stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

Add unit tests for SBOM ingestion and transformation
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details

Browse Source 
- Implement `SbomIngestServiceCollectionExtensionsTests` to verify the SBOM ingestion pipeline exports snapshots correctly.
- Create `SbomIngestTransformerTests` to ensure the transformation produces expected nodes and edges, including deduplication of license nodes and normalization of timestamps.
- Add `SbomSnapshotExporterTests` to test the export functionality for manifest, adjacency, nodes, and edges.
- Introduce `VexOverlayTransformerTests` to validate the transformation of VEX nodes and edges.
- Set up project file for the test project with necessary dependencies and configurations.
- Include JSON fixture files for testing purposes.
This commit is contained in:
master
2025-11-04 07:49:39 +02:00
parent f72c5c513a
commit 2eb6852d34
491 changed files with 39445 additions and 3917 deletions
Download Patch File Download Diff File Expand all files Collapse all files

101
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Tests/Core/LanguageAnalyzerContextTests.cs Normal file
View File

@@ -0,0 +1,101 @@
using System;
using System.Collections.Generic;
using System.IO;
using System.Text;
using System.Threading.Tasks;
using Microsoft.Extensions.DependencyInjection;
using StellaOps.Scanner.Surface.Env;
using StellaOps.Scanner.Surface.Secrets;
using StellaOps.Scanner.Surface.Secrets.Providers;
using Xunit;
namespace StellaOps.Scanner.Analyzers.Lang.Tests.Core;
public sealed class LanguageAnalyzerContextTests
{
[Fact]
public async Task SecretsProviderAvailable_ReturnsHandle()
{
using var workspace = new TempDirectory();
var services = new ServiceCollection();
var settings = new SurfaceEnvironmentSettings(
new Uri("https://surface.test"),
"unit-bucket",
null,
new DirectoryInfo(workspace.Path),
128,
false,
Array.Empty<string>(),
new SurfaceSecretsConfiguration("inline", "testtenant", null, null, null, true),
"testtenant",
new SurfaceTlsConfiguration(null, null, null));
var environment = new StubSurfaceEnvironment(settings);
var provider = new InMemorySurfaceSecretProvider();
var request = new SurfaceSecretRequest("testtenant", "ScannerWorkerLanguageAnalyzers", "registry", "default");
var handle = SurfaceSecretHandle.FromBytes(Encoding.UTF8.GetBytes("token"), new Dictionary<string, string> { ["source"] = "test" });
provider.Add(request, handle);
services.AddSingleton<ISurfaceEnvironment>(environment);
services.AddSingleton<ISurfaceSecretProvider>(provider);
var serviceProvider = services.BuildServiceProvider();
var context = new LanguageAnalyzerContext(workspace.Path, TimeProvider.System, services: serviceProvider);
Assert.True(context.Secrets.IsAvailable);
using var retrieved = await context.Secrets.GetAsync("registry", "default", TestContext.Current.CancellationToken);
Assert.Same(handle, retrieved);
Assert.Equal("test", retrieved.Metadata["source"]);
Assert.Equal("token", Encoding.UTF8.GetString(retrieved.AsBytes().Span));
}
[Fact]
public async Task SecretsProviderMissing_UsesEmptyInstance()
{
using var workspace = new TempDirectory();
var context = new LanguageAnalyzerContext(workspace.Path, TimeProvider.System);
Assert.False(context.Secrets.IsAvailable);
var secret = await context.Secrets.TryGetAsync("registry", cancellationToken: TestContext.Current.CancellationToken);
Assert.Null(secret);
}
private sealed class StubSurfaceEnvironment : ISurfaceEnvironment
{
public StubSurfaceEnvironment(SurfaceEnvironmentSettings settings)
{
Settings = settings;
}
public SurfaceEnvironmentSettings Settings { get; }
public IReadOnlyDictionary<string, string> RawVariables { get; } = new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
}
private sealed class TempDirectory : IDisposable
{
public TempDirectory()
{
Path = System.IO.Path.Combine(System.IO.Path.GetTempPath(), $"stellaops-langctx-{Guid.NewGuid():n}");
Directory.CreateDirectory(Path);
}
public string Path { get; }
public void Dispose()
{
try
{
if (Directory.Exists(Path))
{
Directory.Delete(Path, recursive: true);
}
}
catch
{
}
}
}
}

238
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Tests/Fixtures/lang/dotnet/multi/expected.json
View File

