stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Add LDAP Distinguished Name Helper and Credential Audit Context
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details

Browse Source 
- Implemented LdapDistinguishedNameHelper for escaping RDN and filter values.
- Created AuthorityCredentialAuditContext and IAuthorityCredentialAuditContextAccessor for managing credential audit context.
- Developed StandardCredentialAuditLogger with tests for success, failure, and lockout events.
- Introduced AuthorityAuditSink for persisting audit records with structured logging.
- Added CryptoPro related classes for certificate resolution and signing operations.
This commit is contained in:
master
2025-11-09 12:21:38 +02:00
parent ba4c935182
commit 75c2bcafce
385 changed files with 7354 additions and 7344 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/VulnExplorer/StellaOps.VulnExplorer.Api/TASKS.md
View File

@@ -1,14 +0,0 @@
# Vulnerability Explorer API Task Board — Epic 6
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
| VULN-API-29-001 | TODO | Vuln Explorer API Guild | LEDGER-29-001, GRAPH-INDEX-28-001 | Define OpenAPI spec (list/detail/query/simulation/workflow/export), query JSON schema, pagination/grouping contracts, and error codes. | OpenAPI + schemas committed; spectral lint passes; clients regenerated for Console/CLI; docs drafted. |
| VULN-API-29-002 | TODO | Vuln Explorer API Guild | VULN-API-29-001, LEDGER-29-003 | Implement list/query endpoints with policy parameter, grouping, server paging, caching, and cost budgets. | Endpoints return deterministic results; budgets enforced; integration tests cover filters/groupings; metrics logged. |
| VULN-API-29-003 | TODO | Vuln Explorer API Guild | VULN-API-29-002 | Implement detail endpoint aggregating evidence, policy rationale, paths (Graph Explorer deep link), and workflow summary. | Detail payload matches contract; evidence references raw doc ids; tests cover missing evidence. |
| VULN-API-29-004 | TODO | Vuln Explorer API Guild, Findings Ledger Guild | LEDGER-29-005 | Expose workflow endpoints (assign, comment, accept-risk, verify-fix, target-fix, reopen) that write ledger events with idempotency + validation. | Workflow APIs create ledger events, return updated projection; error handling documented; tests cover business rules. |
| VULN-API-29-005 | TODO | Vuln Explorer API Guild, Policy Guild | POLICY-ENGINE-27-001, VULN-API-29-002 | Implement simulation endpoint comparing `policy_from` vs `policy_to`, returning diffs without side effects; hook into Policy Engine batch eval. | Simulation returns delta sets; runtime under SLA; tests cover large queries; no ledger writes. |
| VULN-API-29-006 | TODO | Vuln Explorer API Guild | SBOM-CONSOLE-23-001, GRAPH-API-28-003 | Integrate resolver results with Graph Explorer: include shortest path metadata, line up deep-link parameters, expose `paths` array in details. | API returns path metadata; Graph Explorer links validated via e2e tests; docs updated. |
| VULN-API-29-007 | TODO | Vuln Explorer API Guild, Security Guild | AUTH-POLICY-27-001, AUTH-VULN-29-001 | Enforce RBAC/ABAC scopes; implement CSRF/anti-forgery checks for Console; secure attachment URLs; audit logging. | Unauthorized requests rejected; audit logs contain actor + change; security tests cover ABAC filters. |
| VULN-API-29-008 | TODO | Vuln Explorer API Guild | VULN-API-29-001..007 | Build export orchestrator producing signed bundles (manifest, NDJSON, checksums, signature). Integrate with Findings Ledger for evidence and Policy Engine metadata. | Export endpoint streams bundles, attaches signature; tests validate manifest + checksum; docs updated. |
| VULN-API-29-009 | TODO | Vuln Explorer API Guild, Observability Guild | VULN-API-29-002..008 | Instrument metrics (`vuln_list_latency`, `vuln_simulation_latency`, `vuln_export_duration`, `vuln_workflow_events_total`), structured logs, and traces; publish dashboards/alerts. | Metrics registered; dashboards live; alert thresholds documented; telemetry tests in CI. |
| VULN-API-29-010 | TODO | Vuln Explorer API Guild, QA Guild | VULN-API-29-002..008 | Provide unit/integration/perf tests (5M findings), fuzz query validation, determinism harness comparing repeated queries. | CI suite green; perf tests documented; determinism harness passes; bug budget set. |
| VULN-API-29-011 | TODO | Vuln Explorer API Guild, DevOps Guild | VULN-API-29-002..009 | Package deployment (Helm/Compose), health checks, CI smoke, offline kit steps, and scaling guidance. | Deployment artifacts merged; smoke deploy validated; scaling/backup docs produced. |