stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

docs consolidation and others

Browse Source
This commit is contained in:
master
2026-01-06 19:02:21 +02:00
parent d7bdca6d97
commit 4789027317
849 changed files with 16551 additions and 66770 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/Scanner/AGENTS.md
View File

@@ -10,9 +10,9 @@
- `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
- `docs/modules/platform/architecture-overview.md`
- `docs/modules/scanner/architecture.md`
- `docs/reachability/DELIVERY_GUIDE.md` (sections 5.55.9 for native/JS/PHP updates)
- `docs/reachability/purl-resolved-edges.md`
- `docs/reachability/patch-oracles.md`
- `docs/modules/reach-graph/guides/DELIVERY_GUIDE.md` (sections 5.55.9 for native/JS/PHP updates)
- `docs/modules/reach-graph/guides/purl-resolved-edges.md`
- `docs/modules/reach-graph/guides/patch-oracles.md`
- `docs/product-advisories/14-Dec-2025 - Smart-Diff Technical Reference.md` (for Smart-Diff predicates)
- Current sprint file (e.g., `docs/implplan/SPRINT_401_reachability_evidence_chain.md`).
@@ -193,9 +193,9 @@ See: `docs/implplan/SPRINT_3800_0000_0000_summary.md`
- `stella binary verify` - Verify attestation
### Documentation
- `docs/reachability/slice-schema.md` - Slice format specification
- `docs/reachability/cve-symbol-mapping.md` - CVE→symbol service design
- `docs/reachability/replay-verification.md` - Replay workflow guide
- `docs/modules/reach-graph/guides/slice-schema.md` - Slice format specification
- `docs/modules/reach-graph/guides/cve-symbol-mapping.md` - CVE→symbol service design
- `docs/modules/reach-graph/guides/replay-verification.md` - Replay workflow guide
## Engineering Rules
- Target `net10.0`; prefer latest C# preview allowed in repo.

3
src/Scanner/StellaOps.Scanner.Worker/Metrics/ScanMetricsCollector.cs
View File

@@ -249,7 +249,8 @@ public sealed class ScanMetricsCollector : IDisposable
VexDecisionCount = _vexDecisionCount,
ScannerVersion = _scannerVersion,
ScannerImageDigest = _scannerImageDigest,
IsReplay = _isReplay
IsReplay = _isReplay,
CreatedAt = _timeProvider.GetUtcNow()
};
try

4
src/Scanner/StellaOps.Scanner.Worker/Processing/Secrets/SecretsAnalyzerStageExecutor.cs
View File

@@ -74,7 +74,7 @@ internal sealed class SecretsAnalyzerStageExecutor : IScanStageExecutor
}
var startTime = _timeProvider.GetTimestamp();
var allFindings = new List<SecretFinding>();
var allFindings = new List<SecretLeakEvidence>();
try
{
@@ -227,7 +227,7 @@ public sealed record SecretsAnalysisReport
{
public required string JobId { get; init; }
public required string ScanId { get; init; }
public required ImmutableArray<SecretFinding> Findings { get; init; }
public required ImmutableArray<SecretLeakEvidence> Findings { get; init; }
public required int FilesScanned { get; init; }
public required string RulesetVersion { get; init; }
public required DateTimeOffset AnalyzedAtUtc { get; init; }

2
src/Scanner/__Libraries/StellaOps.Scanner.Advisory/AGENTS.md
View File

@@ -13,7 +13,7 @@ Provide advisory feed integration and offline bundles for CVE-to-symbol mapping
- `docs/modules/platform/architecture-overview.md`
- `docs/modules/scanner/architecture.md`
- `docs/modules/concelier/architecture.md`
- `docs/reachability/slice-schema.md`
- `docs/modules/reach-graph/guides/slice-schema.md`
## Working Directory & Boundaries
- Primary scope: `src/Scanner/__Libraries/StellaOps.Scanner.Advisory/`

4
src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python/StellaOps.Scanner.Analyzers.Lang.Python.csproj
View File

@@ -8,6 +8,10 @@
<EnableDefaultItems>false</EnableDefaultItems>
</PropertyGroup>
<ItemGroup>
<InternalsVisibleTo Include="StellaOps.Scanner.Analyzers.Lang.Python.Tests" />
</ItemGroup>
<ItemGroup>
<Compile Include="**\*.cs" Exclude="obj\**;bin\**" />
<EmbeddedResource Include="**\*.json" Exclude="obj\**;bin\**" />

25
src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Secrets/SecretsAnalyzer.cs
View File

@@ -59,17 +59,17 @@ public sealed class SecretsAnalyzer : ILanguageAnalyzer
/// <summary>
/// Analyzes raw file content for secrets. Adapter for Worker stage executor.
/// </summary>
public async ValueTask<List<SecretFinding>> AnalyzeAsync(
public async ValueTask<List<SecretLeakEvidence>> AnalyzeAsync(
byte[] content,
string relativePath,
CancellationToken ct)
{
if (!IsEnabled || content is null || content.Length == 0)
{
return new List<SecretFinding>();
return new List<SecretLeakEvidence>();
}
var findings = new List<SecretFinding>();
var findings = new List<SecretLeakEvidence>();
foreach (var rule in _ruleset!.GetRulesForFile(relativePath))
{
@@ -85,23 +85,8 @@ public sealed class SecretsAnalyzer : ILanguageAnalyzer
continue;
}
var maskedSecret = _masker.Mask(match.Secret);
var finding = new SecretFinding
{
RuleId = rule.Id,
RuleName = rule.Name,
Severity = rule.Severity,
Confidence = confidence,
FilePath = relativePath,
LineNumber = match.LineNumber,
ColumnStart = match.ColumnStart,
ColumnEnd = match.ColumnEnd,
MatchedText = maskedSecret,
Category = rule.Category,
DetectedAtUtc = _timeProvider.GetUtcNow()
};
findings.Add(finding);
var evidence = SecretLeakEvidence.FromMatch(match, _masker, _ruleset!, _timeProvider);
findings.Add(evidence);
}
}

4
src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/AGENTS.md
View File

@@ -12,8 +12,8 @@ Provide deterministic call graph extraction for supported languages and native b
- `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
- `docs/modules/platform/architecture-overview.md`
- `docs/modules/scanner/architecture.md`
- `docs/reachability/DELIVERY_GUIDE.md`
- `docs/reachability/binary-reachability-schema.md`
- `docs/modules/reach-graph/guides/DELIVERY_GUIDE.md`
- `docs/modules/reach-graph/guides/binary-reachability-schema.md`
## Working Directory & Boundaries
- Primary scope: `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/`

2
src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/AGENTS.md
View File

@@ -156,7 +156,7 @@ Located in `Risk/`:
- `docs/modules/scanner/architecture.md`
- `docs/modules/platform/architecture-overview.md`
- `docs/modules/scanner/operations/entrypoint-problem.md`
- `docs/reachability/function-level-evidence.md`
- `docs/modules/reach-graph/guides/function-level-evidence.md`
## Working Agreement
- 1. Update task status to `DOING`/`DONE` in both correspoding sprint file `/docs/implplan/SPRINT_*.md` and the local `TASKS.md` when you start or finish work.

