stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Refactor code structure and optimize performance across multiple modules

Browse Source
This commit is contained in:
StellaOps Bot
2025-12-26 20:03:22 +02:00
parent c786faae84
commit b4fc66feb6
3353 changed files with 88254 additions and 1590657 deletions
Download Patch File Download Diff File Expand all files Collapse all files

148
src/Scanner/__Tests/StellaOps.Scanner.Reachability.Tests/IacBoundaryExtractorTests.cs
View File

@@ -9,6 +9,7 @@ using StellaOps.Scanner.Reachability.Boundary;
using StellaOps.Scanner.Reachability.Gates;
using Xunit;
using StellaOps.TestKit;
namespace StellaOps.Scanner.Reachability.Tests;
public class IacBoundaryExtractorTests
@@ -23,13 +24,15 @@ public class IacBoundaryExtractorTests
#region Priority and CanHandle
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Priority_Returns150_BetweenBaseAndK8s()
{
Assert.Equal(150, _extractor.Priority);
}
[Theory]
[Trait("Category", TestCategories.Unit)]
[Theory]
[InlineData("terraform", true)]
[InlineData("Terraform", true)]
[InlineData("cloudformation", true)]
@@ -46,7 +49,8 @@ public class IacBoundaryExtractorTests
Assert.Equal(expected, _extractor.CanHandle(context));
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void CanHandle_WithTerraformAnnotations_ReturnsTrue()
{
var context = BoundaryExtractionContext.Empty with
@@ -60,7 +64,8 @@ public class IacBoundaryExtractorTests
Assert.True(_extractor.CanHandle(context));
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void CanHandle_WithCloudFormationAnnotations_ReturnsTrue()
{
var context = BoundaryExtractionContext.Empty with
@@ -74,7 +79,8 @@ public class IacBoundaryExtractorTests
Assert.True(_extractor.CanHandle(context));
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void CanHandle_WithHelmAnnotations_ReturnsTrue()
{
var context = BoundaryExtractionContext.Empty with
@@ -88,7 +94,8 @@ public class IacBoundaryExtractorTests
Assert.True(_extractor.CanHandle(context));
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void CanHandle_WithEmptyAnnotations_ReturnsFalse()
{
var context = BoundaryExtractionContext.Empty;
@@ -99,7 +106,8 @@ public class IacBoundaryExtractorTests
#region IaC Type Detection
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithTerraformSource_ReturnsTerraformIacSource()
{
var root = new RichGraphRoot("root-1", "terraform", null);
@@ -114,7 +122,8 @@ public class IacBoundaryExtractorTests
Assert.Equal("iac:terraform", result.Source);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithCloudFormationSource_ReturnsCloudFormationIacSource()
{
var root = new RichGraphRoot("root-1", "cloudformation", null);
@@ -129,7 +138,8 @@ public class IacBoundaryExtractorTests
Assert.Equal("iac:cloudformation", result.Source);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithCfnSource_ReturnsCloudFormationIacSource()
{
var root = new RichGraphRoot("root-1", "cfn", null);
@@ -144,7 +154,8 @@ public class IacBoundaryExtractorTests
Assert.Equal("iac:cloudformation", result.Source);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithPulumiSource_ReturnsPulumiIacSource()
{
var root = new RichGraphRoot("root-1", "pulumi", null);
@@ -159,7 +170,8 @@ public class IacBoundaryExtractorTests
Assert.Equal("iac:pulumi", result.Source);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithHelmSource_ReturnsHelmIacSource()
{
var root = new RichGraphRoot("root-1", "helm", null);
@@ -178,7 +190,8 @@ public class IacBoundaryExtractorTests
#region Terraform Exposure Detection
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithTerraformPublicSecurityGroup_ReturnsPublicExposure()
{
var root = new RichGraphRoot("root-1", "terraform", null);
@@ -199,7 +212,8 @@ public class IacBoundaryExtractorTests
Assert.True(result.Exposure.InternetFacing);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithTerraformInternetFacingAlb_ReturnsPublicExposure()
{
var root = new RichGraphRoot("root-1", "terraform", null);
@@ -220,7 +234,8 @@ public class IacBoundaryExtractorTests
Assert.True(result.Exposure.InternetFacing);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithTerraformPublicIp_ReturnsPublicExposure()
{
var root = new RichGraphRoot("root-1", "terraform", null);
@@ -241,7 +256,8 @@ public class IacBoundaryExtractorTests
Assert.True(result.Exposure.InternetFacing);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithTerraformPrivateResource_ReturnsInternalExposure()
