Add call graph fixtures for various languages and scenarios
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Export Center CI / export-ci (push) Has been cancelled
Findings Ledger CI / build-test (push) Has been cancelled
Findings Ledger CI / migration-validation (push) Has been cancelled
Findings Ledger CI / generate-manifest (push) Has been cancelled
Lighthouse CI / Lighthouse Audit (push) Has been cancelled
Lighthouse CI / Axe Accessibility Audit (push) Has been cancelled
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Reachability Corpus Validation / validate-corpus (push) Has been cancelled
Reachability Corpus Validation / validate-ground-truths (push) Has been cancelled
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Signals CI & Image / signals-ci (push) Has been cancelled
Signals Reachability Scoring & Events / reachability-smoke (push) Has been cancelled
Reachability Corpus Validation / determinism-check (push) Has been cancelled
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
Signals Reachability Scoring & Events / sign-and-upload (push) Has been cancelled
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Export Center CI / export-ci (push) Has been cancelled
Findings Ledger CI / build-test (push) Has been cancelled
Findings Ledger CI / migration-validation (push) Has been cancelled
Findings Ledger CI / generate-manifest (push) Has been cancelled
Lighthouse CI / Lighthouse Audit (push) Has been cancelled
Lighthouse CI / Axe Accessibility Audit (push) Has been cancelled
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Reachability Corpus Validation / validate-corpus (push) Has been cancelled
Reachability Corpus Validation / validate-ground-truths (push) Has been cancelled
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Signals CI & Image / signals-ci (push) Has been cancelled
Signals Reachability Scoring & Events / reachability-smoke (push) Has been cancelled
Reachability Corpus Validation / determinism-check (push) Has been cancelled
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
Signals Reachability Scoring & Events / sign-and-upload (push) Has been cancelled
- Introduced `all-edge-reasons.json` to test edge resolution reasons in .NET. - Added `all-visibility-levels.json` to validate method visibility levels in .NET. - Created `dotnet-aspnetcore-minimal.json` for a minimal ASP.NET Core application. - Included `go-gin-api.json` for a Go Gin API application structure. - Added `java-spring-boot.json` for the Spring PetClinic application in Java. - Introduced `legacy-no-schema.json` for legacy application structure without schema. - Created `node-express-api.json` for an Express.js API application structure.
This commit is contained in:
master
@@ -11,6 +11,31 @@ namespace StellaOps.Cli.Tests.Commands;
|
||||
|
||||
public sealed class CommandFactoryTests
|
||||
{
|
||||
[Fact]
|
||||
public void Create_ExposesOfflineCommands()
|
||||
{
|
||||
using var loggerFactory = LoggerFactory.Create(builder => builder.SetMinimumLevel(LogLevel.None));
|
||||
var services = new ServiceCollection().BuildServiceProvider();
|
||||
var root = CommandFactory.Create(services, new StellaOpsCliOptions(), CancellationToken.None, loggerFactory);
|
||||
|
||||
var offline = Assert.Single(root.Subcommands, command => string.Equals(command.Name, "offline", StringComparison.Ordinal));
|
||||
Assert.Contains(offline.Subcommands, command => string.Equals(command.Name, "import", StringComparison.Ordinal));
|
||||
Assert.Contains(offline.Subcommands, command => string.Equals(command.Name, "status", StringComparison.Ordinal));
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public void Create_ExposesExportCacheCommands()
|
||||
{
|
||||
using var loggerFactory = LoggerFactory.Create(builder => builder.SetMinimumLevel(LogLevel.None));
|
||||
var services = new ServiceCollection().BuildServiceProvider();
|
||||
var root = CommandFactory.Create(services, new StellaOpsCliOptions(), CancellationToken.None, loggerFactory);
|
||||
|
||||
var export = Assert.Single(root.Subcommands, command => string.Equals(command.Name, "export", StringComparison.Ordinal));
|
||||
var cache = Assert.Single(export.Subcommands, command => string.Equals(command.Name, "cache", StringComparison.Ordinal));
|
||||
Assert.Contains(cache.Subcommands, command => string.Equals(command.Name, "stats", StringComparison.Ordinal));
|
||||
Assert.Contains(cache.Subcommands, command => string.Equals(command.Name, "process-queue", StringComparison.Ordinal));
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public void Create_ExposesRubyInspectAndResolveCommands()
|
||||
{
|
||||
|
||||
@@ -134,21 +134,23 @@ public sealed class CommandHandlersTests
|
||||
var console = new TestConsole();
|
||||
var originalConsole = AnsiConsole.Console;
|
||||
|
||||
var bestPlan = new EntryTracePlan(
|
||||
ImmutableArray.Create("/usr/bin/python", "app.py"),
|
||||
