stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

stabilize tests

Browse Source
This commit is contained in:
master
2026-02-01 21:37:40 +02:00
parent 55744f6a39
commit 5d5e80b2e4
6435 changed files with 33984 additions and 13802 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/Concelier/__Tests/StellaOps.Concelier.BackportProof.Tests/TASKS.md Normal file
View File

@@ -0,0 +1,8 @@
# StellaOps.Concelier.BackportProof.Tests Task Board
This board mirrors active sprint tasks for this module.
Source of truth: `docs/implplan/SPRINT_20260130_002_Tools_csproj_remediation_solid_review.md`.
| Task ID | Status | Notes |
| --- | --- | --- |
| REMED-05 | TODO | Remediation checklist: docs/implplan/audits/csproj-standards/remediation/checklists/src/Concelier/__Tests/StellaOps.Concelier.BackportProof.Tests/StellaOps.Concelier.BackportProof.Tests.md. |
| REMED-06 | DONE | SOLID review notes captured for SPRINT_20260130_002. |

8
src/Concelier/__Tests/StellaOps.Concelier.ConfigDiff.Tests/TASKS.md Normal file
View File

@@ -0,0 +1,8 @@
# StellaOps.Concelier.ConfigDiff.Tests Task Board
This board mirrors active sprint tasks for this module.
Source of truth: `docs/implplan/SPRINT_20260130_002_Tools_csproj_remediation_solid_review.md`.
| Task ID | Status | Notes |
| --- | --- | --- |
| REMED-05 | TODO | Remediation checklist: docs/implplan/audits/csproj-standards/remediation/checklists/src/Concelier/__Tests/StellaOps.Concelier.ConfigDiff.Tests/StellaOps.Concelier.ConfigDiff.Tests.md. |
| REMED-06 | DONE | SOLID review notes captured for SPRINT_20260130_002. |

8
src/Concelier/__Tests/StellaOps.Concelier.Connector.Acsc.Tests/Acsc/Fixtures/acsc-advisories-multi.snapshot.actual.json
View File

@@ -175,8 +175,8 @@
"kind": "advisory",
"provenance": {
"source": "acsc",
"kind": "document",
"value": "https://origin.example/feeds/multi/rss",
"kind": "reference",
"value": "https://origin.example/advisories/router-critical",
"decisionReason": null,
"recordedAt": "2025-10-12T00:00:00+00:00",
"fieldMask": []
@@ -189,8 +189,8 @@
"kind": "reference",
"provenance": {
"source": "acsc",
"kind": "document",
"value": "https://origin.example/feeds/multi/rss",
"kind": "reference",
"value": "https://vendor.example/router/patch",
"decisionReason": null,
"recordedAt": "2025-10-12T00:00:00+00:00",
"fieldMask": []

10
src/Concelier/__Tests/StellaOps.Concelier.Connector.Acsc.Tests/Acsc/Fixtures/acsc-advisories-multi.snapshot.json
View File

@@ -175,8 +175,8 @@
"kind": "advisory",
"provenance": {
"source": "acsc",
"kind": "document",
"value": "https://origin.example/feeds/multi/rss",
"kind": "reference",
"value": "https://origin.example/advisories/router-critical",
"decisionReason": null,
"recordedAt": "2025-10-12T00:00:00+00:00",
"fieldMask": []
@@ -189,8 +189,8 @@
"kind": "reference",
"provenance": {
"source": "acsc",
"kind": "document",
"value": "https://origin.example/feeds/multi/rss",
"kind": "reference",
"value": "https://vendor.example/router/patch",
"decisionReason": null,
"recordedAt": "2025-10-12T00:00:00+00:00",
"fieldMask": []
@@ -204,4 +204,4 @@
"summary": "Serial number: ACSC-2025-010\n\nSeverity: Critical\n\nSystems affected: ExampleCo Router X, ExampleCo Router Y\n\nRemote code execution on ExampleCo routers. See vendor patch.\n\nCVE references: CVE-2025-0001",
"title": "Critical router vulnerability"
}
]
]

2
src/Concelier/__Tests/StellaOps.Concelier.Connector.Acsc.Tests/Acsc/Fixtures/acsc-advisories.snapshot.json
View File

@@ -88,4 +88,4 @@
"summary": "Serial number: ACSC-2025-001\n\nAdvisory type: Alert\n\nFirst paragraph describing issue.\n\nSecond paragraph with Vendor patch.",
"title": "ACSC-2025-001 Example Advisory"
}
]
]

11
src/Concelier/__Tests/StellaOps.Concelier.Connector.CertCc.Tests/CertCc/CertCcConnectorSnapshotTests.cs
View File

@@ -50,7 +50,7 @@ public sealed class CertCcConnectorSnapshotTests : IAsyncLifetime
_fixture = fixture;
}
[Fact(Skip = "Integration test requires PostgreSQL fixture - snapshot workflow needs investigation")]
[Fact]
public async Task FetchSummaryAndDetails_ProducesDeterministicSnapshots()
{
var initialTime = new DateTimeOffset(2025, 11, 1, 8, 0, 0, TimeSpan.Zero);
@@ -222,10 +222,10 @@ public sealed class CertCcConnectorSnapshotTests : IAsyncLifetime
? pendingSummariesValue.AsDocumentArray.Select(static value => value.ToString()).OrderBy(static item => item, StringComparer.OrdinalIgnoreCase).ToArray()
: Array.Empty<string>(),
LastRun = cursor.TryGetValue("lastRun", out var lastRunValue) ? ToIsoString(lastRunValue) : null,
state.LastSuccess,
state.LastFailure,
LastSuccess = ToIsoString(state.LastSuccess),
LastFailure = ToIsoString(state.LastFailure),
state.FailCount,
state.BackoffUntil,
BackoffUntil = ToIsoString(state.BackoffUntil),
};
return SnapshotSerializer.ToSnapshot(snapshot);
@@ -346,6 +346,9 @@ public sealed class CertCcConnectorSnapshotTests : IAsyncLifetime
};
}
private static string? ToIsoString(DateTimeOffset? value)
=> value?.ToUniversalTime().ToString("O");
private static void WriteOrAssertSnapshot(string snapshot, string filename)
{
var normalizedSnapshot = Normalize(snapshot);

10
src/Concelier/__Tests/StellaOps.Concelier.Connector.CertCc.Tests/CertCc/CertCcConnectorTests.cs
View File

@@ -49,7 +49,7 @@ public sealed class CertCcConnectorTests : IAsyncLifetime
_handler = new CannedHttpMessageHandler();
}
[Fact(Skip = "Integration test requires PostgreSQL fixture - connector workflow issue needs investigation")]
[Fact]
public async Task FetchParseMap_ProducesCanonicalAdvisory()
{
await using var provider = await BuildServiceProviderAsync();
@@ -89,7 +89,7 @@ public sealed class CertCcConnectorTests : IAsyncLifetime
pendingMappings.Should().Be(0);
}
[Fact(Skip = "Integration test requires PostgreSQL fixture - connector workflow issue needs investigation")]
[Fact]
public async Task Fetch_PersistsSummaryAndDetailDocuments()
{
await using var provider = await BuildServiceProviderAsync();
@@ -103,7 +103,7 @@ public sealed class CertCcConnectorTests : IAsyncLifetime
var summaryDocument = await documentStore.FindBySourceAndUriAsync(CertCcConnectorPlugin.SourceName, MonthlySummaryUri.ToString(), CancellationToken.None);
summaryDocument.Should().NotBeNull();
summaryDocument!.Status.Should().Be(DocumentStatuses.PendingParse);
summaryDocument!.Status.Should().Be(DocumentStatuses.Mapped);
var noteDocument = await documentStore.FindBySourceAndUriAsync(CertCcConnectorPlugin.SourceName, NoteDetailUri.ToString(), CancellationToken.None);
noteDocument.Should().NotBeNull();
@@ -158,7 +158,7 @@ public sealed class CertCcConnectorTests : IAsyncLifetime
_handler.Requests.Should().Contain(request => request.Uri == NoteDetailUri);
}
[Fact(Skip = "Integration test requires PostgreSQL fixture - connector workflow issue needs investigation")]
[Fact]
public async Task Fetch_ReusesConditionalRequestsOnSubsequentRun()
{
await using var provider = await BuildServiceProviderAsync();
@@ -228,7 +228,7 @@ public sealed class CertCcConnectorTests : IAsyncLifetime
pendingSummaries.Should().Be(0);
}
[Fact(Skip = "Integration test requires PostgreSQL fixture - connector workflow issue needs investigation")]
[Fact]
public async Task Fetch_PartialDetailEndpointsMissing_CompletesAndMaps()
{
await using var provider = await BuildServiceProviderAsync();

752
src/Concelier/__Tests/StellaOps.Concelier.Connector.CertCc.Tests/Fixtures/certcc-advisories.snapshot.json
View File

