243 lines
8.0 KiB
C#
243 lines
8.0 KiB
C#
// -----------------------------------------------------------------------------
|
|
// ParityTestFixtureSet.cs
|
|
// Sprint: SPRINT_5100_0008_0001_competitor_parity
|
|
// Task: PARITY-5100-002 - Define parity test fixture set
|
|
// Description: Container image fixtures for parity testing against competitors
|
|
// -----------------------------------------------------------------------------
|
|
|
|
namespace StellaOps.Parity.Tests;
|
|
|
|
/// <summary>
|
|
/// Defines the standard fixture set for competitor parity testing.
|
|
/// Each fixture represents a container image with known vulnerabilities
|
|
/// that is used to compare StellaOps against Syft, Grype, and Trivy.
|
|
/// </summary>
|
|
public static class ParityTestFixtureSet
|
|
{
|
|
/// <summary>
|
|
/// Gets the list of container image fixtures for parity testing.
|
|
/// These images are chosen to cover:
|
|
/// - Different base OS distributions (Alpine, Debian, RHEL, Ubuntu)
|
|
/// - Different package managers (apk, apt, rpm, npm, pip, maven)
|
|
/// - Known vulnerabilities for validation
|
|
/// - Multi-language applications
|
|
/// </summary>
|
|
public static IReadOnlyList<ParityImageFixture> Fixtures { get; } =
|
|
[
|
|
// Alpine-based images
|
|
new ParityImageFixture
|
|
{
|
|
Name = "alpine-base",
|
|
Image = "alpine:3.19.0",
|
|
Description = "Alpine Linux base image with minimal packages",
|
|
PackageManagers = ["apk"],
|
|
ExpectedMinPackages = 10,
|
|
Category = ImageCategory.BaseOS
|
|
},
|
|
new ParityImageFixture
|
|
{
|
|
Name = "alpine-python",
|
|
Image = "python:3.12-alpine",
|
|
Description = "Python on Alpine with pip packages",
|
|
PackageManagers = ["apk", "pip"],
|
|
ExpectedMinPackages = 50,
|
|
Category = ImageCategory.LanguageRuntime
|
|
},
|
|
|
|
// Debian-based images
|
|
new ParityImageFixture
|
|
{
|
|
Name = "debian-base",
|
|
Image = "debian:bookworm-slim",
|
|
Description = "Debian bookworm slim base image",
|
|
PackageManagers = ["apt"],
|
|
ExpectedMinPackages = 50,
|
|
Category = ImageCategory.BaseOS
|
|
},
|
|
new ParityImageFixture
|
|
{
|
|
Name = "node-debian",
|
|
Image = "node:20-bookworm-slim",
|
|
Description = "Node.js on Debian with npm packages",
|
|
PackageManagers = ["apt", "npm"],
|
|
ExpectedMinPackages = 100,
|
|
Category = ImageCategory.LanguageRuntime
|
|
},
|
|
|
|
// Ubuntu-based images
|
|
new ParityImageFixture
|
|
{
|
|
Name = "ubuntu-base",
|
|
Image = "ubuntu:22.04",
|
|
Description = "Ubuntu 22.04 LTS base image",
|
|
PackageManagers = ["apt"],
|
|
ExpectedMinPackages = 80,
|
|
Category = ImageCategory.BaseOS
|
|
},
|
|
|
|
// RHEL/CentOS-based images
|
|
new ParityImageFixture
|
|
{
|
|
Name = "rhel-base",
|
|
Image = "rockylinux:9-minimal",
|
|
Description = "Rocky Linux 9 minimal (RHEL compatible)",
|
|
PackageManagers = ["rpm"],
|
|
ExpectedMinPackages = 30,
|
|
Category = ImageCategory.BaseOS
|
|
},
|
|
|
|
// Multi-language application images
|
|
new ParityImageFixture
|
|
{
|
|
Name = "go-app",
|
|
Image = "golang:1.22-bookworm",
|
|
Description = "Go application with standard library",
|
|
PackageManagers = ["apt", "go"],
|
|
ExpectedMinPackages = 150,
|
|
Category = ImageCategory.LanguageRuntime
|
|
},
|
|
new ParityImageFixture
|
|
{
|
|
Name = "java-app",
|
|
Image = "eclipse-temurin:21-jdk-jammy",
|
|
Description = "Java 21 with Maven dependencies",
|
|
PackageManagers = ["apt", "maven"],
|
|
ExpectedMinPackages = 100,
|
|
Category = ImageCategory.LanguageRuntime
|
|
},
|
|
new ParityImageFixture
|
|
{
|
|
Name = "rust-app",
|
|
Image = "rust:1.75-bookworm",
|
|
Description = "Rust with cargo dependencies",
|
|
PackageManagers = ["apt", "cargo"],
|
|
ExpectedMinPackages = 100,
|
|
