stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Add SBOM, symbols, traces, and VEX files for CVE-2022-21661 SQLi case
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details

Browse Source 
- Created CycloneDX and SPDX SBOM files for both reachable and unreachable images.
- Added symbols.json detailing function entry and sink points in the WordPress code.
- Included runtime traces for function calls in both reachable and unreachable scenarios.
- Developed OpenVEX files indicating vulnerability status and justification for both cases.
- Updated README for evaluator harness to guide integration with scanner output.
This commit is contained in:
master
2025-11-08 20:53:45 +02:00
parent 515975edc5
commit 536f6249a6
837 changed files with 37279 additions and 14675 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro/CryptoProCryptoServiceCollectionExtensions.cs Normal file
View File

@@ -0,0 +1,25 @@
using System;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.DependencyInjection.Extensions;
namespace StellaOps.Cryptography.Plugin.CryptoPro;
public static class CryptoProCryptoServiceCollectionExtensions
{
public static IServiceCollection AddCryptoProGostProvider(
this IServiceCollection services,
Action<CryptoProGostProviderOptions>? configure = null)
{
ArgumentNullException.ThrowIfNull(services);
if (configure is not null)
{
services.Configure(configure);
}
services.TryAddEnumerable(
ServiceDescriptor.Singleton<StellaOps.Cryptography.ICryptoProvider, CryptoProGostCryptoProvider>());
return services;
}
}

87
src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro/CryptoProGostCryptoProvider.cs Normal file
View File

@@ -0,0 +1,87 @@
using System;
using System.Collections.Generic;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using StellaOps.Cryptography;
using StellaOps.Cryptography.Plugin.Pkcs11Gost;
namespace StellaOps.Cryptography.Plugin.CryptoPro;
public sealed class CryptoProGostCryptoProvider : ICryptoProvider, ICryptoProviderDiagnostics
{
private readonly Pkcs11GostProviderCore core;
public CryptoProGostCryptoProvider(
IOptions<CryptoProGostProviderOptions>? optionsAccessor = null,
ILogger<CryptoProGostCryptoProvider>? logger = null)
{
var options = optionsAccessor?.Value ?? new CryptoProGostProviderOptions();
var mappedKeys = new List<Pkcs11GostKeyOptions>(options.Keys.Count);
foreach (var key in options.Keys)
{
mappedKeys.Add(MapToPkcs11Options(key));
}
core = new Pkcs11GostProviderCore("ru.cryptopro.csp", mappedKeys, logger);
}
public string Name => core.ProviderName;
public bool Supports(CryptoCapability capability, string algorithmId)
{
if (capability is CryptoCapability.Signing or CryptoCapability.Verification)
{
return core.SupportsAlgorithm(algorithmId);
}
return false;
}
public IPasswordHasher GetPasswordHasher(string algorithmId)
=> throw new NotSupportedException("CryptoPro provider does not expose password hashing.");
public ICryptoSigner GetSigner(string algorithmId, CryptoKeyReference keyReference)
{
ArgumentNullException.ThrowIfNull(keyReference);
var entry = core.Resolve(keyReference.KeyId);
if (!string.Equals(entry.AlgorithmId, algorithmId, StringComparison.OrdinalIgnoreCase))
{
throw new InvalidOperationException(
$"Signing key '{keyReference.KeyId}' is registered for algorithm '{entry.AlgorithmId}', not '{algorithmId}'.");
}
return new Pkcs11GostSigner(entry);
}
public void UpsertSigningKey(CryptoSigningKey signingKey)
=> throw new NotSupportedException("CryptoPro keys are managed externally.");
public bool RemoveSigningKey(string keyId) => false;
public IReadOnlyCollection<CryptoSigningKey> GetSigningKeys()
=> Array.Empty<CryptoSigningKey>();
public IEnumerable<CryptoProviderKeyDescriptor> DescribeKeys()
=> core.DescribeKeys(Name);
private static Pkcs11GostKeyOptions MapToPkcs11Options(CryptoProGostKeyOptions source)
{
ArgumentNullException.ThrowIfNull(source);
return new Pkcs11GostKeyOptions
{
KeyId = source.KeyId,
Algorithm = source.Algorithm,
LibraryPath = source.LibraryPath,
SlotId = source.SlotId,
TokenLabel = source.TokenLabel,
PrivateKeyLabel = source.ContainerLabel,
UserPin = source.UserPin,
UserPinEnvironmentVariable = source.UserPinEnvironmentVariable,
SignMechanismId = source.SignMechanismId,
CertificateThumbprint = source.CertificateThumbprint,
CertificateStoreLocation = source.CertificateStoreLocation.ToString(),
CertificateStoreName = source.CertificateStoreName.ToString()
};
}
}

