stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

docs re-org, audit fixes, build fixes

Browse Source
This commit is contained in:
StellaOps Bot
2026-01-05 09:35:33 +02:00
parent eca4e964d3
commit dfab8a29c3
173 changed files with 1276 additions and 560 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/AirGap/StellaOps.AirGap.Controller/Auth/HeaderScopeAuthenticationHandler.cs
View File

@@ -72,6 +72,11 @@ public sealed class HeaderScopeAuthenticationHandler : AuthenticationHandler<Aut
foreach (var value in values)
{
if (string.IsNullOrEmpty(value))
{
continue;
}
foreach (var scope in value.Split(' ', StringSplitOptions.RemoveEmptyEntries | StringSplitOptions.TrimEntries))
{
scopes.Add(scope);

18
src/AirGap/__Libraries/__Tests/StellaOps.AirGap.Bundle.Tests/AirGapIntegrationTests.cs
View File

@@ -72,7 +72,8 @@ public sealed class AirGapIntegrationTests : IDisposable
null,
new[] { new FeedBuildConfig("nvd-feed", "nvd", "2025-06-15", feedPath, "feeds/nvd.json", DateTimeOffset.UtcNow, FeedFormat.StellaOpsNative) },
Array.Empty<PolicyBuildConfig>(),
Array.Empty<CryptoBuildConfig>());
Array.Empty<CryptoBuildConfig>(),
Array.Empty<RuleBundleBuildConfig>());
var bundleOutputPath = Path.Combine(_onlineEnvPath, "bundle");
@@ -120,7 +121,8 @@ public sealed class AirGapIntegrationTests : IDisposable
DateTimeOffset.UtcNow.AddDays(30),
new[] { new FeedBuildConfig("feed-1", "nvd", "v1", feedPath, "feeds/all-feeds.json", DateTimeOffset.UtcNow, FeedFormat.StellaOpsNative) },
new[] { new PolicyBuildConfig("policy-1", "default", "1.0", policyPath, "policies/default.rego", PolicyType.OpaRego) },
new[] { new CryptoBuildConfig("crypto-1", "trust-root", certPath, "certs/root.pem", CryptoComponentType.TrustRoot, null) });
new[] { new CryptoBuildConfig("crypto-1", "trust-root", certPath, "certs/root.pem", CryptoComponentType.TrustRoot, null) },
Array.Empty<RuleBundleBuildConfig>());
var bundlePath = Path.Combine(_onlineEnvPath, "multi-bundle");
@@ -161,7 +163,8 @@ public sealed class AirGapIntegrationTests : IDisposable
null,
new[] { new FeedBuildConfig("feed", "nvd", "v1", feedPath, "feeds/nvd.json", DateTimeOffset.UtcNow, FeedFormat.StellaOpsNative) },
Array.Empty<PolicyBuildConfig>(),
Array.Empty<CryptoBuildConfig>());
Array.Empty<CryptoBuildConfig>(),
Array.Empty<RuleBundleBuildConfig>());
var bundlePath = Path.Combine(_onlineEnvPath, "corrupt-source");
var manifest = await builder.BuildAsync(request, bundlePath);
@@ -219,7 +222,8 @@ public sealed class AirGapIntegrationTests : IDisposable
null,
Array.Empty<FeedBuildConfig>(),
new[] { new PolicyBuildConfig("security-policy", "security", "1.0", policyPath, "policies/security.rego", PolicyType.OpaRego) },
Array.Empty<CryptoBuildConfig>());
Array.Empty<CryptoBuildConfig>(),
Array.Empty<RuleBundleBuildConfig>());
var bundlePath = Path.Combine(_onlineEnvPath, "policy-bundle");
@@ -273,7 +277,8 @@ public sealed class AirGapIntegrationTests : IDisposable
new PolicyBuildConfig("policy-2", "policy2", "1.0", policy2Path, "policies/policy2.rego", PolicyType.OpaRego),
new PolicyBuildConfig("policy-3", "policy3", "1.0", policy3Path, "policies/policy3.rego", PolicyType.OpaRego)
},
Array.Empty<CryptoBuildConfig>());
Array.Empty<CryptoBuildConfig>(),
Array.Empty<RuleBundleBuildConfig>());
var bundlePath = Path.Combine(_onlineEnvPath, "multi-policy");
@@ -315,7 +320,8 @@ public sealed class AirGapIntegrationTests : IDisposable
null,
Array.Empty<FeedBuildConfig>(),
new[] { new PolicyBuildConfig("signed-policy", "signed", "1.0", policyPath, "policies/signed.rego", PolicyType.OpaRego) },
new[] { new CryptoBuildConfig("signing-cert", "signing", certPath, "certs/signing.pem", CryptoComponentType.SigningKey, null) });
new[] { new CryptoBuildConfig("signing-cert", "signing", certPath, "certs/signing.pem", CryptoComponentType.SigningKey, null) },
Array.Empty<RuleBundleBuildConfig>());
var bundlePath = Path.Combine(_onlineEnvPath, "signed-bundle");

