stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Refactor code structure and optimize performance across multiple modules

Browse Source
This commit is contained in:
StellaOps Bot
2025-12-26 20:03:22 +02:00
parent c786faae84
commit f10d83c444
1385 changed files with 69732 additions and 10280 deletions
Download Patch File Download Diff File Expand all files Collapse all files

118
src/Scanner/__Tests/StellaOps.Scanner.Reachability.Tests/K8sBoundaryExtractorTests.cs
View File

@@ -9,6 +9,7 @@ using StellaOps.Scanner.Reachability.Boundary;
using StellaOps.Scanner.Reachability.Gates;
using Xunit;
using StellaOps.TestKit;
namespace StellaOps.Scanner.Reachability.Tests;
public class K8sBoundaryExtractorTests
@@ -23,13 +24,15 @@ public class K8sBoundaryExtractorTests
#region Priority and CanHandle
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Priority_Returns200_HigherThanRichGraphExtractor()
{
Assert.Equal(200, _extractor.Priority);
}
[Theory]
[Trait("Category", TestCategories.Unit)]
[Theory]
[InlineData("k8s", true)]
[InlineData("K8S", true)]
[InlineData("kubernetes", true)]
@@ -42,7 +45,8 @@ public class K8sBoundaryExtractorTests
Assert.Equal(expected, _extractor.CanHandle(context));
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void CanHandle_WithK8sAnnotations_ReturnsTrue()
{
var context = BoundaryExtractionContext.Empty with
@@ -56,7 +60,8 @@ public class K8sBoundaryExtractorTests
Assert.True(_extractor.CanHandle(context));
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void CanHandle_WithIngressAnnotation_ReturnsTrue()
{
var context = BoundaryExtractionContext.Empty with
@@ -70,7 +75,8 @@ public class K8sBoundaryExtractorTests
Assert.True(_extractor.CanHandle(context));
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void CanHandle_WithEmptyAnnotations_ReturnsFalse()
{
var context = BoundaryExtractionContext.Empty;
@@ -81,7 +87,8 @@ public class K8sBoundaryExtractorTests
#region Extract - Exposure Detection
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithInternetFacing_ReturnsPublicExposure()
{
var root = new RichGraphRoot("root-1", "k8s", null);
@@ -99,7 +106,8 @@ public class K8sBoundaryExtractorTests
Assert.True(result.Exposure.InternetFacing);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithIngressClass_ReturnsInternetFacing()
{
var root = new RichGraphRoot("root-1", "k8s", null);
@@ -120,7 +128,8 @@ public class K8sBoundaryExtractorTests
Assert.True(result.Exposure.BehindProxy);
}
[Theory]
[Trait("Category", TestCategories.Unit)]
[Theory]
[InlineData("LoadBalancer", "public", true)]
[InlineData("NodePort", "internal", false)]
[InlineData("ClusterIP", "private", false)]
@@ -145,7 +154,8 @@ public class K8sBoundaryExtractorTests
Assert.Equal(expectedInternetFacing, result.Exposure.InternetFacing);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithExternalPorts_ReturnsInternalLevel()
{
var root = new RichGraphRoot("root-1", "k8s", null);
@@ -162,7 +172,8 @@ public class K8sBoundaryExtractorTests
Assert.Equal("internal", result.Exposure.Level);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithDmzZone_ReturnsInternalLevel()
{
var root = new RichGraphRoot("root-1", "k8s", null);
@@ -184,7 +195,8 @@ public class K8sBoundaryExtractorTests
#region Extract - Surface Detection
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithServicePath_ReturnsSurfaceWithPath()
{
var root = new RichGraphRoot("root-1", "k8s", null);
@@ -204,7 +216,8 @@ public class K8sBoundaryExtractorTests
Assert.Equal("/api/v1", result.Surface.Path);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithRewriteTarget_ReturnsSurfaceWithPath()
{
var root = new RichGraphRoot("root-1", "k8s", null);
@@ -224,7 +237,8 @@ public class K8sBoundaryExtractorTests
Assert.Equal("/backend", result.Surface.Path);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithNamespace_ReturnsSurfaceWithNamespacePath()
{
var root = new RichGraphRoot("root-1", "k8s", null);
@@ -241,7 +255,8 @@ public class K8sBoundaryExtractorTests
Assert.Equal("/production", result.Surface.Path);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithTlsAnnotation_ReturnsHttpsProtocol()
{
var root = new RichGraphRoot("root-1", "k8s", null);
@@ -261,7 +276,8 @@ public class K8sBoundaryExtractorTests
Assert.Equal("https", result.Surface.Protocol);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithGrpcAnnotation_ReturnsGrpcProtocol()
{
var root = new RichGraphRoot("root-1", "k8s", null);
@@ -281,7 +297,8 @@ public class K8sBoundaryExtractorTests
Assert.Equal("grpc", result.Surface.Protocol);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithPortBinding_ReturnsSurfaceWithPort()
{
var root = new RichGraphRoot("root-1", "k8s", null);
@@ -298,7 +315,8 @@ public class K8sBoundaryExtractorTests
Assert.Equal(8080, result.Surface.Port);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithIngressHost_ReturnsSurfaceWithHost()
{
var root = new RichGraphRoot("root-1", "k8s", null);
@@ -322,7 +340,8 @@ public class K8sBoundaryExtractorTests
#region Extract - Auth Detection
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithBasicAuth_ReturnsBasicAuthType()
{
var root = new RichGraphRoot("root-1", "k8s", null);
