60 lines
1.7 KiB
C#
60 lines
1.7 KiB
C#
using System;
|
|
using System.IO;
|
|
using System.Threading.Tasks;
|
|
using StellaOps.Policy;
|
|
using Xunit;
|
|
|
|
namespace StellaOps.Policy.Tests;
|
|
|
|
public class PolicyValidationCliTests
|
|
{
|
|
[Trait("Category", TestCategories.Unit)]
|
|
[Fact]
|
|
public async Task RunAsync_EmitsCanonicalDigest_OnValidPolicy()
|
|
{
|
|
var tmp = Path.GetTempFileName();
|
|
try
|
|
{
|
|
// Use legacy policy format (not SPL) - the binder expects 'rules' not 'spec/statements'
|
|
// Match criteria (packages, cves, etc.) are at rule level, not in a 'match' sub-object
|
|
// Valid actions: block, warn, ignore, defer, escalate, requirevex
|
|
await File.WriteAllTextAsync(tmp, """
|
|
{
|
|
"version": "1.0",
|
|
"metadata": { "name": "demo" },
|
|
"rules": [
|
|
{
|
|
"name": "Block Critical",
|
|
"id": "BLOCK-CRIT",
|
|
"action": "block",
|
|
"severity": ["critical"]
|
|
}
|
|
]
|
|
}
|
|
""");
|
|
|
|
var options = new PolicyValidationCliOptions
|
|
{
|
|
Inputs = new[] { tmp },
|
|
OutputJson = true, // Digest is only included in JSON output
|
|
Strict = false,
|
|
};
|
|
|
|
using var output = new StringWriter();
|
|
using var error = new StringWriter();
|
|
using StellaOps.TestKit;
|
|
var cli = new PolicyValidationCli(output, error);
|
|
|
|
var exit = await cli.RunAsync(options);
|
|
|
|
Assert.Equal(0, exit);
|
|
var text = output.ToString();
|
|
Assert.Contains("canonical.spl.digest:", text, StringComparison.Ordinal);
|
|
}
|
|
finally
|
|
{
|
|
File.Delete(tmp);
|
|
}
|
|
}
|
|
}
|