Add integration tests for Proof Chain and Reachability workflows

- Implement ProofChainTestFixture for PostgreSQL-backed integration tests. - Create StellaOps.Integration.ProofChain project with necessary dependencies. - Add ReachabilityIntegrationTests to validate call graph extraction and reachability analysis. - Introduce ReachabilityTestFixture for managing corpus and fixture paths. - Establish StellaOps.Integration.Reachability project with required references. - Develop UnknownsWorkflowTests to cover the unknowns lifecycle: detection, ranking, escalation, and resolution. - Create StellaOps.Integration.Unknowns project with dependencies for unknowns workflow.
2025-12-20 22:19:26 +02:00
parent 3c6e14fca5
commit efe9bd8cfe
86 changed files with 9616 additions and 323 deletions
--- a/src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/ApprovalEndpointsTests.cs
+++ b/src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/ApprovalEndpointsTests.cs
@@ -28,8 +28,9 @@ public sealed class ApprovalEndpointsTests : IDisposable
    {
        _secrets = new TestSurfaceSecretsScope();

-        _factory = new ScannerApplicationFactory().WithOverrides(
-            configureConfiguration: config => config["scanner:authority:enabled"] = "false");
+        // Use default factory without auth overrides - same pattern as ManifestEndpointsTests
+        // The factory defaults to anonymous auth which allows all policy assertions
+        _factory = new ScannerApplicationFactory();

        _client = _factory.CreateClient();
    }
@@ -130,10 +131,11 @@ public sealed class ApprovalEndpointsTests : IDisposable
        Assert.Equal("Invalid decision value", problem!.Title);
    }

-    [Fact(DisplayName = "POST /approvals rejects invalid scanId")]
-    public async Task CreateApproval_InvalidScanId_Returns400()
+    [Fact(DisplayName = "POST /approvals rejects whitespace-only scanId")]
+    public async Task CreateApproval_WhitespaceScanId_Returns400()
    {
-        // Arrange
+        // Arrange - ScanId.TryParse accepts any non-empty string,
+        // but rejects whitespace-only or empty strings
        var request = new
        {
            finding_id = "CVE-2024-12345",
@@ -141,8 +143,8 @@ public sealed class ApprovalEndpointsTests : IDisposable
            justification = "Test justification"
        };

-        // Act
-        var response = await _client.PostAsJsonAsync("/api/v1/scans/invalid-scan-id/approvals", request);
+        // Act - using whitespace-only scan ID which should be rejected
+        var response = await _client.PostAsJsonAsync("/api/v1/scans/   /approvals", request);

        // Assert
        Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);