stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

up
Some checks failed
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Policy Simulation / policy-simulate (push) Has been cancelled
Details
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Signals CI & Image / signals-ci (push) Has been cancelled
Details
Signals Reachability Scoring & Events / reachability-smoke (push) Has been cancelled
Details
Signals Reachability Scoring & Events / sign-and-upload (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Details
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
Details

Browse Source
This commit is contained in:
StellaOps Bot
2025-12-13 09:37:15 +02:00
parent e00f6365da
commit 6e45066e37
349 changed files with 17160 additions and 1867 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Tests/Fixtures/lang/deno/full/expected.json
View File

@@ -138,15 +138,17 @@
"metadata": {
"deno.container.identifier": "vendor-<hash>",
"deno.container.kind": "vendor",
"deno.container.layerDigest": "deadbeef",
"deno.container.meta.alias": "vendor-<hash>",
"deno.container.meta.path": "<workspace>/vendor"
"deno.container.meta.path": "<workspace>/layers/sha256-deadbeef/fs/vendor"
},
"evidence": [
{
"kind": "metadata",
"source": "deno.container",
"locator": "Vendor",
"value": "vendor-<hash>"
"value": "vendor-<hash>",
"sha256": "deadbeef"
}
]
},
@@ -159,17 +161,15 @@
"metadata": {
"deno.container.identifier": "vendor-<hash>",
"deno.container.kind": "vendor",
"deno.container.layerDigest": "deadbeef",
"deno.container.meta.alias": "vendor-<hash>",
"deno.container.meta.path": "<workspace>/layers/sha256-deadbeef/fs/vendor"
"deno.container.meta.path": "<workspace>/vendor"
},
"evidence": [
{
"kind": "metadata",
"source": "deno.container",
"locator": "Vendor",
"value": "vendor-<hash>",
"sha256": "deadbeef"
"value": "vendor-<hash>"
}
]
},

8
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Tests/Fixtures/lang/ruby/basic/expected.json
View File

