stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

fix(web): ship findings compare baseline availability

Browse Source
This commit is contained in:
master
2026-03-08 15:13:32 +02:00
parent 30532800ec
commit 6be4a25d17
7 changed files with 291 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/Web/StellaOps.Web/src/app/core/testing/findings-container.component.spec.ts
View File

@@ -109,6 +109,11 @@ describe('FindingsContainerComponent', () => {
fixture.detectChanges();
});
afterEach(() => {
fixture?.destroy();
TestBed.resetTestingModule();
});
it('switches from diff to detail when the persisted preference changes without a URL override', async () => {
expect(fixture.nativeElement.textContent).toContain('Comparing:');
expect(fixture.nativeElement.textContent).not.toContain('backend-api');

2
src/Web/StellaOps.Web/src/tests/compare/compare-view.component.spec.ts
View File

@@ -147,6 +147,8 @@ describe('CompareViewComponent (compare)', () => {
});
afterEach(() => {
fixture?.destroy();
TestBed.resetTestingModule();
localStorage.clear();
});

2
src/Web/StellaOps.Web/src/tests/compare/role-based-views.behavior.spec.ts
View File

@@ -124,6 +124,8 @@ describe('role-based-views behavior', () => {
});
afterEach(() => {
fixture?.destroy();
TestBed.resetTestingModule();
localStorage.clear();
});

220
src/Web/StellaOps.Web/tests/e2e/findings-compare-baseline-availability.spec.ts Normal file
View File

