stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

part #2

Browse Source
This commit is contained in:
master
2026-02-04 19:59:20 +02:00
parent 557feefdc3
commit 5548cf83bf
1479 changed files with 53557 additions and 40339 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
src/AirGap/StellaOps.AirGap.Policy/StellaOps.AirGap.Policy.Analyzers.Tests/HttpClientUsageAnalyzerTests.Helpers.cs Normal file
View File

@@ -0,0 +1,61 @@
using Microsoft.CodeAnalysis;
using Microsoft.CodeAnalysis.CSharp;
using Microsoft.CodeAnalysis.Diagnostics;
using System;
using System.Collections.Generic;
using System.Collections.Immutable;
using System.Linq;
using System.Net.Http;
using System.Reflection;
using System.Threading.Tasks;
namespace StellaOps.AirGap.Policy.Analyzers.Tests;
public sealed partial class HttpClientUsageAnalyzerTests
{
private static async Task<ImmutableArray<Diagnostic>> AnalyzeAsync(string source, string assemblyName)
{
var compilation = CSharpCompilation.Create(
assemblyName,
new[]
{
CSharpSyntaxTree.ParseText(source),
CSharpSyntaxTree.ParseText(PolicyStubSource),
},
CreateMetadataReferences(),
new CSharpCompilationOptions(OutputKind.DynamicallyLinkedLibrary));
var analyzer = new HttpClientUsageAnalyzer();
var compilationWithAnalyzers = compilation.WithAnalyzers(ImmutableArray.Create<DiagnosticAnalyzer>(analyzer));
return await compilationWithAnalyzers.GetAnalyzerDiagnosticsAsync().ConfigureAwait(false);
}
private static IEnumerable<MetadataReference> CreateMetadataReferences()
{
yield return MetadataReference.CreateFromFile(typeof(object).GetTypeInfo().Assembly.Location);
yield return MetadataReference.CreateFromFile(typeof(Uri).GetTypeInfo().Assembly.Location);
yield return MetadataReference.CreateFromFile(typeof(HttpClient).GetTypeInfo().Assembly.Location);
yield return MetadataReference.CreateFromFile(typeof(Enumerable).GetTypeInfo().Assembly.Location);
}
private const string PolicyStubSource = """
namespace StellaOps.AirGap.Policy
{
public interface IEgressPolicy
{
void EnsureAllowed(EgressRequest request);
}
public readonly record struct EgressRequest(string Component, System.Uri Destination, string Intent);
public static class EgressHttpClientFactory
{
public static System.Net.Http.HttpClient Create(IEgressPolicy egressPolicy, EgressRequest request)
=> throw new System.NotImplementedException();
public static System.Net.Http.HttpClient Create(IEgressPolicy egressPolicy, EgressRequest request, System.Func<System.Net.Http.HttpClient> clientFactory)
=> throw new System.NotImplementedException();
}
}
""";
}

83
src/AirGap/StellaOps.AirGap.Policy/StellaOps.AirGap.Policy.Analyzers.Tests/HttpClientUsageAnalyzerTests.cs
View File

