stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
cce96f35969f582be8ab94908e1b3a1f8e3c0e58
git.stella-ops.org/tests/reachability/StellaOps.Reachability.FixtureTests/ReachabilityReplayWriterTests.cs
master 536f6249a6
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Add SBOM, symbols, traces, and VEX files for CVE-2022-21661 SQLi case 
- Created CycloneDX and SPDX SBOM files for both reachable and unreachable images.
- Added symbols.json detailing function entry and sink points in the WordPress code.
- Included runtime traces for function calls in both reachable and unreachable scenarios.
- Developed OpenVEX files indicating vulnerability status and justification for both cases.
- Updated README for evaluator harness to guide integration with scanner output.
2025-11-08 20:53:45 +02:00

62 lines
2.6 KiB
C#
Raw Blame History

using System;
using System.Collections.Generic;
using System.Globalization;
using FluentAssertions;
using StellaOps.Replay.Core;
using StellaOps.Scanner.Reachability;
using Xunit;
namespace StellaOps.Reachability.FixtureTests;
public sealed class ReachabilityReplayWriterTests
{
[Fact]
public void AttachEvidence_AppendsGraphsAndTracesDeterministically()
{
var manifest = new ReplayManifest
{
Scan = new ReplayScanMetadata { Id = "scan-123", Time = DateTimeOffset.Parse("2025-10-15T10:00:00Z", CultureInfo.InvariantCulture) }
};
var graphs = new List<ReachabilityReplayGraph>
{
new("static", "cas://graph/B", "ABCDEF", "scanner-jvm", "1.0.0"),
new("framework", "cas://graph/A", "abcdef", "scanner-jvm", "1.0.0"),
new("static", "cas://graph/B", "ABCDEF", "scanner-jvm", "1.0.0") // duplicate
};
var traces = new List<ReachabilityReplayTrace>
{
new("zastava", "cas://trace/1", "FFEE", DateTimeOffset.Parse("2025-10-15T09:00:00+02:00", CultureInfo.InvariantCulture)),
new("zastava", "cas://trace/2", "ffee", DateTimeOffset.Parse("2025-10-15T09:05:00Z", CultureInfo.InvariantCulture)),
new("zastava", "cas://trace/1", "FFEE", DateTimeOffset.Parse("2025-10-15T09:00:00Z", CultureInfo.InvariantCulture)) // duplicate once normalized
};
var writer = new ReachabilityReplayWriter();
writer.AttachEvidence(manifest, graphs, traces);
manifest.Reachability.Should().NotBeNull();
manifest.Reachability!.Graphs.Should().HaveCount(2);
manifest.Reachability.Graphs[0].CasUri.Should().Be("cas://graph/A");
manifest.Reachability.Graphs[0].Sha256.Should().Be("abcdef");
manifest.Reachability.Graphs[1].CasUri.Should().Be("cas://graph/B");
manifest.Reachability.Graphs[1].Kind.Should().Be("static");
manifest.Reachability.RuntimeTraces.Should().HaveCount(2);
manifest.Reachability.RuntimeTraces[0].RecordedAt.Should().Be(DateTimeOffset.Parse("2025-10-15T07:00:00Z"));
manifest.Reachability.RuntimeTraces[0].Sha256.Should().Be("ffee");
manifest.Reachability.RuntimeTraces[1].CasUri.Should().Be("cas://trace/2");
}
[Fact]
public void AttachEvidence_DoesNotCreateSectionWhenEmpty()
{
var manifest = new ReplayManifest();
var writer = new ReachabilityReplayWriter();
writer.AttachEvidence(manifest, Array.Empty<ReachabilityReplayGraph>(), Array.Empty<ReachabilityReplayTrace>());
manifest.Reachability.Should().BeNull();
}
}
Reference in New Issue View Git Blame Copy Permalink