Add tests for SBOM generation determinism across multiple formats

- Created `StellaOps.TestKit.Tests` project for unit tests related to determinism. - Implemented `DeterminismManifestTests` to validate deterministic output for canonical bytes and strings, file read/write operations, and error handling for invalid schema versions. - Added `SbomDeterminismTests` to ensure identical inputs produce consistent SBOMs across SPDX 3.0.1 and CycloneDX 1.6/1.7 formats, including parallel execution tests. - Updated project references in `StellaOps.Integration.Determinism` to include the new determinism testing library.
2025-12-23 18:56:12 +02:00
parent 7ac70ece71
commit 491e883653
409 changed files with 23797 additions and 17779 deletions
--- a/src/__Libraries/StellaOps.TestKit/Assertions/CanonicalJsonAssert.cs
+++ b/src/__Libraries/StellaOps.TestKit/Assertions/CanonicalJsonAssert.cs
@@ -0,0 +1,130 @@
+using System.Security.Cryptography;
+using System.Text;
+using System.Text.Json;
+using Xunit;
+
+namespace StellaOps.TestKit.Assertions;
+
+/// <summary>
+/// Provides assertions for canonical JSON serialization and determinism testing.
+/// </summary>
+/// <remarks>
+/// Canonical JSON ensures:
+/// - Stable key ordering (alphabetical)
+/// - Consistent number formatting
+/// - No whitespace variations
+/// - UTF-8 encoding
+/// - Deterministic output (same input → same bytes)
+/// </remarks>
+public static class CanonicalJsonAssert
+{
+    /// <summary>
+    /// Asserts that the canonical JSON serialization of the value produces the expected SHA-256 hash.
+    /// </summary>
+    /// <param name="value">The value to serialize.</param>
+    /// <param name="expectedSha256Hex">The expected SHA-256 hash (lowercase hex string).</param>
+    public static void HasExpectedHash<T>(T value, string expectedSha256Hex)
+    {
+        string actualHash = Canonical.Json.CanonJson.Hash(value);
+        Assert.Equal(expectedSha256Hex.ToLowerInvariant(), actualHash);
+    }
+
+    /// <summary>
+    /// Asserts that two values produce identical canonical JSON.
+    /// </summary>
+    public static void AreCanonicallyEqual<T>(T expected, T actual)
+    {
+        byte[] expectedBytes = Canonical.Json.CanonJson.Canonicalize(expected);
+        byte[] actualBytes = Canonical.Json.CanonJson.Canonicalize(actual);
+
+        Assert.Equal(expectedBytes, actualBytes);
+    }
+
+    /// <summary>
+    /// Asserts that serializing the value multiple times produces identical bytes (determinism check).
+    /// </summary>
+    public static void IsDeterministic<T>(T value, int iterations = 10)
+    {
+        byte[]? baseline = null;
+
+        for (int i = 0; i < iterations; i++)
+        {
+            byte[] current = Canonical.Json.CanonJson.Canonicalize(value);
+
+            if (baseline == null)
+            {
+                baseline = current;
+            }
+            else
+            {
+                Assert.Equal(baseline, current);
+            }
+        }
+    }
+
+    /// <summary>
+    /// Computes the SHA-256 hash of the canonical JSON and returns it as a lowercase hex string.
+    /// </summary>
+    public static string ComputeCanonicalHash<T>(T value)
+    {
+        return Canonical.Json.CanonJson.Hash(value);
+    }
+
+    /// <summary>
+    /// Asserts that the canonical JSON matches the expected string (useful for debugging).
+    /// </summary>
+    public static void MatchesJson<T>(T value, string expectedJson)
+    {
+        byte[] canonicalBytes = Canonical.Json.CanonJson.Canonicalize(value);
+        string actualJson = System.Text.Encoding.UTF8.GetString(canonicalBytes);
+        Assert.Equal(expectedJson, actualJson);
+    }
+
+    /// <summary>
+    /// Asserts that the JSON contains the expected key-value pair (deep search).
+    /// </summary>
+    public static void ContainsProperty<T>(T value, string propertyPath, object expectedValue)
+    {
+        byte[] canonicalBytes = Canonical.Json.CanonJson.Canonicalize(value);
+        using var doc = JsonDocument.Parse(canonicalBytes);
+
+        JsonElement? element = FindPropertyByPath(doc.RootElement, propertyPath);
+
+        Assert.NotNull(element);
+
+        // Compare values
+        string expectedJson = JsonSerializer.Serialize(expectedValue);
+        string actualJson = element.Value.GetRawText();
+
+        Assert.Equal(expectedJson, actualJson);
+    }
+
+    private static JsonElement? FindPropertyByPath(JsonElement root, string path)
+    {
+        var parts = path.Split('.');
+        var current = root;
+
+        foreach (var part in parts)
+        {
+            if (current.ValueKind != JsonValueKind.Object)
+            {
+                return null;
+            }
+
+            if (!current.TryGetProperty(part, out var next))
+            {
+                return null;
+            }
+
+            current = next;
+        }
+
+        return current;
+    }
+
+    private static string ComputeSha256Hex(byte[] data)
+    {
+        byte[] hash = SHA256.HashData(data);
+        return Convert.ToHexString(hash).ToLowerInvariant();
+    }
+}
--- a/src/__Libraries/StellaOps.TestKit/Assertions/SnapshotAssert.cs
+++ b/src/__Libraries/StellaOps.TestKit/Assertions/SnapshotAssert.cs
@@ -0,0 +1,114 @@
+using System.Text;
+using System.Text.Json;
+using Xunit;
+
+namespace StellaOps.TestKit.Assertions;
+
+/// <summary>
+/// Provides snapshot testing assertions for golden master testing.