@@ -1,28 +1,14 @@
using System;
using System.Collections.Generic;
using System.Collections.Immutable;
using System.Linq;
using System.Net.Http;
using System.Reflection;
using System.Threading;
using System.Threading.Tasks;
using Microsoft.CodeAnalysis;
using Microsoft.CodeAnalysis.CodeActions;
using Microsoft.CodeAnalysis.CodeFixes;
using Microsoft.CodeAnalysis.CSharp;
using Microsoft.CodeAnalysis.Diagnostics;
using Microsoft.CodeAnalysis.Text;
using StellaOps.TestKit;
using System;
using Xunit;
using StellaOps.TestKit;
namespace StellaOps.AirGap.Policy.Analyzers.Tests;
public sealed class HttpClientUsageAnalyzerTests
public sealed partial class HttpClientUsageAnalyzerTests
{
[Trait("Category", TestCategories.Unit)]
[Fact]
public async Task ReportsDiagnostic_ForNewHttpClient()
[Fact]
public async Task ReportsDiagnostic_ForNewHttpClientAsync()
{
const string source = """
using System.Net.Http;
@@ -43,8 +29,8 @@ public sealed class HttpClientUsageAnalyzerTests
}
[Trait("Category", TestCategories.Unit)]
[Fact]
public async Task DoesNotReportDiagnostic_InsidePolicyAssembly()
[Fact]
public async Task DoesNotReportDiagnostic_InsidePolicyAssemblyAsync()
{
const string source = """
using System.Net.Http;
@@ -62,8 +48,11 @@ public sealed class HttpClientUsageAnalyzerTests
}
[Trait("Category", TestCategories.Unit)]
[Fact]
public async Task DoesNotReportDiagnostic_ForTestingAssemblyNames()
[Theory]
[InlineData("Sample.App.Testing")]
[InlineData("Sample.App.Test")]
[InlineData("Sample.App.Tests")]
public async Task DoesNotReportDiagnostic_ForTestAssemblyNamesAsync(string assemblyName)
{
const string source = """
using System.Net.Http;
@@ -79,53 +68,7 @@ public sealed class HttpClientUsageAnalyzerTests
}
""";
var diagnostics = await AnalyzeAsync(source, assemblyName: "Sample.App.Testing");
var diagnostics = await AnalyzeAsync(source, assemblyName);
Assert.DoesNotContain(diagnostics, d => d.Id == HttpClientUsageAnalyzer.DiagnosticId);
}
private static async Task<ImmutableArray<Diagnostic>> AnalyzeAsync(string source, string assemblyName)
{
var compilation = CSharpCompilation.Create(
assemblyName,
new[]
{
CSharpSyntaxTree.ParseText(source),
CSharpSyntaxTree.ParseText(PolicyStubSource),
},
CreateMetadataReferences(),
new CSharpCompilationOptions(OutputKind.DynamicallyLinkedLibrary));
var analyzer = new HttpClientUsageAnalyzer();
var compilationWithAnalyzers = compilation.WithAnalyzers(ImmutableArray.Create<DiagnosticAnalyzer>(analyzer));
return await compilationWithAnalyzers.GetAnalyzerDiagnosticsAsync();
}
private static IEnumerable<MetadataReference> CreateMetadataReferences()
{
yield return MetadataReference.CreateFromFile(typeof(object).GetTypeInfo().Assembly.Location);
yield return MetadataReference.CreateFromFile(typeof(Uri).GetTypeInfo().Assembly.Location);
yield return MetadataReference.CreateFromFile(typeof(HttpClient).GetTypeInfo().Assembly.Location);
yield return MetadataReference.CreateFromFile(typeof(Enumerable).GetTypeInfo().Assembly.Location);
}
private const string PolicyStubSource = """
namespace StellaOps.AirGap.Policy
{
public interface IEgressPolicy
{
void EnsureAllowed(EgressRequest request);
}
public readonly record struct EgressRequest(string Component, System.Uri Destination, string Intent);
public static class EgressHttpClientFactory
{
public static System.Net.Http.HttpClient Create(IEgressPolicy egressPolicy, EgressRequest request)
=> throw new System.NotImplementedException();
public static System.Net.Http.HttpClient Create(IEgressPolicy egressPolicy, EgressRequest request, System.Func<System.Net.Http.HttpClient> clientFactory)
=> throw new System.NotImplementedException();
}
}
""";
}

89
src/AirGap/StellaOps.AirGap.Policy/StellaOps.AirGap.Policy.Analyzers.Tests/PolicyAnalyzerRoslynTests.Diagnostics.Allowed.cs Normal file
View File

