Add SBOM, symbols, traces, and VEX files for CVE-2022-21661 SQLi case

- Created CycloneDX and SPDX SBOM files for both reachable and unreachable images. - Added symbols.json detailing function entry and sink points in the WordPress code. - Included runtime traces for function calls in both reachable and unreachable scenarios. - Developed OpenVEX files indicating vulnerability status and justification for both cases. - Updated README for evaluator harness to guide integration with scanner output.
2025-11-08 20:53:45 +02:00
parent 515975edc5
commit 536f6249a6
837 changed files with 37279 additions and 14675 deletions
--- a/scripts/crypto/run-rootpack-ru-tests.sh
+++ b/scripts/crypto/run-rootpack-ru-tests.sh
@@ -0,0 +1,51 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+ROOT_DIR="$(git rev-parse --show-toplevel)"
+DEFAULT_LOG_ROOT="${ROOT_DIR}/logs/rootpack_ru_$(date -u +%Y%m%dT%H%M%SZ)"
+LOG_ROOT="${ROOTPACK_LOG_DIR:-$DEFAULT_LOG_ROOT}"
+mkdir -p "$LOG_ROOT"
+
+PROJECTS=(
+    "src/__Libraries/__Tests/StellaOps.Cryptography.Tests/StellaOps.Cryptography.Tests.csproj"
+    "src/Scanner/__Tests/StellaOps.Scanner.Worker.Tests/StellaOps.Scanner.Worker.Tests.csproj"
+    "src/Scanner/__Tests/StellaOps.Scanner.Sbomer.BuildXPlugin.Tests/StellaOps.Scanner.Sbomer.BuildXPlugin.Tests.csproj"
+)
+
+run_test() {
+    local project="$1"
+    local safe_name
+    safe_name="$(basename "${project%.csproj}")"
+    local log_file="${LOG_ROOT}/${safe_name}.log"
+    local trx_name="${safe_name}.trx"
+
+    echo "[rootpack-ru] Running tests for ${project}" | tee "$log_file"
+    dotnet test "$project" \
+        --nologo \
+        --verbosity minimal \
+        --results-directory "$LOG_ROOT" \
+        --logger "trx;LogFileName=${trx_name}" | tee -a "$log_file"
+}
+
+PROJECT_SUMMARY=()
+for project in "${PROJECTS[@]}"; do
+    run_test "$project"
+    safe_name="$(basename "${project%.csproj}")"
+    PROJECT_SUMMARY+=("$project|$safe_name")
+    echo "[rootpack-ru] Wrote logs for ${project} -> ${LOG_ROOT}/${safe_name}.log"
+done
+
+{
+    echo "RootPack_RU deterministic test harness"
+    echo "Generated: $(date -u +%Y-%m-%dT%H:%M:%SZ)"
+    echo "Log Directory: $LOG_ROOT"
+    echo ""
+    echo "Projects:"
+    for entry in "${PROJECT_SUMMARY[@]}"; do
+        project_path="${entry%%|*}"
+        safe_name="${entry##*|}"
+        printf ' - %s (log: %s.log, trx: %s.trx)\n' "$project_path" "$safe_name" "$safe_name"
+    done
+} > "$LOG_ROOT/README.tests"
+
+echo "Logs and TRX files available under $LOG_ROOT"