Add sample proof bundle configurations and verification script
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Console CI / console-ci (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Export Center CI / export-ci (push) Has been cancelled
VEX Proof Bundles / verify-bundles (push) Has been cancelled
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Console CI / console-ci (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Export Center CI / export-ci (push) Has been cancelled
VEX Proof Bundles / verify-bundles (push) Has been cancelled
- Introduced sample proof bundle configuration files for testing, including `sample-proof-bundle-config.dsse.json`, `sample-proof-bundle.dsse.json`, and `sample-proof-bundle.json`. - Implemented a verification script `test_verify_sample.sh` to validate proof bundles against specified schemas and catalogs. - Updated existing proof bundle configurations with new metadata, including versioning, created timestamps, and justification details. - Enhanced evidence entries with expiration dates and hashes for better integrity checks. - Ensured all new configurations adhere to the defined schema for consistency and reliability in testing.
This commit is contained in:
StellaOps Bot
@@ -0,0 +1,156 @@
|
||||
using System.Net.Http.Json;
|
||||
using FluentAssertions;
|
||||
using Microsoft.AspNetCore.Mvc.Testing;
|
||||
using Mongo2Go;
|
||||
using MongoDB.Bson;
|
||||
using MongoDB.Driver;
|
||||
using StellaOps.SbomService.Models;
|
||||
using Xunit;
|
||||
|
||||
namespace StellaOps.SbomService.Tests;
|
||||
|
||||
public class SbomMongoStorageTests : IAsyncLifetime
|
||||
{
|
||||
private readonly WebApplicationFactory<Program> _factory;
|
||||
private MongoDbRunner? _runner;
|
||||
|
||||
public SbomMongoStorageTests(WebApplicationFactory<Program> factory)
|
||||
{
|
||||
_factory = factory;
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task Console_catalog_reads_from_mongo_storage()
|
||||
{
|
||||
using var client = CreateClient();
|
||||
|
||||
var response = await client.GetAsync("/console/sboms?artifact=mongo-api&limit=1");
|
||||
response.EnsureSuccessStatusCode();
|
||||
|
||||
var payload = await response.Content.ReadFromJsonAsync<SbomCatalogResult>();
|
||||
payload.Should().NotBeNull();
|
||||
payload!.Items.Should().ContainSingle();
|
||||
payload.Items[0].Artifact.Should().Be("ghcr.io/stellaops/mongo-api");
|
||||
payload.Items[0].ProjectionHash.Should().Be("sha256:proj-mongo-2");
|
||||
payload.NextCursor.Should().Be("1");
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task Component_lookup_returns_storage_results_and_cursor()
|
||||
{
|
||||
using var client = CreateClient();
|
||||
|
||||
var response = await client.GetAsync("/components/lookup?purl=pkg:npm/mongo-lib@1.0.0&limit=1");
|
||||
response.EnsureSuccessStatusCode();
|
||||
|
||||
var payload = await response.Content.ReadFromJsonAsync<ComponentLookupResult>();
|
||||
payload.Should().NotBeNull();
|
||||
payload!.CacheHint.Should().Be("storage");
|
||||
payload.Neighbors.Should().ContainSingle();
|
||||
payload.Neighbors[0].Purl.Should().Be("pkg:npm/express@4.18.2");
|
||||
payload.NextCursor.Should().Be("1");
|
||||
}
|
||||
|
||||
public Task InitializeAsync()
|
||||
{
|
||||
_runner = MongoDbRunner.Start(singleNodeReplSet: false, additionalMongodArguments: "--quiet");
|
||||
return SeedMongoAsync();
|
||||
}
|
||||
|
||||
public Task DisposeAsync()
|
||||
{
|
||||
_runner?.Dispose();
|
||||
