notify doctors work, audit work, new product advisory sprints

2026-01-13 08:36:29 +02:00
parent b8868a5f13
commit 9ca7cb183e
343 changed files with 24492 additions and 3544 deletions
--- a/src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/RuntimeEndpointsTests.cs
+++ b/src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/RuntimeEndpointsTests.cs
@@ -23,7 +23,8 @@ public sealed class RuntimeEndpointsTests
        [Fact]
    public async Task RuntimeEventsEndpointPersistsEvents()
    {
-        using var factory = new ScannerApplicationFactory();
+        await using var factory = new ScannerApplicationFactory();
+        await factory.InitializeAsync();
        using var client = factory.CreateClient();

        var request = new RuntimeEventsIngestRequestDto
@@ -62,7 +63,8 @@ public sealed class RuntimeEndpointsTests
        [Fact]
    public async Task RuntimeEventsEndpointRejectsUnsupportedSchema()
    {
-        using var factory = new ScannerApplicationFactory();
+        await using var factory = new ScannerApplicationFactory();
+        await factory.InitializeAsync();
        using var client = factory.CreateClient();

        var envelope = CreateEnvelope("evt-100", schemaVersion: "zastava.runtime.event@v2.0");
@@ -80,13 +82,14 @@ public sealed class RuntimeEndpointsTests
        [Fact]
    public async Task RuntimeEventsEndpointEnforcesRateLimit()
    {
-        using var factory = new ScannerApplicationFactory().WithOverrides(configuration =>
+        await using var factory = new ScannerApplicationFactory().WithOverrides(configuration =>
        {
            configuration["scanner:runtime:perNodeBurst"] = "1";
            configuration["scanner:runtime:perNodeEventsPerSecond"] = "1";
            configuration["scanner:runtime:perTenantBurst"] = "1";
            configuration["scanner:runtime:perTenantEventsPerSecond"] = "1";
        });
+        await factory.InitializeAsync();
        using var client = factory.CreateClient();

        var request = new RuntimeEventsIngestRequestDto
@@ -112,10 +115,11 @@ public sealed class RuntimeEndpointsTests
        [Fact]
    public async Task RuntimePolicyEndpointReturnsDecisions()
    {
-        using var factory = new ScannerApplicationFactory().WithOverrides(configuration =>
+        await using var factory = new ScannerApplicationFactory().WithOverrides(configuration =>
        {
            configuration["scanner:runtime:policyCacheTtlSeconds"] = "600";
        });
+        await factory.InitializeAsync();

        const string imageDigest = "sha256:deadbeef";

@@ -170,20 +174,20 @@ rules:

            await links.UpsertAsync(new LinkDocument
            {
-                Id = Guid.NewGuid().ToString("N"),
+                Id = "link-0001",
                FromType = LinkSourceType.Image,
                FromDigest = imageDigest,
                ArtifactId = sbomArtifactId,
-                CreatedAtUtc = DateTime.UtcNow
+                CreatedAtUtc = FixedUtc
            }, TestContext.Current.CancellationToken);

            await links.UpsertAsync(new LinkDocument
            {
-                Id = Guid.NewGuid().ToString("N"),
+                Id = "link-0002",
                FromType = LinkSourceType.Image,
                FromDigest = imageDigest,
                ArtifactId = attestationArtifactId,
-                CreatedAtUtc = DateTime.UtcNow
+                CreatedAtUtc = FixedUtc
            }, TestContext.Current.CancellationToken);
        }

@@ -195,7 +199,10 @@ rules:
                CreateEnvelope("evt-211", imageDigest: imageDigest, buildId: "1122AABBCCDDEEFF00112233445566778899AABB")
            }
        };
-        var ingestResponse = await client.PostAsJsonAsync("/api/v1/runtime/events", ingestRequest);
+        var ingestResponse = await client.PostAsJsonAsync(
+            "/api/v1/runtime/events",
+            ingestRequest,
+            TestContext.Current.CancellationToken);
        Assert.Equal(HttpStatusCode.Accepted, ingestResponse.StatusCode);

        var request = new RuntimePolicyRequestDto
@@ -205,7 +212,10 @@ rules:
            Labels = new Dictionary<string, string> { ["app"] = "api" }
        };

