stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity

Initial commit (history squashed)

Browse Source
This commit is contained in:
master
2025-10-07 10:14:21 +03:00
committed by Vladimir Moushkov
commit 6cbfd47ecd
621 changed files with 54480 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

112
src/StellaOps.Feedser.Source.Vndr.Oracle.Tests/Oracle/Fixtures/oracle-advisories.snapshot.json Normal file
View File

@@ -0,0 +1,112 @@
[
{
"advisoryKey": "oracle/cpuapr2024-01-html",
"affectedPackages": [],
"aliases": [
"ORACLE:cpuapr2024-01-html"
],
"cvssMetrics": [],
"exploitKnown": false,
"language": "en",
"modified": null,
"provenance": [
{
"kind": "document",
"recordedAt": "2024-04-18T00:01:00+00:00",
"source": "vndr-oracle",
"value": "https://www.oracle.com/security-alerts/cpuapr2024-01.html"
}
],
"published": "2024-04-18T00:00:00+00:00",
"references": [
{
"kind": "reference",
"provenance": {
"kind": "document",
"recordedAt": "2024-04-18T00:01:00+00:00",
"source": "vndr-oracle",
"value": "https://www.oracle.com/security-alerts/cpuapr2024-01.html"
},
"sourceTag": null,
"summary": null,
"url": "https://support.oracle.com/kb/123456"
},
{
"kind": "reference",
"provenance": {
"kind": "document",
"recordedAt": "2024-04-18T00:01:00+00:00",
"source": "vndr-oracle",
"value": "https://www.oracle.com/security-alerts/cpuapr2024-01.html"
},
"sourceTag": null,
"summary": null,
"url": "https://updates.oracle.com/patches/patch01"
},
{
"kind": "advisory",
"provenance": {
"kind": "document",
"recordedAt": "2024-04-18T00:01:00+00:00",
"source": "vndr-oracle",
"value": "https://www.oracle.com/security-alerts/cpuapr2024-01.html"
},
"sourceTag": "oracle",
"summary": null,
"url": "https://www.oracle.com/security-alerts/cpuapr2024-01.html"
}
],
"severity": null,
"summary": "Oracle CPU April 2024 Advisory 1 Oracle Critical Patch Update Advisory - April 2024 (CPU01) This advisory addresses vulnerabilities in Oracle Database Server. Patch download Support article",
"title": "cpuapr2024 01 html"
},
{
"advisoryKey": "oracle/cpuapr2024-02-html",
"affectedPackages": [],
"aliases": [
"ORACLE:cpuapr2024-02-html"
],
"cvssMetrics": [],
"exploitKnown": false,
"language": "en",
"modified": null,
"provenance": [
{
"kind": "document",
"recordedAt": "2024-04-18T00:01:00+00:00",
"source": "vndr-oracle",
"value": "https://www.oracle.com/security-alerts/cpuapr2024-02.html"
}
],
"published": "2024-04-18T00:00:00+00:00",
"references": [
{
"kind": "reference",
"provenance": {
"kind": "document",
"recordedAt": "2024-04-18T00:01:00+00:00",
"source": "vndr-oracle",
"value": "https://www.oracle.com/security-alerts/cpuapr2024-02.html"
},
"sourceTag": null,
"summary": null,
"url": "https://support.oracle.com/kb/789012"
},
{
"kind": "advisory",
"provenance": {
"kind": "document",
"recordedAt": "2024-04-18T00:01:00+00:00",
"source": "vndr-oracle",
"value": "https://www.oracle.com/security-alerts/cpuapr2024-02.html"
},
"sourceTag": "oracle",
"summary": null,
"url": "https://www.oracle.com/security-alerts/cpuapr2024-02.html"
}
],
"severity": null,
"summary": "Oracle CPU April 2024 Advisory 2 Oracle Security Alert Advisory - April 2024 (CPU02) Mitigations for Oracle WebLogic Server. More details at Support KB .",
"title": "cpuapr2024 02 html"
}
]

11
src/StellaOps.Feedser.Source.Vndr.Oracle.Tests/Oracle/Fixtures/oracle-detail-cpuapr2024-01.html Normal file
View File

@@ -0,0 +1,11 @@
<html>
<head><title>Oracle CPU April 2024 Advisory 1</title></head>
<body>
<h1>Oracle Critical Patch Update Advisory - April 2024 (CPU01)</h1>
<p>This advisory addresses vulnerabilities in Oracle Database Server.</p>
<ul>
<li><a href="https://updates.oracle.com/patches/patch01">Patch download</a></li>
<li><a href="https://support.oracle.com/kb/123456">Support article</a></li>
</ul>
</body>
</html>

8
src/StellaOps.Feedser.Source.Vndr.Oracle.Tests/Oracle/Fixtures/oracle-detail-cpuapr2024-02.html Normal file
View File

@@ -0,0 +1,8 @@
<html>
<head><title>Oracle CPU April 2024 Advisory 2</title></head>
<body>
<h1>Oracle Security Alert Advisory - April 2024 (CPU02)</h1>
<p>Mitigations for Oracle WebLogic Server.</p>
<p>More details at <a href="https://support.oracle.com/kb/789012">Support KB</a>.</p>
</body>
</html>

158
src/StellaOps.Feedser.Source.Vndr.Oracle.Tests/Oracle/OracleConnectorTests.cs Normal file
View File

