101 lines
3.7 KiB
C#
101 lines
3.7 KiB
C#
using StellaOps.VulnExplorer.Api.Models;
|
|
|
|
namespace StellaOps.VulnExplorer.Api.Data;
|
|
|
|
internal static class SampleData
|
|
{
|
|
private static readonly VulnSummary[] summaries =
|
|
{
|
|
new(
|
|
Id: "vuln-0001",
|
|
Severity: "HIGH",
|
|
Score: 8.2,
|
|
Kev: true,
|
|
Exploitability: "known",
|
|
FixAvailable: true,
|
|
CveIds: new[] { "CVE-2025-0001" },
|
|
Purls: new[] { "pkg:maven/org.example/app@1.2.3" },
|
|
PolicyVersion: "policy-main",
|
|
RationaleId: "rat-0001"),
|
|
new(
|
|
Id: "vuln-0002",
|
|
Severity: "MEDIUM",
|
|
Score: 5.4,
|
|
Kev: false,
|
|
Exploitability: "unknown",
|
|
FixAvailable: false,
|
|
CveIds: new[] { "CVE-2024-2222" },
|
|
Purls: new[] { "pkg:npm/foo@4.5.6" },
|
|
PolicyVersion: "policy-main",
|
|
RationaleId: "rat-0002")
|
|
};
|
|
|
|
private static readonly VulnDetail[] details =
|
|
{
|
|
new(
|
|
Id: "vuln-0001",
|
|
Severity: "HIGH",
|
|
Score: 8.2,
|
|
Kev: true,
|
|
Exploitability: "known",
|
|
FixAvailable: true,
|
|
CveIds: summaries[0].CveIds,
|
|
Purls: summaries[0].Purls,
|
|
Summary: "Example vulnerable library with RCE.",
|
|
AffectedPackages: new[]
|
|
{
|
|
new PackageAffect("pkg:maven/org.example/app", new[] { "1.2.3" })
|
|
},
|
|
AdvisoryRefs: new[]
|
|
{
|
|
new AdvisoryRef("https://example.com/advisory/0001", "Upstream advisory")
|
|
},
|
|
Rationale: new PolicyRationale("rat-0001", "High severity RCE with known exploit; fix available"),
|
|
Paths: new[] { "/src/app/Program.cs", "/src/lib/utils/net.cs" },
|
|
Evidence: new[]
|
|
{
|
|
new EvidenceRef("sbom", "sbom-0001", "Inventory evidence"),
|
|
new EvidenceRef("vex", "vex-0001", "Vendor statement")
|
|
},
|
|
FirstSeen: DateTimeOffset.Parse("2025-01-01T00:00:00Z"),
|
|
LastSeen: DateTimeOffset.Parse("2025-11-01T00:00:00Z"),
|
|
PolicyVersion: summaries[0].PolicyVersion,
|
|
RationaleId: summaries[0].RationaleId,
|
|
Provenance: new EvidenceProvenance("ledger-1", "evidence-1")),
|
|
new(
|
|
Id: "vuln-0002",
|
|
Severity: "MEDIUM",
|
|
Score: 5.4,
|
|
Kev: false,
|
|
Exploitability: "unknown",
|
|
FixAvailable: false,
|
|
CveIds: summaries[1].CveIds,
|
|
Purls: summaries[1].Purls,
|
|
Summary: "Prototype pollution risk.",
|
|
AffectedPackages: new[]
|
|
{
|
|
new PackageAffect("pkg:npm/foo", new[] { "4.5.6" })
|
|
},
|
|
AdvisoryRefs: Array.Empty<AdvisoryRef>(),
|
|
Rationale: new PolicyRationale("rat-0002", "Medium severity; no exploit observed; fix unavailable"),
|
|
Paths: new[] { "/app/node_modules/foo/index.js" },
|
|
Evidence: new[]
|
|
{
|
|
new EvidenceRef("sbom", "sbom-0002", "Inventory evidence")
|
|
},
|
|
FirstSeen: DateTimeOffset.Parse("2024-06-10T00:00:00Z"),
|
|
LastSeen: DateTimeOffset.Parse("2025-08-15T00:00:00Z"),
|
|
PolicyVersion: summaries[1].PolicyVersion,
|
|
RationaleId: summaries[1].RationaleId,
|
|
Provenance: new EvidenceProvenance("ledger-2", "evidence-2"))
|
|
};
|
|
|
|
public static IReadOnlyList<VulnSummary> Summaries => summaries;
|
|
|
|
public static bool TryGetDetail(string id, out VulnDetail? detail)
|
|
{
|
|
detail = details.FirstOrDefault(d => string.Equals(d.Id, id, StringComparison.Ordinal));
|
|
return detail is not null;
|
|
}
|
|
}
|