up

2025-10-15 10:03:56 +03:00
parent ea8226120c
commit ea1106ce7c
276 changed files with 21674 additions and 934 deletions
--- a/src/StellaOps.Feedser.Source.Ru.Nkcki.Tests/Fixtures/nkcki-advisories.snapshot.json
+++ b/src/StellaOps.Feedser.Source.Ru.Nkcki.Tests/Fixtures/nkcki-advisories.snapshot.json
@@ -3,11 +3,57 @@
    "advisoryKey": "BDU:2025-01001",
    "affectedPackages": [
      {
-        "type": "vendor",
-        "identifier": "SampleSCADA <= 4.2",
-        "platform": null,
-        "versionRanges": [],
-        "normalizedVersions": [],
+        "type": "ics-vendor",
+        "identifier": "SampleVendor SampleGateway",
+        "platform": "Energy, ICS",
+        "versionRanges": [
+          {
+            "fixedVersion": null,
+            "introducedVersion": "2.0",
+            "lastAffectedVersion": null,
+            "primitives": {
+              "evr": null,
+              "hasVendorExtensions": false,
+              "nevra": null,
+              "semVer": {
+                "constraintExpression": ">= 2.0",
+                "exactValue": null,
+                "fixed": null,
+                "fixedInclusive": false,
+                "introduced": "2.0",
+                "introducedInclusive": true,
+                "lastAffected": null,
+                "lastAffectedInclusive": false,
+                "style": "greaterThanOrEqual"
+              },
+              "vendorExtensions": null
+            },
+            "provenance": {
+              "source": "ru-nkcki",
+              "kind": "package-range",
+              "value": "SampleVendor SampleGateway >= 2.0 All platforms",
+              "decisionReason": null,
+              "recordedAt": "2025-10-12T00:01:00+00:00",
+              "fieldMask": [
+                "affectedpackages[].versionranges[]"
+              ]
+            },
+            "rangeExpression": ">= 2.0",
+            "rangeKind": "semver"
+          }
+        ],
+        "normalizedVersions": [
+          {
+            "scheme": "semver",
+            "type": "gte",
+            "min": "2.0",
+            "minInclusive": true,
+            "max": null,
+            "maxInclusive": null,
+            "value": null,
+            "notes": "SampleVendor SampleGateway >= 2.0 All platforms"
+          }
+        ],
        "statuses": [
          {
            "provenance": {
@@ -15,7 +61,7 @@
              "kind": "package-status",
              "value": "patch_available",
              "decisionReason": null,
-              "recordedAt": "2025-09-22T00:00:00+00:00",
+              "recordedAt": "2025-10-12T00:01:00+00:00",
              "fieldMask": [
                "affectedpackages[].statuses[]"
              ]
@@ -27,9 +73,89 @@
          {
            "source": "ru-nkcki",
            "kind": "package",
-            "value": "SampleSCADA <= 4.2",
+            "value": "SampleVendor SampleGateway >= 2.0 All platforms",
            "decisionReason": null,
-            "recordedAt": "2025-09-22T00:00:00+00:00",
+            "recordedAt": "2025-10-12T00:01:00+00:00",
+            "fieldMask": [
+              "affectedpackages[]"
+            ]
+          }
+        ]
+      },
+      {
+        "type": "ics-vendor",
+        "identifier": "SampleVendor SampleSCADA",
+        "platform": "Energy, ICS",
+        "versionRanges": [
+          {
+            "fixedVersion": null,
+            "introducedVersion": null,
+            "lastAffectedVersion": "4.2",
+            "primitives": {
+              "evr": null,
+              "hasVendorExtensions": false,
+              "nevra": null,
+              "semVer": {
+                "constraintExpression": "<= 4.2",
+                "exactValue": null,
+                "fixed": null,
+                "fixedInclusive": false,
+                "introduced": null,
+                "introducedInclusive": true,
+                "lastAffected": "4.2",
+                "lastAffectedInclusive": true,
+                "style": "lessThanOrEqual"
+              },
+              "vendorExtensions": null
+            },
+            "provenance": {
+              "source": "ru-nkcki",
+              "kind": "package-range",
+              "value": "SampleVendor SampleSCADA <= 4.2",
+              "decisionReason": null,
+              "recordedAt": "2025-10-12T00:01:00+00:00",
+              "fieldMask": [
+                "affectedpackages[].versionranges[]"
+              ]
+            },
+            "rangeExpression": "<= 4.2",
+            "rangeKind": "semver"
+          }
+        ],
+        "normalizedVersions": [
+          {
+            "scheme": "semver",
+            "type": "lte",
+            "min": null,
+            "minInclusive": null,
+            "max": "4.2",
+            "maxInclusive": true,
+            "value": null,
+            "notes": "SampleVendor SampleSCADA <= 4.2"
+          }
+        ],
+        "statuses": [
+          {
+            "provenance": {
+              "source": "ru-nkcki",