@@ -6,10 +6,14 @@
"type": "ruby-observation",
"usedByEntrypoint": false,
"metadata": {
"ruby.observation.bundler_version": "2.5.10",
"ruby.observation.capability.exec": "true",
"ruby.observation.capability.net": "true",
"ruby.observation.capability.scheduler_list": "activejob;clockwork;resque;sidekiq",
"ruby.observation.capability.schedulers": "4",
"ruby.observation.capability.serialization": "true",
"ruby.observation.dependency_edges": "1",
"ruby.observation.entrypoints": "1",
"ruby.observation.packages": "3",
"ruby.observation.runtime_edges": "3"
},
@@ -18,8 +22,8 @@
"kind": "derived",
"source": "ruby.observation",
"locator": "document",
"value": "{\u0022packages\u0022:[{\u0022name\u0022:\u0022custom-gem\u0022,\u0022version\u0022:\u00221.0.0\u0022,\u0022source\u0022:\u0022vendor-cache\u0022,\u0022declaredOnly\u0022:false,\u0022artifact\u0022:\u0022vendor/cache/custom-gem-1.0.0.gem\u0022,\u0022groups\u0022:[\u0022default\u0022]},{\u0022name\u0022:\u0022puma\u0022,\u0022version\u0022:\u00226.4.2\u0022,\u0022source\u0022:\u0022https://rubygems.org/\u0022,\u0022declaredOnly\u0022:true,\u0022lockfile\u0022:\u0022Gemfile.lock\u0022,\u0022groups\u0022:[\u0022default\u0022]},{\u0022name\u0022:\u0022rake\u0022,\u0022version\u0022:\u002213.1.0\u0022,\u0022source\u0022:\u0022https://rubygems.org/\u0022,\u0022declaredOnly\u0022:true,\u0022lockfile\u0022:\u0022Gemfile.lock\u0022,\u0022groups\u0022:[\u0022default\u0022]}],\u0022runtimeEdges\u0022:[{\u0022package\u0022:\u0022custom-gem\u0022,\u0022usedByEntrypoint\u0022:true,\u0022files\u0022:[\u0022app/main.rb\u0022],\u0022entrypoints\u0022:[\u0022app/main.rb\u0022],\u0022reasons\u0022:[\u0022require-static\u0022]},{\u0022package\u0022:\u0022puma\u0022,\u0022usedByEntrypoint\u0022:true,\u0022files\u0022:[\u0022app/main.rb\u0022],\u0022entrypoints\u0022:[\u0022app/main.rb\u0022],\u0022reasons\u0022:[\u0022require-static\u0022]},{\u0022package\u0022:\u0022rake\u0022,\u0022usedByEntrypoint\u0022:true,\u0022files\u0022:[\u0022app/main.rb\u0022],\u0022entrypoints\u0022:[\u0022app/main.rb\u0022],\u0022reasons\u0022:[\u0022require-static\u0022]}],\u0022capabilities\u0022:{\u0022usesExec\u0022:true,\u0022usesNetwork\u0022:true,\u0022usesSerialization\u0022:true,\u0022jobSchedulers\u0022:[\u0022activejob\u0022,\u0022clockwork\u0022,\u0022resque\u0022,\u0022sidekiq\u0022]}}",
"sha256": "sha256:3818fd050909977a44167565a419a307777bc38998ad49d6a41c054982c6f46e"
"value": "{\u0022$schema\u0022:\u0022stellaops.ruby.observation@1\u0022,\u0022packages\u0022:[{\u0022name\u0022:\u0022custom-gem\u0022,\u0022version\u0022:\u00221.0.0\u0022,\u0022source\u0022:\u0022vendor-cache\u0022,\u0022declaredOnly\u0022:false,\u0022artifact\u0022:\u0022vendor/cache/custom-gem-1.0.0.gem\u0022,\u0022groups\u0022:[\u0022default\u0022]},{\u0022name\u0022:\u0022puma\u0022,\u0022version\u0022:\u00226.4.2\u0022,\u0022source\u0022:\u0022https://rubygems.org/\u0022,\u0022declaredOnly\u0022:true,\u0022lockfile\u0022:\u0022Gemfile.lock\u0022,\u0022groups\u0022:[\u0022default\u0022]},{\u0022name\u0022:\u0022rake\u0022,\u0022version\u0022:\u002213.1.0\u0022,\u0022source\u0022:\u0022https://rubygems.org/\u0022,\u0022declaredOnly\u0022:true,\u0022lockfile\u0022:\u0022Gemfile.lock\u0022,\u0022groups\u0022:[\u0022default\u0022]}],\u0022entrypoints\u0022:[{\u0022path\u0022:\u0022app/main.rb\u0022,\u0022type\u0022:\u0022script\u0022,\u0022requiredGems\u0022:[\u0022custom-gem\u0022,\u0022puma\u0022,\u0022rake\u0022]}],\u0022dependencyEdges\u0022:[{\u0022from\u0022:\u0022pkg:gem/puma@6.4.2\u0022,\u0022to\u0022:\u0022nio4r\u0022,\u0022constraint\u0022:\u0022~\\u003E 2.0\u0022}],\u0022runtimeEdges\u0022:[{\u0022package\u0022:\u0022custom-gem\u0022,\u0022usedByEntrypoint\u0022:true,\u0022files\u0022:[\u0022app/main.rb\u0022],\u0022entrypoints\u0022:[\u0022app/main.rb\u0022],\u0022reasons\u0022:[\u0022require-static\u0022]},{\u0022package\u0022:\u0022puma\u0022,\u0022usedByEntrypoint\u0022:true,\u0022files\u0022:[\u0022app/main.rb\u0022],\u0022entrypoints\u0022:[\u0022app/main.rb\u0022],\u0022reasons\u0022:[\u0022require-static\u0022]},{\u0022package\u0022:\u0022rake\u0022,\u0022usedByEntrypoint\u0022:true,\u0022files\u0022:[\u0022app/main.rb\u0022],\u0022entrypoints\u0022:[\u0022app/main.rb\u0022],\u0022reasons\u0022:[\u0022require-static\u0022]}],\u0022jobs\u0022:[{\u0022name\u0022:\u0022activejob\u0022,\u0022type\u0022:\u0022scheduler\u0022,\u0022scheduler\u0022:\u0022activejob\u0022},{\u0022name\u0022:\u0022clockwork\u0022,\u0022type\u0022:\u0022scheduler\u0022,\u0022scheduler\u0022:\u0022clockwork\u0022},{\u0022name\u0022:\u0022resque\u0022,\u0022type\u0022:\u0022scheduler\u0022,\u0022scheduler\u0022:\u0022resque\u0022},{\u0022name\u0022:\u0022sidekiq\u0022,\u0022type\u0022:\u0022scheduler\u0022,\u0022scheduler\u0022:\u0022sidekiq\u0022}],\u0022environment\u0022:{\u0022bundlerVersion\u0022:\u00222.5.10\u0022,\u0022lockfiles\u0022:[\u0022Gemfile.lock\u0022],\u0022frameworks\u0022:[\u0022activejob\u0022,\u0022clockwork\u0022,\u0022resque\u0022,\u0022sidekiq\u0022]},\u0022capabilities\u0022:{\u0022usesExec\u0022:true,\u0022usesNetwork\u0022:true,\u0022usesSerialization\u0022:true,\u0022jobSchedulers\u0022:[\u0022activejob\u0022,\u0022clockwork\u0022,\u0022resque\u0022,\u0022sidekiq\u0022]},\u0022bundledWith\u0022:\u00222.5.10\u0022}",
"sha256": "sha256:260608f69ac45a4563892966a9146278a237ca3c79cc798511713213ed91f31d"
}
]
},

7
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Tests/Fixtures/lang/ruby/git-sources/expected.json
View File

