up

2025-12-09 10:50:15 +02:00
parent cc69d332e3
commit f30805ad7f
25 changed files with 846 additions and 317 deletions
--- a/src/SbomService/StellaOps.SbomService.Tests/SbomEndpointsTests.cs
+++ b/src/SbomService/StellaOps.SbomService.Tests/SbomEndpointsTests.cs
@@ -129,4 +129,74 @@ public class SbomEndpointsTests : IClassFixture<WebApplicationFactory<Program>>
        secondPage.Neighbors.Should().OnlyContain(n => n.Purl.StartsWith("pkg:npm/", StringComparison.OrdinalIgnoreCase));
        secondPage.NextCursor.Should().BeNull();
    }
+
+    [Fact]
+    public async Task Context_requires_artifact_id()
+    {
+        var client = _factory.CreateClient();
+
+        var response = await client.GetAsync("/sbom/context");
+
+        response.StatusCode.Should().Be(HttpStatusCode.BadRequest);
+    }
+
+    [Fact]
+    public async Task Context_returns_versions_and_paths_with_hash()
+    {
+        var client = _factory.CreateClient();
+
+        var response = await client.GetAsync("/sbom/context?artifactId=ghcr.io/stellaops/sample-api&purl=pkg:npm/lodash@4.17.21&maxTimelineEntries=2&maxDependencyPaths=1");
+        response.EnsureSuccessStatusCode();
+
+        var payload = await response.Content.ReadFromJsonAsync<SbomContextResponse>();
+        payload.Should().NotBeNull();
+        payload!.Schema.Should().Be("stellaops.sbom.context/1.0");
+        payload.ArtifactId.Should().Be("ghcr.io/stellaops/sample-api");
+        payload.Versions.Should().NotBeEmpty();
+        payload.DependencyPaths.Should().NotBeEmpty();
+        payload.Hash.Should().StartWith("sha256:", StringComparison.Ordinal);
+    }
+
+    [Fact]
+    public async Task Context_includes_environment_flags_and_blast_radius_when_requested()
+    {
+        var client = _factory.CreateClient();
+
+        var response = await client.GetAsync("/sbom/context?artifactId=ghcr.io/stellaops/sample-api&purl=pkg:npm/lodash@4.17.21&maxTimelineEntries=5&maxDependencyPaths=5&includeEnvironmentFlags=true&includeBlastRadius=true");
+        response.EnsureSuccessStatusCode();
+
+        var payload = await response.Content.ReadFromJsonAsync<SbomContextResponse>();
+        payload.Should().NotBeNull();
+        payload!.EnvironmentFlags.Should().ContainKey("prod");
+        payload.EnvironmentFlags["prod"].Should().Be("2");
+        payload.BlastRadius.Should().NotBeNull();
+        payload.BlastRadius!.ImpactedAssets.Should().BeGreaterThan(0);
+        payload.BlastRadius.Metadata.Should().ContainKey("blast_radius_tags");
+    }
+
+    [Fact]
+    public async Task Context_honors_zero_timeline_limit_and_dependency_results()
+    {
+        var client = _factory.CreateClient();
+
+        var response = await client.GetAsync("/sbom/context?artifactId=ghcr.io/stellaops/sample-api&purl=pkg:npm/lodash@4.17.21&maxTimelineEntries=0&maxDependencyPaths=2&includeEnvironmentFlags=false&includeBlastRadius=false");
+        response.EnsureSuccessStatusCode();
+
+        var payload = await response.Content.ReadFromJsonAsync<SbomContextResponse>();
+        payload.Should().NotBeNull();
+        payload!.Versions.Should().BeEmpty();
+        payload.DependencyPaths.Should().NotBeEmpty();
+        payload.EnvironmentFlags.Should().BeEmpty();
+        payload.BlastRadius.Should().BeNull();
+    }
+
+    [Fact]
+    public async Task Context_returns_not_found_when_no_data()
+    {
+        var client = _factory.CreateClient();
+
+        var response = await client.GetAsync("/sbom/context?artifactId=does-not-exist&purl=pkg:npm/missing@1.0.0");
+
+        response.StatusCode.Should().Be(HttpStatusCode.NotFound);
+    }
 }