stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity

Initial commit (history squashed)
Some checks failed
Build Test Deploy / authority-container (push) Has been cancelled
Details
Build Test Deploy / docs (push) Has been cancelled
Details
Build Test Deploy / deploy (push) Has been cancelled
Details
Build Test Deploy / build-test (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details

Browse Source
This commit is contained in:
master
2025-10-07 10:14:21 +03:00
commit b97fc7685a
1132 changed files with 117842 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
src/StellaOps.Feedser.Source.Ru.Nkcki/AGENTS.md Normal file
View File

@@ -0,0 +1,38 @@
# AGENTS
## Role
Implement the Russian NKTsKI (formerly NKCKI) advisories connector to ingest NKTsKI vulnerability bulletins for Feedsers regional coverage.
## Scope
- Identify NKTsKI advisory feeds/APIs (HTML, RSS, CSV) and access/authentication requirements.
- Implement fetch/cursor pipeline with dedupe and failure backoff tailored to the source format.
- Parse advisories to extract summary, affected vendors/products, recommended mitigation, and CVE identifiers.
- Map advisories into canonical `Advisory` records with aliases, references, affected packages, and range primitives.
- Create deterministic fixtures and regression tests.
## Participants
- `Source.Common` (HTTP/fetch utilities, DTO storage).
- `Storage.Mongo` (raw/document/DTO/advisory stores, source state).
- `Feedser.Models` (canonical data structures).
- `Feedser.Testing` (integration fixtures, snapshots).
## Interfaces & Contracts
- Job kinds: `nkcki:fetch`, `nkcki:parse`, `nkcki:map`.
- Persist upstream modification metadata to support incremental updates.
- Alias set should include NKTsKI advisory IDs and CVEs when present.
## In/Out of scope
In scope:
- Core ingestion/mapping pipeline with range primitives.
Out of scope:
- Translation beyond canonical field normalisation.
## Observability & Security Expectations
- Log fetch/mapping activity; mark failures with backoff delays.
- Handle Cyrillic text encoding and sanitise HTML safely.
- Respect upstream rate limiting/politeness.
## Tests
- Add `StellaOps.Feedser.Source.Ru.Nkcki.Tests` for fetch/parse/map with canned fixtures.
- Snapshot canonical advisories; support fixture regeneration via env flag.
- Ensure deterministic ordering/time normalisation.

29
src/StellaOps.Feedser.Source.Ru.Nkcki/Class1.cs Normal file
View File

@@ -0,0 +1,29 @@
using System;
using System.Threading;
using System.Threading.Tasks;
using StellaOps.Plugin;
namespace StellaOps.Feedser.Source.Ru.Nkcki;
public sealed class RuNkckiConnectorPlugin : IConnectorPlugin
{
public string Name => "ru-nkcki";
public bool IsAvailable(IServiceProvider services) => true;
public IFeedConnector Create(IServiceProvider services) => new StubConnector(Name);
private sealed class StubConnector : IFeedConnector
{
public StubConnector(string sourceName) => SourceName = sourceName;
public string SourceName { get; }
public Task FetchAsync(IServiceProvider services, CancellationToken cancellationToken) => Task.CompletedTask;
public Task ParseAsync(IServiceProvider services, CancellationToken cancellationToken) => Task.CompletedTask;
public Task MapAsync(IServiceProvider services, CancellationToken cancellationToken) => Task.CompletedTask;
}
}

16
src/StellaOps.Feedser.Source.Ru.Nkcki/StellaOps.Feedser.Source.Ru.Nkcki.csproj Normal file
View File

@@ -0,0 +1,16 @@
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<TargetFramework>net10.0</TargetFramework>
<ImplicitUsings>enable</ImplicitUsings>
<Nullable>enable</Nullable>
</PropertyGroup>
<ItemGroup>
<ProjectReference Include="../StellaOps.Plugin/StellaOps.Plugin.csproj" />
<ProjectReference Include="../StellaOps.Feedser.Source.Common/StellaOps.Feedser.Source.Common.csproj" />
<ProjectReference Include="../StellaOps.Feedser.Models/StellaOps.Feedser.Models.csproj" />
</ItemGroup>
</Project>

11
src/StellaOps.Feedser.Source.Ru.Nkcki/TASKS.md Normal file
View File

@@ -0,0 +1,11 @@
# TASKS
| Task | Owner(s) | Depends on | Notes |
|---|---|---|---|
|FEEDCONN-NKCKI-02-001 Research NKTsKI advisory feeds|BE-Conn-Nkcki|Research|**DOING** 2025-10-11: Located cert.gov.ru RSS landing page with paginated advisories; raw feed pulls currently blocked by TLS/403 so we still need to determine feed endpoints, auth requirements, and archive depth.|
|FEEDCONN-NKCKI-02-002 Fetch pipeline & state persistence|BE-Conn-Nkcki|Source.Common, Storage.Mongo|**TODO** Implement fetch job with retry/backoff, persist raw documents, update cursor metadata.|
|FEEDCONN-NKCKI-02-003 DTO & parser implementation|BE-Conn-Nkcki|Source.Common|**TODO** Build DTOs for NKTsKI advisories, sanitise HTML, extract vendors/products, CVEs, mitigation guidance.|
|FEEDCONN-NKCKI-02-004 Canonical mapping & range primitives|BE-Conn-Nkcki|Models|**TODO** Map advisories into canonical records with aliases, references, and vendor range primitives. Coordinate normalized outputs and provenance per `../StellaOps.Feedser.Merge/RANGE_PRIMITIVES_COORDINATION.md`.|
|FEEDCONN-NKCKI-02-005 Deterministic fixtures & tests|QA|Testing|**TODO** Add regression tests supporting `UPDATE_NKCKI_FIXTURES=1` for snapshot regeneration.|
|FEEDCONN-NKCKI-02-006 Telemetry & documentation|DevEx|Docs|**TODO** Add logging/metrics, document connector configuration, and close backlog entry after deliverable ships.|
|FEEDCONN-NKCKI-02-007 Archive ingestion strategy|BE-Conn-Nkcki|Research|**TODO** Document bulletin taxonomy (alerts vs recommendations), paging behaviour, and fallback scraping plan for legacy advisories.|
|FEEDCONN-NKCKI-02-008 Access enablement plan|BE-Conn-Nkcki|Source.Common|**TODO** Determine certificate/proxy requirements to fetch cert.gov.ru RSS feeds without 403/TLS failures and outline monitoring for future access policy shifts.|