stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

mock data

Browse Source
This commit is contained in:
master
2026-02-21 19:10:28 +02:00
parent b911537870
commit 1edce73165
61 changed files with 2325 additions and 3424 deletions
Download Patch File Download Diff File Expand all files Collapse all files

131
src/Concelier/__Libraries/StellaOps.Concelier.Persistence/Migrations/S001_demo_seed.sql Normal file
View File

@@ -0,0 +1,131 @@
-- Migration: S001_demo_seed
-- Category: seed
-- Description: Demo data for Concelier/Vuln module (sources, advisories, SBOMs)
-- Idempotent: ON CONFLICT DO NOTHING
-- ============================================================================
-- Advisory Sources
-- ============================================================================
INSERT INTO vuln.sources (id, key, name, source_type, url, priority, enabled, config)
VALUES
('c0000001-0000-0000-0000-000000000001', 'nvd', 'National Vulnerability Database', 'api',
'https://services.nvd.nist.gov/rest/json/cves/2.0', 10, true,
'{"apiVersion": "2.0", "rateLimit": 50, "batchSize": 2000}'::jsonb),
('c0000001-0000-0000-0000-000000000002', 'osv', 'Open Source Vulnerabilities', 'api',
'https://api.osv.dev/v1/vulns', 20, true,
'{"ecosystems": ["npm", "PyPI", "Go", "Maven", "NuGet"]}'::jsonb),
('c0000001-0000-0000-0000-000000000003', 'github', 'GitHub Advisory Database', 'api',
'https://api.github.com/advisories', 15, true,
'{"ecosystems": ["npm", "pip", "go", "maven", "nuget", "rubygems"]}'::jsonb)
ON CONFLICT (key) DO NOTHING;
-- ============================================================================
-- Source States
-- ============================================================================
INSERT INTO vuln.source_states (id, source_id, cursor, last_sync_at, last_success_at, sync_count, error_count)
VALUES
('c0000002-0000-0000-0000-000000000001', 'c0000001-0000-0000-0000-000000000001',
'2026-02-21T00:00:00Z', NOW() - INTERVAL '1 hour', NOW() - INTERVAL '1 hour', 720, 3),
('c0000002-0000-0000-0000-000000000002', 'c0000001-0000-0000-0000-000000000002',
'2026-02-21T00:00:00Z', NOW() - INTERVAL '30 minutes', NOW() - INTERVAL '30 minutes', 720, 1),
('c0000002-0000-0000-0000-000000000003', 'c0000001-0000-0000-0000-000000000003',
'2026-02-20T18:00:00Z', NOW() - INTERVAL '6 hours', NOW() - INTERVAL '6 hours', 360, 5)
ON CONFLICT (source_id) DO NOTHING;
-- ============================================================================
-- Advisories (20 demo CVEs with varying severities)
-- ============================================================================
INSERT INTO vuln.advisories (id, advisory_key, primary_vuln_id, source_id, title, summary, severity, published_at, provenance)
VALUES
('c0000003-0000-0000-0000-000000000001', 'GHSA-demo-0001', 'CVE-2026-10001', 'c0000001-0000-0000-0000-000000000001',
'Remote Code Execution in libxml2', 'A heap buffer overflow in libxml2 allows remote attackers to execute arbitrary code via crafted XML input.',
'critical', NOW() - INTERVAL '3 days', '{"source_key": "nvd", "ingested_at": "2026-02-18T10:00:00Z"}'::jsonb),
('c0000003-0000-0000-0000-000000000002', 'GHSA-demo-0002', 'CVE-2026-10002', 'c0000001-0000-0000-0000-000000000001',
'SQL Injection in Django ORM', 'Improper input validation in Django ORM allows SQL injection via crafted query parameters.',
'critical', NOW() - INTERVAL '5 days', '{"source_key": "nvd", "ingested_at": "2026-02-16T14:00:00Z"}'::jsonb),
('c0000003-0000-0000-0000-000000000003', 'GHSA-demo-0003', 'CVE-2026-10003', 'c0000001-0000-0000-0000-000000000002',
'Prototype Pollution in lodash', 'Prototype pollution vulnerability in lodash merge function allows property injection.',
'high', NOW() - INTERVAL '7 days', '{"source_key": "osv", "ingested_at": "2026-02-14T08:00:00Z"}'::jsonb),
('c0000003-0000-0000-0000-000000000004', 'GHSA-demo-0004', 'CVE-2026-10004', 'c0000001-0000-0000-0000-000000000003',
'Path Traversal in Express.js static middleware', 'Directory traversal in serve-static middleware allows reading arbitrary files.',
'high', NOW() - INTERVAL '10 days', '{"source_key": "github", "ingested_at": "2026-02-11T12:00:00Z"}'::jsonb),
