stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity

up

Browse Source
This commit is contained in:
master
2025-10-12 20:37:18 +03:00
parent 016c5a3fe7
commit d3a98326d1
306 changed files with 21409 additions and 4449 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/StellaOps.Feedser.Source.CertBund/TASKS.md
View File

@@ -1,10 +1,11 @@
# TASKS
| Task | Owner(s) | Depends on | Notes |
|---|---|---|---|
|FEEDCONN-CERTBUND-02-001 Research CERT-Bund advisory endpoints|BE-Conn-CERTBUND|Research|**DOING** 2025-10-11: BSI RSS directory includes CERT-Bund vulnerability warnings feed; outstanding: confirm detail HTML structure, pagination, and archival coverage.|
|FEEDCONN-CERTBUND-02-002 Fetch job & state persistence|BE-Conn-CERTBUND|Source.Common, Storage.Mongo|**TODO** Configure HTTP client, implement fetch job with paging/window, persist raw documents with cursor/backoff updates.|
|FEEDCONN-CERTBUND-02-003 Parser/DTO implementation|BE-Conn-CERTBUND|Source.Common|**TODO** Build DTOs for detail pages, sanitise HTML, extract summary, references, CVE IDs, affected products.|
|FEEDCONN-CERTBUND-02-004 Canonical mapping & range primitives|BE-Conn-CERTBUND|Models|**TODO** Map advisories into canonical records including aliases, references, affected packages, and vendor range primitives. Follow normalized range guidance in `../StellaOps.Feedser.Merge/RANGE_PRIMITIVES_COORDINATION.md`.|
|FEEDCONN-CERTBUND-02-001 Research CERT-Bund advisory endpoints|BE-Conn-CERTBUND|Research|**DONE (2025-10-11)** Confirmed public RSS at `https://wid.cert-bund.de/content/public/securityAdvisory/rss` (HTTP200 w/out cookies), 250-item window, German titles/categories, and detail links pointing to Angular SPA. Captured header profile (no cache hints) and logged open item to discover the JSON API used by `portal` frontend.|
|FEEDCONN-CERTBUND-02-002 Fetch job & state persistence|BE-Conn-CERTBUND|Source.Common, Storage.Mongo|**TODO** Implement fetcher with gzip support + `Accept: application/rss+xml`, store raw XML and derived SHA, and treat feed as append-only (no pagination). Cursor should rely on `pubDate` + advisory `link` to avoid duplicates; throttle to ≤1 fetch/5min to match WID politeness.|
|FEEDCONN-CERTBUND-02-003 Parser/DTO implementation|BE-Conn-CERTBUND|Source.Common|**TODO** RSS only carries synopsis; need secondary request to SPA JSON (`portal` app). Action: trace network for calls triggered when loading `WID-SEC-2025-2254` (likely `/portal/api/securityadvisory?name=`). Once endpoint known, map severity (`<category>`), summary HTML, affected products, and references.|
|FEEDCONN-CERTBUND-02-004 Canonical mapping & range primitives|BE-Conn-CERTBUND|Models|**TODO** Map advisories into canonical records including aliases, references, affected packages, and vendor range primitives. Follow normalized range guidance in `../StellaOps.Feedser.Merge/RANGE_PRIMITIVES_COORDINATION.md`.<br>2025-10-11 research trail: target JSON `[{"scheme":"semver","type":"range","min":"<start>","minInclusive":true,"max":"<end>","maxInclusive":false,"notes":"certbund:advisory-id"}]`; adjust scheme for firmware-style ranges when necessary.|
|FEEDCONN-CERTBUND-02-005 Regression fixtures & tests|QA|Testing|**TODO** Add deterministic fetch/parse/map tests with fixtures; support `UPDATE_CERTBUND_FIXTURES=1`.|
|FEEDCONN-CERTBUND-02-006 Telemetry & documentation|DevEx|Docs|**TODO** Add logging/metrics, document connector configuration, and update backlog when feature complete.|
|FEEDCONN-CERTBUND-02-007 Feed history & locale assessment|BE-Conn-CERTBUND|Research|**TODO** Capture RSS retention depth, assess German-language parsing requirements, and outline fallback plan for historical HTML crawl.|
|FEEDCONN-CERTBUND-02-007 Feed history & locale assessment|BE-Conn-CERTBUND|Research|**TODO** Latest snapshot shows ~250 entries (~90days). Need to confirm older advisories via HTML pagination (`/portal/wid/securityadvisory?page=`?) or JSON export, and document translation plan (titles/descriptions remain German).|
|FEEDCONN-CERTBUND-02-008 Session bootstrap & cookie strategy|BE-Conn-CERTBUND|Source.Common|**TODO** SPA detail API likely demands session cookies (`AL_SESS-S`). Reproduce issuance flow (load `/portal/` once, grab cookies), decide on cached cookie store vs automated refresh, and ensure Offline Kit includes instructions for rehydrating trust stores if TLS chain changes.|