save checkpoint

2026-02-11 01:32:14 +02:00
parent 5593212b41
commit cf5b72974f
2316 changed files with 68799 additions and 3808 deletions
--- a/docs/qa/feature-checks/runs/riskengine/exploit-maturity-mapping/run-013/evidence/01-assess.txt
+++ b/docs/qa/feature-checks/runs/riskengine/exploit-maturity-mapping/run-013/evidence/01-assess.txt
@@ -0,0 +1,4 @@
+capturedAtUtc=2026-02-10T23:07:04Z
+request=GET /exploit-maturity/CVE-2026-0201
+---
+HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Date: Tue, 10 Feb 2026 23:07:04 GMT Server: Kestrel Transfer-Encoding: chunked  {"cveId":"CVE-2026-0201","level":0,"confidence":0,"signals":[],"rationale":"No exploit maturity signals available","assessedAt":"2026-02-10T23:07:04.5934028+00:00"}
--- a/docs/qa/feature-checks/runs/riskengine/exploit-maturity-mapping/run-013/evidence/02-level.txt
+++ b/docs/qa/feature-checks/runs/riskengine/exploit-maturity-mapping/run-013/evidence/02-level.txt
@@ -0,0 +1,4 @@
+capturedAtUtc=2026-02-10T23:07:04Z
+request=GET /exploit-maturity/CVE-2026-0201/level
+---
+HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Date: Tue, 10 Feb 2026 23:07:04 GMT Server: Kestrel Transfer-Encoding: chunked  {"cveId":"CVE-2026-0201","level":"Unknown"}
--- a/docs/qa/feature-checks/runs/riskengine/exploit-maturity-mapping/run-013/evidence/03-history.txt
+++ b/docs/qa/feature-checks/runs/riskengine/exploit-maturity-mapping/run-013/evidence/03-history.txt
@@ -0,0 +1,4 @@
+capturedAtUtc=2026-02-10T23:07:04Z
+request=GET /exploit-maturity/CVE-2026-0201/history
+---
+HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Date: Tue, 10 Feb 2026 23:07:04 GMT Server: Kestrel Transfer-Encoding: chunked  {"cveId":"CVE-2026-0201","entries":[]}
--- a/docs/qa/feature-checks/runs/riskengine/exploit-maturity-mapping/run-013/evidence/04-batch.txt
+++ b/docs/qa/feature-checks/runs/riskengine/exploit-maturity-mapping/run-013/evidence/04-batch.txt
@@ -0,0 +1,5 @@
+capturedAtUtc=2026-02-10T23:07:04Z
+request=POST /exploit-maturity/batch
+headers=Content-Type: application/json
+---
+HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Date: Tue, 10 Feb 2026 23:07:04 GMT Server: Kestrel Transfer-Encoding: chunked  {"results":[{"cveId":"CVE-2026-0201","level":0,"confidence":0,"signals":[],"rationale":"No exploit maturity signals available","assessedAt":"2026-02-10T23:07:04.7132113+00:00"},{"cveId":"INVALID","level":0,"confidence":0,"signals":[],"rationale":"No exploit maturity signals available","assessedAt":"2026-02-10T23:07:04.7132415+00:00"}],"errors":[]}
--- a/docs/qa/feature-checks/runs/riskengine/exploit-maturity-mapping/run-013/evidence/05-batch-empty.txt
+++ b/docs/qa/feature-checks/runs/riskengine/exploit-maturity-mapping/run-013/evidence/05-batch-empty.txt
@@ -0,0 +1,5 @@
+capturedAtUtc=2026-02-10T23:07:04Z
+request=POST /exploit-maturity/batch
+headers=Content-Type: application/json
+---
+HTTP/1.1 400 Bad Request Content-Type: application/json; charset=utf-8 Date: Tue, 10 Feb 2026 23:07:04 GMT Server: Kestrel Transfer-Encoding: chunked  {"error":"CveIds list is required"}
--- a/docs/qa/feature-checks/runs/riskengine/exploit-maturity-mapping/run-013/tier0-source-check.json
+++ b/docs/qa/feature-checks/runs/riskengine/exploit-maturity-mapping/run-013/tier0-source-check.json
@@ -0,0 +1,14 @@
+{
+  "filesChecked": [
+    "src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Core/Providers/ExploitMaturityService.cs",
+    "src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Core/Contracts/ExploitMaturityModels.cs",
+    "src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.WebService/Endpoints/ExploitMaturityEndpoints.cs"
+  ],
+  "found": [
+    "src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Core/Providers/ExploitMaturityService.cs",
+    "src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Core/Contracts/ExploitMaturityModels.cs",
