Add SBOM, symbols, traces, and VEX files for CVE-2022-21661 SQLi case

- Created CycloneDX and SPDX SBOM files for both reachable and unreachable images.
- Added symbols.json detailing function entry and sink points in the WordPress code.
- Included runtime traces for function calls in both reachable and unreachable scenarios.
- Developed OpenVEX files indicating vulnerability status and justification for both cases.
- Updated README for evaluator harness to guide integration with scanner output.

src/Concelier/__Tests/StellaOps.Concelier.Connector.Ru.Nkcki.Tests/Fixtures/nkcki-advisories.snapshot.json

@@ -1,495 +1,501 @@
-[
-  {
-    "advisoryKey": "BDU:2025-01001",
-    "affectedPackages": [
-      {
-        "type": "ics-vendor",
-        "identifier": "SampleVendor SampleGateway",
-        "platform": "Energy, ICS",
-        "versionRanges": [
-          {
-            "fixedVersion": null,
-            "introducedVersion": "2.0",
-            "lastAffectedVersion": null,
-            "primitives": {
-              "evr": null,
-              "hasVendorExtensions": false,
-              "nevra": null,
-              "semVer": {
-                "constraintExpression": ">= 2.0",
-                "exactValue": null,
-                "fixed": null,
-                "fixedInclusive": false,
-                "introduced": "2.0",
-                "introducedInclusive": true,
-                "lastAffected": null,
-                "lastAffectedInclusive": false,
-                "style": "greaterThanOrEqual"
-              },
-              "vendorExtensions": null
-            },
-            "provenance": {
-              "source": "ru-nkcki",
-              "kind": "package-range",
-              "value": "SampleVendor SampleGateway >= 2.0 All platforms",
-              "decisionReason": null,
-              "recordedAt": "2025-10-12T00:01:00+00:00",
-              "fieldMask": [
-                "affectedpackages[].versionranges[]"
-              ]
-            },
-            "rangeExpression": ">= 2.0",
-            "rangeKind": "semver"
-          }
-        ],
-        "normalizedVersions": [
-          {
-            "scheme": "semver",
-            "type": "gte",
-            "min": "2.0",
-            "minInclusive": true,
-            "max": null,
-            "maxInclusive": null,
-            "value": null,
-            "notes": "SampleVendor SampleGateway >= 2.0 All platforms"
-          }
-        ],
-        "statuses": [
-          {
-            "provenance": {
-              "source": "ru-nkcki",
-              "kind": "package-status",
-              "value": "patch_available",
-              "decisionReason": null,
-              "recordedAt": "2025-10-12T00:01:00+00:00",
-              "fieldMask": [
-                "affectedpackages[].statuses[]"
-              ]
-            },
-            "status": "fixed"
-          }
-        ],
-        "provenance": [
-          {
-            "source": "ru-nkcki",
-            "kind": "package",
-            "value": "SampleVendor SampleGateway >= 2.0 All platforms",
-            "decisionReason": null,
-            "recordedAt": "2025-10-12T00:01:00+00:00",
-            "fieldMask": [
-              "affectedpackages[]"
-            ]
-          }
-        ]
-      },
-      {
-        "type": "ics-vendor",
-        "identifier": "SampleVendor SampleSCADA",
-        "platform": "Energy, ICS",
-        "versionRanges": [
-          {
-            "fixedVersion": null,
-            "introducedVersion": null,
-            "lastAffectedVersion": "4.2",
-            "primitives": {
-              "evr": null,
-              "hasVendorExtensions": false,
-              "nevra": null,
-              "semVer": {
-                "constraintExpression": "<= 4.2",
-                "exactValue": null,
-                "fixed": null,
-                "fixedInclusive": false,
-                "introduced": null,
-                "introducedInclusive": true,
-                "lastAffected": "4.2",
-                "lastAffectedInclusive": true,
-                "style": "lessThanOrEqual"
-              },
-              "vendorExtensions": null
-            },
-            "provenance": {