ImmutableDictionary<string, string>.Empty,
|
||||
"/workspace",
|
||||
"appuser",
|
||||
"/usr/bin/python",
|
||||
EntryTraceTerminalType.Managed,
|
||||
"python",
|
||||
0.95,
|
||||
ImmutableDictionary<string, string>.Empty);
|
||||
|
||||
var graph = new EntryTraceGraph(
|
||||
EntryTraceOutcome.Resolved,
|
||||
ImmutableArray<EntryTraceNode>.Empty,
|
||||
ImmutableArray<EntryTraceEdge>.Empty,
|
||||
ImmutableArray<EntryTraceDiagnostic>.Empty,
|
||||
ImmutableArray.Create(new EntryTracePlan(
|
||||
ImmutableArray.Create("/usr/bin/python", "app.py"),
|
||||
ImmutableDictionary<string, string>.Empty,
|
||||
"/workspace",
|
||||
"appuser",
|
||||
"/usr/bin/python",
|
||||
EntryTraceTerminalType.Managed,
|
||||
"python",
|
||||
0.95,
|
||||
ImmutableDictionary<string, string>.Empty)),
|
||||
ImmutableArray.Create(bestPlan),
|
||||
ImmutableArray.Create(new EntryTraceTerminal(
|
||||
"/usr/bin/python",
|
||||
EntryTraceTerminalType.Managed,
|
||||
@@ -166,7 +168,8 @@ public sealed class CommandHandlersTests
|
||||
"sha256:deadbeef",
|
||||
DateTimeOffset.Parse("2025-11-02T12:00:00Z", CultureInfo.InvariantCulture, DateTimeStyles.AssumeUniversal | DateTimeStyles.AdjustToUniversal),
|
||||
graph,
|
||||
new[] { "{\"type\":\"terminal\"}" })
|
||||
new[] { "{\"type\":\"terminal\"}" },
|
||||
bestPlan)
|
||||
};
|
||||
|
||||
var provider = BuildServiceProvider(backend);
|
||||
@@ -178,6 +181,7 @@ public sealed class CommandHandlersTests
|
||||
provider,
|
||||
"scan-123",
|
||||
includeNdjson: true,
|
||||
includeSemantic: false,
|
||||
verbose: false,
|
||||
cancellationToken: CancellationToken.None);
|
||||
|
||||
@@ -211,6 +215,7 @@ public sealed class CommandHandlersTests
|
||||
provider,
|
||||
"scan-missing",
|
||||
includeNdjson: false,
|
||||
includeSemantic: false,
|
||||
verbose: false,
|
||||
cancellationToken: CancellationToken.None));
|
||||
|
||||
@@ -1342,104 +1347,6 @@ public sealed class CommandHandlersTests
|
||||
}
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task HandleAdviseRunAsync_WritesMarkdownWithCitations_ForExplain()
|
||||
{
|
||||
var originalExit = Environment.ExitCode;
|
||||
var originalConsole = AnsiConsole.Console;
|
||||
var testConsole = new TestConsole();
|
||||
|
||||
try
|
||||
{
|
||||
Environment.ExitCode = 0;
|
||||
AnsiConsole.Console = testConsole;
|
||||
|
||||
var planResponse = new AdvisoryPipelinePlanResponseModel
|
||||
{
|
||||
TaskType = "Conflict",
|
||||
CacheKey = "plan-conflict",
|
||||
PromptTemplate = "prompts/advisory/conflict.liquid",
|
||||
Budget = new AdvisoryTaskBudgetModel
|
||||
{
|
||||
PromptTokens = 128,
|
||||
CompletionTokens = 64
|
||||
},
|
||||
Chunks = Array.Empty<PipelineChunkSummaryModel>(),
|
||||
Vectors = Array.Empty<PipelineVectorSummaryModel>(),
|
||||
Metadata = new Dictionary<string, string>()
|
||||
};
|
||||
|
||||
var outputResponse = new AdvisoryPipelineOutputModel
|
||||
{
|
||||
CacheKey = planResponse.CacheKey,
|
||||
TaskType = planResponse.TaskType,
|
||||
Profile = "default",
|
||||
Prompt = "Sanitized prompt",
|
||||
Response = "Rendered conflict body.",
|
||||
Citations = new[]
|
||||
{
|
||||
new AdvisoryOutputCitationModel { Index = 1, DocumentId = "doc-42", ChunkId = "chunk-42" }
|
||||
},
|
||||
Metadata = new Dictionary<string, string>(),
|
||||
Guardrail = new AdvisoryOutputGuardrailModel
|
||||
{
|
||||
Blocked = false,
|
||||
SanitizedPrompt = "Sanitized prompt",
|
||||
Violations = Array.Empty<AdvisoryOutputGuardrailViolationModel>(),
|
||||
Metadata = new Dictionary<string, string>()
|
||||
},
|
||||
Provenance = new AdvisoryOutputProvenanceModel
|
||||
{
|
||||
InputDigest = "sha256:conflict-in",
|
||||
OutputHash = "sha256:conflict-out",
|
||||
Signatures = Array.Empty<string>()
|
||||
},
|
||||
GeneratedAtUtc = DateTimeOffset.Parse("2025-11-06T12:00:00Z", CultureInfo.InvariantCulture),
|
||||
PlanFromCache = false
|
||||
};
|
||||
|
||||
var backend = new StubBackendClient(new JobTriggerResult(true, "ok", null, null))
|
||||
{
|
||||
AdvisoryPlanResponse = planResponse,
|
||||
AdvisoryOutputResponse = outputResponse
|
||||
};
|
||||
|
||||
var provider = BuildServiceProvider(backend);
|
||||
var outputPath = Path.GetTempFileName();
|
||||
|
||||
await CommandHandlers.HandleAdviseRunAsync(
|
||||
provider,
|
||||
AdvisoryAiTaskType.Conflict,
|
||||
"ADV-42",
|
||||
null,
|
||||
null,
|
||||
null,
|
||||
"default",
|
||||
Array.Empty<string>(),
|
||||
forceRefresh: false,
|
||||
timeoutSeconds: 0,
|
||||
outputFormat: AdvisoryOutputFormat.Markdown,
|
||||
outputPath: outputPath,
|
||||
verbose: false,
|
||||
cancellationToken: CancellationToken.None);
|
||||
|
||||
var markdown = await File.ReadAllTextAsync(outputPath);
|
||||
Assert.Contains("Conflict", markdown, StringComparison.OrdinalIgnoreCase);
|
||||
Assert.Contains("Rendered conflict body", markdown, StringComparison.OrdinalIgnoreCase);
|
||||
Assert.Contains("doc-42", markdown, StringComparison.OrdinalIgnoreCase);
