stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

old sprints work, new sprints for exposing functionality via cli, improve code_of_conduct and other agents instructions

Browse Source
This commit is contained in:
master
2026-01-15 18:37:59 +02:00
parent c631bacee2
commit 88a85cdd92
208 changed files with 32271 additions and 2287 deletions
Download Patch File Download Diff File Expand all files Collapse all files

286
src/Signals/__Tests/StellaOps.Signals.Ebpf.Tests/RuntimeNodeHashTests.cs Normal file
View File

@@ -0,0 +1,286 @@
// <copyright file="RuntimeNodeHashTests.cs" company="StellaOps">
// SPDX-License-Identifier: AGPL-3.0-or-later
// Sprint: SPRINT_20260112_005_SIGNALS_runtime_nodehash (PW-SIG-003)
// </copyright>
namespace StellaOps.Signals.Ebpf.Tests;
using StellaOps.Signals.Ebpf.Schema;
using Xunit;
/// <summary>
/// Tests for node hash emission and callstack hash determinism.
/// Sprint: SPRINT_20260112_005_SIGNALS_runtime_nodehash (PW-SIG-003)
/// </summary>
[Trait("Category", "Unit")]
public sealed class RuntimeNodeHashTests
{
[Fact]
public void RuntimeCallEvent_NodeHashFields_HaveCorrectDefaults()
{
// Arrange & Act
var evt = new RuntimeCallEvent
{
EventId = Guid.NewGuid(),
ContainerId = "container-123",
Pid = 1234,
Tid = 5678,
TimestampNs = 1000000000,
Symbol = "vulnerable_func",
};
// Assert - New fields should be null by default
Assert.Null(evt.FunctionSignature);
Assert.Null(evt.BinaryDigest);
Assert.Null(evt.BinaryOffset);
Assert.Null(evt.NodeHash);
Assert.Null(evt.CallstackHash);
}
[Fact]
public void RuntimeCallEvent_WithNodeHashFields_PreservesValues()
{
// Arrange & Act
var evt = new RuntimeCallEvent
{
EventId = Guid.NewGuid(),
ContainerId = "container-123",
Pid = 1234,
Tid = 5678,
TimestampNs = 1000000000,
Symbol = "vulnerable_func",
Purl = "pkg:npm/lodash@4.17.21",
FunctionSignature = "lodash.merge(object, ...sources)",
BinaryDigest = "sha256:abc123def456",
BinaryOffset = 0x1234,
NodeHash = "sha256:nodehash123",
CallstackHash = "sha256:callstackhash456"
};
// Assert
Assert.Equal("lodash.merge(object, ...sources)", evt.FunctionSignature);
Assert.Equal("sha256:abc123def456", evt.BinaryDigest);
Assert.Equal((ulong)0x1234, evt.BinaryOffset);
Assert.Equal("sha256:nodehash123", evt.NodeHash);
Assert.Equal("sha256:callstackhash456", evt.CallstackHash);
}
[Fact]
public void ObservedCallPath_NodeHashFields_HaveCorrectDefaults()
{
// Arrange & Act
var path = new ObservedCallPath
{
Symbols = ["main", "processRequest", "vulnerable_func"],
ObservationCount = 100,
Purl = "pkg:npm/lodash@4.17.21",
};
// Assert - New fields should be null/empty by default
Assert.Null(path.NodeHashes);
Assert.Null(path.PathHash);
Assert.Null(path.CallstackHash);
Assert.Null(path.FunctionSignatures);
Assert.Null(path.BinaryDigests);
Assert.Null(path.BinaryOffsets);
}
[Fact]
public void ObservedCallPath_WithNodeHashes_PreservesValues()
{
// Arrange
var nodeHashes = new List<string> { "sha256:hash1", "sha256:hash2", "sha256:hash3" };
var functionSignatures = new List<string?> { "main()", "process(req)", "vuln(data)" };