('c0000003-0000-0000-0000-000000000005', 'GHSA-demo-0005', 'CVE-2026-10005', 'c0000001-0000-0000-0000-000000000001',
'Denial of Service in OpenSSL', 'Infinite loop in OpenSSL certificate verification leads to CPU exhaustion.',
'high', NOW() - INTERVAL '12 days', '{"source_key": "nvd", "ingested_at": "2026-02-09T16:00:00Z"}'::jsonb),
('c0000003-0000-0000-0000-000000000006', 'GHSA-demo-0006', 'CVE-2026-10006', 'c0000001-0000-0000-0000-000000000002',
'Cross-Site Scripting in React markdown renderer', 'XSS vulnerability in react-markdown allows script injection via crafted markdown.',
'medium', NOW() - INTERVAL '14 days', '{"source_key": "osv", "ingested_at": "2026-02-07T09:00:00Z"}'::jsonb),
('c0000003-0000-0000-0000-000000000007', 'GHSA-demo-0007', 'CVE-2026-10007', 'c0000001-0000-0000-0000-000000000001',
'Information Disclosure in PostgreSQL', 'Improper access control in pg_stat_statements leaks query parameters.',
'medium', NOW() - INTERVAL '15 days', '{"source_key": "nvd", "ingested_at": "2026-02-06T11:00:00Z"}'::jsonb),
('c0000003-0000-0000-0000-000000000008', 'GHSA-demo-0008', 'CVE-2026-10008', 'c0000001-0000-0000-0000-000000000003',
'Timing Side-Channel in bcrypt', 'Timing attack on bcrypt comparison allows password hash enumeration.',
'medium', NOW() - INTERVAL '18 days', '{"source_key": "github", "ingested_at": "2026-02-03T15:00:00Z"}'::jsonb),
('c0000003-0000-0000-0000-000000000009', 'GHSA-demo-0009', 'CVE-2026-10009', 'c0000001-0000-0000-0000-000000000002',
'Regular Expression Denial of Service in validator.js', 'ReDoS in email validation regex causes CPU exhaustion with crafted input.',
'medium', NOW() - INTERVAL '20 days', '{"source_key": "osv", "ingested_at": "2026-02-01T10:00:00Z"}'::jsonb),
('c0000003-0000-0000-0000-000000000010', 'GHSA-demo-0010', 'CVE-2026-10010', 'c0000001-0000-0000-0000-000000000001',
'Privilege Escalation in containerd', 'Container escape via volume mount allows host filesystem access.',
'critical', NOW() - INTERVAL '2 days', '{"source_key": "nvd", "ingested_at": "2026-02-19T08:00:00Z"}'::jsonb),
('c0000003-0000-0000-0000-000000000011', 'GHSA-demo-0011', 'CVE-2026-10011', 'c0000001-0000-0000-0000-000000000002',
'Insecure Deserialization in Jackson', 'Polymorphic deserialization gadget chain allows remote code execution.',
'high', NOW() - INTERVAL '8 days', '{"source_key": "osv", "ingested_at": "2026-02-13T14:00:00Z"}'::jsonb),
('c0000003-0000-0000-0000-000000000012', 'GHSA-demo-0012', 'CVE-2026-10012', 'c0000001-0000-0000-0000-000000000003',
'SSRF in Axios HTTP client', 'Server-side request forgery via redirect following in Axios allows internal network scanning.',
'high', NOW() - INTERVAL '11 days', '{"source_key": "github", "ingested_at": "2026-02-10T09:00:00Z"}'::jsonb),
('c0000003-0000-0000-0000-000000000013', 'GHSA-demo-0013', 'CVE-2026-10013', 'c0000001-0000-0000-0000-000000000001',
'Buffer Overflow in zlib', 'Heap buffer overflow in inflate allows denial of service via crafted compressed data.',
'medium', NOW() - INTERVAL '22 days', '{"source_key": "nvd", "ingested_at": "2026-01-30T16:00:00Z"}'::jsonb),
('c0000003-0000-0000-0000-000000000014', 'GHSA-demo-0014', 'CVE-2026-10014', 'c0000001-0000-0000-0000-000000000002',
'Open Redirect in passport.js', 'Improper URL validation allows open redirect after authentication.',
'low', NOW() - INTERVAL '25 days', '{"source_key": "osv", "ingested_at": "2026-01-27T12:00:00Z"}'::jsonb),
('c0000003-0000-0000-0000-000000000015', 'GHSA-demo-0015', 'CVE-2026-10015', 'c0000001-0000-0000-0000-000000000003',
'Cleartext Storage of Credentials in dotenv', 'Environment file parser stores secrets in process memory without protection.',
'low', NOW() - INTERVAL '28 days', '{"source_key": "github", "ingested_at": "2026-01-24T11:00:00Z"}'::jsonb),
('c0000003-0000-0000-0000-000000000016', 'GHSA-demo-0016', 'CVE-2026-10016', 'c0000001-0000-0000-0000-000000000001',
'Use After Free in curl', 'Use-after-free in connection pool allows crash via concurrent HTTP/2 requests.',
'high', NOW() - INTERVAL '4 days', '{"source_key": "nvd", "ingested_at": "2026-02-17T13:00:00Z"}'::jsonb),
