stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Refactor code structure and optimize performance across multiple modules

Browse Source
This commit is contained in:
StellaOps Bot
2025-12-26 20:03:22 +02:00
parent c786faae84
commit f10d83c444
1385 changed files with 69732 additions and 10280 deletions
Download Patch File Download Diff File Expand all files Collapse all files

142
src/Scanner/__Tests/StellaOps.Scanner.Reachability.Tests/GatewayBoundaryExtractorTests.cs
View File

@@ -9,6 +9,7 @@ using StellaOps.Scanner.Reachability.Boundary;
using StellaOps.Scanner.Reachability.Gates;
using Xunit;
using StellaOps.TestKit;
namespace StellaOps.Scanner.Reachability.Tests;
public class GatewayBoundaryExtractorTests
@@ -23,13 +24,15 @@ public class GatewayBoundaryExtractorTests
#region Priority and CanHandle
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Priority_Returns250_HigherThanK8sExtractor()
{
Assert.Equal(250, _extractor.Priority);
}
[Theory]
[Trait("Category", TestCategories.Unit)]
[Theory]
[InlineData("gateway", true)]
[InlineData("kong", true)]
[InlineData("Kong", true)]
@@ -45,7 +48,8 @@ public class GatewayBoundaryExtractorTests
Assert.Equal(expected, _extractor.CanHandle(context));
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void CanHandle_WithKongAnnotations_ReturnsTrue()
{
var context = BoundaryExtractionContext.Empty with
@@ -59,7 +63,8 @@ public class GatewayBoundaryExtractorTests
Assert.True(_extractor.CanHandle(context));
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void CanHandle_WithIstioAnnotations_ReturnsTrue()
{
var context = BoundaryExtractionContext.Empty with
@@ -73,7 +78,8 @@ public class GatewayBoundaryExtractorTests
Assert.True(_extractor.CanHandle(context));
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void CanHandle_WithTraefikAnnotations_ReturnsTrue()
{
var context = BoundaryExtractionContext.Empty with
@@ -87,7 +93,8 @@ public class GatewayBoundaryExtractorTests
Assert.True(_extractor.CanHandle(context));
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void CanHandle_WithEmptyAnnotations_ReturnsFalse()
{
var context = BoundaryExtractionContext.Empty;
@@ -98,7 +105,8 @@ public class GatewayBoundaryExtractorTests
#region Gateway Type Detection
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithKongSource_ReturnsKongGatewaySource()
{
var root = new RichGraphRoot("root-1", "kong", null);
@@ -113,7 +121,8 @@ public class GatewayBoundaryExtractorTests
Assert.Equal("gateway:kong", result.Source);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithEnvoySource_ReturnsEnvoyGatewaySource()
{
var root = new RichGraphRoot("root-1", "envoy", null);
@@ -128,7 +137,8 @@ public class GatewayBoundaryExtractorTests
Assert.Equal("gateway:envoy", result.Source);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithIstioAnnotations_ReturnsEnvoyGatewaySource()
{
var root = new RichGraphRoot("root-1", "gateway", null);
@@ -147,7 +157,8 @@ public class GatewayBoundaryExtractorTests
Assert.Equal("gateway:envoy", result.Source);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithApiGatewaySource_ReturnsAwsApigwSource()
{
var root = new RichGraphRoot("root-1", "apigateway", null);
@@ -166,7 +177,8 @@ public class GatewayBoundaryExtractorTests
#region Exposure Detection
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_DefaultGateway_ReturnsPublicExposure()
{
var root = new RichGraphRoot("root-1", "kong", null);
@@ -184,7 +196,8 @@ public class GatewayBoundaryExtractorTests
Assert.True(result.Exposure.BehindProxy);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithInternalFlag_ReturnsInternalExposure()
{
var root = new RichGraphRoot("root-1", "kong", null);
@@ -205,7 +218,8 @@ public class GatewayBoundaryExtractorTests
Assert.False(result.Exposure.InternetFacing);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithIstioMesh_ReturnsInternalExposure()
{
var root = new RichGraphRoot("root-1", "envoy", null);
@@ -226,7 +240,8 @@ public class GatewayBoundaryExtractorTests
Assert.False(result.Exposure.InternetFacing);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithAwsPrivateEndpoint_ReturnsInternalExposure()
{