-              "source": "ru-nkcki",
-              "kind": "package-range",
-              "value": "SampleVendor SampleSCADA <= 4.2",
-              "decisionReason": null,
-              "recordedAt": "2025-10-12T00:01:00+00:00",
-              "fieldMask": [
-                "affectedpackages[].versionranges[]"
-              ]
-            },
-            "rangeExpression": "<= 4.2",
-            "rangeKind": "semver"
-          }
-        ],
-        "normalizedVersions": [
-          {
-            "scheme": "semver",
-            "type": "lte",
-            "min": null,
-            "minInclusive": null,
-            "max": "4.2",
-            "maxInclusive": true,
-            "value": null,
-            "notes": "SampleVendor SampleSCADA <= 4.2"
-          }
-        ],
-        "statuses": [
-          {
-            "provenance": {
-              "source": "ru-nkcki",
-              "kind": "package-status",
-              "value": "patch_available",
-              "decisionReason": null,
-              "recordedAt": "2025-10-12T00:01:00+00:00",
-              "fieldMask": [
-                "affectedpackages[].statuses[]"
-              ]
-            },
-            "status": "fixed"
-          }
-        ],
-        "provenance": [
-          {
-            "source": "ru-nkcki",
-            "kind": "package",
-            "value": "SampleVendor SampleSCADA <= 4.2",
-            "decisionReason": null,
-            "recordedAt": "2025-10-12T00:01:00+00:00",
-            "fieldMask": [
-              "affectedpackages[]"
-            ]
-          }
-        ]
-      }
-    ],
-    "aliases": [
-      "BDU:2025-01001",
-      "CVE-2025-0101"
-    ],
-    "credits": [],
-    "cvssMetrics": [
-      {
-        "baseScore": 8.5,
-        "baseSeverity": "high",
-        "provenance": {
-          "source": "ru-nkcki",
-          "kind": "cvss",
-          "value": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
-          "decisionReason": null,
-          "recordedAt": "2025-10-12T00:01:00+00:00",
-          "fieldMask": [
-            "cvssmetrics[]"
-          ]
-        },
-        "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
-        "version": "3.1"
-      },
-      {
-        "baseScore": 6.4,
-        "baseSeverity": "medium",
-        "provenance": {
-          "source": "ru-nkcki",
-          "kind": "cvss",
-          "value": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H",
-          "decisionReason": null,
-          "recordedAt": "2025-10-12T00:01:00+00:00",
-          "fieldMask": [
-            "cvssmetrics[]"
-          ]
-        },
-        "vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H",
-        "version": "4.0"
-      }
-    ],
-    "exploitKnown": true,
-    "language": "ru",
-    "modified": "2025-09-22T00:00:00+00:00",
-    "provenance": [
-      {
-        "source": "ru-nkcki",
-        "kind": "advisory",
-        "value": "BDU:2025-01001",
-        "decisionReason": null,
-        "recordedAt": "2025-10-12T00:01:00+00:00",
-        "fieldMask": [
-          "advisory"
-        ]
-      }
-    ],
-    "published": "2025-09-20T00:00:00+00:00",
-    "references": [
-      {
-        "kind": "details",
-        "provenance": {
-          "source": "ru-nkcki",
-          "kind": "reference",
-          "value": "https://bdu.fstec.ru/vul/2025-01001",
-          "decisionReason": null,
-          "recordedAt": "2025-10-12T00:01:00+00:00",
-          "fieldMask": [
-            "references[]"
-          ]
-        },
-        "sourceTag": "bdu",
-        "summary": null,
-        "url": "https://bdu.fstec.ru/vul/2025-01001"
-      },
-      {
-        "kind": "details",
-        "provenance": {
-          "source": "ru-nkcki",
-          "kind": "reference",
-          "value": "https://cert.gov.ru/materialy/uyazvimosti/2025-01001",
-          "decisionReason": null,
-          "recordedAt": "2025-10-12T00:01:00+00:00",
-          "fieldMask": [
-            "references[]"
-          ]
-        },
-        "sourceTag": "ru-nkcki",
-        "summary": null,
-        "url": "https://cert.gov.ru/materialy/uyazvimosti/2025-01001"
-      },
-      {
-        "kind": "cwe",
-        "provenance": {
