Refactor code structure for improved readability and maintainability; optimize performance in key functions.

2025-12-22 19:06:31 +02:00
parent dfaa2079aa
commit 4602ccc3a3
1444 changed files with 109919 additions and 8058 deletions
--- a/src/Policy/__Tests/StellaOps.Policy.Engine.Tests/PolicyEvaluatorTests.cs
+++ b/src/Policy/__Tests/StellaOps.Policy.Engine.Tests/PolicyEvaluatorTests.cs
@@ -2,10 +2,16 @@ using System;
 using System.Collections.Generic;
 using System.Collections.Immutable;
 using System.Linq;
+using Microsoft.Extensions.Logging.Abstractions;
+using Microsoft.Extensions.Options;
 using StellaOps.Policy;
 using StellaOps.PolicyDsl;
 using StellaOps.Policy.Engine.Evaluation;
 using StellaOps.Policy.Engine.Services;
+using StellaOps.Policy.Exceptions.Models;
+using StellaOps.Policy.Unknowns.Configuration;
+using StellaOps.Policy.Unknowns.Models;
+using StellaOps.Policy.Unknowns.Services;
 using Xunit;
 using Xunit.Sdk;

@@ -331,6 +337,35 @@ policy "Baseline Production Policy" syntax "stella-dsl@1" {
        Assert.Contains(result.Warnings, warning => warning.Contains("Git-sourced", StringComparison.OrdinalIgnoreCase));
    }

+    [Fact]
+    public void Evaluate_UnknownBudgetExceeded_BlocksEvaluation()
+    {
+        var document = CompileBaseline();
+        var budgetService = CreateBudgetService();
+        var evaluator = new PolicyEvaluator(budgetService: budgetService);
+
+        var context = new PolicyEvaluationContext(
+            new PolicyEvaluationSeverity("High"),
+            new PolicyEvaluationEnvironment(new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase)
+            {
+                ["name"] = "prod"
+            }.ToImmutableDictionary(StringComparer.OrdinalIgnoreCase)),
+            new PolicyEvaluationAdvisory("GHSA", ImmutableDictionary<string, string>.Empty),
+            PolicyEvaluationVexEvidence.Empty,
+            PolicyEvaluationSbom.Empty,
+            PolicyEvaluationExceptions.Empty,
+            ImmutableArray.Create(CreateUnknown(UnknownReasonCode.Reachability)),
+            ImmutableArray<ExceptionObject>.Empty,
+            PolicyEvaluationReachability.Unknown,
+            PolicyEvaluationEntropy.Unknown);
+
+        var result = evaluator.Evaluate(new PolicyEvaluationRequest(document, context));
+
+        Assert.Equal("blocked", result.Status);
+        Assert.Equal(PolicyFailureReason.UnknownBudgetExceeded, result.FailureReason);
+        Assert.NotNull(result.UnknownBudgetStatus);
+    }
+
    private PolicyIrDocument CompileBaseline()
    {
        var compilation = compiler.Compile(BaselinePolicy);
@@ -354,10 +389,69 @@ policy "Baseline Production Policy" syntax "stella-dsl@1" {
            PolicyEvaluationVexEvidence.Empty,
            PolicyEvaluationSbom.Empty,
            exceptions ?? PolicyEvaluationExceptions.Empty,
+            ImmutableArray<Unknown>.Empty,
+            ImmutableArray<ExceptionObject>.Empty,
            PolicyEvaluationReachability.Unknown,
            PolicyEvaluationEntropy.Unknown);
    }

+    private static UnknownBudgetService CreateBudgetService()
+    {
+        var options = new UnknownBudgetOptions
+        {
+            Budgets = new Dictionary<string, UnknownBudget>(StringComparer.OrdinalIgnoreCase)
+            {
+                ["prod"] = new UnknownBudget
+                {
+                    Environment = "prod",
+                    TotalLimit = 0,
+                    Action = BudgetAction.Block
+                }
+            }
+        };
+
+        return new UnknownBudgetService(
+            new TestOptionsMonitor<UnknownBudgetOptions>(options),
+            NullLogger<UnknownBudgetService>.Instance);
+    }
+
+    private static Unknown CreateUnknown(UnknownReasonCode reasonCode)
+    {
+        var timestamp = new DateTimeOffset(2025, 1, 1, 0, 0, 0, TimeSpan.Zero);
+
+        return new Unknown
+        {
+            Id = Guid.NewGuid(),
+            TenantId = Guid.NewGuid(),
+            PackageId = "pkg:npm/lodash",
+            PackageVersion = "4.17.21",
+            Band = UnknownBand.Hot,
+            Score = 80m,
+            UncertaintyFactor = 0.5m,
+            ExploitPressure = 0.7m,
+            ReasonCode = reasonCode,
+            FirstSeenAt = timestamp,
+            LastEvaluatedAt = timestamp,
+            CreatedAt = timestamp,
+            UpdatedAt = timestamp
+        };
+    }
+
+    private sealed class TestOptionsMonitor<T>(T current) : IOptionsMonitor<T>
+    {
+        private readonly T _current = current;
+
+        public T CurrentValue => _current;
+        public T Get(string? name) => _current;
+        public IDisposable OnChange(Action<T, string?> listener) => NoopDisposable.Instance;
+    }
+
+    private sealed class NoopDisposable : IDisposable
+    {
+        public static readonly NoopDisposable Instance = new();
+        public void Dispose() { }
+    }
+
    private static string Describe(ImmutableArray<PolicyIssue> issues) =>
        string.Join(" | ", issues.Select(issue => $"{issue.Severity}:{issue.Code}:{issue.Message}"));

--- a/src/Policy/__Tests/StellaOps.Policy.Engine.Tests/PolicyRuntimeEvaluationServiceTests.cs
+++ b/src/Policy/__Tests/StellaOps.Policy.Engine.Tests/PolicyRuntimeEvaluationServiceTests.cs
@@ -51,6 +51,7 @@ public sealed class PolicyRuntimeEvaluationServiceTests
        Assert.Equal("pack-1", response.PackId);
        Assert.Equal(1, response.Version);
        Assert.NotNull(response.PolicyDigest);
+        Assert.NotNull(response.Confidence);
        Assert.False(response.Cached);
    }