stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

up
Some checks failed
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Policy Simulation / policy-simulate (push) Has been cancelled
Details
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Signals CI & Image / signals-ci (push) Has been cancelled
Details
Signals Reachability Scoring & Events / reachability-smoke (push) Has been cancelled
Details
Signals Reachability Scoring & Events / sign-and-upload (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Details
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
Details

Browse Source
This commit is contained in:
StellaOps Bot
2025-12-13 09:37:15 +02:00
parent e00f6365da
commit 6e45066e37
349 changed files with 17160 additions and 1867 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Java.Tests/Fixtures/java/pomxml-only-jar/expected.json Normal file
View File

@@ -0,0 +1,35 @@
[
{
"analyzerId": "java",
"componentKey": "purl::pkg:maven/com/example/pomxml-only@1.2.3",
"purl": "pkg:maven/com/example/pomxml-only@1.2.3",
"name": "pomxml-only",
"version": "1.2.3",
"type": "maven",
"usedByEntrypoint": true,
"metadata": {
"artifactId": "pomxml-only",
"displayName": "PomXml Only",
"groupId": "com.example",
"jarPath": "libs/pomxml-only.jar",
"manifestTitle": "PomXml Only",
"manifestVendor": "Example Corp",
"manifestVersion": "1.2.3",
"packaging": "jar"
},
"evidence": [
{
"kind": "file",
"source": "MANIFEST.MF",
"locator": "libs/pomxml-only.jar!META-INF/MANIFEST.MF",
"value": "title=PomXml Only;version=1.2.3;vendor=Example Corp"
},
{
"kind": "file",
"source": "pom.xml",
"locator": "libs/pomxml-only.jar!META-INF/maven/com.example/pomxml-only/pom.xml",
"sha256": "9a315451470e76bb25c2a77ecdf03982aed210f1cbccab480c79eb1d4a5a79a5"
}
]
}
]

65
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Java.Tests/Fixtures/java/spring-boot-fat-embedded-maven/expected.json Normal file
View File

@@ -0,0 +1,65 @@
[
{
"analyzerId": "java",
"componentKey": "purl::pkg:maven/com/example/app-fat@1.0.0",
"purl": "pkg:maven/com/example/app-fat@1.0.0",
"name": "app-fat",
"version": "1.0.0",
"type": "maven",
"usedByEntrypoint": true,
"metadata": {
"artifactId": "app-fat",
"displayName": "App Fat",
"embeddedScan.candidateJars": "1",
"embeddedScan.emittedComponents": "1",
"embeddedScan.scannedJars": "1",
"groupId": "com.example",
"jarPath": "apps/app-fat.jar",
"manifestTitle": "App Fat",
"manifestVendor": "Example Corp",
"manifestVersion": "1.0.0",
"packaging": "jar"
},
"evidence": [
{
"kind": "file",
"source": "MANIFEST.MF",
"locator": "apps/app-fat.jar!META-INF/MANIFEST.MF",
"value": "title=App Fat;version=1.0.0;vendor=Example Corp"
},
{
"kind": "file",
"source": "pom.properties",
"locator": "apps/app-fat.jar!META-INF/maven/com.example/app-fat/pom.properties",
"sha256": "bba5da43d59efe9726f4195a86581d53b01bd449603fd2536fab29d720dcb806"
}
]
},
{
"analyzerId": "java",
"componentKey": "purl::pkg:maven/com/example/embedded-lib@2.1.0",
"purl": "pkg:maven/com/example/embedded-lib@2.1.0",
"name": "embedded-lib",
"version": "2.1.0",
"type": "maven",
"usedByEntrypoint": true,
"metadata": {
"artifactId": "embedded-lib",
"displayName": "Embedded Lib",
"embedded": "true",
"embedded.containerJarPath": "apps/app-fat.jar",
"embedded.entryPath": "BOOT-INF/lib/embedded-lib.jar",
"groupId": "com.example",
"jarPath": "apps/app-fat.jar!BOOT-INF/lib/embedded-lib.jar",
"packaging": "jar"
},
"evidence": [
{
"kind": "file",
"source": "pom.properties",
"locator": "apps/app-fat.jar!BOOT-INF/lib/embedded-lib.jar!META-INF/maven/com.example/embedded-lib/pom.properties",
"sha256": "45cbc64bcc2dcf25ee71a698cd35a676d79b0ed09cc77b61fead907c6345081f"
}
]
}
]

