stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

more features checks. setup improvements

Browse Source
This commit is contained in:
master
2026-02-13 02:04:55 +02:00
parent 9911b7d73c
commit 9ca2de05df
675 changed files with 37550 additions and 1826 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
docs/features/checked/concelier/backport-aware-advisory-deduplication-with-provenance-scope.md Normal file
View File

@@ -0,0 +1,31 @@
# Backport-Aware Advisory Deduplication with Provenance Scope
## Module
Concelier
## Status
VERIFIED
## Description
Enhances canonical advisory deduplication to be backport-aware. Same CVE with different backport status produces correctly differentiated canonicals. Includes provenance_scope tracking, configurable vendor vs. distro precedence lattice, and patch lineage normalization for merge_hash computation.
## Implementation Details
- **Modules**: `src/Concelier/__Libraries/StellaOps.Concelier.Merge/`, `src/Concelier/__Libraries/StellaOps.Concelier.Persistence/`
- **Key Classes**:
- `MergeHashCalculator` (`src/Concelier/__Libraries/StellaOps.Concelier.Merge/Identity/MergeHashCalculator.cs`) - merge hash computation with backport-aware normalization
- `MergeHashBackfillService` (`src/Concelier/__Libraries/StellaOps.Concelier.Merge/Services/MergeHashBackfillService.cs`) - backfills merge hashes for existing advisories
- `MergeHashBackfillJob` (`src/Concelier/__Libraries/StellaOps.Concelier.Merge/Jobs/MergeHashBackfillJob.cs`) - scheduled job for merge hash backfill
- `MergeHashShadowWriteService` (`src/Concelier/__Libraries/StellaOps.Concelier.Merge/Identity/MergeHashShadowWriteService.cs`) - shadow writes for merge hash validation
- `ProvenanceScopeService` (`src/Concelier/__Libraries/StellaOps.Concelier.Merge/Backport/ProvenanceScopeService.cs`) - provenance scope tracking and management
- `ProvenanceScopeRepository` (`src/Concelier/__Libraries/StellaOps.Concelier.Persistence/Postgres/Repositories/ProvenanceScopeRepository.cs`) - PostgreSQL persistence for provenance scopes
- `ProvenanceScopeEntity` (`src/Concelier/__Libraries/StellaOps.Concelier.Persistence/Postgres/Models/ProvenanceScopeEntity.cs`) - database entity for provenance scope
- `PostgresProvenanceScopeStore` (`src/Concelier/__Libraries/StellaOps.Concelier.Persistence/Postgres/Repositories/PostgresProvenanceScopeStore.cs`) - store implementation
- **Interfaces**: `IMergeHashCalculator`, `IProvenanceScopeService`, `IProvenanceScopeRepository`
- **Source**: SPRINT_8200_0015_0001_CONCEL_backport_integration.md
## E2E Test Plan
- [ ] Ingest same CVE with different backport status (patched vs unpatched) from two distros and verify they produce distinct canonical advisories
- [ ] Verify `MergeHashCalculator` differentiates merge hashes when backport status differs for the same CVE
- [ ] Verify `ProvenanceScopeService` correctly tracks which provenance scope each canonical belongs to
- [ ] Verify vendor vs. distro precedence: when vendor says "not affected" but distro says "patched", verify the precedence lattice resolves correctly
- [ ] Verify `MergeHashBackfillService` can retroactively update merge hashes for pre-existing advisories