@@ -0,0 +1,89 @@
using FluentAssertions;
using StellaOps.TestKit;
using System;
using Xunit;
namespace StellaOps.AirGap.Policy.Analyzers.Tests;
public sealed partial class PolicyAnalyzerRoslynTests
{
[Trait("Category", TestCategories.Unit)]
[Fact]
public async Task NoDiagnostic_ForHttpClientParameterAsync()
{
const string source = """
using System.Net.Http;
namespace Sample.App;
public sealed class Demo
{
public void Run(HttpClient client)
{
client.GetStringAsync("https://example.com");
}
}
""";
var diagnostics = await AnalyzeAsync(source, assemblyName: "Sample.App");
diagnostics.Should().NotContain(d => d.Id == HttpClientUsageAnalyzer.DiagnosticId,
"Using HttpClient as parameter should not trigger diagnostic");
}
[Trait("Category", TestCategories.Unit)]
[Fact]
public async Task NoDiagnostic_ForHttpClientFieldAsync()
{
const string source = """
using System.Net.Http;
namespace Sample.App;
public sealed class Demo
{
private HttpClient? _client;
public void SetClient(HttpClient client)
{
_client = client;
}
}
""";
var diagnostics = await AnalyzeAsync(source, assemblyName: "Sample.App");
diagnostics.Should().NotContain(d => d.Id == HttpClientUsageAnalyzer.DiagnosticId,
"Declaring HttpClient field should not trigger diagnostic");
}
[Trait("Category", TestCategories.Unit)]
[Fact]
public async Task NoDiagnostic_ForFactoryMethodReturnAsync()
{
const string source = """
using System.Net.Http;
namespace Sample.App;
public interface IHttpClientFactory
{
HttpClient CreateClient(string name);
}
public sealed class Demo
{
private readonly IHttpClientFactory _factory;
public Demo(IHttpClientFactory factory) => _factory = factory;
public void Run()
{
var client = _factory.CreateClient("default");
}
}
""";
var diagnostics = await AnalyzeAsync(source, assemblyName: "Sample.App");
diagnostics.Should().NotContain(d => d.Id == HttpClientUsageAnalyzer.DiagnosticId,
"Using factory method should not trigger diagnostic");
}
}

52
src/AirGap/StellaOps.AirGap.Policy/StellaOps.AirGap.Policy.Analyzers.Tests/PolicyAnalyzerRoslynTests.Diagnostics.AllowedAssemblies.cs Normal file
View File

@@ -0,0 +1,52 @@
using FluentAssertions;
using StellaOps.TestKit;
using System;
using Xunit;
namespace StellaOps.AirGap.Policy.Analyzers.Tests;
public sealed partial class PolicyAnalyzerRoslynTests
{
[Trait("Category", TestCategories.Unit)]
[Fact]
public async Task NoDiagnostic_InTestAssemblyAsync()
{
const string source = """
using System.Net.Http;
namespace Sample.App.Tests;
public sealed class DemoTests
{
public void TestMethod()
{
var client = new HttpClient();
}
}
""";
var diagnostics = await AnalyzeAsync(source, assemblyName: "Sample.App.Tests");
diagnostics.Should().NotContain(d => d.Id == HttpClientUsageAnalyzer.DiagnosticId,
"Test assemblies should be exempt from diagnostic");
}
[Trait("Category", TestCategories.Unit)]
[Fact]
public async Task NoDiagnostic_InPolicyAssemblyAsync()
{
const string source = """
using System.Net.Http;
namespace StellaOps.AirGap.Policy.Internal;
internal static class Loopback
{
public static HttpClient Create() => new HttpClient();
}
""";
var diagnostics = await AnalyzeAsync(source, assemblyName: "StellaOps.AirGap.Policy");
diagnostics.Should().NotContain(d => d.Id == HttpClientUsageAnalyzer.DiagnosticId,
"Policy assembly itself should be exempt");
}
}

42
src/AirGap/StellaOps.AirGap.Policy/StellaOps.AirGap.Policy.Analyzers.Tests/PolicyAnalyzerRoslynTests.Diagnostics.Construction.cs Normal file
View File