65
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Java.Tests/Fixtures/java/war-embedded-maven/expected.json Normal file
View File

@@ -0,0 +1,65 @@
[
{
"analyzerId": "java",
"componentKey": "purl::pkg:maven/com/example/demo-war@1.0.0?type=war",
"purl": "pkg:maven/com/example/demo-war@1.0.0?type=war",
"name": "demo-war",
"version": "1.0.0",
"type": "maven",
"usedByEntrypoint": true,
"metadata": {
"artifactId": "demo-war",
"displayName": "Demo War",
"embeddedScan.candidateJars": "1",
"embeddedScan.emittedComponents": "1",
"embeddedScan.scannedJars": "1",
"groupId": "com.example",
"jarPath": "apps/demo-war.war",
"manifestTitle": "Demo War",
"manifestVendor": "Example Corp",
"manifestVersion": "1.0.0",
"packaging": "war"
},
"evidence": [
{
"kind": "file",
"source": "MANIFEST.MF",
"locator": "apps/demo-war.war!META-INF/MANIFEST.MF",
"value": "title=Demo War;version=1.0.0;vendor=Example Corp"
},
{
"kind": "file",
"source": "pom.properties",
"locator": "apps/demo-war.war!META-INF/maven/com.example/demo-war/pom.properties",
"sha256": "cb57c79ca5007119bfb0fafd6ae24a6702e508116d5e799835392df742a49460"
}
]
},
{
"analyzerId": "java",
"componentKey": "purl::pkg:maven/com/example/web-lib@3.0.0",
"purl": "pkg:maven/com/example/web-lib@3.0.0",
"name": "web-lib",
"version": "3.0.0",
"type": "maven",
"usedByEntrypoint": true,
"metadata": {
"artifactId": "web-lib",
"displayName": "Web Lib",
"embedded": "true",
"embedded.containerJarPath": "apps/demo-war.war",
"embedded.entryPath": "WEB-INF/lib/web-lib.jar",
"groupId": "com.example",
"jarPath": "apps/demo-war.war!WEB-INF/lib/web-lib.jar",
"packaging": "jar"
},
"evidence": [
{
"kind": "file",
"source": "pom.properties",
"locator": "apps/demo-war.war!WEB-INF/lib/web-lib.jar!META-INF/maven/com.example/web-lib/pom.properties",
"sha256": "ab7151e977ef21d48c459395dbb0f88395a3a33b2f5903a28b7d78b53cb8880d"
}
]
}
]

282
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Java.Tests/Java/JavaLanguageAnalyzerTests.cs
View File