54
src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro/CryptoProGostKeyOptions.cs Normal file
View File

@@ -0,0 +1,54 @@
using System.ComponentModel.DataAnnotations;
using System.Security.Cryptography.X509Certificates;
using StellaOps.Cryptography;
namespace StellaOps.Cryptography.Plugin.CryptoPro;
public sealed class CryptoProGostKeyOptions
{
[Required]
public string KeyId { get; set; } = string.Empty;
public string Algorithm { get; set; } = SignatureAlgorithms.GostR3410_2012_256;
/// <summary>
/// PKCS#11 library path (typically cprocsp-pkcs11*.dll/so).
/// </summary>
[Required]
public string LibraryPath { get; set; } = string.Empty;
public string? SlotId { get; set; }
public string? TokenLabel { get; set; }
public string? ContainerLabel { get; set; }
public string? UserPin { get; set; }
public string? UserPinEnvironmentVariable { get; set; }
public uint? SignMechanismId { get; set; }
public string CertificateThumbprint { get; set; } = string.Empty;
public StoreLocation CertificateStoreLocation { get; set; } = StoreLocation.CurrentUser;
public StoreName CertificateStoreName { get; set; } = StoreName.My;
public CryptoProGostKeyOptions Clone()
=> new()
{
KeyId = KeyId,
Algorithm = Algorithm,
LibraryPath = LibraryPath,
SlotId = SlotId,
TokenLabel = TokenLabel,
ContainerLabel = ContainerLabel,
UserPin = UserPin,
UserPinEnvironmentVariable = UserPinEnvironmentVariable,
SignMechanismId = SignMechanismId,
CertificateThumbprint = CertificateThumbprint,
CertificateStoreLocation = CertificateStoreLocation,
CertificateStoreName = CertificateStoreName
};
}

24
src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro/CryptoProGostProviderOptions.cs Normal file
View File

@@ -0,0 +1,24 @@
using System.Collections.Generic;
namespace StellaOps.Cryptography.Plugin.CryptoPro;
public sealed class CryptoProGostProviderOptions
{
private readonly IList<CryptoProGostKeyOptions> keys = new List<CryptoProGostKeyOptions>();
/// <summary>
/// CryptoPro-backed keys managed by the provider.
/// </summary>
public IList<CryptoProGostKeyOptions> Keys => keys;
public CryptoProGostProviderOptions Clone()
{
var clone = new CryptoProGostProviderOptions();
foreach (var key in keys)
{
clone.Keys.Add(key.Clone());
}
return clone;
}
}

21
src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro/StellaOps.Cryptography.Plugin.CryptoPro.csproj Normal file
View File

@@ -0,0 +1,21 @@
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<TargetFramework>net10.0</TargetFramework>
<LangVersion>preview</LangVersion>
<ImplicitUsings>enable</ImplicitUsings>
<Nullable>enable</Nullable>
<TreatWarningsAsErrors>true</TreatWarningsAsErrors>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="10.0.0-rc.2.25502.107" />
<PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="10.0.0-rc.2.25502.107" />
<PackageReference Include="Microsoft.Extensions.Options" Version="10.0.0-rc.2.25502.107" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="..\\StellaOps.Cryptography.Plugin.Pkcs11Gost\\StellaOps.Cryptography.Plugin.Pkcs11Gost.csproj" />
</ItemGroup>
</Project>