6
src/Scanner/__Libraries/StellaOps.Scanner.Reachability/AGENTS.md
View File

@@ -12,9 +12,9 @@ Deliver deterministic reachability analysis, slice generation, and evidence arti
- `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
- `docs/modules/platform/architecture-overview.md`
- `docs/modules/scanner/architecture.md`
- `docs/reachability/DELIVERY_GUIDE.md`
- `docs/reachability/slice-schema.md`
- `docs/reachability/replay-verification.md`
- `docs/modules/reach-graph/guides/DELIVERY_GUIDE.md`
- `docs/modules/reach-graph/guides/slice-schema.md`
- `docs/modules/reach-graph/guides/replay-verification.md`
## Working Directory & Boundaries
- Primary scope: `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/`

6
src/Scanner/__Libraries/StellaOps.Scanner.Reachability/SUBGRAPH_EXTRACTION.md
View File

@@ -225,7 +225,7 @@ If no entry points detected:
Sinks are vulnerable functions identified by CVE-to-symbol mapping.
**Data Source:** `IVulnSurfaceService` (see `docs/reachability/cve-symbol-mapping.md`)
**Data Source:** `IVulnSurfaceService` (see `docs/modules/reach-graph/guides/cve-symbol-mapping.md`)
### 4.2 CVE→Symbol Mapping Flow
@@ -643,9 +643,9 @@ public async Task ExtractSubgraph_WithSameInputs_ProducesSameHash(string fixture
- **Sprint:** `docs/implplan/SPRINT_3500_0001_0001_proof_of_exposure_mvp.md`
- **Advisory:** `docs/product-advisories/23-Dec-2026 - Binary Mapping as Attestable Proof.md`
- **Reachability Docs:** `docs/reachability/function-level-evidence.md`, `docs/reachability/lattice.md`
- **Reachability Docs:** `docs/modules/reach-graph/guides/function-level-evidence.md`, `docs/modules/reach-graph/guides/lattice.md`
- **EntryTrace:** `docs/modules/scanner/operations/entrypoint-static-analysis.md`
- **CVE Mapping:** `docs/reachability/cve-symbol-mapping.md`
- **CVE Mapping:** `docs/modules/reach-graph/guides/cve-symbol-mapping.md`
---

4
src/Scanner/__Libraries/StellaOps.Scanner.Runtime/AGENTS.md
View File

@@ -13,8 +13,8 @@ Capture and normalize runtime trace evidence (eBPF/ETW) and merge it with static
- `docs/modules/platform/architecture-overview.md`
- `docs/modules/scanner/architecture.md`
- `docs/modules/zastava/architecture.md`
- `docs/reachability/runtime-facts.md`
- `docs/reachability/runtime-static-union-schema.md`
- `docs/modules/reach-graph/guides/runtime-facts.md`
- `docs/modules/reach-graph/schemas/runtime-static-union-schema.md`
## Working Directory & Boundaries
- Primary scope: `src/Scanner/__Libraries/StellaOps.Scanner.Runtime/`

2
src/Scanner/__Libraries/StellaOps.Scanner.Storage.Oci/AGENTS.md
View File

@@ -12,7 +12,7 @@ Package and store reachability slice artifacts as OCI artifacts with determinist
- `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
- `docs/modules/platform/architecture-overview.md`
- `docs/modules/scanner/architecture.md`
- `docs/reachability/binary-reachability-schema.md`
- `docs/modules/reach-graph/guides/binary-reachability-schema.md`
- `docs/24_OFFLINE_KIT.md`
## Working Directory & Boundaries

2
src/Scanner/__Libraries/StellaOps.Scanner.VulnSurfaces/AGENTS.md
View File

@@ -12,7 +12,7 @@ Build and serve vulnerability surface data for CVE and package-level symbol mapp
- `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
- `docs/modules/platform/architecture-overview.md`
- `docs/modules/scanner/architecture.md`
- `docs/reachability/slice-schema.md`
- `docs/modules/reach-graph/guides/slice-schema.md`
## Working Directory & Boundaries
- Primary scope: `src/Scanner/__Libraries/StellaOps.Scanner.VulnSurfaces/`

3
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Java.Tests/Java/JavaEntrypointResolverTests.cs
View File

@@ -390,7 +390,8 @@ public sealed class JavaEntrypointResolverTests
tenantId: "test-tenant",
scanId: "scan-001",
stream,
cancellationToken);
timeProvider: null,
cancellationToken: cancellationToken);
stream.Position = 0;
using var reader = new StreamReader(stream);

3
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Tests/Core/LanguageAnalyzerContextTests.cs
View File

@@ -29,7 +29,8 @@ public sealed class LanguageAnalyzerContextTests
Array.Empty<string>(),
new SurfaceSecretsConfiguration("inline", "testtenant", null, null, null, true),
"testtenant",
new SurfaceTlsConfiguration(null, null, null));
new SurfaceTlsConfiguration(null, null, null))
{ CreatedAtUtc = DateTimeOffset.UtcNow };
var environment = new StubSurfaceEnvironment(settings);
var provider = new InMemorySurfaceSecretProvider();

2
src/Scanner/__Tests/StellaOps.Scanner.EntryTrace.Tests/Risk/CompositeRiskScorerTests.cs
View File

@@ -360,7 +360,7 @@ public sealed class RiskAggregatorTests
[Fact]
public void FleetRiskSummary_Empty_HasZeroValues()
{
var empty = FleetRiskSummary.Empty;
var empty = FleetRiskSummary.CreateEmpty();
Assert.Equal(0, empty.TotalSubjects);
Assert.Equal(0, empty.AverageScore);

92
src/Scanner/__Tests/StellaOps.Scanner.Reachability.Tests/GatewayBoundaryExtractorTests.cs
View File