@@ -36,6 +36,81 @@ public sealed class JavaLanguageAnalyzerTests
}
}
[Fact]
public async Task ExtractsMavenArtifactsFromSpringBootFatJarEmbeddedLibrariesAsync()
{
var cancellationToken = TestContext.Current.CancellationToken;
var root = TestPaths.CreateTemporaryDirectory();
try
{
var jarPath = JavaFixtureBuilder.CreateSpringBootFatJarWithEmbeddedMavenLibrary(root);
var usageHints = new LanguageUsageHints(new[] { jarPath });
var analyzers = new ILanguageAnalyzer[] { new JavaLanguageAnalyzer() };
var goldenPath = TestPaths.ResolveFixture("java", "spring-boot-fat-embedded-maven", "expected.json");
await LanguageAnalyzerTestHarness.AssertDeterministicAsync(
fixturePath: root,
goldenPath: goldenPath,
analyzers: analyzers,
cancellationToken: cancellationToken,
usageHints: usageHints);
}
finally
{
TestPaths.SafeDelete(root);
}
}
[Fact]
public async Task ExtractsMavenArtifactsFromWarEmbeddedLibrariesAsync()
{
var cancellationToken = TestContext.Current.CancellationToken;
var root = TestPaths.CreateTemporaryDirectory();
try
{
var warPath = JavaFixtureBuilder.CreateWarArchiveWithEmbeddedMavenLibrary(root);
var usageHints = new LanguageUsageHints(new[] { warPath });
var analyzers = new ILanguageAnalyzer[] { new JavaLanguageAnalyzer() };
var goldenPath = TestPaths.ResolveFixture("java", "war-embedded-maven", "expected.json");
await LanguageAnalyzerTestHarness.AssertDeterministicAsync(
fixturePath: root,
goldenPath: goldenPath,
analyzers: analyzers,
cancellationToken: cancellationToken,
usageHints: usageHints);
}
finally
{
TestPaths.SafeDelete(root);
}
}
[Fact]
public async Task ExtractsMavenArtifactsFromPomXmlOnlyJarAsync()
{
var cancellationToken = TestContext.Current.CancellationToken;
var root = TestPaths.CreateTemporaryDirectory();
try
{
var jarPath = JavaFixtureBuilder.CreatePomXmlOnlyJar(root);
var usageHints = new LanguageUsageHints(new[] { jarPath });
var analyzers = new ILanguageAnalyzer[] { new JavaLanguageAnalyzer() };
var goldenPath = TestPaths.ResolveFixture("java", "pomxml-only-jar", "expected.json");
await LanguageAnalyzerTestHarness.AssertDeterministicAsync(
fixturePath: root,
goldenPath: goldenPath,
analyzers: analyzers,
cancellationToken: cancellationToken,
usageHints: usageHints);
}
finally
{
TestPaths.SafeDelete(root);
}
}
[Fact]
public async Task LockfilesProduceDeclaredOnlyComponentsAsync()
{
@@ -157,7 +232,12 @@ public sealed class JavaLanguageAnalyzerTests
WritePomProperties(archive, "com.example", "demo-jni", "1.0.0");
WriteManifest(archive, "demo-jni", "1.0.0", "com.example");
CreateBinaryEntry(archive, "com/example/App.class", "System.loadLibrary(\"foo\")");
var classEntry = archive.CreateEntry("com/example/App.class");
var classBytes = JavaClassFileFactory.CreateSystemLoadLibraryInvoker("com/example/App", "foo");
using (var classStream = classEntry.Open())
{
classStream.Write(classBytes);
}
CreateTextEntry(archive, "lib/native/libfoo.so");
CreateTextEntry(archive, "META-INF/native-image/demo/jni-config.json");
}
@@ -177,7 +257,197 @@ public sealed class JavaLanguageAnalyzerTests
var metadata = component.GetProperty("metadata");
Assert.Equal("libfoo.so", metadata.GetProperty("jni.nativeLibs").GetString());
Assert.Equal("demo-jni.jar!META-INF/native-image/demo/jni-config.json", metadata.GetProperty("jni.graalConfig").GetString());
Assert.Equal("demo-jni.jar!com/example/App.class", metadata.GetProperty("jni.loadCalls").GetString());
Assert.Equal("1", metadata.GetProperty("jni.edgeCount").GetString());
Assert.Equal("0", metadata.GetProperty("jni.nativeMethodCount").GetString());
Assert.Equal("1", metadata.GetProperty("jni.loadCallCount").GetString());
Assert.Equal("SystemLoadLibrary", metadata.GetProperty("jni.reasons").GetString());
Assert.Equal("foo", metadata.GetProperty("jni.targetLibraries").GetString());
}
finally
{
TestPaths.SafeDelete(root);
}
}
[Fact]
public async Task ExtractsMavenArtifactFromEmbeddedJarAsync()
{
var cancellationToken = TestContext.Current.CancellationToken;
var root = TestPaths.CreateTemporaryDirectory();
try
{
var jarPath = Path.Combine(root, "demo-fat.jar");
Directory.CreateDirectory(Path.GetDirectoryName(jarPath)!);
using (var archive = ZipFile.Open(jarPath, ZipArchiveMode.Create))
{
WritePomProperties(archive, "com.example", "demo-fat", "1.0.0");
WriteManifest(archive, "demo-fat", "1.0.0", "com.example");
using var embeddedBuffer = new MemoryStream();
using (var embeddedJar = new ZipArchive(embeddedBuffer, ZipArchiveMode.Create, leaveOpen: true))
{
WritePomProperties(embeddedJar, "com.example", "embedded-lib", "2.0.0");
}
embeddedBuffer.Position = 0;
var embeddedEntry = archive.CreateEntry("BOOT-INF/lib/embedded-lib.jar");
using var embeddedStream = embeddedEntry.Open();
embeddedBuffer.CopyTo(embeddedStream);
}
var analyzers = new ILanguageAnalyzer[] { new JavaLanguageAnalyzer() };
var json = await LanguageAnalyzerTestHarness.RunToJsonAsync(
root,
analyzers,
cancellationToken,
new LanguageUsageHints(new[] { jarPath }));
using var document = JsonDocument.Parse(json);
var components = document.RootElement.EnumerateArray().ToArray();
var outer = components.First(c => c.GetProperty("name").GetString() == "demo-fat");
var outerMetadata = outer.GetProperty("metadata");
Assert.Equal("1", outerMetadata.GetProperty("embeddedScan.candidateJars").GetString());
Assert.Equal("1", outerMetadata.GetProperty("embeddedScan.scannedJars").GetString());
