stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Add SBOM, symbols, traces, and VEX files for CVE-2022-21661 SQLi case
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details

Browse Source 
- Created CycloneDX and SPDX SBOM files for both reachable and unreachable images.
- Added symbols.json detailing function entry and sink points in the WordPress code.
- Included runtime traces for function calls in both reachable and unreachable scenarios.
- Developed OpenVEX files indicating vulnerability status and justification for both cases.
- Updated README for evaluator harness to guide integration with scanner output.
This commit is contained in:
master
2025-11-08 20:53:45 +02:00
parent 515975edc5
commit 536f6249a6
837 changed files with 37279 additions and 14675 deletions
Download Patch File Download Diff File Expand all files Collapse all files

443
src/Concelier/__Tests/StellaOps.Concelier.Connector.Cve.Tests/Fixtures/expected-CVE-2024-0001.json
View File

@@ -1,221 +1,224 @@
{
"advisoryKey": "CVE-2024-0001",
"affectedPackages": [
{
"type": "vendor",
"identifier": "examplevendor:exampleproduct",
"platform": "linux",
"versionRanges": [
{
"fixedVersion": "1.2.0",
"introducedVersion": "1.0.0",
"lastAffectedVersion": null,
"primitives": {
"evr": null,
"hasVendorExtensions": true,
"nevra": null,
"semVer": {
"constraintExpression": "version=1.0.0, < 1.2.0",
"exactValue": null,
"fixed": "1.2.0",
"fixedInclusive": false,
"introduced": "1.0.0",
"introducedInclusive": true,
"lastAffected": null,
"lastAffectedInclusive": true,
"style": "range"
},
"vendorExtensions": {
"vendor": "ExampleVendor",
"product": "ExampleProduct",
"platform": "linux",
"version": "1.0.0",
"lessThan": "1.2.0",
"versionType": "semver"
}
},
"provenance": {
"source": "cve",
"kind": "affected-range",
"value": "examplevendor:exampleproduct",
"decisionReason": null,
"recordedAt": "2024-10-01T00:00:00+00:00",
"fieldMask": []
},
"rangeExpression": "version=1.0.0, < 1.2.0",
"rangeKind": "semver"
},
{
"fixedVersion": "1.2.0",
"introducedVersion": "1.2.0",
"lastAffectedVersion": "1.2.0",
"primitives": {
"evr": null,
"hasVendorExtensions": true,
"nevra": null,
"semVer": {
"constraintExpression": "version=1.2.0",
"exactValue": null,
"fixed": "1.2.0",
"fixedInclusive": false,
"introduced": "1.2.0",
"introducedInclusive": true,
"lastAffected": "1.2.0",
"lastAffectedInclusive": true,
"style": "range"
},
"vendorExtensions": {
"vendor": "ExampleVendor",
"product": "ExampleProduct",
"platform": "linux",
"version": "1.2.0",
"versionType": "semver"
}
},
"provenance": {
"source": "cve",
"kind": "affected-range",
"value": "examplevendor:exampleproduct",
"decisionReason": null,
"recordedAt": "2024-10-01T00:00:00+00:00",
"fieldMask": []
},
"rangeExpression": "version=1.2.0",
"rangeKind": "semver"
}
],
"normalizedVersions": [
{
"scheme": "semver",
"type": "exact",
"min": null,
"minInclusive": null,
"max": null,
"maxInclusive": null,
"value": "1.2.0",
"notes": "cve:cve-2024-0001:examplevendor:exampleproduct"
},
{
"scheme": "semver",
"type": "range",
"min": "1.0.0",
"minInclusive": true,
"max": "1.2.0",
"maxInclusive": false,
"value": null,
"notes": "cve:cve-2024-0001:examplevendor:exampleproduct"
}
],
"statuses": [
{
"provenance": {
"source": "cve",
"kind": "affected-status",
"value": "examplevendor:exampleproduct",
