stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Complete batch 012 (golden set diff) and 013 (advisory chat), fix build errors

Browse Source 
Sprints completed:
- SPRINT_20260110_012_* (golden set diff layer - 10 sprints)
- SPRINT_20260110_013_* (advisory chat - 4 sprints)

Build fixes applied:
- Fix namespace conflicts with Microsoft.Extensions.Options.Options.Create
- Fix VexDecisionReachabilityIntegrationTests API drift (major rewrite)
- Fix VexSchemaValidationTests FluentAssertions method name
- Fix FixChainGateIntegrationTests ambiguous type references
- Fix AdvisoryAI test files required properties and namespace aliases
- Add stub types for CveMappingController (ICveSymbolMappingService)
- Fix VerdictBuilderService static context issue

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
master
2026-01-11 10:09:07 +02:00
parent a3b2f30a11
commit 7f7eb8b228
232 changed files with 58979 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files

181
src/BinaryIndex/__Tests/StellaOps.BinaryIndex.Analysis.Tests/Unit/AnalysisResultModelTests.cs Normal file
View File

@@ -0,0 +1,181 @@
// Licensed under AGPL-3.0-or-later. Copyright (C) 2026 StellaOps Contributors.
using System.Collections.Immutable;
namespace StellaOps.BinaryIndex.Analysis.Tests.Unit;
[Trait("Category", "Unit")]
public class AnalysisResultModelTests
{
[Fact]
public void GoldenSetAnalysisResult_NotDetected_ReturnsNegativeResult()
{
var analyzedAt = new DateTimeOffset(2026, 1, 10, 0, 0, 0, TimeSpan.Zero);
var duration = TimeSpan.FromSeconds(5);
var result = GoldenSetAnalysisResult.NotDetected(
"binary123",
"CVE-2024-1234",
analyzedAt,
duration,
"No signatures found");
Assert.Equal("binary123", result.BinaryId);
Assert.Equal("CVE-2024-1234", result.GoldenSetId);
Assert.Equal(analyzedAt, result.AnalyzedAt);
Assert.False(result.VulnerabilityDetected);
Assert.Equal(0, result.Confidence);
Assert.Equal(duration, result.Duration);
Assert.Contains("No signatures found", result.Warnings);
}
[Fact]
public void GoldenSetAnalysisResult_NotDetected_WithoutReason_EmptyWarnings()
{
var analyzedAt = new DateTimeOffset(2026, 1, 10, 0, 0, 0, TimeSpan.Zero);
var result = GoldenSetAnalysisResult.NotDetected(
"binary123",
"CVE-2024-1234",
analyzedAt,
TimeSpan.FromSeconds(1));
Assert.Empty(result.Warnings);
}
[Fact]
public void SignatureMatch_Create_RequiredProperties()
{
var match = new SignatureMatch
{
TargetFunction = "vulnerable_func",
BinaryFunction = "renamed_func",
Address = 0x1000UL,
Level = MatchLevel.MultiLevel,
Similarity = 0.95m
};
Assert.Equal("vulnerable_func", match.TargetFunction);
Assert.Equal("renamed_func", match.BinaryFunction);
Assert.Equal(0x1000UL, match.Address);
Assert.Equal(MatchLevel.MultiLevel, match.Level);
Assert.Equal(0.95m, match.Similarity);
}
[Fact]
public void SignatureMatch_WithScores_PopulatesLevelScores()
{