@@ -6,10 +6,13 @@
"type": "ruby-observation",
"usedByEntrypoint": false,
"metadata": {
"ruby.observation.bundler_version": "2.5.10",
"ruby.observation.capability.exec": "false",
"ruby.observation.capability.net": "true",
"ruby.observation.capability.schedulers": "0",
"ruby.observation.capability.serialization": "false",
"ruby.observation.dependency_edges": "2",
"ruby.observation.entrypoints": "1",
"ruby.observation.packages": "5",
"ruby.observation.runtime_edges": "3"
},
@@ -18,8 +21,8 @@
"kind": "derived",
"source": "ruby.observation",
"locator": "document",
"value": "{\u0022packages\u0022:[{\u0022name\u0022:\u0022git-gem\u0022,\u0022version\u0022:\u00220.5.0\u0022,\u0022source\u0022:\u0022git:https://github.com/example/git-gem.git@0123456789abcdef0123456789abcdef01234567\u0022,\u0022declaredOnly\u0022:true,\u0022lockfile\u0022:\u0022Gemfile.lock\u0022,\u0022groups\u0022:[\u0022default\u0022]},{\u0022name\u0022:\u0022httparty\u0022,\u0022version\u0022:\u00220.21.0\u0022,\u0022source\u0022:\u0022https://rubygems.org/\u0022,\u0022declaredOnly\u0022:true,\u0022lockfile\u0022:\u0022Gemfile.lock\u0022,\u0022groups\u0022:[\u0022default\u0022]},{\u0022name\u0022:\u0022multi_xml\u0022,\u0022version\u0022:\u00220.6.0\u0022,\u0022source\u0022:\u0022https://rubygems.org/\u0022,\u0022declaredOnly\u0022:true,\u0022lockfile\u0022:\u0022Gemfile.lock\u0022,\u0022groups\u0022:[\u0022default\u0022]},{\u0022name\u0022:\u0022path-gem\u0022,\u0022version\u0022:\u00222.1.3\u0022,\u0022source\u0022:\u0022vendor-cache\u0022,\u0022declaredOnly\u0022:false,\u0022lockfile\u0022:\u0022Gemfile.lock\u0022,\u0022artifact\u0022:\u0022vendor/cache/path-gem-2.1.3.gem\u0022,\u0022groups\u0022:[\u0022default\u0022]},{\u0022name\u0022:\u0022rake\u0022,\u0022version\u0022:\u002213.1.0\u0022,\u0022source\u0022:\u0022https://rubygems.org/\u0022,\u0022declaredOnly\u0022:true,\u0022lockfile\u0022:\u0022Gemfile.lock\u0022,\u0022groups\u0022:[\u0022default\u0022]}],\u0022runtimeEdges\u0022:[{\u0022package\u0022:\u0022git-gem\u0022,\u0022usedByEntrypoint\u0022:true,\u0022files\u0022:[\u0022app/main.rb\u0022],\u0022entrypoints\u0022:[\u0022app/main.rb\u0022],\u0022reasons\u0022:[\u0022require-static\u0022]},{\u0022package\u0022:\u0022httparty\u0022,\u0022usedByEntrypoint\u0022:true,\u0022files\u0022:[\u0022app/main.rb\u0022],\u0022entrypoints\u0022:[\u0022app/main.rb\u0022],\u0022reasons\u0022:[\u0022require-static\u0022]},{\u0022package\u0022:\u0022path-gem\u0022,\u0022usedByEntrypoint\u0022:true,\u0022files\u0022:[\u0022app/main.rb\u0022],\u0022entrypoints\u0022:[\u0022app/main.rb\u0022],\u0022reasons\u0022:[\u0022require-static\u0022]}],\u0022capabilities\u0022:{\u0022usesExec\u0022:false,\u0022usesNetwork\u0022:true,\u0022usesSerialization\u0022:false,\u0022jobSchedulers\u0022:[]}}",
"sha256": "sha256:1cd5eb20a226916b9d1acbfc7182845a3ebca8284c7f558b23b7e87395e0a2c2"
"value": "{\u0022$schema\u0022:\u0022stellaops.ruby.observation@1\u0022,\u0022packages\u0022:[{\u0022name\u0022:\u0022git-gem\u0022,\u0022version\u0022:\u00220.5.0\u0022,\u0022source\u0022:\u0022git:https://github.com/example/git-gem.git@0123456789abcdef0123456789abcdef01234567\u0022,\u0022declaredOnly\u0022:true,\u0022lockfile\u0022:\u0022Gemfile.lock\u0022,\u0022groups\u0022:[\u0022default\u0022]},{\u0022name\u0022:\u0022httparty\u0022,\u0022version\u0022:\u00220.21.0\u0022,\u0022source\u0022:\u0022https://rubygems.org/\u0022,\u0022declaredOnly\u0022:true,\u0022lockfile\u0022:\u0022Gemfile.lock\u0022,\u0022groups\u0022:[\u0022default\u0022]},{\u0022name\u0022:\u0022multi_xml\u0022,\u0022version\u0022:\u00220.6.0\u0022,\u0022source\u0022:\u0022https://rubygems.org/\u0022,\u0022declaredOnly\u0022:true,\u0022lockfile\u0022:\u0022Gemfile.lock\u0022,\u0022groups\u0022:[\u0022default\u0022]},{\u0022name\u0022:\u0022path-gem\u0022,\u0022version\u0022:\u00222.1.3\u0022,\u0022source\u0022:\u0022vendor-cache\u0022,\u0022declaredOnly\u0022:false,\u0022lockfile\u0022:\u0022Gemfile.lock\u0022,\u0022artifact\u0022:\u0022vendor/cache/path-gem-2.1.3.gem\u0022,\u0022groups\u0022:[\u0022default\u0022]},{\u0022name\u0022:\u0022rake\u0022,\u0022version\u0022:\u002213.1.0\u0022,\u0022source\u0022:\u0022https://rubygems.org/\u0022,\u0022declaredOnly\u0022:true,\u0022lockfile\u0022:\u0022Gemfile.lock\u0022,\u0022groups\u0022:[\u0022default\u0022]}],\u0022entrypoints\u0022:[{\u0022path\u0022:\u0022app/main.rb\u0022,\u0022type\u0022:\u0022script\u0022,\u0022requiredGems\u0022:[\u0022git-gem\u0022,\u0022httparty\u0022,\u0022path-gem\u0022]}],\u0022dependencyEdges\u0022:[{\u0022from\u0022:\u0022pkg:gem/httparty@0.21.0\u0022,\u0022to\u0022:\u0022multi_xml\u0022,\u0022constraint\u0022:\u0022~\\u003E 0.5\u0022},{\u0022from\u0022:\u0022pkg:gem/path-gem@2.1.3\u0022,\u0022to\u0022:\u0022rake\u0022,\u0022constraint\u0022:\u0022~\\u003E 13.0\u0022}],\u0022runtimeEdges\u0022:[{\u0022package\u0022:\u0022git-gem\u0022,\u0022usedByEntrypoint\u0022:true,\u0022files\u0022:[\u0022app/main.rb\u0022],\u0022entrypoints\u0022:[\u0022app/main.rb\u0022],\u0022reasons\u0022:[\u0022require-static\u0022]},{\u0022package\u0022:\u0022httparty\u0022,\u0022usedByEntrypoint\u0022:true,\u0022files\u0022:[\u0022app/main.rb\u0022],\u0022entrypoints\u0022:[\u0022app/main.rb\u0022],\u0022reasons\u0022:[\u0022require-static\u0022]},{\u0022package\u0022:\u0022path-gem\u0022,\u0022usedByEntrypoint\u0022:true,\u0022files\u0022:[\u0022app/main.rb\u0022],\u0022entrypoints\u0022:[\u0022app/main.rb\u0022],\u0022reasons\u0022:[\u0022require-static\u0022]}],\u0022environment\u0022:{\u0022bundlerVersion\u0022:\u00222.5.10\u0022,\u0022lockfiles\u0022:[\u0022Gemfile.lock\u0022]},\u0022capabilities\u0022:{\u0022usesExec\u0022:false,\u0022usesNetwork\u0022:true,\u0022usesSerialization\u0022:false,\u0022jobSchedulers\u0022:[]},\u0022bundledWith\u0022:\u00222.5.10\u0022}",
"sha256": "sha256:1c085acad0db516af25f986a033681de2b132adb719610fe29e88b0893447c25"
}
]
},

