Add tests and implement StubBearer authentication for Signer endpoints

- Created SignerEndpointsTests to validate the SignDsse and VerifyReferrers endpoints. - Implemented StubBearerAuthenticationDefaults and StubBearerAuthenticationHandler for token-based authentication. - Developed ConcelierExporterClient for managing Trivy DB settings and export operations. - Added TrivyDbSettingsPageComponent for UI interactions with Trivy DB settings, including form handling and export triggering. - Implemented styles and HTML structure for Trivy DB settings page. - Created NotifySmokeCheck tool for validating Redis event streams and Notify deliveries.
2025-10-21 09:37:07 +03:00
parent d6cb41dd51
commit 48f3071e2a
298 changed files with 20490 additions and 5751 deletions
--- a/src/StellaOps.Concelier.Connector.StellaOpsMirror.Tests/SampleData.cs
+++ b/src/StellaOps.Concelier.Connector.StellaOpsMirror.Tests/SampleData.cs
@@ -0,0 +1,265 @@
+using System;
+using System.Globalization;
+using StellaOps.Concelier.Connector.StellaOpsMirror.Internal;
+using StellaOps.Concelier.Models;
+
+namespace StellaOps.Concelier.Connector.StellaOpsMirror.Tests;
+
+internal static class SampleData
+{
+    public const string BundleFixture = "mirror-bundle.sample.json";
+    public const string AdvisoryFixture = "mirror-advisory.expected.json";
+    public const string TargetRepository = "mirror-primary";
+    public const string DomainId = "primary";
+    public const string AdvisoryKey = "CVE-2025-1111";
+    public const string GhsaAlias = "GHSA-xxxx-xxxx-xxxx";
+
+    public static DateTimeOffset GeneratedAt { get; } = new(2025, 10, 19, 12, 0, 0, TimeSpan.Zero);
+
+    public static MirrorBundleDocument CreateBundle()
+        => new(
+            SchemaVersion: 1,
+            GeneratedAt: GeneratedAt,
+            TargetRepository: TargetRepository,
+            DomainId: DomainId,
+            DisplayName: "Primary Mirror",
+            AdvisoryCount: 1,
+            Advisories: new[] { CreateSourceAdvisory() },
+            Sources: new[]
+            {
+                new MirrorSourceSummary("ghsa", GeneratedAt, GeneratedAt, 1)
+            });
+
+    public static Advisory CreateExpectedMappedAdvisory()
+    {
+        var baseAdvisory = CreateSourceAdvisory();
+        var recordedAt = GeneratedAt.ToUniversalTime();
+        var mirrorValue = BuildMirrorValue(recordedAt);
+
+        var topProvenance = baseAdvisory.Provenance.Add(new AdvisoryProvenance(
+            StellaOpsMirrorConnector.Source,
+            "map",
+            mirrorValue,
+            recordedAt,
+            new[]
+            {
+                ProvenanceFieldMasks.Advisory,
+                ProvenanceFieldMasks.References,
+                ProvenanceFieldMasks.Credits,
+                ProvenanceFieldMasks.CvssMetrics,
+                ProvenanceFieldMasks.Weaknesses,
+            }));
+
+        var package = baseAdvisory.AffectedPackages[0];
+        var packageProvenance = package.Provenance.Add(new AdvisoryProvenance(
+            StellaOpsMirrorConnector.Source,
+            "map",
+            $"{mirrorValue};package={package.Identifier}",
+            recordedAt,
+            new[]
+            {
+                ProvenanceFieldMasks.AffectedPackages,
+                ProvenanceFieldMasks.VersionRanges,
+                ProvenanceFieldMasks.PackageStatuses,
+                ProvenanceFieldMasks.NormalizedVersions,
+            }));
+        var updatedPackage = new AffectedPackage(
+            package.Type,
+            package.Identifier,
+            package.Platform,
+            package.VersionRanges,
+            package.Statuses,
+            packageProvenance,
+            package.NormalizedVersions);
+
+        return new Advisory(
+            AdvisoryKey,
+            baseAdvisory.Title,
+            baseAdvisory.Summary,
+            baseAdvisory.Language,
+            baseAdvisory.Published,
+            baseAdvisory.Modified,
+            baseAdvisory.Severity,
+            baseAdvisory.ExploitKnown,
+            new[] { AdvisoryKey, GhsaAlias },
+            baseAdvisory.Credits,
+            baseAdvisory.References,
+            new[] { updatedPackage },
+            baseAdvisory.CvssMetrics,
+            topProvenance,
+            baseAdvisory.Description,
+            baseAdvisory.Cwes,
+            baseAdvisory.CanonicalMetricId);
+    }
+
+    private static Advisory CreateSourceAdvisory()
+    {
+        var recordedAt = GeneratedAt.ToUniversalTime();
+
+        var reference = new AdvisoryReference(
+            "https://example.com/advisory",
+            "advisory",
+            "vendor",
+            "Vendor bulletin",
+            new AdvisoryProvenance(
+                "ghsa",
+                "map",
+                "reference",
+                recordedAt,
+                new[]
+                {
+                    ProvenanceFieldMasks.References,
+                }));
+
+        var credit = new AdvisoryCredit(
+            "Security Researcher",
