save checkpoint
This commit is contained in:
master
@@ -238,38 +238,38 @@ public sealed class DeltaIfPresentCalculator : IDeltaIfPresentCalculator
|
||||
"VEX" => original with
|
||||
{
|
||||
Vex = SignalState<VexClaimSummary>.Queried(
|
||||
CreateHypotheticalVex(normalizedValue), now)
|
||||
CreateHypotheticalVex(normalizedValue, now), now)
|
||||
},
|
||||
"EPSS" => original with
|
||||
{
|
||||
Epss = SignalState<EpssEvidence>.Queried(
|
||||
CreateHypotheticalEpss(normalizedValue), now)
|
||||
CreateHypotheticalEpss(normalizedValue, original.Cve, now), now)
|
||||
},
|
||||
"REACHABILITY" => original with
|
||||
{
|
||||
Reachability = SignalState<ReachabilityEvidence>.Queried(
|
||||
CreateHypotheticalReachability(normalizedValue), now)
|
||||
CreateHypotheticalReachability(normalizedValue, now), now)
|
||||
},
|
||||
"RUNTIME" => original with
|
||||
{
|
||||
Runtime = SignalState<RuntimeEvidence>.Queried(
|
||||
CreateHypotheticalRuntime(normalizedValue), now)
|
||||
CreateHypotheticalRuntime(normalizedValue, now), now)
|
||||
},
|
||||
"BACKPORT" => original with
|
||||
{
|
||||
Backport = SignalState<BackportEvidence>.Queried(
|
||||
CreateHypotheticalBackport(normalizedValue), now)
|
||||
CreateHypotheticalBackport(normalizedValue, now), now)
|
||||
},
|
||||
"SBOMLINEAGE" or "SBOM" => original with
|
||||
{
|
||||
Sbom = SignalState<SbomLineageEvidence>.Queried(
|
||||
CreateHypotheticalSbom(normalizedValue), now)
|
||||
CreateHypotheticalSbom(normalizedValue, now), now)
|
||||
},
|
||||
_ => original
|
||||
};
|
||||
}
|
||||
|
||||
private static VexClaimSummary CreateHypotheticalVex(double normalizedValue)
|
||||
private static VexClaimSummary CreateHypotheticalVex(double normalizedValue, DateTimeOffset now)
|
||||
{
|
||||
// Map 0.0-1.0 to VEX status
|
||||
var status = normalizedValue switch
|
||||
@@ -283,23 +283,26 @@ public sealed class DeltaIfPresentCalculator : IDeltaIfPresentCalculator
|
||||
return new VexClaimSummary
|
||||
{
|
||||
Status = status,
|
||||
Source = "hypothetical",
|
||||
DocumentId = "delta-if-present-simulation",
|
||||
Timestamp = DateTimeOffset.UtcNow
|
||||
Confidence = 0.7,
|
||||
StatementCount = 1,
|
||||
ComputedAt = now,
|
||||
Justification = "delta-if-present-simulation"
|
||||
};
|
||||
}
|
||||
|
||||
private static EpssEvidence CreateHypotheticalEpss(double normalizedValue)
|
||||
private static EpssEvidence CreateHypotheticalEpss(double normalizedValue, string cve, DateTimeOffset now)
|
||||
{
|
||||
return new EpssEvidence
|
||||
{
|
||||
Cve = cve,
|
||||
Epss = normalizedValue,
|
||||
Percentile = normalizedValue * 100.0,
|
||||
Date = DateOnly.FromDateTime(DateTime.UtcNow)
|
||||
Percentile = normalizedValue,
|
||||
PublishedAt = now,
|
||||
ModelVersion = "delta-if-present-simulation"
|
||||
};
|
||||
}
|
||||
|
||||
private static ReachabilityEvidence CreateHypotheticalReachability(double normalizedValue)
|
||||