18
src/AirGap/__Libraries/__Tests/StellaOps.AirGap.Bundle.Tests/BundleDeterminismTests.cs
View File

@@ -142,7 +142,8 @@ public sealed class BundleDeterminismTests : IAsyncLifetime
new DateTimeOffset(2024, 1, 1, 0, 0, 0, TimeSpan.Zero), FeedFormat.StellaOpsNative)
},
Array.Empty<PolicyBuildConfig>(),
Array.Empty<CryptoBuildConfig>());
Array.Empty<CryptoBuildConfig>(),
Array.Empty<RuleBundleBuildConfig>());
// Act - First export
var manifest1 = await builder.BuildAsync(request, outputPath1);
@@ -163,7 +164,8 @@ public sealed class BundleDeterminismTests : IAsyncLifetime
new DateTimeOffset(2024, 1, 1, 0, 0, 0, TimeSpan.Zero), FeedFormat.StellaOpsNative)
},
Array.Empty<PolicyBuildConfig>(),
Array.Empty<CryptoBuildConfig>());
Array.Empty<CryptoBuildConfig>(),
Array.Empty<RuleBundleBuildConfig>());
var manifest2 = await builder.BuildAsync(request2, outputPath2);
@@ -278,7 +280,8 @@ public sealed class BundleDeterminismTests : IAsyncLifetime
new FeedBuildConfig("f3", "osv", "v1", feed3, "feeds/f3.json", DateTimeOffset.UtcNow, FeedFormat.OsvJson)
},
Array.Empty<PolicyBuildConfig>(),
Array.Empty<CryptoBuildConfig>());
Array.Empty<CryptoBuildConfig>(),
Array.Empty<RuleBundleBuildConfig>());
// Act
var manifest = await builder.BuildAsync(request, Path.Combine(_tempRoot, "multi"));
@@ -332,7 +335,8 @@ public sealed class BundleDeterminismTests : IAsyncLifetime
new FeedBuildConfig("f1", "binary", "v1", source1, "data/binary.bin", DateTimeOffset.UtcNow, FeedFormat.StellaOpsNative)
},
Array.Empty<PolicyBuildConfig>(),
Array.Empty<CryptoBuildConfig>());
Array.Empty<CryptoBuildConfig>(),
Array.Empty<RuleBundleBuildConfig>());
var request2 = new BundleBuildRequest(
"binary-test",
@@ -343,7 +347,8 @@ public sealed class BundleDeterminismTests : IAsyncLifetime
new FeedBuildConfig("f1", "binary", "v1", source2, "data/binary.bin", DateTimeOffset.UtcNow, FeedFormat.StellaOpsNative)
},
Array.Empty<PolicyBuildConfig>(),
Array.Empty<CryptoBuildConfig>());
Array.Empty<CryptoBuildConfig>(),
Array.Empty<RuleBundleBuildConfig>());
// Act
var manifest1 = await builder.BuildAsync(request1, Path.Combine(_tempRoot, "bin1"));
@@ -407,7 +412,8 @@ public sealed class BundleDeterminismTests : IAsyncLifetime
new DateTimeOffset(2024, 1, 1, 0, 0, 0, TimeSpan.Zero), FeedFormat.StellaOpsNative)
},
Array.Empty<PolicyBuildConfig>(),
Array.Empty<CryptoBuildConfig>());
Array.Empty<CryptoBuildConfig>(),
Array.Empty<RuleBundleBuildConfig>());
}
private BundleManifest CreateDeterministicManifest(string name)

12
src/AirGap/__Libraries/__Tests/StellaOps.AirGap.Bundle.Tests/BundleExportImportTests.cs
View File

