stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

feat: Implement BerkeleyDB reader for RPM databases
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Details
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
Details
console-runner-image / build-runner-image (push) Has been cancelled
Details
wine-csp-build / Build Wine CSP Image (push) Has been cancelled
Details
wine-csp-build / Integration Tests (push) Has been cancelled
Details
wine-csp-build / Security Scan (push) Has been cancelled
Details
wine-csp-build / Generate SBOM (push) Has been cancelled
Details
wine-csp-build / Publish Image (push) Has been cancelled
Details
wine-csp-build / Air-Gap Bundle (push) Has been cancelled
Details
wine-csp-build / Test Summary (push) Has been cancelled
Details

Browse Source 
- Added BerkeleyDbReader class to read and extract RPM header blobs from BerkeleyDB hash databases.
- Implemented methods to detect BerkeleyDB format and extract values, including handling of page sizes and magic numbers.
- Added tests for BerkeleyDbReader to ensure correct functionality and header extraction.

feat: Add Yarn PnP data tests

- Created YarnPnpDataTests to validate package resolution and data loading from Yarn PnP cache.
- Implemented tests for resolved keys, package presence, and loading from cache structure.

test: Add egg-info package fixtures for Python tests

- Created egg-info package fixtures for testing Python analyzers.
- Included PKG-INFO, entry_points.txt, and installed-files.txt for comprehensive coverage.

test: Enhance RPM database reader tests

- Added tests for RpmDatabaseReader to validate fallback to legacy packages when SQLite is missing.
- Implemented helper methods to create legacy package files and RPM headers for testing.

test: Implement dual signing tests

- Added DualSignTests to validate secondary signature addition when configured.
- Created stub implementations for crypto providers and key resolvers to facilitate testing.

chore: Update CI script for Playwright Chromium installation

- Modified ci-console-exports.sh to ensure deterministic Chromium binary installation for console exports tests.
- Added checks for Windows compatibility and environment variable setups for Playwright browsers.
This commit is contained in:
StellaOps Bot
2025-12-07 16:24:45 +02:00
parent e3f28a21ab
commit 11597679ed
199 changed files with 9809 additions and 4404 deletions
Download Patch File Download Diff File Expand all files Collapse all files

136
src/Concelier/__Libraries/StellaOps.Concelier.Connector.Jvn/Internal/JvnAdvisoryMapper.cs
View File

@@ -6,8 +6,8 @@ using StellaOps.Concelier.Connector.Common;
using StellaOps.Concelier.Normalization.Cvss;
using StellaOps.Concelier.Normalization.Identifiers;
using StellaOps.Concelier.Normalization.Text;
using StellaOps.Concelier.Storage.Mongo.Documents;
using StellaOps.Concelier.Storage.Mongo.Dtos;
using StellaOps.Concelier.Storage.Mongo;
using StellaOps.Concelier.Storage.Mongo;
using StellaOps.Concelier.Storage.Mongo.JpFlags;
namespace StellaOps.Concelier.Connector.Jvn.Internal;
@@ -156,12 +156,12 @@ internal static class JvnAdvisoryMapper
{
var packages = new List<AffectedPackage>();
foreach (var product in detail.Affected)
{
if (string.IsNullOrWhiteSpace(product.Cpe))
{
continue;
}
foreach (var product in detail.Affected)
{
if (string.IsNullOrWhiteSpace(product.Cpe))
{
continue;
}
if (!string.IsNullOrWhiteSpace(product.Status) && !product.Status.StartsWith("vulnerable", StringComparison.OrdinalIgnoreCase))
{
@@ -200,66 +200,66 @@ internal static class JvnAdvisoryMapper
var platform = product.Vendor ?? product.CpeVendor;
var versionRanges = BuildVersionRanges(product, recordedAt, provenance[0]);
packages.Add(new AffectedPackage(
AffectedPackageTypes.Cpe,
cpe!,
platform: platform,
versionRanges: versionRanges,
statuses: Array.Empty<AffectedPackageStatus>(),
provenance: provenance.ToArray()));
}
return packages;
}
private static IReadOnlyList<AffectedVersionRange> BuildVersionRanges(JvnAffectedProductDto product, DateTimeOffset recordedAt, AdvisoryProvenance provenance)
{
var extensions = new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
if (!string.IsNullOrWhiteSpace(product.Version))
{
extensions["jvn.version"] = product.Version!;
}
if (!string.IsNullOrWhiteSpace(product.Build))
{
extensions["jvn.build"] = product.Build!;
}
if (!string.IsNullOrWhiteSpace(product.Description))
{
extensions["jvn.description"] = product.Description!;
}
if (!string.IsNullOrWhiteSpace(product.Status))
{
extensions["jvn.status"] = product.Status!;
}
if (extensions.Count == 0)
{
return Array.Empty<AffectedVersionRange>();
}
var primitives = new RangePrimitives(
null,
null,
null,
extensions);
var expression = product.Version;
var range = new AffectedVersionRange(
rangeKind: "cpe",
introducedVersion: null,
fixedVersion: null,
lastAffectedVersion: null,
rangeExpression: string.IsNullOrWhiteSpace(expression) ? null : expression,
provenance: provenance,
primitives: primitives);
return new[] { range };
}
var versionRanges = BuildVersionRanges(product, recordedAt, provenance[0]);
packages.Add(new AffectedPackage(
AffectedPackageTypes.Cpe,
cpe!,
platform: platform,
versionRanges: versionRanges,
statuses: Array.Empty<AffectedPackageStatus>(),
provenance: provenance.ToArray()));
}
return packages;
}
private static IReadOnlyList<AffectedVersionRange> BuildVersionRanges(JvnAffectedProductDto product, DateTimeOffset recordedAt, AdvisoryProvenance provenance)
{
var extensions = new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
if (!string.IsNullOrWhiteSpace(product.Version))
{
extensions["jvn.version"] = product.Version!;
}
if (!string.IsNullOrWhiteSpace(product.Build))
{
extensions["jvn.build"] = product.Build!;
}
if (!string.IsNullOrWhiteSpace(product.Description))
{
extensions["jvn.description"] = product.Description!;
}
if (!string.IsNullOrWhiteSpace(product.Status))
{
extensions["jvn.status"] = product.Status!;
}
if (extensions.Count == 0)
{
return Array.Empty<AffectedVersionRange>();
}
var primitives = new RangePrimitives(
null,
null,
null,
extensions);
var expression = product.Version;
var range = new AffectedVersionRange(
rangeKind: "cpe",
introducedVersion: null,
fixedVersion: null,
lastAffectedVersion: null,
rangeExpression: string.IsNullOrWhiteSpace(expression) ? null : expression,
provenance: provenance,
primitives: primitives);
return new[] { range };
}
private static IReadOnlyList<CvssMetric> BuildCvss(JvnDetailDto detail, DateTimeOffset recordedAt, out string? severity)
{

4
src/Concelier/__Libraries/StellaOps.Concelier.Connector.Jvn/JvnConnector.cs
View File

@@ -11,8 +11,8 @@ using StellaOps.Concelier.Connector.Jvn.Configuration;
using StellaOps.Concelier.Connector.Jvn.Internal;
using StellaOps.Concelier.Storage.Mongo;
using StellaOps.Concelier.Storage.Mongo.Advisories;
using StellaOps.Concelier.Storage.Mongo.Documents;
using StellaOps.Concelier.Storage.Mongo.Dtos;
using StellaOps.Concelier.Storage.Mongo;
using StellaOps.Concelier.Storage.Mongo;
using StellaOps.Concelier.Storage.Mongo.JpFlags;
using StellaOps.Plugin;