var root = new RichGraphRoot("root-1", "apigateway", null);
@@ -251,7 +266,8 @@ public class GatewayBoundaryExtractorTests
#region Surface Detection
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithKongPath_ReturnsSurfaceWithPath()
{
var root = new RichGraphRoot("root-1", "kong", null);
@@ -272,7 +288,8 @@ public class GatewayBoundaryExtractorTests
Assert.Equal("api", result.Surface.Type);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithKongHost_ReturnsSurfaceWithHost()
{
var root = new RichGraphRoot("root-1", "kong", null);
@@ -292,7 +309,8 @@ public class GatewayBoundaryExtractorTests
Assert.Equal("api.example.com", result.Surface.Host);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithGrpcAnnotation_ReturnsGrpcProtocol()
{
var root = new RichGraphRoot("root-1", "kong", null);
@@ -312,7 +330,8 @@ public class GatewayBoundaryExtractorTests
Assert.Equal("grpc", result.Surface.Protocol);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithWebsocketAnnotation_ReturnsWssProtocol()
{
var root = new RichGraphRoot("root-1", "kong", null);
@@ -332,7 +351,8 @@ public class GatewayBoundaryExtractorTests
Assert.Equal("wss", result.Surface.Protocol);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_DefaultProtocol_ReturnsHttps()
{
var root = new RichGraphRoot("root-1", "kong", null);
@@ -353,7 +373,8 @@ public class GatewayBoundaryExtractorTests
#region Kong Auth Detection
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithKongJwtPlugin_ReturnsJwtAuth()
{
var root = new RichGraphRoot("root-1", "kong", null);
@@ -374,7 +395,8 @@ public class GatewayBoundaryExtractorTests
Assert.Equal("jwt", result.Auth.Type);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithKongKeyAuth_ReturnsApiKeyAuth()
{
var root = new RichGraphRoot("root-1", "kong", null);
@@ -395,7 +417,8 @@ public class GatewayBoundaryExtractorTests
Assert.Equal("api_key", result.Auth.Type);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithKongAcl_ReturnsRoles()
{
var root = new RichGraphRoot("root-1", "kong", null);
@@ -422,7 +445,8 @@ public class GatewayBoundaryExtractorTests
#region Envoy/Istio Auth Detection
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithIstioJwt_ReturnsJwtAuth()
{
var root = new RichGraphRoot("root-1", "envoy", null);
@@ -443,7 +467,8 @@ public class GatewayBoundaryExtractorTests
Assert.Equal("jwt", result.Auth.Type);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithIstioMtls_ReturnsMtlsAuth()
{
var root = new RichGraphRoot("root-1", "envoy", null);
@@ -464,7 +489,8 @@ public class GatewayBoundaryExtractorTests
Assert.Equal("mtls", result.Auth.Type);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithEnvoyOidc_ReturnsOAuth2Auth()
{
var root = new RichGraphRoot("root-1", "envoy", null);
@@ -490,7 +516,8 @@ public class GatewayBoundaryExtractorTests
#region AWS API Gateway Auth Detection
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithCognitoAuthorizer_ReturnsOAuth2Auth()
{
var root = new RichGraphRoot("root-1", "apigateway", null);
@@ -512,7 +539,8 @@ public class GatewayBoundaryExtractorTests
Assert.Equal("cognito", result.Auth.Provider);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithApiKeyRequired_ReturnsApiKeyAuth()
{
var root = new RichGraphRoot("root-1", "apigateway", null);
@@ -533,7 +561,8 @@ public class GatewayBoundaryExtractorTests
Assert.Equal("api_key", result.Auth.Type);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithLambdaAuthorizer_ReturnsCustomAuth()
{
var root = new RichGraphRoot("root-1", "apigateway", null);
@@ -555,7 +584,8 @@ public class GatewayBoundaryExtractorTests
Assert.Equal("lambda", result.Auth.Provider);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithIamAuthorizer_ReturnsIamAuth()
{
var root = new RichGraphRoot("root-1", "apigateway", null);
@@ -581,7 +611,8 @@ public class GatewayBoundaryExtractorTests
#region Traefik Auth Detection
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithTraefikBasicAuth_ReturnsBasicAuth()
{
var root = new RichGraphRoot("root-1", "traefik", null);
@@ -602,7 +633,8 @@ public class GatewayBoundaryExtractorTests
Assert.Equal("basic", result.Auth.Type);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithTraefikForwardAuth_ReturnsCustomAuth()
