stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

save progress

Browse Source
This commit is contained in:
StellaOps Bot
2026-01-06 09:42:02 +02:00
parent 94d68bee8b
commit 37e11918e0
443 changed files with 85863 additions and 897 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/ApprovalEndpointsTests.cs
View File

@@ -57,12 +57,12 @@ public sealed class ApprovalEndpointsTests : IDisposable
};
// Act
var response = await _client.PostAsJsonAsync($"/api/v1/scans/{scanId}/approvals", request);
var response = await _client.PostAsJsonAsync($"/api/v1/scans/{scanId}/approvals", request, TestContext.Current.CancellationToken);
// Assert
Assert.Equal(HttpStatusCode.Created, response.StatusCode);
var approval = await response.Content.ReadFromJsonAsync<ApprovalResponse>();
var approval = await response.Content.ReadFromJsonAsync<ApprovalResponse>(TestContext.Current.CancellationToken);
Assert.NotNull(approval);
Assert.Equal("CVE-2024-12345", approval!.FindingId);
Assert.Equal("AcceptRisk", approval.Decision);
@@ -83,7 +83,7 @@ public sealed class ApprovalEndpointsTests : IDisposable
};
// Act
var response = await _client.PostAsJsonAsync($"/api/v1/scans/{scanId}/approvals", request);
var response = await _client.PostAsJsonAsync($"/api/v1/scans/{scanId}/approvals", request, TestContext.Current.CancellationToken);
// Assert
Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
@@ -102,7 +102,7 @@ public sealed class ApprovalEndpointsTests : IDisposable
};
// Act
var response = await _client.PostAsJsonAsync($"/api/v1/scans/{scanId}/approvals", request);
var response = await _client.PostAsJsonAsync($"/api/v1/scans/{scanId}/approvals", request, TestContext.Current.CancellationToken);
// Assert
Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
@@ -121,7 +121,7 @@ public sealed class ApprovalEndpointsTests : IDisposable
};
// Act
var response = await _client.PostAsJsonAsync($"/api/v1/scans/{scanId}/approvals", request);
var response = await _client.PostAsJsonAsync($"/api/v1/scans/{scanId}/approvals", request, TestContext.Current.CancellationToken);
// Assert
Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
@@ -168,12 +168,12 @@ public sealed class ApprovalEndpointsTests : IDisposable
};
// Act
var response = await _client.PostAsJsonAsync($"/api/v1/scans/{scanId}/approvals", request);
var response = await _client.PostAsJsonAsync($"/api/v1/scans/{scanId}/approvals", request, TestContext.Current.CancellationToken);
// Assert
Assert.Equal(HttpStatusCode.Created, response.StatusCode);
var approval = await response.Content.ReadFromJsonAsync<ApprovalResponse>();
var approval = await response.Content.ReadFromJsonAsync<ApprovalResponse>(TestContext.Current.CancellationToken);
Assert.NotNull(approval);
Assert.Equal(decision, approval!.Decision);
}
@@ -189,7 +189,7 @@ public sealed class ApprovalEndpointsTests : IDisposable
var scanId = await CreateTestScanAsync();
// Act
var response = await _client.GetAsync($"/api/v1/scans/{scanId}/approvals");
var response = await _client.GetAsync($"/api/v1/scans/{scanId}/approvals", TestContext.Current.CancellationToken);
// Assert
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
@@ -222,7 +222,7 @@ public sealed class ApprovalEndpointsTests : IDisposable
});
// Act
var response = await _client.GetAsync($"/api/v1/scans/{scanId}/approvals");
var response = await _client.GetAsync($"/api/v1/scans/{scanId}/approvals", TestContext.Current.CancellationToken);
// Assert
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
@@ -253,7 +253,7 @@ public sealed class ApprovalEndpointsTests : IDisposable
// Assert
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
var approval = await response.Content.ReadFromJsonAsync<ApprovalResponse>();
var approval = await response.Content.ReadFromJsonAsync<ApprovalResponse>(TestContext.Current.CancellationToken);
Assert.NotNull(approval);
Assert.Equal(findingId, approval!.FindingId);
Assert.Equal("Suppress", approval.Decision);
@@ -328,7 +328,7 @@ public sealed class ApprovalEndpointsTests : IDisposable
await _client.DeleteAsync($"/api/v1/scans/{scanId}/approvals/{findingId}");
// Act
var response = await _client.GetAsync($"/api/v1/scans/{scanId}/approvals");
var response = await _client.GetAsync($"/api/v1/scans/{scanId}/approvals", TestContext.Current.CancellationToken);
// Assert
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
@@ -361,7 +361,7 @@ public sealed class ApprovalEndpointsTests : IDisposable
// Assert
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
var approval = await response.Content.ReadFromJsonAsync<ApprovalResponse>();
var approval = await response.Content.ReadFromJsonAsync<ApprovalResponse>(TestContext.Current.CancellationToken);
Assert.NotNull(approval);
Assert.True(approval!.IsRevoked);
}

16
src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/BaselineEndpointsTests.cs
View File

@@ -27,10 +27,10 @@ public sealed class BaselineEndpointsTests
using var factory = new ScannerApplicationFactory();
using var client = factory.CreateClient();
var response = await client.GetAsync("/api/v1/baselines/recommendations/sha256:artifact123");
var response = await client.GetAsync("/api/v1/baselines/recommendations/sha256:artifact123", TestContext.Current.CancellationToken);
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
var result = await response.Content.ReadFromJsonAsync<BaselineRecommendationsResponseDto>(SerializerOptions);
var result = await response.Content.ReadFromJsonAsync<BaselineRecommendationsResponseDto>(SerializerOptions, TestContext.Current.CancellationToken);
Assert.NotNull(result);
Assert.Equal("sha256:artifact123", result!.ArtifactDigest);
Assert.NotEmpty(result.Recommendations);
@@ -44,10 +44,10 @@ public sealed class BaselineEndpointsTests
using var factory = new ScannerApplicationFactory();
using var client = factory.CreateClient();
var response = await client.GetAsync("/api/v1/baselines/recommendations/sha256:artifact123?environment=production");
var response = await client.GetAsync("/api/v1/baselines/recommendations/sha256:artifact123?environment=production", TestContext.Current.CancellationToken);
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
var result = await response.Content.ReadFromJsonAsync<BaselineRecommendationsResponseDto>(SerializerOptions);
var result = await response.Content.ReadFromJsonAsync<BaselineRecommendationsResponseDto>(SerializerOptions, TestContext.Current.CancellationToken);
Assert.NotNull(result);
Assert.NotEmpty(result!.Recommendations);
}
@@ -59,8 +59,8 @@ public sealed class BaselineEndpointsTests
using var factory = new ScannerApplicationFactory();
using var client = factory.CreateClient();
var response = await client.GetAsync("/api/v1/baselines/recommendations/sha256:artifact123");
var result = await response.Content.ReadFromJsonAsync<BaselineRecommendationsResponseDto>(SerializerOptions);
var response = await client.GetAsync("/api/v1/baselines/recommendations/sha256:artifact123", TestContext.Current.CancellationToken);
var result = await response.Content.ReadFromJsonAsync<BaselineRecommendationsResponseDto>(SerializerOptions, TestContext.Current.CancellationToken);
Assert.NotNull(result);
foreach (var rec in result!.Recommendations)
@@ -112,8 +112,8 @@ public sealed class BaselineEndpointsTests
using var factory = new ScannerApplicationFactory();
using var client = factory.CreateClient();
var response = await client.GetAsync("/api/v1/baselines/recommendations/sha256:artifact123");
var result = await response.Content.ReadFromJsonAsync<BaselineRecommendationsResponseDto>(SerializerOptions);
var response = await client.GetAsync("/api/v1/baselines/recommendations/sha256:artifact123", TestContext.Current.CancellationToken);
var result = await response.Content.ReadFromJsonAsync<BaselineRecommendationsResponseDto>(SerializerOptions, TestContext.Current.CancellationToken);
Assert.NotNull(result);
Assert.NotEmpty(result!.Recommendations);