@@ -1,120 +1,120 @@
[
{
"analyzerId": "dotnet",
"componentKey": "purl::pkg:nuget/stellaops.logging@2.5.1",
"purl": "pkg:nuget/stellaops.logging@2.5.1",
"name": "StellaOps.Logging",
"version": "2.5.1",
"type": "nuget",
"usedByEntrypoint": false,
"metadata": {
"assembly[0].assetPath": "lib/net10.0/StellaOps.Logging.dll",
"assembly[0].fileVersion": "2.5.1.12345",
"assembly[0].tfm[0]": ".NETCoreApp,Version=v10.0",
"assembly[0].version": "2.5.1.0",
"assembly[1].assetPath": "runtimes/linux-arm64/lib/net10.0/StellaOps.Logging.dll",
"assembly[1].rid[0]": "linux-arm64",
"assembly[1].tfm[0]": ".NETCoreApp,Version=v10.0",
"assembly[2].assetPath": "runtimes/linux-x64/lib/net10.0/StellaOps.Logging.dll",
"assembly[2].rid[0]": "linux-x64",
"assembly[2].tfm[0]": ".NETCoreApp,Version=v10.0",
"assembly[3].assetPath": "runtimes/osx-arm64/lib/net10.0/StellaOps.Logging.dll",
"assembly[3].rid[0]": "osx-arm64",
"assembly[3].tfm[0]": ".NETCoreApp,Version=v10.0",
"deps.path[0]": "AppA.deps.json",
"deps.path[1]": "AppB.deps.json",
"deps.rid[0]": "linux-arm64",
"deps.rid[1]": "linux-x64",
"deps.rid[2]": "osx-arm64",
"deps.rid[3]": "win-arm64",
"deps.tfm[0]": ".NETCoreApp,Version=v10.0",
"license.expression[0]": "Apache-2.0",
"native[0].assetPath": "runtimes/win-arm64/native/stellaops.logging.dll",
"native[0].rid[0]": "win-arm64",
"native[0].tfm[0]": ".NETCoreApp,Version=v10.0",
"package.hashPath[0]": "stellaops.logging.2.5.1.nupkg.sha512",
"package.id": "StellaOps.Logging",
"package.id.normalized": "stellaops.logging",
"package.path[0]": "stellaops.logging/2.5.1",
"package.serviceable": "true",
"package.sha512[0]": "sha512-FAKE_LOGGING_SHA==",
"package.version": "2.5.1",
"provenance": "manifest"
},
"evidence": [
{
"kind": "file",
"source": "deps.json",
"locator": "AppA.deps.json",
"value": "StellaOps.Logging/2.5.1"
},
{
"kind": "file",
"source": "deps.json",
"locator": "AppB.deps.json",
"value": "StellaOps.Logging/2.5.1"
}
]
},
{
"analyzerId": "dotnet",
"componentKey": "purl::pkg:nuget/stellaops.toolkit@1.2.3",
"purl": "pkg:nuget/stellaops.toolkit@1.2.3",
"name": "StellaOps.Toolkit",
"version": "1.2.3",
"type": "nuget",
"usedByEntrypoint": false,
"metadata": {
"assembly[0].assetPath": "lib/net10.0/StellaOps.Toolkit.dll",
"assembly[0].fileVersion": "1.2.3.0",
"assembly[0].tfm[0]": ".NETCoreApp,Version=v10.0",
"assembly[0].version": "1.2.3.0",
"deps.dependency[0]": "stellaops.logging",
"deps.path[0]": "AppA.deps.json",
"deps.path[1]": "AppB.deps.json",
"deps.rid[0]": "linux-x64",
"deps.rid[1]": "osx-arm64",
"deps.rid[2]": "win-arm64",
"deps.tfm[0]": ".NETCoreApp,Version=v10.0",
"license.file.sha256[0]": "604e182900b0ecb1ffb911c817bcbd148a31b8f55ad392a3b770be8005048c5c",
"license.file[0]": "packages/stellaops.toolkit/1.2.3/LICENSE.txt",
"native[0].assetPath": "runtimes/linux-x64/native/libstellaops.toolkit.so",
"native[0].rid[0]": "linux-x64",
"native[0].tfm[0]": ".NETCoreApp,Version=v10.0",
"native[1].assetPath": "runtimes/osx-arm64/native/libstellaops.toolkit.dylib",
"native[1].rid[0]": "osx-arm64",
"native[1].tfm[0]": ".NETCoreApp,Version=v10.0",
"native[2].assetPath": "runtimes/win-arm64/native/stellaops.toolkit.dll",
"native[2].rid[0]": "win-arm64",
"native[2].tfm[0]": ".NETCoreApp,Version=v10.0",
"package.hashPath[0]": "stellaops.toolkit.1.2.3.nupkg.sha512",
"package.id": "StellaOps.Toolkit",
"package.id.normalized": "stellaops.toolkit",
"package.path[0]": "stellaops.toolkit/1.2.3",
"package.serviceable": "true",
"package.sha512[0]": "sha512-FAKE_TOOLKIT_SHA==",
"package.version": "1.2.3",
"provenance": "manifest"
},
"evidence": [
{
"kind": "file",
"source": "deps.json",
"locator": "AppA.deps.json",
"value": "StellaOps.Toolkit/1.2.3"
},
{
"kind": "file",
"source": "deps.json",
"locator": "AppB.deps.json",
"value": "StellaOps.Toolkit/1.2.3"
},
{
"kind": "file",
"source": "license",
"locator": "packages/stellaops.toolkit/1.2.3/LICENSE.txt",
"sha256": "604e182900b0ecb1ffb911c817bcbd148a31b8f55ad392a3b770be8005048c5c"