-          "source": "ru-nkcki",
-          "kind": "reference",
-          "value": "https://cwe.mitre.org/data/definitions/321.html",
-          "decisionReason": null,
-          "recordedAt": "2025-10-12T00:01:00+00:00",
-          "fieldMask": [
-            "references[]"
-          ]
-        },
-        "sourceTag": "cwe",
-        "summary": "Use of Hard-coded Cryptographic Key",
-        "url": "https://cwe.mitre.org/data/definitions/321.html"
-      },
-      {
-        "kind": "external",
-        "provenance": {
-          "source": "ru-nkcki",
-          "kind": "reference",
-          "value": "https://vendor.example/advisories/sample-scada",
-          "decisionReason": null,
-          "recordedAt": "2025-10-12T00:01:00+00:00",
-          "fieldMask": [
-            "references[]"
-          ]
-        },
-        "sourceTag": null,
-        "summary": null,
-        "url": "https://vendor.example/advisories/sample-scada"
-      }
-    ],
-    "severity": "critical",
-    "summary": "Authenticated RCE in Sample SCADA",
-    "title": "Authenticated RCE in Sample SCADA"
-  },
-  {
-    "advisoryKey": "BDU:2024-00011",
-    "affectedPackages": [
-      {
-        "type": "cpe",
-        "identifier": "LegacyPanel",
-        "platform": "Software",
-        "versionRanges": [
-          {
-            "fixedVersion": null,
-            "introducedVersion": null,
-            "lastAffectedVersion": "2.5",
-            "primitives": {
-              "evr": null,
-              "hasVendorExtensions": false,
-              "nevra": null,
-              "semVer": {
-                "constraintExpression": "<= 2.5",
-                "exactValue": null,
-                "fixed": null,
-                "fixedInclusive": false,
-                "introduced": null,
-                "introducedInclusive": true,
-                "lastAffected": "2.5",
-                "lastAffectedInclusive": true,
-                "style": "lessThanOrEqual"
-              },
-              "vendorExtensions": null
-            },
-            "provenance": {
-              "source": "ru-nkcki",
-              "kind": "package-range",
-              "value": "LegacyPanel 1.0 - 2.5",
-              "decisionReason": null,
-              "recordedAt": "2025-10-12T00:01:00+00:00",
-              "fieldMask": [
-                "affectedpackages[].versionranges[]"
-              ]
-            },
-            "rangeExpression": "<= 2.5",
-            "rangeKind": "semver"
-          },
-          {
-            "fixedVersion": null,
-            "introducedVersion": "1.0",
-            "lastAffectedVersion": null,
-            "primitives": {
-              "evr": null,
-              "hasVendorExtensions": false,
-              "nevra": null,
-              "semVer": {
-                "constraintExpression": ">= 1.0",
-                "exactValue": null,
-                "fixed": null,
-                "fixedInclusive": false,
-                "introduced": "1.0",
-                "introducedInclusive": true,
-                "lastAffected": null,
-                "lastAffectedInclusive": false,
-                "style": "greaterThanOrEqual"
-              },
-              "vendorExtensions": null
-            },
-            "provenance": {
-              "source": "ru-nkcki",
-              "kind": "package-range",
-              "value": "LegacyPanel 1.0 - 2.5",
-              "decisionReason": null,
-              "recordedAt": "2025-10-12T00:01:00+00:00",
-              "fieldMask": [
-                "affectedpackages[].versionranges[]"
-              ]
-            },
-            "rangeExpression": ">= 1.0",
-            "rangeKind": "semver"
-          }
-        ],
-        "normalizedVersions": [
-          {
-            "scheme": "semver",
-            "type": "gte",
-            "min": "1.0",
-            "minInclusive": true,
-            "max": null,
-            "maxInclusive": null,
-            "value": null,
-            "notes": "LegacyPanel 1.0 - 2.5"
-          },
-          {
-            "scheme": "semver",
-            "type": "lte",
-            "min": null,
-            "minInclusive": null,
-            "max": "2.5",
