stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

audit notes work completed, test fixes work (95% done), new sprints, new data sources setup and configuration

Browse Source
This commit is contained in:
master
2026-01-14 10:48:00 +02:00
parent d7be6ba34b
commit 95d5898650
379 changed files with 40695 additions and 19041 deletions
Download Patch File Download Diff File Expand all files Collapse all files

277
src/Policy/__Tests/StellaOps.Policy.AuthSignals.Tests/PolicyAuthSignalTests.cs Normal file
View File

@@ -0,0 +1,277 @@
using StellaOps.Policy.AuthSignals;
using Xunit;
namespace StellaOps.Policy.AuthSignals.Tests;
/// <summary>
/// Tests for PolicyAuthSignal and related models.
/// </summary>
public sealed class PolicyAuthSignalTests
{
[Fact]
public void PolicyAuthSignal_RequiredProperties_MustBeSet()
{
var signal = new PolicyAuthSignal
{
Id = "sig-001",
Tenant = "tenant-abc",
Subject = "artifact:sha256:abc123",
SignalType = "reachability",
Source = "scanner-v1",
Created = DateTime.UtcNow
};
Assert.Equal("sig-001", signal.Id);
Assert.Equal("tenant-abc", signal.Tenant);
Assert.Equal("artifact:sha256:abc123", signal.Subject);
Assert.Equal("reachability", signal.SignalType);
Assert.Equal("scanner-v1", signal.Source);
}
[Theory]
[InlineData("reachability")]
[InlineData("attestation")]
[InlineData("risk")]
[InlineData("vex")]
public void PolicyAuthSignal_SignalType_SupportedValues(string signalType)
{
var signal = new PolicyAuthSignal
{
Id = "sig-type-test",
Tenant = "t1",
Subject = "s1",
SignalType = signalType,
Source = "test",
Created = DateTime.UtcNow
};
Assert.Equal(signalType, signal.SignalType);
}
[Fact]
public void PolicyAuthSignal_WithConfidence_ContainsValue()
{
var signal = new PolicyAuthSignal
{
Id = "sig-conf",
Tenant = "t1",
Subject = "s1",
SignalType = "risk",
Source = "risk-engine",
Confidence = 0.95,
Created = DateTime.UtcNow
};
Assert.Equal(0.95, signal.Confidence);
}
[Fact]
public void PolicyAuthSignal_WithEvidence_ContainsRefs()
{
var evidence = new[]
{
new EvidenceRef
{
Kind = "attestation",
Uri = "oci://registry.io/attestation@sha256:xyz",
Digest = "sha256:xyz123"
},
new EvidenceRef
{
Kind = "linkset",
Uri = "https://transparency.example.com/entry/123",
Digest = "sha256:link456",
Scope = "org.example.project"
}
};
var signal = new PolicyAuthSignal
{
Id = "sig-ev",
Tenant = "t1",
Subject = "s1",
SignalType = "attestation",
Source = "attestor",
Evidence = evidence,
Created = DateTime.UtcNow
};
Assert.Equal(2, signal.Evidence.Count);
Assert.Equal("attestation", signal.Evidence[0].Kind);
Assert.Equal("linkset", signal.Evidence[1].Kind);
Assert.Equal("org.example.project", signal.Evidence[1].Scope);
}
[Fact]
public void PolicyAuthSignal_WithProvenance_ContainsDetails()
{
var provenance = new Provenance
{
Pipeline = "ci/build-and-scan",
Inputs = new[] { "dockerfile:sha256:abc", "sources:sha256:def" },
Signer = "build-bot@ci.example.com",
Transparency = new Transparency
{
RekorUuid = "rekor-uuid-123456"
}
};
var signal = new PolicyAuthSignal
{
Id = "sig-prov",
Tenant = "t1",
Subject = "s1",
SignalType = "attestation",
Source = "signer",
Provenance = provenance,
Created = DateTime.UtcNow
};
Assert.NotNull(signal.Provenance);
Assert.Equal("ci/build-and-scan", signal.Provenance.Pipeline);
Assert.Equal(2, signal.Provenance.Inputs!.Count);
Assert.Equal("build-bot@ci.example.com", signal.Provenance.Signer);
Assert.Equal("rekor-uuid-123456", signal.Provenance.Transparency!.RekorUuid);
}
[Fact]
public void PolicyAuthSignal_DefaultEvidence_IsEmpty()
{
var signal = new PolicyAuthSignal
{
Id = "sig-default",
Tenant = "t1",
Subject = "s1",
SignalType = "vex",
Source = "scanner",
Created = DateTime.UtcNow
};
Assert.Empty(signal.Evidence);
}
[Fact]
public void Transparency_WithSkipReason_NoRekorUuid()
{
var transparency = new Transparency
{
SkipReason = "airgapped_environment"
};
Assert.Null(transparency.RekorUuid);
Assert.Equal("airgapped_environment", transparency.SkipReason);
}
[Fact]
public void PolicyAuthSignal_RecordEquality_WorksCorrectly()
{
var created = DateTime.UtcNow;
var signal1 = new PolicyAuthSignal
{
Id = "sig-eq",
Tenant = "t1",
Subject = "s1",
SignalType = "risk",
Source = "engine",
Confidence = 0.8,
Created = created
};
var signal2 = new PolicyAuthSignal
{
Id = "sig-eq",
Tenant = "t1",
Subject = "s1",
SignalType = "risk",
Source = "engine",
Confidence = 0.8,
Created = created
};
Assert.Equal(signal1, signal2);
Assert.Equal(signal1.GetHashCode(), signal2.GetHashCode());
}
}
/// <summary>
/// Tests for EvidenceRef record.
/// </summary>
public sealed class EvidenceRefTests
{
[Theory]
[InlineData("linkset")]
[InlineData("runtime")]
[InlineData("attestation")]
[InlineData("bundle")]
public void EvidenceRef_Kind_SupportedValues(string kind)
{
var evidenceRef = new EvidenceRef
{
Kind = kind,
Uri = "https://example.com/evidence",
Digest = "sha256:abc123"
};
Assert.Equal(kind, evidenceRef.Kind);
}
[Fact]
public void EvidenceRef_DefaultValues_AreEmpty()
{
var evidenceRef = new EvidenceRef();
Assert.Equal(string.Empty, evidenceRef.Kind);
Assert.Equal(string.Empty, evidenceRef.Uri);
Assert.Equal(string.Empty, evidenceRef.Digest);
Assert.Null(evidenceRef.Scope);
}
[Fact]
public void EvidenceRef_WithScope_ContainsValue()
{
var evidenceRef = new EvidenceRef
{
Kind = "runtime",
Uri = "https://example.com/runtime-check",
Digest = "sha256:runtime123",
Scope = "org.example.service.api"
};
Assert.Equal("org.example.service.api", evidenceRef.Scope);
}
}
/// <summary>
/// Tests for Provenance record.
/// </summary>
public sealed class ProvenanceTests
{
[Fact]
public void Provenance_AllPropertiesOptional()
{
var provenance = new Provenance();
Assert.Null(provenance.Pipeline);
Assert.Null(provenance.Inputs);
Assert.Null(provenance.Signer);
Assert.Null(provenance.Transparency);
}
[Fact]
public void Provenance_WithAllProperties_ContainsValues()
{
var provenance = new Provenance
{
Pipeline = "github-actions/build",
Inputs = new[] { "src:sha256:123", "config:sha256:456" },
Signer = "sigstore-bot",
Transparency = new Transparency { RekorUuid = "uuid-789" }
};
Assert.Equal("github-actions/build", provenance.Pipeline);
Assert.Equal(2, provenance.Inputs!.Count);
Assert.Equal("sigstore-bot", provenance.Signer);
Assert.NotNull(provenance.Transparency);
}
}