6
src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/CallGraphEndpointsTests.cs
View File

@@ -24,7 +24,7 @@ public sealed class CallGraphEndpointsTests
var scanId = await CreateScanAsync(client);
var request = CreateMinimalCallGraph(scanId);
var response = await client.PostAsJsonAsync($"/api/v1/scans/{scanId}/callgraphs", request);
var response = await client.PostAsJsonAsync($"/api/v1/scans/{scanId}/callgraphs", request, TestContext.Current.CancellationToken);
Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
}
@@ -49,10 +49,10 @@ public sealed class CallGraphEndpointsTests
};
httpRequest.Headers.TryAddWithoutValidation("Content-Digest", "sha256:deadbeef");
var first = await client.SendAsync(httpRequest);
var first = await client.SendAsync(httpRequest, TestContext.Current.CancellationToken);
Assert.Equal(HttpStatusCode.Accepted, first.StatusCode);
var payload = await first.Content.ReadFromJsonAsync<CallGraphAcceptedResponseDto>();
var payload = await first.Content.ReadFromJsonAsync<CallGraphAcceptedResponseDto>(TestContext.Current.CancellationToken);
Assert.NotNull(payload);
Assert.False(string.IsNullOrWhiteSpace(payload!.CallgraphId));
Assert.Equal("sha256:deadbeef", payload.Digest);

28
src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/CounterfactualEndpointsTests.cs
View File

@@ -35,10 +35,10 @@ public sealed class CounterfactualEndpointsTests
CurrentVerdict = "Block"
};
var response = await client.PostAsJsonAsync("/api/v1/counterfactuals/compute", request);
var response = await client.PostAsJsonAsync("/api/v1/counterfactuals/compute", request, TestContext.Current.CancellationToken);
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
var result = await response.Content.ReadFromJsonAsync<CounterfactualResponseDto>(SerializerOptions);
var result = await response.Content.ReadFromJsonAsync<CounterfactualResponseDto>(SerializerOptions, TestContext.Current.CancellationToken);
Assert.NotNull(result);
Assert.Equal("finding-123", result!.FindingId);
Assert.Equal("Block", result.CurrentVerdict);
@@ -60,7 +60,7 @@ public sealed class CounterfactualEndpointsTests
VulnId = "CVE-2021-44228"
};
var response = await client.PostAsJsonAsync("/api/v1/counterfactuals/compute", request);
var response = await client.PostAsJsonAsync("/api/v1/counterfactuals/compute", request, TestContext.Current.CancellationToken);
Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
}
@@ -78,8 +78,8 @@ public sealed class CounterfactualEndpointsTests
CurrentVerdict = "Block"
};
var response = await client.PostAsJsonAsync("/api/v1/counterfactuals/compute", request);
var result = await response.Content.ReadFromJsonAsync<CounterfactualResponseDto>(SerializerOptions);
var response = await client.PostAsJsonAsync("/api/v1/counterfactuals/compute", request, TestContext.Current.CancellationToken);
var result = await response.Content.ReadFromJsonAsync<CounterfactualResponseDto>(SerializerOptions, TestContext.Current.CancellationToken);
Assert.NotNull(result);
Assert.Contains(result!.Paths, p => p.Type == "Vex");
@@ -99,8 +99,8 @@ public sealed class CounterfactualEndpointsTests
CurrentVerdict = "Block"
};
var response = await client.PostAsJsonAsync("/api/v1/counterfactuals/compute", request);
var result = await response.Content.ReadFromJsonAsync<CounterfactualResponseDto>(SerializerOptions);
var response = await client.PostAsJsonAsync("/api/v1/counterfactuals/compute", request, TestContext.Current.CancellationToken);
var result = await response.Content.ReadFromJsonAsync<CounterfactualResponseDto>(SerializerOptions, TestContext.Current.CancellationToken);
Assert.NotNull(result);
Assert.Contains(result!.Paths, p => p.Type == "Reachability");
@@ -120,8 +120,8 @@ public sealed class CounterfactualEndpointsTests
CurrentVerdict = "Block"
};
var response = await client.PostAsJsonAsync("/api/v1/counterfactuals/compute", request);
var result = await response.Content.ReadFromJsonAsync<CounterfactualResponseDto>(SerializerOptions);
var response = await client.PostAsJsonAsync("/api/v1/counterfactuals/compute", request, TestContext.Current.CancellationToken);
var result = await response.Content.ReadFromJsonAsync<CounterfactualResponseDto>(SerializerOptions, TestContext.Current.CancellationToken);
Assert.NotNull(result);
Assert.Contains(result!.Paths, p => p.Type == "Exception");
@@ -142,8 +142,8 @@ public sealed class CounterfactualEndpointsTests
MaxPaths = 2
};
var response = await client.PostAsJsonAsync("/api/v1/counterfactuals/compute", request);
var result = await response.Content.ReadFromJsonAsync<CounterfactualResponseDto>(SerializerOptions);
var response = await client.PostAsJsonAsync("/api/v1/counterfactuals/compute", request, TestContext.Current.CancellationToken);
var result = await response.Content.ReadFromJsonAsync<CounterfactualResponseDto>(SerializerOptions, TestContext.Current.CancellationToken);
Assert.NotNull(result);
Assert.True(result!.Paths.Count <= 2);
@@ -159,7 +159,7 @@ public sealed class CounterfactualEndpointsTests
var response = await client.GetAsync("/api/v1/counterfactuals/finding/finding-123");
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
var result = await response.Content.ReadFromJsonAsync<CounterfactualResponseDto>(SerializerOptions);
var result = await response.Content.ReadFromJsonAsync<CounterfactualResponseDto>(SerializerOptions, TestContext.Current.CancellationToken);
Assert.NotNull(result);
Assert.Equal("finding-123", result!.FindingId);
}
@@ -212,8 +212,8 @@ public sealed class CounterfactualEndpointsTests
CurrentVerdict = "Block"
};
var response = await client.PostAsJsonAsync("/api/v1/counterfactuals/compute", request);
var result = await response.Content.ReadFromJsonAsync<CounterfactualResponseDto>(SerializerOptions);
var response = await client.PostAsJsonAsync("/api/v1/counterfactuals/compute", request, TestContext.Current.CancellationToken);
var result = await response.Content.ReadFromJsonAsync<CounterfactualResponseDto>(SerializerOptions, TestContext.Current.CancellationToken);
Assert.NotNull(result);
foreach (var path in result!.Paths)