{
var root = new RichGraphRoot("root-1", "traefik", null);
@@ -628,7 +660,8 @@ public class GatewayBoundaryExtractorTests
#region Controls Detection
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithRateLimit_ReturnsRateLimitControl()
{
var root = new RichGraphRoot("root-1", "kong", null);
@@ -648,7 +681,8 @@ public class GatewayBoundaryExtractorTests
Assert.Contains(result.Controls, c => c.Type == "rate_limit");
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithIpRestriction_ReturnsIpAllowlistControl()
{
var root = new RichGraphRoot("root-1", "kong", null);
@@ -668,7 +702,8 @@ public class GatewayBoundaryExtractorTests
Assert.Contains(result.Controls, c => c.Type == "ip_allowlist");
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithCors_ReturnsCorsControl()
{
var root = new RichGraphRoot("root-1", "kong", null);
@@ -688,7 +723,8 @@ public class GatewayBoundaryExtractorTests
Assert.Contains(result.Controls, c => c.Type == "cors");
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithWaf_ReturnsWafControl()
{
var root = new RichGraphRoot("root-1", "kong", null);
@@ -708,7 +744,8 @@ public class GatewayBoundaryExtractorTests
Assert.Contains(result.Controls, c => c.Type == "waf");
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithRequestValidation_ReturnsInputValidationControl()
{
var root = new RichGraphRoot("root-1", "kong", null);
@@ -728,7 +765,8 @@ public class GatewayBoundaryExtractorTests
Assert.Contains(result.Controls, c => c.Type == "input_validation");
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithMultipleControls_ReturnsAllControls()
{
var root = new RichGraphRoot("root-1", "kong", null);
@@ -750,7 +788,8 @@ public class GatewayBoundaryExtractorTests
Assert.Equal(3, result.Controls.Count);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithNoControls_ReturnsNullControls()
{
var root = new RichGraphRoot("root-1", "kong", null);
@@ -769,7 +808,8 @@ public class GatewayBoundaryExtractorTests
#region Confidence and Metadata
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_BaseConfidence_Returns0Point75()
{
var root = new RichGraphRoot("root-1", "gateway", null);
@@ -784,7 +824,8 @@ public class GatewayBoundaryExtractorTests
Assert.Equal(0.75, result.Confidence, precision: 2);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithKnownGateway_IncreasesConfidence()
{
var root = new RichGraphRoot("root-1", "kong", null);
@@ -799,7 +840,8 @@ public class GatewayBoundaryExtractorTests
Assert.Equal(0.85, result.Confidence, precision: 2);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithAuthAndRouteInfo_MaximizesConfidence()
{
var root = new RichGraphRoot("root-1", "kong", null);
@@ -819,7 +861,8 @@ public class GatewayBoundaryExtractorTests
Assert.Equal(0.95, result.Confidence, precision: 2);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_ReturnsNetworkKind()
{
var root = new RichGraphRoot("root-1", "kong", null);
@@ -834,7 +877,8 @@ public class GatewayBoundaryExtractorTests
Assert.Equal("network", result.Kind);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_BuildsEvidenceRef_WithGatewayType()
{
var root = new RichGraphRoot("root-123", "kong", null);
@@ -855,7 +899,8 @@ public class GatewayBoundaryExtractorTests
#region ExtractAsync
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public async Task ExtractAsync_ReturnsSameResultAsExtract()
{
var root = new RichGraphRoot("root-1", "kong", null);
@@ -882,14 +927,16 @@ public class GatewayBoundaryExtractorTests
#region Edge Cases
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithNullRoot_ThrowsArgumentNullException()
{
var context = BoundaryExtractionContext.Empty with { Source = "kong" };
Assert.Throws<ArgumentNullException>(() => _extractor.Extract(null!, null, context));
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WhenCannotHandle_ReturnsNull()
{
var root = new RichGraphRoot("root-1", "static", null);
@@ -900,7 +947,8 @@ public class GatewayBoundaryExtractorTests
Assert.Null(result);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithNoAuth_ReturnsNullAuth()
{
var root = new RichGraphRoot("root-1", "kong", null);