stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity

Add unit tests for SBOM ingestion and transformation
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details

Browse Source 
- Implement `SbomIngestServiceCollectionExtensionsTests` to verify the SBOM ingestion pipeline exports snapshots correctly.
- Create `SbomIngestTransformerTests` to ensure the transformation produces expected nodes and edges, including deduplication of license nodes and normalization of timestamps.
- Add `SbomSnapshotExporterTests` to test the export functionality for manifest, adjacency, nodes, and edges.
- Introduce `VexOverlayTransformerTests` to validate the transformation of VEX nodes and edges.
- Set up project file for the test project with necessary dependencies and configurations.
- Include JSON fixture files for testing purposes.
This commit is contained in:
master
2025-11-04 07:49:39 +02:00
parent f72c5c513a
commit 2eb6852d34
491 changed files with 39445 additions and 3917 deletions
Download Patch File Download Diff File Expand all files Collapse all files

164
src/Findings/__Tests/StellaOps.Findings.Ledger.Tests/InlinePolicyEvaluationServiceTests.cs Normal file
View File

@@ -0,0 +1,164 @@
using System.Text.Json.Nodes;
using FluentAssertions;
using Microsoft.Extensions.Logging.Abstractions;
using StellaOps.Findings.Ledger.Domain;
using StellaOps.Findings.Ledger.Hashing;
using StellaOps.Findings.Ledger.Infrastructure.Policy;
using StellaOps.Findings.Ledger.Services;
using Xunit;
namespace StellaOps.Findings.Ledger.Tests;
public sealed class InlinePolicyEvaluationServiceTests
{
private readonly InlinePolicyEvaluationService _service = new(NullLogger<InlinePolicyEvaluationService>.Instance);
[Fact]
public async Task EvaluateAsync_UsesPayloadValues_WhenPresent()
{
var payload = new JsonObject
{
["status"] = "triaged",
["severity"] = 5.2,
["labels"] = new JsonObject
{
["kev"] = true,
["runtime"] = "exposed"
},
["labelsRemove"] = new JsonArray("deprecated"),
["explainRef"] = "explain://tenant/findings/1",
["rationaleRefs"] = new JsonArray("explain://tenant/findings/1", "policy://tenant/pol/version/rationale")
};
var existingProjection = new FindingProjection(
"tenant",
"finding",
"policy-sha",
"affected",
7.1m,
new JsonObject { ["deprecated"] = "true" },
Guid.NewGuid(),
null,
new JsonArray("explain://existing"),
DateTimeOffset.UtcNow,
string.Empty);
var record = CreateRecord(payload);
var result = await _service.EvaluateAsync(record, existingProjection, default);
result.Status.Should().Be("triaged");
result.Severity.Should().Be(5.2m);
result.Labels["kev"]!.GetValue<bool>().Should().BeTrue();
result.Labels.ContainsKey("deprecated").Should().BeFalse();
result.Labels["runtime"]!.GetValue<string>().Should().Be("exposed");
result.ExplainRef.Should().Be("explain://tenant/findings/1");
result.Rationale.Should().HaveCount(2);
result.Rationale[0]!.GetValue<string>().Should().Be("explain://tenant/findings/1");
result.Rationale[1]!.GetValue<string>().Should().Be("policy://tenant/pol/version/rationale");
}
[Fact]
public async Task EvaluateAsync_FallsBack_WhenEventMissing()
{
var existingRationale = new JsonArray("explain://existing/rationale");
var existingProjection = new FindingProjection(
"tenant",
"finding",
"policy-sha",
"accepted_risk",
3.4m,
new JsonObject { ["runtime"] = "contained" },
Guid.NewGuid(),
"explain://existing",
existingRationale,
DateTimeOffset.UtcNow,
string.Empty);
var record = new LedgerEventRecord(
"tenant",
Guid.NewGuid(),
1,
Guid.NewGuid(),
"finding.status_changed",
"policy-sha",
"finding",
"artifact",
null,
"user:alice",
"operator",
DateTimeOffset.UtcNow,
DateTimeOffset.UtcNow,
new JsonObject(),
"hash",
"prev",
"leaf",
"{}"
);
var result = await _service.EvaluateAsync(record, existingProjection, default);
result.Status.Should().Be("accepted_risk");
result.Severity.Should().Be(3.4m);
result.Labels["runtime"]!.GetValue<string>().Should().Be("contained");
result.ExplainRef.Should().Be("explain://existing");
result.Rationale.Should().HaveCount(1);
result.Rationale[0]!.GetValue<string>().Should().Be("explain://existing/rationale");
}
private static LedgerEventRecord CreateRecord(JsonObject payload)
{
var eventObject = new JsonObject
{
["id"] = Guid.NewGuid().ToString(),
["type"] = "finding.status_changed",
["tenant"] = "tenant",
["chainId"] = Guid.NewGuid().ToString(),
["sequence"] = 10,
["policyVersion"] = "policy-sha",
["artifactId"] = "artifact",
["finding"] = new JsonObject
{
["id"] = "finding",
["artifactId"] = "artifact",
["vulnId"] = "CVE-0000-0001"
},
["actor"] = new JsonObject
{
["id"] = "user:alice",
["type"] = "operator"
},
["occurredAt"] = "2025-11-04T12:00:00.000Z",
["recordedAt"] = "2025-11-04T12:00:01.000Z",
["payload"] = payload.DeepClone()
};
var envelope = new JsonObject
{
["event"] = eventObject
};
var canonical = LedgerCanonicalJsonSerializer.Canonicalize(envelope);
var canonicalJson = LedgerCanonicalJsonSerializer.Serialize(canonical);
return new LedgerEventRecord(
"tenant",
Guid.Parse(eventObject["chainId"]!.GetValue<string>()),
10,
Guid.Parse(eventObject["id"]!.GetValue<string>()),
eventObject["type"]!.GetValue<string>(),
eventObject["policyVersion"]!.GetValue<string>(),
eventObject["finding"]!["id"]!.GetValue<string>(),
eventObject["artifactId"]!.GetValue<string>(),
null,
eventObject["actor"]!["id"]!.GetValue<string>(),
eventObject["actor"]!["type"]!.GetValue<string>(),
DateTimeOffset.Parse(eventObject["occurredAt"]!.GetValue<string>()),
DateTimeOffset.Parse(eventObject["recordedAt"]!.GetValue<string>()),
canonical,
"hash",
"prev",
"leaf",
canonicalJson);
}
}