-            "maxInclusive": true,
-            "value": null,
-            "notes": "LegacyPanel 1.0 - 2.5"
-          }
-        ],
-        "statuses": [
-          {
-            "provenance": {
-              "source": "ru-nkcki",
-              "kind": "package-status",
-              "value": "affected",
-              "decisionReason": null,
-              "recordedAt": "2025-10-12T00:01:00+00:00",
-              "fieldMask": [
-                "affectedpackages[].statuses[]"
-              ]
-            },
-            "status": "affected"
-          }
-        ],
-        "provenance": [
-          {
-            "source": "ru-nkcki",
-            "kind": "package",
-            "value": "LegacyPanel 1.0 - 2.5",
-            "decisionReason": null,
-            "recordedAt": "2025-10-12T00:01:00+00:00",
-            "fieldMask": [
-              "affectedpackages[]"
-            ]
-          }
-        ]
-      }
-    ],
-    "aliases": [
-      "BDU:2024-00011"
-    ],
-    "credits": [],
-    "cvssMetrics": [
-      {
-        "baseScore": 8.8,
-        "baseSeverity": "high",
-        "provenance": {
-          "source": "ru-nkcki",
-          "kind": "cvss",
-          "value": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
-          "decisionReason": null,
-          "recordedAt": "2025-10-12T00:01:00+00:00",
-          "fieldMask": [
-            "cvssmetrics[]"
-          ]
-        },
-        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
-        "version": "3.1"
-      }
-    ],
-    "exploitKnown": true,
-    "language": "ru",
-    "modified": "2024-08-02T00:00:00+00:00",
-    "provenance": [
-      {
-        "source": "ru-nkcki",
-        "kind": "advisory",
-        "value": "BDU:2024-00011",
-        "decisionReason": null,
-        "recordedAt": "2025-10-12T00:01:00+00:00",
-        "fieldMask": [
-          "advisory"
-        ]
-      }
-    ],
-    "published": "2024-08-01T00:00:00+00:00",
-    "references": [
-      {
-        "kind": "details",
-        "provenance": {
-          "source": "ru-nkcki",
-          "kind": "reference",
-          "value": "https://bdu.fstec.ru/vul/2024-00011",
-          "decisionReason": null,
-          "recordedAt": "2025-10-12T00:01:00+00:00",
-          "fieldMask": [
-            "references[]"
-          ]
-        },
-        "sourceTag": "bdu",
-        "summary": null,
-        "url": "https://bdu.fstec.ru/vul/2024-00011"
-      },
-      {
-        "kind": "details",
-        "provenance": {
-          "source": "ru-nkcki",
-          "kind": "reference",
-          "value": "https://cert.gov.ru/materialy/uyazvimosti/2024-00011",
-          "decisionReason": null,
-          "recordedAt": "2025-10-12T00:01:00+00:00",
-          "fieldMask": [
-            "references[]"
-          ]
-        },
-        "sourceTag": "ru-nkcki",
-        "summary": null,
-        "url": "https://cert.gov.ru/materialy/uyazvimosti/2024-00011"
-      }
-    ],
-    "severity": "high",
-    "summary": "Legacy panel overflow",
-    "title": "Legacy panel overflow"
-  }
+[
+  {
+    "advisoryKey": "BDU:2025-01001",
+    "affectedPackages": [
+      {
+        "type": "ics-vendor",
+        "identifier": "SampleVendor SampleGateway",
+        "platform": "Energy, ICS",
+        "versionRanges": [
+          {
+            "fixedVersion": null,
+            "introducedVersion": "2.0.0",
+            "lastAffectedVersion": null,
+            "primitives": {
+              "evr": null,
+              "hasVendorExtensions": false,
+              "nevra": null,
+              "semVer": {
+                "constraintExpression": ">= 2.0.0",
+                "exactValue": null,
+                "fixed": null,
+                "fixedInclusive": false,
+                "introduced": "2.0.0",
+                "introducedInclusive": true,
+                "lastAffected": null,
+                "lastAffectedInclusive": false,
+                "style": "greaterThanOrEqual"
+              },
+              "vendorExtensions": null
+            },
+            "provenance": {
+              "source": "ru-nkcki",
+              "kind": "package-range",
+              "value": "SampleVendor SampleGateway >= 2.0 All platforms",
