stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

stabilize tests

Browse Source
This commit is contained in:
master
2026-02-01 21:37:40 +02:00
parent 55744f6a39
commit 5d5e80b2e4
6435 changed files with 33984 additions and 13802 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/__Tests/reachability/StellaOps.Reachability.FixtureTests/StellaOps.Reachability.FixtureTests.csproj
View File

@@ -9,12 +9,11 @@
<IsTestProject>true</IsTestProject>
<TreatWarningsAsErrors>false</TreatWarningsAsErrors>
<NoWarn>$(NoWarn);xUnit1051</NoWarn>
<UseXunitV3>true</UseXunitV3>
<TestingPlatformDotnetTestSupport>true</TestingPlatformDotnetTestSupport>
</PropertyGroup>
<ItemGroup> <PackageReference Include="xunit.v3" />
<PackageReference Include="xunit.runner.visualstudio" >
<PrivateAssets>all</PrivateAssets>
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
</PackageReference>
<ItemGroup>
<PackageReference Include="xunit.v3" />
<PackageReference Include="FluentAssertions" />
</ItemGroup>
<ItemGroup>

8
src/__Tests/reachability/StellaOps.Reachability.FixtureTests/TASKS.md Normal file
View File

@@ -0,0 +1,8 @@
# StellaOps.Reachability.FixtureTests Task Board
This board mirrors active sprint tasks for this module.
Source of truth: `docs/implplan/SPRINT_20260130_002_Tools_csproj_remediation_solid_review.md`.
| Task ID | Status | Notes |
| --- | --- | --- |
| REMED-05 | TODO | Remediation checklist: docs/implplan/audits/csproj-standards/remediation/checklists/src/__Tests/reachability/StellaOps.Reachability.FixtureTests/StellaOps.Reachability.FixtureTests.md. |
| REMED-06 | DONE | SOLID review notes captured for SPRINT_20260130_002. |

8
src/__Tests/reachability/StellaOps.Replay.Core.Tests/TASKS.md Normal file
View File

@@ -0,0 +1,8 @@
# StellaOps.Replay.Core.Tests Task Board
This board mirrors active sprint tasks for this module.
Source of truth: `docs/implplan/SPRINT_20260130_002_Tools_csproj_remediation_solid_review.md`.
| Task ID | Status | Notes |
| --- | --- | --- |
| REMED-05 | TODO | Remediation checklist: docs/implplan/audits/csproj-standards/remediation/checklists/src/__Tests/reachability/StellaOps.Replay.Core.Tests/StellaOps.Replay.Core.Tests.md. |
| REMED-06 | DONE | SOLID review notes captured for SPRINT_20260130_002. |

8
src/__Tests/reachability/StellaOps.ScannerSignals.IntegrationTests/TASKS.md Normal file
View File

@@ -0,0 +1,8 @@
# StellaOps.ScannerSignals.IntegrationTests Task Board
This board mirrors active sprint tasks for this module.
Source of truth: `docs/implplan/SPRINT_20260130_002_Tools_csproj_remediation_solid_review.md`.
| Task ID | Status | Notes |
| --- | --- | --- |
| REMED-05 | TODO | Remediation checklist: docs/implplan/audits/csproj-standards/remediation/checklists/src/__Tests/reachability/StellaOps.ScannerSignals.IntegrationTests/StellaOps.ScannerSignals.IntegrationTests.md. |
| REMED-06 | DONE | SOLID review notes captured for SPRINT_20260130_002. |

18
src/__Tests/reachability/StellaOps.Signals.Reachability.Tests/ReachabilityScoringTests.cs
View File

@@ -45,7 +45,7 @@ public sealed class ReachabilityScoringTests
}
[Trait("Category", TestCategories.Unit)]
[Theory(Skip = "Fixture files not present in tests/reachability/fixtures/")]
[Theory]
[MemberData(nameof(CaseVariants))]
public async Task RecomputedFactsMatchTruthFixtures(string caseId, string variant)
{
@@ -334,7 +334,7 @@ public sealed class ReachabilityScoringTests
var current = new DirectoryInfo(AppContext.BaseDirectory);
while (current != null)
{
if (File.Exists(Path.Combine(current.FullName, "Directory.Build.props")))
if (Directory.Exists(Path.Combine(current.FullName, ".git")))
{
return current.FullName;
}
@@ -342,6 +342,18 @@ public sealed class ReachabilityScoringTests
current = current.Parent;
}
throw new InvalidOperationException("Cannot locate repository root (missing Directory.Build.props).");
// Fallback: find Directory.Build.props (lives in src/) and go one level up
current = new DirectoryInfo(AppContext.BaseDirectory);
while (current != null)
{
if (File.Exists(Path.Combine(current.FullName, "Directory.Build.props")))
{
return current.Parent?.FullName ?? current.FullName;
}
current = current.Parent;
}
throw new InvalidOperationException("Cannot locate repository root (missing .git directory or Directory.Build.props).");
}
}