var scores = new MatchLevelScores
{
BasicBlockScore = 0.9m,
CfgScore = 0.85m,
StringRefScore = 0.7m,
ConstantScore = 0.8m,
SemanticScore = 0.0m
};
var match = new SignatureMatch
{
TargetFunction = "func",
BinaryFunction = "func",
Address = 0x1000UL,
Level = MatchLevel.MultiLevel,
Similarity = 0.85m,
LevelScores = scores
};
Assert.NotNull(match.LevelScores);
Assert.Equal(0.9m, match.LevelScores.BasicBlockScore);
}
[Fact]
public void ReachabilityResult_NoPath_CreatesNegativeResult()
{
var entryPoints = ImmutableArray.Create("main", "init");
var result = ReachabilityResult.NoPath(entryPoints);
Assert.False(result.PathExists);
Assert.Null(result.PathLength);
Assert.Equal(2, result.EntryPoints.Length);
Assert.Equal(1.0m, result.Confidence);
}
[Fact]
public void ReachabilityPath_Length_ReturnsNodeCount()
{
var path = new ReachabilityPath
{
EntryPoint = "main",
Sink = "memcpy",
Nodes = ["main", "process", "copy_data", "memcpy"]
};
Assert.Equal(4, path.Length);
}
[Fact]
public void SinkMatch_Create_RequiredProperties()
{
var sink = new SinkMatch
{
SinkName = "memcpy",
CallAddress = 0x2000UL,
ContainingFunction = "process_data"
};
Assert.Equal("memcpy", sink.SinkName);
Assert.Equal(0x2000UL, sink.CallAddress);
Assert.Equal("process_data", sink.ContainingFunction);
Assert.True(sink.IsDirectCall);
}
[Fact]
public void TaintGate_Create_RequiredProperties()
{
var gate = new TaintGate
{
BlockId = "bb5",
Address = 0x1050UL,
GateType = TaintGateType.BoundsCheck,
Condition = "size < MAX_SIZE",
BlocksWhenTrue = true,
Confidence = 0.85m
};
Assert.Equal("bb5", gate.BlockId);
Assert.Equal(0x1050UL, gate.Address);
Assert.Equal(TaintGateType.BoundsCheck, gate.GateType);
Assert.Equal("size < MAX_SIZE", gate.Condition);
Assert.True(gate.BlocksWhenTrue);
Assert.Equal(0.85m, gate.Confidence);
}
[Theory]
[InlineData(MatchLevel.None)]
[InlineData(MatchLevel.BasicBlock)]
[InlineData(MatchLevel.CfgStructure)]
[InlineData(MatchLevel.StringRefs)]
[InlineData(MatchLevel.Semantic)]
[InlineData(MatchLevel.MultiLevel)]
public void MatchLevel_AllValues_Defined(MatchLevel level)
{
// Verify all enum values are accessible
Assert.True(Enum.IsDefined(level));
}
[Theory]
[InlineData(TaintGateType.Unknown)]
[InlineData(TaintGateType.BoundsCheck)]
[InlineData(TaintGateType.NullCheck)]
[InlineData(TaintGateType.AuthCheck)]
[InlineData(TaintGateType.InputValidation)]
[InlineData(TaintGateType.TypeCheck)]
[InlineData(TaintGateType.PermissionCheck)]
[InlineData(TaintGateType.ResourceLimit)]
[InlineData(TaintGateType.FormatValidation)]
public void TaintGateType_AllValues_Defined(TaintGateType type)
{
Assert.True(Enum.IsDefined(type));
}
}

169
src/BinaryIndex/__Tests/StellaOps.BinaryIndex.Analysis.Tests/Unit/FingerprintModelTests.cs Normal file
View File

@@ -0,0 +1,169 @@
// Licensed under AGPL-3.0-or-later. Copyright (C) 2026 StellaOps Contributors.