+    "src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.WebService/Endpoints/ExploitMaturityEndpoints.cs"
+  ],
+  "missing": [],
+  "verdict": "pass"
+}
--- a/docs/qa/feature-checks/runs/riskengine/exploit-maturity-mapping/run-013/tier1-build-check.json
+++ b/docs/qa/feature-checks/runs/riskengine/exploit-maturity-mapping/run-013/tier1-build-check.json
@@ -0,0 +1,15 @@
+{
+  "project": "src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests/StellaOps.RiskEngine.Tests.csproj",
+  "buildResult": "pass",
+  "testResult": "pass",
+  "command": "dotnet test src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests/StellaOps.RiskEngine.Tests.csproj -c Release --nologo",
+  "testProjects": [
+    "src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests/StellaOps.RiskEngine.Tests.csproj"
+  ],
+  "testsRun": 94,
+  "testsPassed": 94,
+  "testsFailed": 0,
+  "errors": [],
+  "warnings": [],
+  "runAtUtc": "2026-02-10T23:07:40Z"
+}
--- a/docs/qa/feature-checks/runs/riskengine/exploit-maturity-mapping/run-013/tier2-api-check.json
+++ b/docs/qa/feature-checks/runs/riskengine/exploit-maturity-mapping/run-013/tier2-api-check.json
@@ -0,0 +1,73 @@
+{
+  "type": "api",
+  "module": "riskengine",
+  "feature": "exploit-maturity-mapping",
+  "runId": "run-013",
+  "dateUtc": "2026-02-10T23:07:40Z",
+  "baseUrl": "https://127.1.0.16",
+  "transport": "curl -k (dev TLS)",
+  "capturedAtUtc": "2026-02-10T23:07:04Z",
+  "requests": [
+    {
+      "description": "Exploit maturity assessment endpoint",
+      "method": "GET",
+      "path": "/exploit-maturity/CVE-2026-0201",
+      "expectedStatus": 200,
+      "actualStatus": 200,
+      "assertion": "response includes cveId, level, confidence, signals, assessedAt",
+      "requestCapturedAtUtc": "2026-02-10T23:07:04Z",
+      "evidenceFile": "evidence/01-assess.txt",
+      "responseSnippet": "{\"cveId\":\"CVE-2026-0201\",\"level\":0,...}",
+      "result": "pass"
+    },
+    {
+      "description": "Exploit maturity level endpoint",
+      "method": "GET",
+      "path": "/exploit-maturity/CVE-2026-0201/level",
+      "expectedStatus": 200,
+      "actualStatus": 200,
+      "assertion": "response level is returned as string enum",
+      "requestCapturedAtUtc": "2026-02-10T23:07:04Z",
+      "evidenceFile": "evidence/02-level.txt",
+      "responseSnippet": "{\"cveId\":\"CVE-2026-0201\",\"level\":\"Unknown\"}",
+      "result": "pass"
+    },
+    {
+      "description": "Exploit maturity history endpoint",
+      "method": "GET",
+      "path": "/exploit-maturity/CVE-2026-0201/history",
+      "expectedStatus": 200,
+      "actualStatus": 200,
+      "assertion": "response returns history entries collection",
+      "requestCapturedAtUtc": "2026-02-10T23:07:04Z",
+      "evidenceFile": "evidence/03-history.txt",
+      "responseSnippet": "{\"cveId\":\"CVE-2026-0201\",\"entries\":[]}",
+      "result": "pass"
+    },
+    {
+      "description": "Batch endpoint accepts valid/duplicate/invalid values deterministically",
+      "method": "POST",
+      "path": "/exploit-maturity/batch",
+      "expectedStatus": 200,
+      "actualStatus": 200,
+      "assertion": "batch returns deterministic results payload and no transport failures",
+      "requestCapturedAtUtc": "2026-02-10T23:07:04Z",
+      "evidenceFile": "evidence/04-batch.txt",
+      "responseSnippet": "{\"results\":[...],\"errors\":[]}",
+      "result": "pass"
+    },
+    {
+      "description": "Batch endpoint rejects empty list",
+      "method": "POST",
+      "path": "/exploit-maturity/batch",
+      "expectedStatus": 400,
+      "actualStatus": 400,
+      "assertion": "error payload contains 'CveIds list is required'",
+      "requestCapturedAtUtc": "2026-02-10T23:07:04Z",
+      "evidenceFile": "evidence/05-batch-empty.txt",
+      "responseSnippet": "{\"error\":\"CveIds list is required\"}",
+      "result": "pass"
+    }
+  ],
+  "verdict": "pass"
+}