stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

save progress

Browse Source
This commit is contained in:
StellaOps Bot
2026-01-06 09:42:02 +02:00
parent 94d68bee8b
commit 37e11918e0
443 changed files with 85863 additions and 897 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/Security/ScannerAuthorizationTests.cs
View File

@@ -42,7 +42,7 @@ public sealed class ScannerAuthorizationTests
});
using var client = factory.CreateClient();
var response = await client.GetAsync(endpoint);
var response = await client.GetAsync(endpoint, TestContext.Current.CancellationToken);
response.StatusCode.Should().Be(HttpStatusCode.Unauthorized,
$"Endpoint {endpoint} should require authentication when authority is enabled");
@@ -64,7 +64,7 @@ public sealed class ScannerAuthorizationTests
});
using var client = factory.CreateClient();
var response = await client.GetAsync(endpoint);
var response = await client.GetAsync(endpoint, TestContext.Current.CancellationToken);
// Health endpoints should be accessible without auth
response.StatusCode.Should().BeOneOf(
@@ -96,7 +96,7 @@ public sealed class ScannerAuthorizationTests
client.DefaultRequestHeaders.Authorization =
new AuthenticationHeaderValue("Bearer", "expired.token.here");
var response = await client.GetAsync("/api/v1/scans");
var response = await client.GetAsync("/api/v1/scans", TestContext.Current.CancellationToken);
response.StatusCode.Should().Be(HttpStatusCode.Unauthorized);
}
@@ -119,7 +119,7 @@ public sealed class ScannerAuthorizationTests
using var client = factory.CreateClient();
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token);
var response = await client.GetAsync("/api/v1/scans");
var response = await client.GetAsync("/api/v1/scans", TestContext.Current.CancellationToken);
response.StatusCode.Should().Be(HttpStatusCode.Unauthorized);
}
@@ -143,7 +143,7 @@ public sealed class ScannerAuthorizationTests
client.DefaultRequestHeaders.Authorization =
new AuthenticationHeaderValue("Bearer", "wrong.issuer.token");
var response = await client.GetAsync("/api/v1/scans");
var response = await client.GetAsync("/api/v1/scans", TestContext.Current.CancellationToken);
response.StatusCode.Should().Be(HttpStatusCode.Unauthorized);
}
@@ -167,7 +167,7 @@ public sealed class ScannerAuthorizationTests
client.DefaultRequestHeaders.Authorization =
new AuthenticationHeaderValue("Bearer", "wrong.audience.token");
var response = await client.GetAsync("/api/v1/scans");
var response = await client.GetAsync("/api/v1/scans", TestContext.Current.CancellationToken);
response.StatusCode.Should().Be(HttpStatusCode.Unauthorized);
}
@@ -189,7 +189,7 @@ public sealed class ScannerAuthorizationTests
});
using var client = factory.CreateClient();
var response = await client.GetAsync("/api/v1/health");
var response = await client.GetAsync("/api/v1/health", TestContext.Current.CancellationToken);
response.StatusCode.Should().Be(HttpStatusCode.OK);
}
@@ -207,7 +207,7 @@ public sealed class ScannerAuthorizationTests
});
using var client = factory.CreateClient();
var response = await client.GetAsync("/api/v1/scans");
var response = await client.GetAsync("/api/v1/scans", TestContext.Current.CancellationToken);
response.StatusCode.Should().Be(HttpStatusCode.Unauthorized);
}
@@ -232,7 +232,7 @@ public sealed class ScannerAuthorizationTests
// Without proper auth, POST should fail
var content = new StringContent("{}", System.Text.Encoding.UTF8, "application/json");
var response = await client.PostAsync("/api/v1/scans", content);
var response = await client.PostAsync("/api/v1/scans", content, TestContext.Current.CancellationToken);
response.StatusCode.Should().BeOneOf(
HttpStatusCode.Unauthorized,
@@ -253,7 +253,7 @@ public sealed class ScannerAuthorizationTests
using var client = factory.CreateClient();
var response = await client.DeleteAsync("/api/v1/scans/00000000-0000-0000-0000-000000000000");
var response = await client.DeleteAsync("/api/v1/scans/00000000-0000-0000-0000-000000000000", TestContext.Current.CancellationToken);
response.StatusCode.Should().BeOneOf(
HttpStatusCode.Unauthorized,
@@ -275,7 +275,7 @@ public sealed class ScannerAuthorizationTests
using var client = factory.CreateClient();
// Request without tenant header
var response = await client.GetAsync("/api/v1/scans");
var response = await client.GetAsync("/api/v1/scans", TestContext.Current.CancellationToken);
// Should either succeed (default tenant) or fail with appropriate error
response.StatusCode.Should().BeOneOf(
@@ -298,7 +298,7 @@ public sealed class ScannerAuthorizationTests
using var factory = new ScannerApplicationFactory();
using var client = factory.CreateClient();
var response = await client.GetAsync("/api/v1/health");
var response = await client.GetAsync("/api/v1/health", TestContext.Current.CancellationToken);
// Check for common security headers (may vary by configuration)
// These are recommendations, not hard requirements
@@ -318,7 +318,7 @@ public sealed class ScannerAuthorizationTests
request.Headers.Add("Origin", "https://example.com");
request.Headers.Add("Access-Control-Request-Method", "GET");
var response = await client.SendAsync(request);
var response = await client.SendAsync(request, TestContext.Current.CancellationToken);
// CORS preflight should either succeed or be explicitly denied
response.StatusCode.Should().BeOneOf(