tests fixes and some product advisories tunes ups

2026-01-30 07:57:43 +02:00
parent 644887997c
commit 55744f6a39
345 changed files with 26290 additions and 2267 deletions
--- a/src/Scanner/__Libraries/StellaOps.Scanner.Core/Normalization/PackageNameNormalizer.cs
+++ b/src/Scanner/__Libraries/StellaOps.Scanner.Core/Normalization/PackageNameNormalizer.cs
@@ -306,17 +306,18 @@ public sealed partial class PackageNameNormalizer : IPackageNameNormalizer
    {
        // Go module paths: github.com/org/repo vs github.com/org/repo/v2
        // Package paths within modules
+        // For golang, the full module path should be the Name

        var normalizedName = name.ToLowerInvariant();
        var normalizedNs = ns?.ToLowerInvariant();

-        // Handle major version suffixes
-        if (normalizedName.EndsWith("/v2") || normalizedName.EndsWith("/v3"))
-        {
-            // Keep as-is, this is the module path
-        }
+        // Combine namespace and name into full module path
+        var fullModulePath = !string.IsNullOrEmpty(normalizedNs)
+            ? $"{normalizedNs}/{normalizedName}"
+            : normalizedName;

-        return (normalizedName, normalizedNs, 0.9, NormalizationMethod.EcosystemRule);
+        // Return full path as Name, no separate namespace for golang
+        return (fullModulePath, null, 0.9, NormalizationMethod.EcosystemRule);
    }

    private NormalizedPackageIdentity? ParseByEcosystem(string packageRef, string ecosystem)
--- a/src/Scanner/__Libraries/StellaOps.Scanner.Core/Secrets/Configuration/SecretExceptionPattern.cs
+++ b/src/Scanner/__Libraries/StellaOps.Scanner.Core/Secrets/Configuration/SecretExceptionPattern.cs
@@ -151,6 +151,12 @@ public sealed record SecretExceptionPattern
            errors.Add("ExpiresAt must be after CreatedAt");
        }

+        // Warn if the pattern has already expired
+        if (ExpiresAt.HasValue && ExpiresAt.Value < DateTimeOffset.UtcNow)
+        {
+            errors.Add($"Pattern has expired (expired at {ExpiresAt.Value:o})");
+        }
+
        return errors;
    }
 }
--- a/src/Scanner/__Libraries/StellaOps.Scanner.Core/TrustAnchors/TrustAnchorRegistry.cs
+++ b/src/Scanner/__Libraries/StellaOps.Scanner.Core/TrustAnchors/TrustAnchorRegistry.cs
@@ -56,7 +56,7 @@ public sealed class TrustAnchorRegistry : ITrustAnchorRegistry
                continue;
            }

-            if (anchor.Config.ExpiresAt is { } expiresAt && expiresAt < now)
+            if (anchor.Config.ExpiresAt is { } expiresAt && expiresAt <= now)
            {
                _logger.LogWarning("Trust anchor {AnchorId} has expired, skipping.", anchor.Config.AnchorId);
                continue;
--- a/src/Scanner/__Libraries/StellaOps.Scanner.Emit/Composition/CompositionRecipeService.cs
+++ b/src/Scanner/__Libraries/StellaOps.Scanner.Emit/Composition/CompositionRecipeService.cs
@@ -315,6 +315,19 @@ public sealed class CompositionRecipeService : ICompositionRecipeService

    private static byte[] HexToBytes(string hex)
    {
+        // Strip common hash prefixes like "sha256:"
+        var colonIndex = hex.IndexOf(':');
+        if (colonIndex >= 0)
+        {
+            hex = hex[(colonIndex + 1)..];
+        }
+
+        // Pad to even length if needed (happens with test data)
+        if (hex.Length % 2 != 0)
+        {
+            hex = "0" + hex;
+        }
+
        return Convert.FromHexString(hex);
    }
 }