stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

feat: Implement BerkeleyDB reader for RPM databases
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Details
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
Details
console-runner-image / build-runner-image (push) Has been cancelled
Details
wine-csp-build / Build Wine CSP Image (push) Has been cancelled
Details
wine-csp-build / Integration Tests (push) Has been cancelled
Details
wine-csp-build / Security Scan (push) Has been cancelled
Details
wine-csp-build / Generate SBOM (push) Has been cancelled
Details
wine-csp-build / Publish Image (push) Has been cancelled
Details
wine-csp-build / Air-Gap Bundle (push) Has been cancelled
Details
wine-csp-build / Test Summary (push) Has been cancelled
Details

Browse Source 
- Added BerkeleyDbReader class to read and extract RPM header blobs from BerkeleyDB hash databases.
- Implemented methods to detect BerkeleyDB format and extract values, including handling of page sizes and magic numbers.
- Added tests for BerkeleyDbReader to ensure correct functionality and header extraction.

feat: Add Yarn PnP data tests

- Created YarnPnpDataTests to validate package resolution and data loading from Yarn PnP cache.
- Implemented tests for resolved keys, package presence, and loading from cache structure.

test: Add egg-info package fixtures for Python tests

- Created egg-info package fixtures for testing Python analyzers.
- Included PKG-INFO, entry_points.txt, and installed-files.txt for comprehensive coverage.

test: Enhance RPM database reader tests

- Added tests for RpmDatabaseReader to validate fallback to legacy packages when SQLite is missing.
- Implemented helper methods to create legacy package files and RPM headers for testing.

test: Implement dual signing tests

- Added DualSignTests to validate secondary signature addition when configured.
- Created stub implementations for crypto providers and key resolvers to facilitate testing.

chore: Update CI script for Playwright Chromium installation

- Modified ci-console-exports.sh to ensure deterministic Chromium binary installation for console exports tests.
- Added checks for Windows compatibility and environment variable setups for Playwright browsers.
This commit is contained in:
StellaOps Bot
2025-12-07 16:24:45 +02:00
parent e3f28a21ab
commit 11597679ed
199 changed files with 9809 additions and 4404 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/Concelier/__Tests/StellaOps.Concelier.Connector.Nvd.Tests/Nvd/NvdConflictFixtureTests.cs
View File

@@ -1,7 +1,7 @@
using System.Text.Json;
using StellaOps.Concelier.Models;
using StellaOps.Concelier.Connector.Nvd.Internal;
using StellaOps.Concelier.Storage.Mongo.Documents;
using StellaOps.Concelier.Storage.Mongo;
namespace StellaOps.Concelier.Connector.Nvd.Tests;

2
src/Concelier/__Tests/StellaOps.Concelier.Connector.Nvd.Tests/Nvd/NvdConnectorHarnessTests.cs
View File

@@ -10,7 +10,7 @@ using StellaOps.Concelier.Connector.Nvd;
using StellaOps.Concelier.Connector.Nvd.Configuration;
using StellaOps.Concelier.Storage.Mongo;
using StellaOps.Concelier.Storage.Mongo.Advisories;
using StellaOps.Concelier.Storage.Mongo.Documents;
using StellaOps.Concelier.Storage.Mongo;
using StellaOps.Concelier.Testing;
using StellaOps.Concelier.Testing;
using System.Net;

54
src/Concelier/__Tests/StellaOps.Concelier.Connector.Nvd.Tests/Nvd/NvdConnectorTests.cs
View File

