work

src/VulnExplorer/StellaOps.VulnExplorer.Api/Program.cs

@@ -0,0 +1,115 @@
+using System.Globalization;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.OpenApi;
+using StellaOps.VulnExplorer.Api.Data;
+using StellaOps.VulnExplorer.Api.Models;
+
+var builder = WebApplication.CreateBuilder(args);
+builder.Services.AddEndpointsApiExplorer();
+builder.Services.AddOpenApi();
+
+var app = builder.Build();
+
+if (app.Environment.IsDevelopment())
+{
+    app.MapOpenApi();
+}
+
+app.UseHttpsRedirection();
+
+app.MapGet("/v1/vulns", (
+    HttpRequest request,
+    [AsParameters] VulnFilter filter) =>
+{
+    var tenant = request.Headers["x-stella-tenant"].ToString();
+    if (string.IsNullOrWhiteSpace(tenant))
+    {
+        return Results.BadRequest(new { error = "x-stella-tenant required" });
+    }
+
+    var data = ApplyFilter(SampleData.Summaries, filter);
+    var pageSize = Math.Clamp(filter.PageSize ?? 50, 1, 200);
+    var offset = ParsePageToken(filter.PageToken);
+
+    var page = data.Skip(offset).Take(pageSize).ToArray();
+    var nextOffset = offset + page.Length;
+    var next = nextOffset < data.Count ? nextOffset.ToString(CultureInfo.InvariantCulture) : null;
+
+    var response = new VulnListResponse(page, next);
+    return Results.Ok(response);
+})
+.WithOpenApi();
+
+app.MapGet("/v1/vulns/{id}", (HttpRequest request, string id) =>
+{
+    var tenant = request.Headers["x-stella-tenant"].ToString();
+    if (string.IsNullOrWhiteSpace(tenant))
+    {
+        return Results.BadRequest(new { error = "x-stella-tenant required" });
+    }
+
+    return SampleData.TryGetDetail(id, out var detail) && detail is not null
+        ? Results.Ok(detail)
+        : Results.NotFound();
+})
+.WithOpenApi();
+
+app.Run();
+
+static int ParsePageToken(string? token) =>
+    int.TryParse(token, out var offset) && offset >= 0 ? offset : 0;
+
+static IReadOnlyList<VulnSummary> ApplyFilter(IReadOnlyList<VulnSummary> source, VulnFilter filter)
+{
+    IEnumerable<VulnSummary> query = source;
+
+    if (filter.Cve?.Count > 0)
+    {
+        var set = filter.Cve.ToHashSet(StringComparer.OrdinalIgnoreCase);
+        query = query.Where(v => v.CveIds.Any(set.Contains));
+    }
+
+    if (filter.Purl?.Count > 0)
+    {
+        var set = filter.Purl.ToHashSet(StringComparer.OrdinalIgnoreCase);
+        query = query.Where(v => v.Purls.Any(set.Contains));
+    }
+
+    if (filter.Severity?.Count > 0)
+    {
+        var set = filter.Severity.ToHashSet(StringComparer.OrdinalIgnoreCase);
+        query = query.Where(v => set.Contains(v.Severity));
+    }
+
+    if (filter.Exploitability is not null)
+    {
+        query = query.Where(v => string.Equals(v.Exploitability, filter.Exploitability, StringComparison.OrdinalIgnoreCase));
+    }
+
+    if (filter.FixAvailable is not null)
+    {
+        query = query.Where(v => v.FixAvailable == filter.FixAvailable);
+    }
+
+    // deterministic ordering: score desc, id asc
+    query = query
+        .OrderByDescending(v => v.Score)
+        .ThenBy(v => v.Id, StringComparer.Ordinal);
+
+    return query.ToArray();
+}
+
+public record VulnFilter(
+    [FromHeader(Name = "x-stella-tenant")] string Tenant,
+    [FromQuery(Name = "policyVersion")] string? PolicyVersion,
+    [FromQuery(Name = "pageSize")] int? PageSize,
+    [FromQuery(Name = "pageToken")] string? PageToken,
+    [FromQuery(Name = "cve")] IReadOnlyList<string>? Cve,
+    [FromQuery(Name = "purl")] IReadOnlyList<string>? Purl,
+    [FromQuery(Name = "severity")] IReadOnlyList<string>? Severity,
+    [FromQuery(Name = "exploitability")] string? Exploitability,
+    [FromQuery(Name = "fixAvailable")] bool? FixAvailable);
+
+public partial class Program { }
+
+public partial class Program { }