"decisionReason": null,
"recordedAt": "2024-10-01T00:00:00+00:00",
"fieldMask": []
},
"status": "affected"
},
{
"provenance": {
"source": "cve",
"kind": "affected-status",
"value": "examplevendor:exampleproduct",
"decisionReason": null,
"recordedAt": "2024-10-01T00:00:00+00:00",
"fieldMask": []
},
"status": "not_affected"
}
],
"provenance": [
{
"source": "cve",
"kind": "affected",
"value": "examplevendor:exampleproduct",
"decisionReason": null,
"recordedAt": "2024-10-01T00:00:00+00:00",
"fieldMask": []
}
]
}
],
"aliases": [
"CVE-2024-0001",
"GHSA-xxxx-yyyy-zzzz"
],
"credits": [],
"cvssMetrics": [
{
"baseScore": 9.8,
"baseSeverity": "critical",
"provenance": {
"source": "cve",
"kind": "cvss",
"value": "cve/CVE-2024-0001",
"decisionReason": null,
"recordedAt": "2024-10-01T00:00:00+00:00",
"fieldMask": []
},
"vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"exploitKnown": false,
"language": "en",
"modified": "2024-09-15T12:00:00+00:00",
"provenance": [
{
"source": "cve",
"kind": "document",
"value": "cve/CVE-2024-0001",
"decisionReason": null,
"recordedAt": "2024-10-01T00:00:00+00:00",
"fieldMask": []
},
{
"source": "cve",
"kind": "mapping",
"value": "CVE-2024-0001",
"decisionReason": null,
"recordedAt": "2024-10-01T00:00:00+00:00",
"fieldMask": []
}
],
"published": "2024-09-10T12:00:00+00:00",
"references": [
{
"kind": "third-party-advisory",
"provenance": {
"source": "cve",
"kind": "reference",
"value": "https://cve.example.com/CVE-2024-0001",
"decisionReason": null,
"recordedAt": "2024-10-01T00:00:00+00:00",
"fieldMask": []
},
"sourceTag": null,
"summary": null,
"url": "https://cve.example.com/CVE-2024-0001"
},
{
"kind": "vendor-advisory",
"provenance": {
"source": "cve",
"kind": "reference",
"value": "https://example.com/security/advisory",
"decisionReason": null,
"recordedAt": "2024-10-01T00:00:00+00:00",
"fieldMask": []
},
"sourceTag": "Vendor Advisory",
"summary": null,
"url": "https://example.com/security/advisory"
}
],
"severity": "critical",
"summary": "An example vulnerability allowing remote attackers to execute arbitrary code.",
"title": "Example Product Remote Code Execution"
{
"advisoryKey": "CVE-2024-0001",
"affectedPackages": [
{
"type": "vendor",
"identifier": "examplevendor:exampleproduct",
"platform": "linux",
"versionRanges": [
{
"fixedVersion": "1.2.0",
"introducedVersion": "1.0.0",
"lastAffectedVersion": null,
"primitives": {
"evr": null,
"hasVendorExtensions": true,
"nevra": null,
"semVer": {
"constraintExpression": "version=1.0.0, < 1.2.0",
"exactValue": null,
"fixed": "1.2.0",
"fixedInclusive": false,
"introduced": "1.0.0",
"introducedInclusive": true,
"lastAffected": null,
"lastAffectedInclusive": true,
"style": "range"
},
"vendorExtensions": {
"vendor": "ExampleVendor",
"product": "ExampleProduct",
"platform": "linux",
"version": "1.0.0",
"lessThan": "1.2.0",
"versionType": "semver"
}
},
"provenance": {
"source": "cve",
"kind": "affected-range",
"value": "examplevendor:exampleproduct",
"decisionReason": null,
"recordedAt": "2024-10-01T00:00:00+00:00",
"fieldMask": []
},
"rangeExpression": "version=1.0.0, < 1.2.0",
"rangeKind": "semver"
},
{
"fixedVersion": "1.2.0",
"introducedVersion": "1.2.0",
"lastAffectedVersion": "1.2.0",
"primitives": {
"evr": null,
"hasVendorExtensions": true,
"nevra": null,
"semVer": {
"constraintExpression": "version=1.2.0",