+              "decisionReason": null,
+              "recordedAt": "2025-10-12T00:01:00+00:00",
+              "fieldMask": [
+                "affectedpackages[].versionranges[]"
+              ]
+            },
+            "rangeExpression": ">= 2.0.0",
+            "rangeKind": "semver"
+          }
+        ],
+        "normalizedVersions": [
+          {
+            "scheme": "semver",
+            "type": "gte",
+            "min": "2.0.0",
+            "minInclusive": true,
+            "max": null,
+            "maxInclusive": null,
+            "value": null,
+            "notes": "SampleVendor SampleGateway >= 2.0 All platforms"
+          }
+        ],
+        "statuses": [
+          {
+            "provenance": {
+              "source": "ru-nkcki",
+              "kind": "package-status",
+              "value": "patch_available",
+              "decisionReason": null,
+              "recordedAt": "2025-10-12T00:01:00+00:00",
+              "fieldMask": [
+                "affectedpackages[].statuses[]"
+              ]
+            },
+            "status": "fixed"
+          }
+        ],
+        "provenance": [
+          {
+            "source": "ru-nkcki",
+            "kind": "package",
+            "value": "SampleVendor SampleGateway >= 2.0 All platforms",
+            "decisionReason": null,
+            "recordedAt": "2025-10-12T00:01:00+00:00",
+            "fieldMask": [
+              "affectedpackages[]"
+            ]
+          }
+        ]
+      },
+      {
+        "type": "ics-vendor",
+        "identifier": "SampleVendor SampleSCADA",
+        "platform": "Energy, ICS",
+        "versionRanges": [
+          {
+            "fixedVersion": null,
+            "introducedVersion": null,
+            "lastAffectedVersion": "4.2.0",
+            "primitives": {
+              "evr": null,
+              "hasVendorExtensions": false,
+              "nevra": null,
+              "semVer": {
+                "constraintExpression": "<= 4.2.0",
+                "exactValue": null,
+                "fixed": null,
+                "fixedInclusive": false,
+                "introduced": null,
+                "introducedInclusive": true,
+                "lastAffected": "4.2.0",
+                "lastAffectedInclusive": true,
+                "style": "lessThanOrEqual"
+              },
+              "vendorExtensions": null
+            },
+            "provenance": {
+              "source": "ru-nkcki",
+              "kind": "package-range",
+              "value": "SampleVendor SampleSCADA <= 4.2",
+              "decisionReason": null,
+              "recordedAt": "2025-10-12T00:01:00+00:00",
+              "fieldMask": [
+                "affectedpackages[].versionranges[]"
+              ]
+            },
+            "rangeExpression": "<= 4.2.0",
+            "rangeKind": "semver"
+          }
+        ],
+        "normalizedVersions": [
+          {
+            "scheme": "semver",
+            "type": "lte",
+            "min": null,
+            "minInclusive": null,
+            "max": "4.2.0",
+            "maxInclusive": true,
+            "value": null,
+            "notes": "SampleVendor SampleSCADA <= 4.2"
+          }
+        ],
+        "statuses": [
+          {
+            "provenance": {
+              "source": "ru-nkcki",
+              "kind": "package-status",
+              "value": "patch_available",
+              "decisionReason": null,
+              "recordedAt": "2025-10-12T00:01:00+00:00",
+              "fieldMask": [
+                "affectedpackages[].statuses[]"
+              ]
+            },
+            "status": "fixed"
+          }
+        ],
+        "provenance": [
+          {
+            "source": "ru-nkcki",
+            "kind": "package",
+            "value": "SampleVendor SampleSCADA <= 4.2",
+            "decisionReason": null,
+            "recordedAt": "2025-10-12T00:01:00+00:00",
+            "fieldMask": [
+              "affectedpackages[]"
+            ]
+          }
+        ]
+      }
+    ],
+    "aliases": [
+      "BDU:2025-01001",
+      "CVE-2025-0101"
+    ],
+    "canonicalMetricId": null,
+    "credits": [],