|
||||
Assert.Contains("chunk-42", markdown, StringComparison.OrdinalIgnoreCase);
|
||||
Assert.Contains("Citations", markdown, StringComparison.OrdinalIgnoreCase);
|
||||
Assert.Equal(0, Environment.ExitCode);
|
||||
Assert.Contains("Conflict", testConsole.Output, StringComparison.OrdinalIgnoreCase);
|
||||
Assert.Equal(AdvisoryAiTaskType.Conflict, backend.AdvisoryPlanRequests.Last().TaskType);
|
||||
}
|
||||
finally
|
||||
{
|
||||
AnsiConsole.Console = originalConsole;
|
||||
Environment.ExitCode = originalExit;
|
||||
}
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task HandleAdviseRunAsync_WritesMarkdownWithCitations_ForRemediationTask()
|
||||
{
|
||||
@@ -2503,6 +2410,7 @@ public sealed class CommandHandlersTests
|
||||
"sbom:S-42",
|
||||
new[] { "CVE-2021-23337", "GHSA-xxxx-yyyy" },
|
||||
new PolicyFindingVexMetadata("VendorX-123", "vendor-x", "not_affected"),
|
||||
null,
|
||||
4,
|
||||
DateTimeOffset.Parse("2025-10-26T14:06:01Z", CultureInfo.InvariantCulture, DateTimeStyles.AssumeUniversal),
|
||||
"run:P-7:2025-10-26:auto")
|
||||
@@ -2570,6 +2478,7 @@ public sealed class CommandHandlersTests
|
||||
"sbom:S-99",
|
||||
Array.Empty<string>(),
|
||||
null,
|
||||
null,
|
||||
3,
|
||||
DateTimeOffset.MinValue,
|
||||
null)
|
||||
@@ -2638,6 +2547,7 @@ public sealed class CommandHandlersTests
|
||||
"sbom:S-1",
|
||||
new[] { "CVE-1111" },
|
||||
new PolicyFindingVexMetadata("VendorY-9", null, "affected"),
|
||||
null,
|
||||
7,
|
||||
DateTimeOffset.Parse("2025-10-26T12:34:56Z", CultureInfo.InvariantCulture, DateTimeStyles.AssumeUniversal),
|
||||
"run:P-9:1234")
|
||||
@@ -2787,6 +2697,14 @@ public sealed class CommandHandlersTests
|
||||
outputPath: null,
|
||||
explain: true,
|
||||
failOnDiff: false,
|
||||
withExceptions: Array.Empty<string>(),
|
||||
withoutExceptions: Array.Empty<string>(),
|
||||
mode: null,
|
||||
sbomSelectors: Array.Empty<string>(),
|
||||
includeHeatmap: false,
|
||||
manifestDownload: false,
|
||||
reachabilityStates: Array.Empty<string>(),
|
||||
reachabilityScores: Array.Empty<string>(),
|
||||
verbose: false,
|
||||
cancellationToken: CancellationToken.None);
|
||||
|
||||
@@ -2849,6 +2767,14 @@ public sealed class CommandHandlersTests
|
||||
outputPath: null,
|
||||
explain: false,
|
||||
failOnDiff: false,
|
||||
withExceptions: Array.Empty<string>(),
|
||||
withoutExceptions: Array.Empty<string>(),
|
||||
mode: null,
|
||||
sbomSelectors: Array.Empty<string>(),
|
||||
includeHeatmap: false,
|
||||
manifestDownload: false,
|
||||
reachabilityStates: Array.Empty<string>(),
|
||||
reachabilityScores: Array.Empty<string>(),
|
||||
verbose: false,
|
||||
cancellationToken: CancellationToken.None);
|
||||
|
||||
@@ -2898,6 +2824,14 @@ public sealed class CommandHandlersTests
|
||||
outputPath: null,
|
||||
explain: false,
|
||||
failOnDiff: true,
|
||||
withExceptions: Array.Empty<string>(),
|
||||
withoutExceptions: Array.Empty<string>(),
|
||||
mode: null,
|
||||
sbomSelectors: Array.Empty<string>(),
|
||||
includeHeatmap: false,
|
||||
manifestDownload: false,
|
||||
reachabilityStates: Array.Empty<string>(),
|
||||
reachabilityScores: Array.Empty<string>(),
|
||||
verbose: false,
|
||||
cancellationToken: CancellationToken.None);
|
||||
|
||||
@@ -2937,6 +2871,14 @@ public sealed class CommandHandlersTests
|
||||
outputPath: null,
|
||||
explain: false,
|
||||
failOnDiff: false,
|
||||
withExceptions: Array.Empty<string>(),
|
||||
withoutExceptions: Array.Empty<string>(),
|
||||
mode: null,
|
||||
sbomSelectors: Array.Empty<string>(),
|
||||
includeHeatmap: false,
|
||||
manifestDownload: false,
|
||||
reachabilityStates: Array.Empty<string>(),
|
||||
reachabilityScores: Array.Empty<string>(),
|
||||
verbose: false,
|
||||
cancellationToken: CancellationToken.None);
|
||||
|
||||
@@ -4454,6 +4396,7 @@ spec:
|
||||
"sbom:default",
|
||||
Array.Empty<string>(),
|
||||
null,
|
||||
null,
|
||||
1,
|
||||
DateTimeOffset.UtcNow,
|
||||
null);
|
||||
@@ -4472,7 +4415,7 @@ spec:
|
||||
public List<(AdvisoryAiTaskType TaskType, AdvisoryPipelinePlanRequestModel Request)> AdvisoryPlanRequests { get; } = new();
|
||||
public AdvisoryPipelinePlanResponseModel? AdvisoryPlanResponse { get; set; }
|
||||
public Exception? AdvisoryPlanException { get; set; }
|
||||
public Queue<AdvisoryPipelineOutputModel?> AdvisoryOutputQueue { get; } = new();
|
||||
public Queue<AdvisoryPipelineOutputModel?> AdvisoryOutputQueue { get; set; } = new();
|
||||
public AdvisoryPipelineOutputModel? AdvisoryOutputResponse { get; set; }
|
||||
public Exception? AdvisoryOutputException { get; set; }
|
||||
public List<(string CacheKey, AdvisoryAiTaskType TaskType, string Profile)> AdvisoryOutputRequests { get; } = new();
|
||||
@@ -4704,6 +4647,119 @@ spec:
|
||||
|
||||
return Task.FromResult(AdvisoryOutputResponse);
|
||||
}
|
||||
|
||||
public Task<RiskProfileListResponse> ListRiskProfilesAsync(RiskProfileListRequest request, CancellationToken cancellationToken)
