docs consolidation and others
This commit is contained in:
master
@@ -13,7 +13,7 @@ Provide advisory feed integration and offline bundles for CVE-to-symbol mapping
|
||||
- `docs/modules/platform/architecture-overview.md`
|
||||
- `docs/modules/scanner/architecture.md`
|
||||
- `docs/modules/concelier/architecture.md`
|
||||
- `docs/reachability/slice-schema.md`
|
||||
- `docs/modules/reach-graph/guides/slice-schema.md`
|
||||
|
||||
## Working Directory & Boundaries
|
||||
- Primary scope: `src/Scanner/__Libraries/StellaOps.Scanner.Advisory/`
|
||||
|
||||
@@ -8,6 +8,10 @@
|
||||
<EnableDefaultItems>false</EnableDefaultItems>
|
||||
</PropertyGroup>
|
||||
|
||||
<ItemGroup>
|
||||
<InternalsVisibleTo Include="StellaOps.Scanner.Analyzers.Lang.Python.Tests" />
|
||||
</ItemGroup>
|
||||
|
||||
<ItemGroup>
|
||||
<Compile Include="**\*.cs" Exclude="obj\**;bin\**" />
|
||||
<EmbeddedResource Include="**\*.json" Exclude="obj\**;bin\**" />
|
||||
|
||||
@@ -59,17 +59,17 @@ public sealed class SecretsAnalyzer : ILanguageAnalyzer
|
||||
/// <summary>
|
||||
/// Analyzes raw file content for secrets. Adapter for Worker stage executor.
|
||||
/// </summary>
|
||||
public async ValueTask<List<SecretFinding>> AnalyzeAsync(
|
||||
public async ValueTask<List<SecretLeakEvidence>> AnalyzeAsync(
|
||||
byte[] content,
|
||||
string relativePath,
|
||||
CancellationToken ct)
|
||||
{
|
||||
if (!IsEnabled || content is null || content.Length == 0)
|
||||
{
|
||||
return new List<SecretFinding>();
|
||||
return new List<SecretLeakEvidence>();
|
||||
}
|
||||
|
||||
var findings = new List<SecretFinding>();
|
||||
var findings = new List<SecretLeakEvidence>();
|
||||
|
||||
foreach (var rule in _ruleset!.GetRulesForFile(relativePath))
|
||||
{
|
||||
@@ -85,23 +85,8 @@ public sealed class SecretsAnalyzer : ILanguageAnalyzer
|
||||
continue;
|
||||
}
|
||||
|
||||
var maskedSecret = _masker.Mask(match.Secret);
|
||||
var finding = new SecretFinding
|
||||
{
|
||||
RuleId = rule.Id,
|
||||
RuleName = rule.Name,
|
||||
Severity = rule.Severity,
|
||||
Confidence = confidence,
|
||||
FilePath = relativePath,
|
||||
LineNumber = match.LineNumber,
|
||||
ColumnStart = match.ColumnStart,
|
||||
ColumnEnd = match.ColumnEnd,
|
||||
MatchedText = maskedSecret,
|
||||
Category = rule.Category,
|
||||
DetectedAtUtc = _timeProvider.GetUtcNow()
|
||||
};
|
||||
|
||||
findings.Add(finding);
|
||||
var evidence = SecretLeakEvidence.FromMatch(match, _masker, _ruleset!, _timeProvider);
|
||||
findings.Add(evidence);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -12,8 +12,8 @@ Provide deterministic call graph extraction for supported languages and native b
|
||||
- `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
|
||||
- `docs/modules/platform/architecture-overview.md`
|
||||
- `docs/modules/scanner/architecture.md`
|
||||
- `docs/reachability/DELIVERY_GUIDE.md`
|
||||
- `docs/reachability/binary-reachability-schema.md`
|
||||
- `docs/modules/reach-graph/guides/DELIVERY_GUIDE.md`
|
||||
- `docs/modules/reach-graph/guides/binary-reachability-schema.md`
|
||||
|
||||
## Working Directory & Boundaries
|
||||
- Primary scope: `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/`
|
||||
|
||||
@@ -156,7 +156,7 @@ Located in `Risk/`:
|
||||
- `docs/modules/scanner/architecture.md`
|
||||
- `docs/modules/platform/architecture-overview.md`
|
||||
- `docs/modules/scanner/operations/entrypoint-problem.md`
|
||||
- `docs/reachability/function-level-evidence.md`
|
||||
- `docs/modules/reach-graph/guides/function-level-evidence.md`
|
||||
|
||||
## Working Agreement
|
||||
- 1. Update task status to `DOING`/`DONE` in both correspoding sprint file `/docs/implplan/SPRINT_*.md` and the local `TASKS.md` when you start or finish work.