@@ -0,0 +1,220 @@
import { expect, test, type Page, type Route } from '@playwright/test';
import type { StubAuthSession } from '../../src/app/testing/auth-fixtures';
const analystSession: StubAuthSession = {
subjectId: 'findings-compare-e2e-user',
tenant: 'demo-prod',
scopes: [
'admin',
'ui.read',
'findings:read',
'release:read',
'policy:read',
'vex:read',
],
};
const mockConfig = {
authority: {
issuer: '/authority',
clientId: 'stella-ops-ui',
authorizeEndpoint: '/authority/connect/authorize',
tokenEndpoint: '/authority/connect/token',
logoutEndpoint: '/authority/connect/logout',
redirectUri: 'https://127.0.0.1:4400/auth/callback',
postLogoutRedirectUri: 'https://127.0.0.1:4400/',
scope: 'openid profile email ui.read',
audience: '/gateway',
dpopAlgorithms: ['ES256'],
refreshLeewaySeconds: 60,
},
apiBaseUrls: {
authority: '/authority',
scanner: '/scanner',
policy: '/policy',
concelier: '/concelier',
attestor: '/attestor',
gateway: '/gateway',
},
quickstartMode: true,
setup: 'complete',
};
const findingsResponse = {
items: [
{
findingId: 'finding-001',
cveId: 'CVE-2026-8001',
severity: 'critical',
packageName: 'backend-api',
componentName: '2.5.0',
releaseId: 'rel-001',
releaseName: 'Payments API',
environment: 'stage',
region: 'us-east',
reachable: true,
reachabilityScore: 9.4,
effectiveDisposition: 'affected',
vexStatus: 'affected',
updatedAt: '2026-03-08T10:10:00Z',
},
],
};
async function fulfillJson(route: Route, body: unknown, status = 200): Promise<void> {
await route.fulfill({
status,
contentType: 'application/json',
body: JSON.stringify(body),
});
}
async function setupHarness(page: Page): Promise<{ baselineCalls: () => number; deltaCalls: () => number }> {
let baselineCallCount = 0;
let deltaCallCount = 0;
await page.addInitScript((session) => {
(window as { __stellaopsTestSession?: unknown }).__stellaopsTestSession = session;
}, analystSession);
await page.route('**/api/**', (route) => fulfillJson(route, {}));
await page.route('**/platform/envsettings.json', (route) => fulfillJson(route, mockConfig));
await page.route('**/platform/i18n/*.json', (route) => fulfillJson(route, {}));
await page.route('**/config.json', (route) => fulfillJson(route, mockConfig));
await page.route('**/.well-known/openid-configuration', (route) =>
fulfillJson(route, {
issuer: 'https://127.0.0.1:4400/authority',
authorization_endpoint: 'https://127.0.0.1:4400/authority/connect/authorize',
token_endpoint: 'https://127.0.0.1:4400/authority/connect/token',
jwks_uri: 'https://127.0.0.1:4400/authority/.well-known/jwks.json',
response_types_supported: ['code'],
subject_types_supported: ['public'],
id_token_signing_alg_values_supported: ['RS256'],
}),
);
await page.route('**/authority/.well-known/jwks.json', (route) => fulfillJson(route, { keys: [] }));
await page.route('**/console/branding**', (route) =>
fulfillJson(route, {
tenantId: analystSession.tenant,
appName: 'Stella Ops',
logoUrl: null,
cssVariables: {},
}),
);
await page.route('**/console/profile**', (route) =>
fulfillJson(route, {
subjectId: analystSession.subjectId,
username: 'findings-compare-e2e',
displayName: 'Findings Compare E2E',
tenant: analystSession.tenant,
roles: ['security-analyst'],
scopes: analystSession.scopes,
}),
);
await page.route('**/console/token/introspect**', (route) =>
fulfillJson(route, {
active: true,
tenant: analystSession.tenant,
subject: analystSession.subjectId,
scopes: analystSession.scopes,
}),
);
await page.route('**/authority/console/tenants**', (route) =>
fulfillJson(route, {
tenants: [
{
tenantId: analystSession.tenant,
displayName: 'Demo Prod',
isDefault: true,
isActive: true,
},
],
}),
);
await page.route('**/api/v2/context/regions**', (route) =>
fulfillJson(route, [{ regionId: 'us-east', displayName: 'US East', sortOrder: 1, enabled: true }]),
);
await page.route('**/api/v2/context/environments**', (route) =>
fulfillJson(route, [
{
environmentId: 'stage',
regionId: 'us-east',
environmentType: 'stage',
displayName: 'Stage',
sortOrder: 1,
enabled: true,
},
]),
);
await page.route('**/api/v2/context/preferences**', (route) =>
fulfillJson(route, {
tenantId: analystSession.tenant,
actorId: analystSession.subjectId,
regions: ['us-east'],
environments: ['stage'],
timeWindow: '24h',
stage: 'all',
updatedAt: '2026-03-08T10:00:00Z',
updatedBy: analystSession.subjectId,
}),
);
await page.route(/\/api\/compare\/baselines\/active-scan(?:\?.*)?$/, async (route) => {
baselineCallCount += 1;
await fulfillJson(route, {
selectedDigest: null,
selectionReason: 'No baseline recommendations available for this scan',
alternatives: [],
autoSelectEnabled: true,
scanDigest: 'active-scan',
});
});
await page.route(/\/api\/compare\/delta(?:\?.*)?$/, async (route) => {
deltaCallCount += 1;
await fulfillJson(route, { categories: [], items: [] });
});
await page.route(/\/api\/compare\/evidence\/.*$/, async (route) => {
deltaCallCount += 1;
await fulfillJson(route, []);
});
await page.route(/\/api\/v2\/security\/findings(?:\?.*)?$/, (route) =>
fulfillJson(route, findingsResponse),
);
return {
baselineCalls: () => baselineCallCount,
deltaCalls: () => deltaCallCount,
};
}
test('security findings diff view shows truthful no-baseline state for the active scan', async ({ page }) => {
const calls = await setupHarness(page);
await page.goto('/security/findings?tenant=demo-prod&regions=us-east&environments=stage&timeWindow=7d', {
waitUntil: 'networkidle',
});
await expect(page.getByText('Comparing:')).toBeVisible();
await expect(page.getByText('Active scan')).toBeVisible();
await expect(page.getByText('No baselines available')).toBeVisible();
await expect(page.getByText('No baseline recommendations available for this scan')).toBeVisible();
await expect(page.getByText('Comparison evidence becomes available after a baseline is selected.')).toBeVisible();
await expect(page.getByRole('button', { name: 'Export' })).toBeDisabled();
await expect(page.getByText('No immediate actions required')).toBeVisible();
expect(calls.baselineCalls()).toBeGreaterThan(0);
expect(calls.deltaCalls()).toBe(0);
});
test('security findings detail view keeps live findings and hides the stale audit export action', async ({ page }) => {
await setupHarness(page);
await page.goto('/security/findings?tenant=demo-prod&regions=us-east&environments=stage&timeWindow=7d&view=detail', {
waitUntil: 'networkidle',
});
await expect(page.getByText('finding-001')).toBeVisible();
await expect(page.getByText('backend-api')).toBeVisible();
await expect(page.getByText('2.5.0')).toBeVisible();
await expect(page.getByText('Comparing:')).toHaveCount(0);
await expect(page.getByText('Export Audit Pack')).toHaveCount(0);
});