|
||||
=> Task.FromResult(new RiskProfileListResponse());
|
||||
|
||||
public Task<RiskSimulateResult> SimulateRiskAsync(RiskSimulateRequest request, CancellationToken cancellationToken)
|
||||
=> Task.FromResult(new RiskSimulateResult());
|
||||
|
||||
public Task<RiskResultsResponse> GetRiskResultsAsync(RiskResultsRequest request, CancellationToken cancellationToken)
|
||||
=> Task.FromResult(new RiskResultsResponse());
|
||||
|
||||
public Task<RiskBundleVerifyResult> VerifyRiskBundleAsync(RiskBundleVerifyRequest request, CancellationToken cancellationToken)
|
||||
=> Task.FromResult(new RiskBundleVerifyResult());
|
||||
|
||||
public Task<ReachabilityUploadCallGraphResult> UploadCallGraphAsync(ReachabilityUploadCallGraphRequest request, Stream callGraphStream, CancellationToken cancellationToken)
|
||||
=> Task.FromResult(new ReachabilityUploadCallGraphResult());
|
||||
|
||||
public Task<ReachabilityListResponse> ListReachabilityAnalysesAsync(ReachabilityListRequest request, CancellationToken cancellationToken)
|
||||
=> Task.FromResult(new ReachabilityListResponse());
|
||||
|
||||
public Task<ReachabilityExplainResult> ExplainReachabilityAsync(ReachabilityExplainRequest request, CancellationToken cancellationToken)
|
||||
=> Task.FromResult(new ReachabilityExplainResult());
|
||||
|
||||
public Task<GraphExplainResult> ExplainGraphAsync(GraphExplainRequest request, CancellationToken cancellationToken)
|
||||
=> Task.FromResult(new GraphExplainResult());
|
||||
|
||||
public Task<ApiSpecListResponse> ListApiSpecsAsync(string? tenant, CancellationToken cancellationToken)
|
||||
=> Task.FromResult(new ApiSpecListResponse());
|
||||
|
||||
public Task<ApiSpecDownloadResult> DownloadApiSpecAsync(ApiSpecDownloadRequest request, CancellationToken cancellationToken)
|
||||
=> Task.FromResult(new ApiSpecDownloadResult());
|
||||
|
||||
public Task<SdkUpdateResponse> CheckSdkUpdatesAsync(SdkUpdateRequest request, CancellationToken cancellationToken)
|
||||
=> Task.FromResult(new SdkUpdateResponse());
|
||||
|
||||
public Task<SdkListResponse> ListInstalledSdksAsync(string? language, string? tenant, CancellationToken cancellationToken)
|
||||
=> Task.FromResult(new SdkListResponse());
|
||||
|
||||
public Task<PolicyHistoryResponse> GetPolicyHistoryAsync(PolicyHistoryRequest request, CancellationToken cancellationToken)
|
||||
=> Task.FromResult(new PolicyHistoryResponse());
|
||||
|
||||
public Task<PolicyExplainResult> GetPolicyExplainAsync(PolicyExplainRequest request, CancellationToken cancellationToken)
|
||||
=> Task.FromResult(new PolicyExplainResult());
|
||||
|
||||
public Task<PolicyVersionBumpResult> BumpPolicyVersionAsync(PolicyVersionBumpRequest request, CancellationToken cancellationToken)
|
||||
=> Task.FromResult(new PolicyVersionBumpResult());
|
||||
|
||||
public Task<PolicySubmitResult> SubmitPolicyForReviewAsync(PolicySubmitRequest request, CancellationToken cancellationToken)
|
||||
=> Task.FromResult(new PolicySubmitResult());
|
||||
|
||||
public Task<PolicyReviewCommentResult> AddPolicyReviewCommentAsync(PolicyReviewCommentRequest request, CancellationToken cancellationToken)
|
||||
=> Task.FromResult(new PolicyReviewCommentResult());
|
||||
|
||||
public Task<PolicyApproveResult> ApprovePolicyReviewAsync(PolicyApproveRequest request, CancellationToken cancellationToken)
|
||||
=> Task.FromResult(new PolicyApproveResult());
|
||||
|
||||
public Task<PolicyRejectResult> RejectPolicyReviewAsync(PolicyRejectRequest request, CancellationToken cancellationToken)
|
||||
=> Task.FromResult(new PolicyRejectResult());
|
||||
|
||||
public Task<PolicyReviewSummary?> GetPolicyReviewStatusAsync(PolicyReviewStatusRequest request, CancellationToken cancellationToken)
|
||||
=> Task.FromResult<PolicyReviewSummary?>(null);
|
||||
|
||||
public Task<PolicyPublishResult> PublishPolicyAsync(PolicyPublishRequest request, CancellationToken cancellationToken)
|
||||
=> Task.FromResult(new PolicyPublishResult());
|
||||
|
||||
public Task<PolicyPromoteResult> PromotePolicyAsync(PolicyPromoteRequest request, CancellationToken cancellationToken)
|
||||
=> Task.FromResult(new PolicyPromoteResult());
|
||||
|
||||
public Task<PolicyRollbackResult> RollbackPolicyAsync(PolicyRollbackRequest request, CancellationToken cancellationToken)
|
||||
=> Task.FromResult(new PolicyRollbackResult());
|
||||
|
||||
public Task<PolicySignResult> SignPolicyAsync(PolicySignRequest request, CancellationToken cancellationToken)
|
||||
=> Task.FromResult(new PolicySignResult());
|
||||
|
||||
public Task<PolicyVerifySignatureResult> VerifyPolicySignatureAsync(PolicyVerifySignatureRequest request, CancellationToken cancellationToken)
|
||||
=> Task.FromResult(new PolicyVerifySignatureResult());
|
||||
|
||||
public Task<VexConsensusListResponse> ListVexConsensusAsync(VexConsensusListRequest request, string? tenant, CancellationToken cancellationToken)
