Add unit tests for SBOM ingestion and transformation
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
- Implement `SbomIngestServiceCollectionExtensionsTests` to verify the SBOM ingestion pipeline exports snapshots correctly. - Create `SbomIngestTransformerTests` to ensure the transformation produces expected nodes and edges, including deduplication of license nodes and normalization of timestamps. - Add `SbomSnapshotExporterTests` to test the export functionality for manifest, adjacency, nodes, and edges. - Introduce `VexOverlayTransformerTests` to validate the transformation of VEX nodes and edges. - Set up project file for the test project with necessary dependencies and configurations. - Include JSON fixture files for testing purposes.
This commit is contained in:
master
@@ -70,11 +70,11 @@ public class IcsCisaConnectorMappingTests
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public void BuildAffectedPackages_EmitsProductRangesWithSemVer()
|
||||
{
|
||||
var dto = new IcsCisaAdvisoryDto
|
||||
{
|
||||
AdvisoryId = "ICSA-25-456-02",
|
||||
public void BuildAffectedPackages_EmitsProductRangesWithSemVer()
|
||||
{
|
||||
var dto = new IcsCisaAdvisoryDto
|
||||
{
|
||||
AdvisoryId = "ICSA-25-456-02",
|
||||
Title = "Vendor Advisory",
|
||||
Link = "https://www.cisa.gov/news-events/ics-advisories/icsa-25-456-02",
|
||||
DescriptionHtml = "",
|
||||
@@ -89,13 +89,54 @@ public class IcsCisaConnectorMappingTests
|
||||
var productPackage = Assert.Single(packages);
|
||||
Assert.Equal(AffectedPackageTypes.IcsVendor, productPackage.Type);
|
||||
Assert.Equal("ControlSuite", productPackage.Identifier);
|
||||
var range = Assert.Single(productPackage.VersionRanges);
|
||||
Assert.Equal("product", range.RangeKind);
|
||||
Assert.Equal("4.2", range.RangeExpression);
|
||||
Assert.NotNull(range.Primitives);
|
||||
Assert.Equal("Example Corp", range.Primitives!.VendorExtensions!["ics.vendors"]);
|
||||
Assert.Equal("ControlSuite", range.Primitives.VendorExtensions!["ics.product"]);
|
||||
Assert.NotNull(range.Primitives.SemVer);
|
||||
Assert.Equal("4.2.0", range.Primitives.SemVer!.ExactValue);
|
||||
}
|
||||
}
|
||||
var range = Assert.Single(productPackage.VersionRanges);
|
||||
Assert.Equal("product", range.RangeKind);
|
||||
Assert.Equal("4.2.0", range.RangeExpression);
|
||||
Assert.NotNull(range.Primitives);
|
||||
Assert.Equal("Example Corp", range.Primitives!.VendorExtensions!["ics.vendors"]);
|
||||
Assert.Equal("ControlSuite", range.Primitives.VendorExtensions!["ics.product"]);
|
||||
Assert.True(range.Primitives.VendorExtensions!.ContainsKey("ics.range.expression"));
|
||||
Assert.NotNull(range.Primitives.SemVer);
|
||||
Assert.Equal("4.2.0", range.Primitives.SemVer!.ExactValue);
|
||||
Assert.Equal("ics-cisa:ICSA-25-456-02:controlsuite", range.Provenance.Value);
|
||||
var normalizedRule = Assert.Single(productPackage.NormalizedVersions);
|
||||
Assert.Equal("semver", normalizedRule.Scheme);
|
||||
Assert.Equal("exact", normalizedRule.Type);
|
||||
Assert.Equal("4.2.0", normalizedRule.Value);
|
||||
Assert.Equal("ics-cisa:ICSA-25-456-02:controlsuite", normalizedRule.Notes);
|
||||
var packageProvenance = Assert.Single(productPackage.Provenance);
|
||||
Assert.Contains(ProvenanceFieldMasks.AffectedPackages, packageProvenance.FieldMask);
|
||||
Assert.Contains(ProvenanceFieldMasks.VersionRanges, packageProvenance.FieldMask);
|
||||
Assert.Contains(ProvenanceFieldMasks.NormalizedVersions, packageProvenance.FieldMask);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public void BuildAffectedPackages_NormalizesRangeExpressions()
|
||||
{
|
||||
var dto = new IcsCisaAdvisoryDto
|
||||
{
|
||||
AdvisoryId = "ICSA-25-789-03",
|
||||
Title = "Range Advisory",
|
||||
Link = "https://www.cisa.gov/news-events/ics-advisories/icsa-25-789-03",
|
||||
DescriptionHtml = "",
|
||||
Published = RecordedAt,
|
||||
Vendors = new[] { "Range Corp" },
|
||||
Products = new[] { "Control Suite Firmware 1.0 - 2.0" }
|
||||
};
|
||||
|
||||
var packages = IcsCisaConnector.BuildAffectedPackages(dto, RecordedAt);
|
||||
|
||||
var productPackage = Assert.Single(packages);
|
||||
Assert.Equal("Control Suite Firmware", productPackage.Identifier);
|
||||
var range = Assert.Single(productPackage.VersionRanges);
|
||||
Assert.Equal("1.0.0 - 2.0.0", range.RangeExpression);
|
||||
Assert.NotNull(range.Primitives);
|
||||
Assert.Equal("ics-cisa:ICSA-25-789-03:control-suite-firmware", range.Provenance.Value);
|
||||
var rule = Assert.Single(productPackage.NormalizedVersions);
|
||||
Assert.Equal("semver", rule.Scheme);
|
||||
Assert.Equal("range", rule.Type);
|
||||
Assert.Equal("1.0.0", rule.Min);
|
||||
Assert.Equal("2.0.0", rule.Max);
|
||||
Assert.Equal("ics-cisa:ICSA-25-789-03:control-suite-firmware", rule.Notes);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -50,8 +50,7 @@ public sealed class IcsCisaConnectorTests : IAsyncLifetime
|
||||
|
||||
Assert.Equal(2, advisories.Count);
|
||||
|
||||
var icsa = Assert.Single(advisories, advisory => advisory.AdvisoryKey == "ICSA-25-123-01");
|
||||
Console.WriteLine("ProductsRaw:" + string.Join("|", icsa.AffectedPackages.SelectMany(p => p.Provenance).Select(p => p.Value ?? "<null>")));
|
||||
var icsa = Assert.Single(advisories, advisory => advisory.AdvisoryKey == "ICSA-25-123-01");
|
||||
Assert.Contains("CVE-2024-12345", icsa.Aliases);
|
||||
Assert.Contains(icsa.References, reference => reference.Url == "https://example.com/security/icsa-25-123-01");
|
||||
Assert.Contains(icsa.References, reference => reference.Url == "https://files.cisa.gov/docs/icsa-25-123-01.pdf" && reference.Kind == "attachment");
|
||||
@@ -88,7 +87,7 @@ public sealed class IcsCisaConnectorTests : IAsyncLifetime
|
||||
_handler.Clear();
|
||||
|
||||
var services = new ServiceCollection();
|
||||
services.AddLogging(builder => builder.AddProvider(NullLoggerProvider.Instance));
|
||||
services.AddLogging(builder => builder.AddProvider(NullLoggerProvider.Instance));
|
||||
services.AddSingleton(_handler);
|
||||
|
||||
services.AddMongoStorage(options =>
|
||||
|
||||
Reference in New Issue
Block a user