+/// Snapshots are stored in the test project's `Snapshots/` directory.
+/// </summary>
+/// <remarks>
+/// Usage:
+/// <code>
+/// [Fact]
+/// public void TestSbomGeneration()
+/// {
+///     var sbom = GenerateSbom();
+///
+///     // Snapshot will be stored in Snapshots/TestSbomGeneration.json
+///     SnapshotAssert.MatchesSnapshot(sbom, snapshotName: "TestSbomGeneration");
+/// }
+/// </code>
+///
+/// To update snapshots (e.g., after intentional changes), set environment variable:
+/// UPDATE_SNAPSHOTS=1 dotnet test
+/// </remarks>
+public static class SnapshotAssert
+{
+    private static readonly bool UpdateSnapshotsMode =
+        Environment.GetEnvironmentVariable("UPDATE_SNAPSHOTS") == "1";
+
+    /// <summary>
+    /// Asserts that the value matches the stored snapshot. If UPDATE_SNAPSHOTS=1, updates the snapshot.
+    /// </summary>
+    /// <param name="value">The value to snapshot (will be JSON-serialized).</param>
+    /// <param name="snapshotName">The snapshot name (filename without extension).</param>
+    /// <param name="snapshotsDirectory">Optional directory for snapshots (default: "Snapshots" in test project).</param>
+    public static void MatchesSnapshot<T>(T value, string snapshotName, string? snapshotsDirectory = null)
+    {
+        snapshotsDirectory ??= Path.Combine(Directory.GetCurrentDirectory(), "Snapshots");
+        Directory.CreateDirectory(snapshotsDirectory);
+
+        string snapshotPath = Path.Combine(snapshotsDirectory, $"{snapshotName}.json");
+
+        // Serialize to pretty JSON for readability
+        string actualJson = JsonSerializer.Serialize(value, new JsonSerializerOptions
+        {
+            WriteIndented = true,
+            PropertyNamingPolicy = JsonNamingPolicy.CamelCase
+        });
+
+        if (UpdateSnapshotsMode)
+        {
+            // Update snapshot
+            File.WriteAllText(snapshotPath, actualJson, Encoding.UTF8);
+            return; // Don't assert in update mode
+        }
+
+        // Verify snapshot exists
+        Assert.True(File.Exists(snapshotPath),
+            $"Snapshot '{snapshotName}' not found at {snapshotPath}. Run with UPDATE_SNAPSHOTS=1 to create it.");
+
+        // Compare with stored snapshot
+        string expectedJson = File.ReadAllText(snapshotPath, Encoding.UTF8);
+
+        Assert.Equal(expectedJson, actualJson);
+    }
+
+    /// <summary>
+    /// Asserts that the text matches the stored snapshot.
+    /// </summary>
+    public static void MatchesTextSnapshot(string value, string snapshotName, string? snapshotsDirectory = null)
+    {
+        snapshotsDirectory ??= Path.Combine(Directory.GetCurrentDirectory(), "Snapshots");
+        Directory.CreateDirectory(snapshotsDirectory);
+
+        string snapshotPath = Path.Combine(snapshotsDirectory, $"{snapshotName}.txt");
+
+        if (UpdateSnapshotsMode)
+        {
+            File.WriteAllText(snapshotPath, value, Encoding.UTF8);
+            return;
+        }
+
+        Assert.True(File.Exists(snapshotPath),
+            $"Snapshot '{snapshotName}' not found at {snapshotPath}. Run with UPDATE_SNAPSHOTS=1 to create it.");
+
+        string expected = File.ReadAllText(snapshotPath, Encoding.UTF8);
+        Assert.Equal(expected, value);
+    }
+
+    /// <summary>
+    /// Asserts that binary data matches the stored snapshot.
+    /// </summary>
+    public static void MatchesBinarySnapshot(byte[] value, string snapshotName, string? snapshotsDirectory = null)
+    {
+        snapshotsDirectory ??= Path.Combine(Directory.GetCurrentDirectory(), "Snapshots");
+        Directory.CreateDirectory(snapshotsDirectory);
+
+        string snapshotPath = Path.Combine(snapshotsDirectory, $"{snapshotName}.bin");
+
+        if (UpdateSnapshotsMode)
+        {
+            File.WriteAllBytes(snapshotPath, value);
+            return;
+        }
+
+        Assert.True(File.Exists(snapshotPath),
+            $"Snapshot '{snapshotName}' not found at {snapshotPath}. Run with UPDATE_SNAPSHOTS=1 to create it.");
+
+        byte[] expected = File.ReadAllBytes(snapshotPath);
+        Assert.Equal(expected, value);
+    }
+}