Refactor code structure for improved readability and maintainability; optimize performance in key functions.

2025-12-22 19:06:31 +02:00
parent dfaa2079aa
commit 4602ccc3a3
1444 changed files with 109919 additions and 8058 deletions
--- a/src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.FixIndex/Models/FixEvidence.cs
+++ b/src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.FixIndex/Models/FixEvidence.cs
@@ -0,0 +1,132 @@
+namespace StellaOps.BinaryIndex.FixIndex.Models;
+
+/// <summary>
+/// Evidence of a CVE fix in a distro package.
+/// </summary>
+public sealed record FixEvidence
+{
+    /// <summary>Distro identifier (e.g., "debian", "ubuntu", "alpine")</summary>
+    public required string Distro { get; init; }
+
+    /// <summary>Release/codename (e.g., "bookworm", "jammy", "v3.19")</summary>
+    public required string Release { get; init; }
+
+    /// <summary>Source package name</summary>
+    public required string SourcePkg { get; init; }
+
+    /// <summary>CVE identifier (e.g., "CVE-2024-1234")</summary>
+    public required string CveId { get; init; }
+
+    /// <summary>Fix state</summary>
+    public required FixState State { get; init; }
+
+    /// <summary>Version where the fix was applied (if applicable)</summary>
+    public string? FixedVersion { get; init; }
+
+    /// <summary>Method used to detect the fix</summary>
+    public required FixMethod Method { get; init; }
+
+    /// <summary>Confidence score (0.0 - 1.0)</summary>
+    public required decimal Confidence { get; init; }
+
+    /// <summary>Evidence payload for audit trail</summary>
+    public required FixEvidencePayload Evidence { get; init; }
+
+    /// <summary>Corpus snapshot ID (if from snapshot ingestion)</summary>
+    public Guid? SnapshotId { get; init; }
+
+    /// <summary>Timestamp when this evidence was created</summary>
+    public DateTimeOffset CreatedAt { get; init; }
+}
+
+/// <summary>
+/// Fix state enumeration.
+/// </summary>
+public enum FixState
+{
+    /// <summary>CVE is fixed in this version</summary>
+    Fixed,
+
+    /// <summary>CVE affects this package</summary>
+    Vulnerable,
+
+    /// <summary>CVE does not affect this package</summary>
+    NotAffected,
+
+    /// <summary>Fix won't be applied (e.g., EOL version)</summary>
+    Wontfix,
+
+    /// <summary>Unknown status</summary>
+    Unknown
+}
+
+/// <summary>
+/// Method used to identify the fix.
+/// </summary>
+public enum FixMethod
+{
+    /// <summary>From official security feed (OVAL, DSA, etc.)</summary>
+    SecurityFeed,
+
+    /// <summary>Parsed from Debian/Ubuntu changelog</summary>
+    Changelog,
+
+    /// <summary>Extracted from patch header (DEP-3)</summary>
+    PatchHeader,
+
+    /// <summary>Matched against upstream patch database</summary>
+    UpstreamPatchMatch
+}
+
+/// <summary>
+/// Base class for evidence payloads.
+/// </summary>
+public abstract record FixEvidencePayload;
+
+/// <summary>
+/// Evidence from changelog parsing.
+/// </summary>
+public sealed record ChangelogEvidence : FixEvidencePayload
+{
+    /// <summary>Path to changelog file</summary>
+    public required string File { get; init; }
+
+    /// <summary>Version from changelog entry</summary>
+    public required string Version { get; init; }
+
+    /// <summary>Excerpt from changelog mentioning CVE</summary>
+    public required string Excerpt { get; init; }
+
+    /// <summary>Line number where CVE was mentioned</summary>
+    public int? LineNumber { get; init; }
+}
+
+/// <summary>
+/// Evidence from patch header parsing.
+/// </summary>
+public sealed record PatchHeaderEvidence : FixEvidencePayload
+{
+    /// <summary>Path to patch file</summary>
+    public required string PatchPath { get; init; }
+
+    /// <summary>SHA-256 digest of patch file</summary>
+    public required string PatchSha256 { get; init; }
+
+    /// <summary>Excerpt from patch header</summary>
+    public required string HeaderExcerpt { get; init; }
+}
+
+/// <summary>
+/// Evidence from official security feed.
+/// </summary>
+public sealed record SecurityFeedEvidence : FixEvidencePayload
+{
+    /// <summary>Feed identifier (e.g., "alpine-secfixes", "debian-oval")</summary>
+    public required string FeedId { get; init; }
+
+    /// <summary>Entry identifier within the feed</summary>
+    public required string EntryId { get; init; }
+
+    /// <summary>Published timestamp from feed</summary>
+    public required DateTimeOffset PublishedAt { get; init; }
+}