Source Intelligence Parsing (Changelog + Patch Header)

Module

Concelier

Status

IMPLEMENTED

Description

Source intelligence parsing for Tier 2 and Tier 3 evidence collection. Includes changelog parsing (debian/changelog, RPM changelog), patch header parsing, and integration with upstream advisory sources (Debian Security Tracker, Red Hat Errata).

Implementation Details

Modules: src/Concelier/__Libraries/StellaOps.Concelier.BackportProof/, src/Concelier/__Libraries/StellaOps.Concelier.Connector.Distro.*/
Key Classes:
- BackportEvidenceResolver (src/Concelier/__Libraries/StellaOps.Concelier.Merge/Backport/BackportEvidenceResolver.cs) - resolves backport evidence from changelog and patch header sources
- BackportStatusService (src/Concelier/__Libraries/StellaOps.Concelier.BackportProof/Services/BackportStatusService.cs) - backport status determination from parsed source intelligence
- DebianConnector (src/Concelier/__Libraries/StellaOps.Concelier.Connector.Distro.Debian/DebianConnector.cs) - ingests Debian Security Tracker data
- RedHatConnector (src/Concelier/__Libraries/StellaOps.Concelier.Connector.Distro.RedHat/RedHatConnector.cs) - ingests Red Hat Errata data
Source: Feature matrix scan

E2E Test Plan

Parse a debian/changelog file and verify CVE fix entries are correctly extracted as Tier 2 evidence
Parse an RPM changelog and verify patch entries are extracted
Parse patch headers and verify commit references and CVE links are extracted as Tier 3 evidence
Verify integration: Debian Security Tracker data feeds into BackportEvidenceResolver for backport verdict
Verify Red Hat Errata integration: errata data provides evidence for backport status determination

1.7 KiB Raw Blame History