stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Add SBOM, symbols, traces, and VEX files for CVE-2022-21661 SQLi case
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details

Browse Source 
- Created CycloneDX and SPDX SBOM files for both reachable and unreachable images.
- Added symbols.json detailing function entry and sink points in the WordPress code.
- Included runtime traces for function calls in both reachable and unreachable scenarios.
- Developed OpenVEX files indicating vulnerability status and justification for both cases.
- Updated README for evaluator harness to guide integration with scanner output.
This commit is contained in:
master
2025-11-08 20:53:45 +02:00
parent 515975edc5
commit 536f6249a6
837 changed files with 37279 additions and 14675 deletions
Download Patch File Download Diff File Expand all files Collapse all files

579
src/Concelier/__Tests/StellaOps.Concelier.Connector.Vndr.Vmware.Tests/Vmware/Fixtures/vmware-advisories.snapshot.json
View File

@@ -1,275 +1,306 @@
[
{
"advisoryKey": "VMSA-2024-0001",
"affectedPackages": [
{
"identifier": "VMware ESXi 7.0",
"platform": null,
"provenance": [
{
"fieldMask": [],
"kind": "affected",
"recordedAt": "2024-04-05T00:00:00+00:00",
"source": "vmware",
"value": "VMware ESXi 7.0"
}
],
"statuses": [],
"type": "vendor",
"versionRanges": [
{
"fixedVersion": "7.0u3f",
"introducedVersion": "7.0",
"lastAffectedVersion": null,
"primitives": {
"evr": null,
"hasVendorExtensions": true,
"nevra": null,
"semVer": {
"constraintExpression": null,
"fixed": null,
"fixedInclusive": false,
"introduced": "7.0",
"introducedInclusive": true,
"lastAffected": null,
"lastAffectedInclusive": false
},
"vendorExtensions": {
"vmware.product": "VMware ESXi 7.0",
"vmware.version.raw": "7.0",
"vmware.fixedVersion.raw": "7.0u3f"
}
},
"provenance": {
"fieldMask": [],
"kind": "range",
"recordedAt": "2024-04-05T00:00:00+00:00",
"source": "vmware",
"value": "VMware ESXi 7.0"
},
"rangeExpression": "7.0",
"rangeKind": "vendor"
}
]
},
{
"identifier": "VMware vCenter Server 8.0",
"platform": null,
"provenance": [
{
"fieldMask": [],
"kind": "affected",
"recordedAt": "2024-04-05T00:00:00+00:00",
"source": "vmware",
"value": "VMware vCenter Server 8.0"
}
],
"statuses": [],
"type": "vendor",
"versionRanges": [
{
"fixedVersion": "8.0a",
"introducedVersion": "8.0",
"lastAffectedVersion": null,
"primitives": {
"evr": null,
"hasVendorExtensions": true,
"nevra": null,
"semVer": {
"constraintExpression": null,
"fixed": null,
"fixedInclusive": false,
"introduced": "8.0",
"introducedInclusive": true,
"lastAffected": null,
"lastAffectedInclusive": false
},
"vendorExtensions": {
"vmware.product": "VMware vCenter Server 8.0",
"vmware.version.raw": "8.0",
"vmware.fixedVersion.raw": "8.0a"
}
},
"provenance": {
"fieldMask": [],
"kind": "range",
"recordedAt": "2024-04-05T00:00:00+00:00",
"source": "vmware",
"value": "VMware vCenter Server 8.0"
},
"rangeExpression": "8.0",
"rangeKind": "vendor"
}
]
}
],
"aliases": [
"CVE-2024-1000",
"CVE-2024-1001",
"VMSA-2024-0001"
],
"cvssMetrics": [],
"exploitKnown": false,
"language": "en",
"modified": "2024-04-01T10:00:00+00:00",
"provenance": [
{
"fieldMask": [],
"kind": "document",
"recordedAt": "2024-04-05T00:00:00+00:00",
"source": "vmware",