|
||||
|
||||
@@ -12,9 +12,9 @@ Deliver deterministic reachability analysis, slice generation, and evidence arti
|
||||
- `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
|
||||
- `docs/modules/platform/architecture-overview.md`
|
||||
- `docs/modules/scanner/architecture.md`
|
||||
- `docs/reachability/DELIVERY_GUIDE.md`
|
||||
- `docs/reachability/slice-schema.md`
|
||||
- `docs/reachability/replay-verification.md`
|
||||
- `docs/modules/reach-graph/guides/DELIVERY_GUIDE.md`
|
||||
- `docs/modules/reach-graph/guides/slice-schema.md`
|
||||
- `docs/modules/reach-graph/guides/replay-verification.md`
|
||||
|
||||
## Working Directory & Boundaries
|
||||
- Primary scope: `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/`
|
||||
|
||||
@@ -225,7 +225,7 @@ If no entry points detected:
|
||||
|
||||
Sinks are vulnerable functions identified by CVE-to-symbol mapping.
|
||||
|
||||
**Data Source:** `IVulnSurfaceService` (see `docs/reachability/cve-symbol-mapping.md`)
|
||||
**Data Source:** `IVulnSurfaceService` (see `docs/modules/reach-graph/guides/cve-symbol-mapping.md`)
|
||||
|
||||
### 4.2 CVE→Symbol Mapping Flow
|
||||
|
||||
@@ -643,9 +643,9 @@ public async Task ExtractSubgraph_WithSameInputs_ProducesSameHash(string fixture
|
||||
|
||||
- **Sprint:** `docs/implplan/SPRINT_3500_0001_0001_proof_of_exposure_mvp.md`
|
||||
- **Advisory:** `docs/product-advisories/23-Dec-2026 - Binary Mapping as Attestable Proof.md`
|
||||
- **Reachability Docs:** `docs/reachability/function-level-evidence.md`, `docs/reachability/lattice.md`
|
||||
- **Reachability Docs:** `docs/modules/reach-graph/guides/function-level-evidence.md`, `docs/modules/reach-graph/guides/lattice.md`
|
||||
- **EntryTrace:** `docs/modules/scanner/operations/entrypoint-static-analysis.md`
|
||||
- **CVE Mapping:** `docs/reachability/cve-symbol-mapping.md`
|
||||
- **CVE Mapping:** `docs/modules/reach-graph/guides/cve-symbol-mapping.md`
|
||||
|
||||
---
|
||||
|
||||
|
||||
@@ -13,8 +13,8 @@ Capture and normalize runtime trace evidence (eBPF/ETW) and merge it with static
|
||||
- `docs/modules/platform/architecture-overview.md`
|
||||
- `docs/modules/scanner/architecture.md`
|
||||
- `docs/modules/zastava/architecture.md`
|
||||
- `docs/reachability/runtime-facts.md`
|
||||
- `docs/reachability/runtime-static-union-schema.md`
|
||||
- `docs/modules/reach-graph/guides/runtime-facts.md`
|
||||
- `docs/modules/reach-graph/schemas/runtime-static-union-schema.md`
|
||||
|
||||
## Working Directory & Boundaries
|
||||
- Primary scope: `src/Scanner/__Libraries/StellaOps.Scanner.Runtime/`
|
||||
|
||||
@@ -12,7 +12,7 @@ Package and store reachability slice artifacts as OCI artifacts with determinist
|
||||
- `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
|
||||
- `docs/modules/platform/architecture-overview.md`
|
||||
- `docs/modules/scanner/architecture.md`
|
||||
- `docs/reachability/binary-reachability-schema.md`
|
||||
- `docs/modules/reach-graph/guides/binary-reachability-schema.md`
|
||||
- `docs/24_OFFLINE_KIT.md`
|
||||
|
||||
## Working Directory & Boundaries
|
||||
|
||||
@@ -12,7 +12,7 @@ Build and serve vulnerability surface data for CVE and package-level symbol mapp
|
||||
- `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
|
||||
- `docs/modules/platform/architecture-overview.md`
|
||||
- `docs/modules/scanner/architecture.md`
|
||||
- `docs/reachability/slice-schema.md`
|
||||
- `docs/modules/reach-graph/guides/slice-schema.md`
|
||||
|
||||
## Working Directory & Boundaries
|
||||
- Primary scope: `src/Scanner/__Libraries/StellaOps.Scanner.VulnSurfaces/`
|
||||
|
||||
Reference in New Issue
Block a user