8
src/__Tests/reachability/StellaOps.Signals.Reachability.Tests/TASKS.md Normal file
View File

@@ -0,0 +1,8 @@
# StellaOps.Signals.Reachability.Tests Task Board
This board mirrors active sprint tasks for this module.
Source of truth: `docs/implplan/SPRINT_20260130_002_Tools_csproj_remediation_solid_review.md`.
| Task ID | Status | Notes |
| --- | --- | --- |
| REMED-05 | TODO | Remediation checklist: docs/implplan/audits/csproj-standards/remediation/checklists/src/__Tests/reachability/StellaOps.Signals.Reachability.Tests/StellaOps.Signals.Reachability.Tests.md. |
| REMED-06 | DONE | SOLID review notes captured for SPRINT_20260130_002. |

72
src/__Tests/reachability/corpus/dotnet/callgraph.static.json Normal file
View File

@@ -0,0 +1,72 @@
{
"schema_version": "reach-corpus.callgraph/v1",
"version": "1.0.0",
"language": "dotnet",
"nodes": [
{
"nodeId": "n1",
"symbol": "Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.HandleRequestAsync",
"file": "KestrelServer.cs",
"line": 142,
"isEntrypoint": true,
"isSink": false
},
{
"nodeId": "n2",
"symbol": "MyApp.Controllers.WeatherController.GetForecast",
"file": "WeatherController.cs",
"line": 28,
"isEntrypoint": true,
"isSink": false
},
{
"nodeId": "n3",
"symbol": "MyApp.Endpoints.HealthEndpoint.HandleGet",
"file": "HealthEndpoint.cs",
"line": 15,
"isEntrypoint": true,
"isSink": false
},
{
"nodeId": "n4",
"symbol": "MyApp.Services.Http2ConnectionHandler.ProcessStreamsAsync",
"file": "Http2ConnectionHandler.cs",
"line": 67,
"isEntrypoint": false,
"isSink": false
},
{
"nodeId": "n5",
"symbol": "Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http2.Http2Stream.ProcessRequestAsync",
"file": "Http2Stream.cs",
"line": 201,
"isEntrypoint": false,
"isSink": false
},
{
"nodeId": "n6",
"symbol": "Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http2.Http2Connection.ProcessRstStreamFrame",
"file": "Http2Connection.cs",
"line": 445,
"isEntrypoint": false,
"isSink": true
},
{
"nodeId": "n7",
"symbol": "MyApp.Middleware.RequestLoggingMiddleware.PostHandle",
"file": "RequestLoggingMiddleware.cs",
"line": 34,
"isEntrypoint": false,
"isSink": false
}
],
"edges": [
{ "sourceId": "n1", "targetId": "n4", "callKind": "direct" },
{ "sourceId": "n1", "targetId": "n5", "callKind": "direct" },
{ "sourceId": "n2", "targetId": "n7", "callKind": "direct" },
{ "sourceId": "n3", "targetId": "n7", "callKind": "direct" },
{ "sourceId": "n4", "targetId": "n5", "callKind": "direct" },
{ "sourceId": "n5", "targetId": "n6", "callKind": "direct" },
{ "sourceId": "n7", "targetId": "n4", "callKind": "indirect" }
]
}

37
src/__Tests/reachability/corpus/dotnet/ground-truth.json Normal file
View File

@@ -0,0 +1,37 @@
{
"cveId": "CVE-2023-44487",
"language": "dotnet",
"paths": [
{
"vulnerableFunction": "Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http2.Http2Connection.ProcessRstStreamFrame",
"reachable": true,
"callChain": [
"Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.HandleRequestAsync",
"MyApp.Services.Http2ConnectionHandler.ProcessStreamsAsync",
"Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http2.Http2Stream.ProcessRequestAsync",
"Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http2.Http2Connection.ProcessRstStreamFrame"
],
"confidence": 0.92,
"tier": "confirmed"
},
{
"vulnerableFunction": "Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http2.Http2Connection.ProcessRstStreamFrame",
"reachable": true,
"callChain": [
"MyApp.Middleware.RequestLoggingMiddleware.PostHandle",
"MyApp.Services.Http2ConnectionHandler.ProcessStreamsAsync",
"Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http2.Http2Stream.ProcessRequestAsync",
"Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http2.Http2Connection.ProcessRstStreamFrame"
],
"confidence": 0.78,
"tier": "likely"
},
{
"vulnerableFunction": "SomeOther.UnrelatedSink",
"reachable": false,
"callChain": [],
"confidence": 0.0,
"tier": null
}
]
}

