Fix build and code structure improvements. New but essential UI functionality. CI improvements. Documentation improvements. AI module improvements.

src/Concelier/__Tests/StellaOps.Concelier.Models.Tests/CanonicalJsonSerializerTests.cs

@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Text.Json;
@@ -130,7 +130,6 @@ public sealed class CanonicalJsonSerializerTests
 
         var json = CanonicalJsonSerializer.Serialize(advisory);
         using var document = JsonDocument.Parse(json);
-using StellaOps.TestKit;
         var rangeElement = document.RootElement
             .GetProperty("affectedPackages")[0]
             .GetProperty("versionRanges")[0];

src/Concelier/__Tests/StellaOps.Concelier.Models.Tests/Fixtures/ghsa-semver.actual.json

@@ -0,0 +1,128 @@
+{
+  "advisoryKey": "GHSA-aaaa-bbbb-cccc",
+  "affectedPackages": [
+    {
+      "type": "semver",
+      "identifier": "pkg:npm/example-widget",
+      "platform": null,
+      "versionRanges": [
+        {
+          "fixedVersion": "2.5.1",
+          "introducedVersion": null,
+          "lastAffectedVersion": null,
+          "primitives": null,
+          "provenance": {
+            "source": "ghsa",
+            "kind": "map",
+            "value": "ghsa-aaaa-bbbb-cccc",
+            "decisionReason": null,
+            "recordedAt": "2024-03-05T10:00:00+00:00",
+            "fieldMask": []
+          },
+          "rangeExpression": ">=0.0.0 <2.5.1",
+          "rangeKind": "semver"
+        },
+        {
+          "fixedVersion": "3.2.4",
+          "introducedVersion": "3.0.0",
+          "lastAffectedVersion": null,
+          "primitives": null,
+          "provenance": {
+            "source": "ghsa",
+            "kind": "map",
+            "value": "ghsa-aaaa-bbbb-cccc",
+            "decisionReason": null,
+            "recordedAt": "2024-03-05T10:00:00+00:00",
+            "fieldMask": []
+          },
+          "rangeExpression": null,
+          "rangeKind": "semver"
+        }
+      ],
+      "normalizedVersions": [],
+      "statuses": [],
+      "provenance": [
+        {
+          "source": "ghsa",
+          "kind": "map",
+          "value": "ghsa-aaaa-bbbb-cccc",
+          "decisionReason": null,
+          "recordedAt": "2024-03-05T10:00:00+00:00",
+          "fieldMask": []
+        }
+      ]
+    }
+  ],
+  "aliases": [
+    "CVE-2024-2222",
+    "GHSA-aaaa-bbbb-cccc"
+  ],
+  "canonicalMetricId": null,
+  "credits": [],
+  "cvssMetrics": [
+    {
+      "baseScore": 8.8,
+      "baseSeverity": "high",
+      "provenance": {
+        "source": "ghsa",
+        "kind": "map",
+        "value": "ghsa-aaaa-bbbb-cccc",
+        "decisionReason": null,
+        "recordedAt": "2024-03-05T10:00:00+00:00",
+        "fieldMask": []
+      },
+      "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+      "version": "3.1"
+    }
+  ],
+  "cwes": [],
+  "description": null,
+  "exploitKnown": false,
+  "language": "en",
+  "mergeHash": null,
+  "modified": "2024-03-04T12:00:00+00:00",
+  "provenance": [
+    {
+      "source": "ghsa",
+      "kind": "map",
+      "value": "ghsa-aaaa-bbbb-cccc",
+      "decisionReason": null,
+      "recordedAt": "2024-03-05T10:00:00+00:00",
+      "fieldMask": []
+    }
+  ],
+  "published": "2024-03-04T00:00:00+00:00",
+  "references": [
+    {
+      "kind": "patch",
+      "provenance": {
+        "source": "ghsa",
+        "kind": "map",
+        "value": "ghsa-aaaa-bbbb-cccc",
+        "decisionReason": null,
+        "recordedAt": "2024-03-05T10:00:00+00:00",
+        "fieldMask": []
+      },
+      "sourceTag": "ghsa",
+      "summary": "Patch commit",
+      "url": "https://github.com/example/widget/commit/abcd1234"
+    },
+    {
+      "kind": "advisory",
+      "provenance": {
+        "source": "ghsa",
+        "kind": "map",
+        "value": "ghsa-aaaa-bbbb-cccc",
+        "decisionReason": null,
+        "recordedAt": "2024-03-05T10:00:00+00:00",
+        "fieldMask": []
+      },
+      "sourceTag": "ghsa",
+      "summary": "GitHub Security Advisory",
+      "url": "https://github.com/example/widget/security/advisories/GHSA-aaaa-bbbb-cccc"
+    }
+  ],
+  "severity": "high",
+  "summary": "A crafted payload can pollute Object.prototype leading to RCE.",
+  "title": "Prototype pollution in widget.js"
+}

src/Concelier/__Tests/StellaOps.Concelier.Models.Tests/Fixtures/kev-flag.actual.json

