stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

feat: Add CVSS receipt management endpoints and related functionality
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details

Browse Source 
- Introduced new API endpoints for creating, retrieving, amending, and listing CVSS receipts.
- Updated IPolicyEngineClient interface to include methods for CVSS receipt operations.
- Implemented PolicyEngineClient to handle CVSS receipt requests.
- Enhanced Program.cs to map new CVSS receipt routes with appropriate authorization.
- Added necessary models and contracts for CVSS receipt requests and responses.
- Integrated Postgres document store for managing CVSS receipts and related data.
- Updated database schema with new migrations for source documents and payload storage.
- Refactored existing components to support new CVSS functionality.
This commit is contained in:
StellaOps Bot
2025-12-07 00:43:14 +02:00
parent 0de92144d2
commit 53889d85e7
67 changed files with 17207 additions and 16293 deletions
Download Patch File Download Diff File Expand all files Collapse all files

188
src/Concelier/__Tests/StellaOps.Concelier.Connector.Ghsa.Tests/Ghsa/GhsaConflictFixtureTests.cs
View File

@@ -1,94 +1,94 @@
using StellaOps.Concelier.Models;
using StellaOps.Concelier.Connector.Ghsa.Internal;
using StellaOps.Concelier.Storage.Mongo.Documents;
namespace StellaOps.Concelier.Connector.Ghsa.Tests;
public sealed class GhsaConflictFixtureTests
{
[Fact]
public void ConflictFixture_MatchesSnapshot()
{
var recordedAt = new DateTimeOffset(2025, 3, 4, 8, 30, 0, TimeSpan.Zero);
var document = new DocumentRecord(
Id: Guid.Parse("2f5c4d67-fcac-4ec9-a8d4-8a9c5a6d0fc9"),
SourceName: GhsaConnectorPlugin.SourceName,
Uri: "https://github.com/advisories/GHSA-qqqq-wwww-eeee",
FetchedAt: new DateTimeOffset(2025, 3, 3, 18, 0, 0, TimeSpan.Zero),
Sha256: "sha256-ghsa-conflict-fixture",
Status: "completed",
ContentType: "application/json",
Headers: null,
Metadata: null,
Etag: "\"etag-ghsa-conflict\"",
LastModified: new DateTimeOffset(2025, 3, 3, 18, 0, 0, TimeSpan.Zero),
GridFsId: null);
var dto = new GhsaRecordDto
{
GhsaId = "GHSA-qqqq-wwww-eeee",
Summary = "Container escape in conflict-package",
Description = "Container escape vulnerability allowing privilege escalation in conflict-package.",
Severity = "HIGH",
PublishedAt = new DateTimeOffset(2025, 2, 25, 0, 0, 0, TimeSpan.Zero),
UpdatedAt = new DateTimeOffset(2025, 3, 2, 12, 0, 0, TimeSpan.Zero),
Aliases = new[] { "GHSA-qqqq-wwww-eeee", "CVE-2025-4242" },
References = new[]
{
new GhsaReferenceDto
{
Url = "https://github.com/advisories/GHSA-qqqq-wwww-eeee",
Type = "ADVISORY"
},
new GhsaReferenceDto
{
Url = "https://github.com/conflict/package/releases/tag/v1.4.0",
Type = "FIX"
}
},
Affected = new[]
{
new GhsaAffectedDto
{
PackageName = "conflict/package",
Ecosystem = "npm",
VulnerableRange = "< 1.4.0",
PatchedVersion = "1.4.0"
}
},
Credits = new[]
{
new GhsaCreditDto
{
Type = "reporter",
Name = "security-researcher",
Login = "sec-researcher",
ProfileUrl = "https://github.com/sec-researcher"
},
new GhsaCreditDto
{
Type = "remediation_developer",
Name = "maintainer-team",
Login = "conflict-maintainer",
ProfileUrl = "https://github.com/conflict/package"
}
}
};
var advisory = GhsaMapper.Map(dto, document, recordedAt);
Assert.Equal("ghsa:severity/high", advisory.CanonicalMetricId);
Assert.True(advisory.CvssMetrics.IsEmpty);
var snapshot = SnapshotSerializer.ToSnapshot(advisory).Replace("\r\n", "\n").TrimEnd();
