Initial commit (history squashed)
Some checks failed
Build Test Deploy / authority-container (push) Has been cancelled
Build Test Deploy / docs (push) Has been cancelled
Build Test Deploy / deploy (push) Has been cancelled
Build Test Deploy / build-test (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Some checks failed
Build Test Deploy / authority-container (push) Has been cancelled
Build Test Deploy / docs (push) Has been cancelled
Build Test Deploy / deploy (push) Has been cancelled
Build Test Deploy / build-test (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
This commit is contained in:
30
src/StellaOps.Feedser.Source.Vndr.Msrc/AGENTS.md
Normal file
30
src/StellaOps.Feedser.Source.Vndr.Msrc/AGENTS.md
Normal file
@@ -0,0 +1,30 @@
|
||||
# AGENTS
|
||||
## Role
|
||||
Implement the Microsoft Security Response Center (MSRC) connector to ingest Microsoft security updates (Security Updates API / CVRF).
|
||||
|
||||
## Scope
|
||||
- Identify MSRC data sources (Security Update Guide API, CVRF downloads) and incremental update strategy.
|
||||
- Implement fetch/cursor pipeline with retry/backoff, handling API keys if required.
|
||||
- Parse advisories to extract summary, affected products, KBs, CVEs, severities, mitigations.
|
||||
- Map entries into canonical `Advisory` objects with aliases, references, affected packages, and range primitives (e.g., Windows build numbers, SemVer).
|
||||
- Provide deterministic fixtures and regression tests.
|
||||
|
||||
## Participants
|
||||
- `Source.Common`, `Storage.Mongo`, `Feedser.Models`, `Feedser.Testing`.
|
||||
|
||||
## Interfaces & Contracts
|
||||
- Job kinds: `msrc:fetch`, `msrc:parse`, `msrc:map`.
|
||||
- Persist upstream metadata (e.g., `lastModified`, `releaseDate`).
|
||||
- Alias set should include MSRC ID, CVEs, and KB identifiers.
|
||||
|
||||
## In/Out of scope
|
||||
In scope: Microsoft Security Update Guide advisories.
|
||||
Out of scope: Non-security Microsoft release notes.
|
||||
|
||||
## Observability & Security Expectations
|
||||
- Log fetch/mapping stats, respect API rate limits, handle authentication securely.
|
||||
- Sanitize payloads; validate JSON/CVRF before persistence.
|
||||
|
||||
## Tests
|
||||
- Add `StellaOps.Feedser.Source.Vndr.Msrc.Tests` with fixtures covering fetch/parse/map.
|
||||
- Snapshot canonical advisories; support fixture regeneration.
|
||||
29
src/StellaOps.Feedser.Source.Vndr.Msrc/Class1.cs
Normal file
29
src/StellaOps.Feedser.Source.Vndr.Msrc/Class1.cs
Normal file
@@ -0,0 +1,29 @@
|
||||
using System;
|
||||
using System.Threading;
|
||||
using System.Threading.Tasks;
|
||||
using StellaOps.Plugin;
|
||||
|
||||
namespace StellaOps.Feedser.Source.Vndr.Msrc;
|
||||
|
||||
public sealed class VndrMsrcConnectorPlugin : IConnectorPlugin
|
||||
{
|
||||
public string Name => "vndr-msrc";
|
||||
|
||||
public bool IsAvailable(IServiceProvider services) => true;
|
||||
|
||||
public IFeedConnector Create(IServiceProvider services) => new StubConnector(Name);
|
||||
|
||||
private sealed class StubConnector : IFeedConnector
|
||||
{
|
||||
public StubConnector(string sourceName) => SourceName = sourceName;
|
||||
|
||||
public string SourceName { get; }
|
||||
|
||||
public Task FetchAsync(IServiceProvider services, CancellationToken cancellationToken) => Task.CompletedTask;
|
||||
|
||||
public Task ParseAsync(IServiceProvider services, CancellationToken cancellationToken) => Task.CompletedTask;
|
||||
|
||||
public Task MapAsync(IServiceProvider services, CancellationToken cancellationToken) => Task.CompletedTask;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,16 @@
|
||||
<Project Sdk="Microsoft.NET.Sdk">
|
||||
|
||||
<PropertyGroup>
|
||||
<TargetFramework>net10.0</TargetFramework>
|
||||
<ImplicitUsings>enable</ImplicitUsings>
|
||||
<Nullable>enable</Nullable>
|
||||
</PropertyGroup>
|
||||
|
||||
<ItemGroup>
|
||||
<ProjectReference Include="../StellaOps.Plugin/StellaOps.Plugin.csproj" />
|
||||
|
||||
<ProjectReference Include="../StellaOps.Feedser.Source.Common/StellaOps.Feedser.Source.Common.csproj" />
|
||||
<ProjectReference Include="../StellaOps.Feedser.Models/StellaOps.Feedser.Models.csproj" />
|
||||
</ItemGroup>
|
||||
</Project>
|
||||
|
||||
10
src/StellaOps.Feedser.Source.Vndr.Msrc/TASKS.md
Normal file
10
src/StellaOps.Feedser.Source.Vndr.Msrc/TASKS.md
Normal file
@@ -0,0 +1,10 @@
|
||||
# TASKS
|
||||
| Task | Owner(s) | Depends on | Notes |
|
||||
|---|---|---|---|
|
||||
|FEEDCONN-MSRC-02-001 Document MSRC Security Update Guide API|BE-Conn-MSRC|Research|**DOING** – 2025-10-11: Reviewed MSRC Security Update Guide API docs (REST/Graph + CVRF) and open-source client; still need to capture auth token handling, throttling, and delta parameters.|
|
||||
|FEEDCONN-MSRC-02-002 Fetch pipeline & source state|BE-Conn-MSRC|Source.Common, Storage.Mongo|**TODO** – Implement fetch job with retry/backoff, persist raw documents, manage cursors.|
|
||||
|FEEDCONN-MSRC-02-003 Parser & DTO implementation|BE-Conn-MSRC|Source.Common|**TODO** – Build DTOs for MSRC advisories (title, description, KB IDs, CVEs, product tree, severity).|
|
||||
|FEEDCONN-MSRC-02-004 Canonical mapping & range primitives|BE-Conn-MSRC|Models|**TODO** – Map advisories to canonical records with aliases, references, range primitives for product/build coverage. Coordinate scheme naming and normalized outputs with `../StellaOps.Feedser.Merge/RANGE_PRIMITIVES_COORDINATION.md`.|
|
||||
|FEEDCONN-MSRC-02-005 Deterministic fixtures/tests|QA|Testing|**TODO** – Add regression tests with fixtures; support `UPDATE_MSRC_FIXTURES=1`.|
|
||||
|FEEDCONN-MSRC-02-006 Telemetry & documentation|DevEx|Docs|**TODO** – Add logging/metrics and documentation; update backlog once connector is production-ready.|
|
||||
|FEEDCONN-MSRC-02-007 API contract comparison memo|BE-Conn-MSRC|Research|**TODO** – Summarise REST vs CVRF payload differences, rate limits, and token requirements; recommend primary ingestion path for Feedser.|
|
||||
Reference in New Issue
Block a user