private static ReachabilityEvidence CreateHypotheticalReachability(double normalizedValue, DateTimeOffset now)
|
||||
{
|
||||
var status = normalizedValue >= 0.5
|
||||
? ReachabilityStatus.Reachable
|
||||
@@ -309,38 +312,47 @@ public sealed class DeltaIfPresentCalculator : IDeltaIfPresentCalculator
|
||||
{
|
||||
Status = status,
|
||||
Confidence = 1.0 - Math.Abs(normalizedValue - 0.5) * 2,
|
||||
PathCount = normalizedValue >= 0.5 ? 1 : 0,
|
||||
Source = "hypothetical"
|
||||
Depth = normalizedValue >= 0.5 ? 1 : null,
|
||||
EntryPoint = normalizedValue >= 0.5 ? "delta-if-present-simulation" : null,
|
||||
VulnerableFunction = normalizedValue >= 0.5 ? "unknown" : null,
|
||||
AnalyzedAt = now,
|
||||
WitnessDigest = "sha256:delta-if-present-simulation"
|
||||
};
|
||||
}
|
||||
|
||||
private static RuntimeEvidence CreateHypotheticalRuntime(double normalizedValue)
|
||||
private static RuntimeEvidence CreateHypotheticalRuntime(double normalizedValue, DateTimeOffset now)
|
||||
{
|
||||
return new RuntimeEvidence
|
||||
{
|
||||
Detected = normalizedValue >= 0.5,
|
||||
Source = "hypothetical",
|
||||
Timestamp = DateTimeOffset.UtcNow
|
||||
ObservationStart = now.AddMinutes(-30),
|
||||
ObservationEnd = now,
|
||||
Confidence = 1.0 - Math.Abs(normalizedValue - 0.5)
|
||||
};
|
||||
}
|
||||
|
||||
private static BackportEvidence CreateHypotheticalBackport(double normalizedValue)
|
||||
private static BackportEvidence CreateHypotheticalBackport(double normalizedValue, DateTimeOffset now)
|
||||
{
|
||||
return new BackportEvidence
|
||||
{
|
||||
Detected = normalizedValue < 0.5, // Backport = lower risk
|
||||
Source = "hypothetical",
|
||||
Timestamp = DateTimeOffset.UtcNow
|
||||
DetectedAt = now,
|
||||
Confidence = 1.0 - Math.Abs(normalizedValue - 0.5)
|
||||
};
|
||||
}
|
||||
|
||||
private static SbomLineageEvidence CreateHypotheticalSbom(double normalizedValue)
|
||||
private static SbomLineageEvidence CreateHypotheticalSbom(double normalizedValue, DateTimeOffset now)
|
||||
{
|
||||
return new SbomLineageEvidence
|
||||
{
|
||||
Present = true,
|
||||
Depth = (int)(normalizedValue * 5),
|
||||
Source = "hypothetical"
|
||||
SbomDigest = "sha256:delta-if-present-simulation",
|
||||
Format = "CycloneDX",
|
||||
ComponentCount = Math.Max(1, (int)(normalizedValue * 100.0)),
|
||||
GeneratedAt = now,
|
||||
HasProvenance = normalizedValue >= 0.5,
|
||||
AttestationDigest = "sha256:delta-if-present-attestation"
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,58 @@
|
||||
namespace StellaOps.Policy.Determinization.Scoring;
|
||||
|
||||
/// <summary>
|
||||
/// Four-valued logic states for deterministic trust aggregation.
|
||||
/// </summary>
|
||||
public enum K4Value
|
||||
{
|
||||
Unknown = 0,
|
||||
True = 1,
|
||||
False = 2,
|
||||
Conflict = 3
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Minimal K4 lattice operations needed by determinization scoring.
