Add unit tests for RancherHubConnector and various exporters

- Implemented tests for RancherHubConnector to validate fetching documents, handling errors, and managing state. - Added tests for CsafExporter to ensure deterministic serialization of CSAF documents. - Created tests for CycloneDX exporters and reconciler to verify correct handling of VEX claims and output structure. - Developed OpenVEX exporter tests to confirm the generation of canonical OpenVEX documents and statement merging logic. - Introduced Rust file caching and license scanning functionality, including a cache key structure and hash computation. - Added sample Cargo.toml and LICENSE files for testing Rust license scanning functionality.
2025-10-30 07:52:39 +02:00
parent 0bc882e75a
commit a3822c88cd
62 changed files with 3631 additions and 423 deletions
--- a/src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Java.Tests/Java/JavaReflectionAnalyzerTests.cs
+++ b/src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Java.Tests/Java/JavaReflectionAnalyzerTests.cs
@@ -77,26 +77,59 @@ public sealed class JavaReflectionAnalyzerTests
    }

    [Fact]
-    public void Analyze_SpringBootFatJar_ScansEmbeddedAndBootSegments()
-    {
-        var root = TestPaths.CreateTemporaryDirectory();
-        try
-        {
-            JavaFixtureBuilder.CreateSpringBootFatJar(root, "apps/app-fat.jar");
-
-            var cancellationToken = TestContext.Current.CancellationToken;
-            var context = new LanguageAnalyzerContext(root, TimeProvider.System);
-            var workspace = JavaWorkspaceNormalizer.Normalize(context, cancellationToken);
-            var classPath = JavaClassPathBuilder.Build(workspace, cancellationToken);
-            var analysis = JavaReflectionAnalyzer.Analyze(classPath, cancellationToken);
-
-            // Expect at least one edge originating from BOOT-INF classes
-            Assert.Contains(analysis.Edges, edge => edge.SourceClass == "com.example.App" && edge.Reason == JavaReflectionReason.ClassForName);
-            Assert.Contains(analysis.Edges, edge => edge.SourceClass == "com.example.Lib" && edge.Reason == JavaReflectionReason.ClassForName);
-        }
-        finally
-        {
-            TestPaths.SafeDelete(root);
-        }
-    }
-}
+    public void Analyze_SpringBootFatJar_ScansEmbeddedAndBootSegments()
+    {
+        var root = TestPaths.CreateTemporaryDirectory();
+        try
+        {
+            JavaFixtureBuilder.CreateSpringBootFatJar(root, "apps/app-fat.jar");
+
+            var cancellationToken = TestContext.Current.CancellationToken;
+            var context = new LanguageAnalyzerContext(root, TimeProvider.System);
+            var workspace = JavaWorkspaceNormalizer.Normalize(context, cancellationToken);
+            var classPath = JavaClassPathBuilder.Build(workspace, cancellationToken);
+            var analysis = JavaReflectionAnalyzer.Analyze(classPath, cancellationToken);
+
+            // Expect at least one edge originating from BOOT-INF classes
+            Assert.Contains(analysis.Edges, edge => edge.SourceClass == "com.example.App" && edge.Reason == JavaReflectionReason.ClassForName);
+            Assert.Contains(analysis.Edges, edge => edge.SourceClass == "com.example.Lib" && edge.Reason == JavaReflectionReason.ClassForName);
+        }
+        finally
+        {
+            TestPaths.SafeDelete(root);
+        }
+    }
+
+    [Fact]
+    public void Analyze_ClassResourceLookup_ProducesResourceEdge()
+    {
+        var root = TestPaths.CreateTemporaryDirectory();
+        try
+        {
+            var jarPath = Path.Combine(root, "libs", "resources.jar");
+            Directory.CreateDirectory(Path.GetDirectoryName(jarPath)!);
+            using (var archive = new ZipArchive(new FileStream(jarPath, FileMode.Create, FileAccess.ReadWrite, FileShare.None), ZipArchiveMode.Create, leaveOpen: false))
+            {
+                var entry = archive.CreateEntry("com/example/Resources.class");
+                var bytes = JavaClassFileFactory.CreateClassResourceLookup("com/example/Resources", "/META-INF/plugin.properties");
+                using var stream = entry.Open();
+                stream.Write(bytes);
+            }
+
+            var cancellationToken = TestContext.Current.CancellationToken;
+            var context = new LanguageAnalyzerContext(root, TimeProvider.System);
+            var workspace = JavaWorkspaceNormalizer.Normalize(context, cancellationToken);
+            var classPath = JavaClassPathBuilder.Build(workspace, cancellationToken);
+            var analysis = JavaReflectionAnalyzer.Analyze(classPath, cancellationToken);
+
+            var edge = Assert.Single(analysis.Edges.Where(edge => edge.Reason == JavaReflectionReason.ResourceLookup));
+            Assert.Equal("com.example.Resources", edge.SourceClass);
+            Assert.Equal("/META-INF/plugin.properties", edge.TargetType);
+            Assert.Equal(JavaReflectionConfidence.High, edge.Confidence);
+        }
+        finally
+        {
+            TestPaths.SafeDelete(root);
+        }
+    }
+}