using System.Collections.Immutable;
namespace StellaOps.BinaryIndex.Analysis.Tests.Unit;
[Trait("Category", "Unit")]
public class FingerprintModelTests
{
[Fact]
public void FunctionFingerprint_Create_SetsRequiredProperties()
{
var fingerprint = new FunctionFingerprint
{
FunctionName = "vulnerable_func",
Address = 0x1000UL,
BasicBlockHashes =
[
new BasicBlockHash
{
BlockId = "bb0",
StartAddress = 0x1000UL,
OpcodeHash = "abc123",
FullHash = "def456"
}
],
CfgHash = "cfg789"
};
Assert.Equal("vulnerable_func", fingerprint.FunctionName);
Assert.Equal(0x1000UL, fingerprint.Address);
Assert.Single(fingerprint.BasicBlockHashes);
Assert.Equal("cfg789", fingerprint.CfgHash);
}
[Fact]
public void BasicBlockHash_Create_WithDefaults_HasEmptyCollections()
{
var block = new BasicBlockHash
{
BlockId = "bb0",
StartAddress = 0x1000UL,
OpcodeHash = "abc",
FullHash = "def"
};
Assert.Empty(block.Successors);
Assert.Empty(block.Predecessors);
Assert.Equal(BasicBlockType.Normal, block.BlockType);
}
[Fact]
public void SemanticEmbedding_CosineSimilarity_IdenticalVectors_ReturnsOne()
{
var embedding1 = new SemanticEmbedding
{
Vector = [1f, 0f, 0f],
ModelVersion = "v1"
};
var embedding2 = new SemanticEmbedding
{
Vector = [1f, 0f, 0f],
ModelVersion = "v1"
};
var similarity = embedding1.CosineSimilarity(embedding2);
Assert.Equal(1f, similarity, precision: 5);
}
[Fact]
public void SemanticEmbedding_CosineSimilarity_OrthogonalVectors_ReturnsZero()
{
var embedding1 = new SemanticEmbedding
{
Vector = [1f, 0f, 0f],
ModelVersion = "v1"
};
var embedding2 = new SemanticEmbedding
{
Vector = [0f, 1f, 0f],
ModelVersion = "v1"
};
var similarity = embedding1.CosineSimilarity(embedding2);
Assert.Equal(0f, similarity, precision: 5);
}
[Fact]
public void SemanticEmbedding_CosineSimilarity_OppositeVectors_ReturnsNegativeOne()
{
var embedding1 = new SemanticEmbedding
{
Vector = [1f, 0f, 0f],
ModelVersion = "v1"
};
var embedding2 = new SemanticEmbedding
{
Vector = [-1f, 0f, 0f],
ModelVersion = "v1"
};
var similarity = embedding1.CosineSimilarity(embedding2);
Assert.Equal(-1f, similarity, precision: 5);
}
[Fact]
public void SemanticEmbedding_CosineSimilarity_DifferentDimensions_ReturnsZero()
{
var embedding1 = new SemanticEmbedding
{
Vector = [1f, 0f, 0f],
ModelVersion = "v1"
};
var embedding2 = new SemanticEmbedding
{
Vector = [1f, 0f],
ModelVersion = "v1"
};
var similarity = embedding1.CosineSimilarity(embedding2);
Assert.Equal(0f, similarity);
}
[Fact]
public void SemanticEmbedding_Dimension_ReturnsVectorLength()
{
var embedding = new SemanticEmbedding
{
Vector = [1f, 2f, 3f, 4f],
ModelVersion = "v1"
};
Assert.Equal(4, embedding.Dimension);
}
[Fact]
public void ExtractedConstant_Create_WithDefaults()
{
var constant = new ExtractedConstant
{
Value = "0x1000",
Address = 0x2000UL
};
Assert.Equal("0x1000", constant.Value);
Assert.Equal(0x2000UL, constant.Address);
Assert.Equal(4, constant.Size);
Assert.True(constant.IsMeaningful);
}
[Fact]
public void CfgEdge_Create_WithDefaults()
{
var edge = new CfgEdge
{
SourceBlockId = "bb0",
TargetBlockId = "bb1"
};
Assert.Equal("bb0", edge.SourceBlockId);
Assert.Equal("bb1", edge.TargetBlockId);
Assert.Equal(CfgEdgeType.FallThrough, edge.EdgeType);
Assert.Null(edge.Condition);
}
}

147
src/BinaryIndex/__Tests/StellaOps.BinaryIndex.Analysis.Tests/Unit/SignatureIndexBuilderTests.cs Normal file
View File

@@ -0,0 +1,147 @@
// Licensed under AGPL-3.0-or-later. Copyright (C) 2026 StellaOps Contributors.