|
||||
/// </summary>
|
||||
public static class K4Lattice
|
||||
{
|
||||
public static K4Value Join(K4Value a, K4Value b)
|
||||
{
|
||||
if (a == b)
|
||||
{
|
||||
return a;
|
||||
}
|
||||
|
||||
if (a == K4Value.Conflict || b == K4Value.Conflict)
|
||||
{
|
||||
return K4Value.Conflict;
|
||||
}
|
||||
|
||||
if (a == K4Value.Unknown)
|
||||
{
|
||||
return b;
|
||||
}
|
||||
|
||||
if (b == K4Value.Unknown)
|
||||
{
|
||||
return a;
|
||||
}
|
||||
|
||||
return K4Value.Conflict;
|
||||
}
|
||||
|
||||
public static K4Value JoinAll(IEnumerable<K4Value> values)
|
||||
{
|
||||
var result = K4Value.Unknown;
|
||||
foreach (var value in values)
|
||||
{
|
||||
result = Join(result, value);
|
||||
if (result == K4Value.Conflict)
|
||||
{
|
||||
return result;
|
||||
}
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,36 @@
|
||||
namespace StellaOps.Policy.Determinization.Scoring;
|
||||
|
||||
/// <summary>
|
||||
/// Local score policy model for determinization scoring.
|
||||
/// Avoids circular dependency on StellaOps.Policy while preserving deterministic defaults.
|
||||
/// </summary>
|
||||
public sealed record ScorePolicy
|
||||
{
|
||||
public required string PolicyVersion { get; init; }
|
||||
public required WeightsBps WeightsBps { get; init; }
|
||||
|
||||
public static ScorePolicy Default => new()
|
||||
{
|
||||
PolicyVersion = "score.v1",
|
||||
WeightsBps = WeightsBps.Default
|
||||
};
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Weight distribution in basis points. Must sum to 10000.
|
||||
/// </summary>
|
||||
public sealed record WeightsBps
|
||||
{
|
||||
public required int BaseSeverity { get; init; }
|
||||
public required int Reachability { get; init; }
|
||||
public required int Evidence { get; init; }
|
||||
public required int Provenance { get; init; }
|
||||
|
||||
public static WeightsBps Default => new()
|
||||
{
|
||||
BaseSeverity = 1000,
|
||||
Reachability = 4500,
|
||||
Evidence = 3000,
|
||||
Provenance = 1500
|
||||
};
|
||||
}
|
||||
@@ -1,7 +1,5 @@
|
||||
using StellaOps.Policy.Determinization.Evidence;
|
||||
using StellaOps.Policy.Determinization.Models;
|
||||
using StellaOps.Policy.Scoring;
|
||||
using StellaOps.Policy.TrustLattice;
|
||||
|
||||
namespace StellaOps.Policy.Determinization.Scoring;
|
||||
|
||||
|
||||
@@ -1,8 +1,6 @@
|
||||
using Microsoft.Extensions.Logging;
|
||||
using StellaOps.Policy.Determinization.Evidence;
|
||||
using StellaOps.Policy.Determinization.Models;
|
||||
using StellaOps.Policy.Scoring;
|
||||
using StellaOps.Policy.TrustLattice;
|
||||
using System.Security.Cryptography;
|
||||
using System.Text;
|
||||
using System.Text.Json;
|
||||
@@ -176,7 +174,7 @@ public sealed class TrustScoreAlgebraFacade : ITrustScoreAlgebraFacade
|
||||
{
|
||||
ReachabilityStatus.Reachable => K4Value.True,
|
||||
ReachabilityStatus.Unreachable => K4Value.False,
|
||||
ReachabilityStatus.Unknown => K4Value.Unknown,
|
||||
ReachabilityStatus.Indeterminate => K4Value.Unknown,
|
||||
_ => K4Value.Unknown
|
||||
});
|
||||
}
|
||||
|
||||
@@ -8,6 +8,10 @@
|
||||
<LangVersion>preview</LangVersion>
|
||||
</PropertyGroup>
|
||||
|
||||
<ItemGroup>
|
||||
<InternalsVisibleTo Include="StellaOps.Policy.Determinization.Tests" />
|
||||
</ItemGroup>
|
||||
|
||||
<ItemGroup>
|
||||
<PackageReference Include="Microsoft.Extensions.Configuration.Abstractions" />
|
||||
<PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" />
|
||||
|
||||
Reference in New Issue
Block a user