Add SBOM, symbols, traces, and VEX files for CVE-2022-21661 SQLi case
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
- Created CycloneDX and SPDX SBOM files for both reachable and unreachable images. - Added symbols.json detailing function entry and sink points in the WordPress code. - Included runtime traces for function calls in both reachable and unreachable scenarios. - Developed OpenVEX files indicating vulnerability status and justification for both cases. - Updated README for evaluator harness to guide integration with scanner output.
This commit is contained in:
master
@@ -1,5 +1,8 @@
|
||||
using System;
|
||||
using System.Security.Cryptography;
|
||||
using System.Text;
|
||||
using System.Threading;
|
||||
using StellaOps.Cryptography;
|
||||
|
||||
namespace StellaOps.Authority.Plugins.Abstractions;
|
||||
|
||||
@@ -8,18 +11,55 @@ namespace StellaOps.Authority.Plugins.Abstractions;
|
||||
/// </summary>
|
||||
public static class AuthoritySecretHasher
|
||||
{
|
||||
private static ICryptoHash? configuredHash;
|
||||
private static string defaultAlgorithm = HashAlgorithms.Sha256;
|
||||
|
||||
/// <summary>
|
||||
/// Computes a stable SHA-256 hash for the provided secret.
|
||||
/// Configures the shared crypto hash service used for secret hashing.
|
||||
/// </summary>
|
||||
public static string ComputeHash(string secret)
|
||||
public static void Configure(ICryptoHash hash, string? algorithmId = null)
|
||||
{
|
||||
ArgumentNullException.ThrowIfNull(hash);
|
||||
Volatile.Write(ref configuredHash, hash);
|
||||
if (!string.IsNullOrWhiteSpace(algorithmId))
|
||||
{
|
||||
defaultAlgorithm = NormalizeAlgorithm(algorithmId);
|
||||
}
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Computes a stable hash for the provided secret using the configured crypto provider.
|
||||
/// </summary>
|
||||
public static string ComputeHash(string secret, string? algorithmId = null)
|
||||
{
|
||||
if (string.IsNullOrEmpty(secret))
|
||||
{
|
||||
return string.Empty;
|
||||
}
|
||||
|
||||
var algorithm = string.IsNullOrWhiteSpace(algorithmId)
|
||||
? defaultAlgorithm
|
||||
: NormalizeAlgorithm(algorithmId);
|
||||
|
||||
var hasher = Volatile.Read(ref configuredHash);
|
||||
if (hasher is not null)
|
||||
{
|
||||
var digest = hasher.ComputeHash(Encoding.UTF8.GetBytes(secret), algorithm);
|
||||
return Convert.ToBase64String(digest);
|
||||
}
|
||||
|
||||
if (!string.Equals(algorithm, HashAlgorithms.Sha256, StringComparison.OrdinalIgnoreCase))
|
||||
{
|
||||
throw new InvalidOperationException("Authority secret hasher is not configured for the requested algorithm.");
|
||||
}
|
||||
|
||||
using var sha256 = SHA256.Create();
|
||||
var bytes = sha256.ComputeHash(Encoding.UTF8.GetBytes(secret));
|
||||
return Convert.ToBase64String(bytes);
|
||||
}
|
||||
|
||||
private static string NormalizeAlgorithm(string algorithmId)
|
||||
=> string.IsNullOrWhiteSpace(algorithmId)
|
||||
? HashAlgorithms.Sha256
|
||||
: algorithmId.Trim().ToUpperInvariant();
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user