"value": "https://vmware.example/api/vmsa/VMSA-2024-0001.json"
},
{
"fieldMask": [],
"kind": "mapping",
"recordedAt": "2024-04-05T00:00:00+00:00",
"source": "vmware",
"value": "VMSA-2024-0001"
}
],
"published": "2024-04-01T10:00:00+00:00",
"references": [
{
"kind": "kb",
"provenance": {
"fieldMask": [],
"kind": "reference",
"recordedAt": "2024-04-05T00:00:00+00:00",
"source": "vmware",
"value": "https://kb.vmware.example/90234"
},
"sourceTag": "kb",
"summary": null,
"url": "https://kb.vmware.example/90234"
},
{
"kind": "advisory",
"provenance": {
"fieldMask": [],
"kind": "reference",
"recordedAt": "2024-04-05T00:00:00+00:00",
"source": "vmware",
"value": "https://www.vmware.com/security/advisories/VMSA-2024-0001.html"
},
"sourceTag": "advisory",
"summary": null,
"url": "https://www.vmware.com/security/advisories/VMSA-2024-0001.html"
}
],
"severity": null,
"summary": "Security updates for VMware ESXi 7.0 and vCenter Server 8.0 resolve multiple vulnerabilities.",
"title": "VMware ESXi and vCenter Server updates address vulnerabilities"
},
{
"advisoryKey": "VMSA-2024-0002",
"affectedPackages": [
{
"identifier": "VMware Cloud Foundation 5.x",
"platform": null,
"provenance": [
{
"fieldMask": [],
"kind": "affected",
"recordedAt": "2024-04-05T00:00:00+00:00",
"source": "vmware",
"value": "VMware Cloud Foundation 5.x"
}
],
"statuses": [],
"type": "vendor",
"versionRanges": [
{
"fixedVersion": "5.1.1",
"introducedVersion": "5.1",
"lastAffectedVersion": null,
"primitives": {
"evr": null,
"hasVendorExtensions": true,
"nevra": null,
"semVer": {
"constraintExpression": null,
"fixed": "5.1.1",
"fixedInclusive": false,
"introduced": "5.1",
"introducedInclusive": true,
"lastAffected": null,
"lastAffectedInclusive": false
},
"vendorExtensions": {
"vmware.product": "VMware Cloud Foundation 5.x",
"vmware.version.raw": "5.1",
"vmware.fixedVersion.raw": "5.1.1"
}
},
"provenance": {
"fieldMask": [],
"kind": "range",
"recordedAt": "2024-04-05T00:00:00+00:00",
"source": "vmware",
"value": "VMware Cloud Foundation 5.x"
},
"rangeExpression": "5.1",
"rangeKind": "vendor"
}
]
}
],
"aliases": [
"CVE-2024-2000",
"VMSA-2024-0002"
],
"cvssMetrics": [],
"exploitKnown": false,
"language": "en",
"modified": "2024-04-02T09:00:00+00:00",
"provenance": [
{
"fieldMask": [],
"kind": "document",
"recordedAt": "2024-04-05T00:00:00+00:00",
"source": "vmware",
"value": "https://vmware.example/api/vmsa/VMSA-2024-0002.json"
},
{
"fieldMask": [],
"kind": "mapping",
"recordedAt": "2024-04-05T00:00:00+00:00",
"source": "vmware",
"value": "VMSA-2024-0002"
}
],
"published": "2024-04-02T09:00:00+00:00",
"references": [
{
"kind": "kb",
"provenance": {
"fieldMask": [],
"kind": "reference",
"recordedAt": "2024-04-05T00:00:00+00:00",
"source": "vmware",
"value": "https://kb.vmware.example/91234"
},
"sourceTag": "kb",
"summary": null,
"url": "https://kb.vmware.example/91234"
},
{
"kind": "advisory",
"provenance": {
"fieldMask": [],
"kind": "reference",
"recordedAt": "2024-04-05T00:00:00+00:00",
"source": "vmware",
"value": "https://www.vmware.com/security/advisories/VMSA-2024-0002.html"
},
"sourceTag": "advisory",
"summary": null,
"url": "https://www.vmware.com/security/advisories/VMSA-2024-0002.html"
}
],
"severity": null,
