Add property-based tests for SBOM/VEX document ordering and Unicode normalization determinism

- Implement `SbomVexOrderingDeterminismProperties` for testing component list and vulnerability metadata hash consistency. - Create `UnicodeNormalizationDeterminismProperties` to validate NFC normalization and Unicode string handling. - Add project file for `StellaOps.Testing.Determinism.Properties` with necessary dependencies. - Introduce CI/CD template validation tests including YAML syntax checks and documentation content verification. - Create validation script for CI/CD templates ensuring all required files and structures are present.
2025-12-26 15:17:15 +02:00
parent 7792749bb4
commit 907783f625
354 changed files with 79727 additions and 1346 deletions
--- a/src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.FixIndex/Repositories/IFixIndexRepository.cs
+++ b/src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.FixIndex/Repositories/IFixIndexRepository.cs
@@ -0,0 +1,111 @@
+using StellaOps.BinaryIndex.FixIndex.Models;
+
+namespace StellaOps.BinaryIndex.FixIndex.Repositories;
+
+/// <summary>
+/// Repository interface for CVE fix index operations.
+/// </summary>
+public interface IFixIndexRepository
+{
+    /// <summary>
+    /// Gets the fix status for a specific CVE/package/distro combination.
+    /// </summary>
+    /// <param name="distro">Distribution (debian, ubuntu, alpine, rhel)</param>
+    /// <param name="release">Release codename (bookworm, jammy, v3.19)</param>
+    /// <param name="sourcePkg">Source package name</param>
+    /// <param name="cveId">CVE identifier</param>
+    /// <param name="cancellationToken">Cancellation token</param>
+    /// <returns>Fix status if found, null otherwise</returns>
+    Task<FixIndexEntry?> GetFixStatusAsync(
+        string distro,
+        string release,
+        string sourcePkg,
+        string cveId,
+        CancellationToken cancellationToken = default);
+
+    /// <summary>
+    /// Gets all fix statuses for a package.
+    /// </summary>
+    Task<IReadOnlyList<FixIndexEntry>> GetFixStatusesForPackageAsync(
+        string distro,
+        string release,
+        string sourcePkg,
+        CancellationToken cancellationToken = default);
+
+    /// <summary>
+    /// Gets all known fix locations for a CVE across distros.
+    /// </summary>
+    Task<IReadOnlyList<FixIndexEntry>> GetFixLocationsForCveAsync(
+        string cveId,
+        CancellationToken cancellationToken = default);
+
+    /// <summary>
+    /// Upserts a fix index entry.
+    /// </summary>
+    Task<FixIndexEntry> UpsertAsync(
+        FixEvidence evidence,
+        CancellationToken cancellationToken = default);
+
+    /// <summary>
+    /// Batch upserts fix index entries.
+    /// </summary>
+    Task<int> UpsertBatchAsync(
+        IEnumerable<FixEvidence> evidenceList,
+        CancellationToken cancellationToken = default);
+
+    /// <summary>
+    /// Stores fix evidence for audit trail.
+    /// </summary>
+    Task<Guid> StoreEvidenceAsync(
+        FixEvidence evidence,
+        CancellationToken cancellationToken = default);
+
+    /// <summary>
+    /// Gets evidence by ID.
+    /// </summary>
+    Task<FixEvidenceRecord?> GetEvidenceAsync(
+        Guid evidenceId,
+        CancellationToken cancellationToken = default);
+
+    /// <summary>
+    /// Deletes all entries from a specific snapshot (for re-ingestion).
+    /// </summary>
+    Task<int> DeleteBySnapshotAsync(
+        Guid snapshotId,
+        CancellationToken cancellationToken = default);
+}
+
+/// <summary>
+/// Fix index entry from the database.
+/// </summary>
+public sealed record FixIndexEntry
+{
+    public required Guid Id { get; init; }
+    public required string Distro { get; init; }
+    public required string Release { get; init; }
+    public required string SourcePkg { get; init; }
+    public required string CveId { get; init; }
+    public required FixState State { get; init; }
+    public string? FixedVersion { get; init; }
+    public required FixMethod Method { get; init; }
+    public required decimal Confidence { get; init; }
+    public Guid? EvidenceId { get; init; }
+    public Guid? SnapshotId { get; init; }
+    public required DateTimeOffset IndexedAt { get; init; }
+    public required DateTimeOffset UpdatedAt { get; init; }
+}
+
+/// <summary>
+/// Fix evidence record from the database.
+/// </summary>
+public sealed record FixEvidenceRecord
+{
+    public required Guid Id { get; init; }
+    public required string EvidenceType { get; init; }
+    public string? SourceFile { get; init; }
+    public string? SourceSha256 { get; init; }
+    public string? Excerpt { get; init; }
+    public required string MetadataJson { get; init; }
+    public Guid? SnapshotId { get; init; }
+    public required DateTimeOffset CreatedAt { get; init; }
+}