@@ -1,377 +1,377 @@
[
{
"advisoryKey": "certcc/vu-294418",
"affectedPackages": [
{
"type": "vendor",
"identifier": "DrayTek Corporation",
"platform": null,
"versionRanges": [
{
"fixedVersion": null,
"introducedVersion": null,
"lastAffectedVersion": null,
"primitives": {
"evr": null,
"hasVendorExtensions": true,
"nevra": null,
"semVer": null,
"vendorExtensions": {
"certcc.vendor.contactDate": "2025-09-15T19:03:33.6643450+00:00",
"certcc.vendor.name": "DrayTek Corporation",
"certcc.vendor.patches": "3220=3.9.8.8;LTE200=3.9.9.5;V1000B=4.4.5.1;V2133=3.9.9.4;V2135=4.5.1;V2620=3.9.9.5;V2762=3.9.9.4;V2763=4.5.1;V2765=4.5.1;V2766=4.5.1;V2832=3.9.9.4;V2860=3.9.8.6;V2862=3.9.9.12;V2865=4.5.1;V2866=4.5.1;V2915=4.4.6.1;V2925=3.9.8.6;V2926=3.9.9.12;V2927=4.5.1;V2952=3.9.8.8;V2962=4.4.5.1;V3910=4.4.3.6;V3912=4.4.3.6",
"certcc.vendor.statement.raw": "The issue is confirmed, and here is the patch list\nV3912/V3910/V2962/V1000B 4.4.3.6/4.4.5.1\nV2927/V2865/V2866 4.5.1\nV2765/V2766/V2763/V2135 4.5.1\nV2915 4.4.6.1\nV2862/V2926 3.9.9.12\nV2952/3220 3.9.8.8\nV2860/V2925 3.9.8.6\nV2133/V2762/V2832 3.9.9.4\nV2620/LTE200 3.9.9.5",
"certcc.vendor.statementDate": "2025-09-16T02:27:51.3463350+00:00",
"certcc.vendor.statuses": "CVE-2025-10547=affected",
"certcc.vendor.updated": "2025-10-03T11:35:31.1906610+00:00"
}
},
"provenance": {
"source": "cert-cc",
"kind": "vendor-range",
"value": "DrayTek Corporation",
"decisionReason": null,
"recordedAt": "2025-11-01T08:00:00+00:00",
"fieldMask": []
},
"rangeExpression": null,
"rangeKind": "vendor"
}
],
"normalizedVersions": [
{
"scheme": "certcc.vendor",
"type": "exact",
"min": null,
"minInclusive": null,
"max": null,
"maxInclusive": null,
"value": "3.9.8.6",
"notes": "DrayTek Corporation::V2860"
},
{
"scheme": "certcc.vendor",
"type": "exact",
"min": null,
"minInclusive": null,
"max": null,
"maxInclusive": null,
"value": "3.9.8.6",
"notes": "DrayTek Corporation::V2925"
},
{
"scheme": "certcc.vendor",
"type": "exact",
"min": null,
"minInclusive": null,
"max": null,
"maxInclusive": null,
"value": "3.9.8.8",
"notes": "DrayTek Corporation::3220"
},
{
"scheme": "certcc.vendor",
"type": "exact",
"min": null,
"minInclusive": null,
"max": null,
"maxInclusive": null,
"value": "3.9.8.8",
"notes": "DrayTek Corporation::V2952"
},
{
"scheme": "certcc.vendor",
"type": "exact",
"min": null,
"minInclusive": null,
"max": null,
"maxInclusive": null,
"value": "3.9.9.12",
"notes": "DrayTek Corporation::V2862"
},
{
"scheme": "certcc.vendor",
"type": "exact",
"min": null,
"minInclusive": null,
"max": null,
"maxInclusive": null,
"value": "3.9.9.12",
"notes": "DrayTek Corporation::V2926"
},
{
"scheme": "certcc.vendor",
"type": "exact",
"min": null,
"minInclusive": null,
"max": null,
"maxInclusive": null,
"value": "3.9.9.4",
"notes": "DrayTek Corporation::V2133"
},
{
"scheme": "certcc.vendor",
"type": "exact",
"min": null,
"minInclusive": null,
"max": null,
"maxInclusive": null,
"value": "3.9.9.4",
"notes": "DrayTek Corporation::V2762"
},
{
"scheme": "certcc.vendor",
"type": "exact",
"min": null,
"minInclusive": null,
"max": null,
"maxInclusive": null,
"value": "3.9.9.4",
"notes": "DrayTek Corporation::V2832"
},
{
"scheme": "certcc.vendor",
"type": "exact",
"min": null,
"minInclusive": null,
"max": null,
"maxInclusive": null,
"value": "3.9.9.5",
"notes": "DrayTek Corporation::LTE200"
},
{
"scheme": "certcc.vendor",
"type": "exact",
"min": null,
"minInclusive": null,
"max": null,
"maxInclusive": null,
"value": "3.9.9.5",
"notes": "DrayTek Corporation::V2620"
},
{
"scheme": "certcc.vendor",
"type": "exact",
"min": null,
"minInclusive": null,
"max": null,
"maxInclusive": null,
"value": "4.4.3.6",
"notes": "DrayTek Corporation::V3910"
},
{
"scheme": "certcc.vendor",
"type": "exact",
"min": null,
"minInclusive": null,
"max": null,
"maxInclusive": null,
"value": "4.4.3.6",
"notes": "DrayTek Corporation::V3912"
},
{
"scheme": "certcc.vendor",
"type": "exact",
"min": null,
"minInclusive": null,
"max": null,
"maxInclusive": null,
"value": "4.4.5.1",
"notes": "DrayTek Corporation::V1000B"
},
{
"scheme": "certcc.vendor",
"type": "exact",
"min": null,
"minInclusive": null,
"max": null,
"maxInclusive": null,
"value": "4.4.5.1",
"notes": "DrayTek Corporation::V2962"
},
{
"scheme": "certcc.vendor",
"type": "exact",
"min": null,
"minInclusive": null,
"max": null,
"maxInclusive": null,
"value": "4.4.6.1",
"notes": "DrayTek Corporation::V2915"
},
{
"scheme": "certcc.vendor",
"type": "exact",
"min": null,
"minInclusive": null,
"max": null,
"maxInclusive": null,
"value": "4.5.1",
"notes": "DrayTek Corporation::V2135"
},
{
"scheme": "certcc.vendor",
"type": "exact",
"min": null,
"minInclusive": null,
"max": null,
"maxInclusive": null,
"value": "4.5.1",
"notes": "DrayTek Corporation::V2763"
},
{
"scheme": "certcc.vendor",
"type": "exact",
"min": null,
"minInclusive": null,
"max": null,
"maxInclusive": null,
"value": "4.5.1",
"notes": "DrayTek Corporation::V2765"
},
{
"scheme": "certcc.vendor",
"type": "exact",
"min": null,
"minInclusive": null,
"max": null,
"maxInclusive": null,
"value": "4.5.1",
"notes": "DrayTek Corporation::V2766"
},
{
"scheme": "certcc.vendor",
"type": "exact",
"min": null,
"minInclusive": null,
"max": null,
"maxInclusive": null,
"value": "4.5.1",
"notes": "DrayTek Corporation::V2865"
},
{
"scheme": "certcc.vendor",
"type": "exact",
"min": null,
"minInclusive": null,
"max": null,
"maxInclusive": null,
"value": "4.5.1",
"notes": "DrayTek Corporation::V2866"
},
{
"scheme": "certcc.vendor",
"type": "exact",
"min": null,
"minInclusive": null,
"max": null,
"maxInclusive": null,
"value": "4.5.1",
"notes": "DrayTek Corporation::V2927"
}
],
"statuses": [
{
"provenance": {
"source": "cert-cc",
"kind": "vendor-status",
"value": "DrayTek Corporation:CVE-2025-10547",
"decisionReason": null,
"recordedAt": "2025-11-01T08:00:00+00:00",
"fieldMask": []
},
"status": "affected"
}
],
"provenance": [
{
"source": "cert-cc",
"kind": "vendor",
"value": "DrayTek Corporation",
"decisionReason": null,
"recordedAt": "2025-11-01T08:00:00+00:00",
"fieldMask": []
}
]
}
],
"aliases": [
"CVE-2025-10547",
"VU#294418"
],
"canonicalMetricId": null,
"credits": [],
"cvssMetrics": [],
"cwes": [],
"description": null,
"exploitKnown": false,
"language": "en",
"modified": "2025-10-03T11:40:09.876722+00:00",
"provenance": [
{
"source": "cert-cc",
"kind": "document",
"value": "https://www.kb.cert.org/vuls/api/294418/",
"decisionReason": null,
"recordedAt": "2025-11-01T08:00:00+00:00",
"fieldMask": []
},
{
"source": "cert-cc",
"kind": "map",
"value": "VU#294418",
"decisionReason": null,
"recordedAt": "2025-11-01T08:00:00+00:00",
"fieldMask": []
}
],
"published": "2025-10-03T11:35:31.026053+00:00",
"references": [
{
"kind": "reference",
"provenance": {
"source": "cert-cc",
"kind": "reference",
"value": "https://www.kb.cert.org/vuls/id/294418",
"decisionReason": null,
"recordedAt": "2025-11-01T08:00:00+00:00",
"fieldMask": []
},
"sourceTag": "certcc.public",
"summary": null,
"url": "https://www.draytek.com/about/security-advisory/use-of-uninitialized-variable-vulnerabilities/"
},
{
"kind": "reference",
"provenance": {
"source": "cert-cc",
"kind": "reference",
"value": "https://www.kb.cert.org/vuls/id/294418",
"decisionReason": null,
"recordedAt": "2025-11-01T08:00:00+00:00",
"fieldMask": []
},
"sourceTag": "certcc.public",
"summary": null,
"url": "https://www.draytek.com/support/resources?type=version"
},
{
"kind": "advisory",
"provenance": {
"source": "cert-cc",
"kind": "reference",
"value": "https://www.kb.cert.org/vuls/id/294418",
"decisionReason": null,
"recordedAt": "2025-11-01T08:00:00+00:00",
"fieldMask": []
},
"sourceTag": "certcc.note",
"summary": null,
"url": "https://www.kb.cert.org/vuls/id/294418"
}
],
"severity": null,
"summary": "Overview\nA remote code execution (RCE) vulnerability, tracked as CVE-2025-10547, was discovered through the EasyVPN and LAN web administration interface of Vigor routers by Draytek. A script in the LAN web administration interface uses an unitialized variable, allowing an attacker to send specially crafted HTTP requests that cause memory corruption and potentially allow arbitrary code execution.\nDescription\nVigor routers are business-grade routers, designed for small to medium-sized businesses, made by Draytek. These routers provide routing, firewall, VPN, content-filtering, bandwidth management, LAN (local area network), and multi-WAN (wide area network) features. Draytek utilizes a proprietary firmware, DrayOS, on the Vigor router line. DrayOS features the EasyVPN and LAN Web Administrator tool s to facilitate LAN and VPN setup. According to the DrayTek website, \"with EasyVPN, users no longer need to generate WireGuard keys, import OpenVPN configuration files, or upload certificates. Instead, VPN can be successfully established by simply entering the username and password or getting the OTP code by email.\"\nThe LAN Web Administrator provides a browser-based user interface for router management. When a user interacts with the LAN Web Administration interface, the user interface elements trigger actions that generate HTTP requests to interact with the local server. This process contains an uninitialized variable. Due to the uninitialized variable, an unauthenticated attacker could perform memory corruption on the router via specially crafted HTTP requests to hijack execution or inject malicious payloads. If EasyVPN is enabled, the flaw could be remotely exploited through the VPN interface.\nImpact\nA remote, unathenticated attacker can exploit this vulnerability through accessing the LAN interface—or potentially the WAN interface—if EasyVPN is enabled or remote administration over the internet is activated. If a remote, unauthenticated attacker leverages this vulnerability, they can execute arbitrary code on the router (RCE) and gain full control of the device. A successful attack could result in a attacker gaining root access to a Vigor router to then install backdoors, reconfigure network settings, or block traffic. An attacker may also pivot for lateral movement via intercepting internal communications and bypassing VPNs.\nSolution\nThe DrayTek Security team has developed a series of patches to remediate the vulnerability, and all users of Vigor routers should upgrade to the latest version ASAP. The patches can be found on the resources page of the DrayTek webpage, and the security advisory can be found within the about section of the DrayTek webpage. Consult either the CVE listing or the advisory page for a full list of affected products.\nAcknowledgements\nThanks to the reporter, Pierre-Yves MAES of ChapsVision (pymaes@chapsvision.com). This document was written by Ayushi Kriplani.",
"title": "Vigor routers running DrayOS are vulnerable to RCE via EasyVPN and LAN web administration interface"