}
]
}
[
{
"analyzerId": "dotnet",
"componentKey": "purl::pkg:nuget/stellaops.logging@2.5.1",
"purl": "pkg:nuget/stellaops.logging@2.5.1",
"name": "StellaOps.Logging",
"version": "2.5.1",
"type": "nuget",
"usedByEntrypoint": false,
"metadata": {
"assembly[0].assetPath": "lib/net10.0/StellaOps.Logging.dll",
"assembly[0].fileVersion": "2.5.1.12345",
"assembly[0].tfm[0]": ".NETCoreApp,Version=v10.0",
"assembly[0].version": "2.5.1.0",
"assembly[1].assetPath": "runtimes/linux-arm64/lib/net10.0/StellaOps.Logging.dll",
"assembly[1].rid[0]": "linux-arm64",
"assembly[1].tfm[0]": ".NETCoreApp,Version=v10.0",
"assembly[2].assetPath": "runtimes/linux-x64/lib/net10.0/StellaOps.Logging.dll",
"assembly[2].rid[0]": "linux-x64",
"assembly[2].tfm[0]": ".NETCoreApp,Version=v10.0",
"assembly[3].assetPath": "runtimes/osx-arm64/lib/net10.0/StellaOps.Logging.dll",
"assembly[3].rid[0]": "osx-arm64",
"assembly[3].tfm[0]": ".NETCoreApp,Version=v10.0",
"deps.path[0]": "AppA.deps.json",
"deps.path[1]": "AppB.deps.json",
"deps.rid[0]": "linux-arm64",
"deps.rid[1]": "linux-x64",
"deps.rid[2]": "osx-arm64",
"deps.rid[3]": "win-arm64",
"deps.tfm[0]": ".NETCoreApp,Version=v10.0",
"license.expression[0]": "Apache-2.0",
"native[0].assetPath": "runtimes/win-arm64/native/stellaops.logging.dll",
"native[0].rid[0]": "win-arm64",
"native[0].tfm[0]": ".NETCoreApp,Version=v10.0",
"package.hashPath[0]": "stellaops.logging.2.5.1.nupkg.sha512",
"package.id": "StellaOps.Logging",
"package.id.normalized": "stellaops.logging",
"package.path[0]": "stellaops.logging/2.5.1",
"package.serviceable": "true",
"package.sha512[0]": "sha512-FAKE_LOGGING_SHA==",
"package.version": "2.5.1",
"provenance": "manifest"
},
"evidence": [
{
"kind": "file",
"source": "deps.json",
"locator": "AppA.deps.json",
"value": "StellaOps.Logging/2.5.1"
},
{
"kind": "file",
"source": "deps.json",
"locator": "AppB.deps.json",
"value": "StellaOps.Logging/2.5.1"
}
]
},
{
"analyzerId": "dotnet",
"componentKey": "purl::pkg:nuget/stellaops.toolkit@1.2.3",
"purl": "pkg:nuget/stellaops.toolkit@1.2.3",
"name": "StellaOps.Toolkit",
"version": "1.2.3",
"type": "nuget",
"usedByEntrypoint": false,
"metadata": {
"assembly[0].assetPath": "lib/net10.0/StellaOps.Toolkit.dll",
"assembly[0].fileVersion": "1.2.3.0",
"assembly[0].tfm[0]": ".NETCoreApp,Version=v10.0",
"assembly[0].version": "1.2.3.0",
"deps.dependency[0]": "stellaops.logging",
"deps.path[0]": "AppA.deps.json",
"deps.path[1]": "AppB.deps.json",
"deps.rid[0]": "linux-x64",
"deps.rid[1]": "osx-arm64",
"deps.rid[2]": "win-arm64",
"deps.tfm[0]": ".NETCoreApp,Version=v10.0",
"license.file.sha256[0]": "09065a51df7b52a7183d6ceae2c201e5629bc9b5c5347a0890667a3aa3f65623",
"license.file[0]": "packages/stellaops.toolkit/1.2.3/LICENSE.txt",
"native[0].assetPath": "runtimes/linux-x64/native/libstellaops.toolkit.so",
"native[0].rid[0]": "linux-x64",
"native[0].tfm[0]": ".NETCoreApp,Version=v10.0",
"native[1].assetPath": "runtimes/osx-arm64/native/libstellaops.toolkit.dylib",
"native[1].rid[0]": "osx-arm64",
"native[1].tfm[0]": ".NETCoreApp,Version=v10.0",
"native[2].assetPath": "runtimes/win-arm64/native/stellaops.toolkit.dll",
"native[2].rid[0]": "win-arm64",
"native[2].tfm[0]": ".NETCoreApp,Version=v10.0",
"package.hashPath[0]": "stellaops.toolkit.1.2.3.nupkg.sha512",
"package.id": "StellaOps.Toolkit",
"package.id.normalized": "stellaops.toolkit",
"package.path[0]": "stellaops.toolkit/1.2.3",
"package.serviceable": "true",
"package.sha512[0]": "sha512-FAKE_TOOLKIT_SHA==",
"package.version": "1.2.3",
"provenance": "manifest"
},
"evidence": [
{
"kind": "file",
"source": "deps.json",
"locator": "AppA.deps.json",
"value": "StellaOps.Toolkit/1.2.3"
},
{
"kind": "file",
"source": "deps.json",
"locator": "AppB.deps.json",
"value": "StellaOps.Toolkit/1.2.3"
},
{
"kind": "file",
"source": "license",
"locator": "packages/stellaops.toolkit/1.2.3/LICENSE.txt",
"sha256": "09065a51df7b52a7183d6ceae2c201e5629bc9b5c5347a0890667a3aa3f65623"
}
]
}
]

