feat: add security sink detection patterns for JavaScript/TypeScript

- Introduced `sink-detect.js` with various security sink detection patterns categorized by type (e.g., command injection, SQL injection, file operations). - Implemented functions to build a lookup map for fast sink detection and to match sink calls against known patterns. - Added `package-lock.json` for dependency management.
2025-12-22 23:21:21 +02:00
parent 3ba7157b00
commit 5146204f1b
529 changed files with 73579 additions and 5985 deletions
--- a/src/Concelier/__Tests/StellaOps.Concelier.Merge.Tests/ApkVersionComparerTests.cs
+++ b/src/Concelier/__Tests/StellaOps.Concelier.Merge.Tests/ApkVersionComparerTests.cs
@@ -1,10 +1,16 @@
 using StellaOps.Concelier.Merge.Comparers;
 using StellaOps.Concelier.Normalization.Distro;
+using StellaOps.VersionComparison;

 namespace StellaOps.Concelier.Merge.Tests;

 public sealed class ApkVersionComparerTests
 {
+    [Fact]
+    public void ComparatorType_Returns_Apk()
+    {
+        Assert.Equal(ComparatorType.Apk, ApkVersionComparer.Instance.ComparatorType);
+    }
    public static TheoryData<string, string, int, string> ComparisonCases => BuildComparisonCases();

    [Theory]
@@ -73,4 +79,104 @@ public sealed class ApkVersionComparerTests

        return data;
    }
+
+    #region CompareWithProof Tests (SPRINT_4000_0002_0001)
+
+    [Fact]
+    public void CompareWithProof_BothNull_ReturnsEqual()
+    {
+        var result = ApkVersionComparer.Instance.CompareWithProof(null, null);
+
+        Assert.Equal(0, result.Comparison);
+        Assert.Equal(ComparatorType.Apk, result.Comparator);
+        Assert.Contains("null", result.ProofLines[0].ToLower());
+    }
+
+    [Fact]
+    public void CompareWithProof_LeftNull_ReturnsLess()
+    {
+        var result = ApkVersionComparer.Instance.CompareWithProof(null, "1.0-r0");
+
+        Assert.Equal(-1, result.Comparison);
+        Assert.Contains("null", result.ProofLines[0].ToLower());
+    }
+
+    [Fact]
+    public void CompareWithProof_RightNull_ReturnsGreater()
+    {
+        var result = ApkVersionComparer.Instance.CompareWithProof("1.0-r0", null);
+
+        Assert.Equal(1, result.Comparison);
+        Assert.Contains("null", result.ProofLines[0].ToLower());
+    }
+
+    [Fact]
+    public void CompareWithProof_EqualVersions_ReturnsEqualWithProof()
+    {
+        var result = ApkVersionComparer.Instance.CompareWithProof("1.2.3-r1", "1.2.3-r1");
+
+        Assert.Equal(0, result.Comparison);
+        Assert.True(result.IsEqual);
+        Assert.Contains(result.ProofLines, line => line.Contains("equal"));
+    }
+
+    [Fact]
+    public void CompareWithProof_VersionDifference_ReturnsProofLines()
+    {
+        var result = ApkVersionComparer.Instance.CompareWithProof("1.2.3-r0", "1.2.4-r0");
+
+        Assert.True(result.IsLessThan);
+        Assert.NotEmpty(result.ProofLines);
+        Assert.Contains(result.ProofLines, line =>
+            line.Contains("Version") || line.Contains("older") || line.Contains("<"));
+    }
+
+    [Fact]
+    public void CompareWithProof_PkgRelDifference_ReturnsProofWithPkgRel()
+    {
+        var result = ApkVersionComparer.Instance.CompareWithProof("1.2.3-r1", "1.2.3-r2");
+
+        Assert.True(result.IsLessThan);
+        Assert.Contains(result.ProofLines, line => line.Contains("release") || line.Contains("-r"));
+    }
+
+    [Fact]
+    public void CompareWithProof_ImplicitVsExplicitPkgRel_ReturnsProofExplaining()
+    {
+        var result = ApkVersionComparer.Instance.CompareWithProof("1.2.3", "1.2.3-r0");
+
+        Assert.True(result.IsLessThan);
+        Assert.Contains(result.ProofLines, line => line.Contains("implicit") || line.Contains("explicit"));
+    }
+
+    [Fact]
+    public void CompareWithProof_NewerVersion_ReturnsGreaterThanOrEqual()
+    {
+        var result = ApkVersionComparer.Instance.CompareWithProof("1.2.4-r0", "1.2.3-r0");
+
+        Assert.True(result.IsGreaterThan);
+        Assert.True(result.IsGreaterThanOrEqual);
+    }
+
+    [Fact]
+    public void CompareWithProof_InvalidVersions_FallsBackToStringComparison()
+    {
+        var result = ApkVersionComparer.Instance.CompareWithProof("", "");
+
+        Assert.Equal(0, result.Comparison);
+        Assert.Contains(result.ProofLines, line =>
+            line.Contains("invalid", StringComparison.OrdinalIgnoreCase) ||
+            line.Contains("fallback", StringComparison.OrdinalIgnoreCase) ||
+            line.Contains("equal", StringComparison.OrdinalIgnoreCase));
+    }
+
+    [Fact]
+    public void CompareWithProof_ReturnsCorrectComparatorType()
+    {
+        var result = ApkVersionComparer.Instance.CompareWithProof("1.0-r0", "1.0-r1");
+
+        Assert.Equal(ComparatorType.Apk, result.Comparator);
+    }
+
+    #endregion
 }