var expectedPath = Path.Combine(AppContext.BaseDirectory, "Fixtures", "conflict-ghsa.canonical.json");
var expected = File.ReadAllText(expectedPath).Replace("\r\n", "\n").TrimEnd();
if (!string.Equals(expected, snapshot, StringComparison.Ordinal))
{
var actualPath = Path.Combine(AppContext.BaseDirectory, "Fixtures", "conflict-ghsa.canonical.actual.json");
File.WriteAllText(actualPath, snapshot);
}
Assert.Equal(expected, snapshot);
}
}
using StellaOps.Concelier.Models;
using StellaOps.Concelier.Connector.Ghsa.Internal;
using StellaOps.Concelier.Storage.Mongo.Documents;
namespace StellaOps.Concelier.Connector.Ghsa.Tests;
public sealed class GhsaConflictFixtureTests
{
[Fact]
public void ConflictFixture_MatchesSnapshot()
{
var recordedAt = new DateTimeOffset(2025, 3, 4, 8, 30, 0, TimeSpan.Zero);
var document = new DocumentRecord(
Id: Guid.Parse("2f5c4d67-fcac-4ec9-a8d4-8a9c5a6d0fc9"),
SourceName: GhsaConnectorPlugin.SourceName,
Uri: "https://github.com/advisories/GHSA-qqqq-wwww-eeee",
FetchedAt: new DateTimeOffset(2025, 3, 3, 18, 0, 0, TimeSpan.Zero),
Sha256: "sha256-ghsa-conflict-fixture",
Status: "completed",
ContentType: "application/json",
Headers: null,
Metadata: null,
Etag: "\"etag-ghsa-conflict\"",
LastModified: new DateTimeOffset(2025, 3, 3, 18, 0, 0, TimeSpan.Zero),
PayloadId: null);
var dto = new GhsaRecordDto
{
GhsaId = "GHSA-qqqq-wwww-eeee",
Summary = "Container escape in conflict-package",
Description = "Container escape vulnerability allowing privilege escalation in conflict-package.",
Severity = "HIGH",
PublishedAt = new DateTimeOffset(2025, 2, 25, 0, 0, 0, TimeSpan.Zero),
UpdatedAt = new DateTimeOffset(2025, 3, 2, 12, 0, 0, TimeSpan.Zero),
Aliases = new[] { "GHSA-qqqq-wwww-eeee", "CVE-2025-4242" },
References = new[]
{
new GhsaReferenceDto
{
Url = "https://github.com/advisories/GHSA-qqqq-wwww-eeee",
Type = "ADVISORY"
},
new GhsaReferenceDto
{
Url = "https://github.com/conflict/package/releases/tag/v1.4.0",
Type = "FIX"
}
},
Affected = new[]
{
new GhsaAffectedDto
{
PackageName = "conflict/package",
Ecosystem = "npm",
VulnerableRange = "< 1.4.0",
PatchedVersion = "1.4.0"
}
},
Credits = new[]
{
new GhsaCreditDto
{
Type = "reporter",
Name = "security-researcher",
Login = "sec-researcher",
ProfileUrl = "https://github.com/sec-researcher"
},
new GhsaCreditDto
{
Type = "remediation_developer",
Name = "maintainer-team",
Login = "conflict-maintainer",
ProfileUrl = "https://github.com/conflict/package"
}
}
};
var advisory = GhsaMapper.Map(dto, document, recordedAt);
Assert.Equal("ghsa:severity/high", advisory.CanonicalMetricId);
Assert.True(advisory.CvssMetrics.IsEmpty);
var snapshot = SnapshotSerializer.ToSnapshot(advisory).Replace("\r\n", "\n").TrimEnd();
var expectedPath = Path.Combine(AppContext.BaseDirectory, "Fixtures", "conflict-ghsa.canonical.json");
var expected = File.ReadAllText(expectedPath).Replace("\r\n", "\n").TrimEnd();
if (!string.Equals(expected, snapshot, StringComparison.Ordinal))
{
var actualPath = Path.Combine(AppContext.BaseDirectory, "Fixtures", "conflict-ghsa.canonical.actual.json");
File.WriteAllText(actualPath, snapshot);
}
Assert.Equal(expected, snapshot);
}
}

2
src/Concelier/__Tests/StellaOps.Concelier.Connector.Ghsa.Tests/Ghsa/GhsaMapperTests.cs
View File

@@ -21,7 +21,7 @@ public sealed class GhsaMapperTests
Metadata: null,
Etag: "\"etag-ghsa-fallback\"",
LastModified: recordedAt.AddHours(-3),
GridFsId: null);
PayloadId: null);
var dto = new GhsaRecordDto
{