up

2025-12-14 23:20:14 +02:00
parent 3411e825cd
commit b058dbe031
356 changed files with 68310 additions and 1108 deletions
--- a/src/Scanner/__Tests/StellaOps.Scanner.SmartDiff.Tests/Fixtures/smart-diff-predicate.v1.json
+++ b/src/Scanner/__Tests/StellaOps.Scanner.SmartDiff.Tests/Fixtures/smart-diff-predicate.v1.json
@@ -0,0 +1,86 @@
+{
+  "schemaVersion": "1.0.0",
+  "baseImage": {
+    "digest": "sha256:aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+    "name": "example/base",
+    "tag": "1.0"
+  },
+  "targetImage": {
+    "digest": "sha256:bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb",
+    "name": "example/target",
+    "tag": "2.0"
+  },
+  "diff": {
+    "filesAdded": [
+      "./b.txt",
+      "./a.txt"
+    ],
+    "filesRemoved": [
+      "./z.txt"
+    ],
+    "filesChanged": [
+      {
+        "path": "./src/app.cs",
+        "hunks": [
+          {
+            "startLine": 1,
+            "lineCount": 2,
+            "content": "changed"
+          }
+        ],
+        "fromHash": "old",
+        "toHash": "new"
+      }
+    ],
+    "packagesChanged": [
+      {
+        "name": "openssl",
+        "from": "1.1.1u",
+        "to": "3.0.14",
+        "purl": "pkg:deb/openssl@3.0.14"
+      }
+    ],
+    "packagesAdded": [
+      {
+        "name": "curl",
+        "version": "8.5.0",
+        "purl": "pkg:deb/curl@8.5.0"
+      }
+    ],
+    "packagesRemoved": [
+      {
+        "name": "wget",
+        "version": "1.21.1",
+        "purl": "pkg:deb/wget@1.21.1"
+      }
+    ]
+  },
+  "reachabilityGate": {
+    "reachable": true,
+    "configActivated": true,
+    "runningUser": false,
+    "class": 6,
+    "rationale": "fixture"
+  },
+  "scanner": {
+    "name": "StellaOps.Scanner",
+    "version": "10.0.0",
+    "ruleset": "reachability-2025.12"
+  },
+  "context": {
+    "entrypoint": [
+      "/app/start"
+    ],
+    "env": {
+      "FEATURE_X": "true"
+    },
+    "user": {
+      "uid": 1001,
+      "caps": [
+        "NET_BIND_SERVICE"
+      ]
+    }
+  },
+  "suppressedCount": 0
+}
+
--- a/src/Scanner/__Tests/StellaOps.Scanner.SmartDiff.Tests/PredicateGoldenFixtureTests.cs
+++ b/src/Scanner/__Tests/StellaOps.Scanner.SmartDiff.Tests/PredicateGoldenFixtureTests.cs
@@ -0,0 +1,83 @@
+using System;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.IO;
+using System.Text;
+using System.Text.Json;
+using System.Text.Json.Serialization;
+using StellaOps.Scanner.SmartDiff;
+using Xunit;
+
+namespace StellaOps.Scanner.SmartDiff.Tests;
+
+public sealed class PredicateGoldenFixtureTests
+{
+    [Fact]
+    public void Serialize_MatchesGoldenFixture()
+    {
+        var predicate = new SmartDiffPredicate(
+            SchemaVersion: SmartDiffPredicate.CurrentSchemaVersion,
+            BaseImage: new ImageReference(Digest: "sha256:" + new string('a', 64), Name: "example/base", Tag: "1.0"),
+            TargetImage: new ImageReference(Digest: "sha256:" + new string('b', 64), Name: "example/target", Tag: "2.0"),
+            Diff: new DiffPayload(
+                FilesAdded: ["./b.txt", "./a.txt"],
+                FilesRemoved: ["./z.txt"],
+                FilesChanged:
+                [
+                    new FileChange("./src/app.cs", Hunks: [new DiffHunk(1, 2, "changed")], FromHash: "old", ToHash: "new"),
+                ],
+                PackagesChanged:
+                [
+                    new PackageChange("openssl", From: "1.1.1u", To: "3.0.14", Purl: "pkg:deb/openssl@3.0.14"),
+                ],
+                PackagesAdded:
+                [
+                    new PackageRef("curl", Version: "8.5.0", Purl: "pkg:deb/curl@8.5.0"),
+                ],
+                PackagesRemoved:
+                [
+                    new PackageRef("wget", Version: "1.21.1", Purl: "pkg:deb/wget@1.21.1"),
+                ]),
+            ReachabilityGate: ReachabilityGate.Create(reachable: true, configActivated: true, runningUser: false, rationale: "fixture"),
+            Scanner: new ScannerInfo(Name: "StellaOps.Scanner", Version: "10.0.0", Ruleset: "reachability-2025.12"),
+            Context: new RuntimeContext(
+                Entrypoint: ["/app/start"],
+                Env: ImmutableDictionary.CreateRange(new[]
+                {
+                    new KeyValuePair<string, string>("FEATURE_X", "true"),
+                }),
+                User: new UserContext(Uid: 1001, Caps: ["NET_BIND_SERVICE"])),