8
src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/DeltaCompareEndpointsTests.cs
View File

@@ -36,10 +36,10 @@ public sealed class DeltaCompareEndpointsTests
IncludePolicyDiff = true
};
var response = await client.PostAsJsonAsync("/api/v1/delta/compare", request);
var response = await client.PostAsJsonAsync("/api/v1/delta/compare", request, TestContext.Current.CancellationToken);
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
var result = await response.Content.ReadFromJsonAsync<DeltaCompareResponseDto>(SerializerOptions);
var result = await response.Content.ReadFromJsonAsync<DeltaCompareResponseDto>(SerializerOptions, TestContext.Current.CancellationToken);
Assert.NotNull(result);
Assert.NotNull(result!.Base);
Assert.NotNull(result.Target);
@@ -62,7 +62,7 @@ public sealed class DeltaCompareEndpointsTests
TargetDigest = "sha256:target456"
};
var response = await client.PostAsJsonAsync("/api/v1/delta/compare", request);
var response = await client.PostAsJsonAsync("/api/v1/delta/compare", request, TestContext.Current.CancellationToken);
Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
}
@@ -79,7 +79,7 @@ public sealed class DeltaCompareEndpointsTests
TargetDigest = ""
};
var response = await client.PostAsJsonAsync("/api/v1/delta/compare", request);
var response = await client.PostAsJsonAsync("/api/v1/delta/compare", request, TestContext.Current.CancellationToken);
Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
}

16
src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/EpssEndpointsTests.cs
View File

@@ -50,11 +50,11 @@ public sealed class EpssEndpointsTests : IDisposable
[Fact(DisplayName = "POST /epss/current rejects empty CVE list")]
public async Task PostCurrentBatch_EmptyList_ReturnsBadRequest()
{
var response = await _client.PostAsJsonAsync("/api/v1/epss/current", new { cveIds = Array.Empty<string>() });
var response = await _client.PostAsJsonAsync("/api/v1/epss/current", new { cveIds = Array.Empty<string>() }, TestContext.Current.CancellationToken);
Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
var problem = await response.Content.ReadFromJsonAsync<ProblemDetails>();
var problem = await response.Content.ReadFromJsonAsync<ProblemDetails>(TestContext.Current.CancellationToken);
Assert.NotNull(problem);
Assert.Equal("Invalid request", problem!.Title);
}
@@ -64,11 +64,11 @@ public sealed class EpssEndpointsTests : IDisposable
{
var cveIds = Enumerable.Range(1, 1001).Select(i => $"CVE-2025-{i:D5}").ToArray();
var response = await _client.PostAsJsonAsync("/api/v1/epss/current", new { cveIds });
var response = await _client.PostAsJsonAsync("/api/v1/epss/current", new { cveIds }, TestContext.Current.CancellationToken);
Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
var problem = await response.Content.ReadFromJsonAsync<ProblemDetails>();
var problem = await response.Content.ReadFromJsonAsync<ProblemDetails>(TestContext.Current.CancellationToken);
Assert.NotNull(problem);
Assert.Equal("Batch size exceeded", problem!.Title);
}
@@ -82,7 +82,7 @@ public sealed class EpssEndpointsTests : IDisposable
Assert.Equal(HttpStatusCode.ServiceUnavailable, response.StatusCode);
var problem = await response.Content.ReadFromJsonAsync<ProblemDetails>();
var problem = await response.Content.ReadFromJsonAsync<ProblemDetails>(TestContext.Current.CancellationToken);
Assert.NotNull(problem);
Assert.Equal(503, problem!.Status);
Assert.Contains("EPSS data is not available", problem.Detail, StringComparison.Ordinal);
@@ -133,7 +133,7 @@ public sealed class EpssEndpointsTests : IDisposable
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
var problem = await response.Content.ReadFromJsonAsync<ProblemDetails>();
var problem = await response.Content.ReadFromJsonAsync<ProblemDetails>(TestContext.Current.CancellationToken);
Assert.NotNull(problem);
Assert.Equal("CVE not found", problem!.Title);
}
@@ -168,7 +168,7 @@ public sealed class EpssEndpointsTests : IDisposable
Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
var problem = await response.Content.ReadFromJsonAsync<ProblemDetails>();
var problem = await response.Content.ReadFromJsonAsync<ProblemDetails>(TestContext.Current.CancellationToken);
Assert.NotNull(problem);
Assert.Equal("Invalid date format", problem!.Title);
}
@@ -180,7 +180,7 @@ public sealed class EpssEndpointsTests : IDisposable
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
var problem = await response.Content.ReadFromJsonAsync<ProblemDetails>();
var problem = await response.Content.ReadFromJsonAsync<ProblemDetails>(TestContext.Current.CancellationToken);
Assert.NotNull(problem);
Assert.Equal("No history found", problem!.Title);
}

40
src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/Integration/TriageWorkflowIntegrationTests.cs
View File