Assert.Equal("1", outerMetadata.GetProperty("embeddedScan.emittedComponents").GetString());
var embedded = components.First(c => c.GetProperty("name").GetString() == "embedded-lib");
var embeddedMetadata = embedded.GetProperty("metadata");
Assert.Equal("true", embeddedMetadata.GetProperty("embedded").GetString());
Assert.Equal("demo-fat.jar!BOOT-INF/lib/embedded-lib.jar", embeddedMetadata.GetProperty("jarPath").GetString());
var embeddedEvidence = embedded.GetProperty("evidence").EnumerateArray().ToArray();
Assert.Contains(embeddedEvidence, e =>
string.Equals(e.GetProperty("source").GetString(), "pom.properties", StringComparison.OrdinalIgnoreCase) &&
string.Equals(e.GetProperty("locator").GetString(), "demo-fat.jar!BOOT-INF/lib/embedded-lib.jar!META-INF/maven/com.example/embedded-lib/pom.properties", StringComparison.OrdinalIgnoreCase) &&
e.TryGetProperty("sha256", out var sha) &&
!string.IsNullOrWhiteSpace(sha.GetString()));
}
finally
{
TestPaths.SafeDelete(root);
}
}
[Fact]
public async Task ExtractsMavenArtifactFromPomXmlWhenPomPropertiesMissingAsync()
{
var cancellationToken = TestContext.Current.CancellationToken;
var root = TestPaths.CreateTemporaryDirectory();
try
{
var jarPath = Path.Combine(root, "demo-pomxml.jar");
Directory.CreateDirectory(Path.GetDirectoryName(jarPath)!);
using (var archive = ZipFile.Open(jarPath, ZipArchiveMode.Create))
{
WriteManifest(archive, "demo-pomxml", "1.2.3", "com.example");
var pomXmlPath = "META-INF/maven/com.example/demo-pomxml/pom.xml";
var pomXml = """
<project>
<modelVersion>4.0.0</modelVersion>
<groupId>com.example</groupId>
<artifactId>demo-pomxml</artifactId>
<version>1.2.3</version>
<name>Demo Pom XML</name>
</project>
""";
CreateTextEntry(archive, pomXmlPath, pomXml);
}
var analyzers = new ILanguageAnalyzer[] { new JavaLanguageAnalyzer() };
var json = await LanguageAnalyzerTestHarness.RunToJsonAsync(
root,
analyzers,
cancellationToken,
new LanguageUsageHints(new[] { jarPath }));
using var document = JsonDocument.Parse(json);
var component = document.RootElement
.EnumerateArray()
.First(element => string.Equals(element.GetProperty("name").GetString(), "demo-pomxml", StringComparison.Ordinal));
Assert.Equal("pkg:maven/com/example/demo-pomxml@1.2.3", component.GetProperty("purl").GetString());
var evidence = component.GetProperty("evidence").EnumerateArray().ToArray();
Assert.Contains(evidence, e =>
string.Equals(e.GetProperty("source").GetString(), "pom.xml", StringComparison.OrdinalIgnoreCase) &&
string.Equals(e.GetProperty("locator").GetString(), "demo-pomxml.jar!META-INF/maven/com.example/demo-pomxml/pom.xml", StringComparison.OrdinalIgnoreCase) &&
e.TryGetProperty("sha256", out var sha) &&
!string.IsNullOrWhiteSpace(sha.GetString()));
}
finally
{
TestPaths.SafeDelete(root);
}
}
[Fact]
public async Task PomXmlWithIncompleteCoordinatesEmitsUnresolvedComponentAsync()
{
var cancellationToken = TestContext.Current.CancellationToken;
var root = TestPaths.CreateTemporaryDirectory();
try
{
var jarPath = Path.Combine(root, "demo-pomxml-unresolved.jar");
Directory.CreateDirectory(Path.GetDirectoryName(jarPath)!);
using (var archive = ZipFile.Open(jarPath, ZipArchiveMode.Create))
{
WriteManifest(archive, "demo-pomxml-unresolved", "9.9.9", "com.example");
var pomXmlPath = "META-INF/maven/com.example/demo-pomxml-unresolved/pom.xml";
var pomXml = """
<project>
<modelVersion>4.0.0</modelVersion>
<groupId>com.example</groupId>
<artifactId>demo-pomxml-unresolved</artifactId>
</project>
""";
CreateTextEntry(archive, pomXmlPath, pomXml);
}
var analyzers = new ILanguageAnalyzer[] { new JavaLanguageAnalyzer() };
var json = await LanguageAnalyzerTestHarness.RunToJsonAsync(
root,
analyzers,
cancellationToken,
new LanguageUsageHints(new[] { jarPath }));
using var document = JsonDocument.Parse(json);
var component = document.RootElement
.EnumerateArray()
.First(element =>
{
if (!element.TryGetProperty("metadata", out var metadata) || metadata.ValueKind != JsonValueKind.Object)
{
return false;
}
return metadata.TryGetProperty("unresolvedCoordinates", out var unresolved)
&& string.Equals(unresolved.GetString(), "true", StringComparison.Ordinal);
});
if (component.TryGetProperty("purl", out var purl))
{
Assert.Equal(JsonValueKind.Null, purl.ValueKind);
}
var metadata = component.GetProperty("metadata");
Assert.Equal("demo-pomxml-unresolved", metadata.GetProperty("manifestTitle").GetString());
Assert.Equal("9.9.9", metadata.GetProperty("manifestVersion").GetString());
var evidence = component.GetProperty("evidence").EnumerateArray().ToArray();
Assert.Contains(evidence, e =>
string.Equals(e.GetProperty("source").GetString(), "pom.xml", StringComparison.OrdinalIgnoreCase) &&
string.Equals(e.GetProperty("locator").GetString(), "demo-pomxml-unresolved.jar!META-INF/maven/com.example/demo-pomxml-unresolved/pom.xml", StringComparison.OrdinalIgnoreCase) &&
e.TryGetProperty("sha256", out var sha) &&
!string.IsNullOrWhiteSpace(sha.GetString()));
}
finally
{
@@ -436,14 +706,6 @@ public sealed class JavaLanguageAnalyzerTests
}
}
private static void CreateBinaryEntry(ZipArchive archive, string path, string content)
{
var entry = archive.CreateEntry(path);
using var stream = entry.Open();
var bytes = Encoding.UTF8.GetBytes(content);
stream.Write(bytes, 0, bytes.Length);
}
private static string CreateSampleJar(string root, string groupId, string artifactId, string version)
{
var jarPath = Path.Combine(root, $"{artifactId}-{version}.jar");

