stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Add SBOM, symbols, traces, and VEX files for CVE-2022-21661 SQLi case
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details

Browse Source 
- Created CycloneDX and SPDX SBOM files for both reachable and unreachable images.
- Added symbols.json detailing function entry and sink points in the WordPress code.
- Included runtime traces for function calls in both reachable and unreachable scenarios.
- Developed OpenVEX files indicating vulnerability status and justification for both cases.
- Updated README for evaluator harness to guide integration with scanner output.
This commit is contained in:
master
2025-11-08 20:53:45 +02:00
parent 515975edc5
commit 536f6249a6
837 changed files with 37279 additions and 14675 deletions
Download Patch File Download Diff File Expand all files Collapse all files

557
src/Concelier/__Tests/StellaOps.Concelier.Connector.Ics.Kaspersky.Tests/Ics/Kaspersky/Fixtures/expected-advisory.json Normal file
View File

@@ -0,0 +1,557 @@
{
"advisoryKey": "acme-controller-2024",
"affectedPackages": [
{
"type": "ics-vendor",
"identifier": "2024",
"platform": null,
"versionRanges": [
{
"fixedVersion": null,
"introducedVersion": null,
"lastAffectedVersion": null,
"primitives": {
"evr": null,
"hasVendorExtensions": true,
"nevra": null,
"semVer": null,
"vendorExtensions": {
"ics.vendor": "2024"
}
},
"provenance": {
"source": "ics-kaspersky",
"kind": "affected",
"value": "2024",
"decisionReason": null,
"recordedAt": "2024-10-20T00:01:00+00:00",
"fieldMask": []
},
"rangeExpression": null,
"rangeKind": "vendor"
}
],
"normalizedVersions": [],
"statuses": [],
"provenance": [
{
"source": "ics-kaspersky",
"kind": "affected",
"value": "2024",
"decisionReason": null,
"recordedAt": "2024-10-20T00:01:00+00:00",
"fieldMask": []
}
]
},
{
"type": "ics-vendor",
"identifier": "7777 can allow authenticated attackers to execute arbitrary commands",
"platform": null,
"versionRanges": [
{
"fixedVersion": null,
"introducedVersion": null,
"lastAffectedVersion": null,
"primitives": {
"evr": null,
"hasVendorExtensions": true,
"nevra": null,
"semVer": null,
"vendorExtensions": {
"ics.vendor": "7777 can allow authenticated attackers to execute arbitrary commands"
}
},
"provenance": {
"source": "ics-kaspersky",
"kind": "affected",
"value": "7777 can allow authenticated attackers to execute arbitrary commands",
"decisionReason": null,
"recordedAt": "2024-10-20T00:01:00+00:00",
"fieldMask": []
},
"rangeExpression": null,
"rangeKind": "vendor"
}
],
"normalizedVersions": [],
"statuses": [],
"provenance": [
{
"source": "ics-kaspersky",
"kind": "affected",
"value": "7777 can allow authenticated attackers to execute arbitrary commands",
"decisionReason": null,
"recordedAt": "2024-10-20T00:01:00+00:00",
"fieldMask": []
}
]
},
{
"type": "ics-vendor",
"identifier": "7777)",
"platform": null,
"versionRanges": [
{
"fixedVersion": null,
"introducedVersion": null,
"lastAffectedVersion": null,
"primitives": {
"evr": null,
"hasVendorExtensions": true,
"nevra": null,
"semVer": null,
"vendorExtensions": {
"ics.vendor": "7777)"
}
},
"provenance": {
"source": "ics-kaspersky",
"kind": "affected",
"value": "7777)",
"decisionReason": null,
"recordedAt": "2024-10-20T00:01:00+00:00",
"fieldMask": []
},
"rangeExpression": null,
"rangeKind": "vendor"
}
],
"normalizedVersions": [],
"statuses": [],
"provenance": [
{
"source": "ics-kaspersky",
"kind": "affected",
"value": "7777)",
"decisionReason": null,
"recordedAt": "2024-10-20T00:01:00+00:00",
"fieldMask": []
}
]
},
{
"type": "ics-vendor",
"identifier": "8888",
"platform": null,
"versionRanges": [
{
"fixedVersion": null,
"introducedVersion": null,
"lastAffectedVersion": null,
"primitives": {
"evr": null,
"hasVendorExtensions": true,
"nevra": null,
"semVer": null,
"vendorExtensions": {
"ics.vendor": "8888"
}
},
"provenance": {
"source": "ics-kaspersky",
"kind": "affected",
"value": "8888",
"decisionReason": null,