"summary": "An update is available for VMware Cloud Foundation components to address a remote code execution vulnerability.",
"title": "VMware Cloud Foundation remote code execution vulnerability"
}
[
{
"advisoryKey": "VMSA-2024-0001",
"affectedPackages": [
{
"type": "vendor",
"identifier": "VMware ESXi 7.0",
"platform": null,
"versionRanges": [
{
"fixedVersion": "7.0u3f",
"introducedVersion": "7.0",
"lastAffectedVersion": null,
"primitives": {
"evr": null,
"hasVendorExtensions": true,
"nevra": null,
"semVer": {
"constraintExpression": null,
"exactValue": null,
"fixed": null,
"fixedInclusive": false,
"introduced": "7.0",
"introducedInclusive": true,
"lastAffected": null,
"lastAffectedInclusive": false,
"style": "greaterThanOrEqual"
},
"vendorExtensions": {
"vmware.product": "VMware ESXi 7.0",
"vmware.version.raw": "7.0",
"vmware.fixedVersion.raw": "7.0u3f"
}
},
"provenance": {
"source": "vmware",
"kind": "range",
"value": "VMware ESXi 7.0",
"decisionReason": null,
"recordedAt": "2024-04-05T00:00:00+00:00",
"fieldMask": []
},
"rangeExpression": "7.0",
"rangeKind": "vendor"
}
],
"normalizedVersions": [],
"statuses": [],
"provenance": [
{
"source": "vmware",
"kind": "affected",
"value": "VMware ESXi 7.0",
"decisionReason": null,
"recordedAt": "2024-04-05T00:00:00+00:00",
"fieldMask": []
}
]
},
{
"type": "vendor",
"identifier": "VMware vCenter Server 8.0",
"platform": null,
"versionRanges": [
{
"fixedVersion": "8.0a",
"introducedVersion": "8.0",
"lastAffectedVersion": null,
"primitives": {
"evr": null,
"hasVendorExtensions": true,
"nevra": null,
"semVer": {
"constraintExpression": null,
"exactValue": null,
"fixed": null,
"fixedInclusive": false,
"introduced": "8.0",
"introducedInclusive": true,
"lastAffected": null,
"lastAffectedInclusive": false,
"style": "greaterThanOrEqual"
},
"vendorExtensions": {
"vmware.product": "VMware vCenter Server 8.0",
"vmware.version.raw": "8.0",
"vmware.fixedVersion.raw": "8.0a"
}
},
"provenance": {
"source": "vmware",
"kind": "range",
"value": "VMware vCenter Server 8.0",
"decisionReason": null,
"recordedAt": "2024-04-05T00:00:00+00:00",
"fieldMask": []
},
"rangeExpression": "8.0",
"rangeKind": "vendor"
}
],
"normalizedVersions": [],
"statuses": [],
"provenance": [
{
"source": "vmware",
"kind": "affected",
"value": "VMware vCenter Server 8.0",
"decisionReason": null,
"recordedAt": "2024-04-05T00:00:00+00:00",
"fieldMask": []
}
]
}
],
"aliases": [
"CVE-2024-1000",
"CVE-2024-1001",
"VMSA-2024-0001"
],
"canonicalMetricId": null,
"credits": [],
"cvssMetrics": [],
"cwes": [],
"description": null,
"exploitKnown": false,
"language": "en",
"modified": "2024-04-01T10:00:00+00:00",
"provenance": [
{
"source": "vmware",
"kind": "document",
"value": "https://vmware.example/api/vmsa/VMSA-2024-0001.json",
"decisionReason": null,
"recordedAt": "2024-04-05T00:00:00+00:00",
"fieldMask": []
},
{
"source": "vmware",
"kind": "mapping",
"value": "VMSA-2024-0001",
"decisionReason": null,
"recordedAt": "2024-04-05T00:00:00+00:00",
"fieldMask": []
}
],
"published": "2024-04-01T10:00:00+00:00",
"references": [
{
"kind": "kb",
"provenance": {
"source": "vmware",
"kind": "reference",
"value": "https://kb.vmware.example/90234",
"decisionReason": null,
"recordedAt": "2024-04-05T00:00:00+00:00",
"fieldMask": []
},
"sourceTag": "kb",
"summary": null,