@@ -0,0 +1,42 @@
// -----------------------------------------------------------------------------
// PolicyAnalyzerRoslynTests - AN1 Roslyn compilation tests for AirGap.Policy.Analyzers
// -----------------------------------------------------------------------------
using FluentAssertions;
using StellaOps.TestKit;
using System;
using System.Linq;
using Xunit;
namespace StellaOps.AirGap.Policy.Analyzers.Tests;
public sealed partial class PolicyAnalyzerRoslynTests
{
[Trait("Category", TestCategories.Unit)]
[Theory]
[InlineData("var client = new HttpClient();", true, "Direct construction should trigger diagnostic")]
[InlineData("var client = new System.Net.Http.HttpClient();", true, "Fully qualified construction should trigger diagnostic")]
[InlineData("HttpClient client = new();", true, "Target-typed new should trigger diagnostic")]
[InlineData("object client = new HttpClient();", true, "Implicit cast construction should trigger diagnostic")]
[InlineData("var client = new HttpClient(new HttpClientHandler());", true, "Handler construction should trigger diagnostic")]
public async Task DiagnosticTriggered_ForVariousHttpClientConstructionsAsync(string statement, bool shouldTrigger, string reason)
{
var source = $$"""
using System.Net.Http;
namespace Sample.App;
public sealed class Demo
{
public void Run()
{
{{statement}}
}
}
""";
var diagnostics = await AnalyzeAsync(source, assemblyName: "Sample.App");
var hasDiagnostic = diagnostics.Any(d => d.Id == HttpClientUsageAnalyzer.DiagnosticId);
hasDiagnostic.Should().Be(shouldTrigger, reason);
}
}

96
src/AirGap/StellaOps.AirGap.Policy/StellaOps.AirGap.Policy.Analyzers.Tests/PolicyAnalyzerRoslynTests.Diagnostics.Metadata.cs Normal file
View File

@@ -0,0 +1,96 @@
using FluentAssertions;
using Microsoft.CodeAnalysis;
using StellaOps.TestKit;
using System;
using System.Linq;
using Xunit;
namespace StellaOps.AirGap.Policy.Analyzers.Tests;
public sealed partial class PolicyAnalyzerRoslynTests
{
[Trait("Category", TestCategories.Unit)]
[Fact]
public async Task Diagnostic_HasCorrectSeverityAsync()
{
const string source = """
using System.Net.Http;
namespace Sample.App;
public sealed class Demo
{
public void Run()
{
var client = new HttpClient();
}
}
""";
var diagnostics = await AnalyzeAsync(source, assemblyName: "Sample.App");
var airgapDiagnostic = diagnostics.Single(d => d.Id == HttpClientUsageAnalyzer.DiagnosticId);
airgapDiagnostic.Severity.Should().Be(DiagnosticSeverity.Warning,
"Diagnostic should be a warning, not an error");
}
[Trait("Category", TestCategories.Unit)]
[Fact]
public async Task Diagnostic_HasCorrectLocationAsync()
{
const string source = """
using System.Net.Http;
namespace Sample.App;
public sealed class Demo
{
public void Run()
{
var client = new HttpClient();
}
}
""";
var diagnostics = await AnalyzeAsync(source, assemblyName: "Sample.App");
var airgapDiagnostic = diagnostics.Single(d => d.Id == HttpClientUsageAnalyzer.DiagnosticId);
airgapDiagnostic.Location.IsInSource.Should().BeTrue();
var lineSpan = airgapDiagnostic.Location.GetLineSpan();
lineSpan.StartLinePosition.Line.Should().Be(8, "Diagnostic should point to line 9 (0-indexed: 8)");
}
[Trait("Category", TestCategories.Unit)]
[Fact]
public async Task MultipleHttpClientUsages_ReportMultipleDiagnosticsAsync()
{
const string source = """
using System.Net.Http;
namespace Sample.App;
public sealed class Demo
{
public void Method1()
{
var client = new HttpClient();
}
public void Method2()
{
var client = new HttpClient();
}
public void Method3()
{
var client = new HttpClient();
}
}
""";
var diagnostics = await AnalyzeAsync(source, assemblyName: "Sample.App");
var airgapDiagnostics = diagnostics.Where(d => d.Id == HttpClientUsageAnalyzer.DiagnosticId).ToList();
airgapDiagnostics.Should().HaveCount(3, "Each new HttpClient() should trigger a separate diagnostic");
}
}