7
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Tests/Fixtures/lang/ruby/workspace/expected.json
View File

@@ -6,10 +6,13 @@
"type": "ruby-observation",
"usedByEntrypoint": false,
"metadata": {
"ruby.observation.bundler_version": "2.5.10",
"ruby.observation.capability.exec": "false",
"ruby.observation.capability.net": "false",
"ruby.observation.capability.schedulers": "0",
"ruby.observation.capability.serialization": "false",
"ruby.observation.dependency_edges": "0",
"ruby.observation.entrypoints": "0",
"ruby.observation.packages": "7",
"ruby.observation.runtime_edges": "4"
},
@@ -18,8 +21,8 @@
"kind": "derived",
"source": "ruby.observation",
"locator": "document",
"value": "{\u0022packages\u0022:[{\u0022name\u0022:\u0022api-gem\u0022,\u0022version\u0022:\u00220.1.0\u0022,\u0022source\u0022:\u0022apps\u0022,\u0022declaredOnly\u0022:false,\u0022artifact\u0022:\u0022apps/api/vendor/bundle/ruby/3.1.0/gems/api-gem-0.1.0\u0022,\u0022groups\u0022:[\u0022default\u0022]},{\u0022name\u0022:\u0022bootsnap\u0022,\u0022version\u0022:\u00221.18.4\u0022,\u0022source\u0022:\u0022https://rubygems.org/\u0022,\u0022declaredOnly\u0022:true,\u0022lockfile\u0022:\u0022apps/api/Gemfile.lock\u0022,\u0022groups\u0022:[\u0022default\u0022]},{\u0022name\u0022:\u0022pry\u0022,\u0022version\u0022:\u00221.0.0\u0022,\u0022source\u0022:\u0022https://rubygems.org/\u0022,\u0022declaredOnly\u0022:true,\u0022lockfile\u0022:\u0022Gemfile.lock\u0022,\u0022groups\u0022:[\u0022development\u0022,\u0022test\u0022]},{\u0022name\u0022:\u0022puma\u0022,\u0022version\u0022:\u00226.4.2\u0022,\u0022source\u0022:\u0022https://rubygems.org/\u0022,\u0022declaredOnly\u0022:true,\u0022lockfile\u0022:\u0022Gemfile.lock\u0022,\u0022groups\u0022:[\u0022console\u0022,\u0022production\u0022]},{\u0022name\u0022:\u0022rails\u0022,\u0022version\u0022:\u00227.1.3\u0022,\u0022source\u0022:\u0022https://rubygems.org/\u0022,\u0022declaredOnly\u0022:true,\u0022lockfile\u0022:\u0022Gemfile.lock\u0022,\u0022groups\u0022:[\u0022default\u0022]},{\u0022name\u0022:\u0022rubocop\u0022,\u0022version\u0022:\u00221.60.0\u0022,\u0022source\u0022:\u0022https://rubygems.org/\u0022,\u0022declaredOnly\u0022:true,\u0022lockfile\u0022:\u0022Gemfile.lock\u0022,\u0022groups\u0022:[\u0022development\u0022,\u0022test\u0022]},{\u0022name\u0022:\u0022sidekiq\u0022,\u0022version\u0022:\u00227.2.4\u0022,\u0022source\u0022:\u0022https://rubygems.org/\u0022,\u0022declaredOnly\u0022:true,\u0022lockfile\u0022:\u0022apps/api/Gemfile.lock\u0022,\u0022groups\u0022:[\u0022jobs\u0022]}],\u0022runtimeEdges\u0022:[{\u0022package\u0022:\u0022bootsnap\u0022,\u0022usedByEntrypoint\u0022:false,\u0022files\u0022:[\u0022app/main.rb\u0022],\u0022entrypoints\u0022:[],\u0022reasons\u0022:[\u0022require-static\u0022]},{\u0022package\u0022:\u0022puma\u0022,\u0022usedByEntrypoint\u0022:false,\u0022files\u0022:[\u0022app/main.rb\u0022],\u0022entrypoints\u0022:[],\u0022reasons\u0022:[\u0022require-static\u0022]},{\u0022package\u0022:\u0022rails\u0022,\u0022usedByEntrypoint\u0022:false,\u0022files\u0022:[\u0022app/main.rb\u0022],\u0022entrypoints\u0022:[],\u0022reasons\u0022:[\u0022require-static\u0022]},{\u0022package\u0022:\u0022sidekiq\u0022,\u0022usedByEntrypoint\u0022:false,\u0022files\u0022:[\u0022app/main.rb\u0022],\u0022entrypoints\u0022:[],\u0022reasons\u0022:[\u0022require-static\u0022]}],\u0022capabilities\u0022:{\u0022usesExec\u0022:false,\u0022usesNetwork\u0022:false,\u0022usesSerialization\u0022:false,\u0022jobSchedulers\u0022:[]}}",
