Add unit tests for SBOM ingestion and transformation

- Implement `SbomIngestServiceCollectionExtensionsTests` to verify the SBOM ingestion pipeline exports snapshots correctly. - Create `SbomIngestTransformerTests` to ensure the transformation produces expected nodes and edges, including deduplication of license nodes and normalization of timestamps. - Add `SbomSnapshotExporterTests` to test the export functionality for manifest, adjacency, nodes, and edges. - Introduce `VexOverlayTransformerTests` to validate the transformation of VEX nodes and edges. - Set up project file for the test project with necessary dependencies and configurations. - Include JSON fixture files for testing purposes.
2025-11-04 07:49:39 +02:00
parent f72c5c513a
commit 2eb6852d34
491 changed files with 39445 additions and 3917 deletions
--- a/seed-data/findings-ledger/fixtures/finding-projection.sample.json
+++ b/seed-data/findings-ledger/fixtures/finding-projection.sample.json
@@ -0,0 +1,19 @@
+{
+  "currentEventId": "3ac1f4ef-3c26-4b0d-91d4-6a6d3a5bde10",
+  "cycleHash": "1a61c14efc1aceaed7d2574d2054475b2683a3bfc81103585070ef560b15bd02",
+  "explainRef": "explain://tenant-a/findings/3ac1f4ef",
+  "findingId": "artifact:sha256:3f1e2d9c7b1a0f6534d1b6f998d7a5c3ef9e0ab92f4c1d2e3f5a6b7c8d9e0f1a|pkg:cpe:/o:vendor:product",
+  "labels": {
+    "kev": true,
+    "runtime": "exposed"
+  },
+  "policyVersion": "sha256:5f38c7887d4a4bb887ce89c393c7a2e23e6e708fda310f9f3ff2a2a0b4dffbdf",
+  "severity": 6.7,
+  "status": "triaged",
+  "tenantId": "tenant-a",
+  "updatedAt": "2025-11-03T15:12:05.456Z",
+  "policyRationale": [
+    "explain://tenant-a/findings/3ac1f4ef",
+    "policy://tenant-a/policy-v1/rationale/accepted"
+  ]
+}
--- a/seed-data/findings-ledger/fixtures/ledger-event.sample.json
+++ b/seed-data/findings-ledger/fixtures/ledger-event.sample.json
@@ -0,0 +1,42 @@
+{
+  "event": {
+    "actor": {
+      "id": "user:alice@tenant",
+      "type": "operator"
+    },
+    "artifactId": "sha256:3f1e2d9c7b1a0f6534d1b6f998d7a5c3ef9e0ab92f4c1d2e3f5a6b7c8d9e0f1a",
+    "chainId": "5fa2b970-9da2-4ef4-9a63-463c5d98d3cc",
+    "eventHash": "05332adf4298733a243968c40c7aeb4215dae48c52af9a5316374eacc9b30d45",
+    "finding": {
+      "artifactId": "sha256:3f1e2d9c7b1a0f6534d1b6f998d7a5c3ef9e0ab92f4c1d2e3f5a6b7c8d9e0f1a",
+      "id": "artifact:sha256:3f1e2d9c7b1a0f6534d1b6f998d7a5c3ef9e0ab92f4c1d2e3f5a6b7c8d9e0f1a|pkg:cpe:/o:vendor:product",
+      "vulnId": "CVE-2025-1234"
+    },
+    "id": "3ac1f4ef-3c26-4b0d-91d4-6a6d3a5bde10",
+    "occurredAt": "2025-11-03T15:12:05.123Z",
+    "payload": {
+      "justification": "Ticket SEC-1234 created",
+      "previousStatus": "affected",
+      "status": "triaged",
+      "ticket": {
+        "id": "SEC-1234",
+        "url": "https://tracker.example/sec-1234"
+      },
+      "rationaleRefs": [
+        "explain://tenant-a/findings/3ac1f4ef"
+      ]
+    },
+    "policyVersion": "sha256:5f38c7887d4a4bb887ce89c393c7a2e23e6e708fda310f9f3ff2a2a0b4dffbdf",
+    "previousHash": "0000000000000000000000000000000000000000000000000000000000000000",
+    "recordedAt": "2025-11-03T15:12:06.001Z",
+    "sequence": 42,
+    "sourceRunId": "8f89a703-94cd-4e9d-8a75-2f407c4bee7f",
+    "tenant": "tenant-a",
+    "type": "finding.status_changed"
+  },
+  "hashes": {
+    "eventHash": "05332adf4298733a243968c40c7aeb4215dae48c52af9a5316374eacc9b30d45",
+    "merkleLeafHash": "a2ad094e2e2064a29de8b93710d97645401d7690e920e866eef231790c5200be",
+    "previousHash": "0000000000000000000000000000000000000000000000000000000000000000"
+  }
+}
--- a/seed-data/kisa/README.md
+++ b/seed-data/kisa/README.md
@@ -0,0 +1,34 @@
+# KISA Offline Detail Capture (2025-11-03)
+
+This directory contains HTML snapshots of the KISA/KNVD advisory detail pages (`detailDos.do?IDX=...`).
+
+## Capture notes
+
+- Captured: 2025-11-03T22:53:00Z from `https://knvd.krcert.or.kr/rss/securityInfo.do`.
+- Detail API `rssDetailData.do` now returns an HTML error page; the SPA embeds the full advisory content in `detailDos.do`.
+- Each file under `html/` corresponds to the RSS item `IDX` and preserves the original Korean content and table layout.
+- User agent: `Mozilla/5.0 (compatible; StellaOpsOffline/1.0)`.
+- No authentication was required; cookies set during the HTML fetch are not needed for static page capture.
+
+## Regeneration
+
+```bash
+python scripts/kisa_capture_html.py --out seed-data/kisa/html
+```
+
+(See `scripts/kisa_capture_html.py` for exact implementation; it parses the RSS feed, walks each `IDX`, and writes `IDX.html` alongside a sha256 manifest.)
+
+## sha256 manifest
+
+| IDX | sha256 |
+| --- | --- |
+| 5859 | 8a31a530b3e4d4ce356fc18d561028a41320b27ed398abdb8e7ec2b0b5c693fe |
+| 5860 | 74013ef35a76cd0c44c2e17cac9ecf51095e64fd7f9a9436460d0e0b10526af3 |
+| 5861 | 1d95c34b76dc9d5be5cbc0b8fdc9d423dd5cc77cb0fc214534887dc444ef9a45 |
+| 5862 | 93ae557286b4ee80ae26486c13555e1fda068dcc13d440540757a7d53166457e |
+| 5863 | ee3c81915e99065021b8bb1a601144e99af196140d92859049cea1c308547859 |
+| 5864 | 6f84dc5f1bb4998d9af123f7ddc8912b47cdc1acf816d41ff0e1ad281d31fa2f |
+| 5865 | d5e60ea3a80307f797721a988bed609c99587850e59bc125d287c8e8db85b0ec |
+| 5866 | a6f332315324fb268adad214bba170e81c56db6afdb316bafdd18fb9defbe721 |
+| 5867 | 4245dbf6c03a27d6bdf1d7b2651e9e7a05ad1bc027c2f928edb3bf3e58a62b20 |
+| 5868 | 316c1476589a51e57914186373bfd0394e3d0a8ae64a2c9c16a1d8bdfe941fa9 |