# Vulnerable Binaries Database (BinaryIndex Module)

## Module
BinaryIndex

## Status
IMPLEMENTED

## Description
Dedicated BinaryIndex module with web service, worker, and library structure for binary vulnerability detection independent of package metadata.

## Implementation Details
- **Modules**: `src/BinaryIndex/StellaOps.BinaryIndex.WebService/`, `src/BinaryIndex/StellaOps.BinaryIndex.Worker/`, `src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Persistence/`
- **Key Classes**:
  - **Web Service**: `ResolutionController` (`Controllers/ResolutionController.cs`) - vulnerability resolution API; `GoldenSetController` - golden set management API; `PatchCoverageController` - patch coverage API; `BinaryIndexOpsController` - ops health/bench/cache endpoints
  - **Worker**: `ReproducibleBuildJob` (`Jobs/ReproducibleBuildJob.cs`) - background worker for build verification
  - **Persistence**: `BinaryVulnerabilityService` (`src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Persistence/Services/BinaryVulnerabilityService.cs`) - vulnerability detection service with match method mapping and corpus query integration
  - **Cache**: `CachedBinaryVulnerabilityService` (`src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Cache/CachedBinaryVulnerabilityService.cs`) - Valkey-backed caching layer
  - **Analysis**: `SignatureMatcher`, `TaintGateExtractor`, `ReachGraphBinaryReachabilityService` (`src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Analysis/`)
  - **Ensemble**: `EnsembleDecisionEngine` (`src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Ensemble/`) - multi-tier vulnerability classification
- **Program Entry**: `Program.cs` (`src/BinaryIndex/StellaOps.BinaryIndex.WebService/Program.cs`) - configures services, resolution caching, rate limiting

## E2E Test Plan
- [ ] Query the database for a known vulnerable binary (by Build-ID) and verify vulnerability is detected
- [ ] Submit a binary for analysis and verify detection works independent of package metadata
- [ ] Verify web service endpoints are accessible: resolution, golden set, patch coverage, ops
- [ ] Verify worker job processes reproducible build verification in the background
- [ ] Verify cached lookups improve performance on repeated queries
- [ ] Verify ensemble decision engine combines all matching signals for final vulnerability classification