stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
602 Commits 1 Branch 0 Tags
5d5e80b2e443d61f74451920405b4e894ef28b4e
Commit Graph

80 Commits

Author SHA1 Message Date
master
5d5e80b2e4 stabilize tests 2026-02-01 21:37:40 +02:00
master
55744f6a39 tests fixes and some product advisories tunes ups 2026-01-30 07:57:43 +02:00
master
644887997c test fixes and new product advisories work 2026-01-28 02:30:48 +02:00
master
6e687b523a fix tests. new product advisories enhancements 2026-01-25 19:11:36 +02:00
master
c70e83719e finish off sprint advisories and sprints 2026-01-24 00:12:43 +02:00
master
c32fff8f86 license switch agpl -> busl1, sprints work, new product advisories 2026-01-20 15:32:20 +02:00
master
17419ba7c4 doctor enhancements, setup, enhancements, ui functionality and design consolidation and , test projects fixes , product advisory attestation/rekor and delta verfications enhancements 2026-01-19 09:02:59 +02:00
master
15aeac8e8b new advisories work and features gaps work 2026-01-14 18:39:19 +02:00
master
95d5898650 audit notes work completed, test fixes work (95% done), new sprints, new data sources setup and configuration 2026-01-14 10:48:00 +02:00
master
d7be6ba34b audit, advisories and doctors/setup work 2026-01-13 18:53:39 +02:00
master
9ca7cb183e notify doctors work, audit work, new product advisory sprints 2026-01-13 08:36:29 +02:00
master
b8868a5f13 audit work, doctors work 2026-01-12 23:39:07 +02:00
master
9330c64349 sln build fix (again), tests fixes, audit work and doctors work 2026-01-12 22:15:51 +02:00
master
9873f80830 release orchestrator v1 draft and build fixes 2026-01-12 12:24:17 +02:00
master
17d0631b8e sprints work 2026-01-10 20:38:13 +02:00
master
701eb6b21c sprints work 2026-01-10 11:15:28 +02:00
master
a21d3dbc1f save progress 2026-01-09 18:27:46 +02:00
master
51cf4bc16c more audit work 2026-01-08 20:46:43 +02:00
StellaOps Bot
110591d6bf Merge all changes 2026-01-08 08:54:27 +02:00
master
608a7f85c0 audit work, fixed StellaOps.sln warnings/errors, fixed tests, sprints work, new advisories 2026-01-07 18:50:11 +02:00
master
04ec098046 Merge branch 'main' of https://git.stella-ops.org/stella-ops.org/git.stella-ops.org 2026-01-07 10:25:34 +02:00
master
044cf0923c docs consolidation 2026-01-07 10:23:21 +02:00
StellaOps Bot
ab364c6032 sprints and audit work 2026-01-07 09:43:12 +02:00
master
4789027317 docs consolidation and others 2026-01-06 19:07:48 +02:00
StellaOps Bot
dfab8a29c3 docs re-org, audit fixes, build fixes 2026-01-05 09:35:33 +02:00
StellaOps Bot
83c37243e0 save progress 2026-01-03 11:02:24 +02:00
StellaOps Bot
ca578801fd save progress 2026-01-03 00:49:19 +02:00
StellaOps Bot
3f197814c5 save progress 2026-01-02 21:06:27 +02:00
StellaOps Bot
dd581699cc audit work 2026-01-02 11:43:43 +02:00
StellaOps Bot
82e55c206a Tests fixes, audit progress, UI completions 2025-12-30 09:03:22 +02:00
StellaOps Bot
7a5210e2aa Frontend gaps fill work. Testing fixes work. Auditing in progress. 2025-12-30 01:22:58 +02:00
StellaOps Bot
c2b9cd8d1f Fix build and code structure improvements. New but essential UI functionality. CI improvements. Documentation improvements. AI module improvements. 2025-12-29 07:45:03 +02:00
StellaOps Bot
32f9581aa7 Merge branch 'main' of https://git.stella-ops.org/stella-ops.org/git.stella-ops.org 2025-12-26 21:43:56 +02:00
StellaOps Bot
b4fc66feb6 Refactor code structure and optimize performance across multiple modules 2025-12-26 21:38:12 +02:00
StellaOps Bot
f10d83c444 Refactor code structure and optimize performance across multiple modules 2025-12-26 20:03:41 +02:00
StellaOps Bot
fb17937958 consolidate the tests locations 2025-12-26 10:48:49 +02:00
StellaOps Bot
39359da171 consolidate the tests locations 2025-12-26 01:48:24 +02:00
StellaOps Bot
aa70af062e save development progress 2025-12-25 23:10:09 +02:00
StellaOps Bot
702c3106a8 Merge branch 'main' of https://git.stella-ops.org/stella-ops.org/git.stella-ops.org 2025-12-25 20:01:36 +02:00
StellaOps Bot
b8b2d83f4a sprints enhancements 2025-12-25 19:52:30 +02:00
StellaOps Bot
2a06f780cf sprints work 2025-12-25 12:19:12 +02:00
StellaOps Bot
4231305fec sprints work 2025-12-24 16:28:46 +02:00
StellaOps Bot
2c2bbf1005 product advisories, stella router improval, tests streghthening 2025-12-24 14:20:26 +02:00
StellaOps Bot
02772c7a27 5100* tests strengthtenen work 2025-12-24 12:38:34 +02:00
StellaOps Bot
7503c19b8f Add determinism tests for verdict artifact generation and update SHA256 sums script 
- Implemented comprehensive tests for verdict artifact generation to ensure deterministic outputs across various scenarios, including identical inputs, parallel execution, and change ordering.
- Created helper methods for generating sample verdict inputs and computing canonical hashes.
- Added tests to validate the stability of canonical hashes, proof spine ordering, and summary statistics.
- Introduced a new PowerShell script to update SHA256 sums for files, ensuring accurate hash generation and file integrity checks.
 2025-12-24 02:17:34 +02:00
master
491e883653 Add tests for SBOM generation determinism across multiple formats 
- Created `StellaOps.TestKit.Tests` project for unit tests related to determinism.
- Implemented `DeterminismManifestTests` to validate deterministic output for canonical bytes and strings, file read/write operations, and error handling for invalid schema versions.
- Added `SbomDeterminismTests` to ensure identical inputs produce consistent SBOMs across SPDX 3.0.1 and CycloneDX 1.6/1.7 formats, including parallel execution tests.
- Updated project references in `StellaOps.Integration.Determinism` to include the new determinism testing library.
 2025-12-24 00:36:14 +02:00
master
dac8e10e36 feat(crypto): Complete Phase 2 - Configuration-driven crypto architecture with 100% compliance 
## Summary