|
||||
=> Task.FromResult(new VexConsensusListResponse(Array.Empty<VexConsensusItem>(), 0, 0, 0, false));
|
||||
|
||||
public Task<VexConsensusDetailResponse?> GetVexConsensusAsync(string vulnerabilityId, string productKey, string? tenant, CancellationToken cancellationToken)
|
||||
=> Task.FromResult<VexConsensusDetailResponse?>(null);
|
||||
|
||||
public Task<VexSimulationResponse> SimulateVexConsensusAsync(VexSimulationRequest request, string? tenant, CancellationToken cancellationToken)
|
||||
=> Task.FromResult(new VexSimulationResponse(
|
||||
Array.Empty<VexSimulationResultItem>(),
|
||||
new VexSimulationParameters(0.0, 0),
|
||||
new VexSimulationSummary(0, 0, 0, 0, 0)));
|
||||
|
||||
public Task<VexExportResponse> ExportVexConsensusAsync(VexExportRequest request, string? tenant, CancellationToken cancellationToken)
|
||||
=> Task.FromResult(new VexExportResponse("export-0"));
|
||||
|
||||
public Task<Stream> DownloadVexExportAsync(string exportId, string? tenant, CancellationToken cancellationToken)
|
||||
=> Task.FromResult<Stream>(new MemoryStream(Encoding.UTF8.GetBytes("{}")));
|
||||
|
||||
public Task<VulnListResponse> ListVulnerabilitiesAsync(VulnListRequest request, string? tenant, CancellationToken cancellationToken)
|
||||
=> Task.FromResult(new VulnListResponse(Array.Empty<VulnItem>(), 0, 0, 0, false));
|
||||
|
||||
public Task<VulnDetailResponse?> GetVulnerabilityAsync(string vulnerabilityId, string? tenant, CancellationToken cancellationToken)
|
||||
=> Task.FromResult<VulnDetailResponse?>(null);
|
||||
|
||||
public Task<VulnWorkflowResponse> ExecuteVulnWorkflowAsync(VulnWorkflowRequest request, string? tenant, CancellationToken cancellationToken)
|
||||
=> Task.FromResult(new VulnWorkflowResponse(true, request.Action, 0, Array.Empty<string>()));
|
||||
|
||||
public Task<VulnSimulationResponse> SimulateVulnerabilitiesAsync(VulnSimulationRequest request, string? tenant, CancellationToken cancellationToken)
|
||||
=> Task.FromResult(new VulnSimulationResponse(
|
||||
Array.Empty<VulnSimulationDelta>(),
|
||||
new VulnSimulationSummary(0, 0, 0, 0, 0)));
|
||||
|
||||
public Task<VulnExportResponse> ExportVulnerabilitiesAsync(VulnExportRequest request, string? tenant, CancellationToken cancellationToken)
|
||||
=> Task.FromResult(new VulnExportResponse("export-0"));
|
||||
|
||||
public Task<Stream> DownloadVulnExportAsync(string exportId, string? tenant, CancellationToken cancellationToken)
|
||||
=> Task.FromResult<Stream>(new MemoryStream(Encoding.UTF8.GetBytes("{}")));
|
||||
}
|
||||
|
||||
private sealed class StubExecutor : IScannerExecutor
|
||||
@@ -4832,6 +4888,12 @@ spec:
|
||||
LastQuery = query;
|
||||
return Task.FromResult(_response);
|
||||
}
|
||||
|
||||
public Task<AdvisoryLinksetResponse> GetLinksetAsync(AdvisoryLinksetQuery query, CancellationToken cancellationToken)
|
||||
=> Task.FromResult(new AdvisoryLinksetResponse());
|
||||
|
||||
public Task<AdvisoryLinksetObservation?> GetObservationByIdAsync(string tenant, string observationId, CancellationToken cancellationToken)
|
||||
=> Task.FromResult<AdvisoryLinksetObservation?>(null);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
|
||||
@@ -0,0 +1,126 @@
|
||||
using System;
|
||||
using System.IO;
|
||||
using System.Text.Json;
|
||||
using System.Threading;
|
||||
using System.Threading.Tasks;
|
||||
using Microsoft.Extensions.DependencyInjection;
|
||||
using Microsoft.Extensions.Logging;
|
||||
using Microsoft.Extensions.Logging.Abstractions;
|
||||
using Spectre.Console;
|
||||
using Spectre.Console.Testing;
|
||||
using StellaOps.Cli.Commands;
|
||||
using StellaOps.Cli.Tests.Testing;
|
||||
using StellaOps.ExportCenter.Core.EvidenceCache;
|
||||
|
||||
namespace StellaOps.Cli.Tests.Commands;
|
||||
|
||||
public sealed class ExportCacheCommandHandlersTests
|
||||
{
|
||||
[Fact]
|
||||
public async Task HandleExportCacheStatsAsync_Json_EmitsStatistics()
|
||||
{
|
||||
using var temp = new TempDirectory();
|
||||
var scanOutputPath = temp.Path;
|
||||
var cacheService = new LocalEvidenceCacheService(TimeProvider.System, NullLogger<LocalEvidenceCacheService>.Instance);
|
||||
|
||||
await cacheService.CacheEvidenceAsync(
|
||||
scanOutputPath,
|
||||
new CachedEvidenceBundle
|
||||
{
|
||||
AlertId = "alert-1",
|
||||
ArtifactId = "scan-1",
|
||||
ComputedAt = DateTimeOffset.Parse("2025-12-14T00:00:00Z"),
|
||||
Reachability = new CachedEvidenceSection { Status = EvidenceStatus.Available },
|
||||
CallStack = new CachedEvidenceSection { Status = EvidenceStatus.Available },
|
||||
Provenance = new CachedEvidenceSection { Status = EvidenceStatus.Available },
|
||||
VexStatus = new CachedEvidenceSection { Status = EvidenceStatus.Available }
|
||||
},
|
||||
CancellationToken.None);
|
||||
|
||||
using var services = BuildServices(cacheService);
|
||||
var output = await CaptureTestConsoleAsync(console => CommandHandlers.HandleExportCacheStatsAsync(
