stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity
Files
7600caea632e9e44571bc1661003948a5e1d22fb
git.stella-ops.org/docs/dev/fixtures.md
master 7b5bdcf4d3 feat(docs): Add comprehensive documentation for Vexer, Vulnerability Explorer, and Zastava modules 
- Introduced AGENTS.md, README.md, TASKS.md, and implementation_plan.md for Vexer, detailing mission, responsibilities, key components, and operational notes.
- Established similar documentation structure for Vulnerability Explorer and Zastava modules, including their respective workflows, integrations, and observability notes.
- Created risk scoring profiles documentation outlining the core workflow, factor model, governance, and deliverables.
- Ensured all modules adhere to the Aggregation-Only Contract and maintain determinism and provenance in outputs.
2025-10-30 00:09:39 +02:00

4.2 KiB
Raw Blame History

Concelier Fixture Maintenance

Concelier uses a handful of deterministic fixtures to keep connector regressions in check. This guide lists the fixture sets, where they live, and how to regenerate them safely.

GHSA ↔ OSV parity fixtures

  • Location: src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Osv.Tests/Fixtures/osv-ghsa.*.json
  • Purpose: Exercised by OsvGhsaParityRegressionTests to ensure OSV + GHSA outputs stay aligned on aliases, ranges, references, and credits.
  • Regeneration: Either run the test harness with online regeneration (UPDATE_PARITY_FIXTURES=1 dotnet test src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Osv.Tests/StellaOps.Concelier.Connector.Osv.Tests.csproj) or execute the fixture updater (dotnet run --project src/Tools/FixtureUpdater/FixtureUpdater.csproj). Both paths normalise timestamps and canonical ordering.
  • SemVer provenance: The regenerated fixtures should show normalizedVersions[].notes in the osv:{ecosystem}:{advisoryId}:{identifier} shape emitted by SemVerRangeRuleBuilder. Confirm the constraints and notes line up with GHSA/NVD composites before committing.
  • Verification: Inspect the diff, then re-run dotnet test src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Osv.Tests/StellaOps.Concelier.Connector.Osv.Tests.csproj to confirm parity.

GHSA credit parity fixtures

  • Location: src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Ghsa.Tests/Fixtures/credit-parity.{ghsa,osv,nvd}.json
  • Purpose: Exercised by GhsaCreditParityRegressionTests to guarantee GHSA/NVD/OSV acknowledgements remain in lockstep.
  • Regeneration: dotnet run --project src/Tools/FixtureUpdater/FixtureUpdater.csproj rewrites all three canonical snapshots.
  • Verification: dotnet test src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Ghsa.Tests/StellaOps.Concelier.Connector.Ghsa.Tests.csproj.

Always commit fixture changes together with the code that motivated them and reference the regression test that guards the behaviour.

Apple security update fixtures

  • Location: src/Concelier/__Tests/StellaOps.Concelier.Connector.Vndr.Apple.Tests/Apple/Fixtures/*.html and .expected.json.
  • Purpose: Exercised by AppleLiveRegressionTests to guarantee the Apple HTML parser and mapper stay deterministic while covering Rapid Security Responses and multi-device advisories.
  • Regeneration: Use the helper scripts (scripts/update-apple-fixtures.sh or scripts/update-apple-fixtures.ps1). They export UPDATE_APPLE_FIXTURES=1, propagate the flag through WSLENV, touch .update-apple-fixtures, and then run the Apple test project. This keeps WSL/VSCode test invocations in sync while the refresh workflow fetches live Apple support pages, sanitises them, and rewrites both the HTML and expected DTO snapshots with normalised ordering.
  • Verification: Inspect the generated diffs and re-run dotnet test src/Concelier/__Tests/StellaOps.Concelier.Connector.Vndr.Apple.Tests/StellaOps.Concelier.Connector.Vndr.Apple.Tests.csproj without the env var to confirm determinism.

Tip for other connector owners: mirror the sentinel + WSLENV pattern (touch .update-<connector>-fixtures, append the env var via WSLENV) when you add fixture refresh scripts so contributors running under WSL inherit the regeneration flag automatically.

KISA advisory fixtures

  • Location: src/Concelier/__Tests/StellaOps.Concelier.Connector.Kisa.Tests/Fixtures/kisa-{feed,detail}.(xml|json)
  • Purpose: Used by KisaConnectorTests to verify Hangul-aware fetch → parse → map flows and to assert telemetry counters stay wired.
  • Regeneration: UPDATE_KISA_FIXTURES=1 dotnet test src/Concelier/__Tests/StellaOps.Concelier.Connector.Kisa.Tests/StellaOps.Concelier.Connector.Kisa.Tests.csproj
  • Verification: Re-run the same test suite without the env var; confirm advisory content remains NFC-normalised and HTML is sanitised. Metrics assertions will fail if counters drift.
  • Localisation note: RSS category values (e.g. 취약점정보) remain in Hangul—do not translate them in fixtures; they feed directly into metrics/log tags.