var binaryDigests = new List<string?> { "sha256:bin1", "sha256:bin2", "sha256:bin3" };
var binaryOffsets = new List<ulong?> { 0x1000, 0x2000, 0x3000 };
// Act
var path = new ObservedCallPath
{
Symbols = ["main", "process", "vuln"],
ObservationCount = 50,
Purl = "pkg:golang/example.com/pkg@1.0.0",
NodeHashes = nodeHashes,
PathHash = "sha256:pathhash123",
CallstackHash = "sha256:callstackhash456",
FunctionSignatures = functionSignatures,
BinaryDigests = binaryDigests,
BinaryOffsets = binaryOffsets
};
// Assert
Assert.Equal(3, path.NodeHashes!.Count);
Assert.Equal("sha256:hash1", path.NodeHashes[0]);
Assert.Equal("sha256:pathhash123", path.PathHash);
Assert.Equal("sha256:callstackhash456", path.CallstackHash);
Assert.Equal(3, path.FunctionSignatures!.Count);
Assert.Equal(3, path.BinaryDigests!.Count);
Assert.Equal(3, path.BinaryOffsets!.Count);
}
[Fact]
public void RuntimeSignalSummary_NodeHashFields_HaveCorrectDefaults()
{
// Arrange & Act
var summary = new RuntimeSignalSummary
{
ContainerId = "container-456",
StartedAt = DateTimeOffset.UtcNow.AddMinutes(-5),
StoppedAt = DateTimeOffset.UtcNow,
TotalEvents = 1000,
};
// Assert
Assert.Null(summary.ObservedNodeHashes);
Assert.Null(summary.ObservedPathHashes);
Assert.Null(summary.CombinedPathHash);
}
[Fact]
public void RuntimeSignalSummary_WithNodeHashes_PreservesValues()
{
// Arrange
var observedNodeHashes = new List<string> { "sha256:node1", "sha256:node2" };
var observedPathHashes = new List<string> { "sha256:path1", "sha256:path2" };
// Act
var summary = new RuntimeSignalSummary
{
ContainerId = "container-456",
StartedAt = DateTimeOffset.UtcNow.AddMinutes(-5),
StoppedAt = DateTimeOffset.UtcNow,
TotalEvents = 1000,
ObservedNodeHashes = observedNodeHashes,
ObservedPathHashes = observedPathHashes,
CombinedPathHash = "sha256:combinedhash"
};
// Assert
Assert.Equal(2, summary.ObservedNodeHashes!.Count);
Assert.Equal(2, summary.ObservedPathHashes!.Count);
Assert.Equal("sha256:combinedhash", summary.CombinedPathHash);
}
[Fact]
public void NodeHashes_AreDeterministicallySorted()
{
// Arrange - Create hashes in unsorted order
var unsortedHashes = new List<string>
{
"sha256:zzz",
"sha256:aaa",
"sha256:mmm"
};
// Act - Sort for determinism
var sortedHashes = unsortedHashes.Order().ToList();
// Assert - Should be sorted alphabetically
Assert.Equal("sha256:aaa", sortedHashes[0]);
Assert.Equal("sha256:mmm", sortedHashes[1]);
Assert.Equal("sha256:zzz", sortedHashes[2]);
}
[Fact]
public void CallstackHash_DeterminismTest()
{
// Arrange - Same symbols should produce same path
var path1 = new ObservedCallPath
{
Symbols = ["main", "process", "vulnerable_func"],
Purl = "pkg:npm/lodash@4.17.21"
};
var path2 = new ObservedCallPath
{
Symbols = ["main", "process", "vulnerable_func"],
Purl = "pkg:npm/lodash@4.17.21"
};
// Assert - Both paths have identical structure
Assert.Equal(path1.Symbols.Count, path2.Symbols.Count);
for (int i = 0; i < path1.Symbols.Count; i++)
{
Assert.Equal(path1.Symbols[i], path2.Symbols[i]);
}
Assert.Equal(path1.Purl, path2.Purl);
}
[Fact]
public void NodeHash_MissingPurl_HandledGracefully()
{
// Arrange & Act
var evt = new RuntimeCallEvent