{
var root = new RichGraphRoot("root-1", "terraform", null);
@@ -266,7 +282,8 @@ public class IacBoundaryExtractorTests
#region CloudFormation Exposure Detection
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithCloudFormationPublicSecurityGroup_ReturnsPublicExposure()
{
var root = new RichGraphRoot("root-1", "cloudformation", null);
@@ -287,7 +304,8 @@ public class IacBoundaryExtractorTests
Assert.True(result.Exposure.InternetFacing);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithCloudFormationInternetFacingElb_ReturnsPublicExposure()
{
var root = new RichGraphRoot("root-1", "cloudformation", null);
@@ -308,7 +326,8 @@ public class IacBoundaryExtractorTests
Assert.True(result.Exposure.InternetFacing);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithCloudFormationApiGateway_ReturnsPublicExposure()
{
var root = new RichGraphRoot("root-1", "cloudformation", null);
@@ -333,7 +352,8 @@ public class IacBoundaryExtractorTests
#region Helm Exposure Detection
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithHelmIngressEnabled_ReturnsPublicExposure()
{
var root = new RichGraphRoot("root-1", "helm", null);
@@ -354,7 +374,8 @@ public class IacBoundaryExtractorTests
Assert.True(result.Exposure.InternetFacing);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithHelmLoadBalancerService_ReturnsPublicExposure()
{
var root = new RichGraphRoot("root-1", "helm", null);
@@ -375,7 +396,8 @@ public class IacBoundaryExtractorTests
Assert.True(result.Exposure.InternetFacing);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithHelmClusterIpService_ReturnsPrivateExposure()
{
var root = new RichGraphRoot("root-1", "helm", null);
@@ -400,7 +422,8 @@ public class IacBoundaryExtractorTests
#region Auth Detection
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithIamAuth_ReturnsIamAuthType()
{
var root = new RichGraphRoot("root-1", "terraform", null);
@@ -422,7 +445,8 @@ public class IacBoundaryExtractorTests
Assert.Equal("aws-iam", result.Auth.Provider);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithCognitoAuth_ReturnsOAuth2AuthType()
{
var root = new RichGraphRoot("root-1", "cloudformation", null);
@@ -444,7 +468,8 @@ public class IacBoundaryExtractorTests
Assert.Equal("cognito", result.Auth.Provider);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithAzureAdAuth_ReturnsOAuth2AuthType()
{
var root = new RichGraphRoot("root-1", "terraform", null);
@@ -466,7 +491,8 @@ public class IacBoundaryExtractorTests
Assert.Equal("azure-ad", result.Auth.Provider);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithMtlsAuth_ReturnsMtlsAuthType()
{
var root = new RichGraphRoot("root-1", "terraform", null);
@@ -487,7 +513,8 @@ public class IacBoundaryExtractorTests
Assert.Equal("mtls", result.Auth.Type);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithNoAuth_ReturnsNullAuth()
{
var root = new RichGraphRoot("root-1", "terraform", null);
@@ -506,7 +533,8 @@ public class IacBoundaryExtractorTests
#region Controls Detection
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithSecurityGroup_ReturnsSecurityGroupControl()
{
var root = new RichGraphRoot("root-1", "terraform", null);
@@ -526,7 +554,8 @@ public class IacBoundaryExtractorTests
Assert.Contains(result.Controls, c => c.Type == "security_group");
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithWaf_ReturnsWafControl()
{
var root = new RichGraphRoot("root-1", "terraform", null);
@@ -546,7 +575,8 @@ public class IacBoundaryExtractorTests
Assert.Contains(result.Controls, c => c.Type == "waf");
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithVpc_ReturnsNetworkIsolationControl()
{
var root = new RichGraphRoot("root-1", "terraform", null);
@@ -566,7 +596,8 @@ public class IacBoundaryExtractorTests
Assert.Contains(result.Controls, c => c.Type == "network_isolation");
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithNacl_ReturnsNetworkAclControl()
{
var root = new RichGraphRoot("root-1", "terraform", null);
@@ -586,7 +617,8 @@ public class IacBoundaryExtractorTests
Assert.Contains(result.Controls, c => c.Type == "network_acl");
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithDdosProtection_ReturnsDdosControl()
{
var root = new RichGraphRoot("root-1", "terraform", null);
@@ -606,7 +638,8 @@ public class IacBoundaryExtractorTests
Assert.Contains(result.Controls, c => c.Type == "ddos_protection");