@@ -44,7 +44,7 @@ public class GatewayBoundaryExtractorTests
[InlineData("static", false)]
public void CanHandle_WithSource_ReturnsExpected(string source, bool expected)
{
var context = BoundaryExtractionContext.Empty with { Source = source };
var context = BoundaryExtractionContext.CreateEmpty() with { Source = source };
Assert.Equal(expected, _extractor.CanHandle(context));
}
@@ -52,7 +52,7 @@ public class GatewayBoundaryExtractorTests
[Fact]
public void CanHandle_WithKongAnnotations_ReturnsTrue()
{
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Annotations = new Dictionary<string, string>
{
@@ -67,7 +67,7 @@ public class GatewayBoundaryExtractorTests
[Fact]
public void CanHandle_WithIstioAnnotations_ReturnsTrue()
{
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Annotations = new Dictionary<string, string>
{
@@ -82,7 +82,7 @@ public class GatewayBoundaryExtractorTests
[Fact]
public void CanHandle_WithTraefikAnnotations_ReturnsTrue()
{
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Annotations = new Dictionary<string, string>
{
@@ -97,7 +97,7 @@ public class GatewayBoundaryExtractorTests
[Fact]
public void CanHandle_WithEmptyAnnotations_ReturnsFalse()
{
var context = BoundaryExtractionContext.Empty;
var context = BoundaryExtractionContext.CreateEmpty();
Assert.False(_extractor.CanHandle(context));
}
@@ -110,7 +110,7 @@ public class GatewayBoundaryExtractorTests
public void Extract_WithKongSource_ReturnsKongGatewaySource()
{
var root = new RichGraphRoot("root-1", "kong", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "kong"
};
@@ -126,7 +126,7 @@ public class GatewayBoundaryExtractorTests
public void Extract_WithEnvoySource_ReturnsEnvoyGatewaySource()
{
var root = new RichGraphRoot("root-1", "envoy", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "envoy"
};
@@ -142,7 +142,7 @@ public class GatewayBoundaryExtractorTests
public void Extract_WithIstioAnnotations_ReturnsEnvoyGatewaySource()
{
var root = new RichGraphRoot("root-1", "gateway", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "gateway",
Annotations = new Dictionary<string, string>
@@ -162,7 +162,7 @@ public class GatewayBoundaryExtractorTests
public void Extract_WithApiGatewaySource_ReturnsAwsApigwSource()
{
var root = new RichGraphRoot("root-1", "apigateway", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "apigateway"
};
@@ -182,7 +182,7 @@ public class GatewayBoundaryExtractorTests
public void Extract_DefaultGateway_ReturnsPublicExposure()
{
var root = new RichGraphRoot("root-1", "kong", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "kong"
};
@@ -201,7 +201,7 @@ public class GatewayBoundaryExtractorTests
public void Extract_WithInternalFlag_ReturnsInternalExposure()
{
var root = new RichGraphRoot("root-1", "kong", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "kong",
Annotations = new Dictionary<string, string>
@@ -223,7 +223,7 @@ public class GatewayBoundaryExtractorTests
public void Extract_WithIstioMesh_ReturnsInternalExposure()
{
var root = new RichGraphRoot("root-1", "envoy", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "envoy",
Annotations = new Dictionary<string, string>
@@ -245,7 +245,7 @@ public class GatewayBoundaryExtractorTests
public void Extract_WithAwsPrivateEndpoint_ReturnsInternalExposure()
{
var root = new RichGraphRoot("root-1", "apigateway", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "apigateway",
Annotations = new Dictionary<string, string>
@@ -271,7 +271,7 @@ public class GatewayBoundaryExtractorTests
public void Extract_WithKongPath_ReturnsSurfaceWithPath()
{
var root = new RichGraphRoot("root-1", "kong", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "kong",
Annotations = new Dictionary<string, string>
@@ -293,7 +293,7 @@ public class GatewayBoundaryExtractorTests
public void Extract_WithKongHost_ReturnsSurfaceWithHost()
{
var root = new RichGraphRoot("root-1", "kong", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "kong",
Annotations = new Dictionary<string, string>
@@ -314,7 +314,7 @@ public class GatewayBoundaryExtractorTests
public void Extract_WithGrpcAnnotation_ReturnsGrpcProtocol()
{
var root = new RichGraphRoot("root-1", "kong", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "kong",
Annotations = new Dictionary<string, string>
@@ -335,7 +335,7 @@ public class GatewayBoundaryExtractorTests
public void Extract_WithWebsocketAnnotation_ReturnsWssProtocol()
{
var root = new RichGraphRoot("root-1", "kong", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "kong",
Annotations = new Dictionary<string, string>
@@ -356,7 +356,7 @@ public class GatewayBoundaryExtractorTests
public void Extract_DefaultProtocol_ReturnsHttps()
{
var root = new RichGraphRoot("root-1", "kong", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "kong"
};
@@ -378,7 +378,7 @@ public class GatewayBoundaryExtractorTests
public void Extract_WithKongJwtPlugin_ReturnsJwtAuth()
{
var root = new RichGraphRoot("root-1", "kong", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "kong",
Annotations = new Dictionary<string, string>
@@ -400,7 +400,7 @@ public class GatewayBoundaryExtractorTests
public void Extract_WithKongKeyAuth_ReturnsApiKeyAuth()
{
var root = new RichGraphRoot("root-1", "kong", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "kong",
Annotations = new Dictionary<string, string>
@@ -422,7 +422,7 @@ public class GatewayBoundaryExtractorTests
public void Extract_WithKongAcl_ReturnsRoles()
{
var root = new RichGraphRoot("root-1", "kong", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "kong",
Annotations = new Dictionary<string, string>
@@ -450,7 +450,7 @@ public class GatewayBoundaryExtractorTests
public void Extract_WithIstioJwt_ReturnsJwtAuth()
{
var root = new RichGraphRoot("root-1", "envoy", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "envoy",
Annotations = new Dictionary<string, string>
@@ -472,7 +472,7 @@ public class GatewayBoundaryExtractorTests
public void Extract_WithIstioMtls_ReturnsMtlsAuth()
{
var root = new RichGraphRoot("root-1", "envoy", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "envoy",
Annotations = new Dictionary<string, string>
@@ -494,7 +494,7 @@ public class GatewayBoundaryExtractorTests
public void Extract_WithEnvoyOidc_ReturnsOAuth2Auth()
{
var root = new RichGraphRoot("root-1", "envoy", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "envoy",
Annotations = new Dictionary<string, string>
@@ -521,7 +521,7 @@ public class GatewayBoundaryExtractorTests
public void Extract_WithCognitoAuthorizer_ReturnsOAuth2Auth()
{
var root = new RichGraphRoot("root-1", "apigateway", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "apigateway",
Annotations = new Dictionary<string, string>
@@ -544,7 +544,7 @@ public class GatewayBoundaryExtractorTests
public void Extract_WithApiKeyRequired_ReturnsApiKeyAuth()
{
var root = new RichGraphRoot("root-1", "apigateway", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "apigateway",
Annotations = new Dictionary<string, string>
@@ -566,7 +566,7 @@ public class GatewayBoundaryExtractorTests
public void Extract_WithLambdaAuthorizer_ReturnsCustomAuth()
{
var root = new RichGraphRoot("root-1", "apigateway", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "apigateway",
Annotations = new Dictionary<string, string>
@@ -589,7 +589,7 @@ public class GatewayBoundaryExtractorTests
public void Extract_WithIamAuthorizer_ReturnsIamAuth()
{
var root = new RichGraphRoot("root-1", "apigateway", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "apigateway",
Annotations = new Dictionary<string, string>
@@ -616,7 +616,7 @@ public class GatewayBoundaryExtractorTests
public void Extract_WithTraefikBasicAuth_ReturnsBasicAuth()
{
var root = new RichGraphRoot("root-1", "traefik", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "traefik",
Annotations = new Dictionary<string, string>
@@ -638,7 +638,7 @@ public class GatewayBoundaryExtractorTests
public void Extract_WithTraefikForwardAuth_ReturnsCustomAuth()
{
var root = new RichGraphRoot("root-1", "traefik", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "traefik",
Annotations = new Dictionary<string, string>
@@ -665,7 +665,7 @@ public class GatewayBoundaryExtractorTests
public void Extract_WithRateLimit_ReturnsRateLimitControl()
{
var root = new RichGraphRoot("root-1", "kong", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "kong",
Annotations = new Dictionary<string, string>
@@ -686,7 +686,7 @@ public class GatewayBoundaryExtractorTests
public void Extract_WithIpRestriction_ReturnsIpAllowlistControl()
{
var root = new RichGraphRoot("root-1", "kong", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "kong",
Annotations = new Dictionary<string, string>
@@ -707,7 +707,7 @@ public class GatewayBoundaryExtractorTests
public void Extract_WithCors_ReturnsCorsControl()
{
var root = new RichGraphRoot("root-1", "kong", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "kong",
Annotations = new Dictionary<string, string>
@@ -728,7 +728,7 @@ public class GatewayBoundaryExtractorTests
public void Extract_WithWaf_ReturnsWafControl()
{
var root = new RichGraphRoot("root-1", "kong", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "kong",
Annotations = new Dictionary<string, string>
@@ -749,7 +749,7 @@ public class GatewayBoundaryExtractorTests
public void Extract_WithRequestValidation_ReturnsInputValidationControl()
{
var root = new RichGraphRoot("root-1", "kong", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "kong",
Annotations = new Dictionary<string, string>
@@ -770,7 +770,7 @@ public class GatewayBoundaryExtractorTests
public void Extract_WithMultipleControls_ReturnsAllControls()
{
var root = new RichGraphRoot("root-1", "kong", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "kong",
Annotations = new Dictionary<string, string>
@@ -793,7 +793,7 @@ public class GatewayBoundaryExtractorTests
public void Extract_WithNoControls_ReturnsNullControls()
{
var root = new RichGraphRoot("root-1", "kong", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "kong"
};
@@ -813,7 +813,7 @@ public class GatewayBoundaryExtractorTests
public void Extract_BaseConfidence_Returns0Point75()
{
var root = new RichGraphRoot("root-1", "gateway", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "gateway"
};
@@ -829,7 +829,7 @@ public class GatewayBoundaryExtractorTests
public void Extract_WithKnownGateway_IncreasesConfidence()
{
var root = new RichGraphRoot("root-1", "kong", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "kong"
};
@@ -845,7 +845,7 @@ public class GatewayBoundaryExtractorTests
public void Extract_WithAuthAndRouteInfo_MaximizesConfidence()
{
var root = new RichGraphRoot("root-1", "kong", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "kong",
Annotations = new Dictionary<string, string>
@@ -866,7 +866,7 @@ public class GatewayBoundaryExtractorTests
public void Extract_ReturnsNetworkKind()
{
var root = new RichGraphRoot("root-1", "kong", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "kong"
};
@@ -882,7 +882,7 @@ public class GatewayBoundaryExtractorTests
public void Extract_BuildsEvidenceRef_WithGatewayType()
{
var root = new RichGraphRoot("root-123", "kong", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "kong",
Namespace = "production",
@@ -904,7 +904,7 @@ public class GatewayBoundaryExtractorTests
public async Task ExtractAsync_ReturnsSameResultAsExtract()
{
var root = new RichGraphRoot("root-1", "kong", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "kong",
Annotations = new Dictionary<string, string>
@@ -931,7 +931,7 @@ public class GatewayBoundaryExtractorTests
[Fact]
public void Extract_WithNullRoot_ThrowsArgumentNullException()
{
var context = BoundaryExtractionContext.Empty with { Source = "kong" };
var context = BoundaryExtractionContext.CreateEmpty() with { Source = "kong" };
Assert.Throws<ArgumentNullException>(() => _extractor.Extract(null!, null, context));
}
@@ -940,7 +940,7 @@ public class GatewayBoundaryExtractorTests
public void Extract_WhenCannotHandle_ReturnsNull()
{
var root = new RichGraphRoot("root-1", "static", null);
var context = BoundaryExtractionContext.Empty with { Source = "static" };
var context = BoundaryExtractionContext.CreateEmpty() with { Source = "static" };
var result = _extractor.Extract(root, null, context);
@@ -952,7 +952,7 @@ public class GatewayBoundaryExtractorTests
public void Extract_WithNoAuth_ReturnsNullAuth()
{
var root = new RichGraphRoot("root-1", "kong", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "kong"
};