{
EventId = Guid.NewGuid(),
ContainerId = "container-123",
Pid = 1234,
Tid = 5678,
TimestampNs = 1000000000,
Symbol = "unknown_func",
Purl = null, // Missing PURL
FunctionSignature = "unknown_func()",
};
// Assert - Should not throw, node hash will be null
Assert.Null(evt.Purl);
Assert.NotNull(evt.FunctionSignature);
}
[Fact]
public void NodeHash_MissingSymbol_HandledGracefully()
{
// Arrange & Act
var evt = new RuntimeCallEvent
{
EventId = Guid.NewGuid(),
ContainerId = "container-123",
Pid = 1234,
Tid = 5678,
TimestampNs = 1000000000,
Symbol = null, // Missing symbol
Purl = "pkg:npm/lodash@4.17.21",
};
// Assert - Should not throw
Assert.Null(evt.Symbol);
Assert.NotNull(evt.Purl);
}
[Fact]
public void RuntimeType_AllValuesSupported()
{
// Arrange & Act - Test all runtime types
var runtimeTypes = Enum.GetValues<RuntimeType>();
// Assert
Assert.Contains(RuntimeType.Unknown, runtimeTypes);
Assert.Contains(RuntimeType.Native, runtimeTypes);
Assert.Contains(RuntimeType.Jvm, runtimeTypes);
Assert.Contains(RuntimeType.Node, runtimeTypes);
Assert.Contains(RuntimeType.Python, runtimeTypes);
Assert.Contains(RuntimeType.DotNet, runtimeTypes);
Assert.Contains(RuntimeType.Go, runtimeTypes);
Assert.Contains(RuntimeType.Ruby, runtimeTypes);
}
[Fact]
public void PathHash_DifferentSymbolOrder_DifferentHash()
{
// Arrange - Same symbols but different order
var path1 = new ObservedCallPath
{
Symbols = ["main", "process", "vulnerable_func"],
PathHash = "sha256:path1hash"
};
var path2 = new ObservedCallPath
{
Symbols = ["vulnerable_func", "process", "main"],
PathHash = "sha256:path2hash"
};
// Assert - Different order should produce different hash
Assert.NotEqual(path1.PathHash, path2.PathHash);
}
}

270
src/Signals/__Tests/StellaOps.Signals.Tests/RuntimeUpdatedEventTests.cs Normal file
View File

@@ -0,0 +1,270 @@
// <copyright file="RuntimeUpdatedEventTests.cs" company="StellaOps">
// SPDX-License-Identifier: AGPL-3.0-or-later
// Sprint: SPRINT_20260112_008_SIGNALS_runtime_telemetry_events (SIG-RUN-004)
// </copyright>
using StellaOps.Signals.Models;
using StellaOps.TestKit;
using Xunit;
namespace StellaOps.Signals.Tests;
/// <summary>
/// Tests for runtime updated event generation, idempotency, and ordering.
/// Sprint: SPRINT_20260112_008_SIGNALS_runtime_telemetry_events (SIG-RUN-004)
/// </summary>
[Trait("Category", TestCategories.Unit)]
public sealed class RuntimeUpdatedEventTests
{
private static readonly DateTimeOffset FixedTime = new(2026, 1, 15, 10, 30, 0, TimeSpan.Zero);
[Fact]
public void Factory_CreatesEventWithDeterministicId()
{
// Arrange & Act
var event1 = RuntimeUpdatedEventFactory.Create(
tenant: "test-tenant",
subjectKey: "cve:CVE-2026-1234|purl:pkg:npm/lodash@4.17.21",
evidenceDigest: "sha256:abc123",
updateType: RuntimeUpdateType.NewObservation,
newState: "observed",
confidence: 0.85,
fromRuntime: true,
occurredAtUtc: FixedTime);
var event2 = RuntimeUpdatedEventFactory.Create(
tenant: "test-tenant",
subjectKey: "cve:CVE-2026-1234|purl:pkg:npm/lodash@4.17.21",
evidenceDigest: "sha256:abc123",
updateType: RuntimeUpdateType.NewObservation,