|
||||
services,
|
||||
scanOutputPath,
|
||||
json: true,
|
||||
verbose: false,
|
||||
CancellationToken.None));
|
||||
|
||||
Assert.Equal(0, output.ExitCode);
|
||||
|
||||
using var document = JsonDocument.Parse(output.Console.Trim());
|
||||
Assert.Equal(Path.GetFullPath(scanOutputPath), document.RootElement.GetProperty("scanOutput").GetString());
|
||||
Assert.Equal(1, document.RootElement.GetProperty("statistics").GetProperty("totalBundles").GetInt32());
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task HandleExportCacheProcessQueueAsync_Json_EmitsCounts()
|
||||
{
|
||||
using var temp = new TempDirectory();
|
||||
var scanOutputPath = temp.Path;
|
||||
var cacheService = new LocalEvidenceCacheService(TimeProvider.System, NullLogger<LocalEvidenceCacheService>.Instance);
|
||||
|
||||
await cacheService.CacheEvidenceAsync(
|
||||
scanOutputPath,
|
||||
new CachedEvidenceBundle
|
||||
{
|
||||
AlertId = "alert-1",
|
||||
ArtifactId = "scan-1",
|
||||
ComputedAt = DateTimeOffset.Parse("2025-12-14T00:00:00Z"),
|
||||
Reachability = new CachedEvidenceSection { Status = EvidenceStatus.Available },
|
||||
CallStack = new CachedEvidenceSection { Status = EvidenceStatus.Available },
|
||||
Provenance = new CachedEvidenceSection { Status = EvidenceStatus.PendingEnrichment, UnavailableReason = "offline" },
|
||||
VexStatus = new CachedEvidenceSection { Status = EvidenceStatus.Available }
|
||||
},
|
||||
CancellationToken.None);
|
||||
|
||||
using var services = BuildServices(cacheService);
|
||||
var output = await CaptureTestConsoleAsync(console => CommandHandlers.HandleExportCacheProcessQueueAsync(
|
||||
services,
|
||||
scanOutputPath,
|
||||
json: true,
|
||||
verbose: false,
|
||||
CancellationToken.None));
|
||||
|
||||
Assert.Equal(0, output.ExitCode);
|
||||
|
||||
using var document = JsonDocument.Parse(output.Console.Trim());
|
||||
var result = document.RootElement.GetProperty("result");
|
||||
Assert.Equal(0, result.GetProperty("processedCount").GetInt32());
|
||||
Assert.Equal(1, result.GetProperty("failedCount").GetInt32());
|
||||
Assert.Equal(1, result.GetProperty("remainingCount").GetInt32());
|
||||
}
|
||||
|
||||
private static ServiceProvider BuildServices(IEvidenceCacheService cacheService)
|
||||
{
|
||||
var services = new ServiceCollection();
|
||||
services.AddSingleton(TimeProvider.System);
|
||||
services.AddSingleton(cacheService);
|
||||
services.AddSingleton<ILoggerFactory>(_ => LoggerFactory.Create(builder => builder.SetMinimumLevel(LogLevel.None)));
|
||||
return services.BuildServiceProvider();
|
||||
}
|
||||
|
||||
private static async Task<CapturedConsoleOutput> CaptureTestConsoleAsync(Func<TestConsole, Task<int>> action)
|
||||
{
|
||||
var testConsole = new TestConsole();
|
||||
testConsole.Width(4000);
|
||||
var originalConsole = AnsiConsole.Console;
|
||||
var originalOut = Console.Out;
|
||||
using var writer = new StringWriter();
|
||||
|
||||
try
|
||||
{
|
||||
AnsiConsole.Console = testConsole;
|
||||
Console.SetOut(writer);
|
||||
var exitCode = await action(testConsole).ConfigureAwait(false);
|
||||
return new CapturedConsoleOutput(exitCode, testConsole.Output.ToString(), writer.ToString());
|
||||
}
|
||||
finally
|
||||
{
|
||||
Console.SetOut(originalOut);
|
||||
AnsiConsole.Console = originalConsole;
|
||||
}
|
||||
}
|
||||
|
||||
private sealed record CapturedConsoleOutput(int ExitCode, string Console, string Plain);
|
||||
}
|
||||
|
||||
@@ -0,0 +1,277 @@
|
||||
using System;
|
||||
using System.IO;
|
||||
using System.Security.Cryptography;
|
||||
using System.Text;
|
||||
using System.Text.Json;
|
||||
using System.Threading;
|
||||
using System.Threading.Tasks;
|
||||
using Microsoft.Extensions.DependencyInjection;
|
||||
using Microsoft.Extensions.Logging;
|
||||
using Spectre.Console;
|
||||
using Spectre.Console.Testing;
|
||||
using StellaOps.Cli.Commands;
|
||||
using StellaOps.Cli.Configuration;
|
||||
using StellaOps.Cli.Telemetry;
|
||||
using StellaOps.Cli.Tests.Testing;
|
||||
|
||||
namespace StellaOps.Cli.Tests.Commands;
|
||||
|
||||
public sealed class OfflineCommandHandlersTests
|
||||
{
|
||||
[Fact]
|
||||
public async Task HandleOfflineImportAsync_ForceActivateRequiresReason()
|
||||
{
|
||||
using var temp = new TempDirectory();
|
||||
var bundlePath = Path.Combine(temp.Path, "bundle.tar.zst");
|
||||
await File.WriteAllTextAsync(bundlePath, "payload", CancellationToken.None);
|
||||
|
||||
using var services = BuildServices(new StellaOpsCliOptions
|
||||
{
|
||||
Offline = new StellaOpsCliOfflineOptions
|
||||
{
|
||||
KitsDirectory = Path.Combine(temp.Path, "offline-kits")
|
||||
}
|
||||
});
|
||||
|
||||
var originalExitCode = Environment.ExitCode;
|
||||
try
|
||||
{
|
||||
var output = await CaptureTestConsoleAsync(console => CommandHandlers.HandleOfflineImportAsync(
|
||||
services,
|
||||
tenant: null,
|