+            "reporter",
+            new[] { "mailto:researcher@example.com" },
+            new AdvisoryProvenance(
+                "ghsa",
+                "map",
+                "credit",
+                recordedAt,
+                new[]
+                {
+                    ProvenanceFieldMasks.Credits,
+                }));
+
+        var semVerPrimitive = new SemVerPrimitive(
+            Introduced: "1.0.0",
+            IntroducedInclusive: true,
+            Fixed: "1.2.0",
+            FixedInclusive: false,
+            LastAffected: null,
+            LastAffectedInclusive: true,
+            ConstraintExpression: ">=1.0.0,<1.2.0",
+            ExactValue: null);
+
+        var range = new AffectedVersionRange(
+            rangeKind: "semver",
+            introducedVersion: "1.0.0",
+            fixedVersion: "1.2.0",
+            lastAffectedVersion: null,
+            rangeExpression: ">=1.0.0,<1.2.0",
+            provenance: new AdvisoryProvenance(
+                "ghsa",
+                "map",
+                "range",
+                recordedAt,
+                new[]
+                {
+                    ProvenanceFieldMasks.VersionRanges,
+                }),
+            primitives: new RangePrimitives(semVerPrimitive, null, null, null));
+
+        var status = new AffectedPackageStatus(
+            "fixed",
+            new AdvisoryProvenance(
+                "ghsa",
+                "map",
+                "status",
+                recordedAt,
+                new[]
+                {
+                    ProvenanceFieldMasks.PackageStatuses,
+                }));
+
+        var normalizedRule = new NormalizedVersionRule(
+            scheme: "semver",
+            type: "range",
+            min: "1.0.0",
+            minInclusive: true,
+            max: "1.2.0",
+            maxInclusive: false,
+            value: null,
+            notes: null);
+
+        var package = new AffectedPackage(
+            AffectedPackageTypes.SemVer,
+            "pkg:npm/example@1.0.0",
+            platform: null,
+            versionRanges: new[] { range },
+            statuses: new[] { status },
+            provenance: new[]
+            {
+                new AdvisoryProvenance(
+                    "ghsa",
+                    "map",
+                    "package",
+                    recordedAt,
+                    new[]
+                    {
+                        ProvenanceFieldMasks.AffectedPackages,
+                    })
+            },
+            normalizedVersions: new[] { normalizedRule });
+
+        var cvss = new CvssMetric(
+            "3.1",
+            "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+            9.8,
+            "critical",
+            new AdvisoryProvenance(
+                "ghsa",
+                "map",
+                "cvss",
+                recordedAt,
+                new[]
+                {
+                    ProvenanceFieldMasks.CvssMetrics,
+                }));
+
+        var weakness = new AdvisoryWeakness(
+            "cwe",
+            "CWE-79",
+            "Cross-site Scripting",
+            "https://cwe.mitre.org/data/definitions/79.html",
+            new[]
+            {
+                new AdvisoryProvenance(
+                    "ghsa",
+                    "map",
+                    "cwe",
+                    recordedAt,
+                    new[]
+                    {
+                        ProvenanceFieldMasks.Weaknesses,
+                    })
+            });
+
+        var advisory = new Advisory(
+            AdvisoryKey,
+            "Sample Mirror Advisory",
+            "Upstream advisory replicated through StellaOps mirror.",
+            "en",
+            published: new DateTimeOffset(2025, 10, 10, 0, 0, 0, TimeSpan.Zero),
+            modified: new DateTimeOffset(2025, 10, 11, 0, 0, 0, TimeSpan.Zero),
+            severity: "high",
+            exploitKnown: false,
+            aliases: new[] { GhsaAlias },
+            credits: new[] { credit },
+            references: new[] { reference },
+            affectedPackages: new[] { package },
+            cvssMetrics: new[] { cvss },
+            provenance: new[]
+            {
+                new AdvisoryProvenance(
+                    "ghsa",
+                    "map",
+                    "advisory",
+                    recordedAt,
+                    new[]
+                    {
+                        ProvenanceFieldMasks.Advisory,
+                    })
+            },
+            description: "Deterministic test payload distributed via mirror.",
+            cwes: new[] { weakness },
+            canonicalMetricId: "cvss::ghsa::CVE-2025-1111");
+
+        return CanonicalJsonSerializer.Normalize(advisory);
+    }
+
+    private static string BuildMirrorValue(DateTimeOffset recordedAt)
+        => $"domain={DomainId};repository={TargetRepository};generated={recordedAt.ToString("O", CultureInfo.InvariantCulture)}";
+}