96
src/Scanner/__Tests/StellaOps.Scanner.Reachability.Tests/IacBoundaryExtractorTests.cs
View File

@@ -45,7 +45,7 @@ public class IacBoundaryExtractorTests
[InlineData("kong", false)]
public void CanHandle_WithSource_ReturnsExpected(string source, bool expected)
{
var context = BoundaryExtractionContext.Empty with { Source = source };
var context = BoundaryExtractionContext.CreateEmpty() with { Source = source };
Assert.Equal(expected, _extractor.CanHandle(context));
}
@@ -53,7 +53,7 @@ public class IacBoundaryExtractorTests
[Fact]
public void CanHandle_WithTerraformAnnotations_ReturnsTrue()
{
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Annotations = new Dictionary<string, string>
{
@@ -68,7 +68,7 @@ public class IacBoundaryExtractorTests
[Fact]
public void CanHandle_WithCloudFormationAnnotations_ReturnsTrue()
{
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Annotations = new Dictionary<string, string>
{
@@ -83,7 +83,7 @@ public class IacBoundaryExtractorTests
[Fact]
public void CanHandle_WithHelmAnnotations_ReturnsTrue()
{
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Annotations = new Dictionary<string, string>
{
@@ -98,7 +98,7 @@ public class IacBoundaryExtractorTests
[Fact]
public void CanHandle_WithEmptyAnnotations_ReturnsFalse()
{
var context = BoundaryExtractionContext.Empty;
var context = BoundaryExtractionContext.CreateEmpty();
Assert.False(_extractor.CanHandle(context));
}
@@ -111,7 +111,7 @@ public class IacBoundaryExtractorTests
public void Extract_WithTerraformSource_ReturnsTerraformIacSource()
{
var root = new RichGraphRoot("root-1", "terraform", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "terraform"
};
@@ -127,7 +127,7 @@ public class IacBoundaryExtractorTests
public void Extract_WithCloudFormationSource_ReturnsCloudFormationIacSource()
{
var root = new RichGraphRoot("root-1", "cloudformation", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "cloudformation"
};
@@ -143,7 +143,7 @@ public class IacBoundaryExtractorTests
public void Extract_WithCfnSource_ReturnsCloudFormationIacSource()
{
var root = new RichGraphRoot("root-1", "cfn", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "cfn"
};
@@ -159,7 +159,7 @@ public class IacBoundaryExtractorTests
public void Extract_WithPulumiSource_ReturnsPulumiIacSource()
{
var root = new RichGraphRoot("root-1", "pulumi", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "pulumi"
};
@@ -175,7 +175,7 @@ public class IacBoundaryExtractorTests
public void Extract_WithHelmSource_ReturnsHelmIacSource()
{
var root = new RichGraphRoot("root-1", "helm", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "helm"
};
@@ -195,7 +195,7 @@ public class IacBoundaryExtractorTests
public void Extract_WithTerraformPublicSecurityGroup_ReturnsPublicExposure()
{
var root = new RichGraphRoot("root-1", "terraform", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "terraform",
Annotations = new Dictionary<string, string>
@@ -217,7 +217,7 @@ public class IacBoundaryExtractorTests
public void Extract_WithTerraformInternetFacingAlb_ReturnsPublicExposure()
{
var root = new RichGraphRoot("root-1", "terraform", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "terraform",
Annotations = new Dictionary<string, string>
@@ -239,7 +239,7 @@ public class IacBoundaryExtractorTests
public void Extract_WithTerraformPublicIp_ReturnsPublicExposure()
{
var root = new RichGraphRoot("root-1", "terraform", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "terraform",
Annotations = new Dictionary<string, string>
@@ -261,7 +261,7 @@ public class IacBoundaryExtractorTests
public void Extract_WithTerraformPrivateResource_ReturnsInternalExposure()
{
var root = new RichGraphRoot("root-1", "terraform", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "terraform",
Annotations = new Dictionary<string, string>
@@ -287,7 +287,7 @@ public class IacBoundaryExtractorTests
public void Extract_WithCloudFormationPublicSecurityGroup_ReturnsPublicExposure()
{
var root = new RichGraphRoot("root-1", "cloudformation", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "cloudformation",
Annotations = new Dictionary<string, string>
@@ -309,7 +309,7 @@ public class IacBoundaryExtractorTests
public void Extract_WithCloudFormationInternetFacingElb_ReturnsPublicExposure()
{
var root = new RichGraphRoot("root-1", "cloudformation", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "cloudformation",
Annotations = new Dictionary<string, string>
@@ -331,7 +331,7 @@ public class IacBoundaryExtractorTests
public void Extract_WithCloudFormationApiGateway_ReturnsPublicExposure()
{
var root = new RichGraphRoot("root-1", "cloudformation", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "cloudformation",
Annotations = new Dictionary<string, string>
@@ -357,7 +357,7 @@ public class IacBoundaryExtractorTests
public void Extract_WithHelmIngressEnabled_ReturnsPublicExposure()
{
var root = new RichGraphRoot("root-1", "helm", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "helm",
Annotations = new Dictionary<string, string>
@@ -379,7 +379,7 @@ public class IacBoundaryExtractorTests
public void Extract_WithHelmLoadBalancerService_ReturnsPublicExposure()
{
var root = new RichGraphRoot("root-1", "helm", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "helm",
Annotations = new Dictionary<string, string>
@@ -401,7 +401,7 @@ public class IacBoundaryExtractorTests
public void Extract_WithHelmClusterIpService_ReturnsPrivateExposure()
{
var root = new RichGraphRoot("root-1", "helm", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "helm",
Annotations = new Dictionary<string, string>
@@ -427,7 +427,7 @@ public class IacBoundaryExtractorTests
public void Extract_WithIamAuth_ReturnsIamAuthType()
{
var root = new RichGraphRoot("root-1", "terraform", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "terraform",
Annotations = new Dictionary<string, string>
@@ -450,7 +450,7 @@ public class IacBoundaryExtractorTests
public void Extract_WithCognitoAuth_ReturnsOAuth2AuthType()
{
var root = new RichGraphRoot("root-1", "cloudformation", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "cloudformation",
Annotations = new Dictionary<string, string>
@@ -473,7 +473,7 @@ public class IacBoundaryExtractorTests
public void Extract_WithAzureAdAuth_ReturnsOAuth2AuthType()
{
var root = new RichGraphRoot("root-1", "terraform", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "terraform",
Annotations = new Dictionary<string, string>
@@ -496,7 +496,7 @@ public class IacBoundaryExtractorTests
public void Extract_WithMtlsAuth_ReturnsMtlsAuthType()
{
var root = new RichGraphRoot("root-1", "terraform", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "terraform",
