stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

save checkpoint

Browse Source
This commit is contained in:
master
2026-02-14 09:11:48 +02:00
parent 9ca2de05df
commit e9aeadc040
1512 changed files with 30863 additions and 4728 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
docs/features/checked/scanner/proof-bundle-api-for-exploit-paths.md Normal file
View File

@@ -0,0 +1,40 @@
# Proof Bundle API for Exploit Paths
## Module
Scanner
## Status
VERIFIED
## Description
REST API (GET /triage/paths/{pathId}/proof) returning complete proof bundles aggregating reachability subgraph (nodes + edges), symbol map with source locations, VEX claims with trust scores, and computed bundle digest for integrity. Export endpoint for JSON file download.
## Implementation Details
- **Proof Bundle Storage**:
- `src/Scanner/__Libraries/StellaOps.Scanner.Storage/Postgres/PostgresProofBundleRepository.cs` - `PostgresProofBundleRepository` stores and retrieves proof bundles for exploit paths
- `src/Scanner/__Libraries/StellaOps.Scanner.Storage/Entities/ProofBundleRow.cs` - `ProofBundleRow` database entity for proof bundle persistence
- **Proof Bundle Writer**:
- `src/Scanner/__Libraries/StellaOps.Scanner.Core/ProofBundleWriter.cs` - `ProofBundleWriter` assembles proof bundles aggregating reachability subgraph, symbol map, VEX claims, and computes bundle digest
- **Scan Manifest**:
- `src/Scanner/__Libraries/StellaOps.Scanner.Storage/Repositories/IScanManifestRepository.cs` - Repository for scan manifest data linked to proof bundles
- **OCI Publishing**:
- `src/Scanner/__Libraries/StellaOps.Scanner.Storage.Oci/VerdictOciPublisher.cs` - Publishes proof bundles to OCI registries as attestation artifacts
## E2E Test Plan
- [ ] Generate a proof bundle for an exploit path and retrieve it via the API, verifying it contains the reachability subgraph with nodes and edges
- [ ] Verify the proof bundle includes the symbol map with source file locations
- [ ] Verify the proof bundle includes VEX claims with trust scores for each finding
- [ ] Verify the computed bundle digest provides integrity verification
- [ ] Export the proof bundle as a JSON file and verify the download contains the complete bundle
- [ ] Verify proof bundles are publishable to OCI registries as attestation artifacts
---
## Verification
| Check | Result |
|-------|--------|
| Tier 0 - Source files exist | PASS |
| Tier 1 - Build + code review | PASS |
| Tier 2 - Integration tests | PASS |
| Verified | 2026-02-13T18:10:00Z |