This commit completes Phase 2 of the configuration-driven crypto architecture, achieving
100% crypto compliance by eliminating all hardcoded cryptographic implementations.

## Key Changes

### Phase 1: Plugin Loader Infrastructure
- **Plugin Discovery System**: Created StellaOps.Cryptography.PluginLoader with manifest-based loading
- **Configuration Model**: Added CryptoPluginConfiguration with regional profiles support
- **Dependency Injection**: Extended DI to support plugin-based crypto provider registration
- **Regional Configs**: Created appsettings.crypto.{international,russia,eu,china}.yaml
- **CI Workflow**: Added .gitea/workflows/crypto-compliance.yml for audit enforcement

### Phase 2: Code Refactoring
- **API Extension**: Added ICryptoProvider.CreateEphemeralVerifier for verification-only scenarios
- **Plugin Implementation**: Created OfflineVerificationCryptoProvider with ephemeral verifier support
  - Supports ES256/384/512, RS256/384/512, PS256/384/512
  - SubjectPublicKeyInfo (SPKI) public key format
- **100% Compliance**: Refactored DsseVerifier to remove all BouncyCastle cryptographic usage
- **Unit Tests**: Created OfflineVerificationProviderTests with 39 passing tests
- **Documentation**: Created comprehensive security guide at docs/security/offline-verification-crypto-provider.md
- **Audit Infrastructure**: Created scripts/audit-crypto-usage.ps1 for static analysis