}
[
{
"advisoryKey": "certcc/vu-294418",
"affectedPackages": [
{
"type": "vendor",
"identifier": "DrayTek Corporation",
"platform": null,
"versionRanges": [
{
"fixedVersion": null,
"introducedVersion": null,
"lastAffectedVersion": null,
"primitives": {
"evr": null,
"hasVendorExtensions": true,
"nevra": null,
"semVer": null,
"vendorExtensions": {
"certcc.vendor.contactDate": "2025-09-15T19:03:33.6643450+00:00",
"certcc.vendor.name": "DrayTek Corporation",
"certcc.vendor.patches": "3220=3.9.8.8;LTE200=3.9.9.5;V1000B=4.4.5.1;V2133=3.9.9.4;V2135=4.5.1;V2620=3.9.9.5;V2762=3.9.9.4;V2763=4.5.1;V2765=4.5.1;V2766=4.5.1;V2832=3.9.9.4;V2860=3.9.8.6;V2862=3.9.9.12;V2865=4.5.1;V2866=4.5.1;V2915=4.4.6.1;V2925=3.9.8.6;V2926=3.9.9.12;V2927=4.5.1;V2952=3.9.8.8;V2962=4.4.5.1;V3910=4.4.3.6;V3912=4.4.3.6",
"certcc.vendor.statement.raw": "The issue is confirmed, and here is the patch list\nV3912/V3910/V2962/V1000B 4.4.3.6/4.4.5.1\nV2927/V2865/V2866 4.5.1\nV2765/V2766/V2763/V2135 4.5.1\nV2915 4.4.6.1\nV2862/V2926 3.9.9.12\nV2952/3220 3.9.8.8\nV2860/V2925 3.9.8.6\nV2133/V2762/V2832 3.9.9.4\nV2620/LTE200 3.9.9.5",
"certcc.vendor.statementDate": "2025-09-16T02:27:51.3463350+00:00",
"certcc.vendor.statuses": "CVE-2025-10547=affected",
"certcc.vendor.updated": "2025-10-03T11:35:31.1906610+00:00"
}
},
"provenance": {
"source": "cert-cc",
"kind": "vendor-range",
"value": "DrayTek Corporation",
"decisionReason": null,
"recordedAt": "2025-11-01T08:00:00+00:00",
"fieldMask": []
},
"rangeExpression": null,
"rangeKind": "vendor"
}
],
"normalizedVersions": [
{
"scheme": "certcc.vendor",
"type": "exact",
"min": null,
"minInclusive": null,
"max": null,
"maxInclusive": null,
"value": "3.9.8.6",
"notes": "DrayTek Corporation::V2860"
},
{
"scheme": "certcc.vendor",
"type": "exact",
"min": null,
"minInclusive": null,
"max": null,
"maxInclusive": null,
"value": "3.9.8.6",
"notes": "DrayTek Corporation::V2925"
},
{
"scheme": "certcc.vendor",
"type": "exact",
"min": null,
"minInclusive": null,
"max": null,
"maxInclusive": null,
"value": "3.9.8.8",
"notes": "DrayTek Corporation::3220"
},
{
"scheme": "certcc.vendor",
"type": "exact",
"min": null,
"minInclusive": null,
"max": null,
"maxInclusive": null,
"value": "3.9.8.8",
"notes": "DrayTek Corporation::V2952"
},
{
"scheme": "certcc.vendor",
"type": "exact",
"min": null,
"minInclusive": null,
"max": null,
"maxInclusive": null,
"value": "3.9.9.12",
"notes": "DrayTek Corporation::V2862"
},
{
"scheme": "certcc.vendor",
"type": "exact",
"min": null,
"minInclusive": null,
"max": null,
"maxInclusive": null,
"value": "3.9.9.12",
"notes": "DrayTek Corporation::V2926"
},
{
"scheme": "certcc.vendor",
"type": "exact",
"min": null,
"minInclusive": null,
"max": null,
"maxInclusive": null,
"value": "3.9.9.4",
"notes": "DrayTek Corporation::V2133"
},
{
"scheme": "certcc.vendor",
"type": "exact",
"min": null,
"minInclusive": null,
"max": null,
"maxInclusive": null,
"value": "3.9.9.4",
"notes": "DrayTek Corporation::V2762"
},
{
"scheme": "certcc.vendor",
"type": "exact",
"min": null,
"minInclusive": null,
"max": null,
"maxInclusive": null,
"value": "3.9.9.4",
"notes": "DrayTek Corporation::V2832"
},
{
"scheme": "certcc.vendor",
"type": "exact",
"min": null,
"minInclusive": null,
"max": null,
"maxInclusive": null,
"value": "3.9.9.5",
"notes": "DrayTek Corporation::LTE200"
},
{
"scheme": "certcc.vendor",
"type": "exact",
"min": null,
"minInclusive": null,
"max": null,
"maxInclusive": null,
"value": "3.9.9.5",
"notes": "DrayTek Corporation::V2620"
},
{
"scheme": "certcc.vendor",
"type": "exact",
"min": null,
"minInclusive": null,
"max": null,
"maxInclusive": null,
"value": "4.4.3.6",
"notes": "DrayTek Corporation::V3910"
},
{
"scheme": "certcc.vendor",
"type": "exact",
"min": null,
"minInclusive": null,
"max": null,
"maxInclusive": null,
"value": "4.4.3.6",
"notes": "DrayTek Corporation::V3912"
},
{
"scheme": "certcc.vendor",
"type": "exact",
"min": null,
"minInclusive": null,
"max": null,
"maxInclusive": null,
"value": "4.4.5.1",
"notes": "DrayTek Corporation::V1000B"
},
{
"scheme": "certcc.vendor",
"type": "exact",
"min": null,
"minInclusive": null,
"max": null,
"maxInclusive": null,
"value": "4.4.5.1",
"notes": "DrayTek Corporation::V2962"
},
{
"scheme": "certcc.vendor",
"type": "exact",
"min": null,
"minInclusive": null,
"max": null,
"maxInclusive": null,
"value": "4.4.6.1",
"notes": "DrayTek Corporation::V2915"
},
{
"scheme": "certcc.vendor",
"type": "exact",
"min": null,
"minInclusive": null,
"max": null,
"maxInclusive": null,
"value": "4.5.1",
"notes": "DrayTek Corporation::V2135"
},
{
"scheme": "certcc.vendor",
"type": "exact",
"min": null,
"minInclusive": null,
"max": null,
"maxInclusive": null,
"value": "4.5.1",
"notes": "DrayTek Corporation::V2763"
},
{
"scheme": "certcc.vendor",
"type": "exact",
"min": null,
"minInclusive": null,
"max": null,
"maxInclusive": null,
"value": "4.5.1",
"notes": "DrayTek Corporation::V2765"
},
{
"scheme": "certcc.vendor",
"type": "exact",
"min": null,
"minInclusive": null,
"max": null,
"maxInclusive": null,
"value": "4.5.1",
"notes": "DrayTek Corporation::V2766"
},
{
"scheme": "certcc.vendor",
"type": "exact",
"min": null,
"minInclusive": null,
"max": null,
"maxInclusive": null,
"value": "4.5.1",
"notes": "DrayTek Corporation::V2865"
},
{
"scheme": "certcc.vendor",
"type": "exact",
"min": null,
"minInclusive": null,
"max": null,
"maxInclusive": null,
"value": "4.5.1",
"notes": "DrayTek Corporation::V2866"
},
{
"scheme": "certcc.vendor",
"type": "exact",
"min": null,
"minInclusive": null,
"max": null,
"maxInclusive": null,
"value": "4.5.1",
"notes": "DrayTek Corporation::V2927"
}
],
"statuses": [
{
"provenance": {
"source": "cert-cc",
"kind": "vendor-status",
"value": "DrayTek Corporation:CVE-2025-10547",
"decisionReason": null,
"recordedAt": "2025-11-01T08:00:00+00:00",
"fieldMask": []
},
"status": "affected"
}
],
"provenance": [
{
"source": "cert-cc",
"kind": "vendor",
"value": "DrayTek Corporation",
"decisionReason": null,
"recordedAt": "2025-11-01T08:00:00+00:00",
"fieldMask": []
}
]
}
],
"aliases": [
"CVE-2025-10547",
"VU#294418"
],
"canonicalMetricId": null,
"credits": [],
"cvssMetrics": [],
"cwes": [],
"description": null,
"exploitKnown": false,
"language": "en",
"modified": "2025-10-03T11:40:09.876722+00:00",
"provenance": [
{
"source": "cert-cc",
"kind": "document",
"value": "https://www.kb.cert.org/vuls/api/294418/",
"decisionReason": null,
"recordedAt": "2025-11-01T08:00:00+00:00",
"fieldMask": []
},
{
"source": "cert-cc",
"kind": "map",
"value": "VU#294418",
"decisionReason": null,
"recordedAt": "2025-11-01T08:00:00+00:00",
"fieldMask": []
}
],
"published": "2025-10-03T11:35:31.026053+00:00",
"references": [
{
"kind": "reference",
"provenance": {
"source": "cert-cc",
"kind": "document",
"value": "https://www.kb.cert.org/vuls/id/294418",
"decisionReason": null,
"recordedAt": "2025-11-01T08:00:00+00:00",
"fieldMask": []
},
"sourceTag": "certcc.public",
"summary": null,
"url": "https://www.draytek.com/about/security-advisory/use-of-uninitialized-variable-vulnerabilities/"
},
{
"kind": "reference",
"provenance": {
"source": "cert-cc",
"kind": "document",
"value": "https://www.kb.cert.org/vuls/id/294418",
"decisionReason": null,
"recordedAt": "2025-11-01T08:00:00+00:00",
"fieldMask": []
},
"sourceTag": "certcc.public",
"summary": null,
"url": "https://www.draytek.com/support/resources?type=version"
},
{
"kind": "advisory",
"provenance": {
"source": "cert-cc",
"kind": "document",
"value": "https://www.kb.cert.org/vuls/id/294418",
"decisionReason": null,
"recordedAt": "2025-11-01T08:00:00+00:00",
"fieldMask": []
},
"sourceTag": "certcc.note",
"summary": null,
"url": "https://www.kb.cert.org/vuls/id/294418"
}
],
"severity": null,
"summary": "Overview\nA remote code execution (RCE) vulnerability, tracked as CVE-2025-10547, was discovered through the EasyVPN and LAN web administration interface of Vigor routers by Draytek. A script in the LAN web administration interface uses an unitialized variable, allowing an attacker to send specially crafted HTTP requests that cause memory corruption and potentially allow arbitrary code execution.\nDescription\nVigor routers are business-grade routers, designed for small to medium-sized businesses, made by Draytek. These routers provide routing, firewall, VPN, content-filtering, bandwidth management, LAN (local area network), and multi-WAN (wide area network) features. Draytek utilizes a proprietary firmware, DrayOS, on the Vigor router line. DrayOS features the EasyVPN and LAN Web Administrator tool s to facilitate LAN and VPN setup. According to the DrayTek website, \"with EasyVPN, users no longer need to generate WireGuard keys, import OpenVPN configuration files, or upload certificates. Instead, VPN can be successfully established by simply entering the username and password or getting the OTP code by email.\"\nThe LAN Web Administrator provides a browser-based user interface for router management. When a user interacts with the LAN Web Administration interface, the user interface elements trigger actions that generate HTTP requests to interact with the local server. This process contains an uninitialized variable. Due to the uninitialized variable, an unauthenticated attacker could perform memory corruption on the router via specially crafted HTTP requests to hijack execution or inject malicious payloads. If EasyVPN is enabled, the flaw could be remotely exploited through the VPN interface.\nImpact\nA remote, unathenticated attacker can exploit this vulnerability through accessing the LAN interface—or potentially the WAN interface—if EasyVPN is enabled or remote administration over the internet is activated. If a remote, unauthenticated attacker leverages this vulnerability, they can execute arbitrary code on the router (RCE) and gain full control of the device. A successful attack could result in a attacker gaining root access to a Vigor router to then install backdoors, reconfigure network settings, or block traffic. An attacker may also pivot for lateral movement via intercepting internal communications and bypassing VPNs.\nSolution\nThe DrayTek Security team has developed a series of patches to remediate the vulnerability, and all users of Vigor routers should upgrade to the latest version ASAP. The patches can be found on the resources page of the DrayTek webpage, and the security advisory can be found within the about section of the DrayTek webpage. Consult either the CVE listing or the advisory page for a full list of affected products.\nAcknowledgements\nThanks to the reporter, Pierre-Yves MAES of ChapsVision (pymaes@chapsvision.com). This document was written by Ayushi Kriplani.",
"title": "Vigor routers running DrayOS are vulnerable to RCE via EasyVPN and LAN web administration interface"
}
]

