save work
This commit is contained in:
StellaOps Bot
@@ -67,10 +67,10 @@ public class PolicyDecisionAttestationServiceTests
|
||||
_signerClientMock.Setup(x => x.SignAsync(
|
||||
It.IsAny<VexSignerRequest>(),
|
||||
It.IsAny<CancellationToken>()))
|
||||
.ReturnsAsync(new VexSignerResponse
|
||||
.ReturnsAsync(new VexSignerResult
|
||||
{
|
||||
Success = true,
|
||||
AttestationDigest = "sha256:abc123",
|
||||
Signature = "AQID",
|
||||
KeyId = "key-1"
|
||||
});
|
||||
|
||||
@@ -81,7 +81,8 @@ public class PolicyDecisionAttestationServiceTests
|
||||
|
||||
// Assert
|
||||
Assert.True(result.Success);
|
||||
Assert.Equal("sha256:abc123", result.AttestationDigest);
|
||||
Assert.NotNull(result.AttestationDigest);
|
||||
Assert.Matches("^sha256:[a-f0-9]{64}$", result.AttestationDigest);
|
||||
Assert.Equal("key-1", result.KeyId);
|
||||
|
||||
_signerClientMock.Verify(x => x.SignAsync(
|
||||
@@ -97,7 +98,7 @@ public class PolicyDecisionAttestationServiceTests
|
||||
_signerClientMock.Setup(x => x.SignAsync(
|
||||
It.IsAny<VexSignerRequest>(),
|
||||
It.IsAny<CancellationToken>()))
|
||||
.ReturnsAsync(new VexSignerResponse
|
||||
.ReturnsAsync(new VexSignerResult
|
||||
{
|
||||
Success = false,
|
||||
Error = "Key not found"
|
||||
@@ -120,21 +121,26 @@ public class PolicyDecisionAttestationServiceTests
|
||||
_signerClientMock.Setup(x => x.SignAsync(
|
||||
It.IsAny<VexSignerRequest>(),
|
||||
It.IsAny<CancellationToken>()))
|
||||
.ReturnsAsync(new VexSignerResponse
|
||||
.ReturnsAsync(new VexSignerResult
|
||||
{
|
||||
Success = true,
|
||||
AttestationDigest = "sha256:abc123",
|
||||
Signature = "AQID",
|
||||
KeyId = "key-1"
|
||||
});
|
||||
|
||||
_rekorClientMock.Setup(x => x.SubmitAsync(
|
||||
It.IsAny<string>(),
|
||||
It.IsAny<VexRekorSubmitRequest>(),
|
||||
It.IsAny<CancellationToken>()))
|
||||
.ReturnsAsync(new VexRekorResponse
|
||||
.ReturnsAsync(new VexRekorSubmitResult
|
||||
{
|
||||
Success = true,
|
||||
LogIndex = 12345,
|
||||
Uuid = "rekor-uuid-123"
|
||||
Metadata = new VexRekorMetadata
|
||||
{
|
||||
Uuid = "rekor-uuid-123",
|
||||
Index = 12345,
|
||||
LogUrl = "https://rekor.local/api/v1/log/entries/rekor-uuid-123",
|
||||
IntegratedAt = new DateTimeOffset(2025, 1, 1, 0, 0, 0, TimeSpan.Zero)
|
||||
}
|
||||
});
|
||||
|
||||
var request = CreateTestRequest() with { SubmitToRekor = true };
|
||||
@@ -147,9 +153,16 @@ public class PolicyDecisionAttestationServiceTests
|
||||
Assert.NotNull(result.RekorResult);
|
||||
Assert.True(result.RekorResult.Success);
|
||||
Assert.Equal(12345, result.RekorResult.LogIndex);
|
||||
Assert.Equal("rekor-uuid-123", result.RekorResult.Uuid);
|
||||
|
||||
var envelopeDigestHex = result.AttestationDigest!.Substring("sha256:".Length);
|
||||
|
||||
_rekorClientMock.Verify(x => x.SubmitAsync(
|
||||
"sha256:abc123",
|
||||
It.Is<VexRekorSubmitRequest>(r =>
|
||||
r.ArtifactKind == "policy-decision" &&
|
||||
r.Envelope.PayloadType == PredicateTypes.StellaOpsPolicyDecision &&
|
||||
r.EnvelopeDigest == envelopeDigestHex &&
|
||||
r.SubjectUris!.Contains("example.com/image:v1@sha256:abc123")),
|
||||
It.IsAny<CancellationToken>()),
|
||||
Times.Once);
|
||||
}
|
||||
@@ -183,10 +196,10 @@ public class PolicyDecisionAttestationServiceTests
|
||||
_signerClientMock.Setup(x => x.SignAsync(
|
||||
It.IsAny<VexSignerRequest>(),
|
||||
It.IsAny<CancellationToken>()))
|
||||
.ReturnsAsync(new VexSignerResponse
|
||||
.ReturnsAsync(new VexSignerResult
|
||||
{
|
||||
Success = true,
|
||||
AttestationDigest = "sha256:abc123"
|
||||
Signature = "AQID"
|
||||
});
|
||||
|
||||
var request = CreateTestRequest() with
|
||||
