doctor enhancements, setup, enhancements, ui functionality and design consolidation and , test projects fixes , product advisory attestation/rekor and delta verfications enhancements

2026-01-19 09:02:59 +02:00
parent 8c4bf54aed
commit 17419ba7c4
809 changed files with 170738 additions and 12244 deletions
--- a/examples/policies/opa/kev-blocker_test.rego
+++ b/examples/policies/opa/kev-blocker_test.rego
@@ -0,0 +1,86 @@
+# -----------------------------------------------------------------------------
+# kev-blocker_test.rego
+# Tests for KEV blocker policy
+# -----------------------------------------------------------------------------
+
+package stellaops.gates.kev
+
+import future.keywords.if
+
+# Test allow - no KEV CVEs
+test_allow_no_kev if {
+    allow with input as {
+        "cve_findings": [
+            {"cve_id": "CVE-2024-0001", "is_kev": false},
+            {"cve_id": "CVE-2024-0002", "is_kev": false}
+        ],
+        "config": {}
+    }
+}
+
+# Test deny - KEV CVE present
+test_deny_kev_present if {
+    not allow with input as {
+        "cve_findings": [
+            {"cve_id": "CVE-2024-0001", "is_kev": false},
+            {"cve_id": "CVE-2024-0002", "is_kev": true}
+        ],
+        "config": {}
+    }
+}
+
+# Test allow - empty findings
+test_allow_empty_findings if {
+    allow with input as {
+        "cve_findings": [],
+        "config": {}
+    }
+}
+
+# Test only_reachable filters unreachable KEV
+test_only_reachable_filters_unreachable_kev if {
+    allow with input as {
+        "cve_findings": [
+            {"cve_id": "CVE-2024-0001", "is_kev": true, "is_reachable": false}
+        ],
+        "config": {"only_reachable": true}
+    }
+}
+
+# Test denial message includes due date
+test_deny_message_with_due_date if {
+    msg := deny[_] with input as {
+        "cve_findings": [
+            {"cve_id": "CVE-2024-1234", "is_kev": true, "kev_due_date": "2024-02-15"}
+        ],
+        "config": {}
+    }
+    contains(msg, "CVE-2024-1234")
+    contains(msg, "2024-02-15")
+}
+
+# Test denial message without due date
+test_deny_message_without_due_date if {
+    msg := deny[_] with input as {
+        "cve_findings": [
+            {"cve_id": "CVE-2024-5678", "is_kev": true}
+        ],
+        "config": {}
+    }
+    contains(msg, "CVE-2024-5678")
+    contains(msg, "actively exploited")
+}
+
+# Test summary structure
+test_summary_structure if {
+    s := summary with input as {
+        "cve_findings": [
+            {"cve_id": "CVE-2024-0001", "is_kev": false},
+            {"cve_id": "CVE-2024-0002", "is_kev": true, "kev_due_date": "2024-02-15"},
+            {"cve_id": "CVE-2024-0003", "is_kev": true}
+        ],
+        "config": {}
+    }
+    s.total_cves == 3
+    s.kev_count == 2
+}