@@ -37,7 +37,7 @@ public sealed class TriageWorkflowIntegrationTests : IClassFixture<ScannerApplic
var request = "/api/v1/alerts?page=1&pageSize=25";
// Act
var response = await _client.GetAsync(request);
var response = await _client.GetAsync(request, TestContext.Current.CancellationToken);
// Assert
response.StatusCode.Should().BeOneOf(HttpStatusCode.OK, HttpStatusCode.NotFound);
@@ -50,7 +50,7 @@ public sealed class TriageWorkflowIntegrationTests : IClassFixture<ScannerApplic
var request = "/api/v1/alerts?band=HOT&page=1&pageSize=25";
// Act
var response = await _client.GetAsync(request);
var response = await _client.GetAsync(request, TestContext.Current.CancellationToken);
// Assert
response.StatusCode.Should().BeOneOf(HttpStatusCode.OK, HttpStatusCode.NotFound);
@@ -63,7 +63,7 @@ public sealed class TriageWorkflowIntegrationTests : IClassFixture<ScannerApplic
var request = "/api/v1/alerts?severity=CRITICAL,HIGH&page=1";
// Act
var response = await _client.GetAsync(request);
var response = await _client.GetAsync(request, TestContext.Current.CancellationToken);
// Assert
response.StatusCode.Should().BeOneOf(HttpStatusCode.OK, HttpStatusCode.NotFound);
@@ -76,7 +76,7 @@ public sealed class TriageWorkflowIntegrationTests : IClassFixture<ScannerApplic
var request = "/api/v1/alerts?status=open&page=1";
// Act
var response = await _client.GetAsync(request);
var response = await _client.GetAsync(request, TestContext.Current.CancellationToken);
// Assert
response.StatusCode.Should().BeOneOf(HttpStatusCode.OK, HttpStatusCode.NotFound);
@@ -89,7 +89,7 @@ public sealed class TriageWorkflowIntegrationTests : IClassFixture<ScannerApplic
var request = "/api/v1/alerts?sortBy=score&sortOrder=desc&page=1";
// Act
var response = await _client.GetAsync(request);
var response = await _client.GetAsync(request, TestContext.Current.CancellationToken);
// Assert
response.StatusCode.Should().BeOneOf(HttpStatusCode.OK, HttpStatusCode.NotFound);
@@ -106,7 +106,7 @@ public sealed class TriageWorkflowIntegrationTests : IClassFixture<ScannerApplic
var request = "/api/v1/alerts/alert-nonexistent-12345";
// Act
var response = await _client.GetAsync(request);
var response = await _client.GetAsync(request, TestContext.Current.CancellationToken);
// Assert
response.StatusCode.Should().Be(HttpStatusCode.NotFound);
@@ -123,7 +123,7 @@ public sealed class TriageWorkflowIntegrationTests : IClassFixture<ScannerApplic
var request = "/api/v1/alerts/alert-nonexistent-12345/evidence";
// Act
var response = await _client.GetAsync(request);
var response = await _client.GetAsync(request, TestContext.Current.CancellationToken);
// Assert
response.StatusCode.Should().Be(HttpStatusCode.NotFound);
@@ -136,7 +136,7 @@ public sealed class TriageWorkflowIntegrationTests : IClassFixture<ScannerApplic
var request = "/api/v1/alerts/alert-12345/evidence?format=minimal";
// Act
var response = await _client.GetAsync(request);
var response = await _client.GetAsync(request, TestContext.Current.CancellationToken);
// Assert
response.StatusCode.Should().BeOneOf(HttpStatusCode.OK, HttpStatusCode.NotFound);
@@ -149,7 +149,7 @@ public sealed class TriageWorkflowIntegrationTests : IClassFixture<ScannerApplic
var request = "/api/v1/alerts/alert-12345/evidence?format=full";
// Act
var response = await _client.GetAsync(request);
var response = await _client.GetAsync(request, TestContext.Current.CancellationToken);
// Assert
response.StatusCode.Should().BeOneOf(HttpStatusCode.OK, HttpStatusCode.NotFound);
@@ -172,7 +172,7 @@ public sealed class TriageWorkflowIntegrationTests : IClassFixture<ScannerApplic
};
// Act
var response = await _client.PostAsJsonAsync(request, decision);
var response = await _client.PostAsJsonAsync(request, decision, TestContext.Current.CancellationToken);
// Assert
response.StatusCode.Should().Be(HttpStatusCode.NotFound);
@@ -190,7 +190,7 @@ public sealed class TriageWorkflowIntegrationTests : IClassFixture<ScannerApplic
};
// Act
var response = await _client.PostAsJsonAsync(request, decision);
var response = await _client.PostAsJsonAsync(request, decision, TestContext.Current.CancellationToken);
// Assert
response.StatusCode.Should().BeOneOf(
@@ -211,7 +211,7 @@ public sealed class TriageWorkflowIntegrationTests : IClassFixture<ScannerApplic
};
// Act
var response = await _client.PostAsJsonAsync(request, decision);
var response = await _client.PostAsJsonAsync(request, decision, TestContext.Current.CancellationToken);
// Assert
response.StatusCode.Should().BeOneOf(
@@ -231,7 +231,7 @@ public sealed class TriageWorkflowIntegrationTests : IClassFixture<ScannerApplic
var request = "/api/v1/alerts/alert-nonexistent-12345/audit";
// Act
var response = await _client.GetAsync(request);
var response = await _client.GetAsync(request, TestContext.Current.CancellationToken);
// Assert
response.StatusCode.Should().Be(HttpStatusCode.NotFound);
@@ -244,7 +244,7 @@ public sealed class TriageWorkflowIntegrationTests : IClassFixture<ScannerApplic
var request = "/api/v1/alerts/alert-12345/audit?page=1&pageSize=50";
// Act
var response = await _client.GetAsync(request);
var response = await _client.GetAsync(request, TestContext.Current.CancellationToken);
// Assert
response.StatusCode.Should().BeOneOf(HttpStatusCode.OK, HttpStatusCode.NotFound);
@@ -261,7 +261,7 @@ public sealed class TriageWorkflowIntegrationTests : IClassFixture<ScannerApplic
var request = "/api/v1/alerts/alert-nonexistent-12345/replay-token";
// Act
var response = await _client.GetAsync(request);
var response = await _client.GetAsync(request, TestContext.Current.CancellationToken);
// Assert
response.StatusCode.Should().Be(HttpStatusCode.NotFound);
@@ -275,7 +275,7 @@ public sealed class TriageWorkflowIntegrationTests : IClassFixture<ScannerApplic
var verifyRequest = new { token = "invalid-token-12345" };
// Act
var response = await _client.PostAsJsonAsync(request, verifyRequest);
var response = await _client.PostAsJsonAsync(request, verifyRequest, TestContext.Current.CancellationToken);
// Assert
response.StatusCode.Should().BeOneOf(
@@ -295,7 +295,7 @@ public sealed class TriageWorkflowIntegrationTests : IClassFixture<ScannerApplic
var request = "/api/v1/alerts/alert-nonexistent-12345/bundle";
// Act
var response = await _client.GetAsync(request);
var response = await _client.GetAsync(request, TestContext.Current.CancellationToken);
// Assert
response.StatusCode.Should().Be(HttpStatusCode.NotFound);
@@ -309,7 +309,7 @@ public sealed class TriageWorkflowIntegrationTests : IClassFixture<ScannerApplic
var bundleData = new { bundleId = "bundle-12345" };
// Act
var response = await _client.PostAsJsonAsync(request, bundleData);
var response = await _client.PostAsJsonAsync(request, bundleData, TestContext.Current.CancellationToken);
// Assert
response.StatusCode.Should().BeOneOf(
@@ -329,7 +329,7 @@ public sealed class TriageWorkflowIntegrationTests : IClassFixture<ScannerApplic
var request = "/api/v1/alerts/alert-nonexistent-12345/diff";
// Act
var response = await _client.GetAsync(request);
var response = await _client.GetAsync(request, TestContext.Current.CancellationToken);
// Assert
response.StatusCode.Should().Be(HttpStatusCode.NotFound);
@@ -342,7 +342,7 @@ public sealed class TriageWorkflowIntegrationTests : IClassFixture<ScannerApplic
var request = "/api/v1/alerts/alert-12345/diff?baseline=scan-001";
// Act
var response = await _client.GetAsync(request);
var response = await _client.GetAsync(request, TestContext.Current.CancellationToken);
// Assert
response.StatusCode.Should().BeOneOf(HttpStatusCode.OK, HttpStatusCode.NotFound);