186
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Tests/Fixtures/lang/dotnet/selfcontained/expected.json
View File

@@ -1,94 +1,94 @@
[
{
"analyzerId": "dotnet",
"componentKey": "purl::pkg:nuget/stellaops.runtime.selfcontained@2.1.0",
"purl": "pkg:nuget/stellaops.runtime.selfcontained@2.1.0",
"name": "StellaOps.Runtime.SelfContained",
"version": "2.1.0",
"type": "nuget",
"usedByEntrypoint": true,
"metadata": {
"deps.path[0]": "MyApp.deps.json",
"deps.rid[0]": "linux-x64",
"deps.rid[1]": "win-x64",
"deps.tfm[0]": ".NETCoreApp,Version=v10.0",
"license.expression[0]": "Apache-2.0",
"native[0].assetPath": "runtimes/linux-x64/native/libstellaopsnative.so",
"native[0].path": "runtimes/linux-x64/native/libstellaopsnative.so",
"native[0].rid[0]": "linux-x64",
"native[0].sha256": "6cf3d2a487d6a42fc7c3e2edbc452224e99a3656287a534f1164ee6ec9daadf0",
"native[0].tfm[0]": ".NETCoreApp,Version=v10.0",
"native[1].assetPath": "runtimes/win-x64/native/stellaopsnative.dll",
"native[1].rid[0]": "win-x64",
"native[1].tfm[0]": ".NETCoreApp,Version=v10.0",
"package.hashPath[0]": "stellaops.runtime.selfcontained.2.1.0.nupkg.sha512",
"package.id": "StellaOps.Runtime.SelfContained",
"package.id.normalized": "stellaops.runtime.selfcontained",
"package.path[0]": "stellaops.runtime.selfcontained/2.1.0",
"package.serviceable": "true",
"package.sha512[0]": "sha512-FAKE_RUNTIME_SHA==",
"package.version": "2.1.0",
"provenance": "manifest"
},
"evidence": [
{
"kind": "file",
"source": "deps.json",
"locator": "MyApp.deps.json",
"value": "StellaOps.Runtime.SelfContained/2.1.0"
},
{
"kind": "file",
"source": "native",
"locator": "runtimes/linux-x64/native/libstellaopsnative.so",
"value": "runtimes/linux-x64/native/libstellaopsnative.so",
"sha256": "6cf3d2a487d6a42fc7c3e2edbc452224e99a3656287a534f1164ee6ec9daadf0"
}
]
},
{
"analyzerId": "dotnet",
"componentKey": "purl::pkg:nuget/stellaops.toolkit@1.2.3",
"purl": "pkg:nuget/stellaops.toolkit@1.2.3",
"name": "StellaOps.Toolkit",
"version": "1.2.3",
"type": "nuget",
"usedByEntrypoint": false,
"metadata": {
"assembly[0].assetPath": "lib/net10.0/StellaOps.Toolkit.dll",
"assembly[0].fileVersion": "1.2.3.0",
"assembly[0].rid[0]": "linux-x64",
"assembly[0].rid[1]": "win-x64",
"assembly[0].tfm[0]": ".NETCoreApp,Version=v10.0",
"assembly[0].version": "1.2.3.0",
"deps.path[0]": "MyApp.deps.json",
"deps.rid[0]": "linux-x64",
"deps.rid[1]": "win-x64",
"deps.tfm[0]": ".NETCoreApp,Version=v10.0",
"license.file.sha256[0]": "f94d89a576c63e8ba6ee01760c52fa7861ba609491d7c6e6c01ead5ca66b6048",
"license.file[0]": "packages/stellaops.toolkit/1.2.3/LICENSE.txt",
"package.hashPath[0]": "stellaops.toolkit.1.2.3.nupkg.sha512",
"package.id": "StellaOps.Toolkit",
"package.id.normalized": "stellaops.toolkit",
"package.path[0]": "stellaops.toolkit/1.2.3",
"package.serviceable": "true",
"package.sha512[0]": "sha512-FAKE_TOOLKIT_SHA==",
"package.version": "1.2.3",
"provenance": "manifest"
},
"evidence": [
{
"kind": "file",
"source": "deps.json",
"locator": "MyApp.deps.json",
"value": "StellaOps.Toolkit/1.2.3"
},
{
"kind": "file",
"source": "license",
"locator": "packages/stellaops.toolkit/1.2.3/LICENSE.txt",