+    "cvssMetrics": [
+      {
+        "baseScore": 8.5,
+        "baseSeverity": "high",
+        "provenance": {
+          "source": "ru-nkcki",
+          "kind": "cvss",
+          "value": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
+          "decisionReason": null,
+          "recordedAt": "2025-10-12T00:01:00+00:00",
+          "fieldMask": [
+            "cvssmetrics[]"
+          ]
+        },
+        "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
+        "version": "3.1"
+      },
+      {
+        "baseScore": 6.4,
+        "baseSeverity": "medium",
+        "provenance": {
+          "source": "ru-nkcki",
+          "kind": "cvss",
+          "value": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H",
+          "decisionReason": null,
+          "recordedAt": "2025-10-12T00:01:00+00:00",
+          "fieldMask": [
+            "cvssmetrics[]"
+          ]
+        },
+        "vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H",
+        "version": "4.0"
+      }
+    ],
+    "cwes": [],
+    "description": null,
+    "exploitKnown": true,
+    "language": "ru",
+    "modified": "2025-09-22T00:00:00+00:00",
+    "provenance": [
+      {
+        "source": "ru-nkcki",
+        "kind": "advisory",
+        "value": "BDU:2025-01001",
+        "decisionReason": null,
+        "recordedAt": "2025-10-12T00:01:00+00:00",
+        "fieldMask": [
+          "advisory"
+        ]
+      }
+    ],
+    "published": "2025-09-20T00:00:00+00:00",
+    "references": [
+      {
+        "kind": "details",
+        "provenance": {
+          "source": "ru-nkcki",
+          "kind": "reference",
+          "value": "https://bdu.fstec.ru/vul/2025-01001",
+          "decisionReason": null,
+          "recordedAt": "2025-10-12T00:01:00+00:00",
+          "fieldMask": [
+            "references[]"
+          ]
+        },
+        "sourceTag": "bdu",
+        "summary": null,
+        "url": "https://bdu.fstec.ru/vul/2025-01001"
+      },
+      {
+        "kind": "details",
+        "provenance": {
+          "source": "ru-nkcki",
+          "kind": "reference",
+          "value": "https://cert.gov.ru/materialy/uyazvimosti/2025-01001",
+          "decisionReason": null,
+          "recordedAt": "2025-10-12T00:01:00+00:00",
+          "fieldMask": [
+            "references[]"
+          ]
+        },
+        "sourceTag": "ru-nkcki",
+        "summary": null,
+        "url": "https://cert.gov.ru/materialy/uyazvimosti/2025-01001"
+      },
+      {
+        "kind": "cwe",
+        "provenance": {
+          "source": "ru-nkcki",
+          "kind": "reference",
+          "value": "https://cwe.mitre.org/data/definitions/321.html",
+          "decisionReason": null,
+          "recordedAt": "2025-10-12T00:01:00+00:00",
+          "fieldMask": [
+            "references[]"
+          ]
+        },
+        "sourceTag": "cwe",
+        "summary": "Use of Hard-coded Cryptographic Key",
+        "url": "https://cwe.mitre.org/data/definitions/321.html"
+      },
+      {
+        "kind": "external",
+        "provenance": {
+          "source": "ru-nkcki",
+          "kind": "reference",
+          "value": "https://vendor.example/advisories/sample-scada",
+          "decisionReason": null,
+          "recordedAt": "2025-10-12T00:01:00+00:00",
+          "fieldMask": [
+            "references[]"
+          ]
+        },
+        "sourceTag": null,
+        "summary": null,
+        "url": "https://vendor.example/advisories/sample-scada"
+      }
+    ],
+    "severity": "critical",
+    "summary": "Authenticated RCE in Sample SCADA",
+    "title": "Authenticated RCE in Sample SCADA"
+  },
+  {
+    "advisoryKey": "BDU:2024-00011",
+    "affectedPackages": [
+      {
+        "type": "cpe",
+        "identifier": "LegacyPanel",
+        "platform": "Software",
+        "versionRanges": [
+          {
+            "fixedVersion": null,
+            "introducedVersion": null,
+            "lastAffectedVersion": "2.5.0",
+            "primitives": {
+              "evr": null,
+              "hasVendorExtensions": false,
+              "nevra": null,
+              "semVer": {
+                "constraintExpression": "<= 2.5.0",
