stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

doctor enhancements, setup, enhancements, ui functionality and design consolidation and , test projects fixes , product advisory attestation/rekor and delta verfications enhancements

Browse Source
This commit is contained in:
master
2026-01-19 09:02:59 +02:00
parent 8c4bf54aed
commit 17419ba7c4
809 changed files with 170738 additions and 12244 deletions
Download Patch File Download Diff File Expand all files Collapse all files

137
examples/policies/opa/release-aggregate_test.rego Normal file
View File

@@ -0,0 +1,137 @@
# -----------------------------------------------------------------------------
# release-aggregate_test.rego
# Tests for aggregate CVE limits policy
# -----------------------------------------------------------------------------
package stellaops.gates.aggregate
import future.keywords.if
# Test allow - within all limits
test_allow_within_limits if {
allow with input as {
"cve_findings": [
{"cve_id": "CVE-2024-0001", "cvss_score": 8.0},
{"cve_id": "CVE-2024-0002", "cvss_score": 7.5},
{"cve_id": "CVE-2024-0003", "cvss_score": 5.0}
],
"config": {"max_critical": 0, "max_high": 3, "max_medium": 20}
}
}
# Test deny - critical exceeds limit
test_deny_critical_exceeds if {
not allow with input as {
"cve_findings": [
{"cve_id": "CVE-2024-0001", "cvss_score": 9.5}
],
"config": {"max_critical": 0}
}
}
# Test deny - high exceeds limit
test_deny_high_exceeds if {
not allow with input as {
"cve_findings": [
{"cve_id": "CVE-2024-0001", "cvss_score": 8.0},
{"cve_id": "CVE-2024-0002", "cvss_score": 7.5},
{"cve_id": "CVE-2024-0003", "cvss_score": 8.5},
{"cve_id": "CVE-2024-0004", "cvss_score": 7.0}
],
"config": {"max_high": 3}
}
}
# Test allow - empty findings
test_allow_empty_findings if {
allow with input as {
"cve_findings": [],
"config": {"max_critical": 0, "max_high": 3}
}
}
# Test only_reachable filter
test_only_reachable_filters if {
allow with input as {
"cve_findings": [
{"cve_id": "CVE-2024-0001", "cvss_score": 9.5, "is_reachable": false}
],
"config": {"max_critical": 0, "only_reachable": true}
}
}
# Test exclude suppressed
test_exclude_suppressed if {
allow with input as {
"cve_findings": [
{"cve_id": "CVE-2024-0001", "cvss_score": 9.5, "is_suppressed": true}
],
"config": {"max_critical": 0, "count_suppressed": false}
}
}
# Test environment override
test_environment_override if {
allow with input as {
"cve_findings": [
{"cve_id": "CVE-2024-0001", "cvss_score": 9.5}
],
"environment": "staging",
"config": {
"max_critical": 0,
"environments": {
"staging": {"max_critical": 1}
}
}
}
}
# Test severity classification
test_severity_classification if {
c := counts with input as {
"cve_findings": [
{"cve_id": "CVE-001", "cvss_score": 9.5},
{"cve_id": "CVE-002", "cvss_score": 8.0},
{"cve_id": "CVE-003", "cvss_score": 7.0},
{"cve_id": "CVE-004", "cvss_score": 5.0},
{"cve_id": "CVE-005", "cvss_score": 3.0},
{"cve_id": "CVE-006"}
],
"config": {}
}
c.critical == 1
c.high == 2
c.medium == 1
c.low == 1
c.unknown == 1
c.total == 6
}
# Test denial message content
test_deny_message_critical if {
msg := deny[_] with input as {
"cve_findings": [
{"cve_id": "CVE-2024-0001", "cvss_score": 9.5}
],
"config": {"max_critical": 0}
}
contains(msg, "Critical")
contains(msg, "1 > 0")
}
# Test summary structure
test_summary_structure if {
s := summary with input as {
"cve_findings": [
{"cve_id": "CVE-2024-0001", "cvss_score": 8.0},
{"cve_id": "CVE-2024-0002", "cvss_score": 5.0}
],
"environment": "production",
"config": {"max_high": 3, "max_medium": 20}
}
s.counts.high == 1
s.counts.medium == 1
s.limits.max_high == 3
s.limits.max_medium == 20
s.environment == "production"
}