@@ -0,0 +1,158 @@
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Text;
using System.Threading;
using System.Threading.Tasks;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Http;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Logging.Abstractions;
using Microsoft.Extensions.Options;
using Microsoft.Extensions.Time.Testing;
using MongoDB.Bson;
using MongoDB.Driver;
using StellaOps.Feedser.Models;
using StellaOps.Feedser.Source.Common.Http;
using StellaOps.Feedser.Source.Common.Testing;
using StellaOps.Feedser.Source.Vndr.Oracle;
using StellaOps.Feedser.Source.Vndr.Oracle.Configuration;
using StellaOps.Feedser.Storage.Mongo;
using StellaOps.Feedser.Storage.Mongo.Advisories;
using StellaOps.Feedser.Storage.Mongo.Documents;
using StellaOps.Feedser.Storage.Mongo.Dtos;
using StellaOps.Feedser.Storage.Mongo.PsirtFlags;
using StellaOps.Feedser.Testing;
namespace StellaOps.Feedser.Source.Vndr.Oracle.Tests;
[Collection("mongo-fixture")]
public sealed class OracleConnectorTests : IAsyncLifetime
{
private readonly MongoIntegrationFixture _fixture;
private readonly FakeTimeProvider _timeProvider;
private readonly CannedHttpMessageHandler _handler;
private static readonly Uri AdvisoryOne = new("https://www.oracle.com/security-alerts/cpuapr2024-01.html");
private static readonly Uri AdvisoryTwo = new("https://www.oracle.com/security-alerts/cpuapr2024-02.html");
public OracleConnectorTests(MongoIntegrationFixture fixture)
{
_fixture = fixture;
_timeProvider = new FakeTimeProvider(new DateTimeOffset(2024, 4, 18, 0, 0, 0, TimeSpan.Zero));
_handler = new CannedHttpMessageHandler();
}
[Fact]
public async Task FetchParseMap_EmitsOraclePsirtSnapshot()
{
await using var provider = await BuildServiceProviderAsync();
SeedDetails();
var connector = provider.GetRequiredService<OracleConnector>();
await connector.FetchAsync(provider, CancellationToken.None);
_timeProvider.Advance(TimeSpan.FromMinutes(1));
await connector.ParseAsync(provider, CancellationToken.None);
await connector.MapAsync(provider, CancellationToken.None);
var advisoryStore = provider.GetRequiredService<IAdvisoryStore>();
var advisories = await advisoryStore.GetRecentAsync(10, CancellationToken.None);
Assert.Equal(2, advisories.Count);
var snapshot = SnapshotSerializer.ToSnapshot(advisories.OrderBy(static a => a.AdvisoryKey, StringComparer.Ordinal).ToArray());
var expected = ReadFixture("oracle-advisories.snapshot.json");
var normalizedSnapshot = Normalize(snapshot);
var normalizedExpected = Normalize(expected);
if (!string.Equals(normalizedExpected, normalizedSnapshot, StringComparison.Ordinal))
{
var actualPath = Path.Combine(AppContext.BaseDirectory, "Source", "Vndr", "Oracle", "Fixtures", "oracle-advisories.actual.json");
File.WriteAllText(actualPath, snapshot);
}
Assert.Equal(normalizedExpected, normalizedSnapshot);
var psirtCollection = _fixture.Database.GetCollection<BsonDocument>(MongoStorageDefaults.Collections.PsirtFlags);
var flags = await psirtCollection.Find(Builders<BsonDocument>.Filter.Empty).ToListAsync();
Assert.Equal(2, flags.Count);
Assert.All(flags, doc => Assert.Equal("Oracle", doc["vendor"].AsString));
}
private async Task<ServiceProvider> BuildServiceProviderAsync()
{
await _fixture.Client.DropDatabaseAsync(_fixture.Database.DatabaseNamespace.DatabaseName);
_handler.Clear();
var services = new ServiceCollection();
services.AddLogging(builder => builder.AddProvider(NullLoggerProvider.Instance));
services.AddSingleton<TimeProvider>(_timeProvider);
services.AddSingleton(_handler);
services.AddMongoStorage(options =>
{
options.ConnectionString = _fixture.Runner.ConnectionString;
options.DatabaseName = _fixture.Database.DatabaseNamespace.DatabaseName;
options.CommandTimeout = TimeSpan.FromSeconds(5);
});
services.AddSourceCommon();
services.AddOracleConnector(opts =>
{
opts.AdvisoryUris = new List<Uri> { AdvisoryOne, AdvisoryTwo };
opts.RequestDelay = TimeSpan.Zero;
});
services.Configure<HttpClientFactoryOptions>(OracleOptions.HttpClientName, builderOptions =>
{
builderOptions.HttpMessageHandlerBuilderActions.Add(builder =>
{
builder.PrimaryHandler = _handler;
});
});
var provider = services.BuildServiceProvider();
var bootstrapper = provider.GetRequiredService<MongoBootstrapper>();
await bootstrapper.InitializeAsync(CancellationToken.None);
return provider;
}
private void SeedDetails()
{
AddDetailResponse(AdvisoryOne, "oracle-detail-cpuapr2024-01.html", "\"oracle-001\"");
AddDetailResponse(AdvisoryTwo, "oracle-detail-cpuapr2024-02.html", "\"oracle-002\"");
}
private void AddDetailResponse(Uri uri, string fixture, string? etag)
{
_handler.AddResponse(uri, () =>
{
var response = new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent(ReadFixture(fixture), Encoding.UTF8, "text/html"),
};
if (!string.IsNullOrEmpty(etag))
{
response.Headers.ETag = new EntityTagHeaderValue(etag);
}
return response;
});
}
private static string ReadFixture(string filename)
{
var path = Path.Combine(AppContext.BaseDirectory, "Source", "Vndr", "Oracle", "Fixtures", filename);
return File.ReadAllText(path);
}
private static string Normalize(string value)
=> value.Replace("\r\n", "\n", StringComparison.Ordinal);
public Task InitializeAsync() => Task.CompletedTask;
public Task DisposeAsync() => Task.CompletedTask;
}