16
src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/ManifestEndpointsTests.cs
View File

@@ -57,15 +57,15 @@ public sealed class ManifestEndpointsTests
CreatedAt = DateTimeOffset.UtcNow
};
await manifestRepository.SaveAsync(manifestRow);
await manifestRepository.SaveAsync(manifestRow, TestContext.Current.CancellationToken);
// Act
var response = await client.GetAsync($"/api/v1/scans/{scanId}/manifest");
var response = await client.GetAsync($"/api/v1/scans/{scanId}/manifest", TestContext.Current.CancellationToken);
// Assert
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
var manifest = await response.Content.ReadFromJsonAsync<ScanManifestResponse>();
var manifest = await response.Content.ReadFromJsonAsync<ScanManifestResponse>(TestContext.Current.CancellationToken);
Assert.NotNull(manifest);
Assert.Equal(scanId, manifest!.ScanId);
Assert.Equal("sha256:manifest123", manifest.ManifestHash);
@@ -86,7 +86,7 @@ public sealed class ManifestEndpointsTests
var scanId = Guid.NewGuid();
// Act
var response = await client.GetAsync($"/api/v1/scans/{scanId}/manifest");
var response = await client.GetAsync($"/api/v1/scans/{scanId}/manifest", TestContext.Current.CancellationToken);
// Assert
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
@@ -147,7 +147,7 @@ public sealed class ManifestEndpointsTests
CreatedAt = DateTimeOffset.UtcNow
};
await manifestRepository.SaveAsync(manifestRow);
await manifestRepository.SaveAsync(manifestRow, TestContext.Current.CancellationToken);
using var request = new HttpRequestMessage(HttpMethod.Get, $"/api/v1/scans/{scanId}/manifest");
request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue(DsseContentType));
@@ -195,15 +195,15 @@ public sealed class ManifestEndpointsTests
CreatedAt = DateTimeOffset.UtcNow
};
await manifestRepository.SaveAsync(manifestRow);
await manifestRepository.SaveAsync(manifestRow, TestContext.Current.CancellationToken);
// Act
var response = await client.GetAsync($"/api/v1/scans/{scanId}/manifest");
var response = await client.GetAsync($"/api/v1/scans/{scanId}/manifest", TestContext.Current.CancellationToken);
// Assert
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
var manifest = await response.Content.ReadFromJsonAsync<ScanManifestResponse>();
var manifest = await response.Content.ReadFromJsonAsync<ScanManifestResponse>(TestContext.Current.CancellationToken);
Assert.NotNull(manifest);
Assert.NotNull(manifest!.ContentDigest);
Assert.StartsWith("sha-256=", manifest.ContentDigest);

24
src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/Negative/ScannerNegativeTests.cs
View File