Category = ImageCategory.LanguageRuntime
|
|
},
|
|
new ParityImageFixture
|
|
{
|
|
Name = "dotnet-app",
|
|
Image = "mcr.microsoft.com/dotnet/aspnet:8.0-bookworm-slim",
|
|
Description = ".NET 8 ASP.NET runtime",
|
|
PackageManagers = ["apt", "nuget"],
|
|
ExpectedMinPackages = 80,
|
|
Category = ImageCategory.LanguageRuntime
|
|
},
|
|
|
|
// Images with known CVEs (for vulnerability comparison)
|
|
new ParityImageFixture
|
|
{
|
|
Name = "vuln-nginx",
|
|
Image = "nginx:1.24",
|
|
Description = "nginx with known vulnerabilities",
|
|
PackageManagers = ["apt"],
|
|
ExpectedMinPackages = 100,
|
|
Category = ImageCategory.KnownVulnerable,
|
|
ExpectedMinCVEs = 5
|
|
},
|
|
new ParityImageFixture
|
|
{
|
|
Name = "vuln-postgres",
|
|
Image = "postgres:14",
|
|
Description = "PostgreSQL with known vulnerabilities",
|
|
PackageManagers = ["apt"],
|
|
ExpectedMinPackages = 100,
|
|
Category = ImageCategory.KnownVulnerable,
|
|
ExpectedMinCVEs = 3
|
|
},
|
|
|
|
// Complex multi-layer images
|
|
new ParityImageFixture
|
|
{
|
|
Name = "complex-wordpress",
|
|
Image = "wordpress:6.4-php8.2-apache",
|
|
Description = "WordPress with PHP and Apache (complex layers)",
|
|
PackageManagers = ["apt", "composer"],
|
|
ExpectedMinPackages = 200,
|
|
Category = ImageCategory.ComplexApp
|
|
},
|
|
new ParityImageFixture
|
|
{
|
|
Name = "complex-redis",
|
|
Image = "redis:7.2-bookworm",
|
|
Description = "Redis server with multiple dependencies",
|
|
PackageManagers = ["apt"],
|
|
ExpectedMinPackages = 50,
|
|
Category = ImageCategory.ComplexApp
|
|
}
|
|
];
|
|
|
|
/// <summary>
|
|
/// Gets fixtures filtered by category.
|
|
/// </summary>
|
|
public static IEnumerable<ParityImageFixture> GetByCategory(ImageCategory category)
|
|
=> Fixtures.Where(f => f.Category == category);
|
|
|
|
/// <summary>
|
|
/// Gets fixtures that have expected CVEs (for vulnerability comparison).
|
|
/// </summary>
|
|
public static IEnumerable<ParityImageFixture> GetVulnerableFixtures()
|
|
=> Fixtures.Where(f => f.ExpectedMinCVEs > 0);
|
|
}
|
|
|
|
/// <summary>
|
|
/// Represents a container image fixture for parity testing.
|
|
/// </summary>
|
|
public sealed class ParityImageFixture
|
|
{
|
|
/// <summary>
|
|
/// Unique name for this fixture.
|
|
/// </summary>
|
|
public required string Name { get; init; }
|
|
|
|
/// <summary>
|
|
/// Docker image reference (e.g., "alpine:3.19.0").
|
|
/// </summary>
|
|
public required string Image { get; init; }
|
|
|
|
/// <summary>
|
|
/// Human-readable description of the fixture.
|
|
/// </summary>
|
|
public required string Description { get; init; }
|
|
|
|
/// <summary>
|
|
/// Package managers expected in this image.
|
|
/// </summary>
|
|
public required string[] PackageManagers { get; init; }
|
|
|
|
/// <summary>
|
|
/// Minimum expected package count (for validation).
|
|
/// </summary>
|
|
public int ExpectedMinPackages { get; init; }
|
|
|
|
/// <summary>
|
|
/// Category of this fixture.
|
|
/// </summary>
|
|
public ImageCategory Category { get; init; }
|
|
|
|
/// <summary>
|
|
/// Minimum expected CVE count (for vulnerable images).
|
|
/// </summary>
|
|
public int ExpectedMinCVEs { get; init; }
|
|
|
|
public override string ToString() => $"{Name} ({Image})";
|
|
}
|
|
|
|
/// <summary>
|
|
/// Categories for fixture images.
|
|
/// </summary>
|
|
public enum ImageCategory
|
|
{
|
|
/// <summary>Base OS image (Alpine, Debian, Ubuntu, RHEL).</summary>
|
|
BaseOS,
|
|
|
|
/// <summary>Language runtime image (Python, Node, Go, Java, Rust, .NET).</summary>
|
|
LanguageRuntime,
|
|
|
|
/// <summary>Image with known vulnerabilities for CVE comparison.</summary>
|
|
KnownVulnerable,
|
|
|
|
/// <summary>Complex multi-layer application image.</summary>
|
|
ComplexApp
|
|
}
|