19
src/AirGap/StellaOps.AirGap.Policy/StellaOps.AirGap.Policy.Analyzers.Tests/PolicyAnalyzerRoslynTests.Golden.cs Normal file
View File

@@ -0,0 +1,19 @@
using FluentAssertions;
using StellaOps.TestKit;
using Xunit;
namespace StellaOps.AirGap.Policy.Analyzers.Tests;
public sealed partial class PolicyAnalyzerRoslynTests
{
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Analyzer_SupportedDiagnostics_ContainsExpectedId()
{
var analyzer = new HttpClientUsageAnalyzer();
var supportedDiagnostics = analyzer.SupportedDiagnostics;
supportedDiagnostics.Should().HaveCount(1);
supportedDiagnostics[0].Id.Should().Be("AIRGAP001");
}
}

75
src/AirGap/StellaOps.AirGap.Policy/StellaOps.AirGap.Policy.Analyzers.Tests/PolicyAnalyzerRoslynTests.Helpers.cs Normal file
View File

@@ -0,0 +1,75 @@
using Microsoft.CodeAnalysis;
using Microsoft.CodeAnalysis.CSharp;
using Microsoft.CodeAnalysis.Diagnostics;
using System;
using System.Collections.Generic;
using System.Collections.Immutable;
using System.IO;
using System.Linq;
using System.Net.Http;
using System.Reflection;
using System.Threading.Tasks;
namespace StellaOps.AirGap.Policy.Analyzers.Tests;
public sealed partial class PolicyAnalyzerRoslynTests
{
private static async Task<ImmutableArray<Diagnostic>> AnalyzeAsync(string source, string assemblyName)
{
var compilation = CSharpCompilation.Create(
assemblyName,
new[]
{
CSharpSyntaxTree.ParseText(source),
CSharpSyntaxTree.ParseText(PolicyStubSource),
},
CreateMetadataReferences(),
new CSharpCompilationOptions(OutputKind.DynamicallyLinkedLibrary));
var analyzer = new HttpClientUsageAnalyzer();
var compilationWithAnalyzers = compilation.WithAnalyzers(ImmutableArray.Create<DiagnosticAnalyzer>(analyzer));
return await compilationWithAnalyzers.GetAnalyzerDiagnosticsAsync().ConfigureAwait(false);
}
private static IEnumerable<MetadataReference> CreateMetadataReferences()
{
yield return MetadataReference.CreateFromFile(typeof(object).GetTypeInfo().Assembly.Location);
yield return MetadataReference.CreateFromFile(typeof(Uri).GetTypeInfo().Assembly.Location);
yield return MetadataReference.CreateFromFile(typeof(HttpClient).GetTypeInfo().Assembly.Location);
yield return MetadataReference.CreateFromFile(typeof(Enumerable).GetTypeInfo().Assembly.Location);
var systemRuntimePath = Path.GetDirectoryName(typeof(object).GetTypeInfo().Assembly.Location);
if (!string.IsNullOrEmpty(systemRuntimePath))
{
var netstandard = Path.Combine(systemRuntimePath, "netstandard.dll");
if (File.Exists(netstandard))
{
yield return MetadataReference.CreateFromFile(netstandard);
}
var systemRuntime = Path.Combine(systemRuntimePath, "System.Runtime.dll");
if (File.Exists(systemRuntime))
{
yield return MetadataReference.CreateFromFile(systemRuntime);
}
}
}
private const string PolicyStubSource = """
namespace StellaOps.AirGap.Policy
{
public interface IEgressPolicy
{
void EnsureAllowed(EgressRequest request);
}
public readonly record struct EgressRequest(string Component, System.Uri Destination, string Intent);
public static class EgressHttpClientFactory
{
public static System.Net.Http.HttpClient Create(IEgressPolicy egressPolicy, EgressRequest request)
=> throw new System.NotImplementedException();
}
}
""";
}

356
src/AirGap/StellaOps.AirGap.Policy/StellaOps.AirGap.Policy.Analyzers.Tests/PolicyAnalyzerRoslynTests.cs
View File