@@ -42,7 +42,7 @@ public sealed class ScannerNegativeTests : IClassFixture<ScannerApplicationFacto
using var client = _factory.CreateClient();
var content = new StringContent("{\"test\": true}", Encoding.UTF8, contentType);
var response = await client.PostAsync("/api/v1/scans", content);
var response = await client.PostAsync("/api/v1/scans", content, TestContext.Current.CancellationToken);
response.StatusCode.Should().Be(HttpStatusCode.UnsupportedMediaType,
$"POST with content-type '{contentType}' should return 415");
@@ -59,7 +59,7 @@ public sealed class ScannerNegativeTests : IClassFixture<ScannerApplicationFacto
var content = new StringContent("{\"test\": true}", Encoding.UTF8);
content.Headers.ContentType = null;
var response = await client.PostAsync("/api/v1/scans", content);
var response = await client.PostAsync("/api/v1/scans", content, TestContext.Current.CancellationToken);
// Should be either 415 or 400 depending on implementation
response.StatusCode.Should().BeOneOf(
@@ -84,7 +84,7 @@ public sealed class ScannerNegativeTests : IClassFixture<ScannerApplicationFacto
var largeContent = new string('x', 50 * 1024 * 1024);
var content = new StringContent($"{{\"data\": \"{largeContent}\"}}", Encoding.UTF8, "application/json");
var response = await client.PostAsync("/api/v1/scans", content);
var response = await client.PostAsync("/api/v1/scans", content, TestContext.Current.CancellationToken);
// Should be 413 or the request might timeout/fail
response.StatusCode.Should().BeOneOf(
@@ -109,7 +109,7 @@ public sealed class ScannerNegativeTests : IClassFixture<ScannerApplicationFacto
using var client = _factory.CreateClient();
var request = new HttpRequestMessage(new HttpMethod(method), endpoint);
var response = await client.SendAsync(request);
var response = await client.SendAsync(request, TestContext.Current.CancellationToken);
response.StatusCode.Should().Be(HttpStatusCode.MethodNotAllowed,
$"{method} {endpoint} should return 405");
@@ -128,7 +128,7 @@ public sealed class ScannerNegativeTests : IClassFixture<ScannerApplicationFacto
using var client = _factory.CreateClient();
var content = new StringContent("{ invalid json }", Encoding.UTF8, "application/json");
var response = await client.PostAsync("/api/v1/scans", content);
var response = await client.PostAsync("/api/v1/scans", content, TestContext.Current.CancellationToken);
response.StatusCode.Should().BeOneOf(
HttpStatusCode.BadRequest,
@@ -144,7 +144,7 @@ public sealed class ScannerNegativeTests : IClassFixture<ScannerApplicationFacto
using var client = _factory.CreateClient();
var content = new StringContent(string.Empty, Encoding.UTF8, "application/json");
var response = await client.PostAsync("/api/v1/scans", content);
var response = await client.PostAsync("/api/v1/scans", content, TestContext.Current.CancellationToken);
response.StatusCode.Should().BeOneOf(
HttpStatusCode.BadRequest,
@@ -160,7 +160,7 @@ public sealed class ScannerNegativeTests : IClassFixture<ScannerApplicationFacto
using var client = _factory.CreateClient();
var content = new StringContent("{}", Encoding.UTF8, "application/json");
var response = await client.PostAsync("/api/v1/scans", content);
var response = await client.PostAsync("/api/v1/scans", content, TestContext.Current.CancellationToken);
response.StatusCode.Should().BeOneOf(
HttpStatusCode.BadRequest,
@@ -182,7 +182,7 @@ public sealed class ScannerNegativeTests : IClassFixture<ScannerApplicationFacto
{
using var client = _factory.CreateClient();
var response = await client.GetAsync(endpoint);
var response = await client.GetAsync(endpoint, TestContext.Current.CancellationToken);
response.StatusCode.Should().BeOneOf(
HttpStatusCode.NotFound,
@@ -197,7 +197,7 @@ public sealed class ScannerNegativeTests : IClassFixture<ScannerApplicationFacto
{
using var client = _factory.CreateClient();
var response = await client.GetAsync("/api/v1/nonexistent");
var response = await client.GetAsync("/api/v1/nonexistent", TestContext.Current.CancellationToken);
response.StatusCode.Should().Be(HttpStatusCode.NotFound);
}
@@ -217,7 +217,7 @@ public sealed class ScannerNegativeTests : IClassFixture<ScannerApplicationFacto
{
using var client = _factory.CreateClient();
var response = await client.GetAsync(endpoint);
var response = await client.GetAsync(endpoint, TestContext.Current.CancellationToken);
response.StatusCode.Should().BeOneOf(
HttpStatusCode.BadRequest,
@@ -235,7 +235,7 @@ public sealed class ScannerNegativeTests : IClassFixture<ScannerApplicationFacto
{
using var client = _factory.CreateClient();
var response = await client.GetAsync(endpoint);
var response = await client.GetAsync(endpoint, TestContext.Current.CancellationToken);
// Should not cause server error (500)
response.StatusCode.Should().NotBe(HttpStatusCode.InternalServerError,
@@ -255,7 +255,7 @@ public sealed class ScannerNegativeTests : IClassFixture<ScannerApplicationFacto
using var client = _factory.CreateClient();
var tasks = Enumerable.Range(0, 100)
.Select(_ => client.GetAsync("/api/v1/health"));
.Select(_ => client.GetAsync("/api/v1/health", TestContext.Current.CancellationToken));
var responses = await Task.WhenAll(tasks);

6
src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/PolicyEndpointsTests.cs
View File

@@ -20,11 +20,11 @@ public sealed class PolicyEndpointsTests
using var factory = new ScannerApplicationFactory();
using var client = factory.CreateClient();
var response = await client.GetAsync("/api/v1/policy/schema");
var response = await client.GetAsync("/api/v1/policy/schema", TestContext.Current.CancellationToken);
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
Assert.Equal("application/schema+json", response.Content.Headers.ContentType?.MediaType);
var payload = await response.Content.ReadAsStringAsync();
var payload = await response.Content.ReadAsStringAsync(TestContext.Current.CancellationToken);
Assert.Contains("\"$schema\"", payload);
Assert.Contains("\"properties\"", payload);
}
@@ -47,7 +47,7 @@ public sealed class PolicyEndpointsTests
}
};
var response = await client.PostAsJsonAsync("/api/v1/policy/diagnostics", request);
var response = await client.PostAsJsonAsync("/api/v1/policy/diagnostics", request, TestContext.Current.CancellationToken);
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
var diagnostics = await response.Content.ReadFromJsonAsync<PolicyDiagnosticsResponseDto>(SerializerOptions);

10
src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/RuntimeEndpointsTests.cs
View File

@@ -35,17 +35,17 @@ public sealed class RuntimeEndpointsTests
}
};
var response = await client.PostAsJsonAsync("/api/v1/runtime/events", request);
var response = await client.PostAsJsonAsync("/api/v1/runtime/events", request, TestContext.Current.CancellationToken);
Assert.Equal(HttpStatusCode.Accepted, response.StatusCode);
var payload = await response.Content.ReadFromJsonAsync<RuntimeEventsIngestResponseDto>();
var payload = await response.Content.ReadFromJsonAsync<RuntimeEventsIngestResponseDto>(TestContext.Current.CancellationToken);
Assert.NotNull(payload);
Assert.Equal(2, payload!.Accepted);
Assert.Equal(0, payload.Duplicates);
using var scope = factory.Services.CreateScope();
var repository = scope.ServiceProvider.GetRequiredService<RuntimeEventRepository>();
var stored = await repository.ListAsync(CancellationToken.None);
var stored = await repository.ListAsync(TestContext.Current.CancellationToken);
Assert.Equal(2, stored.Count);
Assert.Contains(stored, doc => doc.EventId == "evt-001");
Assert.All(stored, doc =>
@@ -71,7 +71,7 @@ public sealed class RuntimeEndpointsTests
Events = new[] { envelope }
};
var response = await client.PostAsJsonAsync("/api/v1/runtime/events", request);
var response = await client.PostAsJsonAsync("/api/v1/runtime/events", request, TestContext.Current.CancellationToken);
Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
}
@@ -97,7 +97,7 @@ public sealed class RuntimeEndpointsTests
}
};
var response = await client.PostAsJsonAsync("/api/v1/runtime/events", request);
var response = await client.PostAsJsonAsync("/api/v1/runtime/events", request, TestContext.Current.CancellationToken);
Assert.Equal((HttpStatusCode)StatusCodes.Status429TooManyRequests, response.StatusCode);
Assert.NotNull(response.Headers.RetryAfter);

2
src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/SbomEndpointsTests.cs
View File

@@ -46,7 +46,7 @@ public sealed class SbomEndpointsTests
new System.Net.Http.Headers.NameValueHeaderValue("version", "1.7"));
request.Content = content;
var response = await client.SendAsync(request);
var response = await client.SendAsync(request, TestContext.Current.CancellationToken);
Assert.Equal(HttpStatusCode.Accepted, response.StatusCode);
var payload = await response.Content.ReadFromJsonAsync<SbomAcceptedResponseDto>();