2
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Java.Tests/StellaOps.Scanner.Analyzers.Lang.Java.Tests.csproj
View File

@@ -14,12 +14,10 @@
<PackageReference Remove="xunit" />
<PackageReference Remove="xunit.runner.visualstudio" />
<PackageReference Remove="Microsoft.AspNetCore.Mvc.Testing" />
<PackageReference Remove="Mongo2Go" />
<PackageReference Remove="coverlet.collector" />
<PackageReference Remove="Microsoft.Extensions.TimeProvider.Testing" />
<ProjectReference Remove="..\StellaOps.Concelier.Testing\StellaOps.Concelier.Testing.csproj" />
<Compile Remove="$(MSBuildThisFileDirectory)..\StellaOps.Concelier.Tests.Shared\AssemblyInfo.cs" />
<Compile Remove="$(MSBuildThisFileDirectory)..\StellaOps.Concelier.Tests.Shared\MongoFixtureCollection.cs" />
<!-- Exclude shared OpenSSL files - they come from referenced Lang.Tests project -->
<Compile Remove="$(MSBuildThisFileDirectory)..\..\..\..\tests\shared\OpenSslLegacyShim.cs" />
<Compile Remove="$(MSBuildThisFileDirectory)..\..\..\..\tests\shared\OpenSslAutoInit.cs" />