audit, advisories and doctors/setup work
This commit is contained in:
master
@@ -0,0 +1,98 @@
|
||||
using System.Collections.Immutable;
|
||||
|
||||
namespace StellaOps.Scanner.Contracts;
|
||||
|
||||
/// <summary>
|
||||
/// ELF section type values from the specification.
|
||||
/// </summary>
|
||||
public enum ElfSectionType : uint
|
||||
{
|
||||
Null = 0,
|
||||
ProgBits = 1,
|
||||
SymTab = 2,
|
||||
StrTab = 3,
|
||||
Rela = 4,
|
||||
Hash = 5,
|
||||
Dynamic = 6,
|
||||
Note = 7,
|
||||
NoBits = 8,
|
||||
Rel = 9,
|
||||
ShLib = 10,
|
||||
DynSym = 11,
|
||||
InitArray = 14,
|
||||
FiniArray = 15,
|
||||
PreInitArray = 16,
|
||||
Group = 17,
|
||||
SymTabShndx = 18
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// ELF section header flags.
|
||||
/// </summary>
|
||||
[Flags]
|
||||
public enum ElfSectionFlags : ulong
|
||||
{
|
||||
None = 0,
|
||||
Write = 0x1,
|
||||
Alloc = 0x2,
|
||||
ExecInstr = 0x4,
|
||||
Merge = 0x10,
|
||||
Strings = 0x20,
|
||||
InfoLink = 0x40,
|
||||
LinkOrder = 0x80,
|
||||
OsNonConforming = 0x100,
|
||||
Group = 0x200,
|
||||
Tls = 0x400,
|
||||
Compressed = 0x800
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Represents a cryptographic hash of an ELF section.
|
||||
/// </summary>
|
||||
public sealed record ElfSectionHash
|
||||
{
|
||||
/// <summary>Section name (e.g., ".text", ".rodata").</summary>
|
||||
public required string Name { get; init; }
|
||||
|
||||
/// <summary>Section offset in file.</summary>
|
||||
public required long Offset { get; init; }
|
||||
|
||||
/// <summary>Section size in bytes.</summary>
|
||||
public required long Size { get; init; }
|
||||
|
||||
/// <summary>SHA-256 hash of section contents (lowercase hex).</summary>
|
||||
public required string Sha256 { get; init; }
|
||||
|
||||
/// <summary>Optional BLAKE3-256 hash of section contents (lowercase hex).</summary>
|
||||
public string? Blake3 { get; init; }
|
||||
|
||||
/// <summary>Section type from ELF header.</summary>
|
||||
public required ElfSectionType SectionType { get; init; }
|
||||
|
||||
/// <summary>Section flags from ELF header.</summary>
|
||||
public required ElfSectionFlags Flags { get; init; }
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Collection of section hashes for a single ELF binary.
|
||||
/// </summary>
|
||||
public sealed record ElfSectionHashSet
|
||||
{
|
||||
/// <summary>Path to the ELF binary.</summary>
|
||||
public required string FilePath { get; init; }
|
||||
|
||||
/// <summary>SHA-256 hash of the entire file.</summary>
|
||||
public required string FileHash { get; init; }
|
||||
|
||||
/// <summary>Build-ID from .note.gnu.build-id if present.</summary>
|
||||
public string? BuildId { get; init; }
|
||||
|
||||
/// <summary>Section hashes, sorted by section name.</summary>
|
||||
public required ImmutableArray<ElfSectionHash> Sections { get; init; }
|
||||
|
||||
/// <summary>Extraction timestamp (UTC ISO-8601).</summary>
|
||||
public required DateTimeOffset ExtractedAt { get; init; }
|
||||
|
||||
/// <summary>Extractor version for reproducibility.</summary>
|
||||
public required string ExtractorVersion { get; init; }
|
||||
}
|
||||
@@ -0,0 +1,98 @@
|
||||
using System.Collections.Immutable;
|
||||
|
||||
namespace StellaOps.Scanner.Contracts;
|
||||
|
||||
/// <summary>
|
||||
/// Result of inspecting an OCI image reference.