"sha256": "sha256:6f9996b97be3dbbf3a18c2cb91624d45ddd16b2a374dd4a7f48049f5192114e2"
"value": "{\u0022$schema\u0022:\u0022stellaops.ruby.observation@1\u0022,\u0022packages\u0022:[{\u0022name\u0022:\u0022api-gem\u0022,\u0022version\u0022:\u00220.1.0\u0022,\u0022source\u0022:\u0022apps\u0022,\u0022declaredOnly\u0022:false,\u0022artifact\u0022:\u0022apps/api/vendor/bundle/ruby/3.1.0/gems/api-gem-0.1.0\u0022,\u0022groups\u0022:[\u0022default\u0022]},{\u0022name\u0022:\u0022bootsnap\u0022,\u0022version\u0022:\u00221.18.4\u0022,\u0022source\u0022:\u0022https://rubygems.org/\u0022,\u0022declaredOnly\u0022:true,\u0022lockfile\u0022:\u0022apps/api/Gemfile.lock\u0022,\u0022groups\u0022:[\u0022default\u0022]},{\u0022name\u0022:\u0022pry\u0022,\u0022version\u0022:\u00221.0.0\u0022,\u0022source\u0022:\u0022https://rubygems.org/\u0022,\u0022declaredOnly\u0022:true,\u0022lockfile\u0022:\u0022Gemfile.lock\u0022,\u0022groups\u0022:[\u0022development\u0022,\u0022test\u0022]},{\u0022name\u0022:\u0022puma\u0022,\u0022version\u0022:\u00226.4.2\u0022,\u0022source\u0022:\u0022https://rubygems.org/\u0022,\u0022declaredOnly\u0022:true,\u0022lockfile\u0022:\u0022Gemfile.lock\u0022,\u0022groups\u0022:[\u0022console\u0022,\u0022production\u0022]},{\u0022name\u0022:\u0022rails\u0022,\u0022version\u0022:\u00227.1.3\u0022,\u0022source\u0022:\u0022https://rubygems.org/\u0022,\u0022declaredOnly\u0022:true,\u0022lockfile\u0022:\u0022Gemfile.lock\u0022,\u0022groups\u0022:[\u0022default\u0022]},{\u0022name\u0022:\u0022rubocop\u0022,\u0022version\u0022:\u00221.60.0\u0022,\u0022source\u0022:\u0022https://rubygems.org/\u0022,\u0022declaredOnly\u0022:true,\u0022lockfile\u0022:\u0022Gemfile.lock\u0022,\u0022groups\u0022:[\u0022development\u0022,\u0022test\u0022]},{\u0022name\u0022:\u0022sidekiq\u0022,\u0022version\u0022:\u00227.2.4\u0022,\u0022source\u0022:\u0022https://rubygems.org/\u0022,\u0022declaredOnly\u0022:true,\u0022lockfile\u0022:\u0022apps/api/Gemfile.lock\u0022,\u0022groups\u0022:[\u0022jobs\u0022]}],\u0022entrypoints\u0022:[],\u0022dependencyEdges\u0022:[],\u0022runtimeEdges\u0022:[{\u0022package\u0022:\u0022bootsnap\u0022,\u0022usedByEntrypoint\u0022:false,\u0022files\u0022:[\u0022app/main.rb\u0022],\u0022entrypoints\u0022:[],\u0022reasons\u0022:[\u0022require-static\u0022]},{\u0022package\u0022:\u0022puma\u0022,\u0022usedByEntrypoint\u0022:false,\u0022files\u0022:[\u0022app/main.rb\u0022],\u0022entrypoints\u0022:[],\u0022reasons\u0022:[\u0022require-static\u0022]},{\u0022package\u0022:\u0022rails\u0022,\u0022usedByEntrypoint\u0022:false,\u0022files\u0022:[\u0022app/main.rb\u0022],\u0022entrypoints\u0022:[],\u0022reasons\u0022:[\u0022require-static\u0022]},{\u0022package\u0022:\u0022sidekiq\u0022,\u0022usedByEntrypoint\u0022:false,\u0022files\u0022:[\u0022app/main.rb\u0022],\u0022entrypoints\u0022:[],\u0022reasons\u0022:[\u0022require-static\u0022]}],\u0022environment\u0022:{\u0022bundlerVersion\u0022:\u00222.5.10\u0022,\u0022bundlePaths\u0022:[\u0022apps/api/vendor/bundle\u0022],\u0022gemfiles\u0022:[\u0022apps/api/Gemfile\u0022],\u0022lockfiles\u0022:[\u0022apps/api/Gemfile.lock\u0022,\u0022Gemfile.lock\u0022]},\u0022capabilities\u0022:{\u0022usesExec\u0022:false,\u0022usesNetwork\u0022:false,\u0022usesSerialization\u0022:false,\u0022jobSchedulers\u0022:[]},\u0022bundledWith\u0022:\u00222.5.10\u0022}",
"sha256": "sha256:b44788e3c6993f45cb372440f0e830677fe1b653ce4d6d468f1f5d2195e19fc5"
}
]
},