-        var response = await client.PostAsJsonAsync("/api/v1/policy/runtime", request);
+        var response = await client.PostAsJsonAsync(
+            "/api/v1/policy/runtime",
+            request,
+            TestContext.Current.CancellationToken);
        Assert.Equal(HttpStatusCode.OK, response.StatusCode);

        var raw = await response.Content.ReadAsStringAsync();
@@ -214,7 +224,7 @@ rules:
        Assert.True(payload is not null, $"Runtime policy response: {raw}");
        Assert.Equal(600, payload!.TtlSeconds);
        Assert.NotNull(payload.PolicyRevision);
-        Assert.True(payload.ExpiresAtUtc > DateTimeOffset.UtcNow);
+        Assert.True(payload.ExpiresAtUtc > FixedNow);

        var decision = payload.Results[imageDigest];
        Assert.Equal("pass", decision.PolicyVerdict);
@@ -232,7 +242,6 @@ rules:
        Assert.NotNull(decision.BuildIds);
        Assert.Contains("1122aabbccddeeff00112233445566778899aabb", decision.BuildIds!);
        var metadataString = decision.Metadata;
-        Console.WriteLine($"Runtime policy metadata: {metadataString ?? "<null>"}");
        Assert.False(string.IsNullOrWhiteSpace(metadataString));
        using var metadataDocument = JsonDocument.Parse(decision.Metadata!);
        Assert.True(metadataDocument.RootElement.TryGetProperty("heuristics", out _));
@@ -242,7 +251,8 @@ rules:
        [Fact]
    public async Task RuntimePolicyEndpointFlagsUnsignedAndMissingSbom()
    {
-        using var factory = new ScannerApplicationFactory();
+        await using var factory = new ScannerApplicationFactory();
+        await factory.InitializeAsync();
        using var client = factory.CreateClient();

        const string imageDigest = "sha256:feedface";
@@ -268,10 +278,10 @@ rules: []
        {
            Namespace = "payments",
            Images = new[] { imageDigest }
-        });
+        }, TestContext.Current.CancellationToken);

        Assert.Equal(HttpStatusCode.OK, response.StatusCode);
-        var payload = await response.Content.ReadFromJsonAsync<RuntimePolicyResponseDto>();
+        var payload = await response.Content.ReadFromJsonAsync<RuntimePolicyResponseDto>(TestContext.Current.CancellationToken);
        Assert.NotNull(payload);
        var decision = payload!.Results[imageDigest];

@@ -299,7 +309,8 @@ rules: []
        [Fact]
    public async Task RuntimePolicyEndpointValidatesRequest()
    {
-        using var factory = new ScannerApplicationFactory();
+        await using var factory = new ScannerApplicationFactory();
+        await factory.InitializeAsync();
        using var client = factory.CreateClient();

        var request = new RuntimePolicyRequestDto
@@ -307,7 +318,7 @@ rules: []
            Images = Array.Empty<string>()
        };

-        var response = await client.PostAsJsonAsync("/api/v1/policy/runtime", request);
+        var response = await client.PostAsJsonAsync("/api/v1/policy/runtime", request, TestContext.Current.CancellationToken);
        Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
    }

@@ -321,7 +332,7 @@ rules: []
        var runtimeEvent = new RuntimeEvent
        {
            EventId = eventId,
-            When = DateTimeOffset.UtcNow,
+            When = FixedNow,
            Kind = RuntimeEventKind.ContainerStart,
            Tenant = "tenant-alpha",
            Node = "node-a",
@@ -363,4 +374,7 @@ rules: []
            Event = runtimeEvent
        };
    }
+
+    private static readonly DateTimeOffset FixedNow = new(2026, 1, 1, 0, 0, 0, TimeSpan.Zero);
+    private static readonly DateTime FixedUtc = new(2026, 1, 1, 0, 0, 0, DateTimeKind.Utc);
 }