|
||||
/// </summary>
|
||||
public sealed record ImageInspectionResult
|
||||
{
|
||||
/// <summary>Original image reference provided.</summary>
|
||||
public required string Reference { get; init; }
|
||||
|
||||
/// <summary>Resolved digest of the index or manifest.</summary>
|
||||
public required string ResolvedDigest { get; init; }
|
||||
|
||||
/// <summary>Media type of the resolved artifact.</summary>
|
||||
public required string MediaType { get; init; }
|
||||
|
||||
/// <summary>True if this is a multi-arch image index.</summary>
|
||||
public required bool IsMultiArch { get; init; }
|
||||
|
||||
/// <summary>Platform manifests (1 for single-arch, N for multi-arch).</summary>
|
||||
public required ImmutableArray<PlatformManifest> Platforms { get; init; }
|
||||
|
||||
/// <summary>Inspection timestamp (UTC).</summary>
|
||||
public required DateTimeOffset InspectedAt { get; init; }
|
||||
|
||||
/// <summary>Inspector version for reproducibility.</summary>
|
||||
public required string InspectorVersion { get; init; }
|
||||
|
||||
/// <summary>Registry that was queried.</summary>
|
||||
public required string Registry { get; init; }
|
||||
|
||||
/// <summary>Repository name.</summary>
|
||||
public required string Repository { get; init; }
|
||||
|
||||
/// <summary>Warnings encountered during inspection.</summary>
|
||||
public ImmutableArray<string> Warnings { get; init; } = [];
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// A platform-specific manifest within an image index.
|
||||
/// </summary>
|
||||
public sealed record PlatformManifest
|
||||
{
|
||||
/// <summary>Operating system (e.g., "linux", "windows").</summary>
|
||||
public required string Os { get; init; }
|
||||
|
||||
/// <summary>CPU architecture (e.g., "amd64", "arm64").</summary>
|
||||
public required string Architecture { get; init; }
|
||||
|
||||
/// <summary>Architecture variant (e.g., "v8" for arm64).</summary>
|
||||
public string? Variant { get; init; }
|
||||
|
||||
/// <summary>OS version (mainly for Windows).</summary>
|
||||
public string? OsVersion { get; init; }
|
||||
|
||||
/// <summary>Digest of this platform's manifest.</summary>
|
||||
public required string ManifestDigest { get; init; }
|
||||
|
||||
/// <summary>Media type of the manifest.</summary>
|
||||
public required string ManifestMediaType { get; init; }
|
||||
|
||||
/// <summary>Digest of the config blob.</summary>
|
||||
public required string ConfigDigest { get; init; }
|
||||
|
||||
/// <summary>Ordered list of layers.</summary>
|
||||
public required ImmutableArray<LayerInfo> Layers { get; init; }
|
||||
|
||||
/// <summary>Total size of all layers in bytes.</summary>
|
||||
public required long TotalSize { get; init; }
|
||||
|
||||
/// <summary>Platform string (os/arch/variant).</summary>
|
||||
public string PlatformString => Variant is null
|
||||
? $"{Os}/{Architecture}"
|
||||
: $"{Os}/{Architecture}/{Variant}";
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Information about a single layer.
|
||||
/// </summary>
|
||||
public sealed record LayerInfo
|
||||
{
|
||||
/// <summary>Layer order (0-indexed, application order).</summary>
|
||||
public required int Order { get; init; }
|
||||
|
||||
/// <summary>Layer digest (sha256:...).</summary>
|
||||
public required string Digest { get; init; }
|
||||
|
||||
/// <summary>Media type of the layer blob.</summary>
|
||||
public required string MediaType { get; init; }
|
||||
|
||||
/// <summary>Compressed size in bytes.</summary>
|
||||
public required long Size { get; init; }
|
||||
|
||||
/// <summary>Optional annotations from the manifest.</summary>
|
||||
public ImmutableDictionary<string, string>? Annotations { get; init; }
|
||||
}
|
||||
Reference in New Issue
Block a user