stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity

Add comprehensive security tests for OWASP A03 (Injection) and A10 (SSRF)
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details

Browse Source 
- Implemented InjectionTests.cs to cover various injection vulnerabilities including SQL, NoSQL, Command, LDAP, and XPath injections.
- Created SsrfTests.cs to test for Server-Side Request Forgery (SSRF) vulnerabilities, including internal URL access, cloud metadata access, and URL allowlist bypass attempts.
- Introduced MaliciousPayloads.cs to store a collection of malicious payloads for testing various security vulnerabilities.
- Added SecurityAssertions.cs for common security-specific assertion helpers.
- Established SecurityTestBase.cs as a base class for security tests, providing common infrastructure and mocking utilities.
- Configured the test project StellaOps.Security.Tests.csproj with necessary dependencies for testing.
This commit is contained in:
master
2025-12-16 13:11:57 +02:00
parent 5a480a3c2a
commit b55d9fa68d
72 changed files with 8051 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
bench/baselines/ttfs-baseline.json Normal file
View File

@@ -0,0 +1,56 @@
{
"$schema": "https://json-schema.org/draft-07/schema#",
"title": "TTFS Baseline",
"description": "Time-to-First-Signal baseline metrics for regression detection",
"version": "1.0.0",
"created_at": "2025-12-16T00:00:00Z",
"updated_at": "2025-12-16T00:00:00Z",
"metrics": {
"ttfs_ms": {
"p50": 1500,
"p95": 4000,
"p99": 6000,
"min": 500,
"max": 10000,
"mean": 2000,
"sample_count": 500
},
"by_scan_type": {
"image_scan": {
"p50": 2500,
"p95": 5000,
"p99": 7500,
"description": "Container image scanning TTFS baseline"
},
"filesystem_scan": {
"p50": 1000,
"p95": 2000,
"p99": 3000,
"description": "Filesystem/directory scanning TTFS baseline"
},
"sbom_scan": {
"p50": 400,
"p95": 800,
"p99": 1200,
"description": "SBOM-only scanning TTFS baseline"
}
}
},
"thresholds": {
"p50_max_ms": 2000,
"p95_max_ms": 5000,
"p99_max_ms": 8000,
"max_regression_pct": 10,
"description": "Thresholds that will trigger CI gate failures"
},
"collection_info": {
"test_environment": "ci-standard-runner",
"runner_specs": {
"cpu_cores": 4,
"memory_gb": 8,
"storage_type": "ssd"
},
"sample_corpus": "tests/reachability/corpus",
"collection_window_days": 30
}
}