@@ -259,7 +259,8 @@ public sealed class BundleExportImportTests : IDisposable
null,
new[] { new FeedBuildConfig("feed-1", "nvd", "v1", feedFile1, "feeds/nvd.json", DateTimeOffset.Parse("2025-01-01T00:00:00Z"), FeedFormat.StellaOpsNative) },
Array.Empty<PolicyBuildConfig>(),
Array.Empty<CryptoBuildConfig>());
Array.Empty<CryptoBuildConfig>(),
Array.Empty<RuleBundleBuildConfig>());
var request2 = new BundleBuildRequest(
"determinism-test",
@@ -267,7 +268,8 @@ public sealed class BundleExportImportTests : IDisposable
null,
new[] { new FeedBuildConfig("feed-1", "nvd", "v1", feedFile2, "feeds/nvd.json", DateTimeOffset.Parse("2025-01-01T00:00:00Z"), FeedFormat.StellaOpsNative) },
Array.Empty<PolicyBuildConfig>(),
Array.Empty<CryptoBuildConfig>());
Array.Empty<CryptoBuildConfig>(),
Array.Empty<RuleBundleBuildConfig>());
var outputPath1 = Path.Combine(_tempRoot, "determinism-output1");
var outputPath2 = Path.Combine(_tempRoot, "determinism-output2");
@@ -363,7 +365,8 @@ public sealed class BundleExportImportTests : IDisposable
imported.Feeds[0].SnapshotAt,
imported.Feeds[0].Format) },
Array.Empty<PolicyBuildConfig>(),
Array.Empty<CryptoBuildConfig>());
Array.Empty<CryptoBuildConfig>(),
Array.Empty<RuleBundleBuildConfig>());
var bundlePath2 = Path.Combine(_tempRoot, "roundtrip2");
var manifest2 = await builder.BuildAsync(reexportRequest, bundlePath2);
@@ -409,7 +412,8 @@ public sealed class BundleExportImportTests : IDisposable
null,
new[] { new FeedBuildConfig("feed-1", "nvd", "v1", feedSourcePath, "feeds/nvd.json", DateTimeOffset.UtcNow, FeedFormat.StellaOpsNative) },
Array.Empty<PolicyBuildConfig>(),
Array.Empty<CryptoBuildConfig>());
Array.Empty<CryptoBuildConfig>(),
Array.Empty<RuleBundleBuildConfig>());
}
private static BundleManifest CreateTestManifest()

39
src/AirGap/__Libraries/__Tests/StellaOps.AirGap.Bundle.Tests/BundleExportTests.cs
View File

