stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
e950474a770337781dba83b1422a884198c4cfa0
git.stella-ops.org/src/Policy/StellaOps.Policy.RiskProfile/Models/RiskProfileModel.cs
master e950474a77
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
api-governance / spectral-lint (push) Has been cancelled
Details
oas-ci / oas-validate (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
Policy Simulation / policy-simulate (push) Has been cancelled
Details
SDK Publish & Sign / sdk-publish (push) Has been cancelled
Details
up
2025-11-27 15:16:31 +02:00

214 lines
5.1 KiB
C#
Raw Blame History

using System.Text.Json.Serialization;
namespace StellaOps.Policy.RiskProfile.Models;
/// <summary>
/// Represents a risk profile definition used to score and prioritize findings.
/// </summary>
public sealed class RiskProfileModel
{
/// <summary>
/// Stable identifier for the risk profile (slug or URN).
/// </summary>
[JsonPropertyName("id")]
public required string Id { get; set; }
/// <summary>
/// SemVer for the profile definition.
/// </summary>
[JsonPropertyName("version")]
public required string Version { get; set; }
/// <summary>
/// Human-readable summary of the profile intent.
/// </summary>
[JsonPropertyName("description")]
public string? Description { get; set; }
/// <summary>
/// Optional parent profile ID for inheritance.
/// </summary>
[JsonPropertyName("extends")]
public string? Extends { get; set; }
/// <summary>
/// Signal definitions used for risk scoring.
/// </summary>
[JsonPropertyName("signals")]
public List<RiskSignal> Signals { get; set; } = new();
/// <summary>
/// Weight per signal name; weights are normalized by the consumer.
/// </summary>
[JsonPropertyName("weights")]
public Dictionary<string, double> Weights { get; set; } = new();
/// <summary>
/// Override rules for severity and decisions.
/// </summary>
[JsonPropertyName("overrides")]
public RiskOverrides Overrides { get; set; } = new();
/// <summary>
/// Free-form metadata with stable keys.
/// </summary>
[JsonPropertyName("metadata")]
public Dictionary<string, object?>? Metadata { get; set; }
}
/// <summary>
/// A signal definition used in risk scoring.
/// </summary>
public sealed class RiskSignal
{
/// <summary>
/// Logical signal key (e.g., reachability, kev, exploit_chain).
/// </summary>
[JsonPropertyName("name")]
public required string Name { get; set; }
/// <summary>
/// Upstream provider or calculation origin.
/// </summary>
[JsonPropertyName("source")]
public required string Source { get; set; }
/// <summary>
/// Signal type.
/// </summary>
[JsonPropertyName("type")]
public required RiskSignalType Type { get; set; }
/// <summary>
/// JSON Pointer to the signal in the evidence document.
/// </summary>
[JsonPropertyName("path")]
public string? Path { get; set; }
/// <summary>
/// Optional transform applied before weighting.
/// </summary>
[JsonPropertyName("transform")]
public string? Transform { get; set; }
/// <summary>
/// Optional unit for numeric signals.
/// </summary>
[JsonPropertyName("unit")]
public string? Unit { get; set; }
}
/// <summary>
/// Signal type enumeration.
/// </summary>
[JsonConverter(typeof(JsonStringEnumConverter<RiskSignalType>))]
public enum RiskSignalType
{
[JsonPropertyName("boolean")]
Boolean,
[JsonPropertyName("numeric")]
Numeric,
[JsonPropertyName("categorical")]
Categorical,
}
/// <summary>
/// Override rules for severity and decisions.
/// </summary>
public sealed class RiskOverrides
{
/// <summary>
/// Severity override rules.
/// </summary>
[JsonPropertyName("severity")]
public List<SeverityOverride> Severity { get; set; } = new();
/// <summary>
/// Decision override rules.
/// </summary>
[JsonPropertyName("decisions")]
public List<DecisionOverride> Decisions { get; set; } = new();
}
/// <summary>
/// A severity override rule.
/// </summary>
public sealed class SeverityOverride
{
/// <summary>
/// Predicate over signals (key/value equals).
/// </summary>
[JsonPropertyName("when")]
public required Dictionary<string, object> When { get; set; }
/// <summary>
/// Severity to set when predicate matches.
/// </summary>
[JsonPropertyName("set")]
public required RiskSeverity Set { get; set; }
}
/// <summary>
/// A decision override rule.
/// </summary>
public sealed class DecisionOverride
{
/// <summary>
/// Predicate over signals (key/value equals).
/// </summary>
[JsonPropertyName("when")]
public required Dictionary<string, object> When { get; set; }
/// <summary>
/// Action to take when predicate matches.
/// </summary>
[JsonPropertyName("action")]
public required RiskAction Action { get; set; }
/// <summary>
/// Optional reason for the override.
/// </summary>
[JsonPropertyName("reason")]
public string? Reason { get; set; }
}
/// <summary>
/// Severity levels.
/// </summary>
[JsonConverter(typeof(JsonStringEnumConverter<RiskSeverity>))]
public enum RiskSeverity
{
[JsonPropertyName("critical")]
Critical,
[JsonPropertyName("high")]
High,
[JsonPropertyName("medium")]
Medium,
[JsonPropertyName("low")]
Low,
[JsonPropertyName("informational")]
Informational,
}
/// <summary>
/// Decision actions.
/// </summary>
[JsonConverter(typeof(JsonStringEnumConverter<RiskAction>))]
public enum RiskAction
{
[JsonPropertyName("allow")]
Allow,
[JsonPropertyName("review")]
Review,
[JsonPropertyName("deny")]
Deny,
}
Reference in New Issue View Git Blame Copy Permalink