@@ -1,356 +0,0 @@
// -----------------------------------------------------------------------------
// PolicyAnalyzerRoslynTests.cs
// Sprint: SPRINT_5100_0010_0004_airgap_tests
// Tasks: AIRGAP-5100-005, AIRGAP-5100-006
// Description: AN1 Roslyn compilation tests for AirGap.Policy.Analyzers
// -----------------------------------------------------------------------------
using System;
using System.Collections.Generic;
using System.Collections.Immutable;
using System.Linq;
using System.Net.Http;
using System.Reflection;
using System.Threading;
using System.Threading.Tasks;
using Microsoft.CodeAnalysis;
using Microsoft.CodeAnalysis.CodeActions;
using Microsoft.CodeAnalysis.CodeFixes;
using Microsoft.CodeAnalysis.CSharp;
using Microsoft.CodeAnalysis.Diagnostics;
using Microsoft.CodeAnalysis.Text;
using Xunit;
using FluentAssertions;
using StellaOps.TestKit;
namespace StellaOps.AirGap.Policy.Analyzers.Tests;
/// <summary>
/// AN1 Roslyn Compilation Tests for AirGap.Policy.Analyzers
/// Task AIRGAP-5100-005: Expected diagnostics, no false positives
/// Task AIRGAP-5100-006: Golden generated code tests for policy analyzers
/// </summary>
public sealed class PolicyAnalyzerRoslynTests
{
#region AIRGAP-5100-005: Expected Diagnostics & No False Positives
[Trait("Category", TestCategories.Unit)]
[Theory]
[InlineData("var client = new HttpClient();", true, "Direct construction should trigger diagnostic")]
[InlineData("var client = new System.Net.Http.HttpClient();", true, "Fully qualified construction should trigger diagnostic")]
[InlineData("HttpClient client = new();", true, "Target-typed new should trigger diagnostic")]
[InlineData("object client = new HttpClient();", true, "Implicit cast construction should trigger diagnostic")]
public async Task DiagnosticTriggered_ForVariousHttpClientConstructions(string statement, bool shouldTrigger, string reason)
{
var source = $$"""
using System.Net.Http;
namespace Sample.App;
public sealed class Demo
{
public void Run()
{
{{statement}}
}
}
""";
var diagnostics = await AnalyzeAsync(source, assemblyName: "Sample.App");
var hasDiagnostic = diagnostics.Any(d => d.Id == HttpClientUsageAnalyzer.DiagnosticId);
hasDiagnostic.Should().Be(shouldTrigger, reason);
}
[Trait("Category", TestCategories.Unit)]
[Fact]
public async Task NoDiagnostic_ForHttpClientParameter()
{
const string source = """
using System.Net.Http;
namespace Sample.App;
public sealed class Demo
{
public void Run(HttpClient client)
{
// Using HttpClient as parameter - not constructing it
client.GetStringAsync("https://example.com");
}
}
""";
var diagnostics = await AnalyzeAsync(source, assemblyName: "Sample.App");
diagnostics.Should().NotContain(d => d.Id == HttpClientUsageAnalyzer.DiagnosticId,
"Using HttpClient as parameter should not trigger diagnostic");
}
[Trait("Category", TestCategories.Unit)]
[Fact]
public async Task NoDiagnostic_ForHttpClientField()
{
const string source = """
using System.Net.Http;
namespace Sample.App;
public sealed class Demo
{
private HttpClient? _client;
public void SetClient(HttpClient client)
{
_client = client;
}
}
""";
var diagnostics = await AnalyzeAsync(source, assemblyName: "Sample.App");
diagnostics.Should().NotContain(d => d.Id == HttpClientUsageAnalyzer.DiagnosticId,
"Declaring HttpClient field should not trigger diagnostic");
}
[Trait("Category", TestCategories.Unit)]
[Fact]
public async Task NoDiagnostic_ForFactoryMethodReturn()
{
const string source = """
using System.Net.Http;
namespace Sample.App;
public interface IHttpClientFactory
{
HttpClient CreateClient(string name);
}
public sealed class Demo
{
private readonly IHttpClientFactory _factory;
public Demo(IHttpClientFactory factory) => _factory = factory;
public void Run()
{
var client = _factory.CreateClient("default");
}
}
""";
var diagnostics = await AnalyzeAsync(source, assemblyName: "Sample.App");
diagnostics.Should().NotContain(d => d.Id == HttpClientUsageAnalyzer.DiagnosticId,
"Using factory method should not trigger diagnostic");
}
[Trait("Category", TestCategories.Unit)]
[Fact]
public async Task NoDiagnostic_InTestAssembly()
{
const string source = """
using System.Net.Http;
namespace Sample.App.Tests;
public sealed class DemoTests
{
public void TestMethod()
{
var client = new HttpClient();
}
}
""";
var diagnostics = await AnalyzeAsync(source, assemblyName: "Sample.App.Tests");
diagnostics.Should().NotContain(d => d.Id == HttpClientUsageAnalyzer.DiagnosticId,
"Test assemblies should be exempt from diagnostic");
}
[Trait("Category", TestCategories.Unit)]
[Fact]
public async Task NoDiagnostic_InPolicyAssembly()
{
const string source = """
using System.Net.Http;
namespace StellaOps.AirGap.Policy.Internal;