### Testing Infrastructure (TestKit)
- **Determinism Gate**: Created DeterminismGate for reproducibility validation
- **Test Fixtures**: Added PostgresFixture and ValkeyFixture using Testcontainers
- **Traits System**: Implemented test lane attributes for parallel CI execution
- **JSON Assertions**: Added CanonicalJsonAssert for deterministic JSON comparisons
- **Test Lanes**: Created test-lanes.yml workflow for parallel test execution

### Documentation
- **Architecture**: Created CRYPTO_CONFIGURATION_DRIVEN_ARCHITECTURE.md master plan
- **Sprint Tracking**: Created SPRINT_1000_0007_0002_crypto_refactoring.md (COMPLETE)
- **API Documentation**: Updated docs2/cli/crypto-plugins.md and crypto.md
- **Testing Strategy**: Created testing strategy documents in docs/implplan/SPRINT_5100_0007_*

## Compliance & Testing

-  Zero direct System.Security.Cryptography usage in production code
-  All crypto operations go through ICryptoProvider abstraction
-  39/39 unit tests passing for OfflineVerificationCryptoProvider
-  Build successful (AirGap, Crypto plugin, DI infrastructure)
-  Audit script validates crypto boundaries

## Files Modified

**Core Crypto Infrastructure:**
- src/__Libraries/StellaOps.Cryptography/CryptoProvider.cs (API extension)
- src/__Libraries/StellaOps.Cryptography/CryptoSigningKey.cs (verification-only constructor)
- src/__Libraries/StellaOps.Cryptography/EcdsaSigner.cs (fixed ephemeral verifier)

**Plugin Implementation:**
- src/__Libraries/StellaOps.Cryptography.Plugin.OfflineVerification/ (new)
- src/__Libraries/StellaOps.Cryptography.PluginLoader/ (new)

**Production Code Refactoring:**
- src/AirGap/StellaOps.AirGap.Importer/Validation/DsseVerifier.cs (100% compliant)

**Tests:**
- src/__Libraries/__Tests/StellaOps.Cryptography.Plugin.OfflineVerification.Tests/ (new, 39 tests)
- src/__Libraries/__Tests/StellaOps.Cryptography.PluginLoader.Tests/ (new)

**Configuration:**
- etc/crypto-plugins-manifest.json (plugin registry)
- etc/appsettings.crypto.*.yaml (regional profiles)

**Documentation:**
- docs/security/offline-verification-crypto-provider.md (600+ lines)
- docs/implplan/CRYPTO_CONFIGURATION_DRIVEN_ARCHITECTURE.md (master plan)
- docs/implplan/SPRINT_1000_0007_0002_crypto_refactoring.md (Phase 2 complete)

## Next Steps

Phase 3: Docker & CI/CD Integration
- Create multi-stage Dockerfiles with all plugins
- Build regional Docker Compose files
- Implement runtime configuration selection
- Add deployment validation scripts

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2025-12-23 18:20:00 +02:00
StellaOps Bot
56e2dc01ee Add unit tests for AST parsing and security sink detection 
- Created `StellaOps.AuditPack.Tests.csproj` for unit testing the AuditPack library.
- Implemented comprehensive unit tests in `index.test.js` for AST parsing, covering various JavaScript and TypeScript constructs including functions, classes, decorators, and JSX.
- Added `sink-detect.test.js` to test security sink detection patterns, validating command injection, SQL injection, file write, deserialization, SSRF, NoSQL injection, and more.
- Included tests for taint source detection in various contexts such as Express, Koa, and AWS Lambda.
 2025-12-23 09:23:42 +02:00
StellaOps Bot
5146204f1b feat: add security sink detection patterns for JavaScript/TypeScript 
- Introduced `sink-detect.js` with various security sink detection patterns categorized by type (e.g., command injection, SQL injection, file operations).
- Implemented functions to build a lookup map for fast sink detection and to match sink calls against known patterns.
- Added `package-lock.json` for dependency management.
 2025-12-22 23:21:21 +02:00
master
4602ccc3a3 Refactor code structure for improved readability and maintainability; optimize performance in key functions. 2025-12-22 19:10:27 +02:00