stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

Refactor code structure for improved readability and maintainability; optimize performance in key functions.

Browse Source
This commit is contained in:
master
2025-12-22 19:06:31 +02:00
parent dfaa2079aa
commit 4602ccc3a3
1444 changed files with 109919 additions and 8058 deletions
Download Patch File Download Diff File Expand all files Collapse all files

149
src/Excititor/StellaOps.Excititor.Worker/Scheduling/VexConsensusRefreshService.cs
View File

@@ -8,6 +8,8 @@ using Microsoft.Extensions.Hosting;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using StellaOps.Excititor.Core;
using StellaOps.Excititor.Core.Lattice;
using StellaOps.Excititor.Formats.OpenVEX;
using StellaOps.Excititor.Policy;
using StellaOps.Excititor.Worker.Options;
@@ -276,8 +278,9 @@ internal sealed class VexConsensusRefreshService : BackgroundService, IVexConsen
var consensusStore = scope.ServiceProvider.GetRequiredService<IVexConsensusStore>();
var holdStore = scope.ServiceProvider.GetRequiredService<IVexConsensusHoldStore>();
var claimStore = scope.ServiceProvider.GetRequiredService<IVexClaimStore>();
var providerStore = scope.ServiceProvider.GetRequiredService<IVexProviderStore>();
var policyProvider = scope.ServiceProvider.GetRequiredService<IVexPolicyProvider>();
var merger = scope.ServiceProvider.GetRequiredService<OpenVexStatementMerger>();
var lattice = scope.ServiceProvider.GetRequiredService<IVexLatticeProvider>();
existingConsensus ??= await consensusStore.FindAsync(vulnerabilityId, productKey, cancellationToken).ConfigureAwait(false);
@@ -292,25 +295,18 @@ internal sealed class VexConsensusRefreshService : BackgroundService, IVexConsen
var claimList = claims as IReadOnlyList<VexClaim> ?? claims.ToList();
var snapshot = policyProvider.GetSnapshot();
var providerCache = new Dictionary<string, VexProvider>(StringComparer.Ordinal);
var providers = await LoadProvidersAsync(claimList, providerStore, providerCache, cancellationToken).ConfigureAwait(false);
var product = ResolveProduct(claimList, productKey);
var calculatedAt = _timeProvider.GetUtcNow();
var resolver = new VexConsensusResolver(snapshot.ConsensusPolicy);
var request = new VexConsensusRequest(
vulnerabilityId,
product,
claimList.ToArray(),
providers,
calculatedAt,
snapshot.ConsensusOptions.WeightCeiling,
AggregateSignals(claimList),
snapshot.RevisionId,
snapshot.Digest);
var resolution = resolver.Resolve(request);
var candidate = NormalizePolicyMetadata(resolution.Consensus, snapshot);
var candidate = NormalizePolicyMetadata(
BuildConsensus(
vulnerabilityId,
claimList,
product,
AggregateSignals(claimList),
snapshot,
merger,
lattice,
_timeProvider),
snapshot);
await ApplyConsensusAsync(
candidate,
@@ -482,6 +478,83 @@ internal sealed class VexConsensusRefreshService : BackgroundService, IVexConsen
return new VexProduct(productKey, name: null, version: null, purl: inferredPurl);
}
private static VexConsensus BuildConsensus(
string vulnerabilityId,
IReadOnlyList<VexClaim> claims,
VexProduct product,
VexSignalSnapshot? signals,
VexPolicySnapshot snapshot,
OpenVexStatementMerger merger,
IVexLatticeProvider lattice,
TimeProvider timeProvider)
{
var calculatedAt = timeProvider.GetUtcNow();
if (claims.Count == 0)
{
return new VexConsensus(
vulnerabilityId,
product,
VexConsensusStatus.UnderInvestigation,
calculatedAt,
Array.Empty<VexConsensusSource>(),
Array.Empty<VexConsensusConflict>(),
signals,
snapshot.Version,
"No claims available.",
snapshot.RevisionId,
snapshot.Digest);
}
var mergeResult = merger.MergeClaims(claims);
var consensusStatus = MapConsensusStatusFromClaim(mergeResult.ResultStatement.Status);
var sources = claims
.Select(claim => new VexConsensusSource(
claim.ProviderId,
claim.Status,
claim.Document.Digest,
(double)lattice.GetTrustWeight(claim),
claim.Justification,
claim.Detail,
claim.Confidence))
.ToArray();
var conflicts = claims
.Where(claim => claim.Status != mergeResult.ResultStatement.Status)
.Select(claim => new VexConsensusConflict(
claim.ProviderId,
claim.Status,
claim.Document.Digest,
claim.Justification,
claim.Detail,
"status_conflict"))
.ToArray();
var summary = MergeTraceWriter.ToExplanation(mergeResult);
return new VexConsensus(
vulnerabilityId,
product,
consensusStatus,
calculatedAt,
sources,
conflicts,
signals,
snapshot.Version,
summary,
snapshot.RevisionId,
snapshot.Digest);
}
private static VexConsensusStatus MapConsensusStatusFromClaim(VexClaimStatus status)
=> status switch
{
VexClaimStatus.Affected => VexConsensusStatus.Affected,
VexClaimStatus.NotAffected => VexConsensusStatus.NotAffected,
VexClaimStatus.Fixed => VexConsensusStatus.Fixed,
_ => VexConsensusStatus.UnderInvestigation,
};
private static VexSignalSnapshot? AggregateSignals(IReadOnlyList<VexClaim> claims)
{
if (claims.Count == 0)
@@ -542,44 +615,6 @@ internal sealed class VexConsensusRefreshService : BackgroundService, IVexConsen
return new VexSignalSnapshot(bestSeverity, kev, bestEpss);
}
private static async Task<IReadOnlyDictionary<string, VexProvider>> LoadProvidersAsync(
IReadOnlyList<VexClaim> claims,
IVexProviderStore providerStore,
IDictionary<string, VexProvider> cache,
CancellationToken cancellationToken)
{
if (claims.Count == 0)
{
return ImmutableDictionary<string, VexProvider>.Empty;
}
var builder = ImmutableDictionary.CreateBuilder<string, VexProvider>(StringComparer.Ordinal);
var seen = new HashSet<string>(StringComparer.Ordinal);
foreach (var providerId in claims.Select(claim => claim.ProviderId))
{
if (!seen.Add(providerId))
{
continue;
}
if (cache.TryGetValue(providerId, out var cached))
{
builder[providerId] = cached;
continue;
}
var provider = await providerStore.FindAsync(providerId, cancellationToken).ConfigureAwait(false);
if (provider is not null)
{
cache[providerId] = provider;
builder[providerId] = provider;
}
}
return builder.ToImmutable();
}
private readonly record struct RefreshRequest(string VulnerabilityId, string ProductKey);
private sealed record RefreshState(