8
src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/ScansEndpointsTests.RecordMode.cs
View File

@@ -38,9 +38,9 @@ public sealed partial class ScansEndpointsTests
});
using var client = factory.CreateClient();
var submit = await client.PostAsJsonAsync("/api/v1/scans", new { image = new { digest = "sha256:demo" } });
var submit = await client.PostAsJsonAsync("/api/v1/scans", new { image = new { digest = "sha256:demo" } }, TestContext.Current.CancellationToken);
submit.EnsureSuccessStatusCode();
var scanId = (await submit.Content.ReadFromJsonAsync<ScanSubmitResponse>())!.ScanId;
var scanId = (await submit.Content.ReadFromJsonAsync<ScanSubmitResponse>(TestContext.Current.CancellationToken))!.ScanId;
using var scope = factory.Services.CreateScope();
var recordMode = scope.ServiceProvider.GetRequiredService<IRecordModeService>();
@@ -66,13 +66,13 @@ public sealed partial class ScansEndpointsTests
ScanTime = DateTimeOffset.UtcNow
};
var result = await recordMode.RecordAsync(request, coordinator);
var result = await recordMode.RecordAsync(request, coordinator, TestContext.Current.CancellationToken);
Assert.NotNull(result);
Assert.Equal("sha256:sbom", result.Run.Outputs.Sbom);
Assert.True(store.Objects.Count >= 2);
var status = await client.GetFromJsonAsync<ScanStatusResponse>($"/api/v1/scans/{scanId}");
var status = await client.GetFromJsonAsync<ScanStatusResponse>($"/api/v1/scans/{scanId}", TestContext.Current.CancellationToken);
Assert.NotNull(status!.Replay);
Assert.Equal(result.Artifacts.ManifestHash, status.Replay!.ManifestHash);
}

6
src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/ScansEndpointsTests.Replay.cs
View File

@@ -30,10 +30,10 @@ public sealed partial class ScansEndpointsTests
var submitResponse = await client.PostAsJsonAsync("/api/v1/scans", new
{
image = new { digest = "sha256:demo" }
});
}, TestContext.Current.CancellationToken);
submitResponse.EnsureSuccessStatusCode();
var submitPayload = await submitResponse.Content.ReadFromJsonAsync<ScanSubmitResponse>();
var submitPayload = await submitResponse.Content.ReadFromJsonAsync<ScanSubmitResponse>(TestContext.Current.CancellationToken);
Assert.NotNull(submitPayload);
var scanId = submitPayload!.ScanId;
@@ -66,7 +66,7 @@ public sealed partial class ScansEndpointsTests
Assert.NotNull(replay);
var status = await client.GetFromJsonAsync<ScanStatusResponse>($"/api/v1/scans/{scanId}");
var status = await client.GetFromJsonAsync<ScanStatusResponse>($"/api/v1/scans/{scanId}", TestContext.Current.CancellationToken);
Assert.NotNull(status);
Assert.NotNull(status!.Replay);
Assert.Equal(replay!.ManifestHash, status.Replay!.ManifestHash);

26
src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/Security/ScannerAuthorizationTests.cs
View File

@@ -42,7 +42,7 @@ public sealed class ScannerAuthorizationTests
});
using var client = factory.CreateClient();
var response = await client.GetAsync(endpoint);
var response = await client.GetAsync(endpoint, TestContext.Current.CancellationToken);
response.StatusCode.Should().Be(HttpStatusCode.Unauthorized,
$"Endpoint {endpoint} should require authentication when authority is enabled");
@@ -64,7 +64,7 @@ public sealed class ScannerAuthorizationTests
});
using var client = factory.CreateClient();
var response = await client.GetAsync(endpoint);
var response = await client.GetAsync(endpoint, TestContext.Current.CancellationToken);
// Health endpoints should be accessible without auth
response.StatusCode.Should().BeOneOf(
@@ -96,7 +96,7 @@ public sealed class ScannerAuthorizationTests
client.DefaultRequestHeaders.Authorization =
new AuthenticationHeaderValue("Bearer", "expired.token.here");
var response = await client.GetAsync("/api/v1/scans");
var response = await client.GetAsync("/api/v1/scans", TestContext.Current.CancellationToken);
response.StatusCode.Should().Be(HttpStatusCode.Unauthorized);
}
@@ -119,7 +119,7 @@ public sealed class ScannerAuthorizationTests
using var client = factory.CreateClient();
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token);
var response = await client.GetAsync("/api/v1/scans");
var response = await client.GetAsync("/api/v1/scans", TestContext.Current.CancellationToken);
response.StatusCode.Should().Be(HttpStatusCode.Unauthorized);
}
@@ -143,7 +143,7 @@ public sealed class ScannerAuthorizationTests
client.DefaultRequestHeaders.Authorization =
new AuthenticationHeaderValue("Bearer", "wrong.issuer.token");
var response = await client.GetAsync("/api/v1/scans");
var response = await client.GetAsync("/api/v1/scans", TestContext.Current.CancellationToken);
response.StatusCode.Should().Be(HttpStatusCode.Unauthorized);
}
@@ -167,7 +167,7 @@ public sealed class ScannerAuthorizationTests
client.DefaultRequestHeaders.Authorization =
new AuthenticationHeaderValue("Bearer", "wrong.audience.token");
var response = await client.GetAsync("/api/v1/scans");
var response = await client.GetAsync("/api/v1/scans", TestContext.Current.CancellationToken);
response.StatusCode.Should().Be(HttpStatusCode.Unauthorized);
}
@@ -189,7 +189,7 @@ public sealed class ScannerAuthorizationTests
});
using var client = factory.CreateClient();
var response = await client.GetAsync("/api/v1/health");
var response = await client.GetAsync("/api/v1/health", TestContext.Current.CancellationToken);
response.StatusCode.Should().Be(HttpStatusCode.OK);
}
@@ -207,7 +207,7 @@ public sealed class ScannerAuthorizationTests
});
using var client = factory.CreateClient();
var response = await client.GetAsync("/api/v1/scans");
var response = await client.GetAsync("/api/v1/scans", TestContext.Current.CancellationToken);
response.StatusCode.Should().Be(HttpStatusCode.Unauthorized);
}
@@ -232,7 +232,7 @@ public sealed class ScannerAuthorizationTests
// Without proper auth, POST should fail
var content = new StringContent("{}", System.Text.Encoding.UTF8, "application/json");
var response = await client.PostAsync("/api/v1/scans", content);
var response = await client.PostAsync("/api/v1/scans", content, TestContext.Current.CancellationToken);
response.StatusCode.Should().BeOneOf(
HttpStatusCode.Unauthorized,
@@ -253,7 +253,7 @@ public sealed class ScannerAuthorizationTests
using var client = factory.CreateClient();
var response = await client.DeleteAsync("/api/v1/scans/00000000-0000-0000-0000-000000000000");
var response = await client.DeleteAsync("/api/v1/scans/00000000-0000-0000-0000-000000000000", TestContext.Current.CancellationToken);
response.StatusCode.Should().BeOneOf(
HttpStatusCode.Unauthorized,
@@ -275,7 +275,7 @@ public sealed class ScannerAuthorizationTests
using var client = factory.CreateClient();
// Request without tenant header
var response = await client.GetAsync("/api/v1/scans");
var response = await client.GetAsync("/api/v1/scans", TestContext.Current.CancellationToken);
// Should either succeed (default tenant) or fail with appropriate error
response.StatusCode.Should().BeOneOf(
@@ -298,7 +298,7 @@ public sealed class ScannerAuthorizationTests
using var factory = new ScannerApplicationFactory();
using var client = factory.CreateClient();
var response = await client.GetAsync("/api/v1/health");
var response = await client.GetAsync("/api/v1/health", TestContext.Current.CancellationToken);
// Check for common security headers (may vary by configuration)
// These are recommendations, not hard requirements
@@ -318,7 +318,7 @@ public sealed class ScannerAuthorizationTests
request.Headers.Add("Origin", "https://example.com");
request.Headers.Add("Access-Control-Request-Method", "GET");
var response = await client.SendAsync(request);
var response = await client.SendAsync(request, TestContext.Current.CancellationToken);
// CORS preflight should either succeed or be explicitly denied
response.StatusCode.Should().BeOneOf(