8
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Tests/Fixtures/lang/rust/fallback/expected.json
View File

@@ -1,13 +1,13 @@
[
{
"analyzerId": "rust",
"componentKey": "bin::sha256:10f3c03766e4403be40add0467a2b2d07fd7006e4b8515ab88740ffa327ea775",
"componentKey": "bin::sha256:a037bf6e958bd6b2fdcc4a95c7dc6f7735730ae33d20819a056a5da050d05b8e",
"name": "opaque_bin",
"type": "bin",
"usedByEntrypoint": true,
"metadata": {
"binary.path": "usr/local/bin/opaque_bin",
"binary.sha256": "10f3c03766e4403be40add0467a2b2d07fd7006e4b8515ab88740ffa327ea775",
"binary.sha256": "a037bf6e958bd6b2fdcc4a95c7dc6f7735730ae33d20819a056a5da050d05b8e",
"provenance": "binary"
},
"evidence": [
@@ -15,8 +15,8 @@
"kind": "file",
"source": "binary",
"locator": "usr/local/bin/opaque_bin",
"sha256": "10f3c03766e4403be40add0467a2b2d07fd7006e4b8515ab88740ffa327ea775"
"sha256": "a037bf6e958bd6b2fdcc4a95c7dc6f7735730ae33d20819a056a5da050d05b8e"
}
]
}
]
]

12
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Tests/Fixtures/lang/rust/heuristics/expected.json
View File

@@ -7,7 +7,7 @@
"usedByEntrypoint": true,
"metadata": {
"binary.paths": "usr/local/bin/heuristic_app",
"binary.sha256": "4caf60c501a594b5d4b8d909b3e91fccc4447692b9e144f322a333255909310b",
"binary.sha256": "20cc78000c9ad10c9fe4be9d5458679d54298b170bbafc7198cf82700d06aa2c",
"crate": "reqwest",
"provenance": "heuristic"
},
@@ -17,7 +17,7 @@
"source": "rust.heuristic",
"locator": "usr/local/bin/heuristic_app",
"value": "reqwest",
"sha256": "4caf60c501a594b5d4b8d909b3e91fccc4447692b9e144f322a333255909310b"
"sha256": "20cc78000c9ad10c9fe4be9d5458679d54298b170bbafc7198cf82700d06aa2c"
}
]
},
@@ -29,7 +29,7 @@
"usedByEntrypoint": true,
"metadata": {
"binary.paths": "usr/local/bin/heuristic_app",
"binary.sha256": "4caf60c501a594b5d4b8d909b3e91fccc4447692b9e144f322a333255909310b",
"binary.sha256": "20cc78000c9ad10c9fe4be9d5458679d54298b170bbafc7198cf82700d06aa2c",
"crate": "serde",
"provenance": "heuristic"
},
@@ -39,7 +39,7 @@
"source": "rust.heuristic",
"locator": "usr/local/bin/heuristic_app",
"value": "serde",
"sha256": "4caf60c501a594b5d4b8d909b3e91fccc4447692b9e144f322a333255909310b"
"sha256": "20cc78000c9ad10c9fe4be9d5458679d54298b170bbafc7198cf82700d06aa2c"
}
]
},
@@ -51,7 +51,7 @@
"usedByEntrypoint": true,
"metadata": {
"binary.paths": "usr/local/bin/heuristic_app",
"binary.sha256": "4caf60c501a594b5d4b8d909b3e91fccc4447692b9e144f322a333255909310b",
"binary.sha256": "20cc78000c9ad10c9fe4be9d5458679d54298b170bbafc7198cf82700d06aa2c",
"crate": "tokio",
"provenance": "heuristic"
},
@@ -61,7 +61,7 @@
"source": "rust.heuristic",
"locator": "usr/local/bin/heuristic_app",
"value": "tokio",
"sha256": "4caf60c501a594b5d4b8d909b3e91fccc4447692b9e144f322a333255909310b"
"sha256": "20cc78000c9ad10c9fe4be9d5458679d54298b170bbafc7198cf82700d06aa2c"
}
]
}

61
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Tests/Rust/RustFixtureBinaries.cs Normal file
View File