18
src/__Tests/reachability/corpus/dotnet/vex.openvex.json Normal file
View File

@@ -0,0 +1,18 @@
{
"context": "https://openvex.dev/ns/v0.2.0",
"id": "https://stellaops.dev/vex/CVE-2023-44487/dotnet-kestrel",
"author": "StellaOps Reachability Corpus",
"timestamp": "2025-11-18T00:00:00Z",
"statements": [
{
"vulnerability": "CVE-2023-44487",
"status": "affected",
"justification": null
},
{
"vulnerability": "CVE-2023-44487",
"status": "not_affected",
"justification": "vulnerable_code_not_in_execute_path"
}
]
}

60
src/__Tests/reachability/corpus/java/callgraph.static.json Normal file
View File

@@ -0,0 +1,60 @@
{
"format": "stellaops-callgraph-v1",
"language": "java",
"generatedAt": "2025-06-15T12:00:00Z",
"tool": {
"name": "stellaops-java-analyzer",
"version": "1.0.0"
},
"nodes": [
{
"id": "node-001",
"symbol": "com.example.api.UserController.getUsers",
"file": "src/main/java/com/example/api/UserController.java",
"line": 25,
"isEntrypoint": true,
"kind": "method"
},
{
"id": "node-002",
"symbol": "com.example.service.UserService.findAll",
"file": "src/main/java/com/example/service/UserService.java",
"line": 18,
"isEntrypoint": false,
"kind": "method"
},
{
"id": "node-003",
"symbol": "com.example.repository.UserRepository.query",
"file": "src/main/java/com/example/repository/UserRepository.java",
"line": 12,
"isEntrypoint": false,
"kind": "method"
},
{
"id": "node-004",
"symbol": "org.apache.commons.text.StringSubstitutor.replace",
"file": null,
"line": null,
"isEntrypoint": false,
"kind": "method"
}
],
"edges": [
{
"source": "node-001",
"target": "node-002",
"kind": "call"
},
{
"source": "node-002",
"target": "node-003",
"kind": "call"
},
{
"source": "node-002",
"target": "node-004",
"kind": "call"
}
]
}

24
src/__Tests/reachability/corpus/manifest.json
View File

@@ -1,38 +1,38 @@
[
{
"id": "dotnet-kestrel-CVE-2023-44487-http2-rapid-reset",
"language": "dotnet",
"files": {
"callgraph.static.json": "7359d8c26f16151a4b05cf0e6675e5c66b5ffb6396b906e74c0d5bb2f290e972",
"ground-truth.json": "5e9fe73eabe607c9912c64d7b3d31b456a2b74631b935ce81f769d4520303c59",
"vex.openvex.json": "c3593790f769974b1b66aa5331f1d3ad4d699f77f198b2e77e78659ee79d3c15"
},
"id": "dotnet-kestrel-CVE-2023-44487-http2-rapid-reset",
"language": "dotnet"
}
},
{
"id": "go-ssh-CVE-2020-9283-keyexchange",
"language": "go",
"files": {
"callgraph.static.json": "7359d8c26f16151a4b05cf0e6675e5c66b5ffb6396b906e74c0d5bb2f290e972",
"ground-truth.json": "430adb2d001b526cff666336689006bad00e27c9f82582795a2d9dd106e1797d",
"vex.openvex.json": "c3593790f769974b1b66aa5331f1d3ad4d699f77f198b2e77e78659ee79d3c15"
},
"id": "go-ssh-CVE-2020-9283-keyexchange",
"language": "go"
}
},
{
"id": "python-django-CVE-2019-19844-sqli-like",
"language": "python",
"files": {
"callgraph.static.json": "7359d8c26f16151a4b05cf0e6675e5c66b5ffb6396b906e74c0d5bb2f290e972",
"ground-truth.json": "50538def2e0a8b28134051b52a848eb4b53d43cf7a6eb6d041e8fc9f1d9210f1",
"vex.openvex.json": "c3593790f769974b1b66aa5331f1d3ad4d699f77f198b2e77e78659ee79d3c15"
},
"id": "python-django-CVE-2019-19844-sqli-like",
"language": "python"
}
},
{
"id": "rust-axum-header-parsing-TBD",
"language": "rust",
"files": {
"callgraph.static.json": "7359d8c26f16151a4b05cf0e6675e5c66b5ffb6396b906e74c0d5bb2f290e972",
"ground-truth.json": "36312fc03b7f46c8655c21448c9fb7acd6495344896b79010fbd9644a182a865",
"vex.openvex.json": "c3593790f769974b1b66aa5331f1d3ad4d699f77f198b2e77e78659ee79d3c15"
},
"id": "rust-axum-header-parsing-TBD",
"language": "rust"
}
}
]