2
src/Concelier/__Tests/StellaOps.Concelier.Connector.CertCc.Tests/Fixtures/certcc-documents.snapshot.json
View File

@@ -152,4 +152,4 @@
"status": "pending-parse",
"uri": "https://www.kb.cert.org/vuls/api/294418/vuls/"
}
]
]

2
src/Concelier/__Tests/StellaOps.Concelier.Connector.CertCc.Tests/Fixtures/certcc-state.snapshot.json
View File

@@ -10,4 +10,4 @@
"end": "2025-10-17T08:00:00.0000000+00:00",
"start": "2025-09-17T08:00:00.0000000+00:00"
}
}
}

3
src/Concelier/__Tests/StellaOps.Concelier.Connector.CertCc.Tests/TASKS.md
View File

@@ -1,10 +1,11 @@
# CERT/CC Connector Tests Task Board
This board mirrors active sprint tasks for this module.
Source of truth: `docs-archived/implplan/2025-12-29-csproj-audit/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
Source of truth: `docs/implplan/SPRINT_0127_001_QA_test_stabilization.md` (current); `docs-archived/implplan/2025-12-29-csproj-audit/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md` (historical).
| Task ID | Status | Notes |
| --- | --- | --- |
| AUDIT-0154-M | DONE | Revalidated 2026-01-06; no new findings. |
| AUDIT-0154-T | DONE | Revalidated 2026-01-06; no new findings. |
| AUDIT-0154-A | DONE | Waived (test project; revalidated 2026-01-06). |
| TST-0127-CERTCC | DONE | Restored cursor GUID parsing, reference provenance, and summary status expectations; verified 18/18 passing. |

14
src/Concelier/__Tests/StellaOps.Concelier.Connector.CertIn.Tests/CertIn/Fixtures/expected-advisory.json
View File

@@ -85,7 +85,7 @@
"kind": "document",
"value": "https://cert-in.example/advisory/CIAD-2024-0005",
"decisionReason": null,
"recordedAt": "2024-04-20T00:00:00+00:00",
"recordedAt": "2024-04-20T00:01:00+00:00",
"fieldMask": []
},
"sourceTag": "cert-in",
@@ -97,9 +97,9 @@
"provenance": {
"source": "cert-in",
"kind": "document",
"value": "https://cert-in.example/advisory/CIAD-2024-0005",
"value": "https://vendor.example.com/advisories/example-gateway-bulletin",
"decisionReason": null,
"recordedAt": "2024-04-20T00:00:00+00:00",
"recordedAt": "2024-04-20T00:01:00+00:00",
"fieldMask": []
},
"sourceTag": null,
@@ -111,9 +111,9 @@
"provenance": {
"source": "cert-in",
"kind": "document",
"value": "https://cert-in.example/advisory/CIAD-2024-0005",
"value": "https://www.cve.org/CVERecord?id=CVE-2024-9990",
"decisionReason": null,
"recordedAt": "2024-04-20T00:00:00+00:00",
"recordedAt": "2024-04-20T00:01:00+00:00",
"fieldMask": []
},
"sourceTag": "CVE-2024-9990",
@@ -125,9 +125,9 @@
"provenance": {
"source": "cert-in",
"kind": "document",
"value": "https://cert-in.example/advisory/CIAD-2024-0005",
"value": "https://www.cve.org/CVERecord?id=CVE-2024-9991",
"decisionReason": null,
"recordedAt": "2024-04-20T00:00:00+00:00",
"recordedAt": "2024-04-20T00:01:00+00:00",
"fieldMask": []
},
"sourceTag": "CVE-2024-9991",

3
src/Concelier/__Tests/StellaOps.Concelier.Connector.Distro.Debian.Tests/AGENTS.md
View File

@@ -19,7 +19,7 @@ Own the Debian connector test suite covering list/detail fetch, parse, and map b
## Required Reading
- `docs/modules/concelier/architecture.md`
- `docs/modules/platform/architecture-overview.md`
- `docs/ingestion/aggregation-only-contract.md`
- `docs/modules/concelier/guides/aggregation-only-contract.md`
## Working Agreement
- 1. Update task status to `DOING`/`DONE` in both corresponding sprint file `/docs/implplan/SPRINT_*.md` and the local `TASKS.md` when you start or finish work.
@@ -27,3 +27,4 @@ Own the Debian connector test suite covering list/detail fetch, parse, and map b
- 3. Keep changes deterministic (stable ordering, timestamps, hashes) and align with offline/air-gap expectations.
- 4. Coordinate doc updates, tests, and cross-guild communication whenever contracts or workflows change.
- 5. Revert to `TODO` if you pause the task without shipping changes; leave notes in commit/PR descriptions for context.

14
src/Concelier/__Tests/StellaOps.Concelier.Connector.Distro.RedHat.Tests/RedHat/Fixtures/rhsa-2025-0001.pipeline.snapshot.json
View File

@@ -113,12 +113,10 @@
"provenance": {
"source": "redhat",
"kind": "cvss",
"value": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"value": "CVE-2025-0001",
"decisionReason": null,
"recordedAt": "2025-10-05T00:00:00+00:00",
"fieldMask": [
"cvssmetrics[]"
]
"fieldMask": []
},
"vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
@@ -145,8 +143,8 @@
"kind": "self",
"provenance": {
"source": "redhat",
"kind": "advisory",
"value": "RHSA-2025:0001",
"kind": "reference",
"value": "https://access.redhat.com/errata/RHSA-2025:0001",
"decisionReason": null,
"recordedAt": "2025-10-05T00:00:00+00:00",
"fieldMask": []
@@ -159,8 +157,8 @@
"kind": "external",
"provenance": {
"source": "redhat",
"kind": "advisory",
"value": "RHSA-2025:0001",
"kind": "reference",
"value": "https://www.cve.org/CVERecord?id=CVE-2025-0001",
"decisionReason": null,
"recordedAt": "2025-10-05T00:00:00+00:00",
"fieldMask": []

13
src/Concelier/__Tests/StellaOps.Concelier.Connector.Distro.RedHat.Tests/RedHat/Fixtures/rhsa-2025-0001.snapshot.json
View File

@@ -75,7 +75,18 @@
"rangeKind": "nevra"
}
],
"normalizedVersions": [],
"normalizedVersions": [
{
"scheme": "nevra",
"type": "lt",
"min": null,
"minInclusive": null,
"max": "kernel-4.18.0-513.5.1.el8.x86_64",
"maxInclusive": false,
"value": null,
"notes": "kernel-0:4.18.0-513.5.1.el8.x86_64"
}
],
"statuses": [],
"provenance": [
{

3
src/Concelier/__Tests/StellaOps.Concelier.Connector.Distro.Suse.Tests/AGENTS.md
View File

@@ -21,7 +21,7 @@ Own the SUSE connector test suite covering changes/CSAF fetch, parse, and map be
## Required Reading
- `docs/modules/concelier/architecture.md`
- `docs/modules/platform/architecture-overview.md`
- `docs/ingestion/aggregation-only-contract.md`
- `docs/modules/concelier/guides/aggregation-only-contract.md`
## Working Agreement
- 1. Update task status to `DOING`/`DONE` in both corresponding sprint file `/docs/implplan/SPRINT_*.md` and the local `TASKS.md` when you start or finish work.
@@ -29,3 +29,4 @@ Own the SUSE connector test suite covering changes/CSAF fetch, parse, and map be
- 3. Keep changes deterministic (stable ordering, timestamps, hashes) and align with offline/air-gap expectations.
- 4. Coordinate doc updates, tests, and cross-guild communication whenever contracts or workflows change.
- 5. Revert to `TODO` if you pause the task without shipping changes; leave notes in commit/PR descriptions for context.

