feat: Implement vulnerability token signing and verification utilities

- Added VulnTokenSigner for signing JWT tokens with specified algorithms and keys. - Introduced VulnTokenUtilities for resolving tenant and subject claims, and sanitizing context dictionaries. - Created VulnTokenVerificationUtilities for parsing tokens, verifying signatures, and deserializing payloads. - Developed VulnWorkflowAntiForgeryTokenIssuer for issuing anti-forgery tokens with configurable options. - Implemented VulnWorkflowAntiForgeryTokenVerifier for verifying anti-forgery tokens and validating payloads. - Added AuthorityVulnerabilityExplorerOptions to manage configuration for vulnerability explorer features. - Included tests for FilesystemPackRunDispatcher to ensure proper job handling under egress policy restrictions.
2025-11-03 10:02:29 +02:00
parent bf2bf4b395
commit b1e78fe412
215 changed files with 19441 additions and 12185 deletions
--- a/docs/dev/templates/vexer-connector/src/MyConnector.cs
+++ b/docs/dev/templates/vexer-connector/src/MyConnector.cs
@@ -1,72 +0,0 @@
-using System.Collections.Generic;
-using System.Collections.Immutable;
-using System.Runtime.CompilerServices;
-using Microsoft.Extensions.Logging;
-using StellaOps.Vexer.Connectors.Abstractions;
-using StellaOps.Vexer.Core;
-
-namespace StellaOps.Vexer.Connectors.MyProvider;
-
-public sealed class MyConnector : VexConnectorBase
-{
-    private readonly IEnumerable<IVexConnectorOptionsValidator<MyConnectorOptions>> _validators;
-    private MyConnectorOptions? _options;
-
-    public MyConnector(VexConnectorDescriptor descriptor, ILogger<MyConnector> logger, TimeProvider timeProvider, IEnumerable<IVexConnectorOptionsValidator<MyConnectorOptions>> validators)
-        : base(descriptor, logger, timeProvider)
-    {
-        _validators = validators;
-    }
-
-    public override ValueTask ValidateAsync(VexConnectorSettings settings, CancellationToken cancellationToken)
-    {
-        _options = VexConnectorOptionsBinder.Bind(
-            Descriptor,
-            settings,
-            validators: _validators);
-
-        LogConnectorEvent(LogLevel.Information, "validate", "MyConnector configuration loaded.",
-            new Dictionary<string, object?>
-            {
-                ["catalogUri"] = _options.CatalogUri,
-                ["maxParallelRequests"] = _options.MaxParallelRequests,
-            });
-
-        return ValueTask.CompletedTask;
-    }
-
-    public override IAsyncEnumerable<VexRawDocument> FetchAsync(VexConnectorContext context, CancellationToken cancellationToken)
-    {
-        if (_options is null)
-        {
-            throw new InvalidOperationException("Connector not validated.");
-        }
-
-        return FetchInternalAsync(context, cancellationToken);
-    }
-
-    private async IAsyncEnumerable<VexRawDocument> FetchInternalAsync(VexConnectorContext context, [EnumeratorCancellation] CancellationToken cancellationToken)
-    {
-        LogConnectorEvent(LogLevel.Information, "fetch", "Fetching catalog window...");
-
-        // Replace with real HTTP logic.
