notify doctors work, audit work, new product advisory sprints

2026-01-13 08:36:29 +02:00
parent b8868a5f13
commit 9ca7cb183e
343 changed files with 24492 additions and 3544 deletions
--- a/src/__Libraries/StellaOps.Evidence/Validation/EvidenceIndexValidator.cs
+++ b/src/__Libraries/StellaOps.Evidence/Validation/EvidenceIndexValidator.cs
@@ -1,14 +1,46 @@
 using StellaOps.Evidence.Models;
 using StellaOps.Evidence.Serialization;
+using System.Text.Json;
+using Json.Schema;

 namespace StellaOps.Evidence.Validation;

 public sealed class EvidenceIndexValidator : IEvidenceIndexValidator
 {
+    private readonly JsonSchema _schema;
+
+    public EvidenceIndexValidator()
+    {
+        var schemaJson = SchemaLoader.LoadSchema("evidence-index.schema.json");
+        _schema = JsonSchema.FromText(schemaJson, new BuildOptions
+        {
+            SchemaRegistry = new SchemaRegistry()
+        });
+    }
+
    public ValidationResult Validate(EvidenceIndex index)
    {
+        ArgumentNullException.ThrowIfNull(index);
        var errors = new List<ValidationError>();

+        var json = EvidenceIndexSerializer.Serialize(index);
+        using var document = JsonDocument.Parse(json);
+        var schemaResult = _schema.Evaluate(document.RootElement);
+        if (!schemaResult.IsValid)
+        {
+            if (schemaResult.Errors is not null)
+            {
+                foreach (var error in schemaResult.Errors)
+                {
+                    errors.Add(new ValidationError("Schema", error.Value ?? "Unknown error"));
+                }
+            }
+            else
+            {
+                errors.Add(new ValidationError("Schema", "Schema validation failed"));
+            }
+        }
+
        if (index.Sboms.Length == 0)
        {
            errors.Add(new ValidationError("Sboms", "At least one SBOM required"));
@@ -25,7 +57,7 @@ public sealed class EvidenceIndexValidator : IEvidenceIndexValidator
        foreach (var proof in index.ReachabilityProofs)
        {
            if (proof.Status == ReachabilityStatus.Inconclusive &&
-                !index.Unknowns.Any(u => u.VulnerabilityId == proof.VulnerabilityId))
+                !index.Unknowns.Any(u => string.Equals(u.VulnerabilityId, proof.VulnerabilityId, StringComparison.Ordinal)))
            {
                errors.Add(new ValidationError("ReachabilityProofs",
                    $"Inconclusive reachability for {proof.VulnerabilityId} not recorded as unknown"));