internal static class Loopback
{
public static HttpClient Create() => new HttpClient();
}
""";
var diagnostics = await AnalyzeAsync(source, assemblyName: "StellaOps.AirGap.Policy");
diagnostics.Should().NotContain(d => d.Id == HttpClientUsageAnalyzer.DiagnosticId,
"Policy assembly itself should be exempt");
}
[Trait("Category", TestCategories.Unit)]
[Fact]
public async Task Diagnostic_HasCorrectSeverity()
{
const string source = """
using System.Net.Http;
namespace Sample.App;
public sealed class Demo
{
public void Run()
{
var client = new HttpClient();
}
}
""";
var diagnostics = await AnalyzeAsync(source, assemblyName: "Sample.App");
var airgapDiagnostic = diagnostics.Single(d => d.Id == HttpClientUsageAnalyzer.DiagnosticId);
airgapDiagnostic.Severity.Should().Be(DiagnosticSeverity.Warning,
"Diagnostic should be a warning, not an error");
}
[Trait("Category", TestCategories.Unit)]
[Fact]
public async Task Diagnostic_HasCorrectLocation()
{
const string source = """
using System.Net.Http;
namespace Sample.App;
public sealed class Demo
{
public void Run()
{
var client = new HttpClient();
}
}
""";
var diagnostics = await AnalyzeAsync(source, assemblyName: "Sample.App");
var airgapDiagnostic = diagnostics.Single(d => d.Id == HttpClientUsageAnalyzer.DiagnosticId);
airgapDiagnostic.Location.IsInSource.Should().BeTrue();
var lineSpan = airgapDiagnostic.Location.GetLineSpan();
lineSpan.StartLinePosition.Line.Should().Be(8, "Diagnostic should point to line 9 (0-indexed: 8)");
}
[Trait("Category", TestCategories.Unit)]
[Fact]
public async Task MultipleHttpClientUsages_ReportMultipleDiagnostics()
{
const string source = """
using System.Net.Http;
namespace Sample.App;
public sealed class Demo
{
public void Method1()
{
var client = new HttpClient();
}
public void Method2()
{
var client = new HttpClient();
}
public void Method3()
{
var client = new HttpClient();
}
}
""";
var diagnostics = await AnalyzeAsync(source, assemblyName: "Sample.App");
var airgapDiagnostics = diagnostics.Where(d => d.Id == HttpClientUsageAnalyzer.DiagnosticId).ToList();
airgapDiagnostics.Should().HaveCount(3, "Each new HttpClient() should trigger a separate diagnostic");
}
#endregion
#region AIRGAP-5100-006: Golden Generated Code Tests
[Trait("Category", TestCategories.Unit)]
[Fact]
public async Task Analyzer_SupportedDiagnostics_ContainsExpectedId()
{
var analyzer = new HttpClientUsageAnalyzer();
var supportedDiagnostics = analyzer.SupportedDiagnostics;
supportedDiagnostics.Should().HaveCount(1);
supportedDiagnostics[0].Id.Should().Be("AIRGAP001");
}
#endregion
#region Test Helpers
private static async Task<ImmutableArray<Diagnostic>> AnalyzeAsync(string source, string assemblyName)
{
var compilation = CSharpCompilation.Create(
assemblyName,
new[]
{
CSharpSyntaxTree.ParseText(source),
CSharpSyntaxTree.ParseText(PolicyStubSource),
},
CreateMetadataReferences(),
new CSharpCompilationOptions(OutputKind.DynamicallyLinkedLibrary));
var analyzer = new HttpClientUsageAnalyzer();
var compilationWithAnalyzers = compilation.WithAnalyzers(ImmutableArray.Create<DiagnosticAnalyzer>(analyzer));
return await compilationWithAnalyzers.GetAnalyzerDiagnosticsAsync();
}
private static IEnumerable<MetadataReference> CreateMetadataReferences()
{
// Core runtime references
yield return MetadataReference.CreateFromFile(typeof(object).GetTypeInfo().Assembly.Location);
yield return MetadataReference.CreateFromFile(typeof(Uri).GetTypeInfo().Assembly.Location);
yield return MetadataReference.CreateFromFile(typeof(HttpClient).GetTypeInfo().Assembly.Location);
yield return MetadataReference.CreateFromFile(typeof(Enumerable).GetTypeInfo().Assembly.Location);
// Add System.Runtime for target-typed new
var systemRuntimePath = Path.GetDirectoryName(typeof(object).GetTypeInfo().Assembly.Location);
if (!string.IsNullOrEmpty(systemRuntimePath))
{
var netstandard = Path.Combine(systemRuntimePath, "netstandard.dll");
if (File.Exists(netstandard))
{
yield return MetadataReference.CreateFromFile(netstandard);
}
var systemRuntime = Path.Combine(systemRuntimePath, "System.Runtime.dll");
if (File.Exists(systemRuntime))
{
yield return MetadataReference.CreateFromFile(systemRuntime);
}
}
}
private const string PolicyStubSource = """
namespace StellaOps.AirGap.Policy
{
public interface IEgressPolicy
{
void EnsureAllowed(EgressRequest request);
}
public readonly record struct EgressRequest(string Component, System.Uri Destination, string Intent);
public static class EgressHttpClientFactory
{
public static System.Net.Http.HttpClient Create(IEgressPolicy egressPolicy, EgressRequest request)
=> throw new System.NotImplementedException();
}
}
""";
#endregion
}