+              "kind": "package-status",
+              "value": "patch_available",
+              "decisionReason": null,
+              "recordedAt": "2025-10-12T00:01:00+00:00",
+              "fieldMask": [
+                "affectedpackages[].statuses[]"
+              ]
+            },
+            "status": "fixed"
+          }
+        ],
+        "provenance": [
+          {
+            "source": "ru-nkcki",
+            "kind": "package",
+            "value": "SampleVendor SampleSCADA <= 4.2",
+            "decisionReason": null,
+            "recordedAt": "2025-10-12T00:01:00+00:00",
            "fieldMask": [
              "affectedpackages[]"
            ]
@@ -51,13 +177,29 @@
          "kind": "cvss",
          "value": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "decisionReason": null,
-          "recordedAt": "2025-09-22T00:00:00+00:00",
+          "recordedAt": "2025-10-12T00:01:00+00:00",
          "fieldMask": [
            "cvssmetrics[]"
          ]
        },
        "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
+      },
+      {
+        "baseScore": 6.4,
+        "baseSeverity": "medium",
+        "provenance": {
+          "source": "ru-nkcki",
+          "kind": "cvss",
+          "value": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H",
+          "decisionReason": null,
+          "recordedAt": "2025-10-12T00:01:00+00:00",
+          "fieldMask": [
+            "cvssmetrics[]"
+          ]
+        },
+        "vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H",
+        "version": "4.0"
      }
    ],
    "exploitKnown": true,
@@ -69,7 +211,7 @@
        "kind": "advisory",
        "value": "BDU:2025-01001",
        "decisionReason": null,
-        "recordedAt": "2025-09-22T00:00:00+00:00",
+        "recordedAt": "2025-10-12T00:01:00+00:00",
        "fieldMask": [
          "advisory"
        ]
@@ -84,7 +226,7 @@
          "kind": "reference",
          "value": "https://bdu.fstec.ru/vul/2025-01001",
          "decisionReason": null,
-          "recordedAt": "2025-09-22T00:00:00+00:00",
+          "recordedAt": "2025-10-12T00:01:00+00:00",
          "fieldMask": [
            "references[]"
          ]
@@ -100,23 +242,7 @@
          "kind": "reference",
          "value": "https://cert.gov.ru/materialy/uyazvimosti/2025-01001",
          "decisionReason": null,
-          "recordedAt": "2025-09-22T00:00:00+00:00",
-          "fieldMask": [
-            "references[]"
-          ]
-        },
-        "sourceTag": null,
-        "summary": null,
-        "url": "https://cert.gov.ru/materialy/uyazvimosti/2025-01001"
-      },
-      {
-        "kind": "details",
-        "provenance": {
-          "source": "ru-nkcki",
-          "kind": "reference",
-          "value": "https://cert.gov.ru/materialy/uyazvimosti/2025-01001",
-          "decisionReason": null,
-          "recordedAt": "2025-09-22T00:00:00+00:00",
+          "recordedAt": "2025-10-12T00:01:00+00:00",
          "fieldMask": [
            "references[]"
          ]
@@ -132,7 +258,7 @@
          "kind": "reference",
          "value": "https://cwe.mitre.org/data/definitions/321.html",
          "decisionReason": null,
-          "recordedAt": "2025-09-22T00:00:00+00:00",
+          "recordedAt": "2025-10-12T00:01:00+00:00",
          "fieldMask": [
            "references[]"
          ]
@@ -148,7 +274,7 @@
          "kind": "reference",
          "value": "https://vendor.example/advisories/sample-scada",
          "decisionReason": null,
-          "recordedAt": "2025-09-22T00:00:00+00:00",
+          "recordedAt": "2025-10-12T00:01:00+00:00",
          "fieldMask": [
            "references[]"
          ]
@@ -161,5 +287,209 @@
    "severity": "critical",
    "summary": "Authenticated RCE in Sample SCADA",
    "title": "Authenticated RCE in Sample SCADA"
+  },
+  {
+    "advisoryKey": "BDU:2024-00011",
+    "affectedPackages": [
+      {
+        "type": "cpe",
+        "identifier": "LegacyPanel",
+        "platform": "Software",
+        "versionRanges": [
+          {
+            "fixedVersion": null,
+            "introducedVersion": null,
+            "lastAffectedVersion": "2.5",
+            "primitives": {
+              "evr": null,
+              "hasVendorExtensions": false,
+              "nevra": null,
+              "semVer": {
+                "constraintExpression": "<= 2.5",
+                "exactValue": null,
+                "fixed": null,
+                "fixedInclusive": false,
+                "introduced": null,
+                "introducedInclusive": true,
+                "lastAffected": "2.5",
+                "lastAffectedInclusive": true,
+                "style": "lessThanOrEqual"
+              },
+              "vendorExtensions": null
+            },
+            "provenance": {
+              "source": "ru-nkcki",
+              "kind": "package-range",
+              "value": "LegacyPanel 1.0 - 2.5",
+              "decisionReason": null,
+              "recordedAt": "2025-10-12T00:01:00+00:00",
