test(taxii): TAXII 2.1 contract-conformance suite#163
Merged
Conversation
Locks the public TAXII interop surface so a refactor can't silently break a downstream STIX consumer. Runs in-process via taxiiRouter.request() — no live server, no Postgres — covering the paths that resolve before any DB query: Discovery / Collections / Collection shapes + media type, auth gating (401), write-protection (403), body validation (400), read-protection (404). 13 assertions, ~1.3s. DB-backed object/manifest bodies stay in the integration suite. Documents (without ossifying) two real conformance gaps for a follow-up: the objects endpoint returns a STIX `bundle` rather than a TAXII 2.1 Envelope, and there's no distinct API-Root resource. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
rinjanianalytics
force-pushed
the
test/taxii-contract-conformance
branch
from
8188ee1 to
908579a
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
First of the cross-cutting hardening items. Locks the public TAXII 2.1 interop surface so a refactor can't silently break a downstream STIX consumer (OpenCTI / MISP / TheHive / a CERT).
Approach
Runs in-process via
taxiiRouter.request()— no live server, no Postgres — by exercising only the paths that resolve before any DB query. This makes it a fast unit test (regularpnpm test, ~1.3s), unlike the existing infra-heavy integration suite.13 assertions:
application/taxii+json;version=2.1media typeHonest scope note
DB-backed object/manifest bodies stay in the integration suite. And I found two real conformance gaps that I documented in the test header rather than asserting as "correct" (so this suite doesn't ossify them):
GET .../objects/returns a STIX bundle ({type,id,objects,more}); TAXII 2.1 §5.4 specifies an Envelope ({more,next?,objects}).{title,versions,max_content_length}) — Discovery and the api-root share/taxii2/.Both warrant a follow-up (needs the integration harness + a consumer-impact call, since the envelope change is consumer-facing). Flagging, not silently fixing.
gateway
tsc+ full api suite (1194 passed) green.