return Task.CompletedTask;
|
||||
}
|
||||
|
||||
private HttpClient CreateClient()
|
||||
{
|
||||
if (_runner is null)
|
||||
{
|
||||
throw new InvalidOperationException("Mongo runner not started");
|
||||
}
|
||||
|
||||
var factory = _factory.WithWebHostBuilder(builder =>
|
||||
{
|
||||
builder.ConfigureAppConfiguration((_, config) =>
|
||||
{
|
||||
var settings = new Dictionary<string, string?>
|
||||
{
|
||||
["SbomService:Mongo:ConnectionString"] = _runner.ConnectionString,
|
||||
["SbomService:Mongo:Database"] = "sbom_console_tests"
|
||||
};
|
||||
|
||||
config.AddInMemoryCollection(settings);
|
||||
});
|
||||
});
|
||||
|
||||
return factory.CreateClient();
|
||||
}
|
||||
|
||||
private async Task SeedMongoAsync()
|
||||
{
|
||||
if (_runner is null)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
var client = new MongoClient(_runner.ConnectionString);
|
||||
var database = client.GetDatabase("sbom_console_tests");
|
||||
|
||||
var catalog = database.GetCollection<BsonDocument>("sbom_catalog");
|
||||
await catalog.DeleteManyAsync(FilterDefinition<BsonDocument>.Empty);
|
||||
await catalog.InsertManyAsync(new[]
|
||||
{
|
||||
new BsonDocument
|
||||
{
|
||||
{ "artifact", "ghcr.io/stellaops/mongo-api" },
|
||||
{ "sbomVersion", "2025.12.04.2" },
|
||||
{ "digest", "sha256:bbb" },
|
||||
{ "license", "Apache-2.0" },
|
||||
{ "scope", "runtime" },
|
||||
{ "assetTags", new BsonDocument { { "owner", "storage" }, { "env", "prod" } } },
|
||||
{ "createdAt", new BsonDateTime(DateTime.SpecifyKind(new DateTime(2025, 12, 4, 12, 0, 0), DateTimeKind.Utc)) },
|
||||
{ "projectionHash", "sha256:proj-mongo-2" },
|
||||
{ "evaluationMetadata", "eval:storage" }
|
||||
},
|
||||
new BsonDocument
|
||||
{
|
||||
{ "artifact", "ghcr.io/stellaops/mongo-api" },
|
||||
{ "sbomVersion", "2025.12.04.1" },
|
||||
{ "digest", "sha256:aaa" },
|
||||
{ "license", "Apache-2.0" },
|
||||
{ "scope", "runtime" },
|
||||
{ "assetTags", new BsonDocument { { "owner", "storage" }, { "env", "prod" } } },
|
||||
{ "createdAt", new BsonDateTime(DateTime.SpecifyKind(new DateTime(2025, 12, 4, 11, 0, 0), DateTimeKind.Utc)) },
|
||||
{ "projectionHash", "sha256:proj-mongo-1" },
|
||||
{ "evaluationMetadata", "eval:storage" }
|
||||
}
|
||||
});
|
||||
|
||||
var components = database.GetCollection<BsonDocument>("sbom_component_neighbors");
|
||||
await components.DeleteManyAsync(FilterDefinition<BsonDocument>.Empty);
|
||||
await components.InsertManyAsync(new[]
|
||||
{
|
||||
new BsonDocument
|
||||
{
|
||||
{ "artifact", "ghcr.io/stellaops/mongo-api" },
|
||||
{ "purl", "pkg:npm/mongo-lib@1.0.0" },
|
||||
{ "neighborPurl", "pkg:npm/express@4.18.2" },
|
||||
{ "relationship", "DEPENDS_ON" },
|
||||
{ "license", "MIT" },
|
||||
{ "scope", "runtime" },
|
||||
{ "runtimeFlag", true }
|
||||
},
|
||||
new BsonDocument
|
||||
{
|
||||
{ "artifact", "ghcr.io/stellaops/mongo-api" },
|
||||
{ "purl", "pkg:npm/mongo-lib@1.0.0" },
|
||||
{ "neighborPurl", "pkg:npm/body-parser@1.20.2" },
|
||||
{ "relationship", "DEPENDS_ON" },
|
||||
{ "license", "MIT" },
|
||||
{ "scope", "runtime" },
|
||||
{ "runtimeFlag", true }
|
||||
}
|
||||
});
|
||||
}
|
||||
}
|
||||
@@ -3,6 +3,7 @@
|
||||
<TargetFramework>net10.0</TargetFramework>
|
||||
<ImplicitUsings>enable</ImplicitUsings>
|
||||
<Nullable>enable</Nullable>
|
||||
<UseConcelierTestInfra>false</UseConcelierTestInfra>
|
||||
</PropertyGroup>
|
||||
|
||||
<ItemGroup>
|
||||
|
||||
Reference in New Issue
Block a user