3
src/Concelier/__Tests/StellaOps.Concelier.Connector.Distro.Ubuntu.Tests/AGENTS.md
View File

@@ -19,7 +19,7 @@ Own the Ubuntu connector test suite covering index fetch, parse, and map behavio
## Required Reading
- `docs/modules/concelier/architecture.md`
- `docs/modules/platform/architecture-overview.md`
- `docs/ingestion/aggregation-only-contract.md`
- `docs/modules/concelier/guides/aggregation-only-contract.md`
## Working Agreement
- 1. Update task status to `DOING`/`DONE` in both corresponding sprint file `/docs/implplan/SPRINT_*.md` and the local `TASKS.md` when you start or finish work.
@@ -27,3 +27,4 @@ Own the Ubuntu connector test suite covering index fetch, parse, and map behavio
- 3. Keep changes deterministic (stable ordering, timestamps, hashes) and align with offline/air-gap expectations.
- 4. Coordinate doc updates, tests, and cross-guild communication whenever contracts or workflows change.
- 5. Revert to `TODO` if you pause the task without shipping changes; leave notes in commit/PR descriptions for context.

458
src/Concelier/__Tests/StellaOps.Concelier.Connector.Ghsa.Tests/Fixtures/expected-GHSA-xxxx-yyyy-zzzz.json
View File

@@ -1,229 +1,231 @@
{
"advisoryKey": "GHSA-xxxx-yyyy-zzzz",
"affectedPackages": [
{
"type": "semver",
"identifier": "npm:example/package",
"platform": null,
"versionRanges": [
{
"fixedVersion": "1.5.0",
"introducedVersion": null,
"lastAffectedVersion": null,
"primitives": {
"evr": null,
"hasVendorExtensions": true,
"nevra": null,
"semVer": {
"constraintExpression": "< 1.5.0",
"exactValue": null,
"fixed": "1.5.0",
"fixedInclusive": false,
"introduced": null,
"introducedInclusive": true,
"lastAffected": null,
"lastAffectedInclusive": false,
"style": "lessThan"
},
"vendorExtensions": {
"ecosystem": "npm",
"package": "example/package"
}
},
"provenance": {
"source": "ghsa",
"kind": "affected-range",
"value": "npm:example/package",
"decisionReason": null,
"recordedAt": "2024-10-02T00:00:00+00:00",
"fieldMask": [
"affectedpackages[].versionranges[]"
]
},
"rangeExpression": "< 1.5.0",
"rangeKind": "semver"
}
],
"normalizedVersions": [
{
"scheme": "semver",
"type": "lt",
"min": null,
"minInclusive": null,
"max": "1.5.0",
"maxInclusive": false,
"value": null,
"notes": "ghsa:npm:example/package"
}
],
"statuses": [
{
"provenance": {
"source": "ghsa",
"kind": "affected-status",
"value": "npm:example/package",
"decisionReason": null,
"recordedAt": "2024-10-02T00:00:00+00:00",
"fieldMask": [
"affectedpackages[].statuses[]"
]
},
"status": "affected"
}
],
"provenance": [
{
"source": "ghsa",
"kind": "affected",
"value": "npm:example/package",
"decisionReason": null,
"recordedAt": "2024-10-02T00:00:00+00:00",
"fieldMask": [
"affectedpackages[]"
]
}
]
}
],
"aliases": [
"CVE-2024-1111",
"GHSA-xxxx-yyyy-zzzz"
],
"canonicalMetricId": "3.1|CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"credits": [
{
"displayName": "maintainer-team",
"role": "remediation_developer",
"contacts": [
"https://github.com/maintainer-team"
],
"provenance": {
"source": "ghsa",
"kind": "credit",
"value": "maintainer-team",
"decisionReason": null,
"recordedAt": "2024-10-02T00:00:00+00:00",
"fieldMask": [
"credits[]"
]
}
},
{
"displayName": "security-reporter",
"role": "reporter",
"contacts": [
"https://github.com/security-reporter"
],
"provenance": {
"source": "ghsa",
"kind": "credit",
"value": "security-reporter",
"decisionReason": null,
"recordedAt": "2024-10-02T00:00:00+00:00",
"fieldMask": [
"credits[]"
]
}
}
],
"cvssMetrics": [
{
"baseScore": 9.8,
"baseSeverity": "critical",
"provenance": {
"source": "ghsa",
"kind": "cvss",
"value": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"decisionReason": null,
"recordedAt": "2024-10-02T00:00:00+00:00",
"fieldMask": [
"cvssmetrics[]"
]
},
"vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"cwes": [
{
"taxonomy": "cwe",
"identifier": "CWE-79",
"name": "Cross-site Scripting",
"uri": "https://cwe.mitre.org/data/definitions/79.html",
"provenance": [
{
"source": "unknown",
"kind": "unspecified",
"value": null,
"decisionReason": null,
"recordedAt": "1970-01-01T00:00:00+00:00",
"fieldMask": []
}
]
}
],
"description": "An example advisory describing a supply chain risk.",
"exploitKnown": false,
"language": "en",
"modified": "2024-09-20T12:00:00+00:00",
"provenance": [
{
"source": "ghsa",
"kind": "document",
"value": "security/advisories/GHSA-xxxx-yyyy-zzzz",
"decisionReason": null,
"recordedAt": "2024-10-02T00:00:00+00:00",
"fieldMask": [
"advisory"
]
},
{
"source": "ghsa",
"kind": "mapping",
"value": "GHSA-xxxx-yyyy-zzzz",
"decisionReason": null,
"recordedAt": "2024-10-02T00:00:00+00:00",
"fieldMask": [
"advisory"
]
}
],
"published": "2024-09-10T13:00:00+00:00",
"references": [
{
"kind": "fix",
"provenance": {
"source": "ghsa",
"kind": "reference",
"value": "https://example.com/patch",
"decisionReason": null,
"recordedAt": "2024-10-02T00:00:00+00:00",
"fieldMask": [
"references[]"
]
},
"sourceTag": "Vendor Fix",
"summary": null,
"url": "https://example.com/patch"
},
{
"kind": "advisory",
"provenance": {
"source": "ghsa",
"kind": "reference",
"value": "https://github.com/advisories/GHSA-xxxx-yyyy-zzzz",
"decisionReason": null,
"recordedAt": "2024-10-02T00:00:00+00:00",
"fieldMask": [
"references[]"
]
},
"sourceTag": null,
"summary": null,
"url": "https://github.com/advisories/GHSA-xxxx-yyyy-zzzz"
}
],
"severity": "critical",
"summary": "Example GHSA vulnerability",
"title": "Example GHSA vulnerability"
{
"advisoryKey": "GHSA-xxxx-yyyy-zzzz",
"affectedPackages": [
{
"type": "semver",
"identifier": "npm:example/package",
"platform": null,
"versionRanges": [
{
"fixedVersion": "1.5.0",
"introducedVersion": null,
"lastAffectedVersion": null,
"primitives": {
"evr": null,
"hasVendorExtensions": true,
"nevra": null,
"semVer": {
"constraintExpression": "< 1.5.0",
"exactValue": null,
"fixed": "1.5.0",
"fixedInclusive": false,
"introduced": null,
"introducedInclusive": true,
"lastAffected": null,
"lastAffectedInclusive": false,
"style": "lessThan"
},
"vendorExtensions": {
"ecosystem": "npm",
"package": "example/package"
}
},
"provenance": {
"source": "ghsa",
"kind": "affected-range",
"value": "npm:example/package",
"decisionReason": null,
"recordedAt": "2024-10-02T00:00:00+00:00",
"fieldMask": [
"affectedpackages[].versionranges[]"
]
},
"rangeExpression": "< 1.5.0",
"rangeKind": "semver"
}
],
"normalizedVersions": [
{
"scheme": "semver",
"type": "lt",
"min": null,
"minInclusive": null,
"max": "1.5.0",
"maxInclusive": false,
"value": null,
"notes": "ghsa:npm:example/package"
}
],
"statuses": [
{
"provenance": {
"source": "ghsa",
"kind": "affected-status",
"value": "npm:example/package",
"decisionReason": null,
"recordedAt": "2024-10-02T00:00:00+00:00",
"fieldMask": [
"affectedpackages[].statuses[]"
]
},
"status": "affected"
}
],
"provenance": [
{
"source": "ghsa",
"kind": "affected",
"value": "npm:example/package",
"decisionReason": null,
"recordedAt": "2024-10-02T00:00:00+00:00",
"fieldMask": [
"affectedpackages[]"
]
}
]
}
],
"aliases": [
"CVE-2024-1111",
"GHSA-xxxx-yyyy-zzzz"
],
"canonicalMetricId": "3.1|CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"credits": [
{
"displayName": "maintainer-team",
"role": "remediation_developer",
"contacts": [
"https://github.com/maintainer-team"
],
"provenance": {
"source": "ghsa",
"kind": "credit",
"value": "maintainer-team",
"decisionReason": null,
"recordedAt": "2024-10-02T00:00:00+00:00",
"fieldMask": [
"credits[]"
]
}
},
{
"displayName": "security-reporter",
"role": "reporter",
"contacts": [
"https://github.com/security-reporter"
],
"provenance": {
"source": "ghsa",
"kind": "credit",
"value": "security-reporter",
"decisionReason": null,
"recordedAt": "2024-10-02T00:00:00+00:00",
"fieldMask": [
"credits[]"
]
}
}
],
"cvssMetrics": [
{
"baseScore": 9.8,
"baseSeverity": "critical",
"provenance": {
"source": "ghsa",
"kind": "cvss",
"value": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"decisionReason": null,
"recordedAt": "2024-10-02T00:00:00+00:00",
"fieldMask": [
"cvssmetrics[]"
]
},
"vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"cwes": [
{
"taxonomy": "cwe",
"identifier": "CWE-79",
"name": "Cross-site Scripting",
"uri": "https://cwe.mitre.org/data/definitions/79.html",
"provenance": [
{
"source": "ghsa",
"kind": "weakness",
"value": "CWE-79",
"decisionReason": null,
"recordedAt": "2024-10-02T00:00:00+00:00",
"fieldMask": [
"cwes[]"
]
}
]
}
],
"description": "An example advisory describing a supply chain risk.",
"exploitKnown": false,
"language": "en",
"modified": "2024-09-20T12:00:00+00:00",
"provenance": [
{
"source": "ghsa",
"kind": "document",
"value": "security/advisories/GHSA-xxxx-yyyy-zzzz",
"decisionReason": null,
"recordedAt": "2024-10-02T00:00:00+00:00",
"fieldMask": [
"advisory"
]
},
{
"source": "ghsa",
"kind": "mapping",
"value": "GHSA-xxxx-yyyy-zzzz",
"decisionReason": null,
"recordedAt": "2024-10-02T00:00:00+00:00",
"fieldMask": [
"advisory"
]
}
],
"published": "2024-09-10T13:00:00+00:00",
"references": [
{
"kind": "fix",
"provenance": {
"source": "ghsa",
"kind": "reference",
"value": "https://example.com/patch",
"decisionReason": null,
"recordedAt": "2024-10-02T00:00:00+00:00",
"fieldMask": [
"references[]"
]
},
"sourceTag": "Vendor Fix",
"summary": null,
"url": "https://example.com/patch"
},
{
"kind": "advisory",
"provenance": {
"source": "ghsa",
"kind": "reference",
"value": "https://github.com/advisories/GHSA-xxxx-yyyy-zzzz",
"decisionReason": null,
"recordedAt": "2024-10-02T00:00:00+00:00",
"fieldMask": [
"references[]"
]
},
"sourceTag": null,
"summary": null,
"url": "https://github.com/advisories/GHSA-xxxx-yyyy-zzzz"
}
],
"severity": "critical",
"summary": "Example GHSA vulnerability",
"title": "Example GHSA vulnerability"
}

