27 lines
1.7 KiB
Markdown
27 lines
1.7 KiB
Markdown
# Source Intelligence Parsing (Changelog + Patch Header)
|
|
|
|
## Module
|
|
Concelier
|
|
|
|
## Status
|
|
IMPLEMENTED
|
|
|
|
## Description
|
|
Source intelligence parsing for Tier 2 and Tier 3 evidence collection. Includes changelog parsing (debian/changelog, RPM changelog), patch header parsing, and integration with upstream advisory sources (Debian Security Tracker, Red Hat Errata).
|
|
|
|
## Implementation Details
|
|
- **Modules**: `src/Concelier/__Libraries/StellaOps.Concelier.BackportProof/`, `src/Concelier/__Libraries/StellaOps.Concelier.Connector.Distro.*/`
|
|
- **Key Classes**:
|
|
- `BackportEvidenceResolver` (`src/Concelier/__Libraries/StellaOps.Concelier.Merge/Backport/BackportEvidenceResolver.cs`) - resolves backport evidence from changelog and patch header sources
|
|
- `BackportStatusService` (`src/Concelier/__Libraries/StellaOps.Concelier.BackportProof/Services/BackportStatusService.cs`) - backport status determination from parsed source intelligence
|
|
- `DebianConnector` (`src/Concelier/__Libraries/StellaOps.Concelier.Connector.Distro.Debian/DebianConnector.cs`) - ingests Debian Security Tracker data
|
|
- `RedHatConnector` (`src/Concelier/__Libraries/StellaOps.Concelier.Connector.Distro.RedHat/RedHatConnector.cs`) - ingests Red Hat Errata data
|
|
- **Source**: Feature matrix scan
|
|
|
|
## E2E Test Plan
|
|
- [ ] Parse a debian/changelog file and verify CVE fix entries are correctly extracted as Tier 2 evidence
|
|
- [ ] Parse an RPM changelog and verify patch entries are extracted
|
|
- [ ] Parse patch headers and verify commit references and CVE links are extracted as Tier 3 evidence
|
|
- [ ] Verify integration: Debian Security Tracker data feeds into `BackportEvidenceResolver` for backport verdict
|
|
- [ ] Verify Red Hat Errata integration: errata data provides evidence for backport status determination
|