doctor enhancements, setup, enhancements, ui functionality and design consolidation and , test projects fixes , product advisory attestation/rekor and delta verfications enhancements

examples/policies/opa/reachable-cve_test.rego

@@ -0,0 +1,101 @@
+# -----------------------------------------------------------------------------
+# reachable-cve_test.rego
+# Tests for reachability-aware CVE policy
+# -----------------------------------------------------------------------------
+
+package stellaops.gates.reachable
+
+import future.keywords.if
+
+# Test allow - high severity but not reachable
+test_allow_high_not_reachable if {
+    allow with input as {
+        "cve_findings": [
+            {"cve_id": "CVE-2024-0001", "cvss_score": 9.0, "is_reachable": false}
+        ],
+        "config": {"severity_threshold": 7.0}
+    }
+}
+
+# Test allow - reachable but below threshold
+test_allow_reachable_below_threshold if {
+    allow with input as {
+        "cve_findings": [
+            {"cve_id": "CVE-2024-0001", "cvss_score": 5.0, "is_reachable": true}
+        ],
+        "config": {"severity_threshold": 7.0}
+    }
+}
+
+# Test deny - reachable and above threshold
+test_deny_reachable_above_threshold if {
+    not allow with input as {
+        "cve_findings": [
+            {"cve_id": "CVE-2024-0001", "cvss_score": 8.5, "is_reachable": true}
+        ],
+        "config": {"severity_threshold": 7.0}
+    }
+}
+
+# Test deny - confirmed_reachable state
+test_deny_confirmed_reachable_state if {
+    not allow with input as {
+        "cve_findings": [
+            {"cve_id": "CVE-2024-0001", "cvss_score": 8.5, "reachability_state": "confirmed_reachable"}
+        ],
+        "config": {"severity_threshold": 7.0}
+    }
+}
+
+# Test allow - not_reachable state
+test_allow_not_reachable_state if {
+    allow with input as {
+        "cve_findings": [
+            {"cve_id": "CVE-2024-0001", "cvss_score": 9.5, "reachability_state": "not_reachable"}
+        ],
+        "config": {"severity_threshold": 7.0}
+    }
+}
+
+# Test environment threshold override
+test_environment_threshold_override if {
+    not allow with input as {
+        "cve_findings": [
+            {"cve_id": "CVE-2024-0001", "cvss_score": 5.0, "is_reachable": true}
+        ],
+        "environment": "production",
+        "config": {
+            "severity_threshold": 7.0,
+            "environments": {
+                "production": {"severity_threshold": 4.0}
+            }
+        }
+    }
+}
+
+# Test denial message content
+test_deny_message_content if {
+    msg := deny[_] with input as {
+        "cve_findings": [
+            {"cve_id": "CVE-2024-1234", "cvss_score": 8.1, "is_reachable": true}
+        ],
+        "config": {"severity_threshold": 7.0}
+    }
+    contains(msg, "CVE-2024-1234")
+    contains(msg, "8.1")
+}
+
+# Test summary structure
+test_summary_structure if {
+    s := summary with input as {
+        "cve_findings": [
+            {"cve_id": "CVE-2024-0001", "cvss_score": 9.0, "is_reachable": true},
+            {"cve_id": "CVE-2024-0002", "cvss_score": 8.0, "is_reachable": false},
+            {"cve_id": "CVE-2024-0003", "cvss_score": 5.0, "is_reachable": true}
+        ],
+        "config": {"severity_threshold": 7.0}
+    }
+    s.total_cves == 3
+    s.reachable_high_severity == 1
+    s.unreachable_high_severity == 1
+}