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithTls_ReturnsEncryptionControl()
{
var root = new RichGraphRoot("root-1", "terraform", null);
@@ -626,7 +659,8 @@ public class IacBoundaryExtractorTests
Assert.Contains(result.Controls, c => c.Type == "encryption_in_transit");
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithPrivateEndpoint_ReturnsPrivateEndpointControl()
{
var root = new RichGraphRoot("root-1", "terraform", null);
@@ -646,7 +680,8 @@ public class IacBoundaryExtractorTests
Assert.Contains(result.Controls, c => c.Type == "private_endpoint");
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithMultipleControls_ReturnsAllControls()
{
var root = new RichGraphRoot("root-1", "terraform", null);
@@ -668,7 +703,8 @@ public class IacBoundaryExtractorTests
Assert.Equal(3, result.Controls.Count);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithNoControls_ReturnsNullControls()
{
var root = new RichGraphRoot("root-1", "terraform", null);
@@ -687,7 +723,8 @@ public class IacBoundaryExtractorTests
#region Surface Detection
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithHelmIngressPath_ReturnsSurfaceWithPath()
{
var root = new RichGraphRoot("root-1", "helm", null);
@@ -707,7 +744,8 @@ public class IacBoundaryExtractorTests
Assert.Equal("/api/v1", result.Surface.Path);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithHelmIngressHost_ReturnsSurfaceWithHost()
{
var root = new RichGraphRoot("root-1", "helm", null);
@@ -727,7 +765,8 @@ public class IacBoundaryExtractorTests
Assert.Equal("api.example.com", result.Surface.Host);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_DefaultSurfaceType_ReturnsInfrastructure()
{
var root = new RichGraphRoot("root-1", "terraform", null);
@@ -743,7 +782,8 @@ public class IacBoundaryExtractorTests
Assert.Equal("infrastructure", result.Surface.Type);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_DefaultProtocol_ReturnsHttps()
{
var root = new RichGraphRoot("root-1", "terraform", null);
@@ -763,7 +803,8 @@ public class IacBoundaryExtractorTests
#region Confidence and Metadata
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_BaseConfidence_Returns0Point6()
{
var root = new RichGraphRoot("root-1", "iac", null);
@@ -778,7 +819,8 @@ public class IacBoundaryExtractorTests
Assert.Equal(0.6, result.Confidence, precision: 2);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithKnownIacType_IncreasesConfidence()
{
var root = new RichGraphRoot("root-1", "terraform", null);
@@ -793,7 +835,8 @@ public class IacBoundaryExtractorTests
Assert.Equal(0.7, result.Confidence, precision: 2);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithSecurityResources_IncreasesConfidence()
{
var root = new RichGraphRoot("root-1", "terraform", null);
@@ -812,7 +855,8 @@ public class IacBoundaryExtractorTests
Assert.Equal(0.8, result.Confidence, precision: 2);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_MaxConfidence_CapsAt0Point85()
{
var root = new RichGraphRoot("root-1", "terraform", null);
@@ -833,7 +877,8 @@ public class IacBoundaryExtractorTests
Assert.True(result.Confidence <= 0.85);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_ReturnsNetworkKind()
{
var root = new RichGraphRoot("root-1", "terraform", null);
@@ -848,7 +893,8 @@ public class IacBoundaryExtractorTests
Assert.Equal("network", result.Kind);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_BuildsEvidenceRef_WithIacType()
{
var root = new RichGraphRoot("root-123", "terraform", null);
@@ -869,7 +915,8 @@ public class IacBoundaryExtractorTests
#region ExtractAsync
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public async Task ExtractAsync_ReturnsSameResultAsExtract()
{
var root = new RichGraphRoot("root-1", "terraform", null);
@@ -896,14 +943,16 @@ public class IacBoundaryExtractorTests
#region Edge Cases
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithNullRoot_ThrowsArgumentNullException()
{
var context = BoundaryExtractionContext.Empty with { Source = "terraform" };
Assert.Throws<ArgumentNullException>(() => _extractor.Extract(null!, null, context));
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WhenCannotHandle_ReturnsNull()
{
var root = new RichGraphRoot("root-1", "k8s", null);
@@ -914,7 +963,8 @@ public class IacBoundaryExtractorTests
Assert.Null(result);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithLoadBalancer_SetsBehindProxyTrue()
{
var root = new RichGraphRoot("root-1", "terraform", null);