Add unit tests for VexLens normalizer, CPE parser, product mapper, and PURL parser

- Implemented comprehensive tests for VexLensNormalizer including format detection and normalization scenarios. - Added tests for CpeParser covering CPE 2.3 and 2.2 formats, invalid inputs, and canonical key generation. - Created tests for ProductMapper to validate parsing and matching logic across different strictness levels. - Developed tests for PurlParser to ensure correct parsing of various PURL formats and validation of identifiers. - Introduced stubs for Monaco editor and worker to facilitate testing in the web application. - Updated project file for the test project to include necessary dependencies.
2025-12-06 16:28:12 +02:00
parent 2b892ad1b2
commit efd6850c38
132 changed files with 16675 additions and 5428 deletions
--- a/src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/Internal/BunPackage.cs
+++ b/src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Bun/Internal/BunPackage.cs
@@ -27,6 +27,48 @@ internal sealed class BunPackage
    public string? Source { get; private init; }
    public bool IsPrivate { get; private init; }
    public bool IsDev { get; private init; }
+    public bool IsOptional { get; private init; }
+    public bool IsPeer { get; private init; }
+
+    /// <summary>
+    /// Source type: npm, git, tarball, file, link, workspace.
+    /// </summary>
+    public string SourceType { get; private init; } = "npm";
+
+    /// <summary>
+    /// Git commit hash for git dependencies.
+    /// </summary>
+    public string? GitCommit { get; private init; }
+
+    /// <summary>
+    /// Original specifier (e.g., "github:user/repo#tag").
+    /// </summary>
+    public string? Specifier { get; private init; }
+
+    /// <summary>
+    /// Direct dependencies of this package (for transitive analysis).
+    /// </summary>
+    public IReadOnlyList<string> Dependencies { get; private init; } = Array.Empty<string>();
+
+    /// <summary>
+    /// Whether this is a direct dependency (in root package.json) or transitive.
+    /// </summary>
+    public bool IsDirect { get; set; }
+
+    /// <summary>
+    /// Whether this package has been patched (via patchedDependencies or .patches directory).
+    /// </summary>
+    public bool IsPatched { get; set; }
+
+    /// <summary>
+    /// Path to the patch file if this package is patched.
+    /// </summary>
+    public string? PatchFile { get; set; }
+
+    /// <summary>
+    /// Custom registry URL if this package comes from a non-default registry.
+    /// </summary>
+    public string? CustomRegistry { get; set; }

    /// <summary>
    /// Logical path where this package was found (may be symlink).
@@ -67,7 +109,13 @@ internal sealed class BunPackage
            Source = "node_modules",
            Resolved = lockEntry?.Resolved,
            Integrity = lockEntry?.Integrity,
-            IsDev = lockEntry?.IsDev ?? false
+            IsDev = lockEntry?.IsDev ?? false,
+            IsOptional = lockEntry?.IsOptional ?? false,
+            IsPeer = lockEntry?.IsPeer ?? false,
+            SourceType = lockEntry?.SourceType ?? "npm",
+            GitCommit = lockEntry?.GitCommit,
+            Specifier = lockEntry?.Specifier,
+            Dependencies = lockEntry?.Dependencies ?? Array.Empty<string>()
        };
    }

@@ -80,7 +128,13 @@ internal sealed class BunPackage
            Source = source,
            Resolved = entry.Resolved,
            Integrity = entry.Integrity,
-            IsDev = entry.IsDev
+            IsDev = entry.IsDev,
+            IsOptional = entry.IsOptional,
+            IsPeer = entry.IsPeer,
+            SourceType = entry.SourceType,
+            GitCommit = entry.GitCommit,
+            Specifier = entry.Specifier,
+            Dependencies = entry.Dependencies
        };
    }

@@ -118,13 +172,58 @@ internal sealed class BunPackage
            metadata["private"] = "true";
        }

+        if (!string.IsNullOrEmpty(CustomRegistry))
+        {
+            metadata["customRegistry"] = CustomRegistry;
+        }
+
        if (IsDev)
        {
            metadata["dev"] = "true";
        }

+        if (IsDirect)
+        {
+            metadata["direct"] = "true";
+        }
+
+        if (!string.IsNullOrEmpty(GitCommit))
+        {
+            metadata["gitCommit"] = GitCommit;
+        }
+
+        if (IsOptional)
+        {
+            metadata["optional"] = "true";
+        }
+
        metadata["packageManager"] = "bun";

+        if (IsPatched)
+        {
+            metadata["patched"] = "true";
+        }
+
+        if (!string.IsNullOrEmpty(PatchFile))
+        {
+            metadata["patchFile"] = NormalizePath(PatchFile);
+        }
+
+        if (IsPeer)
+        {
+            metadata["peer"] = "true";
+        }
+
+        if (SourceType != "npm")
+        {
+            metadata["sourceType"] = SourceType;
+        }
+
+        if (!string.IsNullOrEmpty(Specifier))
+        {
+            metadata["specifier"] = Specifier;
+        }
+
        if (_occurrencePaths.Count > 1)
        {
            metadata["occurrences"] = string.Join(";", _occurrencePaths.Select(NormalizePath).Order(StringComparer.Ordinal));