@@ -22,8 +22,8 @@ using StellaOps.Concelier.Connector.Nvd.Configuration;
using StellaOps.Concelier.Connector.Nvd.Internal;
using StellaOps.Concelier.Storage.Mongo;
using StellaOps.Concelier.Storage.Mongo.Advisories;
using StellaOps.Concelier.Storage.Mongo.Documents;
using StellaOps.Concelier.Storage.Mongo.Dtos;
using StellaOps.Concelier.Storage.Mongo;
using StellaOps.Concelier.Storage.Mongo;
using StellaOps.Concelier.Storage.Mongo.ChangeHistory;
using StellaOps.Concelier.Testing;
@@ -79,31 +79,31 @@ public sealed class NvdConnectorTests : IAsyncLifetime
var cve1 = advisories.Single(advisory => advisory.AdvisoryKey == "CVE-2024-0001");
var package1 = Assert.Single(cve1.AffectedPackages);
var range1 = Assert.Single(package1.VersionRanges);
Assert.Equal("cpe", range1.RangeKind);
Assert.Equal("1.0", range1.IntroducedVersion);
Assert.Null(range1.FixedVersion);
Assert.Equal("1.0", range1.LastAffectedVersion);
Assert.Equal("==1.0", range1.RangeExpression);
Assert.NotNull(range1.Primitives);
Assert.Equal("1.0", range1.Primitives!.VendorExtensions!["version"]);
Assert.Contains(cve1.References, reference => reference.Kind == "weakness" && reference.SourceTag == "CWE-79");
var cvss1 = Assert.Single(cve1.CvssMetrics);
Assert.Equal("CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", cvss1.Provenance.Value);
var cve2 = advisories.Single(advisory => advisory.AdvisoryKey == "CVE-2024-0002");
var package2 = Assert.Single(cve2.AffectedPackages);
var range2 = Assert.Single(package2.VersionRanges);
Assert.Equal("cpe", range2.RangeKind);
Assert.Equal("2.0", range2.IntroducedVersion);
Assert.Null(range2.FixedVersion);
Assert.Equal("2.0", range2.LastAffectedVersion);
Assert.Equal("==2.0", range2.RangeExpression);
Assert.NotNull(range2.Primitives);
Assert.Equal("2.0", range2.Primitives!.VendorExtensions!["version"]);
Assert.Contains(cve2.References, reference => reference.Kind == "weakness" && reference.SourceTag == "CWE-89");
var cvss2 = Assert.Single(cve2.CvssMetrics);
Assert.Equal("CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", cvss2.Provenance.Value);
var range1 = Assert.Single(package1.VersionRanges);
Assert.Equal("cpe", range1.RangeKind);
Assert.Equal("1.0", range1.IntroducedVersion);
Assert.Null(range1.FixedVersion);
Assert.Equal("1.0", range1.LastAffectedVersion);
Assert.Equal("==1.0", range1.RangeExpression);
Assert.NotNull(range1.Primitives);
Assert.Equal("1.0", range1.Primitives!.VendorExtensions!["version"]);
Assert.Contains(cve1.References, reference => reference.Kind == "weakness" && reference.SourceTag == "CWE-79");
var cvss1 = Assert.Single(cve1.CvssMetrics);
Assert.Equal("CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", cvss1.Provenance.Value);
var cve2 = advisories.Single(advisory => advisory.AdvisoryKey == "CVE-2024-0002");
var package2 = Assert.Single(cve2.AffectedPackages);
var range2 = Assert.Single(package2.VersionRanges);
Assert.Equal("cpe", range2.RangeKind);
Assert.Equal("2.0", range2.IntroducedVersion);
Assert.Null(range2.FixedVersion);
Assert.Equal("2.0", range2.LastAffectedVersion);
Assert.Equal("==2.0", range2.RangeExpression);
Assert.NotNull(range2.Primitives);
Assert.Equal("2.0", range2.Primitives!.VendorExtensions!["version"]);
Assert.Contains(cve2.References, reference => reference.Kind == "weakness" && reference.SourceTag == "CWE-89");
var cvss2 = Assert.Single(cve2.CvssMetrics);
Assert.Equal("CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", cvss2.Provenance.Value);
var stateRepository = provider.GetRequiredService<ISourceStateRepository>();
var state = await stateRepository.TryGetAsync(NvdConnectorPlugin.SourceName, CancellationToken.None);