Annotations = new Dictionary<string, string>
@@ -518,7 +518,7 @@ public class IacBoundaryExtractorTests
public void Extract_WithNoAuth_ReturnsNullAuth()
{
var root = new RichGraphRoot("root-1", "terraform", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "terraform"
};
@@ -538,7 +538,7 @@ public class IacBoundaryExtractorTests
public void Extract_WithSecurityGroup_ReturnsSecurityGroupControl()
{
var root = new RichGraphRoot("root-1", "terraform", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "terraform",
Annotations = new Dictionary<string, string>
@@ -559,7 +559,7 @@ public class IacBoundaryExtractorTests
public void Extract_WithWaf_ReturnsWafControl()
{
var root = new RichGraphRoot("root-1", "terraform", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "terraform",
Annotations = new Dictionary<string, string>
@@ -580,7 +580,7 @@ public class IacBoundaryExtractorTests
public void Extract_WithVpc_ReturnsNetworkIsolationControl()
{
var root = new RichGraphRoot("root-1", "terraform", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "terraform",
Annotations = new Dictionary<string, string>
@@ -601,7 +601,7 @@ public class IacBoundaryExtractorTests
public void Extract_WithNacl_ReturnsNetworkAclControl()
{
var root = new RichGraphRoot("root-1", "terraform", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "terraform",
Annotations = new Dictionary<string, string>
@@ -622,7 +622,7 @@ public class IacBoundaryExtractorTests
public void Extract_WithDdosProtection_ReturnsDdosControl()
{
var root = new RichGraphRoot("root-1", "terraform", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "terraform",
Annotations = new Dictionary<string, string>
@@ -643,7 +643,7 @@ public class IacBoundaryExtractorTests
public void Extract_WithTls_ReturnsEncryptionControl()
{
var root = new RichGraphRoot("root-1", "terraform", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "terraform",
Annotations = new Dictionary<string, string>
@@ -664,7 +664,7 @@ public class IacBoundaryExtractorTests
public void Extract_WithPrivateEndpoint_ReturnsPrivateEndpointControl()
{
var root = new RichGraphRoot("root-1", "terraform", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "terraform",
Annotations = new Dictionary<string, string>
@@ -685,7 +685,7 @@ public class IacBoundaryExtractorTests
public void Extract_WithMultipleControls_ReturnsAllControls()
{
var root = new RichGraphRoot("root-1", "terraform", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "terraform",
Annotations = new Dictionary<string, string>
@@ -708,7 +708,7 @@ public class IacBoundaryExtractorTests
public void Extract_WithNoControls_ReturnsNullControls()
{
var root = new RichGraphRoot("root-1", "terraform", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "terraform"
};
@@ -728,7 +728,7 @@ public class IacBoundaryExtractorTests
public void Extract_WithHelmIngressPath_ReturnsSurfaceWithPath()
{
var root = new RichGraphRoot("root-1", "helm", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "helm",
Annotations = new Dictionary<string, string>
@@ -749,7 +749,7 @@ public class IacBoundaryExtractorTests
public void Extract_WithHelmIngressHost_ReturnsSurfaceWithHost()
{
var root = new RichGraphRoot("root-1", "helm", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "helm",
Annotations = new Dictionary<string, string>
@@ -770,7 +770,7 @@ public class IacBoundaryExtractorTests
public void Extract_DefaultSurfaceType_ReturnsInfrastructure()
{
var root = new RichGraphRoot("root-1", "terraform", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "terraform"
};
@@ -787,7 +787,7 @@ public class IacBoundaryExtractorTests
public void Extract_DefaultProtocol_ReturnsHttps()
{
var root = new RichGraphRoot("root-1", "terraform", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "terraform"
};
@@ -808,7 +808,7 @@ public class IacBoundaryExtractorTests
public void Extract_BaseConfidence_Returns0Point6()
{
var root = new RichGraphRoot("root-1", "iac", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "iac"
};
@@ -824,7 +824,7 @@ public class IacBoundaryExtractorTests
public void Extract_WithKnownIacType_IncreasesConfidence()
{
var root = new RichGraphRoot("root-1", "terraform", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "terraform"
};
@@ -840,7 +840,7 @@ public class IacBoundaryExtractorTests
public void Extract_WithSecurityResources_IncreasesConfidence()
{
var root = new RichGraphRoot("root-1", "terraform", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "terraform",
Annotations = new Dictionary<string, string>
@@ -860,7 +860,7 @@ public class IacBoundaryExtractorTests
public void Extract_MaxConfidence_CapsAt0Point85()
{
var root = new RichGraphRoot("root-1", "terraform", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "terraform",
Annotations = new Dictionary<string, string>
@@ -882,7 +882,7 @@ public class IacBoundaryExtractorTests
public void Extract_ReturnsNetworkKind()
{
var root = new RichGraphRoot("root-1", "terraform", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "terraform"
};
@@ -898,7 +898,7 @@ public class IacBoundaryExtractorTests
public void Extract_BuildsEvidenceRef_WithIacType()
{
var root = new RichGraphRoot("root-123", "terraform", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "terraform",
Namespace = "production",
@@ -920,7 +920,7 @@ public class IacBoundaryExtractorTests
public async Task ExtractAsync_ReturnsSameResultAsExtract()
{
var root = new RichGraphRoot("root-1", "terraform", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "terraform",
Annotations = new Dictionary<string, string>
@@ -947,7 +947,7 @@ public class IacBoundaryExtractorTests
[Fact]
public void Extract_WithNullRoot_ThrowsArgumentNullException()
{
var context = BoundaryExtractionContext.Empty with { Source = "terraform" };
var context = BoundaryExtractionContext.CreateEmpty() with { Source = "terraform" };
Assert.Throws<ArgumentNullException>(() => _extractor.Extract(null!, null, context));
}
@@ -956,7 +956,7 @@ public class IacBoundaryExtractorTests
public void Extract_WhenCannotHandle_ReturnsNull()
{
var root = new RichGraphRoot("root-1", "k8s", null);
var context = BoundaryExtractionContext.Empty with { Source = "k8s" };
var context = BoundaryExtractionContext.CreateEmpty() with { Source = "k8s" };
var result = _extractor.Extract(root, null, context);
@@ -968,7 +968,7 @@ public class IacBoundaryExtractorTests
public void Extract_WithLoadBalancer_SetsBehindProxyTrue()
{
var root = new RichGraphRoot("root-1", "terraform", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "terraform",
Annotations = new Dictionary<string, string>

