stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Refactor SurfaceCacheValidator to simplify oldest entry calculation

Browse Source 
Add global using for Xunit in test project

Enhance ImportValidatorTests with async validation and quarantine checks

Implement FileSystemQuarantineServiceTests for quarantine functionality

Add integration tests for ImportValidator to check monotonicity

Create BundleVersionTests to validate version parsing and comparison logic

Implement VersionMonotonicityCheckerTests for monotonicity checks and activation logic
This commit is contained in:
master
2025-12-16 10:44:00 +02:00
parent b1f40945b7
commit 4391f35d8a
107 changed files with 10844 additions and 287 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
src/Scanner/StellaOps.Scanner.WebService/Services/IReachabilityExplainService.cs Normal file
View File

@@ -0,0 +1,72 @@
using StellaOps.Scanner.WebService.Domain;
namespace StellaOps.Scanner.WebService.Services;
/// <summary>
/// Explanation reason with code and impact.
/// </summary>
public sealed record ExplanationReason(
string Code,
string Description,
double? Impact = null);
/// <summary>
/// Static analysis evidence.
/// </summary>
public sealed record StaticAnalysisEvidence(
string? CallgraphDigest = null,
int? PathLength = null,
IReadOnlyList<string>? EdgeTypes = null);
/// <summary>
/// Runtime evidence.
/// </summary>
public sealed record RuntimeEvidence(
bool Observed,
int HitCount = 0,
DateTimeOffset? LastObserved = null);
/// <summary>
/// Policy evaluation result.
/// </summary>
public sealed record PolicyEvaluationEvidence(
string? PolicyDigest = null,
string? Verdict = null,
string? VerdictReason = null);
/// <summary>
/// Evidence chain for explanation.
/// </summary>
public sealed record EvidenceChain(
StaticAnalysisEvidence? StaticAnalysis = null,
RuntimeEvidence? RuntimeEvidence = null,
PolicyEvaluationEvidence? PolicyEvaluation = null);
/// <summary>
/// Full reachability explanation.
/// </summary>
public sealed record ReachabilityExplanation(
string CveId,
string Purl,
string Status,
double Confidence,
string? LatticeState = null,
IReadOnlyList<string>? PathWitness = null,
IReadOnlyList<ExplanationReason>? Why = null,
EvidenceChain? Evidence = null,
string? SpineId = null);
/// <summary>
/// Service for explaining reachability decisions.
/// </summary>
public interface IReachabilityExplainService
{
/// <summary>
/// Explains why a CVE affects a component.
/// </summary>
Task<ReachabilityExplanation?> ExplainAsync(
ScanId scanId,
string cveId,
string purl,
CancellationToken cancellationToken = default);
}