stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

tenant fixes

Browse Source
This commit is contained in:
master
2026-02-23 23:44:50 +02:00
parent bdb1438654
commit 4f947a8b61
159 changed files with 1064 additions and 556 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.WebService/Endpoints/ExploitMaturityEndpoints.cs
View File

@@ -5,6 +5,7 @@ using Microsoft.AspNetCore.Routing;
using StellaOps.RiskEngine.Core.Contracts;
using StellaOps.RiskEngine.Core.Providers;
using StellaOps.RiskEngine.WebService.Security;
using StellaOps.Auth.ServerIntegration.Tenancy;
namespace StellaOps.RiskEngine.WebService.Endpoints;
@@ -20,7 +21,8 @@ public static class ExploitMaturityEndpoints
{
var group = app.MapGroup("/exploit-maturity")
.WithTags("ExploitMaturity")
.RequireAuthorization(RiskEnginePolicies.Read);
.RequireAuthorization(RiskEnginePolicies.Read)
.RequireTenant();
// GET /exploit-maturity/{cveId} - Assess exploit maturity for a CVE
group.MapGet("/{cveId}", async (

18
src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.WebService/Program.cs
View File

@@ -2,6 +2,7 @@
using Microsoft.AspNetCore.Mvc;
using StellaOps.Auth.Abstractions;
using StellaOps.Auth.ServerIntegration;
using StellaOps.Auth.ServerIntegration.Tenancy;
using StellaOps.RiskEngine.Core.Contracts;
using StellaOps.RiskEngine.Core.Providers;
using StellaOps.RiskEngine.Core.Services;
@@ -35,6 +36,7 @@ builder.Services.AddSingleton<IExploitMaturityService, ExploitMaturityService>()
// Authentication and authorization
builder.Services.AddStellaOpsResourceServerAuthentication(builder.Configuration);
builder.Services.AddStellaOpsTenantServices();
builder.Services.AddAuthorization(options =>
{
options.AddStellaOpsScopePolicy(RiskEnginePolicies.Read, StellaOpsScopes.RiskEngineRead);
@@ -62,6 +64,7 @@ if (app.Environment.IsDevelopment())
app.UseStellaOpsCors();
app.UseAuthentication();
app.UseAuthorization();
app.UseStellaOpsTenantMiddleware();
app.TryUseStellaRouter(routerEnabled);
// Map exploit maturity endpoints
@@ -71,7 +74,8 @@ app.MapGet("/risk-scores/providers", (IRiskScoreProviderRegistry registry) =>
Results.Ok(new { providers = registry.ProviderNames.OrderBy(n => n, StringComparer.OrdinalIgnoreCase) }))
.WithName("ListRiskScoreProviders")
.WithDescription("Returns the sorted list of registered risk score provider names. Use this to discover which scoring strategies are available before submitting job or simulation requests.")
.RequireAuthorization(RiskEnginePolicies.Read);
.RequireAuthorization(RiskEnginePolicies.Read)
.RequireTenant();
app.MapPost("/risk-scores/jobs", async (
ScoreRequest request,
@@ -92,7 +96,8 @@ app.MapPost("/risk-scores/jobs", async (
})
.WithName("CreateRiskScoreJob")
.WithDescription("Enqueues a risk scoring job for the specified subject and provider, immediately executes it synchronously, and returns a 202 Accepted response with the job ID and computed result. The provider must be registered or the job will fail with an error in the result payload.")
.RequireAuthorization(RiskEnginePolicies.Operate);
.RequireAuthorization(RiskEnginePolicies.Operate)
.RequireTenant();
app.MapGet("/risk-scores/jobs/{jobId:guid}", (
Guid jobId,
@@ -102,7 +107,8 @@ app.MapGet("/risk-scores/jobs/{jobId:guid}", (
: Results.NotFound())
.WithName("GetRiskScoreJob")
.WithDescription("Returns the stored risk score result for the specified job ID. Returns 404 if the job ID is not found in the result store, which may occur if the store has been cleared or the ID is invalid.")
.RequireAuthorization(RiskEnginePolicies.Read);
.RequireAuthorization(RiskEnginePolicies.Read)
.RequireTenant();
app.MapPost("/risk-scores/simulations", async (
IReadOnlyCollection<ScoreRequest> requests,
@@ -114,7 +120,8 @@ app.MapPost("/risk-scores/simulations", async (
})
.WithName("RunRiskScoreSimulation")
.WithDescription("Evaluates a collection of risk score requests against the registered providers and returns the full result list. Unlike the job endpoint, simulations do not persist results. Requests for unregistered providers are returned with a failure flag and error message.")
.RequireAuthorization(RiskEnginePolicies.Operate);
.RequireAuthorization(RiskEnginePolicies.Operate)
.RequireTenant();
app.MapPost("/risk-scores/simulations/summary", async (
IReadOnlyCollection<ScoreRequest> requests,
@@ -140,7 +147,8 @@ app.MapPost("/risk-scores/simulations/summary", async (
})
.WithName("GetRiskScoreSimulationSummary")
.WithDescription("Evaluates a collection of risk score requests and returns both the full result list and an aggregate summary including average, minimum, and maximum scores plus the top-three highest-scoring subjects. Use this variant when a dashboard-style overview is required alongside per-subject detail.")
.RequireAuthorization(RiskEnginePolicies.Operate);
.RequireAuthorization(RiskEnginePolicies.Operate)
.RequireTenant();
// Refresh Router endpoint cache
app.TryRefreshStellaRouterEndpoints(routerEnabled);