Add unit tests for AST parsing and security sink detection

- Created `StellaOps.AuditPack.Tests.csproj` for unit testing the AuditPack library. - Implemented comprehensive unit tests in `index.test.js` for AST parsing, covering various JavaScript and TypeScript constructs including functions, classes, decorators, and JSX. - Added `sink-detect.test.js` to test security sink detection patterns, validating command injection, SQL injection, file write, deserialization, SSRF, NoSQL injection, and more. - Included tests for taint source detection in various contexts such as Express, Koa, and AWS Lambda.
2025-12-23 09:23:42 +02:00
parent 7e384ab610
commit 56e2dc01ee
96 changed files with 8555 additions and 1455 deletions
--- a/src/Cli/__Libraries/StellaOps.Cli.Plugins.Aoc/AocCliCommandModule.cs
+++ b/src/Cli/__Libraries/StellaOps.Cli.Plugins.Aoc/AocCliCommandModule.cs
@@ -51,36 +51,38 @@ public sealed class AocCliCommandModule : ICliCommandModule

    private static Command BuildVerifyCommand(Option<bool> verboseOption, CancellationToken cancellationToken)
    {
-        var sinceOption = new Option<string>(
-            aliases: ["--since", "-s"],
-            description: "Git commit SHA or ISO timestamp to verify from")
+        var sinceOption = new Option<string>("--since", "-s")
        {
-            IsRequired = true
+            Description = "Git commit SHA or ISO timestamp to verify from",
+            Required = true
        };

-        var postgresOption = new Option<string>(
-            aliases: ["--postgres", "-p"],
-            description: "PostgreSQL connection string")
+        var postgresOption = new Option<string>("--postgres", "-p")
        {
-            IsRequired = true
+            Description = "PostgreSQL connection string",
+            Required = true
        };

-        var outputOption = new Option<string?>(
-            aliases: ["--output", "-o"],
-            description: "Path for JSON output report");
+        var outputOption = new Option<string?>("--output", "-o")
+        {
+            Description = "Path for JSON output report"
+        };

-        var ndjsonOption = new Option<string?>(
-            aliases: ["--ndjson", "-n"],
-            description: "Path for NDJSON output (one violation per line)");
+        var ndjsonOption = new Option<string?>("--ndjson", "-n")
+        {
+            Description = "Path for NDJSON output (one violation per line)"
+        };

-        var tenantOption = new Option<string?>(
-            aliases: ["--tenant", "-t"],
-            description: "Filter by tenant ID");
+        var tenantOption = new Option<string?>("--tenant", "-t")
+        {
+            Description = "Filter by tenant ID"
+        };

-        var dryRunOption = new Option<bool>(
-            aliases: ["--dry-run"],
-            description: "Validate configuration without querying database",
-            getDefaultValue: () => false);
+        var dryRunOption = new Option<bool>("--dry-run")
+        {
+            Description = "Validate configuration without querying database",
+            DefaultValueFactory = _ => false
+        };

        var verify = new Command("verify", "Verify AOC compliance for documents since a given point")
        {