@@ -306,7 +319,8 @@ public class PolicyDecisionAttestationServiceTests
|
||||
Name = "example.com/image:v1",
|
||||
Digest = new Dictionary<string, string> { ["sha256"] = "abc123" }
|
||||
}
|
||||
}
|
||||
},
|
||||
TenantId = "tenant-1"
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
@@ -55,8 +55,8 @@ public sealed class ScorePolicyServiceCachingTests
|
||||
var result2 = _service.GetPolicy("tenant-2");
|
||||
|
||||
result1.Should().NotBeSameAs(result2);
|
||||
result1.PolicyId.Should().Be("tenant-1");
|
||||
result2.PolicyId.Should().Be("tenant-2");
|
||||
result1.Should().BeSameAs(policy1);
|
||||
result2.Should().BeSameAs(policy2);
|
||||
_providerMock.Verify(p => p.GetPolicy("tenant-1"), Times.Once());
|
||||
_providerMock.Verify(p => p.GetPolicy("tenant-2"), Times.Once());
|
||||
}
|
||||
@@ -193,7 +193,7 @@ public sealed class ScorePolicyServiceCachingTests
|
||||
var policy1 = new ScorePolicy
|
||||
{
|
||||
PolicyVersion = "score.v1",
|
||||
PolicyId = "stable-test",
|
||||
ScoringProfile = "advanced",
|
||||
WeightsBps = new WeightsBps
|
||||
{
|
||||
BaseSeverity = 2500,
|
||||
@@ -206,7 +206,7 @@ public sealed class ScorePolicyServiceCachingTests
|
||||
var policy2 = new ScorePolicy
|
||||
{
|
||||
PolicyVersion = "score.v1",
|
||||
PolicyId = "stable-test",
|
||||
ScoringProfile = "advanced",
|
||||
WeightsBps = new WeightsBps
|
||||
{
|
||||
BaseSeverity = 2500,
|
||||
@@ -225,12 +225,11 @@ public sealed class ScorePolicyServiceCachingTests
|
||||
private static ScorePolicy CreateTestPolicy(string id) => new()
|
||||
{
|
||||
PolicyVersion = "score.v1",
|
||||
PolicyId = id,
|
||||
PolicyName = $"Test Policy {id}",
|
||||
ScoringProfile = "advanced",
|
||||
WeightsBps = new WeightsBps
|
||||
{
|
||||
BaseSeverity = 2500,
|
||||
Reachability = 2500,
|
||||
BaseSeverity = id.EndsWith("2", StringComparison.Ordinal) ? 2400 : 2500,
|
||||
Reachability = id.EndsWith("2", StringComparison.Ordinal) ? 2600 : 2500,
|
||||
Evidence = 2500,
|
||||
Provenance = 2500
|
||||
}
|
||||
|
||||
@@ -199,7 +199,13 @@ public sealed class SimpleScoringEngineTests
|
||||
{
|
||||
Evidence = new EvidenceInput
|
||||
{
|
||||
Types = new HashSet<EvidenceType> { EvidenceType.Runtime },
|
||||
Types = new HashSet<EvidenceType>
|
||||
{
|
||||
EvidenceType.Runtime,
|
||||
EvidenceType.Dast,
|
||||
EvidenceType.Sast,
|
||||
EvidenceType.Sca
|
||||
},
|
||||
NewestEvidenceAt = asOf
|
||||
},
|
||||
Provenance = new ProvenanceInput { Level = ProvenanceLevel.Reproducible }
|
||||
@@ -220,7 +226,13 @@ public sealed class SimpleScoringEngineTests
|
||||
{
|
||||
Evidence = new EvidenceInput
|
||||
{
|
||||
Types = new HashSet<EvidenceType> { EvidenceType.Runtime },
|
||||
Types = new HashSet<EvidenceType>
|
||||
{
|
||||
EvidenceType.Runtime,
|
||||
EvidenceType.Dast,
|
||||
EvidenceType.Sast,
|
||||
EvidenceType.Sca
|
||||
},
|
||||
NewestEvidenceAt = DateTimeOffset.UtcNow
|
||||
},
|
||||
Provenance = new ProvenanceInput { Level = ProvenanceLevel.Reproducible }
|
||||
@@ -311,7 +323,16 @@ public sealed class SimpleScoringEngineTests
|
||||
]
|
||||
};
|
||||
|
||||
var input = CreateInput(cvss: 10.0m, hopCount: null);
|
||||
var asOf = new DateTimeOffset(2025, 1, 1, 0, 0, 0, TimeSpan.Zero);
|
||||
var input = CreateInput(cvss: 10.0m, hopCount: null, asOf: asOf) with
|
||||
{
|
||||
Evidence = new EvidenceInput
|
||||
{
|
||||
Types = new HashSet<EvidenceType> { EvidenceType.Runtime },
|
||||
NewestEvidenceAt = asOf
|
||||
},
|
||||
Provenance = new ProvenanceInput { Level = ProvenanceLevel.Reproducible }
|
||||
};
|
||||
|
||||
var result = await _engine.ScoreAsync(input, policy);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user