('c0000003-0000-0000-0000-000000000017', 'GHSA-demo-0017', 'CVE-2026-10017', 'c0000001-0000-0000-0000-000000000002',
'Authentication Bypass in JWT library', 'Algorithm confusion allows forging tokens with HMAC using RSA public key.',
'critical', NOW() - INTERVAL '1 day', '{"source_key": "osv", "ingested_at": "2026-02-20T07:00:00Z"}'::jsonb),
('c0000003-0000-0000-0000-000000000018', 'GHSA-demo-0018', 'CVE-2026-10018', 'c0000001-0000-0000-0000-000000000003',
'XML External Entity in Apache POI', 'XXE vulnerability allows reading arbitrary files via crafted XLSX documents.',
'medium', NOW() - INTERVAL '16 days', '{"source_key": "github", "ingested_at": "2026-02-05T10:00:00Z"}'::jsonb),
('c0000003-0000-0000-0000-000000000019', 'GHSA-demo-0019', 'CVE-2026-10019', 'c0000001-0000-0000-0000-000000000001',
'Integer Overflow in ImageMagick', 'Integer overflow in image dimension handling allows heap corruption.',
'medium', NOW() - INTERVAL '19 days', '{"source_key": "nvd", "ingested_at": "2026-02-02T14:00:00Z"}'::jsonb),
('c0000003-0000-0000-0000-000000000020', 'GHSA-demo-0020', 'CVE-2026-10020', 'c0000001-0000-0000-0000-000000000002',
'Command Injection in ShellJS', 'Unsanitized input to exec function allows arbitrary command execution.',
'high', NOW() - INTERVAL '6 days', '{"source_key": "osv", "ingested_at": "2026-02-15T09:00:00Z"}'::jsonb)
ON CONFLICT (advisory_key) DO NOTHING;
-- ============================================================================
-- CVSS Scores for advisories
-- ============================================================================
INSERT INTO vuln.advisory_cvss (id, advisory_id, cvss_version, vector_string, base_score, base_severity, source, is_primary)
VALUES
('c0000004-0000-0000-0000-000000000001', 'c0000003-0000-0000-0000-000000000001', '3.1', 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H', 9.8, 'CRITICAL', 'NVD', true),
('c0000004-0000-0000-0000-000000000002', 'c0000003-0000-0000-0000-000000000002', '3.1', 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N', 9.1, 'CRITICAL', 'NVD', true),
('c0000004-0000-0000-0000-000000000003', 'c0000003-0000-0000-0000-000000000003', '3.1', 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N', 7.5, 'HIGH', 'NVD', true),
('c0000004-0000-0000-0000-000000000004', 'c0000003-0000-0000-0000-000000000004', '3.1', 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N', 7.5, 'HIGH', 'NVD', true),
('c0000004-0000-0000-0000-000000000005', 'c0000003-0000-0000-0000-000000000005', '3.1', 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 7.5, 'HIGH', 'NVD', true),
('c0000004-0000-0000-0000-000000000010', 'c0000003-0000-0000-0000-000000000010', '3.1', 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H', 9.3, 'CRITICAL', 'NVD', true),
('c0000004-0000-0000-0000-000000000017', 'c0000003-0000-0000-0000-000000000017', '3.1', 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N', 9.1, 'CRITICAL', 'NVD', true)
ON CONFLICT (advisory_id, cvss_version, source) DO NOTHING;
-- ============================================================================
-- SBOM Registry (demo container images)
-- ============================================================================
INSERT INTO vuln.sbom_registry (id, digest, format, spec_version, primary_name, primary_version, component_count, affected_count, source, tenant_id)
VALUES
('c0000005-0000-0000-0000-000000000001', 'sha256:demo_nginx_latest', 'cyclonedx', '1.5', 'nginx', '1.25.4', 187, 12, 'scanner', 'demo-prod'),
('c0000005-0000-0000-0000-000000000002', 'sha256:demo_node_20', 'cyclonedx', '1.5', 'node', '20.11.1', 342, 8, 'scanner', 'demo-prod'),
('c0000005-0000-0000-0000-000000000003', 'sha256:demo_postgres_16', 'spdx', '2.3', 'postgres', '16.2', 156, 3, 'scanner', 'demo-prod'),
('c0000005-0000-0000-0000-000000000004', 'sha256:demo_redis_7', 'cyclonedx', '1.5', 'redis', '7.2.4', 89, 1, 'scanner', 'demo-prod'),
('c0000005-0000-0000-0000-000000000005', 'sha256:demo_dotnet_8', 'cyclonedx', '1.5', 'dotnet-runtime', '8.0.3', 267, 5, 'scanner', 'demo-prod')
ON CONFLICT (digest) DO NOTHING;