1
src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/StellaOps.Scanner.WebService.Tests.csproj
View File

@@ -6,6 +6,7 @@
<ImplicitUsings>enable</ImplicitUsings>
<IsPackable>false</IsPackable>
<RootNamespace>StellaOps.Scanner.WebService.Tests</RootNamespace>
<TreatWarningsAsErrors>true</TreatWarningsAsErrors>
</PropertyGroup>
<ItemGroup>
<ProjectReference Include="../../StellaOps.Scanner.WebService/StellaOps.Scanner.WebService.csproj" />

16
src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/Telemetry/ScannerOtelAssertionTests.cs
View File

@@ -38,7 +38,7 @@ public sealed class ScannerOtelAssertionTests : IClassFixture<ScannerApplication
using var capture = new OtelCapture();
using var client = _factory.CreateClient();
var response = await client.GetAsync("/api/v1/health");
var response = await client.GetAsync("/api/v1/health", TestContext.Current.CancellationToken);
response.StatusCode.Should().Be(HttpStatusCode.OK);
@@ -58,7 +58,7 @@ public sealed class ScannerOtelAssertionTests : IClassFixture<ScannerApplication
// This would normally require a valid scan to exist
// For now, verify the endpoint responds appropriately
var response = await client.GetAsync("/api/v1/scans");
var response = await client.GetAsync("/api/v1/scans", TestContext.Current.CancellationToken);
// The endpoint should return a list (empty if no scans)
response.StatusCode.Should().BeOneOf(HttpStatusCode.OK, HttpStatusCode.NoContent, HttpStatusCode.Unauthorized);
@@ -73,7 +73,7 @@ public sealed class ScannerOtelAssertionTests : IClassFixture<ScannerApplication
using var capture = new OtelCapture("StellaOps.Scanner");
using var client = _factory.CreateClient();
var response = await client.GetAsync("/api/v1/sbom");
var response = await client.GetAsync("/api/v1/sbom", TestContext.Current.CancellationToken);
response.StatusCode.Should().BeOneOf(HttpStatusCode.OK, HttpStatusCode.NoContent, HttpStatusCode.Unauthorized);
}
@@ -87,7 +87,7 @@ public sealed class ScannerOtelAssertionTests : IClassFixture<ScannerApplication
using var capture = new OtelCapture("StellaOps.Scanner");
using var client = _factory.CreateClient();
var response = await client.GetAsync("/api/v1/findings");
var response = await client.GetAsync("/api/v1/findings", TestContext.Current.CancellationToken);
response.StatusCode.Should().BeOneOf(HttpStatusCode.OK, HttpStatusCode.NoContent, HttpStatusCode.Unauthorized);
}
@@ -101,7 +101,7 @@ public sealed class ScannerOtelAssertionTests : IClassFixture<ScannerApplication
using var capture = new OtelCapture("StellaOps.Scanner");
using var client = _factory.CreateClient();
var response = await client.GetAsync("/api/v1/reports");
var response = await client.GetAsync("/api/v1/reports", TestContext.Current.CancellationToken);
response.StatusCode.Should().BeOneOf(HttpStatusCode.OK, HttpStatusCode.NoContent, HttpStatusCode.Unauthorized);
}
@@ -116,7 +116,7 @@ public sealed class ScannerOtelAssertionTests : IClassFixture<ScannerApplication
using var client = _factory.CreateClient();
// Request a non-existent scan
var response = await client.GetAsync("/api/v1/scans/00000000-0000-0000-0000-000000000000");
var response = await client.GetAsync("/api/v1/scans/00000000-0000-0000-0000-000000000000", TestContext.Current.CancellationToken);
// Should get 404 or similar error
response.StatusCode.Should().BeOneOf(HttpStatusCode.NotFound, HttpStatusCode.Unauthorized);
@@ -134,7 +134,7 @@ public sealed class ScannerOtelAssertionTests : IClassFixture<ScannerApplication
using var capture = new OtelCapture();
using var client = _factory.CreateClient();
await client.GetAsync("/api/v1/health");
await client.GetAsync("/api/v1/health", TestContext.Current.CancellationToken);
// HTTP traces should follow semantic conventions
// This is a smoke test to ensure OTel is properly configured
@@ -151,7 +151,7 @@ public sealed class ScannerOtelAssertionTests : IClassFixture<ScannerApplication
using var client = _factory.CreateClient();
// Fire multiple concurrent requests
var tasks = Enumerable.Range(0, 5).Select(_ => client.GetAsync("/api/v1/health"));
var tasks = Enumerable.Range(0, 5).Select(_ => client.GetAsync("/api/v1/health", TestContext.Current.CancellationToken));
var responses = await Task.WhenAll(tasks);
foreach (var response in responses)