"recordedAt": "2024-10-20T00:01:00+00:00",
"fieldMask": []
},
"rangeExpression": null,
"rangeKind": "vendor"
}
],
"normalizedVersions": [],
"statuses": [],
"provenance": [
{
"source": "ics-kaspersky",
"kind": "affected",
"value": "8888",
"decisionReason": null,
"recordedAt": "2024-10-20T00:01:00+00:00",
"fieldMask": []
}
]
},
{
"type": "ics-vendor",
"identifier": "ACME Corp",
"platform": null,
"versionRanges": [
{
"fixedVersion": null,
"introducedVersion": null,
"lastAffectedVersion": null,
"primitives": {
"evr": null,
"hasVendorExtensions": true,
"nevra": null,
"semVer": null,
"vendorExtensions": {
"ics.vendor": "ACME Corp"
}
},
"provenance": {
"source": "ics-kaspersky",
"kind": "affected",
"value": "ACME Corp",
"decisionReason": null,
"recordedAt": "2024-10-20T00:01:00+00:00",
"fieldMask": []
},
"rangeExpression": null,
"rangeKind": "vendor"
}
],
"normalizedVersions": [],
"statuses": [],
"provenance": [
{
"source": "ics-kaspersky",
"kind": "affected",
"value": "ACME Corp",
"decisionReason": null,
"recordedAt": "2024-10-20T00:01:00+00:00",
"fieldMask": []
}
]
},
{
"type": "ics-vendor",
"identifier": "ACME Corp Affected models",
"platform": null,
"versionRanges": [
{
"fixedVersion": null,
"introducedVersion": null,
"lastAffectedVersion": null,
"primitives": {
"evr": null,
"hasVendorExtensions": true,
"nevra": null,
"semVer": null,
"vendorExtensions": {
"ics.vendor": "ACME Corp Affected models"
}
},
"provenance": {
"source": "ics-kaspersky",
"kind": "affected",
"value": "ACME Corp Affected models",
"decisionReason": null,
"recordedAt": "2024-10-20T00:01:00+00:00",
"fieldMask": []
},
"rangeExpression": null,
"rangeKind": "vendor"
}
],
"normalizedVersions": [],
"statuses": [],
"provenance": [
{
"source": "ics-kaspersky",
"kind": "affected",
"value": "ACME Corp Affected models",
"decisionReason": null,
"recordedAt": "2024-10-20T00:01:00+00:00",
"fieldMask": []
}
]
},
{
"type": "ics-vendor",
"identifier": "ACME Corp industrial",
"platform": null,
"versionRanges": [
{
"fixedVersion": null,
"introducedVersion": null,
"lastAffectedVersion": null,
"primitives": {
"evr": null,
"hasVendorExtensions": true,
"nevra": null,
"semVer": null,
"vendorExtensions": {
"ics.vendor": "ACME Corp industrial"
}
},
"provenance": {
"source": "ics-kaspersky",
"kind": "affected",
"value": "ACME Corp industrial",
"decisionReason": null,
"recordedAt": "2024-10-20T00:01:00+00:00",
"fieldMask": []
},
"rangeExpression": null,
"rangeKind": "vendor"
}
],
"normalizedVersions": [],
"statuses": [],
"provenance": [
{
"source": "ics-kaspersky",
"kind": "affected",
"value": "ACME Corp industrial",
"decisionReason": null,
"recordedAt": "2024-10-20T00:01:00+00:00",
"fieldMask": []
}
]
},
{
"type": "ics-vendor",
"identifier": "Additional details are provided in CVE",
"platform": null,
"versionRanges": [
{
"fixedVersion": null,
"introducedVersion": null,
"lastAffectedVersion": null,
"primitives": {
"evr": null,
"hasVendorExtensions": true,
"nevra": null,
"semVer": null,
"vendorExtensions": {
"ics.vendor": "Additional details are provided in CVE"
}
},
"provenance": {
"source": "ics-kaspersky",
"kind": "affected",
"value": "Additional details are provided in CVE",
"decisionReason": null,
"recordedAt": "2024-10-20T00:01:00+00:00",
"fieldMask": []
},
"rangeExpression": null,
"rangeKind": "vendor"
}
],
"normalizedVersions": [],
"statuses": [],
"provenance": [
{
"source": "ics-kaspersky",
"kind": "affected",
"value": "Additional details are provided in CVE",
"decisionReason": null,
"recordedAt": "2024-10-20T00:01:00+00:00",
"fieldMask": []
}
]
},
{
"type": "ics-vendor",
"identifier": "Exploitation of CVE",
"platform": null,
"versionRanges": [
{
"fixedVersion": null,
"introducedVersion": null,
"lastAffectedVersion": null,
"primitives": {
"evr": null,
"hasVendorExtensions": true,
"nevra": null,
"semVer": null,
"vendorExtensions": {
"ics.vendor": "Exploitation of CVE"
}
},
"provenance": {
"source": "ics-kaspersky",
"kind": "affected",
"value": "Exploitation of CVE",