76
src/Scanner/__Tests/StellaOps.Scanner.Reachability.Tests/K8sBoundaryExtractorTests.cs
View File

@@ -41,7 +41,7 @@ public class K8sBoundaryExtractorTests
[InlineData("runtime", false)]
public void CanHandle_WithSource_ReturnsExpected(string source, bool expected)
{
var context = BoundaryExtractionContext.Empty with { Source = source };
var context = BoundaryExtractionContext.CreateEmpty() with { Source = source };
Assert.Equal(expected, _extractor.CanHandle(context));
}
@@ -49,7 +49,7 @@ public class K8sBoundaryExtractorTests
[Fact]
public void CanHandle_WithK8sAnnotations_ReturnsTrue()
{
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Annotations = new Dictionary<string, string>
{
@@ -64,7 +64,7 @@ public class K8sBoundaryExtractorTests
[Fact]
public void CanHandle_WithIngressAnnotation_ReturnsTrue()
{
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Annotations = new Dictionary<string, string>
{
@@ -79,7 +79,7 @@ public class K8sBoundaryExtractorTests
[Fact]
public void CanHandle_WithEmptyAnnotations_ReturnsFalse()
{
var context = BoundaryExtractionContext.Empty;
var context = BoundaryExtractionContext.CreateEmpty();
Assert.False(_extractor.CanHandle(context));
}
@@ -92,7 +92,7 @@ public class K8sBoundaryExtractorTests
public void Extract_WithInternetFacing_ReturnsPublicExposure()
{
var root = new RichGraphRoot("root-1", "k8s", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "k8s",
IsInternetFacing = true
@@ -111,7 +111,7 @@ public class K8sBoundaryExtractorTests
public void Extract_WithIngressClass_ReturnsInternetFacing()
{
var root = new RichGraphRoot("root-1", "k8s", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "k8s",
Annotations = new Dictionary<string, string>
@@ -137,7 +137,7 @@ public class K8sBoundaryExtractorTests
string serviceType, string expectedLevel, bool expectedInternetFacing)
{
var root = new RichGraphRoot("root-1", "k8s", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "k8s",
Annotations = new Dictionary<string, string>
@@ -159,7 +159,7 @@ public class K8sBoundaryExtractorTests
public void Extract_WithExternalPorts_ReturnsInternalLevel()
{
var root = new RichGraphRoot("root-1", "k8s", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "k8s",
PortBindings = new Dictionary<int, string> { [443] = "https" }
@@ -177,7 +177,7 @@ public class K8sBoundaryExtractorTests
public void Extract_WithDmzZone_ReturnsInternalLevel()
{
var root = new RichGraphRoot("root-1", "k8s", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "k8s",
NetworkZone = "dmz"
@@ -200,7 +200,7 @@ public class K8sBoundaryExtractorTests
public void Extract_WithServicePath_ReturnsSurfaceWithPath()
{
var root = new RichGraphRoot("root-1", "k8s", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "k8s",
Annotations = new Dictionary<string, string>
@@ -221,7 +221,7 @@ public class K8sBoundaryExtractorTests
public void Extract_WithRewriteTarget_ReturnsSurfaceWithPath()
{
var root = new RichGraphRoot("root-1", "k8s", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "k8s",
Annotations = new Dictionary<string, string>
@@ -242,7 +242,7 @@ public class K8sBoundaryExtractorTests
public void Extract_WithNamespace_ReturnsSurfaceWithNamespacePath()
{
var root = new RichGraphRoot("root-1", "k8s", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "k8s",
Namespace = "production"
@@ -260,7 +260,7 @@ public class K8sBoundaryExtractorTests
public void Extract_WithTlsAnnotation_ReturnsHttpsProtocol()
{
var root = new RichGraphRoot("root-1", "k8s", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "k8s",
Annotations = new Dictionary<string, string>
@@ -281,7 +281,7 @@ public class K8sBoundaryExtractorTests
public void Extract_WithGrpcAnnotation_ReturnsGrpcProtocol()
{
var root = new RichGraphRoot("root-1", "k8s", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "k8s",
Annotations = new Dictionary<string, string>
@@ -302,7 +302,7 @@ public class K8sBoundaryExtractorTests
public void Extract_WithPortBinding_ReturnsSurfaceWithPort()
{
var root = new RichGraphRoot("root-1", "k8s", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "k8s",
PortBindings = new Dictionary<int, string> { [8080] = "http" }
@@ -320,7 +320,7 @@ public class K8sBoundaryExtractorTests
public void Extract_WithIngressHost_ReturnsSurfaceWithHost()
{
var root = new RichGraphRoot("root-1", "k8s", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "k8s",
Annotations = new Dictionary<string, string>
@@ -345,7 +345,7 @@ public class K8sBoundaryExtractorTests
public void Extract_WithBasicAuth_ReturnsBasicAuthType()
{
var root = new RichGraphRoot("root-1", "k8s", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "k8s",
Annotations = new Dictionary<string, string>
@@ -367,7 +367,7 @@ public class K8sBoundaryExtractorTests
public void Extract_WithOAuth_ReturnsOAuth2Type()
{
var root = new RichGraphRoot("root-1", "k8s", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "k8s",
Annotations = new Dictionary<string, string>
@@ -389,7 +389,7 @@ public class K8sBoundaryExtractorTests
public void Extract_WithMtls_ReturnsMtlsType()
{
var root = new RichGraphRoot("root-1", "k8s", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "k8s",
Annotations = new Dictionary<string, string>
@@ -411,7 +411,7 @@ public class K8sBoundaryExtractorTests
public void Extract_WithExplicitAuthType_ReturnsSpecifiedType()
{
var root = new RichGraphRoot("root-1", "k8s", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "k8s",
Annotations = new Dictionary<string, string>
@@ -433,7 +433,7 @@ public class K8sBoundaryExtractorTests
public void Extract_WithAuthRoles_ReturnsRolesList()
{
var root = new RichGraphRoot("root-1", "k8s", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "k8s",
Annotations = new Dictionary<string, string>
@@ -459,7 +459,7 @@ public class K8sBoundaryExtractorTests
public void Extract_WithNoAuth_ReturnsNullAuth()
{
var root = new RichGraphRoot("root-1", "k8s", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "k8s"
};
@@ -479,7 +479,7 @@ public class K8sBoundaryExtractorTests
public void Extract_WithNetworkPolicy_ReturnsNetworkPolicyControl()
{
var root = new RichGraphRoot("root-1", "k8s", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "k8s",
Namespace = "production",
@@ -505,7 +505,7 @@ public class K8sBoundaryExtractorTests
public void Extract_WithRateLimit_ReturnsRateLimitControl()
{
var root = new RichGraphRoot("root-1", "k8s", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "k8s",
Annotations = new Dictionary<string, string>
@@ -529,7 +529,7 @@ public class K8sBoundaryExtractorTests
public void Extract_WithIpAllowlist_ReturnsIpAllowlistControl()
{
var root = new RichGraphRoot("root-1", "k8s", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "k8s",
Annotations = new Dictionary<string, string>
@@ -553,7 +553,7 @@ public class K8sBoundaryExtractorTests
public void Extract_WithWaf_ReturnsWafControl()
{
var root = new RichGraphRoot("root-1", "k8s", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "k8s",
Annotations = new Dictionary<string, string>
@@ -577,7 +577,7 @@ public class K8sBoundaryExtractorTests
public void Extract_WithMultipleControls_ReturnsAllControls()
{
var root = new RichGraphRoot("root-1", "k8s", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "k8s",
Annotations = new Dictionary<string, string>
@@ -603,7 +603,7 @@ public class K8sBoundaryExtractorTests
public void Extract_WithNoControls_ReturnsNullControls()
{
var root = new RichGraphRoot("root-1", "k8s", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "k8s"
};
@@ -623,7 +623,7 @@ public class K8sBoundaryExtractorTests
public void Extract_BaseConfidence_Returns0Point7()
{
var root = new RichGraphRoot("root-1", "k8s", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "k8s"
};
@@ -639,7 +639,7 @@ public class K8sBoundaryExtractorTests
public void Extract_WithIngressAnnotation_IncreasesConfidence()
{
var root = new RichGraphRoot("root-1", "k8s", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "k8s",
Annotations = new Dictionary<string, string>
@@ -659,7 +659,7 @@ public class K8sBoundaryExtractorTests
public void Extract_WithServiceType_IncreasesConfidence()
{
var root = new RichGraphRoot("root-1", "k8s", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "k8s",
Annotations = new Dictionary<string, string>
@@ -679,7 +679,7 @@ public class K8sBoundaryExtractorTests
public void Extract_MaxConfidence_CapsAt0Point95()
{
var root = new RichGraphRoot("root-1", "k8s", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "k8s",
Annotations = new Dictionary<string, string>
@@ -700,7 +700,7 @@ public class K8sBoundaryExtractorTests
public void Extract_ReturnsK8sSource()
{
var root = new RichGraphRoot("root-1", "k8s", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "k8s"
};
@@ -716,7 +716,7 @@ public class K8sBoundaryExtractorTests
public void Extract_BuildsEvidenceRef_WithNamespaceAndEnvironment()
{
var root = new RichGraphRoot("root-123", "k8s", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "k8s",
Namespace = "production",
@@ -734,7 +734,7 @@ public class K8sBoundaryExtractorTests
public void Extract_ReturnsNetworkKind()
{
var root = new RichGraphRoot("root-1", "k8s", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "k8s"
};
@@ -754,7 +754,7 @@ public class K8sBoundaryExtractorTests
public async Task ExtractAsync_ReturnsSameResultAsExtract()
{
var root = new RichGraphRoot("root-1", "k8s", null);
var context = BoundaryExtractionContext.Empty with
var context = BoundaryExtractionContext.CreateEmpty() with
{
Source = "k8s",
Namespace = "production",
@@ -782,7 +782,7 @@ public class K8sBoundaryExtractorTests
[Fact]
public void Extract_WithNullRoot_ThrowsArgumentNullException()
{
var context = BoundaryExtractionContext.Empty with { Source = "k8s" };
var context = BoundaryExtractionContext.CreateEmpty() with { Source = "k8s" };
Assert.Throws<ArgumentNullException>(() => _extractor.Extract(null!, null, context));
}
@@ -791,7 +791,7 @@ public class K8sBoundaryExtractorTests
public void Extract_WhenCannotHandle_ReturnsNull()
{
var root = new RichGraphRoot("root-1", "static", null);
var context = BoundaryExtractionContext.Empty with { Source = "static" };
var context = BoundaryExtractionContext.CreateEmpty() with { Source = "static" };
var result = _extractor.Extract(root, null, context);

