// -----------------------------------------------------------------------------
// ParityTestFixtureSet.cs
// Sprint: SPRINT_5100_0008_0001_competitor_parity
// Task: PARITY-5100-002 - Define parity test fixture set
// Description: Container image fixtures for parity testing against competitors
// -----------------------------------------------------------------------------
namespace StellaOps.Parity.Tests;
///
/// Defines the standard fixture set for competitor parity testing.
/// Each fixture represents a container image with known vulnerabilities
/// that is used to compare StellaOps against Syft, Grype, and Trivy.
///
public static class ParityTestFixtureSet
{
///
/// Gets the list of container image fixtures for parity testing.
/// These images are chosen to cover:
/// - Different base OS distributions (Alpine, Debian, RHEL, Ubuntu)
/// - Different package managers (apk, apt, rpm, npm, pip, maven)
/// - Known vulnerabilities for validation
/// - Multi-language applications
///
public static IReadOnlyList Fixtures { get; } =
[
// Alpine-based images
new ParityImageFixture
{
Name = "alpine-base",
Image = "alpine:3.19.0",
Description = "Alpine Linux base image with minimal packages",
PackageManagers = ["apk"],
ExpectedMinPackages = 10,
Category = ImageCategory.BaseOS
},
new ParityImageFixture
{
Name = "alpine-python",
Image = "python:3.12-alpine",
Description = "Python on Alpine with pip packages",
PackageManagers = ["apk", "pip"],
ExpectedMinPackages = 50,
Category = ImageCategory.LanguageRuntime
},
// Debian-based images
new ParityImageFixture
{
Name = "debian-base",
Image = "debian:bookworm-slim",
Description = "Debian bookworm slim base image",
PackageManagers = ["apt"],
ExpectedMinPackages = 50,
Category = ImageCategory.BaseOS
},
new ParityImageFixture
{
Name = "node-debian",
Image = "node:20-bookworm-slim",
Description = "Node.js on Debian with npm packages",
PackageManagers = ["apt", "npm"],
ExpectedMinPackages = 100,
Category = ImageCategory.LanguageRuntime
},
// Ubuntu-based images
new ParityImageFixture
{
Name = "ubuntu-base",
Image = "ubuntu:22.04",
Description = "Ubuntu 22.04 LTS base image",
PackageManagers = ["apt"],
ExpectedMinPackages = 80,
Category = ImageCategory.BaseOS
},
// RHEL/CentOS-based images
new ParityImageFixture
{
Name = "rhel-base",
Image = "rockylinux:9-minimal",
Description = "Rocky Linux 9 minimal (RHEL compatible)",
PackageManagers = ["rpm"],
ExpectedMinPackages = 30,
Category = ImageCategory.BaseOS
},
// Multi-language application images
new ParityImageFixture
{
Name = "go-app",
Image = "golang:1.22-bookworm",
Description = "Go application with standard library",
PackageManagers = ["apt", "go"],
ExpectedMinPackages = 150,
Category = ImageCategory.LanguageRuntime
},
new ParityImageFixture
{
Name = "java-app",
Image = "eclipse-temurin:21-jdk-jammy",
Description = "Java 21 with Maven dependencies",
PackageManagers = ["apt", "maven"],
ExpectedMinPackages = 100,
Category = ImageCategory.LanguageRuntime
},
new ParityImageFixture
{
Name = "rust-app",
Image = "rust:1.75-bookworm",
Description = "Rust with cargo dependencies",
PackageManagers = ["apt", "cargo"],
ExpectedMinPackages = 100,
Category = ImageCategory.LanguageRuntime
},
new ParityImageFixture
{
Name = "dotnet-app",
Image = "mcr.microsoft.com/dotnet/aspnet:8.0-bookworm-slim",
Description = ".NET 8 ASP.NET runtime",
PackageManagers = ["apt", "nuget"],
ExpectedMinPackages = 80,
Category = ImageCategory.LanguageRuntime
},
// Images with known CVEs (for vulnerability comparison)
new ParityImageFixture
{
Name = "vuln-nginx",
Image = "nginx:1.24",
Description = "nginx with known vulnerabilities",
PackageManagers = ["apt"],
ExpectedMinPackages = 100,
Category = ImageCategory.KnownVulnerable,
ExpectedMinCVEs = 5
},
new ParityImageFixture
{
Name = "vuln-postgres",
Image = "postgres:14",
Description = "PostgreSQL with known vulnerabilities",
PackageManagers = ["apt"],
ExpectedMinPackages = 100,
Category = ImageCategory.KnownVulnerable,
ExpectedMinCVEs = 3
},
// Complex multi-layer images
new ParityImageFixture
{
Name = "complex-wordpress",
Image = "wordpress:6.4-php8.2-apache",
Description = "WordPress with PHP and Apache (complex layers)",
PackageManagers = ["apt", "composer"],
ExpectedMinPackages = 200,
Category = ImageCategory.ComplexApp
},
new ParityImageFixture
{
Name = "complex-redis",
Image = "redis:7.2-bookworm",
Description = "Redis server with multiple dependencies",
PackageManagers = ["apt"],
ExpectedMinPackages = 50,
Category = ImageCategory.ComplexApp
}
];
///
/// Gets fixtures filtered by category.
///
public static IEnumerable GetByCategory(ImageCategory category)
=> Fixtures.Where(f => f.Category == category);
///
/// Gets fixtures that have expected CVEs (for vulnerability comparison).
///
public static IEnumerable GetVulnerableFixtures()
=> Fixtures.Where(f => f.ExpectedMinCVEs > 0);
}
///
/// Represents a container image fixture for parity testing.
///
public sealed class ParityImageFixture
{
///
/// Unique name for this fixture.
///
public required string Name { get; init; }
///
/// Docker image reference (e.g., "alpine:3.19.0").
///
public required string Image { get; init; }
///
/// Human-readable description of the fixture.
///
public required string Description { get; init; }
///
/// Package managers expected in this image.
///
public required string[] PackageManagers { get; init; }
///
/// Minimum expected package count (for validation).
///
public int ExpectedMinPackages { get; init; }
///
/// Category of this fixture.
///
public ImageCategory Category { get; init; }
///
/// Minimum expected CVE count (for vulnerable images).
///
public int ExpectedMinCVEs { get; init; }
public override string ToString() => $"{Name} ({Image})";
}
///
/// Categories for fixture images.
///
public enum ImageCategory
{
/// Base OS image (Alpine, Debian, Ubuntu, RHEL).
BaseOS,
/// Language runtime image (Python, Node, Go, Java, Rust, .NET).
LanguageRuntime,
/// Image with known vulnerabilities for CVE comparison.
KnownVulnerable,
/// Complex multi-layer application image.
ComplexApp
}