@@ -343,7 +362,8 @@ public class K8sBoundaryExtractorTests
Assert.Equal("basic", result.Auth.Type);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithOAuth_ReturnsOAuth2Type()
{
var root = new RichGraphRoot("root-1", "k8s", null);
@@ -364,7 +384,8 @@ public class K8sBoundaryExtractorTests
Assert.Equal("oauth2", result.Auth.Type);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithMtls_ReturnsMtlsType()
{
var root = new RichGraphRoot("root-1", "k8s", null);
@@ -385,7 +406,8 @@ public class K8sBoundaryExtractorTests
Assert.Equal("mtls", result.Auth.Type);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithExplicitAuthType_ReturnsSpecifiedType()
{
var root = new RichGraphRoot("root-1", "k8s", null);
@@ -406,7 +428,8 @@ public class K8sBoundaryExtractorTests
Assert.Equal("jwt", result.Auth.Type);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithAuthRoles_ReturnsRolesList()
{
var root = new RichGraphRoot("root-1", "k8s", null);
@@ -431,7 +454,8 @@ public class K8sBoundaryExtractorTests
Assert.Contains("viewer", result.Auth.Roles);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithNoAuth_ReturnsNullAuth()
{
var root = new RichGraphRoot("root-1", "k8s", null);
@@ -450,7 +474,8 @@ public class K8sBoundaryExtractorTests
#region Extract - Controls Detection
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithNetworkPolicy_ReturnsNetworkPolicyControl()
{
var root = new RichGraphRoot("root-1", "k8s", null);
@@ -475,7 +500,8 @@ public class K8sBoundaryExtractorTests
Assert.Equal("high", control.Effectiveness);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithRateLimit_ReturnsRateLimitControl()
{
var root = new RichGraphRoot("root-1", "k8s", null);
@@ -498,7 +524,8 @@ public class K8sBoundaryExtractorTests
Assert.Equal("medium", control.Effectiveness);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithIpAllowlist_ReturnsIpAllowlistControl()
{
var root = new RichGraphRoot("root-1", "k8s", null);
@@ -521,7 +548,8 @@ public class K8sBoundaryExtractorTests
Assert.Equal("high", control.Effectiveness);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithWaf_ReturnsWafControl()
{
var root = new RichGraphRoot("root-1", "k8s", null);
@@ -544,7 +572,8 @@ public class K8sBoundaryExtractorTests
Assert.Equal("high", control.Effectiveness);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithMultipleControls_ReturnsAllControls()
{
var root = new RichGraphRoot("root-1", "k8s", null);
@@ -569,7 +598,8 @@ public class K8sBoundaryExtractorTests
Assert.Contains(result.Controls, c => c.Type == "waf");
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithNoControls_ReturnsNullControls()
{
var root = new RichGraphRoot("root-1", "k8s", null);
@@ -588,7 +618,8 @@ public class K8sBoundaryExtractorTests
#region Extract - Confidence and Metadata
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_BaseConfidence_Returns0Point7()
{
var root = new RichGraphRoot("root-1", "k8s", null);
@@ -603,7 +634,8 @@ public class K8sBoundaryExtractorTests
Assert.Equal(0.7, result.Confidence, precision: 2);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithIngressAnnotation_IncreasesConfidence()
{
var root = new RichGraphRoot("root-1", "k8s", null);
@@ -622,7 +654,8 @@ public class K8sBoundaryExtractorTests
Assert.Equal(0.85, result.Confidence, precision: 2);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithServiceType_IncreasesConfidence()
{
var root = new RichGraphRoot("root-1", "k8s", null);
@@ -641,7 +674,8 @@ public class K8sBoundaryExtractorTests
Assert.Equal(0.8, result.Confidence, precision: 2);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_MaxConfidence_CapsAt0Point95()
{
var root = new RichGraphRoot("root-1", "k8s", null);
@@ -661,7 +695,8 @@ public class K8sBoundaryExtractorTests
Assert.True(result.Confidence <= 0.95);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_ReturnsK8sSource()
{
var root = new RichGraphRoot("root-1", "k8s", null);
@@ -676,7 +711,8 @@ public class K8sBoundaryExtractorTests
Assert.Equal("k8s", result.Source);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_BuildsEvidenceRef_WithNamespaceAndEnvironment()
{
var root = new RichGraphRoot("root-123", "k8s", null);
@@ -693,7 +729,8 @@ public class K8sBoundaryExtractorTests
Assert.Equal("k8s/production/env-456/root-123", result.EvidenceRef);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_ReturnsNetworkKind()
{
var root = new RichGraphRoot("root-1", "k8s", null);
@@ -712,7 +749,8 @@ public class K8sBoundaryExtractorTests
#region ExtractAsync
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public async Task ExtractAsync_ReturnsSameResultAsExtract()
{
var root = new RichGraphRoot("root-1", "k8s", null);
@@ -740,14 +778,16 @@ public class K8sBoundaryExtractorTests
#region Edge Cases
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WithNullRoot_ThrowsArgumentNullException()
{
var context = BoundaryExtractionContext.Empty with { Source = "k8s" };
Assert.Throws<ArgumentNullException>(() => _extractor.Extract(null!, null, context));
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Extract_WhenCannotHandle_ReturnsNull()
{
var root = new RichGraphRoot("root-1", "static", null);