4
src/Concelier/__Tests/StellaOps.Concelier.Connector.Ghsa.Tests/Ghsa/GhsaConnectorTests.cs
View File

@@ -26,7 +26,7 @@ public sealed class GhsaConnectorTests : IAsyncLifetime
_fixture = fixture;
}
[Fact(Skip = "Requires real PostgreSQL - run integration tests")]
[Fact]
public async Task FetchParseMap_EmitsCanonicalAdvisory()
{
var initialTime = new DateTimeOffset(2024, 10, 2, 0, 0, 0, TimeSpan.Zero);
@@ -160,7 +160,7 @@ public sealed class GhsaConnectorTests : IAsyncLifetime
Assert.Empty(pendingMappings.AsDocumentArray);
}
[Fact(Skip = "Requires real PostgreSQL - run integration tests")]
[Fact]
public async Task FetchAsync_ResumesFromPersistedCursorWindow()
{
var initialTime = new DateTimeOffset(2024, 10, 7, 0, 0, 0, TimeSpan.Zero);

10
src/Concelier/__Tests/StellaOps.Concelier.Connector.Ics.Kaspersky.Tests/Ics/Kaspersky/Fixtures/expected-advisory.json
View File

@@ -515,7 +515,7 @@
"kind": "document",
"value": "https://ics-cert.example/advisories/acme-controller-2024/",
"decisionReason": null,
"recordedAt": "2024-10-20T00:00:00+00:00",
"recordedAt": "2024-10-20T00:01:00+00:00",
"fieldMask": []
},
"sourceTag": "kaspersky-ics",
@@ -527,9 +527,9 @@
"provenance": {
"source": "ics-kaspersky",
"kind": "document",
"value": "https://ics-cert.example/advisories/acme-controller-2024/",
"value": "https://www.cve.org/CVERecord?id=CVE-2024-7777",
"decisionReason": null,
"recordedAt": "2024-10-20T00:00:00+00:00",
"recordedAt": "2024-10-20T00:01:00+00:00",
"fieldMask": []
},
"sourceTag": "CVE-2024-7777",
@@ -541,9 +541,9 @@
"provenance": {
"source": "ics-kaspersky",
"kind": "document",
"value": "https://ics-cert.example/advisories/acme-controller-2024/",
"value": "https://www.cve.org/CVERecord?id=CVE-2024-8888",
"decisionReason": null,
"recordedAt": "2024-10-20T00:00:00+00:00",
"recordedAt": "2024-10-20T00:01:00+00:00",
"fieldMask": []
},
"sourceTag": "CVE-2024-8888",

10
src/Concelier/__Tests/StellaOps.Concelier.Connector.Ics.Kaspersky.Tests/Kaspersky/Fixtures/expected-advisory.json
View File

@@ -515,7 +515,7 @@
"kind": "document",
"value": "https://ics-cert.example/advisories/acme-controller-2024/",
"decisionReason": null,
"recordedAt": "2024-10-20T00:00:00+00:00",
"recordedAt": "2024-10-20T00:01:00+00:00",
"fieldMask": []
},
"sourceTag": "kaspersky-ics",
@@ -527,9 +527,9 @@
"provenance": {
"source": "ics-kaspersky",
"kind": "document",
"value": "https://ics-cert.example/advisories/acme-controller-2024/",
"value": "https://www.cve.org/CVERecord?id=CVE-2024-7777",
"decisionReason": null,
"recordedAt": "2024-10-20T00:00:00+00:00",
"recordedAt": "2024-10-20T00:01:00+00:00",
"fieldMask": []
},
"sourceTag": "CVE-2024-7777",
@@ -541,9 +541,9 @@
"provenance": {
"source": "ics-kaspersky",
"kind": "document",
"value": "https://ics-cert.example/advisories/acme-controller-2024/",
"value": "https://www.cve.org/CVERecord?id=CVE-2024-8888",
"decisionReason": null,
"recordedAt": "2024-10-20T00:00:00+00:00",
"recordedAt": "2024-10-20T00:01:00+00:00",
"fieldMask": []
},
"sourceTag": "CVE-2024-8888",

3
src/Concelier/__Tests/StellaOps.Concelier.Connector.Jvn.Tests/Jvn/JvnConnectorTests.cs
View File

@@ -45,7 +45,7 @@ public sealed class JvnConnectorTests : IAsyncLifetime
_handler = new CannedHttpMessageHandler();
}
[Fact(Skip = "Integration test requires PostgreSQL fixture - advisory mapping returning null needs investigation")]
[Fact]
public async Task FetchParseMap_ProducesDeterministicSnapshot()
{
var options = new JvnOptions
@@ -95,7 +95,6 @@ public sealed class JvnConnectorTests : IAsyncLifetime
var advisoryStore = provider.GetRequiredService<IAdvisoryStore>();
var singleAdvisory = await advisoryStore.FindAsync(VulnId, CancellationToken.None);
Assert.NotNull(singleAdvisory);
_output.WriteLine($"singleAdvisory null? {singleAdvisory is null}");
var canonical = SnapshotSerializer.ToSnapshot(singleAdvisory!).Replace("\r\n", "\n");
var expected = ReadFixture("expected-advisory.json").Replace("\r\n", "\n");

3
src/Concelier/__Tests/StellaOps.Concelier.Connector.Jvn.Tests/TASKS.md
View File

@@ -1,10 +1,11 @@
# JVN Connector Tests Task Board
This board mirrors active sprint tasks for this module.
Source of truth: `docs-archived/implplan/2025-12-29-csproj-audit/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
Source of truth: `docs/implplan/SPRINT_0127_001_QA_test_stabilization.md` (current); `docs-archived/implplan/2025-12-29-csproj-audit/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md` (historical).
| Task ID | Status | Notes |
| --- | --- | --- |
| TST-005-JVN | DONE | Unskipped JVN connector test; fixed DTO number handling and JP flag store mapping. |
| AUDIT-0182-M | DONE | Revalidated 2026-01-06; findings recorded in audit report. |
| AUDIT-0182-T | DONE | Revalidated 2026-01-06; findings recorded in audit report. |
| AUDIT-0182-A | DONE | Waived (test project; revalidated 2026-01-06). |

32
src/Concelier/__Tests/StellaOps.Concelier.Connector.Kev.Tests/Kev/Fixtures/kev-advisories.snapshot.json
View File

@@ -121,8 +121,8 @@
"kind": "reference",
"provenance": {
"source": "kev",
"kind": "document",
"value": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json",
"kind": "reference",
"value": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search=CVE-2021-43798",
"decisionReason": null,
"recordedAt": "2025-10-10T00:00:00+00:00",
"fieldMask": []
@@ -135,8 +135,8 @@
"kind": "reference",
"provenance": {
"source": "kev",
"kind": "document",
"value": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json",
"kind": "reference",
"value": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search=CVE-2021-43798",
"decisionReason": null,
"recordedAt": "2025-10-10T00:00:00+00:00",
"fieldMask": []
@@ -149,8 +149,8 @@
"kind": "advisory",
"provenance": {
"source": "kev",
"kind": "document",
"value": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json",
"kind": "reference",
"value": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search=CVE-2021-43798",
"decisionReason": null,
"recordedAt": "2025-10-10T00:00:00+00:00",
"fieldMask": []
@@ -163,8 +163,8 @@
"kind": "reference",
"provenance": {
"source": "kev",
"kind": "document",
"value": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json",
"kind": "reference",
"value": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search=CVE-2021-43798",
"decisionReason": null,
"recordedAt": "2025-10-10T00:00:00+00:00",
"fieldMask": []
@@ -289,8 +289,8 @@
"kind": "reference",
"provenance": {
"source": "kev",
"kind": "document",
"value": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json",
"kind": "reference",
"value": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search=CVE-2024-12345",
"decisionReason": null,
"recordedAt": "2025-10-10T00:00:00+00:00",
"fieldMask": []
@@ -303,8 +303,8 @@
"kind": "reference",
"provenance": {
"source": "kev",
"kind": "document",
"value": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json",
"kind": "reference",
"value": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search=CVE-2024-12345",
"decisionReason": null,
"recordedAt": "2025-10-10T00:00:00+00:00",
"fieldMask": []
@@ -317,8 +317,8 @@
"kind": "advisory",
"provenance": {
"source": "kev",
"kind": "document",
"value": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json",
"kind": "reference",
"value": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search=CVE-2024-12345",
"decisionReason": null,
"recordedAt": "2025-10-10T00:00:00+00:00",
"fieldMask": []
@@ -331,8 +331,8 @@
"kind": "reference",
"provenance": {
"source": "kev",
"kind": "document",
"value": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json",
"kind": "reference",
"value": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search=CVE-2024-12345",
"decisionReason": null,
"recordedAt": "2025-10-10T00:00:00+00:00",
"fieldMask": []