"sha256": "f94d89a576c63e8ba6ee01760c52fa7861ba609491d7c6e6c01ead5ca66b6048"
}
]
}
[
{
"analyzerId": "dotnet",
"componentKey": "purl::pkg:nuget/stellaops.runtime.selfcontained@2.1.0",
"purl": "pkg:nuget/stellaops.runtime.selfcontained@2.1.0",
"name": "StellaOps.Runtime.SelfContained",
"version": "2.1.0",
"type": "nuget",
"usedByEntrypoint": true,
"metadata": {
"deps.path[0]": "MyApp.deps.json",
"deps.rid[0]": "linux-x64",
"deps.rid[1]": "win-x64",
"deps.tfm[0]": ".NETCoreApp,Version=v10.0",
"license.expression[0]": "Apache-2.0",
"native[0].assetPath": "runtimes/linux-x64/native/libstellaopsnative.so",
"native[0].path": "runtimes/linux-x64/native/libstellaopsnative.so",
"native[0].rid[0]": "linux-x64",
"native[0].sha256": "c22d4a6584a3bb8fad4d255d1ab9e5a80d553eec35ea8dfcc2dd750e8581d3cb",
"native[0].tfm[0]": ".NETCoreApp,Version=v10.0",
"native[1].assetPath": "runtimes/win-x64/native/stellaopsnative.dll",
"native[1].rid[0]": "win-x64",
"native[1].tfm[0]": ".NETCoreApp,Version=v10.0",
"package.hashPath[0]": "stellaops.runtime.selfcontained.2.1.0.nupkg.sha512",
"package.id": "StellaOps.Runtime.SelfContained",
"package.id.normalized": "stellaops.runtime.selfcontained",
"package.path[0]": "stellaops.runtime.selfcontained/2.1.0",
"package.serviceable": "true",
"package.sha512[0]": "sha512-FAKE_RUNTIME_SHA==",
"package.version": "2.1.0",
"provenance": "manifest"
},
"evidence": [
{
"kind": "file",
"source": "deps.json",
"locator": "MyApp.deps.json",
"value": "StellaOps.Runtime.SelfContained/2.1.0"
},
{
"kind": "file",
"source": "native",
"locator": "runtimes/linux-x64/native/libstellaopsnative.so",
"value": "runtimes/linux-x64/native/libstellaopsnative.so",
"sha256": "c22d4a6584a3bb8fad4d255d1ab9e5a80d553eec35ea8dfcc2dd750e8581d3cb"
}
]
},
{
"analyzerId": "dotnet",
"componentKey": "purl::pkg:nuget/stellaops.toolkit@1.2.3",
"purl": "pkg:nuget/stellaops.toolkit@1.2.3",
"name": "StellaOps.Toolkit",
"version": "1.2.3",
"type": "nuget",
"usedByEntrypoint": false,
"metadata": {
"assembly[0].assetPath": "lib/net10.0/StellaOps.Toolkit.dll",
"assembly[0].fileVersion": "1.2.3.0",
"assembly[0].rid[0]": "linux-x64",
"assembly[0].rid[1]": "win-x64",
"assembly[0].tfm[0]": ".NETCoreApp,Version=v10.0",
"assembly[0].version": "1.2.3.0",
"deps.path[0]": "MyApp.deps.json",
"deps.rid[0]": "linux-x64",
"deps.rid[1]": "win-x64",
"deps.tfm[0]": ".NETCoreApp,Version=v10.0",
"license.file.sha256[0]": "1c05159789c5dd80b97e7a20dc2b7b716e63514f3a8d40b2f593030973a9fcdb",
"license.file[0]": "packages/stellaops.toolkit/1.2.3/LICENSE.txt",
"package.hashPath[0]": "stellaops.toolkit.1.2.3.nupkg.sha512",
"package.id": "StellaOps.Toolkit",
"package.id.normalized": "stellaops.toolkit",
"package.path[0]": "stellaops.toolkit/1.2.3",
"package.serviceable": "true",
"package.sha512[0]": "sha512-FAKE_TOOLKIT_SHA==",
"package.version": "1.2.3",
"provenance": "manifest"
},
"evidence": [
{
"kind": "file",
"source": "deps.json",
"locator": "MyApp.deps.json",
"value": "StellaOps.Toolkit/1.2.3"
},
{
"kind": "file",
"source": "license",
"locator": "packages/stellaops.toolkit/1.2.3/LICENSE.txt",
"sha256": "1c05159789c5dd80b97e7a20dc2b7b716e63514f3a8d40b2f593030973a9fcdb"
}
]
}
]

