feat: add Attestation Chain and Triage Evidence API clients and models

- Implemented Attestation Chain API client with methods for verifying, fetching, and managing attestation chains. - Created models for Attestation Chain, including DSSE envelope structures and verification results. - Developed Triage Evidence API client for fetching finding evidence, including methods for evidence retrieval by CVE and component. - Added models for Triage Evidence, encapsulating evidence responses, entry points, boundary proofs, and VEX evidence. - Introduced mock implementations for both API clients to facilitate testing and development.
2025-12-18 13:15:13 +02:00
parent 7d5250238c
commit 00d2c99af9
118 changed files with 13463 additions and 151 deletions
--- a/src/Scanner/StellaOps.Scanner.Analyzers.Native/NativeFormatDetector.cs
+++ b/src/Scanner/StellaOps.Scanner.Analyzers.Native/NativeFormatDetector.cs
@@ -180,6 +180,24 @@ public static class NativeFormatDetector
            return false;
        }

+        // Try full PE parsing for CodeView GUID and other identity info
+        if (PeReader.TryExtractIdentity(span, out var peIdentity) && peIdentity is not null)
+        {
+            identity = new NativeBinaryIdentity(
+                NativeFormat.Pe,
+                peIdentity.Machine,
+                "windows",
+                Endianness: "le",
+                BuildId: null,
+                Uuid: null,
+                InterpreterPath: null,
+                CodeViewGuid: peIdentity.CodeViewGuid,
+                CodeViewAge: peIdentity.CodeViewAge,
+                ProductVersion: peIdentity.ProductVersion);
+            return true;
+        }
+
+        // Fallback to basic parsing
        var machine = BinaryPrimitives.ReadUInt16LittleEndian(span.Slice(peHeaderOffset + 4, 2));
        var arch = MapPeMachine(machine);

@@ -205,6 +223,30 @@ public static class NativeFormatDetector
            return false;
        }

+        // Try full parsing with MachOReader
+        using var stream = new MemoryStream(span.ToArray());
+        if (MachOReader.TryExtractIdentity(stream, out var machOIdentity) && machOIdentity is not null)
+        {
+            var endianness = magic is 0xCAFEBABE or 0xFEEDFACE or 0xFEEDFACF ? "be" : "le";
+            var prefixedUuid = machOIdentity.Uuid is not null ? $"macho-uuid:{machOIdentity.Uuid}" : null;
+
+            identity = new NativeBinaryIdentity(
+                NativeFormat.MachO,
+                machOIdentity.CpuType,
+                "darwin",
+                Endianness: endianness,
+                BuildId: prefixedUuid,
+                Uuid: prefixedUuid,
+                InterpreterPath: null,
+                MachOPlatform: machOIdentity.Platform,
+                MachOMinOsVersion: machOIdentity.MinOsVersion,
+                MachOSdkVersion: machOIdentity.SdkVersion,
+                MachOCdHash: machOIdentity.CodeSignature?.CdHash,
+                MachOTeamId: machOIdentity.CodeSignature?.TeamId);
+            return true;
+        }
+
+        // Fallback to basic parsing
        bool bigEndian = magic is 0xCAFEBABE or 0xFEEDFACE or 0xFEEDFACF;

        uint cputype;
@@ -229,7 +271,7 @@ public static class NativeFormatDetector
        }

        var arch = MapMachCpuType(cputype);
-        var endianness = bigEndian ? "be" : "le";
+        var fallbackEndianness = bigEndian ? "be" : "le";

        string? uuid = null;
        if (!isFat)
@@ -269,7 +311,7 @@ public static class NativeFormatDetector
        }

        // Store Mach-O UUID in BuildId field (prefixed) and also in Uuid for backwards compatibility
-        identity = new NativeBinaryIdentity(NativeFormat.MachO, arch, "darwin", Endianness: endianness, BuildId: uuid, Uuid: uuid, InterpreterPath: null);
+        identity = new NativeBinaryIdentity(NativeFormat.MachO, arch, "darwin", Endianness: fallbackEndianness, BuildId: uuid, Uuid: uuid, InterpreterPath: null);
        return true;
    }