"url": "https://kb.vmware.example/90234"
},
{
"kind": "advisory",
"provenance": {
"source": "vmware",
"kind": "reference",
"value": "https://www.vmware.com/security/advisories/VMSA-2024-0001.html",
"decisionReason": null,
"recordedAt": "2024-04-05T00:00:00+00:00",
"fieldMask": []
},
"sourceTag": "advisory",
"summary": null,
"url": "https://www.vmware.com/security/advisories/VMSA-2024-0001.html"
}
],
"severity": null,
"summary": "Security updates for VMware ESXi 7.0 and vCenter Server 8.0 resolve multiple vulnerabilities.",
"title": "VMware ESXi and vCenter Server updates address vulnerabilities"
},
{
"advisoryKey": "VMSA-2024-0002",
"affectedPackages": [
{
"type": "vendor",
"identifier": "VMware Cloud Foundation 5.x",
"platform": null,
"versionRanges": [
{
"fixedVersion": "5.1.1",
"introducedVersion": "5.1",
"lastAffectedVersion": null,
"primitives": {
"evr": null,
"hasVendorExtensions": true,
"nevra": null,
"semVer": {
"constraintExpression": null,
"exactValue": null,
"fixed": "5.1.1",
"fixedInclusive": false,
"introduced": "5.1",
"introducedInclusive": true,
"lastAffected": null,
"lastAffectedInclusive": false,
"style": "range"
},
"vendorExtensions": {
"vmware.product": "VMware Cloud Foundation 5.x",
"vmware.version.raw": "5.1",
"vmware.fixedVersion.raw": "5.1.1"
}
},
"provenance": {
"source": "vmware",
"kind": "range",
"value": "VMware Cloud Foundation 5.x",
"decisionReason": null,
"recordedAt": "2024-04-05T00:00:00+00:00",
"fieldMask": []
},
"rangeExpression": "5.1",
"rangeKind": "vendor"
}
],
"normalizedVersions": [],
"statuses": [],
"provenance": [
{
"source": "vmware",
"kind": "affected",
"value": "VMware Cloud Foundation 5.x",
"decisionReason": null,
"recordedAt": "2024-04-05T00:00:00+00:00",
"fieldMask": []
}
]
}
],
"aliases": [
"CVE-2024-2000",
"VMSA-2024-0002"
],
"canonicalMetricId": null,
"credits": [],
"cvssMetrics": [],
"cwes": [],
"description": null,
"exploitKnown": false,
"language": "en",
"modified": "2024-04-02T09:00:00+00:00",
"provenance": [
{
"source": "vmware",
"kind": "document",
"value": "https://vmware.example/api/vmsa/VMSA-2024-0002.json",
"decisionReason": null,
"recordedAt": "2024-04-05T00:00:00+00:00",
"fieldMask": []
},
{
"source": "vmware",
"kind": "mapping",
"value": "VMSA-2024-0002",
"decisionReason": null,
"recordedAt": "2024-04-05T00:00:00+00:00",
"fieldMask": []
}
],
"published": "2024-04-02T09:00:00+00:00",
"references": [
{
"kind": "kb",
"provenance": {
"source": "vmware",
"kind": "reference",
"value": "https://kb.vmware.example/91234",
"decisionReason": null,
"recordedAt": "2024-04-05T00:00:00+00:00",
"fieldMask": []
},
"sourceTag": "kb",
"summary": null,
"url": "https://kb.vmware.example/91234"
},
{
"kind": "advisory",
"provenance": {
"source": "vmware",
"kind": "reference",
"value": "https://www.vmware.com/security/advisories/VMSA-2024-0002.html",
"decisionReason": null,
"recordedAt": "2024-04-05T00:00:00+00:00",
"fieldMask": []
},
"sourceTag": "advisory",
"summary": null,
"url": "https://www.vmware.com/security/advisories/VMSA-2024-0002.html"
}
],
"severity": null,
"summary": "An update is available for VMware Cloud Foundation components to address a remote code execution vulnerability.",
"title": "VMware Cloud Foundation remote code execution vulnerability"
}
]