stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

save checkpoint: save features

Browse Source
This commit is contained in:
master
2026-02-12 10:27:23 +02:00
parent dca86e1248
commit 5bca406787
8837 changed files with 1796879 additions and 5294 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
docs/features/checked/binaryindex/vulnerable-binaries-database.md Normal file
View File

@@ -0,0 +1,36 @@
# Vulnerable Binaries Database (BinaryIndex Module)
## Module
BinaryIndex
## Status
VERIFIED
## Description
Dedicated BinaryIndex module with web service, worker, and library structure for binary vulnerability detection independent of package metadata.
## Implementation Details
- **Modules**: `src/BinaryIndex/StellaOps.BinaryIndex.WebService/`, `src/BinaryIndex/StellaOps.BinaryIndex.Worker/`, `src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Persistence/`
- **Key Classes**:
- **Web Service**: `ResolutionController` (`Controllers/ResolutionController.cs`) - vulnerability resolution API; `GoldenSetController` - golden set management API; `PatchCoverageController` - patch coverage API; `BinaryIndexOpsController` - ops health/bench/cache endpoints
- **Worker**: `ReproducibleBuildJob` (`Jobs/ReproducibleBuildJob.cs`) - background worker for build verification
- **Persistence**: `BinaryVulnerabilityService` (`src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Persistence/Services/BinaryVulnerabilityService.cs`) - vulnerability detection service with match method mapping and corpus query integration
- **Cache**: `CachedBinaryVulnerabilityService` (`src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Cache/CachedBinaryVulnerabilityService.cs`) - Valkey-backed caching layer
- **Analysis**: `SignatureMatcher`, `TaintGateExtractor`, `ReachGraphBinaryReachabilityService` (`src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Analysis/`)
- **Ensemble**: `EnsembleDecisionEngine` (`src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Ensemble/`) - multi-tier vulnerability classification
- **Program Entry**: `Program.cs` (`src/BinaryIndex/StellaOps.BinaryIndex.WebService/Program.cs`) - configures services, resolution caching, rate limiting
## E2E Test Plan
- [x] Query the database for a known vulnerable binary (by Build-ID) and verify vulnerability is detected
- [x] Submit a binary for analysis and verify detection works independent of package metadata
- [x] Verify web service endpoints are accessible: resolution, golden set, patch coverage, ops
- [x] Verify worker job processes reproducible build verification in the background
- [x] Verify cached lookups improve performance on repeated queries
- [x] Verify ensemble decision engine combines all matching signals for final vulnerability classification
## Verification
- Run: `docs/qa/feature-checks/runs/binaryindex/vulnerable-binaries-database/run-002/`
- Date (UTC): 2026-02-12
- Tier 0: Source and symbol checks passed, including Worker project buildability and WebService fallback wiring.
- Tier 1: Build and test gates passed for Analysis, Builders, Cache, Ensemble, Persistence, WebService, Worker, and related test projects.
- Tier 2: API checks passed for ops/config, golden set listing, patch coverage, invalid payload handling (`400`), single and batch resolution, and repeated cache-backed resolution replay (`fromCache=true`).