+                "exactValue": null,
+                "fixed": null,
+                "fixedInclusive": false,
+                "introduced": null,
+                "introducedInclusive": true,
+                "lastAffected": "2.5.0",
+                "lastAffectedInclusive": true,
+                "style": "lessThanOrEqual"
+              },
+              "vendorExtensions": null
+            },
+            "provenance": {
+              "source": "ru-nkcki",
+              "kind": "package-range",
+              "value": "LegacyPanel 1.0 - 2.5",
+              "decisionReason": null,
+              "recordedAt": "2025-10-12T00:01:00+00:00",
+              "fieldMask": [
+                "affectedpackages[].versionranges[]"
+              ]
+            },
+            "rangeExpression": "<= 2.5.0",
+            "rangeKind": "semver"
+          },
+          {
+            "fixedVersion": null,
+            "introducedVersion": "1.0.0",
+            "lastAffectedVersion": null,
+            "primitives": {
+              "evr": null,
+              "hasVendorExtensions": false,
+              "nevra": null,
+              "semVer": {
+                "constraintExpression": ">= 1.0.0",
+                "exactValue": null,
+                "fixed": null,
+                "fixedInclusive": false,
+                "introduced": "1.0.0",
+                "introducedInclusive": true,
+                "lastAffected": null,
+                "lastAffectedInclusive": false,
+                "style": "greaterThanOrEqual"
+              },
+              "vendorExtensions": null
+            },
+            "provenance": {
+              "source": "ru-nkcki",
+              "kind": "package-range",
+              "value": "LegacyPanel 1.0 - 2.5",
+              "decisionReason": null,
+              "recordedAt": "2025-10-12T00:01:00+00:00",
+              "fieldMask": [
+                "affectedpackages[].versionranges[]"
+              ]
+            },
+            "rangeExpression": ">= 1.0.0",
+            "rangeKind": "semver"
+          }
+        ],
+        "normalizedVersions": [
+          {
+            "scheme": "semver",
+            "type": "gte",
+            "min": "1.0.0",
+            "minInclusive": true,
+            "max": null,
+            "maxInclusive": null,
+            "value": null,
+            "notes": "LegacyPanel 1.0 - 2.5"
+          },
+          {
+            "scheme": "semver",
+            "type": "lte",
+            "min": null,
+            "minInclusive": null,
+            "max": "2.5.0",
+            "maxInclusive": true,
+            "value": null,
+            "notes": "LegacyPanel 1.0 - 2.5"
+          }
+        ],
+        "statuses": [
+          {
+            "provenance": {
+              "source": "ru-nkcki",
+              "kind": "package-status",
+              "value": "affected",
+              "decisionReason": null,
+              "recordedAt": "2025-10-12T00:01:00+00:00",
+              "fieldMask": [
+                "affectedpackages[].statuses[]"
+              ]
+            },
+            "status": "affected"
+          }
+        ],
+        "provenance": [
+          {
+            "source": "ru-nkcki",
+            "kind": "package",
+            "value": "LegacyPanel 1.0 - 2.5",
+            "decisionReason": null,
+            "recordedAt": "2025-10-12T00:01:00+00:00",
+            "fieldMask": [
+              "affectedpackages[]"
+            ]
+          }
+        ]
+      }
+    ],
+    "aliases": [
+      "BDU:2024-00011"
+    ],
+    "canonicalMetricId": null,
+    "credits": [],
+    "cvssMetrics": [
+      {
+        "baseScore": 8.8,
+        "baseSeverity": "high",
+        "provenance": {
+          "source": "ru-nkcki",
+          "kind": "cvss",
+          "value": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+          "decisionReason": null,
+          "recordedAt": "2025-10-12T00:01:00+00:00",
+          "fieldMask": [
+            "cvssmetrics[]"
+          ]
+        },
+        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+        "version": "3.1"
+      }
+    ],
+    "cwes": [],
+    "description": null,
+    "exploitKnown": true,
+    "language": "ru",