172
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Tests/Fixtures/lang/dotnet/simple/expected.json
View File

@@ -1,87 +1,87 @@
[
{
"analyzerId": "dotnet",
"componentKey": "purl::pkg:nuget/microsoft.extensions.logging@9.0.0",
"purl": "pkg:nuget/microsoft.extensions.logging@9.0.0",
"name": "Microsoft.Extensions.Logging",
"version": "9.0.0",
"type": "nuget",
"usedByEntrypoint": false,
"metadata": {
"assembly[0].assetPath": "lib/net9.0/Microsoft.Extensions.Logging.dll",
"assembly[0].fileVersion": "9.0.24.52809",
"assembly[0].tfm[0]": ".NETCoreApp,Version=v10.0",
"assembly[0].version": "9.0.0.0",
"assembly[1].assetPath": "runtimes/linux-x64/lib/net9.0/Microsoft.Extensions.Logging.dll",
"assembly[1].rid[0]": "linux-x64",
"assembly[1].tfm[0]": ".NETCoreApp,Version=v10.0",
"assembly[2].assetPath": "runtimes/win-x86/lib/net9.0/Microsoft.Extensions.Logging.dll",
"assembly[2].rid[0]": "win-x86",
"assembly[2].tfm[0]": ".NETCoreApp,Version=v10.0",
"deps.path[0]": "Sample.App.deps.json",
"deps.rid[0]": "linux-x64",
"deps.rid[1]": "win-x86",
"deps.tfm[0]": ".NETCoreApp,Version=v10.0",
"license.expression[0]": "MIT",
"package.hashPath[0]": "microsoft.extensions.logging.9.0.0.nupkg.sha512",
"package.id": "Microsoft.Extensions.Logging",
"package.id.normalized": "microsoft.extensions.logging",
"package.path[0]": "microsoft.extensions.logging/9.0.0",
"package.serviceable": "true",
"package.sha512[0]": "sha512-FAKE_LOGGING_SHA==",
"package.version": "9.0.0",
"provenance": "manifest"
},
"evidence": [
{
"kind": "file",
"source": "deps.json",
"locator": "Sample.App.deps.json",
"value": "Microsoft.Extensions.Logging/9.0.0"
}
]
},
{
"analyzerId": "dotnet",
"componentKey": "purl::pkg:nuget/stellaops.toolkit@1.2.3",
"purl": "pkg:nuget/stellaops.toolkit@1.2.3",
"name": "StellaOps.Toolkit",
"version": "1.2.3",
"type": "nuget",
"usedByEntrypoint": false,
"metadata": {
"assembly[0].assetPath": "lib/net10.0/StellaOps.Toolkit.dll",
"assembly[0].fileVersion": "1.2.3.0",
"assembly[0].tfm[0]": ".NETCoreApp,Version=v10.0",
"assembly[0].version": "1.2.3.0",
"deps.dependency[0]": "microsoft.extensions.logging",
"deps.path[0]": "Sample.App.deps.json",
"deps.rid[0]": "linux-x64",
"deps.tfm[0]": ".NETCoreApp,Version=v10.0",
"license.file.sha256[0]": "604e182900b0ecb1ffb911c817bcbd148a31b8f55ad392a3b770be8005048c5c",
"license.file[0]": "packages/stellaops.toolkit/1.2.3/LICENSE.txt",
"package.hashPath[0]": "stellaops.toolkit.1.2.3.nupkg.sha512",
"package.id": "StellaOps.Toolkit",
"package.id.normalized": "stellaops.toolkit",
"package.path[0]": "stellaops.toolkit/1.2.3",
"package.serviceable": "true",
"package.sha512[0]": "sha512-FAKE_TOOLKIT_SHA==",
"package.version": "1.2.3",
"provenance": "manifest"
},
"evidence": [
{
"kind": "file",
"source": "deps.json",
"locator": "Sample.App.deps.json",
"value": "StellaOps.Toolkit/1.2.3"
},
{
"kind": "file",
"source": "license",
"locator": "packages/stellaops.toolkit/1.2.3/LICENSE.txt",
