b55d9fa68d
- Implemented InjectionTests.cs to cover various injection vulnerabilities including SQL, NoSQL, Command, LDAP, and XPath injections. - Created SsrfTests.cs to test for Server-Side Request Forgery (SSRF) vulnerabilities, including internal URL access, cloud metadata access, and URL allowlist bypass attempts. - Introduced MaliciousPayloads.cs to store a collection of malicious payloads for testing various security vulnerabilities. - Added SecurityAssertions.cs for common security-specific assertion helpers. - Established SecurityTestBase.cs as a base class for security tests, providing common infrastructure and mocking utilities. - Configured the test project StellaOps.Security.Tests.csproj with necessary dependencies for testing.
Policy Engine Host Template
This service hosts the Policy Engine APIs and background workers introduced in Policy Engine v2. The project currently ships a minimal bootstrap that validates configuration, registers Authority clients, and exposes readiness/health endpoints. Future tasks will extend it with compilation, evaluation, and persistence features.
Compliance Checklist
- Configuration loads from
policy-engine.yaml/environment variables and validates on startup. - Authority client scaffolding enforces
policy:*+effective:writescopes and respects back-channel timeouts. - Resource server authentication requires Policy Engine scopes with tenant-aware policies.
- Health and readiness endpoints exist for platform probes.
- Deterministic policy evaluation pipeline implemented (POLICY-ENGINE-20-002).
- PostgreSQL materialisation writers implemented (POLICY-ENGINE-20-004).
- Observability (metrics/traces/logs) completed (POLICY-ENGINE-20-007).
- Comprehensive test suites and perf baselines established (POLICY-ENGINE-20-008).