stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
37cba8370801afd323cbd66210cfcb6194bfb2b2
git.stella-ops.org/src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/LinksetResolverTests.cs
StellaOps Bot 37cba83708
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Export Center CI / export-ci (push) Has been cancelled
Details
devportal-offline / build-offline (push) Has been cancelled
Details
up
2025-12-03 00:10:19 +02:00

113 lines
4.1 KiB
C#
Raw Blame History

using System.Collections.Immutable;
using System.Linq;
using Microsoft.Extensions.Logging.Abstractions;
using StellaOps.Concelier.Core.Linksets;
using StellaOps.Scanner.Surface.Env;
using StellaOps.Scanner.WebService.Contracts;
using StellaOps.Scanner.WebService.Services;
namespace StellaOps.Scanner.WebService.Tests;
public sealed class LinksetResolverTests
{
[Fact]
public async Task ResolveAsync_MapsSeveritiesAndConflicts()
{
var linkset = new AdvisoryLinkset(
TenantId: "tenant-a",
Source: "osv",
AdvisoryId: "CVE-2025-0001",
ObservationIds: ImmutableArray<string>.Empty,
Normalized: new AdvisoryLinksetNormalized(
Purls: new[] { "pkg:npm/demo@1.0.0" },
Cpes: Array.Empty<string>(),
Versions: Array.Empty<string>(),
Ranges: Array.Empty<Dictionary<string, object?>>(),
Severities: new[]
{
new Dictionary<string, object?>(StringComparer.Ordinal)
{
["source"] = "nvd",
["type"] = "cvssv3",
["score"] = 9.8,
["vector"] = "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
["labels"] = new Dictionary<string, object?> { ["preferred"] = "true" }
}
}),
Provenance: null,
Confidence: 0.91,
Conflicts: new[] { new AdvisoryLinksetConflict("severity", "disagree", new[] { "cvssv2", "cvssv3" }) },
CreatedAt: DateTimeOffset.UtcNow,
BuiltByJobId: "job-1");
var resolver = new LinksetResolver(
new FakeLinksetQueryService(linkset),
new FakeSurfaceEnvironment(),
NullLogger<LinksetResolver>.Instance);
var result = await resolver.ResolveAsync(new[]
{
new PolicyPreviewFindingDto { Id = "CVE-2025-0001" }
}, CancellationToken.None);
var summary = Assert.Single(result);
Assert.Equal("CVE-2025-0001", summary.AdvisoryId);
Assert.Equal("osv", summary.Source);
Assert.Equal(0.91, summary.Confidence);
var severity = Assert.Single(summary.Severities!);
Assert.Equal("nvd", severity.Source);
Assert.Equal("cvssv3", severity.Type);
Assert.Equal(9.8, severity.Score);
Assert.Equal("AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", severity.Vector);
Assert.NotNull(severity.Labels);
var conflict = Assert.Single(summary.Conflicts!);
Assert.Equal("severity", conflict.Field);
Assert.Equal("disagree", conflict.Reason);
}
[Fact]
public async Task ResolveAsync_ReturnsEmptyWhenNoIds()
{
var resolver = new LinksetResolver(
new FakeLinksetQueryService(),
new FakeSurfaceEnvironment(),
NullLogger<LinksetResolver>.Instance);
var result = await resolver.ResolveAsync(Array.Empty<PolicyPreviewFindingDto>(), CancellationToken.None);
Assert.Empty(result);
}
private sealed class FakeLinksetQueryService : IAdvisoryLinksetQueryService
{
private readonly AdvisoryLinkset[] _linksets;
public FakeLinksetQueryService(params AdvisoryLinkset[] linksets)
{
_linksets = linksets;
}
public Task<AdvisoryLinksetQueryResult> QueryAsync(AdvisoryLinksetQueryOptions options, CancellationToken cancellationToken)
{
var matched = _linksets
.Where(ls => options.AdvisoryIds?.Contains(ls.AdvisoryId, StringComparer.OrdinalIgnoreCase) == true)
.ToImmutableArray();
return Task.FromResult(new AdvisoryLinksetQueryResult(matched, null, false));
}
}
private sealed class FakeSurfaceEnvironment : ISurfaceEnvironment
{
public SurfaceEnvironmentSettings Settings { get; } = new()
{
Tenant = "tenant-a"
};
public IReadOnlyDictionary<string, string> RawVariables { get; } = new Dictionary<string, string>(StringComparer.Ordinal)
{
["SCANNER__TENANT"] = "tenant-a"
};
}
}
Reference in New Issue View Git Blame Copy Permalink