19
src/Concelier/__Tests/StellaOps.Concelier.Connector.Kev.Tests/Kev/KevConnectorTests.cs
View File

@@ -39,7 +39,7 @@ public sealed class KevConnectorTests : IAsyncLifetime
_handler = new CannedHttpMessageHandler();
}
[Fact(Skip = "Integration test requires PostgreSQL fixture - cursor format validation issue needs investigation")]
[Fact]
public async Task FetchParseMap_ProducesDeterministicSnapshot()
{
await using var provider = await BuildServiceProviderAsync();
@@ -73,7 +73,7 @@ public sealed class KevConnectorTests : IAsyncLifetime
Assert.NotNull(state);
var stateValue = state!;
Assert.Equal("2025.10.09", stateValue.Cursor.TryGetValue("catalogVersion", out var versionValue) ? versionValue.AsString : null);
Assert.True(stateValue.Cursor.TryGetValue("catalogReleased", out var releasedValue) && releasedValue.DocumentType is DocumentType.DateTime);
Assert.NotNull(ReadDateTime(stateValue.Cursor, "catalogReleased"));
Assert.True(IsEmptyArray(stateValue.Cursor, "pendingDocuments"));
Assert.True(IsEmptyArray(stateValue.Cursor, "pendingMappings"));
}
@@ -144,6 +144,21 @@ public sealed class KevConnectorTests : IAsyncLifetime
return array.Count == 0;
}
private static DateTimeOffset? ReadDateTime(DocumentObject document, string field)
{
if (!document.TryGetValue(field, out var value))
{
return null;
}
return value.DocumentType switch
{
DocumentType.DateTime => DateTime.SpecifyKind(value.ToUniversalTime(), DateTimeKind.Utc),
DocumentType.String when DateTimeOffset.TryParse(value.AsString, out var parsed) => parsed.ToUniversalTime(),
_ => null,
};
}
private static string ReadFixture(string filename)
{
var path = GetExistingFixturePath(filename);

3
src/Concelier/__Tests/StellaOps.Concelier.Connector.Kev.Tests/TASKS.md
View File

@@ -1,10 +1,11 @@
# KEV Connector Tests Task Board
This board mirrors active sprint tasks for this module.
Source of truth: `docs-archived/implplan/2025-12-29-csproj-audit/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
Source of truth: `docs/implplan/SPRINT_0127_001_QA_test_stabilization.md` (current); `docs-archived/implplan/2025-12-29-csproj-audit/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md` (historical).
| Task ID | Status | Notes |
| --- | --- | --- |
| TST-005-KEV | DONE | KEV connector tests stabilized; cursor date parsing accepts ISO strings; 11/11 passing. |
| AUDIT-0184-M | DONE | Revalidated 2026-01-06; findings recorded in audit report. |
| AUDIT-0184-T | DONE | Revalidated 2026-01-06; findings recorded in audit report. |
| AUDIT-0184-A | DONE | Waived (test project; revalidated 2026-01-06). |

168
src/Concelier/__Tests/StellaOps.Concelier.Connector.Ru.Bdu.Tests/Fixtures/ru-bdu-advisories.snapshot.json
View File

@@ -41,28 +41,43 @@
"statuses": [
{
"provenance": {
"source": "unknown",
"kind": "unspecified",
"value": null,
"source": "ru-bdu",
"kind": "package-status",
"value": "Подтверждена производителем",
"decisionReason": null,
"recordedAt": "1970-01-01T00:00:00+00:00",
"fieldMask": []
"recordedAt": "2025-10-14T08:00:00+00:00",
"fieldMask": [
"affectedpackages[].statuses[]"
]
},
"status": "affected"
},
{
"provenance": {
"source": "unknown",
"kind": "unspecified",
"value": null,
"source": "ru-bdu",
"kind": "package-fix-status",
"value": "Уязвимость устранена",
"decisionReason": null,
"recordedAt": "1970-01-01T00:00:00+00:00",
"fieldMask": []
"recordedAt": "2025-10-14T08:00:00+00:00",
"fieldMask": [
"affectedpackages[].statuses[]"
]
},
"status": "fixed"
}
],
"provenance": []
"provenance": [
{
"source": "ru-bdu",
"kind": "package",
"value": "ООО «1С-Софт» 1С:Предприятие",
"decisionReason": null,
"recordedAt": "2025-10-14T08:00:00+00:00",
"fieldMask": [
"affectedpackages[]"
]
}
]
},
{
"type": "vendor",
@@ -103,28 +118,43 @@
"statuses": [
{
"provenance": {
"source": "unknown",
"kind": "unspecified",
"value": null,
"source": "ru-bdu",
"kind": "package-status",
"value": "Подтверждена производителем",
"decisionReason": null,
"recordedAt": "1970-01-01T00:00:00+00:00",
"fieldMask": []
"recordedAt": "2025-10-14T08:00:00+00:00",
"fieldMask": [
"affectedpackages[].statuses[]"
]
},
"status": "affected"
},
{
"provenance": {
"source": "unknown",
"kind": "unspecified",
"value": null,
"source": "ru-bdu",
"kind": "package-fix-status",
"value": "Уязвимость устранена",
"decisionReason": null,
"recordedAt": "1970-01-01T00:00:00+00:00",
"fieldMask": []
"recordedAt": "2025-10-14T08:00:00+00:00",
"fieldMask": [
"affectedpackages[].statuses[]"
]
},
"status": "fixed"
}
],
"provenance": []
"provenance": [
{
"source": "ru-bdu",
"kind": "package",
"value": "ООО «1С-Софт» 1С:Предприятие",
"decisionReason": null,
"recordedAt": "2025-10-14T08:00:00+00:00",
"fieldMask": [
"affectedpackages[]"
]
}
]
}
],
"aliases": [
@@ -145,7 +175,9 @@
"value": "CVSS:2.0/AV:N/AC:L/AU:N/C:P/I:P/A:P",
"decisionReason": null,
"recordedAt": "2025-10-14T08:00:00+00:00",
"fieldMask": []
"fieldMask": [
"cvssmetrics[]"
]
},
"vector": "CVSS:2.0/AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
@@ -159,7 +191,9 @@
"value": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"decisionReason": null,
"recordedAt": "2025-10-14T08:00:00+00:00",
"fieldMask": []
"fieldMask": [
"cvssmetrics[]"
]
},
"vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
@@ -167,7 +201,7 @@
],
"cwes": [],
"description": null,
"exploitKnown": false,
"exploitKnown": true,
"language": "ru",
"modified": "2013-01-12T00:00:00+00:00",
"provenance": [
@@ -187,12 +221,14 @@
{
"kind": "source",
"provenance": {
"source": "unknown",
"kind": "unspecified",
"value": null,
"source": "ru-bdu",
"kind": "reference",
"value": "http://mirror.example/ru-bdu/BDU-2025-00001",
"decisionReason": null,
"recordedAt": "1970-01-01T00:00:00+00:00",
"fieldMask": []
"recordedAt": "2025-10-14T08:00:00+00:00",
"fieldMask": [
"references[]"
]
},
"sourceTag": "ru-bdu",
"summary": null,
@@ -201,12 +237,14 @@
{
"kind": "source",
"provenance": {
"source": "unknown",
"kind": "unspecified",
"value": null,
"source": "ru-bdu",
"kind": "reference",
"value": "https://advisories.example/BDU-2025-00001",
"decisionReason": null,
"recordedAt": "1970-01-01T00:00:00+00:00",
"fieldMask": []
"recordedAt": "2025-10-14T08:00:00+00:00",
"fieldMask": [
"references[]"
]
},
"sourceTag": "ru-bdu",
"summary": null,
@@ -215,12 +253,14 @@
{
"kind": "details",
"provenance": {
"source": "unknown",
"kind": "unspecified",
"value": null,
"source": "ru-bdu",
"kind": "reference",
"value": "https://bdu.fstec.ru/vul/2025-00001",
"decisionReason": null,
"recordedAt": "1970-01-01T00:00:00+00:00",
"fieldMask": []
"recordedAt": "2025-10-14T08:00:00+00:00",
"fieldMask": [
"references[]"
]
},
"sourceTag": "ru-bdu",
"summary": null,
@@ -229,12 +269,14 @@
{
"kind": "cwe",
"provenance": {
"source": "unknown",
"kind": "unspecified",
"value": null,
"source": "ru-bdu",
"kind": "reference",
"value": "https://cwe.mitre.org/data/definitions/310.html",
"decisionReason": null,
"recordedAt": "1970-01-01T00:00:00+00:00",
"fieldMask": []
"recordedAt": "2025-10-14T08:00:00+00:00",
"fieldMask": [
"references[]"
]
},
"sourceTag": "cwe",
"summary": "Проблемы использования криптографии",
@@ -243,12 +285,14 @@
{
"kind": "cve",
"provenance": {
"source": "unknown",
"kind": "unspecified",
"value": null,
"source": "ru-bdu",
"kind": "reference",
"value": "https://nvd.nist.gov/vuln/detail/CVE-2009-3555",
"decisionReason": null,
"recordedAt": "1970-01-01T00:00:00+00:00",
"fieldMask": []
"recordedAt": "2025-10-14T08:00:00+00:00",
"fieldMask": [
"references[]"
]
},
"sourceTag": "cve",
"summary": "CVE-2009-3555",
@@ -257,12 +301,14 @@
{
"kind": "cve",
"provenance": {
"source": "unknown",
"kind": "unspecified",
"value": null,
"source": "ru-bdu",
"kind": "reference",
"value": "https://nvd.nist.gov/vuln/detail/CVE-2015-0206",
"decisionReason": null,
"recordedAt": "1970-01-01T00:00:00+00:00",
"fieldMask": []
"recordedAt": "2025-10-14T08:00:00+00:00",
"fieldMask": [
"references[]"
]
},
"sourceTag": "cve",
"summary": "CVE-2015-0206",
@@ -271,12 +317,14 @@
{
"kind": "external",
"provenance": {
"source": "unknown",
"kind": "unspecified",
"value": null,
"source": "ru-bdu",
"kind": "reference",
"value": "https://ptsecurity.com/PT-2015-0206",
"decisionReason": null,
"recordedAt": "1970-01-01T00:00:00+00:00",
"fieldMask": []
"recordedAt": "2025-10-14T08:00:00+00:00",
"fieldMask": [
"references[]"
]
},
"sourceTag": "positivetechnologiesadvisory",
"summary": "PT-2015-0206",