using System.Collections.Immutable;
namespace StellaOps.BinaryIndex.Analysis.Tests.Unit;
[Trait("Category", "Unit")]
public class SignatureIndexBuilderTests
{
[Fact]
public void Build_EmptyBuilder_ReturnsEmptyIndex()
{
var createdAt = new DateTimeOffset(2026, 1, 10, 0, 0, 0, TimeSpan.Zero);
var builder = new SignatureIndexBuilder("CVE-2024-1234", "openssl", createdAt);
var index = builder.Build();
Assert.Equal("CVE-2024-1234", index.VulnerabilityId);
Assert.Equal("openssl", index.Component);
Assert.Equal(createdAt, index.CreatedAt);
Assert.Empty(index.Signatures);
Assert.Equal(0, index.SignatureCount);
}
[Fact]
public void AddSignature_SingleSignature_IndexesCorrectly()
{
var createdAt = new DateTimeOffset(2026, 1, 10, 0, 0, 0, TimeSpan.Zero);
var builder = new SignatureIndexBuilder("CVE-2024-1234", "openssl", createdAt);
var signature = new FunctionSignature
{
FunctionName = "vulnerable_func",
BasicBlockHashes = ["hash1", "hash2"],
CfgHash = "cfg123",
StringRefHashes = ["str1"],
Constants = ["0x1000"],
Sinks = ["memcpy"]
};
builder.AddSignature(signature);
var index = builder.Build();
Assert.Equal(1, index.SignatureCount);
Assert.True(index.Signatures.ContainsKey("vulnerable_func"));
// Check basic block index
Assert.True(index.BasicBlockIndex.ContainsKey("hash1"));
Assert.Contains("vulnerable_func", index.BasicBlockIndex["hash1"]);
// Check CFG index
Assert.True(index.CfgIndex.ContainsKey("cfg123"));
Assert.Contains("vulnerable_func", index.CfgIndex["cfg123"]);
// Check string ref index
Assert.True(index.StringRefIndex.ContainsKey("str1"));
// Check constant index
Assert.True(index.ConstantIndex.ContainsKey("0x1000"));
// Check sinks
Assert.Contains("memcpy", index.Sinks);
}
[Fact]
public void AddSignature_MultipleSignatures_IndexesBoth()
{
var createdAt = new DateTimeOffset(2026, 1, 10, 0, 0, 0, TimeSpan.Zero);
var builder = new SignatureIndexBuilder("CVE-2024-1234", "openssl", createdAt);
builder.AddSignature(new FunctionSignature
{
FunctionName = "func1",
BasicBlockHashes = ["hash1"],
Sinks = ["memcpy"]
});
builder.AddSignature(new FunctionSignature
{
FunctionName = "func2",
BasicBlockHashes = ["hash2"],
Sinks = ["strcpy"]
});
var index = builder.Build();
Assert.Equal(2, index.SignatureCount);
Assert.True(index.Signatures.ContainsKey("func1"));
Assert.True(index.Signatures.ContainsKey("func2"));
Assert.Contains("memcpy", index.Sinks);
Assert.Contains("strcpy", index.Sinks);
}
[Fact]
public void AddSignature_SharedHash_IndexesBothFunctions()
{
var createdAt = new DateTimeOffset(2026, 1, 10, 0, 0, 0, TimeSpan.Zero);
var builder = new SignatureIndexBuilder("CVE-2024-1234", "openssl", createdAt);
builder.AddSignature(new FunctionSignature
{
FunctionName = "func1",
BasicBlockHashes = ["shared_hash", "unique1"]
});
builder.AddSignature(new FunctionSignature
{
FunctionName = "func2",
BasicBlockHashes = ["shared_hash", "unique2"]
});
var index = builder.Build();
var sharedHashFuncs = index.BasicBlockIndex["shared_hash"];
Assert.Equal(2, sharedHashFuncs.Length);
Assert.Contains("func1", sharedHashFuncs);
Assert.Contains("func2", sharedHashFuncs);
}
[Fact]
public void AddSink_ManualSink_IncludedInIndex()
{
var createdAt = new DateTimeOffset(2026, 1, 10, 0, 0, 0, TimeSpan.Zero);
var builder = new SignatureIndexBuilder("CVE-2024-1234", "openssl", createdAt);
builder.AddSink("system");
builder.AddSink("execve");
var index = builder.Build();
Assert.Contains("system", index.Sinks);
Assert.Contains("execve", index.Sinks);
}
[Fact]
public void Empty_ReturnsEmptyIndex()
{
var createdAt = new DateTimeOffset(2026, 1, 10, 0, 0, 0, TimeSpan.Zero);
var index = SignatureIndex.Empty("CVE-2024-1234", "openssl", createdAt);
Assert.Equal("CVE-2024-1234", index.VulnerabilityId);
Assert.Equal("openssl", index.Component);
Assert.Empty(index.Signatures);
Assert.Empty(index.BasicBlockIndex);
Assert.Empty(index.Sinks);
}
}

237
src/BinaryIndex/__Tests/StellaOps.BinaryIndex.Analysis.Tests/Unit/SignatureMatcherTests.cs Normal file
View File

@@ -0,0 +1,237 @@
// Licensed under AGPL-3.0-or-later. Copyright (C) 2026 StellaOps Contributors.
