# Entropy Analysis for Binaries

## Module
Scanner

## Status
VERIFIED

## Description
Shannon entropy analysis pass integrated into the binary scanning pipeline, detecting packed/encrypted/obfuscated sections in ELF and PE binaries to flag suspicious artifacts.

## Implementation Details
- **Core Entropy Calculator**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.Core/Entropy/EntropyCalculator.cs` - Shannon entropy calculation
  - `src/Scanner/__Libraries/StellaOps.Scanner.Core/Entropy/EntropyReportBuilder.cs` - Builds entropy analysis reports
  - `src/Scanner/__Libraries/StellaOps.Scanner.Core/Entropy/EntropyReportModels.cs` - Report models
- **Worker Stage**:
  - `src/Scanner/StellaOps.Scanner.Worker/Processing/Entropy/EntropyStageExecutor.cs` - Entropy analysis stage in scan pipeline
- **PE Hardening Integration**:
  - `src/Scanner/StellaOps.Scanner.Analyzers.Native/Hardening/PeHardeningExtractor.cs` - PE hardening extraction including entropy analysis
  - `src/Scanner/StellaOps.Scanner.Analyzers.Native/Hardening/HardeningFlags.cs` - Hardening flags model
- **API Contracts**:
  - `src/Scanner/StellaOps.Scanner.WebService/Contracts/EntropyContracts.cs` - Entropy analysis API contracts
  - `src/Scanner/StellaOps.Scanner.WebService/Endpoints/ScanEndpoints.cs` - Exposes entropy data in scan results
- **Secrets Detection Integration**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Secrets/Detectors/EntropyCalculator.cs` - Entropy calculator for secret detection
  - `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Secrets/Detectors/EntropyDetector.cs` - High-entropy string detection for secrets

## E2E Test Plan
- [ ] Scan a container image containing packed/UPX-compressed ELF binaries and verify high entropy sections are flagged
- [ ] Scan an image with standard (non-packed) binaries and verify entropy values are within normal range
- [ ] Verify PE binary analysis includes entropy data for each section
- [ ] Verify entropy analysis results appear in scan API response
- [ ] Verify the `EntropyStageExecutor` runs as part of the scan pipeline
- [ ] Verify entropy-based secret detection flags high-entropy strings as potential secrets

---

## Verification

| Check | Result |
|-------|--------|
| Tier 0 - Source files exist | PASS |
| Tier 1 - Build + code review | PASS |
| Tier 2 - Integration tests | PASS |
| Verified | 2026-02-13T18:10:00Z |