"sha256": "604e182900b0ecb1ffb911c817bcbd148a31b8f55ad392a3b770be8005048c5c"
}
]
}
[
{
"analyzerId": "dotnet",
"componentKey": "purl::pkg:nuget/microsoft.extensions.logging@9.0.0",
"purl": "pkg:nuget/microsoft.extensions.logging@9.0.0",
"name": "Microsoft.Extensions.Logging",
"version": "9.0.0",
"type": "nuget",
"usedByEntrypoint": false,
"metadata": {
"assembly[0].assetPath": "lib/net9.0/Microsoft.Extensions.Logging.dll",
"assembly[0].fileVersion": "9.0.24.52809",
"assembly[0].tfm[0]": ".NETCoreApp,Version=v10.0",
"assembly[0].version": "9.0.0.0",
"assembly[1].assetPath": "runtimes/linux-x64/lib/net9.0/Microsoft.Extensions.Logging.dll",
"assembly[1].rid[0]": "linux-x64",
"assembly[1].tfm[0]": ".NETCoreApp,Version=v10.0",
"assembly[2].assetPath": "runtimes/win-x86/lib/net9.0/Microsoft.Extensions.Logging.dll",
"assembly[2].rid[0]": "win-x86",
"assembly[2].tfm[0]": ".NETCoreApp,Version=v10.0",
"deps.path[0]": "Sample.App.deps.json",
"deps.rid[0]": "linux-x64",
"deps.rid[1]": "win-x86",
"deps.tfm[0]": ".NETCoreApp,Version=v10.0",
"license.expression[0]": "MIT",
"package.hashPath[0]": "microsoft.extensions.logging.9.0.0.nupkg.sha512",
"package.id": "Microsoft.Extensions.Logging",
"package.id.normalized": "microsoft.extensions.logging",
"package.path[0]": "microsoft.extensions.logging/9.0.0",
"package.serviceable": "true",
"package.sha512[0]": "sha512-FAKE_LOGGING_SHA==",
"package.version": "9.0.0",
"provenance": "manifest"
},
"evidence": [
{
"kind": "file",
"source": "deps.json",
"locator": "Sample.App.deps.json",
"value": "Microsoft.Extensions.Logging/9.0.0"
}
]
},
{
"analyzerId": "dotnet",
"componentKey": "purl::pkg:nuget/stellaops.toolkit@1.2.3",
"purl": "pkg:nuget/stellaops.toolkit@1.2.3",
"name": "StellaOps.Toolkit",
"version": "1.2.3",
"type": "nuget",
"usedByEntrypoint": false,
"metadata": {
"assembly[0].assetPath": "lib/net10.0/StellaOps.Toolkit.dll",
"assembly[0].fileVersion": "1.2.3.0",
"assembly[0].tfm[0]": ".NETCoreApp,Version=v10.0",
"assembly[0].version": "1.2.3.0",
"deps.dependency[0]": "microsoft.extensions.logging",
"deps.path[0]": "Sample.App.deps.json",
"deps.rid[0]": "linux-x64",
"deps.tfm[0]": ".NETCoreApp,Version=v10.0",
"license.file.sha256[0]": "09065a51df7b52a7183d6ceae2c201e5629bc9b5c5347a0890667a3aa3f65623",
"license.file[0]": "packages/stellaops.toolkit/1.2.3/LICENSE.txt",
"package.hashPath[0]": "stellaops.toolkit.1.2.3.nupkg.sha512",
"package.id": "StellaOps.Toolkit",
"package.id.normalized": "stellaops.toolkit",
"package.path[0]": "stellaops.toolkit/1.2.3",
"package.serviceable": "true",
"package.sha512[0]": "sha512-FAKE_TOOLKIT_SHA==",
"package.version": "1.2.3",
"provenance": "manifest"
},
"evidence": [
{
"kind": "file",
"source": "deps.json",
"locator": "Sample.App.deps.json",
"value": "StellaOps.Toolkit/1.2.3"
},
{
"kind": "file",
"source": "license",
"locator": "packages/stellaops.toolkit/1.2.3/LICENSE.txt",
"sha256": "09065a51df7b52a7183d6ceae2c201e5629bc9b5c5347a0890667a3aa3f65623"
}
]
}
]