using System.Collections.Immutable;
using Microsoft.Extensions.Logging.Abstractions;
namespace StellaOps.BinaryIndex.Analysis.Tests.Unit;
[Trait("Category", "Unit")]
public class SignatureMatcherTests
{
private readonly SignatureMatcher _matcher = new(NullLogger<SignatureMatcher>.Instance);
[Fact]
public void Match_DirectNameMatch_HighSimilarity_ReturnsMatch()
{
var fingerprint = CreateFingerprint("vulnerable_func", ["hash1", "hash2"]);
var index = CreateIndex("vulnerable_func", ["hash1", "hash2"]);
var match = _matcher.Match(fingerprint, index);
Assert.NotNull(match);
Assert.Equal("vulnerable_func", match.TargetFunction);
Assert.Equal("vulnerable_func", match.BinaryFunction);
Assert.True(match.Similarity >= 0.85m);
}
[Fact]
public void Match_NoMatch_ReturnsNull()
{
var fingerprint = CreateFingerprint("other_func", ["different_hash"]);
var index = CreateIndex("vulnerable_func", ["hash1", "hash2"]);
var match = _matcher.Match(fingerprint, index);
Assert.Null(match);
}
[Fact]
public void Match_FuzzyNameMatch_StrippedPrefix_ReturnsMatch()
{
var fingerprint = CreateFingerprint("_vulnerable_func", ["hash1"]);
var index = CreateIndex("vulnerable_func", ["hash1"]);
var options = new SignatureMatchOptions { FuzzyNameMatch = true, MinSimilarity = 0.1m };
var match = _matcher.Match(fingerprint, index, options);
Assert.NotNull(match);
Assert.Equal("vulnerable_func", match.TargetFunction);
}
[Fact]
public void Match_FuzzyNameMatch_Disabled_NoMatch()
{
var fingerprint = CreateFingerprint("_vulnerable_func", ["hash1"]);
var index = CreateIndex("vulnerable_func", ["hash1"]);
var options = new SignatureMatchOptions { FuzzyNameMatch = false };
var match = _matcher.Match(fingerprint, index, options);
// May still match via hash lookup
// but direct name match won't work
}
[Fact]
public void Match_HashBasedLookup_FindsCandidate()
{
// Fingerprint has different name but same hashes
// Use a very low threshold since CFG and name won't match
var fingerprint = CreateFingerprint("renamed_func", ["hash1", "hash2"]);
var index = CreateIndex("vulnerable_func", ["hash1", "hash2"]);
var options = new SignatureMatchOptions { MinSimilarity = 0.1m }; // Very low threshold for hash-only match
var match = _matcher.Match(fingerprint, index, options);
Assert.NotNull(match);
Assert.Equal("vulnerable_func", match.TargetFunction);
Assert.Equal("renamed_func", match.BinaryFunction);
}
[Fact]
public void FindAllMatches_MultipleMatches_ReturnsAll()
{
var fingerprint = CreateFingerprint("common_func", ["shared_hash"]);
var createdAt = new DateTimeOffset(2026, 1, 10, 0, 0, 0, TimeSpan.Zero);
var builder = new SignatureIndexBuilder("CVE-2024-1234", "test", createdAt);
builder.AddSignature(new FunctionSignature
{
FunctionName = "func1",
BasicBlockHashes = ["shared_hash"]
});
builder.AddSignature(new FunctionSignature
{
FunctionName = "func2",
BasicBlockHashes = ["shared_hash"]
});
var index = builder.Build();
var options = new SignatureMatchOptions { MinSimilarity = 0.1m }; // Low threshold
var matches = _matcher.FindAllMatches(fingerprint, index, options);
Assert.Equal(2, matches.Length);
}
[Fact]
public void MatchBatch_MultipleFingerprints_DeduplicatesByTarget()
{
var fingerprints = ImmutableArray.Create(
CreateFingerprint("func_a", ["hash1"]),
CreateFingerprint("func_b", ["hash1"]) // Same hash, should match same target