@@ -0,0 +1,46 @@
+{
+  "advisoryKey": "CVE-2023-9999",
+  "affectedPackages": [],
+  "aliases": [
+    "CVE-2023-9999"
+  ],
+  "canonicalMetricId": null,
+  "credits": [],
+  "cvssMetrics": [],
+  "cwes": [],
+  "description": null,
+  "exploitKnown": true,
+  "language": "en",
+  "mergeHash": null,
+  "modified": "2024-02-09T16:22:00+00:00",
+  "provenance": [
+    {
+      "source": "cisa-kev",
+      "kind": "annotate",
+      "value": "kev",
+      "decisionReason": null,
+      "recordedAt": "2024-02-10T09:30:00+00:00",
+      "fieldMask": []
+    }
+  ],
+  "published": "2023-11-20T00:00:00+00:00",
+  "references": [
+    {
+      "kind": "kev",
+      "provenance": {
+        "source": "cisa-kev",
+        "kind": "annotate",
+        "value": "kev",
+        "decisionReason": null,
+        "recordedAt": "2024-02-10T09:30:00+00:00",
+        "fieldMask": []
+      },
+      "sourceTag": "cisa",
+      "summary": "CISA KEV entry",
+      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
+    }
+  ],
+  "severity": "critical",
+  "summary": "Unauthenticated RCE due to unsafe deserialization.",
+  "title": "Remote code execution in LegacyServer"
+}

src/Concelier/__Tests/StellaOps.Concelier.Models.Tests/Fixtures/nvd-basic.actual.json

@@ -0,0 +1,123 @@
+{
+  "advisoryKey": "CVE-2024-1234",
+  "affectedPackages": [
+    {
+      "type": "cpe",
+      "identifier": "cpe:/a:examplecms:examplecms:1.0",
+      "platform": null,
+      "versionRanges": [
+        {
+          "fixedVersion": "1.0.5",
+          "introducedVersion": "1.0",
+          "lastAffectedVersion": null,
+          "primitives": null,
+          "provenance": {
+            "source": "nvd",
+            "kind": "map",
+            "value": "cve-2024-1234",
+            "decisionReason": null,
+            "recordedAt": "2024-08-01T12:00:00+00:00",
+            "fieldMask": []
+          },
+          "rangeExpression": null,
+          "rangeKind": "version"
+        }
+      ],
+      "normalizedVersions": [],
+      "statuses": [
+        {
+          "provenance": {
+            "source": "nvd",
+            "kind": "map",
+            "value": "cve-2024-1234",
+            "decisionReason": null,
+            "recordedAt": "2024-08-01T12:00:00+00:00",
+            "fieldMask": []
+          },
+          "status": "affected"
+        }
+      ],
+      "provenance": [
+        {
+          "source": "nvd",
+          "kind": "map",
+          "value": "cve-2024-1234",
+          "decisionReason": null,
+          "recordedAt": "2024-08-01T12:00:00+00:00",
+          "fieldMask": []
+        }
+      ]
+    }
+  ],
+  "aliases": [
+    "CVE-2024-1234"
+  ],
+  "canonicalMetricId": null,
+  "credits": [],
+  "cvssMetrics": [
+    {
+      "baseScore": 9.8,
+      "baseSeverity": "critical",
+      "provenance": {
+        "source": "nvd",
+        "kind": "map",
+        "value": "cve-2024-1234",
+        "decisionReason": null,
+        "recordedAt": "2024-08-01T12:00:00+00:00",
+        "fieldMask": []
+      },
+      "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+      "version": "3.1"
+    }
+  ],
+  "cwes": [],
+  "description": null,
+  "exploitKnown": false,
+  "language": "en",
+  "mergeHash": null,
+  "modified": "2024-07-16T10:35:00+00:00",
+  "provenance": [
+    {
+      "source": "nvd",
+      "kind": "map",
+      "value": "cve-2024-1234",
+      "decisionReason": null,
+      "recordedAt": "2024-08-01T12:00:00+00:00",
+      "fieldMask": []
+    }
+  ],
+  "published": "2024-07-15T00:00:00+00:00",
+  "references": [
+    {
+      "kind": "advisory",
+      "provenance": {
+        "source": "example",
+        "kind": "fetch",
+        "value": "bulletin",
+        "decisionReason": null,
+        "recordedAt": "2024-07-14T15:00:00+00:00",
+        "fieldMask": []
+      },
+      "sourceTag": "vendor",
+      "summary": "Vendor bulletin",
+      "url": "https://example.org/security/CVE-2024-1234"
+    },
+    {
+      "kind": "advisory",
+      "provenance": {
+        "source": "nvd",
+        "kind": "map",
+        "value": "cve-2024-1234",
+        "decisionReason": null,
+        "recordedAt": "2024-08-01T12:00:00+00:00",
+        "fieldMask": []
+      },
+      "sourceTag": "nvd",
+      "summary": "NVD entry",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1234"
+    }
+  ],
+  "severity": "high",
+  "summary": "An integer overflow in ExampleCMS allows remote attackers to escalate privileges.",
+  "title": "Integer overflow in ExampleCMS"
+}

src/Concelier/__Tests/StellaOps.Concelier.Models.Tests/Fixtures/psirt-overlay.actual.json