"exactValue": "1.2.0",
"fixed": "1.2.0",
"fixedInclusive": false,
"introduced": "1.2.0",
"introducedInclusive": true,
"lastAffected": "1.2.0",
"lastAffectedInclusive": true,
"style": "exact"
},
"vendorExtensions": {
"vendor": "ExampleVendor",
"product": "ExampleProduct",
"platform": "linux",
"version": "1.2.0",
"versionType": "semver"
}
},
"provenance": {
"source": "cve",
"kind": "affected-range",
"value": "examplevendor:exampleproduct",
"decisionReason": null,
"recordedAt": "2024-10-01T00:00:00+00:00",
"fieldMask": []
},
"rangeExpression": "version=1.2.0",
"rangeKind": "semver"
}
],
"normalizedVersions": [
{
"scheme": "semver",
"type": "exact",
"min": null,
"minInclusive": null,
"max": null,
"maxInclusive": null,
"value": "1.2.0",
"notes": "cve:cve-2024-0001:examplevendor:exampleproduct"
},
{
"scheme": "semver",
"type": "range",
"min": "1.0.0",
"minInclusive": true,
"max": "1.2.0",
"maxInclusive": false,
"value": null,
"notes": "cve:cve-2024-0001:examplevendor:exampleproduct"
}
],
"statuses": [
{
"provenance": {
"source": "cve",
"kind": "affected-status",
"value": "examplevendor:exampleproduct",
"decisionReason": null,
"recordedAt": "2024-10-01T00:00:00+00:00",
"fieldMask": []
},
"status": "affected"
},
{
"provenance": {
"source": "cve",
"kind": "affected-status",
"value": "examplevendor:exampleproduct",
"decisionReason": null,
"recordedAt": "2024-10-01T00:00:00+00:00",
"fieldMask": []
},
"status": "not_affected"
}
],
"provenance": [
{
"source": "cve",
"kind": "affected",
"value": "examplevendor:exampleproduct",
"decisionReason": null,
"recordedAt": "2024-10-01T00:00:00+00:00",
"fieldMask": []
}
]
}
],
"aliases": [
"CVE-2024-0001",
"GHSA-xxxx-yyyy-zzzz"
],
"canonicalMetricId": null,
"credits": [],
"cvssMetrics": [
{
"baseScore": 9.8,
"baseSeverity": "critical",
"provenance": {
"source": "cve",
"kind": "cvss",
"value": "cve/CVE-2024-0001",
"decisionReason": null,
"recordedAt": "2024-10-01T00:00:00+00:00",
"fieldMask": []
},
"vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"cwes": [],
"description": null,
"exploitKnown": false,
"language": "en",
"modified": "2024-09-15T12:00:00+00:00",
"provenance": [
{
"source": "cve",
"kind": "document",
"value": "cve/CVE-2024-0001",
"decisionReason": null,
"recordedAt": "2024-10-01T00:00:00+00:00",
"fieldMask": []
},
{
"source": "cve",
"kind": "mapping",
"value": "CVE-2024-0001",
"decisionReason": null,
"recordedAt": "2024-10-01T00:00:00+00:00",
"fieldMask": []
}
],
"published": "2024-09-10T12:00:00+00:00",
"references": [
{
"kind": "third-party-advisory",
"provenance": {
"source": "cve",
"kind": "reference",
"value": "https://cve.example.com/CVE-2024-0001",
"decisionReason": null,
"recordedAt": "2024-10-01T00:00:00+00:00",
"fieldMask": []
},
"sourceTag": null,
"summary": null,
"url": "https://cve.example.com/CVE-2024-0001"
},
{
"kind": "vendor-advisory",
"provenance": {
"source": "cve",
"kind": "reference",
"value": "https://example.com/security/advisory",
"decisionReason": null,
"recordedAt": "2024-10-01T00:00:00+00:00",
"fieldMask": []
},
"sourceTag": "Vendor Advisory",
"summary": null,
"url": "https://example.com/security/advisory"
}
],
"severity": "critical",
"summary": "An example vulnerability allowing remote attackers to execute arbitrary code.",
"title": "Example Product Remote Code Execution"
}