stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity

feat(docs): Add comprehensive documentation for Vexer, Vulnerability Explorer, and Zastava modules

Browse Source 
- Introduced AGENTS.md, README.md, TASKS.md, and implementation_plan.md for Vexer, detailing mission, responsibilities, key components, and operational notes.
- Established similar documentation structure for Vulnerability Explorer and Zastava modules, including their respective workflows, integrations, and observability notes.
- Created risk scoring profiles documentation outlining the core workflow, factor model, governance, and deliverables.
- Ensured all modules adhere to the Aggregation-Only Contract and maintain determinism and provenance in outputs.
This commit is contained in:
master
2025-10-30 00:09:39 +02:00
parent 3154c67978
commit 7b5bdcf4d3
503 changed files with 16136 additions and 54638 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
docs/modules/scanner/operations/entrypoint-lang-rust.md Normal file
View File

@@ -0,0 +1,24 @@
# Entry-Point Runtime — Rust
## Signals to gather
- ELF binaries with DWARF producer strings containing `rustc`.
- Symbols prefixed with `_ZN` (mangled Rust) or section `.rustc`.
- Presence of `panic=abort` strings, `Rust` metadata, or Cargo artefacts (`Cargo.toml`, `Cargo.lock`).
- Statically linked (no `.dynamic` entries) in many cases, or musl loader (`/lib/ld-musl-x86_64.so.1`).
- Environment such as `RUST_LOG`, `RUST_BACKTRACE`.
## Implementation notes
- Parse DWARF `.debug_info` when available; short-circuit by scanning `.comment` sections for `rustc`.
- Distinguish from Go by the absence of `.note.go.buildid`.
- When Cargo artefacts exist, include target name and profile in evidence.
- For binaries built with `--target x86_64-pc-windows-gnu`, treat them under the same detector (PE + Rust markers).
## Evidence & scoring
- Reward DWARF producer strings, Cargo files, and Rust-specific env vars.
- Penalise when only generic static binary traits are present (may defer to C/C++).
- Mention musl vs glibc loader differences for observability.
## Edge cases
- Rust compiled to WebAssembly or run inside Wasmtime falls outside this detector; leave as `Other`.
- Stripped binaries without DWARF or comments may be indistinguishable from C—fall back to C/C++ and add note.
- Supervisors launching multiple Rust binaries handled upstream.