17
src/Scanner/__Tests/StellaOps.Scanner.Reachability.Tests/RichGraphBoundaryExtractorTests.cs
View File

@@ -40,7 +40,7 @@ public class RichGraphBoundaryExtractorTests
Attributes: null,
SymbolDigest: null);
var result = _extractor.Extract(root, rootNode, BoundaryExtractionContext.Empty);
var result = _extractor.Extract(root, rootNode, BoundaryExtractionContext.CreateEmpty());
Assert.NotNull(result);
Assert.Equal("network", result.Kind);
@@ -67,7 +67,7 @@ public class RichGraphBoundaryExtractorTests
Attributes: null,
SymbolDigest: null);
var result = _extractor.Extract(root, rootNode, BoundaryExtractionContext.Empty);
var result = _extractor.Extract(root, rootNode, BoundaryExtractionContext.CreateEmpty());
Assert.NotNull(result);
Assert.NotNull(result.Surface);
@@ -92,7 +92,7 @@ public class RichGraphBoundaryExtractorTests
Attributes: null,
SymbolDigest: null);
var result = _extractor.Extract(root, rootNode, BoundaryExtractionContext.Empty);
var result = _extractor.Extract(root, rootNode, BoundaryExtractionContext.CreateEmpty());
Assert.NotNull(result);
Assert.Equal("process", result.Kind);
@@ -118,7 +118,7 @@ public class RichGraphBoundaryExtractorTests
Attributes: null,
SymbolDigest: null);
var result = _extractor.Extract(root, rootNode, BoundaryExtractionContext.Empty);
var result = _extractor.Extract(root, rootNode, BoundaryExtractionContext.CreateEmpty());
Assert.NotNull(result);
Assert.Equal("library", result.Kind);
@@ -292,7 +292,7 @@ public class RichGraphBoundaryExtractorTests
Attributes: null,
SymbolDigest: null);
var result = _extractor.Extract(root, rootNode, BoundaryExtractionContext.Empty);
var result = _extractor.Extract(root, rootNode, BoundaryExtractionContext.CreateEmpty());
Assert.NotNull(result);
Assert.NotNull(result.Exposure);
@@ -319,11 +319,12 @@ public class RichGraphBoundaryExtractorTests
SymbolDigest: null);
// Empty context should have lower confidence
var emptyResult = _extractor.Extract(root, rootNode, BoundaryExtractionContext.Empty);
var emptyResult = _extractor.Extract(root, rootNode, BoundaryExtractionContext.CreateEmpty());
// Rich context should have higher confidence
var richContext = new BoundaryExtractionContext
{
Timestamp = DateTimeOffset.UtcNow,
IsInternetFacing = true,
NetworkZone = "dmz",
DetectedGates = new[]
@@ -390,7 +391,7 @@ public class RichGraphBoundaryExtractorTests
[Fact]
public void CanHandle_AlwaysReturnsTrue()
{
Assert.True(_extractor.CanHandle(BoundaryExtractionContext.Empty));
Assert.True(_extractor.CanHandle(BoundaryExtractionContext.CreateEmpty()));
Assert.True(_extractor.CanHandle(BoundaryExtractionContext.ForEnvironment("test")));
}
@@ -419,7 +420,7 @@ public class RichGraphBoundaryExtractorTests
Attributes: null,
SymbolDigest: null);
var result = await _extractor.ExtractAsync(root, rootNode, BoundaryExtractionContext.Empty);
var result = await _extractor.ExtractAsync(root, rootNode, BoundaryExtractionContext.CreateEmpty());
Assert.NotNull(result);
Assert.Equal("network", result.Kind);