36
src/Concelier/__Tests/StellaOps.Concelier.Connector.Ru.Nkcki.Tests/Fixtures/nkcki-advisories.snapshot.json
View File

@@ -227,10 +227,12 @@
"provenance": {
"source": "ru-nkcki",
"kind": "advisory",
"value": "BDU:2025-01001",
"value": "https://bdu.fstec.ru/vul/2025-01001",
"decisionReason": null,
"recordedAt": "2025-10-12T00:01:00+00:00",
"fieldMask": []
"fieldMask": [
"references[]"
]
},
"sourceTag": "bdu",
"summary": null,
@@ -241,10 +243,12 @@
"provenance": {
"source": "ru-nkcki",
"kind": "advisory",
"value": "BDU:2025-01001",
"value": "https://cert.gov.ru/materialy/uyazvimosti/2025-01001",
"decisionReason": null,
"recordedAt": "2025-10-12T00:01:00+00:00",
"fieldMask": []
"fieldMask": [
"references[]"
]
},
"sourceTag": "ru-nkcki",
"summary": null,
@@ -255,10 +259,12 @@
"provenance": {
"source": "ru-nkcki",
"kind": "advisory",
"value": "BDU:2025-01001",
"value": "https://cwe.mitre.org/data/definitions/321.html",
"decisionReason": null,
"recordedAt": "2025-10-12T00:01:00+00:00",
"fieldMask": []
"fieldMask": [
"references[]"
]
},
"sourceTag": "cwe",
"summary": "Use of Hard-coded Cryptographic Key",
@@ -269,10 +275,12 @@
"provenance": {
"source": "ru-nkcki",
"kind": "advisory",
"value": "BDU:2025-01001",
"value": "https://vendor.example/advisories/sample-scada",
"decisionReason": null,
"recordedAt": "2025-10-12T00:01:00+00:00",
"fieldMask": []
"fieldMask": [
"references[]"
]
},
"sourceTag": null,
"summary": null,
@@ -458,10 +466,12 @@
"provenance": {
"source": "ru-nkcki",
"kind": "advisory",
"value": "BDU:2024-00011",
"value": "https://bdu.fstec.ru/vul/2024-00011",
"decisionReason": null,
"recordedAt": "2025-10-12T00:01:00+00:00",
"fieldMask": []
"fieldMask": [
"references[]"
]
},
"sourceTag": "bdu",
"summary": null,
@@ -472,10 +482,12 @@
"provenance": {
"source": "ru-nkcki",
"kind": "advisory",
"value": "BDU:2024-00011",
"value": "https://cert.gov.ru/materialy/uyazvimosti/2024-00011",
"decisionReason": null,
"recordedAt": "2025-10-12T00:01:00+00:00",
"fieldMask": []
"fieldMask": [
"references[]"
]
},
"sourceTag": "ru-nkcki",
"summary": null,

5
src/Concelier/__Tests/StellaOps.Concelier.Connector.StellaOpsMirror.Tests/AGENTS.md
View File

@@ -20,10 +20,10 @@ Own the StellaOps mirror connector test suite covering bundle ingestion, signatu
## Required Reading
- `docs/modules/concelier/architecture.md`
- `docs/ingestion/aggregation-only-contract.md`
- `docs/modules/concelier/guides/aggregation-only-contract.md`
- `docs/modules/concelier/operations/mirror.md`
- `docs/modules/export-center/architecture.md`
- `docs/modules/airgap/airgap-mode.md`
- `docs/modules/airgap/guides/airgap-mode.md`
## Working Agreement
- 1. Update task status to `DOING`/`DONE` in both corresponding sprint file `/docs/implplan/SPRINT_*.md` and the local `TASKS.md` when you start or finish work.
@@ -31,3 +31,4 @@ Own the StellaOps mirror connector test suite covering bundle ingestion, signatu
- 3. Keep changes deterministic (stable ordering, timestamps, hashes) and align with offline/air-gap expectations.
- 4. Coordinate doc updates, tests, and cross-guild communication whenever contracts or workflows change.
- 5. Revert to `TODO` if you pause the task without shipping changes; leave notes in commit/PR descriptions for context.

14
src/Concelier/__Tests/StellaOps.Concelier.Connector.Vndr.Vmware.Tests/Vmware/Fixtures/vmware-advisories.snapshot.json
View File

@@ -53,7 +53,7 @@
"max": null,
"maxInclusive": null,
"value": null,
"notes": "VMware ESXi 7.0"
"notes": null
}
],
"statuses": [],
@@ -119,7 +119,7 @@
"max": null,
"maxInclusive": null,
"value": null,
"notes": "VMware vCenter Server 8.0"
"notes": null
}
],
"statuses": [],
@@ -173,7 +173,7 @@
"provenance": {
"source": "vmware",
"kind": "document",
"value": "https://vmware.example/api/vmsa/VMSA-2024-0001.json",
"value": "https://kb.vmware.example/90234",
"decisionReason": null,
"recordedAt": "2024-04-05T00:00:00+00:00",
"fieldMask": []
@@ -187,7 +187,7 @@
"provenance": {
"source": "vmware",
"kind": "document",
"value": "https://vmware.example/api/vmsa/VMSA-2024-0001.json",
"value": "https://www.vmware.com/security/advisories/VMSA-2024-0001.html",
"decisionReason": null,
"recordedAt": "2024-04-05T00:00:00+00:00",
"fieldMask": []
@@ -255,7 +255,7 @@
"max": "5.1.1",
"maxInclusive": false,
"value": null,
"notes": "VMware Cloud Foundation 5.x"
"notes": null
}
],
"statuses": [],
@@ -308,7 +308,7 @@
"provenance": {
"source": "vmware",
"kind": "document",
"value": "https://vmware.example/api/vmsa/VMSA-2024-0002.json",
"value": "https://kb.vmware.example/91234",
"decisionReason": null,
"recordedAt": "2024-04-05T00:00:00+00:00",
"fieldMask": []
@@ -322,7 +322,7 @@
"provenance": {
"source": "vmware",
"kind": "document",
"value": "https://vmware.example/api/vmsa/VMSA-2024-0002.json",
"value": "https://www.vmware.com/security/advisories/VMSA-2024-0002.html",
"decisionReason": null,
"recordedAt": "2024-04-05T00:00:00+00:00",
"fieldMask": []

19
src/Concelier/__Tests/StellaOps.Concelier.Integration.Tests/DistroVersionCrossCheckTests.cs
View File

@@ -41,7 +41,12 @@ public sealed class DistroVersionCrossCheckTests
{
var installed = await GetInstalledVersionAsync(container, fixture, CancellationToken.None);
var actual = CompareVersions(fixture, installed);
Assert.Equal(fixture.ExpectedComparison, actual);
Assert.True(
fixture.ExpectedComparison == actual,
$"[{fixture.Distro}] {fixture.Image} / {fixture.Package}: " +
$"installed='{installed}' vs fixed='{fixture.FixedVersion}' — " +
$"expected {fixture.ExpectedComparison} but got {actual}" +
(fixture.Note is not null ? $" ({fixture.Note})" : string.Empty));
}
}
}
@@ -57,7 +62,7 @@ public sealed class DistroVersionCrossCheckTests
$"rpm -q --qf '%{{NAME}}-%{{EPOCHNUM}}:%{{VERSION}}-%{{RELEASE}}.%{{ARCH}}' {fixture.Package}", ct),
"deb" => await RunCommandAsync(container,
$"dpkg-query -W -f='${{Version}}' {fixture.Package}", ct),
"apk" => await RunCommandAsync(container, $"apk info -v {fixture.Package}", ct),
"apk" => await RunCommandAsync(container, $"apk version {fixture.Package} 2>/dev/null | tail -1", ct),
_ => throw new InvalidOperationException($"Unsupported distro: {fixture.Distro}")
};
@@ -114,13 +119,17 @@ public sealed class DistroVersionCrossCheckTests
foreach (var line in lines)
{
var trimmed = line.Trim();
if (trimmed.StartsWith(prefix, StringComparison.Ordinal))
// apk version output: "apk-tools-2.14.4-r1 = 2.14.4-r1"
// Extract the first token (versioned package name) before whitespace.
var firstToken = trimmed.Split(' ', StringSplitOptions.RemoveEmptyEntries)[0];
if (firstToken.StartsWith(prefix, StringComparison.Ordinal))
{
return trimmed[prefix.Length..];
return firstToken[prefix.Length..];
}
}
return lines.Length > 0 ? lines[0].Trim() : string.Empty;
return lines.Length > 0 ? lines[0].Trim().Split(' ', StringSplitOptions.RemoveEmptyEntries)[0] : string.Empty;
}
private static List<DistroVersionFixture> LoadFixtures()

8
src/Concelier/__Tests/StellaOps.Concelier.ProofService.Tests/TASKS.md Normal file
View File

@@ -0,0 +1,8 @@
# StellaOps.Concelier.ProofService.Tests Task Board
This board mirrors active sprint tasks for this module.
Source of truth: `docs/implplan/SPRINT_20260130_002_Tools_csproj_remediation_solid_review.md`.
| Task ID | Status | Notes |
| --- | --- | --- |
| REMED-05 | TODO | Remediation checklist: docs/implplan/audits/csproj-standards/remediation/checklists/src/Concelier/__Tests/StellaOps.Concelier.ProofService.Tests/StellaOps.Concelier.ProofService.Tests.md. |
| REMED-06 | DONE | SOLID review notes captured for SPRINT_20260130_002. |

8
src/Concelier/__Tests/StellaOps.Concelier.SchemaEvolution.Tests/TASKS.md Normal file
View File

@@ -0,0 +1,8 @@
# StellaOps.Concelier.SchemaEvolution.Tests Task Board
This board mirrors active sprint tasks for this module.
Source of truth: `docs/implplan/SPRINT_20260130_002_Tools_csproj_remediation_solid_review.md`.
| Task ID | Status | Notes |
| --- | --- | --- |
| REMED-05 | TODO | Remediation checklist: docs/implplan/audits/csproj-standards/remediation/checklists/src/Concelier/__Tests/StellaOps.Concelier.SchemaEvolution.Tests/StellaOps.Concelier.SchemaEvolution.Tests.md. |
| REMED-06 | DONE | SOLID review notes captured for SPRINT_20260130_002. |