||||
bundlePath: bundlePath,
|
||||
manifestPath: null,
|
||||
verifyDsse: false,
|
||||
verifyRekor: false,
|
||||
trustRootPath: null,
|
||||
forceActivate: true,
|
||||
forceReason: null,
|
||||
dryRun: true,
|
||||
outputFormat: "json",
|
||||
verbose: false,
|
||||
cancellationToken: CancellationToken.None));
|
||||
|
||||
Assert.Equal(OfflineExitCodes.ValidationFailed, Environment.ExitCode);
|
||||
|
||||
using var document = JsonDocument.Parse(output.Console.Trim());
|
||||
Assert.Equal("error", document.RootElement.GetProperty("status").GetString());
|
||||
Assert.Equal(OfflineExitCodes.ValidationFailed, document.RootElement.GetProperty("exitCode").GetInt32());
|
||||
Assert.Contains("force-reason", document.RootElement.GetProperty("message").GetString() ?? string.Empty, StringComparison.OrdinalIgnoreCase);
|
||||
}
|
||||
finally
|
||||
{
|
||||
Environment.ExitCode = originalExitCode;
|
||||
}
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task HandleOfflineImportAndStatusAsync_SavesActiveState()
|
||||
{
|
||||
using var temp = new TempDirectory();
|
||||
var bundleDir = Path.Combine(temp.Path, "bundle");
|
||||
Directory.CreateDirectory(bundleDir);
|
||||
|
||||
var bundlePath = Path.Combine(bundleDir, "bundle-1.0.0.tar.zst");
|
||||
var bundleBytes = Encoding.UTF8.GetBytes("deterministic-offline-kit");
|
||||
await File.WriteAllBytesAsync(bundlePath, bundleBytes, CancellationToken.None);
|
||||
var bundleDigest = ComputeSha256Hex(bundleBytes);
|
||||
|
||||
var manifestPath = Path.Combine(bundleDir, "manifest.json");
|
||||
var manifestJson = JsonSerializer.Serialize(new
|
||||
{
|
||||
version = "1.0.0",
|
||||
created_at = "2025-12-14T00:00:00Z",
|
||||
payload_sha256 = bundleDigest
|
||||
}, new JsonSerializerOptions(JsonSerializerDefaults.Web) { WriteIndented = true });
|
||||
await File.WriteAllTextAsync(manifestPath, manifestJson, CancellationToken.None);
|
||||
|
||||
using var rsa = RSA.Create(2048);
|
||||
var publicKeyDer = rsa.ExportSubjectPublicKeyInfo();
|
||||
var fingerprint = ComputeSha256Hex(publicKeyDer);
|
||||
var trustRootPath = Path.Combine(bundleDir, "trust-root.pub");
|
||||
await File.WriteAllTextAsync(trustRootPath, WrapPem("PUBLIC KEY", publicKeyDer), CancellationToken.None);
|
||||
|
||||
var payloadJson = JsonSerializer.Serialize(new
|
||||
{
|
||||
subject = new[]
|
||||
{
|
||||
new
|
||||
{
|
||||
digest = new
|
||||
{
|
||||
sha256 = bundleDigest
|
||||
}
|
||||
}
|
||||
}
|
||||
}, new JsonSerializerOptions(JsonSerializerDefaults.Web));
|
||||
|
||||
var payloadBase64 = Convert.ToBase64String(Encoding.UTF8.GetBytes(payloadJson));
|
||||
var pae = BuildDssePae("application/vnd.in-toto+json", payloadBase64);
|
||||
var signature = Convert.ToBase64String(rsa.SignData(pae, HashAlgorithmName.SHA256, RSASignaturePadding.Pss));
|
||||
|
||||
var dssePath = Path.Combine(bundleDir, "statement.dsse.json");
|
||||
var dsseJson = JsonSerializer.Serialize(new
|
||||
{
|
||||
payloadType = "application/vnd.in-toto+json",
|
||||
payload = payloadBase64,
|
||||
signatures = new[]
|
||||
{
|
||||
new { keyid = fingerprint, sig = signature }
|
||||
}
|
||||
}, new JsonSerializerOptions(JsonSerializerDefaults.Web) { WriteIndented = true });
|
||||
await File.WriteAllTextAsync(dssePath, dsseJson, CancellationToken.None);
|
||||
|
||||
var rootHash = "deadbeef";
|
||||
var rekorPath = Path.Combine(bundleDir, "rekor-receipt.json");
|
||||
var rekorJson = JsonSerializer.Serialize(new
|
||||
{
|
||||
uuid = "rekor-test",
|
||||
logIndex = 42,
|
||||
rootHash,
|
||||
hashes = new[] { "hash-1" },
|
||||
checkpoint = $"checkpoint {rootHash}"
|
||||
}, new JsonSerializerOptions(JsonSerializerDefaults.Web) { WriteIndented = true });
|
||||
await File.WriteAllTextAsync(rekorPath, rekorJson, CancellationToken.None);
|
||||
|
||||
var kitsDirectory = Path.Combine(temp.Path, "offline-kits");
|
||||
using var services = BuildServices(new StellaOpsCliOptions
|
||||
{
|
||||
Offline = new StellaOpsCliOfflineOptions
|
||||
{
|
||||
KitsDirectory = kitsDirectory
|
||||
}
|
||||
});
|
||||
|
||||
var originalExitCode = Environment.ExitCode;
|
||||
try
|
||||
{
|
||||
var importOutput = await CaptureTestConsoleAsync(console => CommandHandlers.HandleOfflineImportAsync(
|
||||
services,
|
||||
tenant: null,
|
||||
bundlePath: bundlePath,
|
||||
manifestPath: manifestPath,
|
||||
verifyDsse: true,
|
||||
verifyRekor: true,
|
||||
trustRootPath: trustRootPath,
|
||||
forceActivate: false,
|
||||
forceReason: null,
|
||||
dryRun: false,
|
||||
outputFormat: "json",
|
||||
verbose: false,
|
||||
cancellationToken: CancellationToken.None));
|
||||
|
||||
Assert.Equal(OfflineExitCodes.Success, Environment.ExitCode);
|
||||
using (var document = JsonDocument.Parse(importOutput.Console.Trim()))
|
||||
{
|
||||
Assert.Equal("imported", document.RootElement.GetProperty("status").GetString());
|
||||