newState: "observed",
confidence: 0.85,
fromRuntime: true,
occurredAtUtc: FixedTime);
// Assert - Same inputs should produce same event ID
Assert.Equal(event1.EventId, event2.EventId);
}
[Fact]
public void Factory_DifferentEvidenceDigest_ProducesDifferentId()
{
// Arrange & Act
var event1 = RuntimeUpdatedEventFactory.Create(
tenant: "test-tenant",
subjectKey: "cve:CVE-2026-1234|purl:pkg:npm/lodash@4.17.21",
evidenceDigest: "sha256:abc123",
updateType: RuntimeUpdateType.NewObservation,
newState: "observed",
confidence: 0.85,
fromRuntime: true,
occurredAtUtc: FixedTime);
var event2 = RuntimeUpdatedEventFactory.Create(
tenant: "test-tenant",
subjectKey: "cve:CVE-2026-1234|purl:pkg:npm/lodash@4.17.21",
evidenceDigest: "sha256:different",
updateType: RuntimeUpdateType.NewObservation,
newState: "observed",
confidence: 0.85,
fromRuntime: true,
occurredAtUtc: FixedTime);
// Assert
Assert.NotEqual(event1.EventId, event2.EventId);
}
[Fact]
public void Factory_ExploitTelemetry_AlwaysTriggersReanalysis()
{
// Arrange & Act
var evt = RuntimeUpdatedEventFactory.Create(
tenant: "test-tenant",
subjectKey: "test-subject",
evidenceDigest: "sha256:abc123",
updateType: RuntimeUpdateType.ExploitTelemetry,
newState: "exploited",
confidence: 0.5,
fromRuntime: true,
occurredAtUtc: FixedTime);
// Assert
Assert.True(evt.TriggerReanalysis);
Assert.NotNull(evt.ReanalysisReason);
}
[Fact]
public void Factory_StateChange_TriggersReanalysis()
{
// Arrange & Act
var evt = RuntimeUpdatedEventFactory.Create(
tenant: "test-tenant",
subjectKey: "test-subject",
evidenceDigest: "sha256:abc123",
updateType: RuntimeUpdateType.StateChange,
newState: "confirmed",
confidence: 0.7,
fromRuntime: true,
occurredAtUtc: FixedTime,
previousState: "suspected");
// Assert
Assert.True(evt.TriggerReanalysis);
}
[Fact]
public void Factory_HighConfidenceRuntime_TriggersReanalysis()
{
// Arrange & Act
var evt = RuntimeUpdatedEventFactory.Create(
tenant: "test-tenant",
subjectKey: "test-subject",
evidenceDigest: "sha256:abc123",
updateType: RuntimeUpdateType.ConfidenceIncrease,
newState: "observed",
confidence: 0.95,
fromRuntime: true,
occurredAtUtc: FixedTime,
previousState: "observed");
// Assert
Assert.True(evt.TriggerReanalysis);
}
[Fact]
public void Factory_LowConfidence_DoesNotTriggerReanalysis()
{
// Arrange & Act
var evt = RuntimeUpdatedEventFactory.Create(
tenant: "test-tenant",
subjectKey: "test-subject",
evidenceDigest: "sha256:abc123",
updateType: RuntimeUpdateType.ConfidenceIncrease,
newState: "observed",
confidence: 0.3,
fromRuntime: true,
occurredAtUtc: FixedTime,
previousState: "observed");
// Assert - Low confidence state change without state change shouldn't trigger
Assert.False(evt.TriggerReanalysis);
}
[Fact]
public void Factory_ObservedNodeHashes_PreservedInOrder()
{
// Arrange
var nodeHashes = new List<string> { "sha256:zzz", "sha256:aaa", "sha256:mmm" };
// Act
var evt = RuntimeUpdatedEventFactory.Create(
tenant: "test-tenant",
subjectKey: "test-subject",
evidenceDigest: "sha256:abc123",
updateType: RuntimeUpdateType.NewObservation,
newState: "observed",
confidence: 0.85,