@@ -49,7 +49,8 @@ public sealed class BundleExportTests : IAsyncLifetime
null,
Array.Empty<FeedBuildConfig>(),
Array.Empty<PolicyBuildConfig>(),
Array.Empty<CryptoBuildConfig>());
Array.Empty<CryptoBuildConfig>(),
Array.Empty<RuleBundleBuildConfig>());
// Act
var manifest = await builder.BuildAsync(request, outputPath);
@@ -93,7 +94,8 @@ public sealed class BundleExportTests : IAsyncLifetime
FeedFormat.StellaOpsNative)
},
Array.Empty<PolicyBuildConfig>(),
Array.Empty<CryptoBuildConfig>());
Array.Empty<CryptoBuildConfig>(),
Array.Empty<RuleBundleBuildConfig>());
// Act
var manifest = await builder.BuildAsync(request, outputPath);
@@ -139,7 +141,8 @@ public sealed class BundleExportTests : IAsyncLifetime
"policies/default.rego",
PolicyType.OpaRego)
},
Array.Empty<CryptoBuildConfig>());
Array.Empty<CryptoBuildConfig>(),
Array.Empty<RuleBundleBuildConfig>());
// Act
var manifest = await builder.BuildAsync(request, outputPath);
@@ -182,7 +185,8 @@ public sealed class BundleExportTests : IAsyncLifetime
"certs/root.pem",
CryptoComponentType.TrustRoot,
DateTimeOffset.UtcNow.AddYears(10))
});
},
Array.Empty<RuleBundleBuildConfig>());
// Act
var manifest = await builder.BuildAsync(request, outputPath);
@@ -225,7 +229,8 @@ public sealed class BundleExportTests : IAsyncLifetime
{
new PolicyBuildConfig("p1", "default", "1.0", policy, "policies/default.rego", PolicyType.OpaRego)
},
Array.Empty<CryptoBuildConfig>());
Array.Empty<CryptoBuildConfig>(),
Array.Empty<RuleBundleBuildConfig>());
// Act
var manifest = await builder.BuildAsync(request, outputPath);
@@ -261,7 +266,8 @@ public sealed class BundleExportTests : IAsyncLifetime
new FeedBuildConfig("f1", "test", "v1", feedFile, "feeds/test.json", DateTimeOffset.UtcNow, FeedFormat.StellaOpsNative)
},
Array.Empty<PolicyBuildConfig>(),
Array.Empty<CryptoBuildConfig>());
Array.Empty<CryptoBuildConfig>(),
Array.Empty<RuleBundleBuildConfig>());
// Act
var manifest = await builder.BuildAsync(request, outputPath);
@@ -288,7 +294,8 @@ public sealed class BundleExportTests : IAsyncLifetime
new FeedBuildConfig("f1", "test", "v1", feedFile, "feeds/test.json", DateTimeOffset.UtcNow, FeedFormat.StellaOpsNative)
},
Array.Empty<PolicyBuildConfig>(),
Array.Empty<CryptoBuildConfig>());
Array.Empty<CryptoBuildConfig>(),
Array.Empty<RuleBundleBuildConfig>());
// Act
var manifest = await builder.BuildAsync(request, outputPath);
@@ -328,7 +335,8 @@ public sealed class BundleExportTests : IAsyncLifetime
new[]
{
new CryptoBuildConfig("c1", "root", certFile, "crypto/certs/ca/root.pem", CryptoComponentType.TrustRoot, null)
});
},
Array.Empty<RuleBundleBuildConfig>());
// Act
var manifest = await builder.BuildAsync(request, outputPath);
@@ -369,7 +377,8 @@ public sealed class BundleExportTests : IAsyncLifetime
new FeedBuildConfig("f1", "test", "v1", feedFile, "feeds/test.json", DateTimeOffset.UtcNow, format)
},
Array.Empty<PolicyBuildConfig>(),
Array.Empty<CryptoBuildConfig>());
Array.Empty<CryptoBuildConfig>(),
Array.Empty<RuleBundleBuildConfig>());
// Act
var manifest = await builder.BuildAsync(request, outputPath);
@@ -404,7 +413,8 @@ public sealed class BundleExportTests : IAsyncLifetime
{
new PolicyBuildConfig("p1", "test", "1.0", policyFile, "policies/test", type)
},
Array.Empty<CryptoBuildConfig>());
Array.Empty<CryptoBuildConfig>(),
Array.Empty<RuleBundleBuildConfig>());
// Act
var manifest = await builder.BuildAsync(request, outputPath);
@@ -440,7 +450,8 @@ public sealed class BundleExportTests : IAsyncLifetime
new[]
{
new CryptoBuildConfig("c1", "test", certFile, "certs/test", type, null)
});
},
Array.Empty<RuleBundleBuildConfig>());
// Act
var manifest = await builder.BuildAsync(request, outputPath);
@@ -468,7 +479,8 @@ public sealed class BundleExportTests : IAsyncLifetime
expiresAt,
Array.Empty<FeedBuildConfig>(),
Array.Empty<PolicyBuildConfig>(),
Array.Empty<CryptoBuildConfig>());
Array.Empty<CryptoBuildConfig>(),
Array.Empty<RuleBundleBuildConfig>());
// Act
var manifest = await builder.BuildAsync(request, outputPath);
@@ -496,7 +508,8 @@ public sealed class BundleExportTests : IAsyncLifetime
new[]
{
new CryptoBuildConfig("c1", "root", certFile, "certs/root.pem", CryptoComponentType.TrustRoot, componentExpiry)
});
},
Array.Empty<RuleBundleBuildConfig>());
// Act
var manifest = await builder.BuildAsync(request, outputPath);

3
src/AirGap/__Libraries/__Tests/StellaOps.AirGap.Bundle.Tests/BundleManifestTests.cs
View File

@@ -49,7 +49,8 @@ public class BundleManifestTests
null,
new[] { new FeedBuildConfig("feed-1", "nvd", "v1", sourceFile, "feeds/nvd.json", DateTimeOffset.UtcNow, FeedFormat.StellaOpsNative) },
Array.Empty<PolicyBuildConfig>(),
Array.Empty<CryptoBuildConfig>());
Array.Empty<CryptoBuildConfig>(),
Array.Empty<RuleBundleBuildConfig>());
var outputPath = Path.Combine(tempRoot, "bundle");
var manifest = await builder.BuildAsync(request, outputPath);