@@ -0,0 +1,61 @@
using System;
using System.IO;
namespace StellaOps.Scanner.Analyzers.Lang.Tests.Rust;
internal static class RustFixtureBinaries
{
private static readonly byte[] HeuristicBinary =
{
0x7F, (byte)'E', (byte)'L', (byte)'F',
0x02, 0x01, 0x01, 0x00,
(byte)'_', (byte)'Z', (byte)'N', (byte)'7', (byte)'r', (byte)'e', (byte)'q', (byte)'w', (byte)'e', (byte)'s', (byte)'t',
0x00,
(byte)'_', (byte)'Z', (byte)'N', (byte)'5', (byte)'s', (byte)'e', (byte)'r', (byte)'d', (byte)'e',
0x00,
(byte)'_', (byte)'Z', (byte)'N', (byte)'5', (byte)'t', (byte)'o', (byte)'k', (byte)'i', (byte)'o',
0x00,
};
private static readonly byte[] OpaqueBinary =
{
0x7F, (byte)'E', (byte)'L', (byte)'F',
0x02, 0x01, 0x01, 0x00,
0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00,
};
public static void EnsureHeuristicBinary(string fixturePath)
{
if (string.IsNullOrWhiteSpace(fixturePath))
{
throw new ArgumentException("Fixture path is required.", nameof(fixturePath));
}
var path = Path.Combine(fixturePath, "usr", "local", "bin", "heuristic_app");
WriteBinary(path, HeuristicBinary);
}
public static void EnsureOpaqueBinary(string fixturePath)
{
if (string.IsNullOrWhiteSpace(fixturePath))
{
throw new ArgumentException("Fixture path is required.", nameof(fixturePath));
}
var path = Path.Combine(fixturePath, "usr", "local", "bin", "opaque_bin");
WriteBinary(path, OpaqueBinary);
}
private static void WriteBinary(string path, byte[] content)
{
var directory = Path.GetDirectoryName(path);
if (!string.IsNullOrEmpty(directory))
{
Directory.CreateDirectory(directory);
}
File.WriteAllBytes(path, content);
}
}

1
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Tests/Rust/RustHeuristicCoverageComparisonTests.cs
View File

@@ -14,6 +14,7 @@ public sealed class RustHeuristicCoverageComparisonTests
var cancellationToken = TestContext.Current.CancellationToken;
var fixturePath = TestPaths.ResolveFixture("lang", "rust", "heuristics");
var baselinePath = Path.Combine(fixturePath, "competitor-baseline.json");
RustFixtureBinaries.EnsureHeuristicBinary(fixturePath);
var analyzers = new ILanguageAnalyzer[]
{

2
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Tests/Rust/RustLanguageAnalyzerTests.cs
View File

@@ -64,6 +64,7 @@ public sealed class RustLanguageAnalyzerTests
var cancellationToken = TestContext.Current.CancellationToken;
var fixturePath = TestPaths.ResolveFixture("lang", "rust", "heuristics");
var goldenPath = Path.Combine(fixturePath, "expected.json");
RustFixtureBinaries.EnsureHeuristicBinary(fixturePath);
var usageHints = new LanguageUsageHints(new[]
{
Path.Combine(fixturePath, "usr/local/bin/heuristic_app")
@@ -88,6 +89,7 @@ public sealed class RustLanguageAnalyzerTests
var cancellationToken = TestContext.Current.CancellationToken;
var fixturePath = TestPaths.ResolveFixture("lang", "rust", "fallback");
var goldenPath = Path.Combine(fixturePath, "expected.json");
RustFixtureBinaries.EnsureOpaqueBinary(fixturePath);
var usageHints = new LanguageUsageHints(new[]
{
Path.Combine(fixturePath, "usr/local/bin/opaque_bin")

2
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Tests/StellaOps.Scanner.Analyzers.Lang.Tests.csproj
View File

@@ -18,12 +18,10 @@
<PackageReference Remove="xunit" />
<PackageReference Remove="xunit.runner.visualstudio" />
<PackageReference Remove="Microsoft.AspNetCore.Mvc.Testing" />
<PackageReference Remove="Mongo2Go" />
<PackageReference Remove="coverlet.collector" />
<PackageReference Remove="Microsoft.Extensions.TimeProvider.Testing" />
<ProjectReference Remove="..\StellaOps.Concelier.Testing\StellaOps.Concelier.Testing.csproj" />
<Compile Remove="$(MSBuildThisFileDirectory)..\StellaOps.Concelier.Tests.Shared\AssemblyInfo.cs" />
<Compile Remove="$(MSBuildThisFileDirectory)..\StellaOps.Concelier.Tests.Shared\MongoFixtureCollection.cs" />
<Using Remove="StellaOps.Concelier.Testing" />
</ItemGroup>

127
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Tests/TestUtilities/JavaFixtureBuilder.cs
View File

