stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Add SBOM, symbols, traces, and VEX files for CVE-2022-21661 SQLi case
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details

Browse Source 
- Created CycloneDX and SPDX SBOM files for both reachable and unreachable images.
- Added symbols.json detailing function entry and sink points in the WordPress code.
- Included runtime traces for function calls in both reachable and unreachable scenarios.
- Developed OpenVEX files indicating vulnerability status and justification for both cases.
- Updated README for evaluator harness to guide integration with scanner output.
This commit is contained in:
master
2025-11-08 20:53:45 +02:00
parent 515975edc5
commit 536f6249a6
837 changed files with 37279 additions and 14675 deletions
Download Patch File Download Diff File Expand all files Collapse all files

107
src/__Libraries/StellaOps.Cryptography.Plugin.Pkcs11Gost/Pkcs11SignerUtilities.cs Normal file
View File

@@ -0,0 +1,107 @@
using System;
using System.Collections.Generic;
using System.Linq;
using Net.Pkcs11Interop.Common;
using Net.Pkcs11Interop.HighLevelAPI;
using StellaOps.Cryptography;
using ISession = Net.Pkcs11Interop.HighLevelAPI.Session;
namespace StellaOps.Cryptography.Plugin.Pkcs11Gost;
internal static class Pkcs11SignerUtilities
{
public static byte[] SignDigest(Pkcs11GostKeyEntry entry, ReadOnlySpan<byte> digest)
{
using var pkcs11 = new Pkcs11(entry.Session.LibraryPath, AppType.MultiThreaded);
var slot = ResolveSlot(pkcs11, entry.Session);
if (slot is null)
{
throw new InvalidOperationException("No PKCS#11 slot/token matched the provided configuration.");
}
using var session = slot.OpenSession(SessionType.ReadWrite);
var loggedIn = false;
try
{
var pin = ResolvePin(entry.Session);
if (!string.IsNullOrWhiteSpace(pin))
{
session.Login(CKU.CKU_USER, pin);
loggedIn = true;
}
var privateHandle = FindObject(session, CKO.CKO_PRIVATE_KEY, entry.Session.PrivateKeyLabel);
if (privateHandle is null)
{
throw new InvalidOperationException($"Private key with label '{entry.Session.PrivateKeyLabel}' was not found.");
}
var mechanism = new Mechanism(entry.SignMechanismId);
return session.Sign(mechanism, privateHandle, digest.ToArray());
}
finally
{
if (loggedIn)
{
try { session.Logout(); } catch { /* ignored */ }
}
}
}
private static Slot? ResolveSlot(Pkcs11 pkcs11, Pkcs11SessionOptions options)
{
var slots = pkcs11.GetSlotList(SlotsType.WithTokenPresent);
if (slots.Count == 0)
{
return null;
}
if (!string.IsNullOrWhiteSpace(options.SlotId))
{
return slots.FirstOrDefault(slot =>
string.Equals(slot.SlotId.ToString(), options.SlotId, StringComparison.OrdinalIgnoreCase));
}
if (!string.IsNullOrWhiteSpace(options.TokenLabel))
{
return slots.FirstOrDefault(slot =>
{
var tokenInfo = slot.GetTokenInfo();
return string.Equals(tokenInfo.Label?.Trim(), options.TokenLabel?.Trim(), StringComparison.OrdinalIgnoreCase);
});
}
return slots[0];
}
private static ObjectHandle? FindObject(ISession session, CKO objectClass, string? label)
{
var template = new List<ObjectAttribute>
{
new(CKA.CKA_CLASS, (uint)objectClass)
};
if (!string.IsNullOrWhiteSpace(label))
{
template.Add(new ObjectAttribute(CKA.CKA_LABEL, label));
}
var handles = session.FindAllObjects(template);
return handles.FirstOrDefault();
}
private static string? ResolvePin(Pkcs11SessionOptions options)
{
if (!string.IsNullOrWhiteSpace(options.UserPin))
{
return options.UserPin;
}
if (!string.IsNullOrWhiteSpace(options.UserPinEnvironmentVariable))
{
return Environment.GetEnvironmentVariable(options.UserPinEnvironmentVariable);
}
return null;
}
}