partly or unimplemented features - now implemented
This commit is contained in:
master
@@ -0,0 +1,55 @@
|
||||
# Stack-Trace/Exploit Path View
|
||||
|
||||
## Module
|
||||
Scanner
|
||||
|
||||
## Status
|
||||
IMPLEMENTED
|
||||
|
||||
## Description
|
||||
A dedicated "Stack-Trace Lens" UX component that renders exploit paths as interactive stack-trace visualizations, allowing security engineers to trace the call chain from entrypoint to vulnerable function. Combines backend exploit path grouping with a frontend visualization component.
|
||||
|
||||
## What's Implemented
|
||||
- **Exploit Path Grouping (Backend)**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Triage/Services/IExploitPathGroupingService.cs` - `IExploitPathGroupingService` interface for grouping triage findings by their exploit path similarity
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Triage/Models/ExploitPath.cs` - `ExploitPath` model representing a call chain from entrypoint to vulnerable function
|
||||
- **Path Explanation (Backend)**:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Explanation/PathExplanationService.cs` - `PathExplanationService` generating human-readable explanations of reachability paths
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Explanation/PathRenderer.cs` - `PathRenderer` rendering call-graph paths as structured output (text, JSON, diagram-ready format)
|
||||
- **Triage API**:
|
||||
- `src/Scanner/StellaOps.Scanner.WebService/Endpoints/Triage/TriageInboxEndpoints.cs` - `TriageInboxEndpoints` REST API serving triage findings with exploit path data to frontend consumers
|
||||
- **Call Path Models**:
|
||||
- `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Statements/WitnessCallPathNode.cs` - `WitnessCallPathNode` model for individual nodes in a call path
|
||||
- `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Statements/WitnessPathNode.cs` - `WitnessPathNode` model for path traversal nodes
|
||||
|
||||
## What's Missing
|
||||
- **Stack-Trace Lens UI Component**: No dedicated Angular component in `src/Web/` that renders exploit paths as interactive stack-trace visualizations with:
|
||||
- Collapsible call-chain frames (entrypoint -> intermediate calls -> vulnerable function)
|
||||
- Syntax-highlighted source snippets at each frame (when source mapping is available)
|
||||
- Reachability tier badge per frame (Confirmed/Likely/Present)
|
||||
- Click-to-expand frame details (file path, line number, function signature)
|
||||
- **Path Comparison View**: No side-by-side comparison of multiple exploit paths reaching the same vulnerable function from different entrypoints
|
||||
- **Path Sharing/Export**: No URL-addressable deep links to specific exploit paths for sharing in issue trackers
|
||||
- **Path Filtering**: No filtering of exploit paths by reachability confidence, entrypoint type, or path length
|
||||
|
||||
## Implementation Plan
|
||||
1. Create `ExploitPathViewComponent` in `src/Web/` as an Angular component consuming the TriageInboxEndpoints exploit path API
|
||||
2. Implement collapsible stack-frame rendering with entrypoint -> call chain -> sink visualization
|
||||
3. Add source snippet rendering using source-map data when available from the scanner
|
||||
4. Add reachability tier badges per frame using the PathExplanationService output
|
||||
5. Implement path comparison view for vulnerabilities with multiple exploit paths
|
||||
6. Add deep-link URL routing for direct navigation to specific exploit paths
|
||||
7. Add path filtering controls (confidence tier, entrypoint type, path length)
|
||||
|
||||
## E2E Test Plan
|
||||
- [ ] Navigate to a triage finding with a known exploit path and verify the Stack-Trace Lens component renders the full call chain from entrypoint to vulnerable function
|
||||
- [ ] Verify each frame in the stack trace shows the correct function signature, file path, and reachability tier badge
|
||||
- [ ] Click to expand a frame and verify source snippet is displayed (when source mapping is available)
|
||||
- [ ] Verify collapsing intermediate frames hides call chain details while keeping entrypoint and sink visible
|
||||
- [ ] Open the path comparison view for a vulnerability with multiple exploit paths and verify side-by-side rendering
|
||||
- [ ] Copy the deep link URL for a specific exploit path, navigate to it in a new browser tab, and verify the same path is displayed
|
||||
- [ ] Apply path filtering by reachability confidence and verify only paths matching the selected tier are shown
|
||||
|
||||
## Related Documentation
|
||||
- Source: See feature catalog
|
||||
- Architecture: `docs/modules/scanner/architecture.md`
|
||||
Reference in New Issue
Block a user