Add SBOM, symbols, traces, and VEX files for CVE-2022-21661 SQLi case
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
- Created CycloneDX and SPDX SBOM files for both reachable and unreachable images. - Added symbols.json detailing function entry and sink points in the WordPress code. - Included runtime traces for function calls in both reachable and unreachable scenarios. - Developed OpenVEX files indicating vulnerability status and justification for both cases. - Updated README for evaluator harness to guide integration with scanner output.
This commit is contained in:
master
57
scripts/crypto/package-rootpack-ru.sh
Normal file
57
scripts/crypto/package-rootpack-ru.sh
Normal file
@@ -0,0 +1,57 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
ROOT_DIR="$(git rev-parse --show-toplevel)"
|
||||
TIMESTAMP="$(date -u +%Y%m%dT%H%M%SZ)"
|
||||
OUTPUT_ROOT="${1:-${ROOT_DIR}/build/rootpack_ru_${TIMESTAMP}}"
|
||||
ARTIFACT_DIR="${OUTPUT_ROOT}/artifacts"
|
||||
DOC_DIR="${OUTPUT_ROOT}/docs"
|
||||
CONFIG_DIR="${OUTPUT_ROOT}/config"
|
||||
TRUST_DIR="${OUTPUT_ROOT}/trust"
|
||||
|
||||
mkdir -p "$ARTIFACT_DIR" "$DOC_DIR" "$CONFIG_DIR" "$TRUST_DIR"
|
||||
|
||||
publish_plugin() {
|
||||
local project="$1"
|
||||
local name="$2"
|
||||
local publish_dir="${ARTIFACT_DIR}/${name}"
|
||||
echo "[rootpack-ru] Publishing ${project} -> ${publish_dir}"
|
||||
dotnet publish "$project" -c Release -o "$publish_dir" --nologo >/dev/null
|
||||
}
|
||||
|
||||
publish_plugin "src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro/StellaOps.Cryptography.Plugin.CryptoPro.csproj" "StellaOps.Cryptography.Plugin.CryptoPro"
|
||||
publish_plugin "src/__Libraries/StellaOps.Cryptography.Plugin.Pkcs11Gost/StellaOps.Cryptography.Plugin.Pkcs11Gost.csproj" "StellaOps.Cryptography.Plugin.Pkcs11Gost"
|
||||
|
||||
cp docs/security/rootpack_ru_validation.md "$DOC_DIR/"
|
||||
cp docs/security/crypto-routing-audit-2025-11-07.md "$DOC_DIR/"
|
||||
cp docs/security/rootpack_ru_package.md "$DOC_DIR/"
|
||||
cp etc/rootpack/ru/crypto.profile.yaml "$CONFIG_DIR/rootpack_ru.crypto.yaml"
|
||||
|
||||
shopt -s nullglob
|
||||
for pem in "$ROOT_DIR"/certificates/russian_trusted_*; do
|
||||
cp "$pem" "$TRUST_DIR/"
|
||||
done
|
||||
shopt -u nullglob
|
||||
|
||||
cat <<README >"${OUTPUT_ROOT}/README.txt"
|
||||
RootPack_RU bundle (${TIMESTAMP})
|
||||
--------------------------------
|
||||
Contents:
|
||||
- artifacts/ : Sovereign crypto plug-ins published for net10.0 (CryptoPro + PKCS#11)
|
||||
- config/rootpack_ru.crypto.yaml : example configuration binding registry profiles
|
||||
- docs/ : validation + audit documentation
|
||||
- trust/ : Russian trust anchor PEM bundle copied from certificates/
|
||||
|
||||
Usage:
|
||||
1. Review docs/rootpack_ru_package.md for installation steps.
|
||||
2. Execute scripts/crypto/run-rootpack-ru-tests.sh (or CI equivalent) and attach the logs to this bundle.
|
||||
3. Record hardware validation outputs per docs/rootpack_ru_validation.md and store alongside this directory.
|
||||
README
|
||||
|
||||
if [[ "${PACKAGE_TAR:-1}" != "0" ]]; then
|
||||
tarball="${OUTPUT_ROOT}.tar.gz"
|
||||
echo "[rootpack-ru] Creating ${tarball}"
|
||||
tar -czf "$tarball" -C "$(dirname "$OUTPUT_ROOT")" "$(basename "$OUTPUT_ROOT")"
|
||||
fi
|
||||
|
||||
echo "[rootpack-ru] Bundle staged under $OUTPUT_ROOT"
|
||||
Reference in New Issue
Block a user