);
var index = CreateIndex("vulnerable_func", ["hash1"]);
var options = new SignatureMatchOptions { MinSimilarity = 0.1m }; // Low threshold
var matches = _matcher.MatchBatch(fingerprints, index, options);
// Should deduplicate by target function
Assert.Single(matches);
Assert.Equal("vulnerable_func", matches[0].TargetFunction);
}
[Fact]
public void Match_CfgMatchRequired_NoCfgMatch_ReturnsNull()
{
var fingerprint = new FunctionFingerprint
{
FunctionName = "test_func",
Address = 0x1000UL,
BasicBlockHashes =
[
new BasicBlockHash
{
BlockId = "bb0",
StartAddress = 0x1000UL,
OpcodeHash = "hash1",
FullHash = "full1"
}
],
CfgHash = "different_cfg"
};
var createdAt = new DateTimeOffset(2026, 1, 10, 0, 0, 0, TimeSpan.Zero);
var builder = new SignatureIndexBuilder("CVE-2024-1234", "test", createdAt);
builder.AddSignature(new FunctionSignature
{
FunctionName = "test_func",
BasicBlockHashes = ["hash1"],
CfgHash = "original_cfg"
});
var index = builder.Build();
var options = new SignatureMatchOptions { RequireCfgMatch = true };
var match = _matcher.Match(fingerprint, index, options);
Assert.Null(match);
}
[Fact]
public void Match_MatchLevelScores_PopulatedCorrectly()
{
var fingerprint = CreateFingerprint("vulnerable_func", ["hash1", "hash2"]);
var index = CreateIndex("vulnerable_func", ["hash1", "hash2"]);
var match = _matcher.Match(fingerprint, index);
Assert.NotNull(match);
Assert.NotNull(match.LevelScores);
Assert.True(match.LevelScores.BasicBlockScore > 0);
}
[Fact]
public void Match_MatchedConstants_Populated()
{
var fingerprint = new FunctionFingerprint
{
FunctionName = "test_func",
Address = 0x1000UL,
BasicBlockHashes = [new BasicBlockHash
{
BlockId = "bb0",
StartAddress = 0x1000UL,
OpcodeHash = "hash1",
FullHash = "full1"
}],
CfgHash = "cfg1",
Constants = [new ExtractedConstant { Value = "0x1000", Address = 0x1000UL }]
};
var createdAt = new DateTimeOffset(2026, 1, 10, 0, 0, 0, TimeSpan.Zero);
var builder = new SignatureIndexBuilder("CVE-2024-1234", "test", createdAt);
builder.AddSignature(new FunctionSignature
{
FunctionName = "test_func",
BasicBlockHashes = ["hash1"],
Constants = ["0x1000", "0x2000"]
});
var index = builder.Build();
var options = new SignatureMatchOptions { MinSimilarity = 0.1m };
var match = _matcher.Match(fingerprint, index, options);
Assert.NotNull(match);
Assert.Contains("0x1000", match.MatchedConstants);
}
private static FunctionFingerprint CreateFingerprint(string name, string[] hashes)
{
return new FunctionFingerprint
{
FunctionName = name,
Address = 0x1000UL,
BasicBlockHashes = [.. hashes.Select((h, i) => new BasicBlockHash
{
BlockId = $"bb{i}",
StartAddress = (ulong)(0x1000 + i * 0x10),
OpcodeHash = h,
FullHash = $"full_{h}"
})],
CfgHash = $"cfg_{name}"
};
}
private static SignatureIndex CreateIndex(string funcName, string[] hashes)
{
var createdAt = new DateTimeOffset(2026, 1, 10, 0, 0, 0, TimeSpan.Zero);
var builder = new SignatureIndexBuilder("CVE-2024-1234", "test", createdAt);
builder.AddSignature(new FunctionSignature
{
FunctionName = funcName,
BasicBlockHashes = [.. hashes],
CfgHash = $"cfg_{funcName}"
});
return builder.Build();
}
}

164
src/BinaryIndex/__Tests/StellaOps.BinaryIndex.Analysis.Tests/Unit/TaintGateExtractorTests.cs Normal file
View File

@@ -0,0 +1,164 @@
// Licensed under AGPL-3.0-or-later. Copyright (C) 2026 StellaOps Contributors.
