save checkpoint. addition features and their state. check some ofthem

2026-02-10 07:54:44 +02:00
parent 4bdc298ec1
commit 5593212b41
211 changed files with 10248 additions and 1208 deletions
--- a/docs/features/checked/riskengine/exploit-maturity-mapping.md
+++ b/docs/features/checked/riskengine/exploit-maturity-mapping.md
@@ -0,0 +1,33 @@
+# Exploit Maturity Mapping
+
+## Module
+RiskEngine
+
+## Status
+VERIFIED
+
+## Description
+Dedicated exploit maturity mapping service consolidating EPSS, KEV, and in-the-wild signals into a unified maturity level taxonomy (Unknown, Theoretical, ProofOfConcept, Active, Weaponized). Previously described as partially implemented, the service has since been fully built.
+
+## Implementation Details
+- **Exploit Maturity Service**: `src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Core/Providers/ExploitMaturityService.cs` (227 lines) -- implements `IExploitMaturityService`. Consolidates: EPSS signals (>=0.80 = Weaponized, >=0.40 = Active, >=0.10 = ProofOfConcept, >=0.01 = Theoretical), KEV signals (KEV-listed = Weaponized with 0.95 confidence), in-the-wild signals (via `IInTheWildSource`). Max-level aggregation with weighted confidence averaging. Parallel signal fetching via `Task.WhenAll`. OpenTelemetry metrics. Deterministic with injected `TimeProvider`.
+- **Exploit Maturity Interface**: `src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Core/Providers/IExploitMaturityService.cs` -- `AssessMaturityAsync`, `GetMaturityLevelAsync`, `GetMaturityHistoryAsync` methods.
+- **Exploit Maturity Models**: `src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Core/Contracts/ExploitMaturityModels.cs` (89 lines) -- `ExploitMaturityLevel` enum (Unknown, Theoretical, ProofOfConcept, Active, Weaponized), `MaturityEvidenceSource` enum (Epss, Kev, InTheWild, ExploitDb, ScannerTemplate, Override), `MaturitySignal` record, `ExploitMaturityResult` record, `MaturityHistoryEntry` record.
+- **Exploit Maturity Endpoints**: `src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.WebService/Endpoints/ExploitMaturityEndpoints.cs` (134 lines) -- Minimal API: GET /exploit-maturity/{cveId} (full assessment), GET /exploit-maturity/{cveId}/level (just level), GET /exploit-maturity/{cveId}/history (maturity history), POST /exploit-maturity/batch (batch with deduplication).
+
+## E2E Test Plan
+- [x] Verify no signals returns Unknown level
+- [x] Verify EPSS-only mapping at various thresholds (Theoretical, ProofOfConcept, Active, Weaponized)
+- [x] Verify KEV-only returns Weaponized with 0.95 confidence
+- [x] Verify in-the-wild-only returns Active
+- [x] Verify max-level aggregation when multiple signals present
+- [x] Verify confidence averaging with all signals
+- [x] Verify API endpoints (full assessment, level-only, history, batch)
+- [x] Verify determinism: same inputs produce same outputs
+
+## Verification
+- **Verified**: 2026-02-10
+- **Method**: Tier 1 code review + Tier 2d test verification
+- **Build**: Passes (0 errors, 0 warnings for Core)
+- **Tests**: 23 tests across 2 test files (ExploitMaturityServiceTests: 14, ExploitMaturityApiTests: 9). All 55/55 module tests pass.
+- **Note**: `GetMaturityHistoryAsync` returns empty (requires persistence layer). Interface and model for lifecycle tracking exist but persistence is not yet implemented. The core maturity assessment service is fully functional.