1
src/Scanner/__Tests/StellaOps.Scanner.Storage.Tests/ClassificationChangeTrackerTests.cs
View File

@@ -174,6 +174,7 @@ public sealed class ClassificationChangeTrackerTests
PreviousStatus = previous,
NewStatus = next,
Cause = DriftCause.FeedDelta,
ChangedAt = DateTimeOffset.UtcNow
};
private sealed class FakeTimeProvider : TimeProvider

6
src/Scanner/__Tests/StellaOps.Scanner.Storage.Tests/ScanMetricsRepositoryTests.cs
View File

@@ -186,7 +186,8 @@ public sealed class ScanMetricsRepositoryTests : IAsyncLifetime
SignMs = 0,
PublishMs = 0
},
ScannerVersion = "1.0.0"
ScannerVersion = "1.0.0",
CreatedAt = baseTime
};
await _repository.SaveAsync(metrics, CancellationToken.None);
}
@@ -267,7 +268,8 @@ public sealed class ScanMetricsRepositoryTests : IAsyncLifetime
FinishedAt = DateTimeOffset.UtcNow,
Phases = phases ?? ScanPhaseTimings.Empty,
ScannerVersion = "1.0.0",
IsReplay = isReplay
IsReplay = isReplay,
CreatedAt = DateTimeOffset.UtcNow
};
}
}

29
src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/ScannerApplicationFactory.cs
View File

@@ -8,10 +8,12 @@ using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.DependencyInjection.Extensions;
using Npgsql;
using StellaOps.Infrastructure.Postgres.Testing;
using StellaOps.Scanner.Reachability.Slices;
using StellaOps.Scanner.Storage;
using StellaOps.Scanner.Surface.Validation;
using StellaOps.Scanner.Triage;
using StellaOps.Scanner.WebService.Diagnostics;
using StellaOps.Scanner.WebService.Services;
namespace StellaOps.Scanner.WebService.Tests;
@@ -143,6 +145,7 @@ public sealed class ScannerApplicationFactory : WebApplicationFactory<ServiceSta
configureServices?.Invoke(services);
services.RemoveAll<ISurfaceValidatorRunner>();
services.AddSingleton<ISurfaceValidatorRunner, TestSurfaceValidatorRunner>();
services.TryAddSingleton<ISliceQueryService, NullSliceQueryService>();
});
}
@@ -208,4 +211,30 @@ public sealed class ScannerApplicationFactory : WebApplicationFactory<ServiceSta
".."));
}
}
private sealed class NullSliceQueryService : ISliceQueryService
{
public Task<SliceQueryResponse> QueryAsync(SliceQueryRequest request, CancellationToken cancellationToken = default)
=> Task.FromResult(new SliceQueryResponse
{
SliceDigest = "sha256:null",
Verdict = "unknown",
Confidence = 0.0,
CacheHit = false
});
public Task<ReachabilitySlice?> GetSliceAsync(string digest, CancellationToken cancellationToken = default)
=> Task.FromResult<ReachabilitySlice?>(null);
public Task<object?> GetSliceDsseAsync(string digest, CancellationToken cancellationToken = default)
=> Task.FromResult<object?>(null);
public Task<SliceReplayResponse> ReplayAsync(SliceReplayRequest request, CancellationToken cancellationToken = default)
=> Task.FromResult(new SliceReplayResponse
{
Match = true,
OriginalDigest = request.SliceDigest ?? "sha256:null",
RecomputedDigest = request.SliceDigest ?? "sha256:null"
});
}
}

3
src/Scanner/__Tests/StellaOps.Scanner.Worker.Tests/EntryTraceExecutionServiceTests.cs
View File

@@ -367,7 +367,8 @@ public sealed class EntryTraceExecutionServiceTests : IDisposable
Array.Empty<string>(),
new SurfaceSecretsConfiguration("inline", "tenant", null, null, null, AllowInline: true),
"tenant",
new SurfaceTlsConfiguration(null, null, null));
new SurfaceTlsConfiguration(null, null, null))
{ CreatedAtUtc = DateTimeOffset.UtcNow };
RawVariables = new Dictionary<string, string>();
}

3
src/Scanner/__Tests/StellaOps.Scanner.Worker.Tests/SurfaceCacheOptionsConfiguratorTests.cs
View File

@@ -26,7 +26,8 @@ public sealed class SurfaceCacheOptionsConfiguratorTests
Array.Empty<string>(),
new SurfaceSecretsConfiguration("file", "tenant-a", "/etc/secrets", null, null, false),
"tenant-a",
new SurfaceTlsConfiguration(null, null, new X509Certificate2Collection()));
new SurfaceTlsConfiguration(null, null, new X509Certificate2Collection()))
{ CreatedAtUtc = DateTimeOffset.UtcNow };
var environment = new StubSurfaceEnvironment(settings);
var configurator = new SurfaceCacheOptionsConfigurator(environment);

3
src/Scanner/__Tests/StellaOps.Scanner.Worker.Tests/SurfaceManifestStageExecutorTests.cs
View File

@@ -739,7 +739,8 @@ public sealed class SurfaceManifestStageExecutorTests
FeatureFlags: Array.Empty<string>(),
Secrets: new SurfaceSecretsConfiguration("none", tenant, null, null, null, false),
Tenant: tenant,
Tls: new SurfaceTlsConfiguration(null, null, null));
Tls: new SurfaceTlsConfiguration(null, null, null))
{ CreatedAtUtc = DateTimeOffset.UtcNow };
}
public SurfaceEnvironmentSettings Settings { get; }

3
src/Scanner/__Tests/StellaOps.Scanner.Worker.Tests/SurfaceManifestStoreOptionsConfiguratorTests.cs
View File

@@ -27,7 +27,8 @@ public sealed class SurfaceManifestStoreOptionsConfiguratorTests
Array.Empty<string>(),
new SurfaceSecretsConfiguration("file", "tenant-a", "/etc/secrets", null, null, false),
"tenant-a",
new SurfaceTlsConfiguration(null, null, new X509Certificate2Collection()));
new SurfaceTlsConfiguration(null, null, new X509Certificate2Collection()))
{ CreatedAtUtc = DateTimeOffset.UtcNow };
var environment = new StubSurfaceEnvironment(settings);
var cacheOptions = Microsoft.Extensions.Options.Options.Create(new SurfaceCacheOptions { RootDirectory = cacheRoot.FullName });