using Microsoft.Extensions.Logging.Abstractions;
namespace StellaOps.BinaryIndex.Analysis.Tests.Unit;
[Trait("Category", "Unit")]
public class TaintGateExtractorTests
{
private readonly TaintGateExtractor _extractor = new(NullLogger<TaintGateExtractor>.Instance);
[Theory]
[InlineData("size < MAX_SIZE", TaintGateType.BoundsCheck)]
[InlineData("index >= 0 && index < array.length", TaintGateType.BoundsCheck)]
[InlineData("len <= BUFFER_SIZE", TaintGateType.BoundsCheck)]
[InlineData("count > 100", TaintGateType.BoundsCheck)] // COUNT with comparison
[InlineData("check bounds overflow", TaintGateType.BoundsCheck)]
public void ClassifyCondition_BoundsCheck_IdentifiesCorrectly(string condition, TaintGateType expected)
{
var result = _extractor.ClassifyCondition(condition);
Assert.Equal(expected, result);
}
[Theory]
[InlineData("ptr == NULL", TaintGateType.NullCheck)]
[InlineData("pointer != nullptr", TaintGateType.NullCheck)]
[InlineData("p == 0", TaintGateType.NullCheck)]
[InlineData("if (!ptr)", TaintGateType.NullCheck)]
[InlineData("null check required", TaintGateType.NullCheck)]
public void ClassifyCondition_NullCheck_IdentifiesCorrectly(string condition, TaintGateType expected)
{
var result = _extractor.ClassifyCondition(condition);
Assert.Equal(expected, result);
}
[Theory]
[InlineData("authenticated == true", TaintGateType.AuthCheck)]
[InlineData("is_auth && session_valid", TaintGateType.AuthCheck)]
[InlineData("check_auth(user)", TaintGateType.AuthCheck)]
[InlineData("token != null", TaintGateType.AuthCheck)]
[InlineData("logged_in == 1", TaintGateType.AuthCheck)]
public void ClassifyCondition_AuthCheck_IdentifiesCorrectly(string condition, TaintGateType expected)
{
var result = _extractor.ClassifyCondition(condition);
Assert.Equal(expected, result);
}
[Theory]
[InlineData("permission == ALLOW", TaintGateType.PermissionCheck)]
[InlineData("has_perm(user, resource)", TaintGateType.PermissionCheck)]
[InlineData("check_perm(role)", TaintGateType.PermissionCheck)]
[InlineData("admin != 0", TaintGateType.PermissionCheck)] // ADMIN with comparison
[InlineData("access == granted", TaintGateType.PermissionCheck)]
public void ClassifyCondition_PermissionCheck_IdentifiesCorrectly(string condition, TaintGateType expected)
{
var result = _extractor.ClassifyCondition(condition);
Assert.Equal(expected, result);
}
[Theory]
[InlineData("typeof == int", TaintGateType.TypeCheck)] // TYPEOF with comparison
[InlineData("instanceof == String", TaintGateType.TypeCheck)] // INSTANCEOF with comparison
[InlineData("type != null", TaintGateType.TypeCheck)] // TYPE with comparison
[InlineData("type_check needed", TaintGateType.TypeCheck)]
[InlineData("dynamic_cast used", TaintGateType.TypeCheck)]
public void ClassifyCondition_TypeCheck_IdentifiesCorrectly(string condition, TaintGateType expected)
{
var result = _extractor.ClassifyCondition(condition);
Assert.Equal(expected, result);
}
[Theory]
[InlineData("valid == true", TaintGateType.InputValidation)]
