedKeyFingerprints = ["SHA256:test-fingerprint-1", "SHA256:test-fingerprint-2"],
RequireRekor = false
},
ValidityWindow = new ValidityWindow
{
MaxAttestationAge = 86400 // 24 hours
}
};
}
/// <summary>
/// Creates a snapshot request.
/// </summary>
public static CreateSnapshotRequest CreateSnapshotRequest(params Guid[] packIds)
{
return new CreateSnapshotRequest
{
Description = "Test snapshot",
PackIds = packIds.Length > 0 ? packIds.ToList() : [Guid.NewGuid()],
Metadata = new Dictionary<string, object>
{
["created_for_test"] = true
}
};
}
/// <summary>
/// Creates a violation request.
/// </summary>
public static CreateViolationRequest CreateViolationRequest(
string? ruleId = null,
Severity severity = Severity.High)
{
return new CreateViolationRequest
{
RuleId = ruleId ?? "test-rule-001",
Severity = severity,
Message = $"Test violation for rule {ruleId ?? "test-rule-001"}",
Purl = "pkg:npm/lodash@4.17.20",
CveId = "CVE-2024-1234",
Context = new Dictionary<string, object>
{
["environment"] = "test",
["detected_at"] = DateTimeOffset.UtcNow.ToString("O")
}
};
}
/// <summary>
/// Creates an override request.
/// </summary>
public static CreateOverrideRequest CreateOverrideRequest(
string? ruleId = null)
{
return new CreateOverrideRequest
{
RuleId = ruleId ?? "test-rule-001",
Reason = "Test override for false positive",
Scope = new OverrideScope
{
Purl = "pkg:npm/lodash@4.17.20",
Environment = "development"
},
ExpiresAt = DateTimeOffset.UtcNow.AddDays(30)
};
}
}