+    "modified": "2024-08-02T00:00:00+00:00",
+    "provenance": [
+      {
+        "source": "ru-nkcki",
+        "kind": "advisory",
+        "value": "BDU:2024-00011",
+        "decisionReason": null,
+        "recordedAt": "2025-10-12T00:01:00+00:00",
+        "fieldMask": [
+          "advisory"
+        ]
+      }
+    ],
+    "published": "2024-08-01T00:00:00+00:00",
+    "references": [
+      {
+        "kind": "details",
+        "provenance": {
+          "source": "ru-nkcki",
+          "kind": "reference",
+          "value": "https://bdu.fstec.ru/vul/2024-00011",
+          "decisionReason": null,
+          "recordedAt": "2025-10-12T00:01:00+00:00",
+          "fieldMask": [
+            "references[]"
+          ]
+        },
+        "sourceTag": "bdu",
+        "summary": null,
+        "url": "https://bdu.fstec.ru/vul/2024-00011"
+      },
+      {
+        "kind": "details",
+        "provenance": {
+          "source": "ru-nkcki",
+          "kind": "reference",
+          "value": "https://cert.gov.ru/materialy/uyazvimosti/2024-00011",
+          "decisionReason": null,
+          "recordedAt": "2025-10-12T00:01:00+00:00",
+          "fieldMask": [
+            "references[]"
+          ]
+        },
+        "sourceTag": "ru-nkcki",
+        "summary": null,
+        "url": "https://cert.gov.ru/materialy/uyazvimosti/2024-00011"
+      }
+    ],
+    "severity": "high",
+    "summary": "Legacy panel overflow",
+    "title": "Legacy panel overflow"
+  }
 ]

src/Concelier/__Tests/StellaOps.Concelier.Connector.Ru.Nkcki.Tests/RuNkckiConnectorTests.cs

@@ -19,12 +19,13 @@ using StellaOps.Concelier.Connector.Common.Http;
 using StellaOps.Concelier.Connector.Common.Testing;
 using StellaOps.Concelier.Connector.Ru.Nkcki;
 using StellaOps.Concelier.Connector.Ru.Nkcki.Configuration;
-using StellaOps.Concelier.Storage.Mongo;
-using StellaOps.Concelier.Storage.Mongo.Advisories;
-using StellaOps.Concelier.Storage.Mongo.Documents;
-using StellaOps.Concelier.Testing;
-using StellaOps.Concelier.Models;
-using MongoDB.Driver;
+using StellaOps.Concelier.Storage.Mongo;
+using StellaOps.Concelier.Storage.Mongo.Advisories;
+using StellaOps.Concelier.Storage.Mongo.Documents;
+using StellaOps.Concelier.Testing;
+using StellaOps.Concelier.Models;
+using MongoDB.Driver;
+using StellaOps.Cryptography.DependencyInjection;
 using Xunit;
 
 namespace StellaOps.Concelier.Connector.Ru.Nkcki.Tests;
@@ -123,14 +124,15 @@ public sealed class RuNkckiConnectorTests : IAsyncLifetime
         services.AddLogging(builder => builder.AddProvider(NullLoggerProvider.Instance));
         services.AddSingleton<TimeProvider>(_timeProvider);
 
-        services.AddMongoStorage(options =>
-        {
-            options.ConnectionString = _fixture.Runner.ConnectionString;
-            options.DatabaseName = _fixture.Database.DatabaseNamespace.DatabaseName;
-            options.CommandTimeout = TimeSpan.FromSeconds(5);
-        });
-
-        services.AddSourceCommon();
+        services.AddMongoStorage(options =>
+        {
+            options.ConnectionString = _fixture.Runner.ConnectionString;
+            options.DatabaseName = _fixture.Database.DatabaseNamespace.DatabaseName;
+            options.CommandTimeout = TimeSpan.FromSeconds(5);
+        });
+
+        services.AddStellaOpsCrypto();
+        services.AddSourceCommon();
         services.AddRuNkckiConnector(options =>
         {
             options.BaseAddress = new Uri("https://cert.gov.ru/");

src/Concelier/__Tests/StellaOps.Concelier.Connector.Ru.Nkcki.Tests/StellaOps.Concelier.Connector.Ru.Nkcki.Tests.csproj

@@ -10,5 +10,6 @@
     <ProjectReference Include="../../__Libraries/StellaOps.Concelier.Models/StellaOps.Concelier.Models.csproj" />
     <ProjectReference Include="../../__Libraries/StellaOps.Concelier.Normalization/StellaOps.Concelier.Normalization.csproj" />
     <ProjectReference Include="../../__Libraries/StellaOps.Concelier.Connector.Ru.Nkcki/StellaOps.Concelier.Connector.Ru.Nkcki.csproj" />
+    <ProjectReference Include="../../../__Libraries/StellaOps.Cryptography.DependencyInjection/StellaOps.Cryptography.DependencyInjection.csproj" />
   </ItemGroup>
-</Project>
+</Project>