@@ -94,6 +94,56 @@ public static class JavaFixtureBuilder
libBuffer.CopyTo(libEntryStream);
});
public static string CreateSpringBootFatJarWithEmbeddedMavenLibrary(string rootDirectory, string relativePath = "apps/app-fat.jar")
=> CreateJar(rootDirectory, relativePath, static archive =>
{
var pomEntry = archive.CreateEntry("META-INF/maven/com.example/app-fat/pom.properties", CompressionLevel.NoCompression);
pomEntry.LastWriteTime = DefaultTimestamp;
using (var writer = new StreamWriter(pomEntry.Open(), Encoding.UTF8, leaveOpen: false))
{
writer.WriteLine("# Test pom.properties");
writer.WriteLine("groupId=com.example");
writer.WriteLine("artifactId=app-fat");
writer.WriteLine("version=1.0.0");
writer.WriteLine("name=App Fat");
writer.WriteLine("packaging=jar");
}
var manifestEntry = archive.CreateEntry("META-INF/MANIFEST.MF", CompressionLevel.NoCompression);
manifestEntry.LastWriteTime = DefaultTimestamp;
using (var writer = new StreamWriter(manifestEntry.Open(), Encoding.UTF8, leaveOpen: false))
{
writer.WriteLine("Manifest-Version: 1.0");
writer.WriteLine("Main-Class: org.springframework.boot.loader.JarLauncher");
writer.WriteLine("Implementation-Title: App Fat");
writer.WriteLine("Implementation-Version: 1.0.0");
writer.WriteLine("Implementation-Vendor: Example Corp");
writer.WriteLine();
}
using var libBuffer = new MemoryStream();
using (var nested = new ZipArchive(libBuffer, ZipArchiveMode.Create, leaveOpen: true))
{
var libPomEntry = nested.CreateEntry("META-INF/maven/com.example/embedded-lib/pom.properties", CompressionLevel.NoCompression);
libPomEntry.LastWriteTime = DefaultTimestamp;
using (var writer = new StreamWriter(libPomEntry.Open(), Encoding.UTF8, leaveOpen: false))
{
writer.WriteLine("# Test pom.properties");
writer.WriteLine("groupId=com.example");
writer.WriteLine("artifactId=embedded-lib");
writer.WriteLine("version=2.1.0");
writer.WriteLine("name=Embedded Lib");
writer.WriteLine("packaging=jar");
}
}
libBuffer.Position = 0;
var libEntry = archive.CreateEntry("BOOT-INF/lib/embedded-lib.jar", CompressionLevel.NoCompression);
libEntry.LastWriteTime = DefaultTimestamp;
using var libEntryStream = libEntry.Open();
libBuffer.CopyTo(libEntryStream);
});
public static string CreateWarArchive(string rootDirectory, string relativePath = "apps/sample.war")
=> CreateJar(rootDirectory, relativePath, static archive =>
{
@@ -135,6 +185,83 @@ public static class JavaFixtureBuilder
libBuffer.CopyTo(libStream);
});
public static string CreateWarArchiveWithEmbeddedMavenLibrary(string rootDirectory, string relativePath = "apps/demo-war.war")
=> CreateJar(rootDirectory, relativePath, static archive =>
{
var pomEntry = archive.CreateEntry("META-INF/maven/com.example/demo-war/pom.properties", CompressionLevel.NoCompression);
pomEntry.LastWriteTime = DefaultTimestamp;
using (var writer = new StreamWriter(pomEntry.Open(), Encoding.UTF8, leaveOpen: false))
{
writer.WriteLine("# Test pom.properties");
writer.WriteLine("groupId=com.example");
writer.WriteLine("artifactId=demo-war");
writer.WriteLine("version=1.0.0");
writer.WriteLine("name=Demo War");
writer.WriteLine("packaging=war");
}
var manifestEntry = archive.CreateEntry("META-INF/MANIFEST.MF", CompressionLevel.NoCompression);
manifestEntry.LastWriteTime = DefaultTimestamp;
using (var manifestWriter = new StreamWriter(manifestEntry.Open(), Encoding.UTF8, leaveOpen: false))
{
manifestWriter.WriteLine("Manifest-Version: 1.0");
manifestWriter.WriteLine("Implementation-Title: Demo War");
manifestWriter.WriteLine("Implementation-Version: 1.0.0");
manifestWriter.WriteLine("Implementation-Vendor: Example Corp");
manifestWriter.WriteLine();
}
using var libBuffer = new MemoryStream();
using (var nested = new ZipArchive(libBuffer, ZipArchiveMode.Create, leaveOpen: true))
{
var libPomEntry = nested.CreateEntry("META-INF/maven/com.example/web-lib/pom.properties", CompressionLevel.NoCompression);
libPomEntry.LastWriteTime = DefaultTimestamp;
using (var writer = new StreamWriter(libPomEntry.Open(), Encoding.UTF8, leaveOpen: false))
{
writer.WriteLine("# Test pom.properties");
writer.WriteLine("groupId=com.example");
writer.WriteLine("artifactId=web-lib");
writer.WriteLine("version=3.0.0");
writer.WriteLine("name=Web Lib");
writer.WriteLine("packaging=jar");
}
}
libBuffer.Position = 0;
var libEntry = archive.CreateEntry("WEB-INF/lib/web-lib.jar", CompressionLevel.NoCompression);
libEntry.LastWriteTime = DefaultTimestamp;
using var libStream = libEntry.Open();
libBuffer.CopyTo(libStream);
});
public static string CreatePomXmlOnlyJar(string rootDirectory, string relativePath = "libs/pomxml-only.jar")
=> CreateJar(rootDirectory, relativePath, static archive =>
{
var manifestEntry = archive.CreateEntry("META-INF/MANIFEST.MF", CompressionLevel.NoCompression);
manifestEntry.LastWriteTime = DefaultTimestamp;
using (var manifestWriter = new StreamWriter(manifestEntry.Open(), Encoding.UTF8, leaveOpen: false))
{
manifestWriter.WriteLine("Manifest-Version: 1.0");
manifestWriter.WriteLine("Implementation-Title: PomXml Only");
manifestWriter.WriteLine("Implementation-Version: 1.2.3");
manifestWriter.WriteLine("Implementation-Vendor: Example Corp");
manifestWriter.WriteLine();
}
var pomXmlEntry = archive.CreateEntry("META-INF/maven/com.example/pomxml-only/pom.xml", CompressionLevel.NoCompression);
pomXmlEntry.LastWriteTime = DefaultTimestamp;
using (var writer = new StreamWriter(pomXmlEntry.Open(), Encoding.UTF8, leaveOpen: false))
{
writer.WriteLine("<project>");
writer.WriteLine(" <modelVersion>4.0.0</modelVersion>");
writer.WriteLine(" <groupId>com.example</groupId>");
writer.WriteLine(" <artifactId>pomxml-only</artifactId>");
writer.WriteLine(" <version>1.2.3</version>");
writer.WriteLine(" <name>PomXml Only</name>");
writer.WriteLine("</project>");
}
});
public static string CreateMultiReleaseJar(string rootDirectory, string relativePath = "libs/mr.jar")
=> CreateJar(rootDirectory, relativePath, static archive =>
{