Refactor code structure for improved readability and maintainability; optimize performance in key functions.

2025-12-22 19:06:31 +02:00
parent dfaa2079aa
commit 4602ccc3a3
1444 changed files with 109919 additions and 8058 deletions
--- a/tests/fixtures/offline-bundle/README.md
+++ b/tests/fixtures/offline-bundle/README.md
@@ -0,0 +1,75 @@
+# Offline Bundle Test Fixtures
+
+This directory contains test fixtures for offline/air-gap testing.
+
+## Structure
+
+```
+offline-bundle/
+├── manifest.json           # Bundle manifest
+├── feeds/                  # Vulnerability feed snapshots
+│   ├── nvd-snapshot.json
+│   ├── ghsa-snapshot.json
+│   └── distro/
+│       ├── alpine.json
+│       ├── debian.json
+│       └── rhel.json
+├── policies/               # OPA/Rego policies
+│   ├── default.rego
+│   └── strict.rego
+├── keys/                   # Test signing keys
+│   ├── signing-key.pem
+│   └── signing-key.pub
+├── certs/                  # Test certificates
+│   ├── trust-root.pem
+│   └── intermediate.pem
+├── vex/                    # Sample VEX documents
+│   └── vendor-vex.json
+└── images/                 # Test container image tarballs
+    ├── test-image.tar
+    ├── vuln-image.tar
+    └── vuln-with-vex.tar
+```
+
+## Usage
+
+Set the `STELLAOPS_OFFLINE_BUNDLE` environment variable to point to this directory:
+
+```bash
+export STELLAOPS_OFFLINE_BUNDLE=/path/to/tests/fixtures/offline-bundle
+```
+
+Tests that extend `NetworkIsolatedTestBase` will automatically use this bundle.
+
+## Generating Test Images
+
+To create test image tarballs:
+
+```bash
+# Pull and save test images
+docker pull alpine:3.18
+docker save alpine:3.18 -o images/test-image.tar
+
+# For vulnerable images
+docker pull vulnerables/web-dvwa:latest
+docker save vulnerables/web-dvwa:latest -o images/vuln-image.tar
+```
+
+## Feed Snapshots
+
+Feed snapshots should be representative samples from real feeds, sufficient for testing but small enough to commit to the repo.
+
+## Test Keys
+
+⚠️ **WARNING:** Keys in this directory are for **testing only**. Never use these in production.
+
+To generate test keys:
+
+```bash
+# Generate test signing key
+openssl genrsa -out keys/signing-key.pem 2048
+openssl rsa -in keys/signing-key.pem -pubout -out keys/signing-key.pub
+
+# Generate test CA
+openssl req -new -x509 -key keys/signing-key.pem -out certs/trust-root.pem -days 3650
+```
--- a/tests/fixtures/offline-bundle/manifest.json
+++ b/tests/fixtures/offline-bundle/manifest.json
@@ -0,0 +1,38 @@
+{
+  "bundleId": "test-offline-bundle-v1",
+  "schemaVersion": "1.0.0",
+  "createdAt": "2025-12-22T00:00:00Z",
+  "description": "Test offline bundle for air-gap testing",
+  "contents": {
+    "feeds": [
+      "feeds/nvd-snapshot.json",
+      "feeds/ghsa-snapshot.json",
+      "feeds/distro/alpine.json",
+      "feeds/distro/debian.json"
+    ],
+    "policies": [
+      "policies/default.rego",
+      "policies/strict.rego"
+    ],
+    "keys": [
+      "keys/signing-key.pem",
+      "keys/signing-key.pub"
+    ],
+    "certs": [
+      "certs/trust-root.pem",
+      "certs/intermediate.pem"
+    ],
+    "vex": [
+      "vex/vendor-vex.json"
+    ],
+    "images": [
+      "images/test-image.tar",
+      "images/vuln-image.tar",
+      "images/vuln-with-vex.tar"
+    ]
+  },
+  "integrity": {
+    "algorithm": "SHA-256",
+    "manifestDigest": "placeholder"
+  }
+}