fromRuntime: true,
occurredAtUtc: FixedTime,
observedNodeHashes: nodeHashes);
// Assert - Hashes should be preserved as provided
Assert.Equal(3, evt.ObservedNodeHashes.Length);
Assert.Equal("sha256:zzz", evt.ObservedNodeHashes[0]);
Assert.Equal("sha256:aaa", evt.ObservedNodeHashes[1]);
Assert.Equal("sha256:mmm", evt.ObservedNodeHashes[2]);
}
[Fact]
public void Factory_AllFieldsPopulated()
{
// Arrange & Act
var evt = RuntimeUpdatedEventFactory.Create(
tenant: "test-tenant",
subjectKey: "cve:CVE-2026-1234|purl:pkg:npm/lodash@4.17.21",
evidenceDigest: "sha256:abc123",
updateType: RuntimeUpdateType.NewCallPath,
newState: "observed",
confidence: 0.85,
fromRuntime: true,
occurredAtUtc: FixedTime,
cveId: "CVE-2026-1234",
purl: "pkg:npm/lodash@4.17.21",
callgraphId: "cg-scan-001",
previousState: "suspected",
runtimeMethod: "ebpf",
observedNodeHashes: new List<string> { "sha256:node1" },
pathHash: "sha256:path1",
traceId: "trace-001");
// Assert
Assert.Equal("test-tenant", evt.Tenant);
Assert.Equal("CVE-2026-1234", evt.CveId);
Assert.Equal("pkg:npm/lodash@4.17.21", evt.Purl);
Assert.Equal("cg-scan-001", evt.CallgraphId);
Assert.Equal("suspected", evt.PreviousState);
Assert.Equal("observed", evt.NewState);
Assert.Equal("ebpf", evt.RuntimeMethod);
Assert.Equal("sha256:path1", evt.PathHash);
Assert.Equal("trace-001", evt.TraceId);
Assert.Equal(RuntimeEventTypes.Updated, evt.EventType);
Assert.Equal("1.0.0", evt.Version);
}
[Fact]
public void RuntimeEventTypes_HasCorrectConstants()
{
// Assert
Assert.Equal("runtime.updated", RuntimeEventTypes.Updated);
Assert.Equal("runtime.updated@1", RuntimeEventTypes.UpdatedV1);
Assert.Equal("runtime.ingested", RuntimeEventTypes.Ingested);
Assert.Equal("runtime.confirmed", RuntimeEventTypes.Confirmed);
Assert.Equal("runtime.exploit_detected", RuntimeEventTypes.ExploitDetected);
}
[Theory]
[InlineData(RuntimeUpdateType.NewObservation)]
[InlineData(RuntimeUpdateType.StateChange)]
[InlineData(RuntimeUpdateType.ConfidenceIncrease)]
[InlineData(RuntimeUpdateType.NewCallPath)]
[InlineData(RuntimeUpdateType.ExploitTelemetry)]
public void Factory_AllUpdateTypes_CreateValidEvents(RuntimeUpdateType updateType)
{
// Arrange & Act
var evt = RuntimeUpdatedEventFactory.Create(
tenant: "test-tenant",
subjectKey: "test-subject",
evidenceDigest: "sha256:abc123",
updateType: updateType,
newState: "observed",
confidence: 0.85,
fromRuntime: true,
occurredAtUtc: FixedTime);
// Assert
Assert.NotNull(evt);
Assert.NotEmpty(evt.EventId);
Assert.Equal(updateType, evt.UpdateType);
}
[Fact]
public void Event_IdempotencyKey_IsDeterministic()
{
// Arrange - Create same event multiple times with same inputs
var events = Enumerable.Range(0, 5)
.Select(_ => RuntimeUpdatedEventFactory.Create(
tenant: "tenant-1",
subjectKey: "subject-1",
evidenceDigest: "sha256:evidence1",
updateType: RuntimeUpdateType.NewObservation,
newState: "observed",
confidence: 0.9,
fromRuntime: true,
occurredAtUtc: FixedTime))
.ToList();
// Assert - All events should have the same ID
var distinctIds = events.Select(e => e.EventId).Distinct().ToList();
Assert.Single(distinctIds);
}
}