doctor enhancements, setup, enhancements, ui functionality and design consolidation and , test projects fixes , product advisory attestation/rekor and delta verfications enhancements

2026-01-19 09:02:59 +02:00
parent 8c4bf54aed
commit 17419ba7c4
809 changed files with 170738 additions and 12244 deletions
--- a/examples/policies/opa/epss-threshold_test.rego
+++ b/examples/policies/opa/epss-threshold_test.rego
@@ -0,0 +1,93 @@
+# -----------------------------------------------------------------------------
+# epss-threshold_test.rego
+# Tests for EPSS threshold policy
+# -----------------------------------------------------------------------------
+
+package stellaops.gates.epss
+
+import future.keywords.if
+
+# Test allow - all CVEs below threshold
+test_allow_below_threshold if {
+    allow with input as {
+        "cve_findings": [
+            {"cve_id": "CVE-2024-0001", "epss_score": 0.3},
+            {"cve_id": "CVE-2024-0002", "epss_score": 0.5}
+        ],
+        "config": {"epss_threshold": 0.6}
+    }
+}
+
+# Test deny - CVE above threshold
+test_deny_above_threshold if {
+    not allow with input as {
+        "cve_findings": [
+            {"cve_id": "CVE-2024-0001", "epss_score": 0.3},
+            {"cve_id": "CVE-2024-0002", "epss_score": 0.7}
+        ],
+        "config": {"epss_threshold": 0.6}
+    }
+}
+
+# Test allow - empty findings
+test_allow_empty_findings if {
+    allow with input as {
+        "cve_findings": [],
+        "config": {"epss_threshold": 0.6}
+    }
+}
+
+# Test environment override
+test_environment_override if {
+    not allow with input as {
+        "cve_findings": [
+            {"cve_id": "CVE-2024-0001", "epss_score": 0.4}
+        ],
+        "environment": "production",
+        "config": {
+            "epss_threshold": 0.6,
+            "environments": {
+                "production": {"epss_threshold": 0.3}
+            }
+        }
+    }
+}
+
+# Test only_reachable filter
+test_only_reachable_filters_unreachable if {
+    allow with input as {
+        "cve_findings": [
+            {"cve_id": "CVE-2024-0001", "epss_score": 0.8, "is_reachable": false},
+            {"cve_id": "CVE-2024-0002", "epss_score": 0.3, "is_reachable": true}
+        ],
+        "config": {"epss_threshold": 0.6, "only_reachable": true}
+    }
+}
+
+# Test denial message content
+test_deny_message_content if {
+    msg := deny[_] with input as {
+        "cve_findings": [
+            {"cve_id": "CVE-2024-1234", "epss_score": 0.72}
+        ],
+        "config": {"epss_threshold": 0.6}
+    }
+    contains(msg, "CVE-2024-1234")
+    contains(msg, "0.72")
+}
+
+# Test summary output
+test_summary_structure if {
+    s := summary with input as {
+        "cve_findings": [
+            {"cve_id": "CVE-2024-0001", "epss_score": 0.3},
+            {"cve_id": "CVE-2024-0002", "epss_score": 0.7}
+        ],
+        "environment": "staging",
+        "config": {"epss_threshold": 0.6}
+    }
+    s.total_cves == 2
+    s.exceeding_count == 1
+    s.threshold == 0.6
+    s.environment == "staging"
+}