Add unit tests for AST parsing and security sink detection

- Created `StellaOps.AuditPack.Tests.csproj` for unit testing the AuditPack library. - Implemented comprehensive unit tests in `index.test.js` for AST parsing, covering various JavaScript and TypeScript constructs including functions, classes, decorators, and JSX. - Added `sink-detect.test.js` to test security sink detection patterns, validating command injection, SQL injection, file write, deserialization, SSRF, NoSQL injection, and more. - Included tests for taint source detection in various contexts such as Express, Koa, and AWS Lambda.
2025-12-23 09:23:42 +02:00
parent 7e384ab610
commit 56e2dc01ee
96 changed files with 8555 additions and 1455 deletions
--- a/src/Cli/__Libraries/StellaOps.Cli.Plugins.Aoc/AocCliCommandModule.cs
+++ b/src/Cli/__Libraries/StellaOps.Cli.Plugins.Aoc/AocCliCommandModule.cs
@@ -51,36 +51,38 @@ public sealed class AocCliCommandModule : ICliCommandModule

    private static Command BuildVerifyCommand(Option<bool> verboseOption, CancellationToken cancellationToken)
    {
-        var sinceOption = new Option<string>(
-            aliases: ["--since", "-s"],
-            description: "Git commit SHA or ISO timestamp to verify from")
+        var sinceOption = new Option<string>("--since", "-s")
        {
-            IsRequired = true
+            Description = "Git commit SHA or ISO timestamp to verify from",
+            Required = true
        };

-        var postgresOption = new Option<string>(
-            aliases: ["--postgres", "-p"],
-            description: "PostgreSQL connection string")
+        var postgresOption = new Option<string>("--postgres", "-p")
        {
-            IsRequired = true
+            Description = "PostgreSQL connection string",
+            Required = true
        };

-        var outputOption = new Option<string?>(
-            aliases: ["--output", "-o"],
-            description: "Path for JSON output report");
+        var outputOption = new Option<string?>("--output", "-o")
+        {
+            Description = "Path for JSON output report"
+        };

-        var ndjsonOption = new Option<string?>(
-            aliases: ["--ndjson", "-n"],
-            description: "Path for NDJSON output (one violation per line)");
+        var ndjsonOption = new Option<string?>("--ndjson", "-n")
+        {
+            Description = "Path for NDJSON output (one violation per line)"
+        };

-        var tenantOption = new Option<string?>(
-            aliases: ["--tenant", "-t"],
-            description: "Filter by tenant ID");
+        var tenantOption = new Option<string?>("--tenant", "-t")
+        {
+            Description = "Filter by tenant ID"
+        };

-        var dryRunOption = new Option<bool>(
-            aliases: ["--dry-run"],
-            description: "Validate configuration without querying database",
-            getDefaultValue: () => false);
+        var dryRunOption = new Option<bool>("--dry-run")
+        {
+            Description = "Validate configuration without querying database",
+            DefaultValueFactory = _ => false
+        };

        var verify = new Command("verify", "Verify AOC compliance for documents since a given point")
        {
--- a/src/Cli/__Libraries/StellaOps.Cli.Plugins.Symbols/SymbolsCliCommandModule.cs
+++ b/src/Cli/__Libraries/StellaOps.Cli.Plugins.Symbols/SymbolsCliCommandModule.cs
@@ -49,12 +49,11 @@ public sealed class SymbolsCliCommandModule : ICliCommandModule
    {
        var symbols = new Command("symbols", "Symbol ingestion and management commands.");

-        // Global options for symbols commands
+        // Dry run option shared by ingest and upload commands
        var dryRunOption = new Option<bool>("--dry-run")
        {
            Description = "Dry run mode - generate manifest without uploading"
        };
-        symbols.AddGlobalOption(dryRunOption);

        // Add subcommands
        symbols.Add(BuildIngestCommand(verboseOption, dryRunOption, cancellationToken));
@@ -75,7 +74,7 @@ public sealed class SymbolsCliCommandModule : ICliCommandModule
        var binaryOption = new Option<string>("--binary")
        {
            Description = "Path to the binary file",
-            IsRequired = true
+            Required = true
        };
        var debugOption = new Option<string?>("--debug")
        {
@@ -165,12 +164,12 @@ public sealed class SymbolsCliCommandModule : ICliCommandModule
        var manifestOption = new Option<string>("--manifest")
        {
            Description = "Path to manifest JSON file",
-            IsRequired = true
+            Required = true
        };
        var serverOption = new Option<string>("--server")
        {
            Description = "Symbols server URL",
-            IsRequired = true
+            Required = true
        };
        var tenantOption = new Option<string?>("--tenant")
        {
@@ -204,7 +203,7 @@ public sealed class SymbolsCliCommandModule : ICliCommandModule
        var pathOption = new Option<string>("--path")
        {
            Description = "Path to manifest or DSSE file",
-            IsRequired = true
+            Required = true
        };

        verify.Add(pathOption);
@@ -227,7 +226,7 @@ public sealed class SymbolsCliCommandModule : ICliCommandModule
        var serverOption = new Option<string>("--server")
        {
            Description = "Symbols server URL",
-            IsRequired = true
+            Required = true
        };

        health.Add(serverOption);