92
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Tests/Fixtures/lang/ruby/basic/expected.json
View File

@@ -1,65 +1,65 @@
[
{
analyzerId: ruby,
componentKey: purl::pkg:gem/custom-gem@1.0.0,
purl: pkg:gem/custom-gem@1.0.0,
name: custom-gem,
version: 1.0.0,
type: gem,
usedByEntrypoint: false,
metadata: {
declaredOnly: true,
lockfile: vendor/cache/custom-gem-1.0.0.gem,
source: vendor-cache
"analyzerId": "ruby",
"componentKey": "purl::pkg:gem/custom-gem@1.0.0",
"purl": "pkg:gem/custom-gem@1.0.0",
"name": "custom-gem",
"version": "1.0.0",
"type": "gem",
"usedByEntrypoint": false,
"metadata": {
"declaredOnly": "true",
"lockfile": "vendor/cache/custom-gem-1.0.0.gem",
"source": "vendor-cache"
},
evidence: [
"evidence": [
{
kind: file,
source: vendor-cache,
locator: vendor/cache/custom-gem-1.0.0.gem
"kind": "file",
"source": "Gemfile.lock",
"locator": "vendor/cache/custom-gem-1.0.0.gem"
}
]
},
{
analyzerId: ruby,
componentKey: purl::pkg:gem/puma@6.4.2,
purl: pkg:gem/puma@6.4.2,
name: puma,
version: 6.4.2,
type: gem,
usedByEntrypoint: false,
metadata: {
declaredOnly: true,
lockfile: Gemfile.lock,
source: rubygems
"analyzerId": "ruby",
"componentKey": "purl::pkg:gem/puma@6.4.2",
"purl": "pkg:gem/puma@6.4.2",
"name": "puma",
"version": "6.4.2",
"type": "gem",
"usedByEntrypoint": false,
"metadata": {
"declaredOnly": "true",
"lockfile": "Gemfile.lock",
"source": "https://rubygems.org/"
},
evidence: [
"evidence": [
{
kind: file,
source: rubygems,
locator: Gemfile.lock
"kind": "file",
"source": "Gemfile.lock",
"locator": "Gemfile.lock"
}
]
},
{
analyzerId: ruby,
componentKey: purl::pkg:gem/rake@13.1.0,
purl: pkg:gem/rake@13.1.0,
name: rake,
version: 13.1.0,
type: gem,
usedByEntrypoint: false,
metadata: {
declaredOnly: true,
lockfile: Gemfile.lock,
source: rubygems
"analyzerId": "ruby",
"componentKey": "purl::pkg:gem/rake@13.1.0",
"purl": "pkg:gem/rake@13.1.0",
"name": "rake",
"version": "13.1.0",
"type": "gem",
"usedByEntrypoint": false,
"metadata": {
"declaredOnly": "true",
"lockfile": "Gemfile.lock",
"source": "https://rubygems.org/"
},
evidence: [
"evidence": [
{
kind: file,
source: rubygems,
locator: Gemfile.lock
"kind": "file",
"source": "Gemfile.lock",
"locator": "Gemfile.lock"
}
]
}
]
]

5
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Tests/Fixtures/lang/rust/fallback/expected.json
View File

@@ -2,9 +2,7 @@
{
"analyzerId": "rust",
"componentKey": "bin::sha256:10f3c03766e4403be40add0467a2b2d07fd7006e4b8515ab88740ffa327ea775",
"purl": null,
"name": "opaque_bin",
"version": null,
"type": "bin",
"usedByEntrypoint": true,
"metadata": {
@@ -17,9 +15,8 @@
"kind": "file",
"source": "binary",
"locator": "usr/local/bin/opaque_bin",
"value": null,
"sha256": "10f3c03766e4403be40add0467a2b2d07fd7006e4b8515ab88740ffa327ea775"
}
]
}
]
]

7
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Tests/Lang/Ruby/RubyLanguageAnalyzerTests.cs
View File

@@ -9,11 +9,12 @@ public sealed class RubyLanguageAnalyzerTests
[Fact]
public async Task GemfileLockProducesDeterministicInventoryAsync()
{
var fixture = TestPaths.ResolveFixture(lang, ruby, basic);
var golden = Path.Combine(fixture, expected.json);
var fixture = TestPaths.ResolveFixture("lang", "ruby", "basic");
var golden = Path.Combine(fixture, "expected.json");
await LanguageAnalyzerTestHarness.AssertDeterministicAsync(
fixture,
golden,
new ILanguageAnalyzer[] { new RubyLanguageAnalyzer() });
new ILanguageAnalyzer[] { new RubyLanguageAnalyzer() },
cancellationToken: TestContext.Current.CancellationToken);
}
}