stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

Refactor code structure for improved readability and maintainability; optimize performance in key functions.

Browse Source
This commit is contained in:
master
2025-12-22 19:06:31 +02:00
parent dfaa2079aa
commit 4602ccc3a3
1444 changed files with 109919 additions and 8058 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/Scanner/AGENTS.md
View File

@@ -67,8 +67,8 @@ Reachability Drift Detection tracks function-level reachability changes between
### Call Graph Support
- **.NET**: Roslyn semantic analysis (`DotNetCallGraphExtractor`)
- **Node.js**: Babel AST analysis (`NodeCallGraphExtractor`)
- **Future**: Java (ASM), Go (SSA), Python (AST)
- **Node.js**: placeholder trace ingestion (`NodeCallGraphExtractor`); Babel integration pending (Sprint 3600.0004)
- **Planned**: Java (ASM), Go (SSA), Python (AST) extractors exist but are not registered yet
### Entrypoint Detection
- ASP.NET Core: `[HttpGet]`, `[Route]`, minimal APIs
@@ -77,9 +77,17 @@ Reachability Drift Detection tracks function-level reachability changes between
- CLI: `Main`, command handlers
### Drift API Endpoints
- `POST /api/drift/analyze` - Compute drift between two scans
- `GET /api/drift/{driftId}` - Retrieve drift result
- `GET /api/drift/{driftId}/paths` - Get detailed paths
- `GET /api/v1/scans/{scanId}/drift` - Get or compute drift between two scans
- `GET /api/v1/drift/{driftId}/sinks` - Page drifted sinks
- `POST /api/v1/scans/{scanId}/compute-reachability` - Trigger reachability computation
- `GET /api/v1/scans/{scanId}/reachability/components` - List component reachability
- `GET /api/v1/scans/{scanId}/reachability/findings` - List reachability findings
- `GET /api/v1/scans/{scanId}/reachability/explain` - Explain reachability for CVE + PURL
### Drift Documentation
- `docs/modules/scanner/reachability-drift.md`
- `docs/api/scanner-drift-api.md`
- `docs/operations/reachability-drift-guide.md`
### Testing
- Unit tests: `src/Scanner/__Tests/StellaOps.Scanner.ReachabilityDrift.Tests/`
@@ -122,7 +130,7 @@ Layered binary reachability with attestable slices for CVE triage:
- **3840**: Runtime trace merge (eBPF/ETW)
- **3850**: OCI storage and CLI commands
See: `docs/implplan/SPRINT_3800_SUMMARY.md`
See: `docs/implplan/SPRINT_3800_0000_0000_summary.md`
### Libraries
- `StellaOps.Scanner.Reachability.Slices` - Slice extraction, DSSE signing, verdict computation