stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
cf5b72974f923126944f4dcd47e85864ebb31a3b
git.stella-ops.org/docs/features/unchecked/excititor/vex-claim-normalization.md

2.6 KiB
Raw Blame History

VEX Claim Normalization (Multi-Format Ingestion)

Module

Excititor

Status

IMPLEMENTED

Description

Normalization of VEX claims from OpenVEX, CycloneDX VEX, and CSAF formats into canonical internal representation with vendor-specific connectors (Ubuntu, Red Hat, Oracle, Microsoft, Cisco).

Implementation Details

  • Modules: src/Excititor/__Libraries/StellaOps.Excititor.Core/, src/Excititor/__Libraries/StellaOps.Excititor.Connectors.*/
  • Key Classes:
    • VexClaim (src/Excititor/__Libraries/StellaOps.Excititor.Core/VexClaim.cs) - canonical VEX claim model
    • VexAdvisoryKeyCanonicalizer (src/Excititor/__Libraries/StellaOps.Excititor.Core/Canonicalization/VexAdvisoryKeyCanonicalizer.cs) - canonicalizes advisory keys across formats
    • VexProductKeyCanonicalizer (src/Excititor/__Libraries/StellaOps.Excititor.Core/Canonicalization/VexProductKeyCanonicalizer.cs) - canonicalizes product keys across formats
    • UbuntuCsafConnector (src/Excititor/__Libraries/StellaOps.Excititor.Connectors.Ubuntu.CSAF/UbuntuCsafConnector.cs) - Ubuntu CSAF ingestion
    • RedHatCsafConnector (src/Excititor/__Libraries/StellaOps.Excititor.Connectors.RedHat.CSAF/RedHatCsafConnector.cs) - Red Hat CSAF ingestion
    • OracleCsafConnector (src/Excititor/__Libraries/StellaOps.Excititor.Connectors.Oracle.CSAF/OracleCsafConnector.cs) - Oracle CSAF ingestion
    • MsrcCsafConnector (src/Excititor/__Libraries/StellaOps.Excititor.Connectors.MSRC.CSAF/MsrcCsafConnector.cs) - Microsoft MSRC CSAF ingestion
    • CiscoCsafConnector (src/Excititor/__Libraries/StellaOps.Excititor.Connectors.Cisco.CSAF/CiscoCsafConnector.cs) - Cisco CSAF ingestion
    • VexIngestOrchestrator (src/Excititor/StellaOps.Excititor.WebService/Services/VexIngestOrchestrator.cs) - orchestrates multi-format ingestion
  • Interfaces: VexConnectorBase (abstract base)
  • Source: Feature matrix scan

E2E Test Plan

  • Ingest a CSAF advisory from each vendor connector (Ubuntu, Red Hat, Oracle, Microsoft, Cisco) and verify normalization into VexClaim
  • Verify VexAdvisoryKeyCanonicalizer produces identical keys for the same advisory across different formats
  • Verify VexProductKeyCanonicalizer produces identical product keys for the same product across formats
  • Ingest the same vulnerability from multiple formats (OpenVEX, CSAF, CycloneDX) and verify they normalize to equivalent claims
  • Verify VexIngestOrchestrator routes documents to the correct normalizer based on format detection
  • Verify normalization handles vendor-specific fields (Red Hat errata, Microsoft KB articles, Cisco bug IDs)