+              "fieldMask": [
+                "affectedpackages[].versionranges[]"
+              ]
+            },
+            "rangeExpression": "<= 2.5",
+            "rangeKind": "semver"
+          },
+          {
+            "fixedVersion": null,
+            "introducedVersion": "1.0",
+            "lastAffectedVersion": null,
+            "primitives": {
+              "evr": null,
+              "hasVendorExtensions": false,
+              "nevra": null,
+              "semVer": {
+                "constraintExpression": ">= 1.0",
+                "exactValue": null,
+                "fixed": null,
+                "fixedInclusive": false,
+                "introduced": "1.0",
+                "introducedInclusive": true,
+                "lastAffected": null,
+                "lastAffectedInclusive": false,
+                "style": "greaterThanOrEqual"
+              },
+              "vendorExtensions": null
+            },
+            "provenance": {
+              "source": "ru-nkcki",
+              "kind": "package-range",
+              "value": "LegacyPanel 1.0 - 2.5",
+              "decisionReason": null,
+              "recordedAt": "2025-10-12T00:01:00+00:00",
+              "fieldMask": [
+                "affectedpackages[].versionranges[]"
+              ]
+            },
+            "rangeExpression": ">= 1.0",
+            "rangeKind": "semver"
+          }
+        ],
+        "normalizedVersions": [
+          {
+            "scheme": "semver",
+            "type": "gte",
+            "min": "1.0",
+            "minInclusive": true,
+            "max": null,
+            "maxInclusive": null,
+            "value": null,
+            "notes": "LegacyPanel 1.0 - 2.5"
+          },
+          {
+            "scheme": "semver",
+            "type": "lte",
+            "min": null,
+            "minInclusive": null,
+            "max": "2.5",
+            "maxInclusive": true,
+            "value": null,
+            "notes": "LegacyPanel 1.0 - 2.5"
+          }
+        ],
+        "statuses": [
+          {
+            "provenance": {
+              "source": "ru-nkcki",
+              "kind": "package-status",
+              "value": "affected",
+              "decisionReason": null,
+              "recordedAt": "2025-10-12T00:01:00+00:00",
+              "fieldMask": [
+                "affectedpackages[].statuses[]"
+              ]
+            },
+            "status": "affected"
+          }
+        ],
+        "provenance": [
+          {
+            "source": "ru-nkcki",
+            "kind": "package",
+            "value": "LegacyPanel 1.0 - 2.5",
+            "decisionReason": null,
+            "recordedAt": "2025-10-12T00:01:00+00:00",
+            "fieldMask": [
+              "affectedpackages[]"
+            ]
+          }
+        ]
+      }
+    ],
+    "aliases": [
+      "BDU:2024-00011"
+    ],
+    "credits": [],
+    "cvssMetrics": [
+      {
+        "baseScore": 8.8,
+        "baseSeverity": "high",
+        "provenance": {
+          "source": "ru-nkcki",
+          "kind": "cvss",
+          "value": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+          "decisionReason": null,
+          "recordedAt": "2025-10-12T00:01:00+00:00",
+          "fieldMask": [
+            "cvssmetrics[]"
+          ]
+        },
+        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+        "version": "3.1"
+      }
+    ],
+    "exploitKnown": true,
+    "language": "ru",
+    "modified": "2024-08-02T00:00:00+00:00",
+    "provenance": [
+      {
+        "source": "ru-nkcki",
+        "kind": "advisory",
+        "value": "BDU:2024-00011",
+        "decisionReason": null,
+        "recordedAt": "2025-10-12T00:01:00+00:00",
+        "fieldMask": [
+          "advisory"
+        ]
+      }
+    ],
+    "published": "2024-08-01T00:00:00+00:00",
+    "references": [
+      {
+        "kind": "details",
+        "provenance": {
+          "source": "ru-nkcki",
+          "kind": "reference",
+          "value": "https://bdu.fstec.ru/vul/2024-00011",
+          "decisionReason": null,
+          "recordedAt": "2025-10-12T00:01:00+00:00",
+          "fieldMask": [
+            "references[]"
+          ]
+        },
+        "sourceTag": "bdu",
+        "summary": null,
+        "url": "https://bdu.fstec.ru/vul/2024-00011"
+      },
+      {
+        "kind": "details",
+        "provenance": {
+          "source": "ru-nkcki",
+          "kind": "reference",
+          "value": "https://cert.gov.ru/materialy/uyazvimosti/2024-00011",
+          "decisionReason": null,
+          "recordedAt": "2025-10-12T00:01:00+00:00",
+          "fieldMask": [
+            "references[]"
+          ]
+        },
+        "sourceTag": "ru-nkcki",
+        "summary": null,
+        "url": "https://cert.gov.ru/materialy/uyazvimosti/2024-00011"
+      }
+    ],
+    "severity": "high",
+    "summary": "Legacy panel overflow",
+    "title": "Legacy panel overflow"
  }
 ]