stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

save checkpoint

Browse Source
This commit is contained in:
master
2026-02-14 09:11:48 +02:00
parent 9ca2de05df
commit e9aeadc040
1512 changed files with 30863 additions and 4728 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
docs/features/checked/scanner/entropy-analysis-for-binaries.md Normal file
View File

@@ -0,0 +1,46 @@
# Entropy Analysis for Binaries
## Module
Scanner
## Status
VERIFIED
## Description
Shannon entropy analysis pass integrated into the binary scanning pipeline, detecting packed/encrypted/obfuscated sections in ELF and PE binaries to flag suspicious artifacts.
## Implementation Details
- **Core Entropy Calculator**:
- `src/Scanner/__Libraries/StellaOps.Scanner.Core/Entropy/EntropyCalculator.cs` - Shannon entropy calculation
- `src/Scanner/__Libraries/StellaOps.Scanner.Core/Entropy/EntropyReportBuilder.cs` - Builds entropy analysis reports
- `src/Scanner/__Libraries/StellaOps.Scanner.Core/Entropy/EntropyReportModels.cs` - Report models
- **Worker Stage**:
- `src/Scanner/StellaOps.Scanner.Worker/Processing/Entropy/EntropyStageExecutor.cs` - Entropy analysis stage in scan pipeline
- **PE Hardening Integration**:
- `src/Scanner/StellaOps.Scanner.Analyzers.Native/Hardening/PeHardeningExtractor.cs` - PE hardening extraction including entropy analysis
- `src/Scanner/StellaOps.Scanner.Analyzers.Native/Hardening/HardeningFlags.cs` - Hardening flags model
- **API Contracts**:
- `src/Scanner/StellaOps.Scanner.WebService/Contracts/EntropyContracts.cs` - Entropy analysis API contracts
- `src/Scanner/StellaOps.Scanner.WebService/Endpoints/ScanEndpoints.cs` - Exposes entropy data in scan results
- **Secrets Detection Integration**:
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Secrets/Detectors/EntropyCalculator.cs` - Entropy calculator for secret detection
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Secrets/Detectors/EntropyDetector.cs` - High-entropy string detection for secrets
## E2E Test Plan
- [ ] Scan a container image containing packed/UPX-compressed ELF binaries and verify high entropy sections are flagged
- [ ] Scan an image with standard (non-packed) binaries and verify entropy values are within normal range
- [ ] Verify PE binary analysis includes entropy data for each section
- [ ] Verify entropy analysis results appear in scan API response
- [ ] Verify the `EntropyStageExecutor` runs as part of the scan pipeline
- [ ] Verify entropy-based secret detection flags high-entropy strings as potential secrets
---
## Verification
| Check | Result |
|-------|--------|
| Tier 0 - Source files exist | PASS |
| Tier 1 - Build + code review | PASS |
| Tier 2 - Integration tests | PASS |
| Verified | 2026-02-13T18:10:00Z |