[InlineData("is_valid(input)", TaintGateType.InputValidation)]
[InlineData("validate(data)", TaintGateType.InputValidation)]
[InlineData("sanitize == 1", TaintGateType.InputValidation)] // SANITIZE with comparison
[InlineData("filter != null", TaintGateType.InputValidation)]
public void ClassifyCondition_InputValidation_IdentifiesCorrectly(string condition, TaintGateType expected)
{
var result = _extractor.ClassifyCondition(condition);
Assert.Equal(expected, result);
}
[Theory]
[InlineData("format == expected", TaintGateType.FormatValidation)]
[InlineData("regex != null", TaintGateType.FormatValidation)] // REGEX with comparison
[InlineData("is_format_valid(str)", TaintGateType.FormatValidation)]
[InlineData("pattern == match", TaintGateType.FormatValidation)]
[InlineData("valid_format == true", TaintGateType.FormatValidation)]
public void ClassifyCondition_FormatValidation_IdentifiesCorrectly(string condition, TaintGateType expected)
{
var result = _extractor.ClassifyCondition(condition);
Assert.Equal(expected, result);
}
[Theory]
[InlineData("limit > 0", TaintGateType.ResourceLimit)]
[InlineData("reached_limit", TaintGateType.ResourceLimit)]
[InlineData("quota > 0", TaintGateType.ResourceLimit)]
[InlineData("exceed threshold", TaintGateType.ResourceLimit)]
[InlineData("max < 100", TaintGateType.ResourceLimit)]
public void ClassifyCondition_ResourceLimit_IdentifiesCorrectly(string condition, TaintGateType expected)
{
var result = _extractor.ClassifyCondition(condition);
Assert.Equal(expected, result);
}
[Theory]
[InlineData("")]
[InlineData(" ")]
[InlineData(null)]
public void ClassifyCondition_EmptyOrNull_ReturnsUnknown(string? condition)
{
var result = _extractor.ClassifyCondition(condition!);
Assert.Equal(TaintGateType.Unknown, result);
}
[Theory]
[InlineData("x = y + z")]
[InlineData("call func()")]
[InlineData("return value")]
public void ClassifyCondition_NonSecurityCondition_ReturnsUnknown(string condition)
{
var result = _extractor.ClassifyCondition(condition);
Assert.Equal(TaintGateType.Unknown, result);
}
[Fact]
public void ClassifyConditions_MultipleConditions_ClassifiesAll()
{
var conditions = new[]
{
("bb0", 0x1000UL, "ptr == NULL"),
("bb1", 0x1010UL, "size < MAX_SIZE"),
("bb2", 0x1020UL, "x = y") // Unknown
};
var gates = _extractor.ClassifyConditions([.. conditions]);
// Should only return recognized gates
Assert.Equal(2, gates.Length);
Assert.Contains(gates, g => g.GateType == TaintGateType.NullCheck);
Assert.Contains(gates, g => g.GateType == TaintGateType.BoundsCheck);
}
[Fact]
public void ClassifyConditions_PopulatesAllFields()
{
var conditions = new[]
{
("bb0", 0x1000UL, "ptr == NULL")
};
var gates = _extractor.ClassifyConditions([.. conditions]);
Assert.Single(gates);
var gate = gates[0];
Assert.Equal("bb0", gate.BlockId);
Assert.Equal(0x1000UL, gate.Address);
Assert.Equal(TaintGateType.NullCheck, gate.GateType);
Assert.Equal("ptr == NULL", gate.Condition);
Assert.True(gate.Confidence >= 0.5m);
}
}