stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity

Add SBOM, symbols, traces, and VEX files for CVE-2022-21661 SQLi case
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details

Browse Source 
- Created CycloneDX and SPDX SBOM files for both reachable and unreachable images.
- Added symbols.json detailing function entry and sink points in the WordPress code.
- Included runtime traces for function calls in both reachable and unreachable scenarios.
- Developed OpenVEX files indicating vulnerability status and justification for both cases.
- Updated README for evaluator harness to guide integration with scanner output.
This commit is contained in:
master
2025-11-08 20:53:45 +02:00
parent 515975edc5
commit 536f6249a6
837 changed files with 37279 additions and 14675 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
src/Cli/StellaOps.Cli/Commands/CommandFactory.cs
View File

@@ -43,6 +43,7 @@ internal static class CommandFactory
root.Add(BuildConfigCommand(options));
root.Add(BuildKmsCommand(services, verboseOption, cancellationToken));
root.Add(BuildVulnCommand(services, verboseOption, cancellationToken));
root.Add(BuildCryptoCommand(services, verboseOption, cancellationToken));
var pluginLogger = loggerFactory.CreateLogger<CliCommandModuleLoader>();
var pluginLoader = new CliCommandModuleLoader(services, options, pluginLogger);
@@ -180,8 +181,8 @@ internal static class CommandFactory
return scan;
}
private static Command BuildKmsCommand(IServiceProvider services, Option<bool> verboseOption, CancellationToken cancellationToken)
{
private static Command BuildKmsCommand(IServiceProvider services, Option<bool> verboseOption, CancellationToken cancellationToken)
{
var kms = new Command("kms", "Manage file-backed signing keys.");
var export = new Command("export", "Export key material to a portable bundle.");
@@ -381,9 +382,39 @@ internal static class CommandFactory
db.Add(fetch);
db.Add(merge);
db.Add(export);
return db;
}
db.Add(export);
return db;
}
private static Command BuildCryptoCommand(IServiceProvider services, Option<bool> verboseOption, CancellationToken cancellationToken)
{
var crypto = new Command("crypto", "Inspect StellaOps cryptography providers.");
var providers = new Command("providers", "List registered crypto providers and keys.");
var jsonOption = new Option<bool>("--json")
{
Description = "Emit JSON output."
};
var profileOption = new Option<string?>("--profile")
{
Description = "Temporarily override the active registry profile when computing provider order."
};
providers.Add(jsonOption);
providers.Add(profileOption);
providers.SetAction((parseResult, _) =>
{
var json = parseResult.GetValue(jsonOption);
var verbose = parseResult.GetValue(verboseOption);
var profile = parseResult.GetValue(profileOption);
return CommandHandlers.HandleCryptoProvidersAsync(services, verbose, json, profile, cancellationToken);
});
crypto.Add(providers);
return crypto;
}
private static Command BuildSourcesCommand(IServiceProvider services, Option<bool> verboseOption, CancellationToken cancellationToken)
{