"decisionReason": null,
"recordedAt": "2024-10-20T00:01:00+00:00",
"fieldMask": []
},
"rangeExpression": null,
"rangeKind": "vendor"
}
],
"normalizedVersions": [],
"statuses": [],
"provenance": [
{
"source": "ics-kaspersky",
"kind": "affected",
"value": "Exploitation of CVE",
"decisionReason": null,
"recordedAt": "2024-10-20T00:01:00+00:00",
"fieldMask": []
}
]
},
{
"type": "ics-vendor",
"identifier": "Vendor",
"platform": null,
"versionRanges": [
{
"fixedVersion": null,
"introducedVersion": null,
"lastAffectedVersion": null,
"primitives": {
"evr": null,
"hasVendorExtensions": true,
"nevra": null,
"semVer": null,
"vendorExtensions": {
"ics.vendor": "Vendor"
}
},
"provenance": {
"source": "ics-kaspersky",
"kind": "affected",
"value": "Vendor",
"decisionReason": null,
"recordedAt": "2024-10-20T00:01:00+00:00",
"fieldMask": []
},
"rangeExpression": null,
"rangeKind": "vendor"
}
],
"normalizedVersions": [],
"statuses": [],
"provenance": [
{
"source": "ics-kaspersky",
"kind": "affected",
"value": "Vendor",
"decisionReason": null,
"recordedAt": "2024-10-20T00:01:00+00:00",
"fieldMask": []
}
]
},
{
"type": "ics-vendor",
"identifier": "X100, X200",
"platform": null,
"versionRanges": [
{
"fixedVersion": null,
"introducedVersion": null,
"lastAffectedVersion": null,
"primitives": {
"evr": null,
"hasVendorExtensions": true,
"nevra": null,
"semVer": null,
"vendorExtensions": {
"ics.vendor": "X100, X200"
}
},
"provenance": {
"source": "ics-kaspersky",
"kind": "affected",
"value": "X100, X200",
"decisionReason": null,
"recordedAt": "2024-10-20T00:01:00+00:00",
"fieldMask": []
},
"rangeExpression": null,
"rangeKind": "vendor"
}
],
"normalizedVersions": [],
"statuses": [],
"provenance": [
{
"source": "ics-kaspersky",
"kind": "affected",
"value": "X100, X200",
"decisionReason": null,
"recordedAt": "2024-10-20T00:01:00+00:00",
"fieldMask": []
}
]
}
],
"aliases": [
"CVE-2024-7777",
"CVE-2024-8888",
"acme-controller-2024"
],
"canonicalMetricId": null,
"credits": [],
"cvssMetrics": [],
"cwes": [],
"description": null,
"exploitKnown": false,
"language": "en",
"modified": "2024-10-15T10:00:00+00:00",
"provenance": [
{
"source": "ics-kaspersky",
"kind": "document",
"value": "https://ics-cert.example/advisories/acme-controller-2024/",
"decisionReason": null,
"recordedAt": "2024-10-20T00:00:00+00:00",
"fieldMask": []
},
{
"source": "ics-kaspersky",
"kind": "mapping",
"value": "acme-controller-2024",
"decisionReason": null,
"recordedAt": "2024-10-20T00:01:00+00:00",
"fieldMask": []
}
],
"published": "2024-10-15T10:00:00+00:00",
"references": [
{
"kind": "advisory",
"provenance": {
"source": "ics-kaspersky",
"kind": "reference",
"value": "https://ics-cert.example/advisories/acme-controller-2024/",
"decisionReason": null,
"recordedAt": "2024-10-20T00:01:00+00:00",
"fieldMask": []
},
"sourceTag": "kaspersky-ics",
"summary": null,
"url": "https://ics-cert.example/advisories/acme-controller-2024/"
},
{
"kind": "advisory",
"provenance": {
"source": "ics-kaspersky",
"kind": "reference",
"value": "https://www.cve.org/CVERecord?id=CVE-2024-7777",
"decisionReason": null,
"recordedAt": "2024-10-20T00:01:00+00:00",
"fieldMask": []
},
"sourceTag": "CVE-2024-7777",
"summary": null,
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7777"
},
{
"kind": "advisory",
"provenance": {
"source": "ics-kaspersky",
"kind": "reference",
"value": "https://www.cve.org/CVERecord?id=CVE-2024-8888",
"decisionReason": null,
"recordedAt": "2024-10-20T00:01:00+00:00",
"fieldMask": []
},
"sourceTag": "CVE-2024-8888",
"summary": null,
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8888"
}
],
"severity": null,
"summary": "ACME Corp industrial controllers allow remote compromise (CVE-2024-7777).",
"title": "ACME Corp controllers multiple vulnerabilities"
}

1070
src/Concelier/__Tests/StellaOps.Concelier.Connector.Ics.Kaspersky.Tests/Kaspersky/Fixtures/expected-advisory.json
View File

File diff suppressed because it is too large Load Diff