-        await Task.Delay(10, cancellationToken);
-
-        var metadata = BuildMetadata(builder => builder
-            .Add("sourceUri", _options!.CatalogUri)
-            .Add("window", context.Since?.ToString("O") ?? "full"));
-
-        yield return CreateRawDocument(
-            VexDocumentFormat.CsafJson,
-            new Uri($"{_options.CatalogUri.TrimEnd('/')}/sample.json"),
-            new byte[] { 0x7B, 0x7D },
-            metadata);
-    }
-
-    public override ValueTask<VexClaimBatch> NormalizeAsync(VexRawDocument document, CancellationToken cancellationToken)
-    {
-        var claims = ImmutableArray<VexClaim>.Empty;
-        var diagnostics = ImmutableDictionary<string, string>.Empty;
-        return ValueTask.FromResult(new VexClaimBatch(document, claims, diagnostics));
-    }
-}
--- a/docs/dev/templates/vexer-connector/src/MyConnectorOptions.cs
+++ b/docs/dev/templates/vexer-connector/src/MyConnectorOptions.cs
@@ -1,16 +0,0 @@
-using System.ComponentModel.DataAnnotations;
-
-namespace StellaOps.Vexer.Connectors.MyProvider;
-
-public sealed class MyConnectorOptions
-{
-    [Required]
-    [Url]
-    public string CatalogUri { get; set; } = default!;
-
-    [Required]
-    public string ApiKey { get; set; } = default!;
-
-    [Range(1, 32)]
-    public int MaxParallelRequests { get; set; } = 4;
-}
--- a/docs/dev/templates/vexer-connector/src/MyConnectorOptionsValidator.cs
+++ b/docs/dev/templates/vexer-connector/src/MyConnectorOptionsValidator.cs
@@ -1,15 +0,0 @@
-using System.Collections.Generic;
-using StellaOps.Vexer.Connectors.Abstractions;
-
-namespace StellaOps.Vexer.Connectors.MyProvider;
-
-public sealed class MyConnectorOptionsValidator : IVexConnectorOptionsValidator<MyConnectorOptions>
-{
-    public void Validate(VexConnectorDescriptor descriptor, MyConnectorOptions options, IList<string> errors)
-    {
-        if (!options.CatalogUri.StartsWith("https://", StringComparison.OrdinalIgnoreCase))
-        {
-            errors.Add("CatalogUri must use HTTPS.");
-        }
-    }
-}
--- a/docs/dev/templates/vexer-connector/src/MyConnectorPlugin.cs
+++ b/docs/dev/templates/vexer-connector/src/MyConnectorPlugin.cs
@@ -1,27 +0,0 @@
-using Microsoft.Extensions.DependencyInjection;
-using Microsoft.Extensions.Logging;
-using StellaOps.Plugin;
-using StellaOps.Vexer.Connectors.Abstractions;
-using StellaOps.Vexer.Core;
-
-namespace StellaOps.Vexer.Connectors.MyProvider;
-
-public sealed class MyConnectorPlugin : IConnectorPlugin
-{
-    private static readonly VexConnectorDescriptor Descriptor = new(
-        id: "vexer:my-provider",
-        kind: VexProviderKind.Vendor,
-        displayName: "My Provider VEX");
-
-    public string Name => Descriptor.DisplayName;
-
-    public bool IsAvailable(IServiceProvider services) => true;
-
-    public IFeedConnector Create(IServiceProvider services)
-    {
-        var logger = services.GetRequiredService<ILogger<MyConnector>>();
-        var timeProvider = services.GetRequiredService<TimeProvider>();
-        var validators = services.GetServices<IVexConnectorOptionsValidator<MyConnectorOptions>>();
-        return new MyConnector(Descriptor, logger, timeProvider, validators);
-    }
-}
--- a/docs/dev/templates/vexer-connector/src/Vexer.MyConnector.csproj
+++ b/docs/dev/templates/vexer-connector/src/Vexer.MyConnector.csproj
@@ -1,12 +0,0 @@
-<Project Sdk="Microsoft.NET.Sdk">
-  <PropertyGroup>
-    <TargetFramework>net10.0</TargetFramework>
-    <Nullable>enable</Nullable>
-    <ImplicitUsings>enable</ImplicitUsings>
-    <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
-  </PropertyGroup>
-  <ItemGroup>
-    <!-- Adjust the relative path when copying this template into a repo -->
-    <ProjectReference Include="..\..\..\..\src\StellaOps.Vexer.Connectors.Abstractions\StellaOps.Vexer.Connectors.Abstractions.csproj" />
-  </ItemGroup>
-</Project>