4
src/AirGap/StellaOps.AirGap.Policy/StellaOps.AirGap.Policy.Analyzers.Tests/TASKS.md
View File

@@ -1,10 +1,12 @@
# AirGap Policy Analyzers Tests Task Board
This board mirrors active sprint tasks for this module.
Source of truth: `docs-archived/implplan/2025-12-29-csproj-audit/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
Source of truth: `docs/implplan/SPRINT_20260130_002_Tools_csproj_remediation_solid_review.md` and `docs-archived/implplan/2025-12-29-csproj-audit/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
| Task ID | Status | Notes |
| --- | --- | --- |
| AUDIT-0032-M | DONE | Revalidated 2026-01-06; findings recorded in audit report. |
| AUDIT-0032-T | DONE | Revalidated 2026-01-06; findings recorded in audit report. |
| AUDIT-0032-A | DONE | Waived (test project; revalidated 2026-01-06). |
| REMED-05 | DONE | Remediation checklist: docs/implplan/audits/csproj-standards/remediation/checklists/src/AirGap/StellaOps.AirGap.Policy/StellaOps.AirGap.Policy.Analyzers.Tests/StellaOps.AirGap.Policy.Analyzers.Tests.md. |
| REMED-06 | DONE | SOLID review notes updated for SPRINT_20260130_002. |