+            SuppressedCount: 0,
+            MaterialChanges: null);
+
+        var json = SmartDiffJsonSerializer.Serialize(predicate, indent: true);
+
+        var fixturePath = Path.Combine(AppContext.BaseDirectory, "Fixtures", "smart-diff-predicate.v1.json");
+        var expected = File.ReadAllText(fixturePath, Encoding.UTF8);
+
+        Assert.Equal(Normalize(expected), Normalize(json));
+    }
+
+    [Fact]
+    public void Serialize_UsesSnakeCaseEnumMemberNames()
+    {
+        var change = new MaterialChange(
+            FindingKey: new FindingKey("pkg:npm/example", "1.0.0", "CVE-2025-1234"),
+            ChangeType: MaterialChangeType.ReachabilityFlip,
+            Reason: "test");
+
+        var json = JsonSerializer.Serialize(change, new JsonSerializerOptions
+        {
+            Converters =
+            {
+                new JsonStringEnumConverter(),
+            }
+        });
+
+        using var parsed = JsonDocument.Parse(json);
+        Assert.Equal("reachability_flip", parsed.RootElement.GetProperty("changeType").GetString());
+    }
+
+    private static string Normalize(string input)
+        => input.Replace("\r\n", "\n", StringComparison.Ordinal).Trim();
+}
--- a/src/Scanner/__Tests/StellaOps.Scanner.SmartDiff.Tests/ReachabilityGateTests.cs
+++ b/src/Scanner/__Tests/StellaOps.Scanner.SmartDiff.Tests/ReachabilityGateTests.cs
@@ -0,0 +1,57 @@
+using System.Text.Json;
+using StellaOps.Scanner.SmartDiff;
+using Xunit;
+
+namespace StellaOps.Scanner.SmartDiff.Tests;
+
+public sealed class ReachabilityGateTests
+{
+    [Theory]
+    [InlineData(false, false, false, 0)]
+    [InlineData(false, false, true, 1)]
+    [InlineData(false, true, false, 2)]
+    [InlineData(false, true, true, 3)]
+    [InlineData(true, false, false, 4)]
+    [InlineData(true, false, true, 5)]
+    [InlineData(true, true, false, 6)]
+    [InlineData(true, true, true, 7)]
+    public void ComputeClass_Returns0To7_WhenAllKnown(bool reachable, bool configActivated, bool runningUser, int expected)
+    {
+        Assert.Equal(expected, ReachabilityGate.ComputeClass(reachable, configActivated, runningUser));
+    }
+
+    [Theory]
+    [InlineData(null, false, false)]
+    [InlineData(false, null, false)]
+    [InlineData(false, false, null)]
+    [InlineData(null, null, false)]
+    [InlineData(null, false, null)]
+    [InlineData(false, null, null)]
+    [InlineData(null, null, null)]
+    public void ComputeClass_ReturnsMinus1_WhenAnyUnknown(bool? reachable, bool? configActivated, bool? runningUser)
+    {
+        Assert.Equal(-1, ReachabilityGate.ComputeClass(reachable, configActivated, runningUser));
+    }
+
+    [Fact]
+    public void Serialize_UsesSchemaFieldNames()
+    {
+        var gate = ReachabilityGate.Create(
+            reachable: true,
+            configActivated: false,
+            runningUser: true,
+            rationale: "Unit test");
+
+        var json = JsonSerializer.Serialize(gate);
+        using var parsed = JsonDocument.Parse(json);
+
+        var root = parsed.RootElement;
+        Assert.True(root.TryGetProperty("reachable", out _));
+        Assert.True(root.TryGetProperty("configActivated", out _));
+        Assert.True(root.TryGetProperty("runningUser", out _));
+        Assert.True(root.TryGetProperty("class", out var classValue));
+        Assert.Equal(5, classValue.GetInt32());
+        Assert.Equal("Unit test", root.GetProperty("rationale").GetString());
+    }
+}
+
--- a/src/Scanner/__Tests/StellaOps.Scanner.SmartDiff.Tests/StellaOps.Scanner.SmartDiff.Tests.csproj
+++ b/src/Scanner/__Tests/StellaOps.Scanner.SmartDiff.Tests/StellaOps.Scanner.SmartDiff.Tests.csproj
@@ -0,0 +1,24 @@
+<?xml version='1.0' encoding='utf-8'?>
+<Project Sdk="Microsoft.NET.Sdk">
+  <PropertyGroup>
+    <TargetFramework>net10.0</TargetFramework>
+    <LangVersion>preview</LangVersion>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+    <UseConcelierTestInfra>false</UseConcelierTestInfra>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.14.0" />
+    <PackageReference Include="xunit" Version="2.9.3" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="3.0.1" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="../../__Libraries/StellaOps.Scanner.SmartDiff/StellaOps.Scanner.SmartDiff.csproj" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <None Include="Fixtures\**\*" CopyToOutputDirectory="PreserveNewest" />
+  </ItemGroup>
+</Project>