Add tests and implement StubBearer authentication for Signer endpoints
- Created SignerEndpointsTests to validate the SignDsse and VerifyReferrers endpoints. - Implemented StubBearerAuthenticationDefaults and StubBearerAuthenticationHandler for token-based authentication. - Developed ConcelierExporterClient for managing Trivy DB settings and export operations. - Added TrivyDbSettingsPageComponent for UI interactions with Trivy DB settings, including form handling and export triggering. - Implemented styles and HTML structure for Trivy DB settings page. - Created NotifySmokeCheck tool for validating Redis event streams and Notify deliveries.
This commit is contained in:
master
@@ -0,0 +1,202 @@
|
||||
{
|
||||
"advisories": [
|
||||
{
|
||||
"advisoryKey": "CVE-2025-1111",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "semver",
|
||||
"identifier": "pkg:npm/example@1.0.0",
|
||||
"platform": null,
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": "1.2.0",
|
||||
"introducedVersion": "1.0.0",
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": false,
|
||||
"nevra": null,
|
||||
"semVer": {
|
||||
"constraintExpression": ">=1.0.0,<1.2.0",
|
||||
"exactValue": null,
|
||||
"fixed": "1.2.0",
|
||||
"fixedInclusive": false,
|
||||
"introduced": "1.0.0",
|
||||
"introducedInclusive": true,
|
||||
"lastAffected": null,
|
||||
"lastAffectedInclusive": true,
|
||||
"style": "range"
|
||||
},
|
||||
"vendorExtensions": null
|
||||
},
|
||||
"provenance": {
|
||||
"source": "ghsa",
|
||||
"kind": "map",
|
||||
"value": "range",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-10-19T12:00:00+00:00",
|
||||
"fieldMask": [
|
||||
"affectedpackages[].versionranges[]"
|
||||
]
|
||||
},
|
||||
"rangeExpression": ">=1.0.0,<1.2.0",
|
||||
"rangeKind": "semver"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [
|
||||
{
|
||||
"scheme": "semver",
|
||||
"type": "range",
|
||||
"min": "1.0.0",
|
||||
"minInclusive": true,
|
||||
"max": "1.2.0",
|
||||
"maxInclusive": false,
|
||||
"value": null,
|
||||
"notes": null
|
||||
}
|
||||
],
|
||||
"statuses": [
|
||||
{
|
||||
"provenance": {
|
||||
"source": "ghsa",
|
||||
"kind": "map",
|
||||
"value": "status",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-10-19T12:00:00+00:00",
|
||||
"fieldMask": [
|
||||
"affectedpackages[].statuses[]"
|
||||
]
|
||||
},
|
||||
"status": "fixed"
|
||||
}
|
||||
],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "ghsa",
|
||||
"kind": "map",
|
||||
"value": "package",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-10-19T12:00:00+00:00",
|
||||
"fieldMask": [
|
||||
"affectedpackages[]"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"GHSA-xxxx-xxxx-xxxx"
|
||||
],
|
||||
"canonicalMetricId": "cvss::ghsa::CVE-2025-1111",
|
||||
"credits": [
|
||||
{
|
||||
"displayName": "Security Researcher",
|
||||
"role": "reporter",
|
||||
"contacts": [
|
||||
"mailto:researcher@example.com"
|
||||
],
|
||||
"provenance": {
|
||||
"source": "ghsa",
|
||||
"kind": "map",
|
||||
"value": "credit",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-10-19T12:00:00+00:00",
|
||||
"fieldMask": [
|
||||
"credits[]"
|
||||
]
|
||||
}
|
||||
}
|
||||
],
|
||||
"cvssMetrics": [
|
||||
{
|
||||
"baseScore": 9.8,
|
||||
"baseSeverity": "critical",
|
||||
"provenance": {
|
||||
"source": "ghsa",
|
||||
"kind": "map",
|
||||
"value": "cvss",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-10-19T12:00:00+00:00",
|
||||
"fieldMask": [
|
||||
"cvssmetrics[]"
|
||||
]
|
||||
},
|
||||
"vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||||
"version": "3.1"
|
||||
}
|
||||
],
|
||||
"cwes": [
|
||||
{
|
||||
"taxonomy": "cwe",
|
||||
"identifier": "CWE-79",
|
||||
"name": "Cross-site Scripting",
|
||||
"uri": "https://cwe.mitre.org/data/definitions/79.html",
|
||||
"provenance": [
|
||||
{
|
||||
"source": "ghsa",
|
||||
"kind": "map",
|
||||
"value": "cwe",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-10-19T12:00:00+00:00",
|
||||
"fieldMask": [
|
||||
"cwes[]"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"description": "Deterministic test payload distributed via mirror.",
|
||||
"exploitKnown": false,
|
||||
"language": "en",
|
||||
"modified": "2025-10-11T00:00:00+00:00",
|
||||
"provenance": [
|
||||
{
|
||||
"source": "ghsa",
|
||||
"kind": "map",
|
||||
"value": "advisory",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-10-19T12:00:00+00:00",
|
||||
"fieldMask": [
|
||||
"advisory"
|
||||
]
|
||||
}
|
||||
],
|
||||
"published": "2025-10-10T00:00:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "ghsa",
|
||||
"kind": "map",
|
||||
"value": "reference",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-10-19T12:00:00+00:00",
|
||||
"fieldMask": [
|
||||
"references[]"
|
||||
]
|
||||
},
|
||||
"sourceTag": "vendor",
|
||||
"summary": "Vendor bulletin",
|
||||
"url": "https://example.com/advisory"
|
||||
}
|
||||
],
|
||||
"severity": "high",
|
||||
"summary": "Upstream advisory replicated through StellaOps mirror.",
|
||||
"title": "Sample Mirror Advisory"
|
||||
}
|
||||
],
|
||||
"advisoryCount": 1,
|
||||
"displayName": "Primary Mirror",
|
||||
"domainId": "primary",
|
||||
"generatedAt": "2025-10-19T12:00:00+00:00",
|
||||
"schemaVersion": 1,
|
||||
"sources": [
|
||||
{
|
||||
"advisoryCount": 1,
|
||||
"firstRecordedAt": "2025-10-19T12:00:00+00:00",
|
||||
"lastRecordedAt": "2025-10-19T12:00:00+00:00",
|
||||
"source": "ghsa"
|
||||
}
|
||||
],
|
||||
"targetRepository": "mirror-primary"
|
||||
}
|
||||
Reference in New Issue
Block a user