29
src/Policy/__Tests/StellaOps.Policy.AuthSignals.Tests/StellaOps.Policy.AuthSignals.Tests.csproj Normal file
View File

@@ -0,0 +1,29 @@
<?xml version="1.0" encoding="utf-8"?>
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<TargetFramework>net10.0</TargetFramework>
<Nullable>enable</Nullable>
<ImplicitUsings>enable</ImplicitUsings>
<LangVersion>preview</LangVersion>
<TreatWarningsAsErrors>true</TreatWarningsAsErrors>
<IsPackable>false</IsPackable>
<OutputType>Exe</OutputType>
<UseXunitV3>true</UseXunitV3>
</PropertyGroup>
<ItemGroup>
<Using Include="Xunit" />
</ItemGroup>
<ItemGroup>
<PackageReference Include="Moq" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="..\..\__Libraries\StellaOps.Policy.AuthSignals\StellaOps.Policy.AuthSignals.csproj" />
</ItemGroup>
<ItemGroup>
<Content Include="xunit.runner.json" CopyToOutputDirectory="PreserveNewest" />
</ItemGroup>
</Project>

7
src/Policy/__Tests/StellaOps.Policy.AuthSignals.Tests/xunit.runner.json Normal file
View File

@@ -0,0 +1,7 @@
{
"$schema": "https://xunit.net/schema/current/xunit.runner.schema.json",
"diagnosticMessages": true,
"parallelizeAssembly": true,
"parallelizeTestCollections": true,
"maxParallelThreads": -1
}