Assert.Equal(OfflineExitCodes.Success, document.RootElement.GetProperty("exitCode").GetInt32());
|
||||
Assert.True(document.RootElement.GetProperty("dsseVerified").GetBoolean());
|
||||
Assert.True(document.RootElement.GetProperty("rekorVerified").GetBoolean());
|
||||
Assert.Equal("1.0.0", document.RootElement.GetProperty("version").GetString());
|
||||
}
|
||||
|
||||
var statePath = Path.Combine(kitsDirectory, ".state", "offline-kit-active__default.json");
|
||||
Assert.True(File.Exists(statePath));
|
||||
|
||||
var statusOutput = await CaptureTestConsoleAsync(console => CommandHandlers.HandleOfflineStatusAsync(
|
||||
services,
|
||||
tenant: null,
|
||||
outputFormat: "json",
|
||||
verbose: false,
|
||||
cancellationToken: CancellationToken.None));
|
||||
|
||||
Assert.Equal(OfflineExitCodes.Success, Environment.ExitCode);
|
||||
using (var document = JsonDocument.Parse(statusOutput.Console.Trim()))
|
||||
{
|
||||
Assert.Equal("default", document.RootElement.GetProperty("tenantId").GetString());
|
||||
var active = document.RootElement.GetProperty("active");
|
||||
Assert.Equal("bundle-1.0.0.tar.zst", active.GetProperty("kitId").GetString());
|
||||
Assert.Equal("1.0.0", active.GetProperty("version").GetString());
|
||||
Assert.Equal($"sha256:{bundleDigest}", active.GetProperty("digest").GetString());
|
||||
}
|
||||
}
|
||||
finally
|
||||
{
|
||||
Environment.ExitCode = originalExitCode;
|
||||
}
|
||||
}
|
||||
|
||||
private static ServiceProvider BuildServices(StellaOpsCliOptions options)
|
||||
{
|
||||
var services = new ServiceCollection();
|
||||
|
||||
services.AddSingleton(options);
|
||||
services.AddSingleton(new VerbosityState());
|
||||
services.AddSingleton<ILoggerFactory>(_ => LoggerFactory.Create(builder => builder.SetMinimumLevel(LogLevel.None)));
|
||||
|
||||
return services.BuildServiceProvider();
|
||||
}
|
||||
|
||||
private static async Task<CapturedConsoleOutput> CaptureTestConsoleAsync(Func<TestConsole, Task> action)
|
||||
{
|
||||
var testConsole = new TestConsole();
|
||||
testConsole.Width(4000);
|
||||
var originalConsole = AnsiConsole.Console;
|
||||
var originalOut = Console.Out;
|
||||
using var writer = new StringWriter();
|
||||
|
||||
try
|
||||
{
|
||||
AnsiConsole.Console = testConsole;
|
||||
Console.SetOut(writer);
|
||||
await action(testConsole).ConfigureAwait(false);
|
||||
return new CapturedConsoleOutput(testConsole.Output.ToString(), writer.ToString());
|
||||
}
|
||||
finally
|
||||
{
|
||||
Console.SetOut(originalOut);
|
||||
AnsiConsole.Console = originalConsole;
|
||||
}
|
||||
}
|
||||
|
||||
private static string ComputeSha256Hex(byte[] bytes)
|
||||
{
|
||||
var hash = SHA256.HashData(bytes);
|
||||
return Convert.ToHexString(hash).ToLowerInvariant();
|
||||
}
|
||||
|
||||
private static byte[] BuildDssePae(string payloadType, string payloadBase64)
|
||||
{
|
||||
var payloadBytes = Convert.FromBase64String(payloadBase64);
|
||||
var payloadText = Encoding.UTF8.GetString(payloadBytes);
|
||||
var parts = new[]
|
||||
{
|
||||
"DSSEv1",
|
||||
payloadType,
|
||||
payloadText
|
||||
};
|
||||
|
||||
var builder = new StringBuilder();
|
||||
builder.Append("PAE:");
|
||||
builder.Append(parts.Length);
|
||||
foreach (var part in parts)
|
||||
{
|
||||
builder.Append(' ');
|
||||
builder.Append(part.Length);
|
||||
builder.Append(' ');
|
||||
builder.Append(part);
|
||||
}
|
||||
|
||||
return Encoding.UTF8.GetBytes(builder.ToString());
|
||||
}
|
||||
|
||||
private static string WrapPem(string label, byte[] derBytes)
|
||||
{
|
||||
var base64 = Convert.ToBase64String(derBytes);
|
||||
var builder = new StringBuilder();
|
||||
builder.Append("-----BEGIN ").Append(label).AppendLine("-----");
|
||||
for (var offset = 0; offset < base64.Length; offset += 64)
|
||||
{
|
||||
builder.AppendLine(base64.Substring(offset, Math.Min(64, base64.Length - offset)));
|
||||
}
|
||||
builder.Append("-----END ").Append(label).AppendLine("-----");
|
||||
return builder.ToString();
|
||||
}
|
||||
|
||||
private sealed record CapturedConsoleOutput(string Console, string Plain);
|
||||
}
|
||||
@@ -2,6 +2,7 @@ using System;
|
||||
using System.IO;
|
||||
using System.Threading;
|
||||
using System.Threading.Tasks;
|
||||
using Microsoft.Extensions.Logging;
|
||||
using Microsoft.Extensions.Logging.Abstractions;
|
||||
using StellaOps.Cli.Commands;
|
||||
using Xunit;
|
||||
@@ -54,7 +55,7 @@ internal static class CommandHandlersTestShim
|
||||
{
|
||||
public static Task VerifyBundlePublicAsync(string path, ILogger logger, CancellationToken token)
|
||||
=> typeof(CommandHandlers)
|
||||
.GetMethod(\"VerifyBundleAsync\", System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.Static)!
|
||||
.GetMethod("VerifyBundleAsync", System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.Static)!
|
||||
.Invoke(null, new object[] { path, logger, token }) as Task
|
||||
?? Task.CompletedTask;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user