@@ -0,0 +1,126 @@
+{
+  "advisoryKey": "RHSA-2024:0252",
+  "affectedPackages": [
+    {
+      "type": "rpm",
+      "identifier": "kernel-0:4.18.0-553.el8.x86_64",
+      "platform": "rhel-8",
+      "versionRanges": [
+        {
+          "fixedVersion": null,
+          "introducedVersion": "0:4.18.0-553.el8",
+          "lastAffectedVersion": null,
+          "primitives": null,
+          "provenance": {
+            "source": "redhat",
+            "kind": "map",
+            "value": "rhsa-2024:0252",
+            "decisionReason": null,
+            "recordedAt": "2024-05-11T09:00:00+00:00",
+            "fieldMask": []
+          },
+          "rangeExpression": null,
+          "rangeKind": "nevra"
+        }
+      ],
+      "normalizedVersions": [],
+      "statuses": [
+        {
+          "provenance": {
+            "source": "redhat",
+            "kind": "map",
+            "value": "rhsa-2024:0252",
+            "decisionReason": null,
+            "recordedAt": "2024-05-11T09:00:00+00:00",
+            "fieldMask": []
+          },
+          "status": "fixed"
+        }
+      ],
+      "provenance": [
+        {
+          "source": "redhat",
+          "kind": "enrich",
+          "value": "cve-2024-5678",
+          "decisionReason": null,
+          "recordedAt": "2024-05-11T09:05:00+00:00",
+          "fieldMask": []
+        },
+        {
+          "source": "redhat",
+          "kind": "map",
+          "value": "rhsa-2024:0252",
+          "decisionReason": null,
+          "recordedAt": "2024-05-11T09:00:00+00:00",
+          "fieldMask": []
+        }
+      ]
+    }
+  ],
+  "aliases": [
+    "CVE-2024-5678",
+    "RHSA-2024:0252"
+  ],
+  "canonicalMetricId": null,
+  "credits": [],
+  "cvssMetrics": [
+    {
+      "baseScore": 6.7,
+      "baseSeverity": "medium",
+      "provenance": {
+        "source": "redhat",
+        "kind": "map",
+        "value": "rhsa-2024:0252",
+        "decisionReason": null,
+        "recordedAt": "2024-05-11T09:00:00+00:00",
+        "fieldMask": []
+      },
+      "vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+      "version": "3.1"
+    }
+  ],
+  "cwes": [],
+  "description": null,
+  "exploitKnown": false,
+  "language": "en",
+  "mergeHash": null,
+  "modified": "2024-05-11T08:15:00+00:00",
+  "provenance": [
+    {
+      "source": "redhat",
+      "kind": "enrich",
+      "value": "cve-2024-5678",
+      "decisionReason": null,
+      "recordedAt": "2024-05-11T09:05:00+00:00",
+      "fieldMask": []
+    },
+    {
+      "source": "redhat",
+      "kind": "map",
+      "value": "rhsa-2024:0252",
+      "decisionReason": null,
+      "recordedAt": "2024-05-11T09:00:00+00:00",
+      "fieldMask": []
+    }
+  ],
+  "published": "2024-05-10T19:28:00+00:00",
+  "references": [
+    {
+      "kind": "advisory",
+      "provenance": {
+        "source": "redhat",
+        "kind": "map",
+        "value": "rhsa-2024:0252",
+        "decisionReason": null,
+        "recordedAt": "2024-05-11T09:00:00+00:00",
+        "fieldMask": []
+      },
+      "sourceTag": "redhat",
+      "summary": "Red Hat security advisory",
+      "url": "https://access.redhat.com/errata/RHSA-2024:0252"
+    }
+  ],
+  "severity": "critical",
+  "summary": "Updates the Red Hat Enterprise Linux kernel to address CVE-2024-5678.",
+  "title": "Important: kernel security update"
+}

src/Concelier/__Tests/StellaOps.Concelier.Models.Tests/OsvGhsaParityDiagnosticsTests.cs

@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.Collections.Immutable;
 using System.Diagnostics.Metrics;
@@ -56,7 +56,6 @@ public sealed class OsvGhsaParityDiagnosticsTests
         var measurements = new List<(string Instrument, long Value, IReadOnlyDictionary<string, object?> Tags)>();
         using var listener = CreateListener(measurements);
 
-using StellaOps.TestKit;
         OsvGhsaParityDiagnostics.RecordReport(report, "");
 
         listener.Dispose();

src/Concelier/__Tests/StellaOps.Concelier.Models.Tests/ProvenanceDiagnosticsTests.cs

@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.Diagnostics.Metrics;
 using System.Linq;
@@ -114,7 +114,6 @@ public sealed class ProvenanceDiagnosticsTests
         var measurements = new List<(string Instrument, long Value, IReadOnlyDictionary<string, object?> Tags)>();
         using var listener = CreateListener(measurements, "concelier.range.primitives");
 
-using StellaOps.TestKit;
         ProvenanceDiagnostics.RecordRangePrimitive("source-D", range);
 
         listener.Dispose();