// // SPDX-License-Identifier: BUSL-1.1 // Sprint: SPRINT_20260112_008_LB_binary_diff_evidence_models (BINDIFF-LB-001) // using System.Collections.Immutable; using System.Text.Json.Serialization; namespace StellaOps.Evidence.Bundle; ///

/// Binary diff evidence capturing semantic and structural changes between binary versions. ///

public sealed class BinaryDiffEvidence { ///

/// Status of the binary diff evidence. ///

public required EvidenceStatus Status { get; init; } ///

/// SHA-256 hash of the diff evidence content. ///

public string? Hash { get; init; } ///

/// Previous binary artifact digest. ///

public string? PreviousBinaryDigest { get; init; } ///

/// Current binary artifact digest. ///

public string? CurrentBinaryDigest { get; init; } ///

/// Type of binary diff performed. ///

public BinaryDiffType DiffType { get; init; } ///

/// Binary format or ISA (e.g., "elf-x86_64", "pe-amd64", "macho-arm64"). ///

public string? BinaryFormat { get; init; } ///

/// Tool and version used for diffing. ///

public string? ToolVersion { get; init; } ///

/// Overall similarity score (0.0-1.0). ///

public double? SimilarityScore { get; init; } ///

/// Function-level changes. ///

public ImmutableArray FunctionChanges { get; init; } = []; ///

/// Symbol-level changes. ///

public ImmutableArray SymbolChanges { get; init; } = []; ///

/// Section-level changes. ///

public ImmutableArray SectionChanges { get; init; } = []; ///

/// Semantic fingerprint changes. ///

public BinarySemanticDiff? SemanticDiff { get; init; } ///

/// Security-relevant changes detected. ///

public ImmutableArray SecurityChanges { get; init; } = []; ///

/// Reason if diff is unavailable. ///

public string? UnavailableReason { get; init; } ///

/// Previous scan ID for reference. ///

public string? PreviousScanId { get; init; } ///

/// Previous scan time. ///

public DateTimeOffset? PreviousScanTime { get; init; } ///

/// When this diff was computed. ///

public DateTimeOffset? ComputedAt { get; init; } } ///

/// Type of binary diff analysis. ///

[JsonConverter(typeof(JsonStringEnumConverter))] public enum BinaryDiffType { ///

Structural diff (sections, symbols).

Structural, ///

Semantic diff (IR-based).

Semantic, ///

Combined structural and semantic.

Combined, ///

Fast hash-only comparison.

HashOnly } ///

/// Function-level diff entry. ///

public sealed class BinaryFunctionDiff { ///

/// Diff operation type. ///

public required BinaryDiffOperation Operation { get; init; } ///

/// Function name or symbol. ///

public required string FunctionName { get; init; } ///

/// Function address in previous binary. ///

public ulong? PreviousAddress { get; init; } ///

/// Function address in current binary. ///

public ulong? CurrentAddress { get; init; } ///

/// Previous size in bytes. ///

public int? PreviousSize { get; init; } ///

/// Current size in bytes. ///

public int? CurrentSize { get; init; } ///

/// Semantic similarity score (0.0-1.0) for modified functions. ///

public double? Similarity { get; init; } ///

/// Node hash for the function (for reachability correlation). ///

public string? NodeHash { get; init; } ///

/// Whether this function is security-sensitive. ///

public bool SecuritySensitive { get; init; } ///

/// Brief description of the change. ///

public string? ChangeDescription { get; init; } } ///

/// Symbol-level diff entry. ///

public sealed class BinarySymbolDiff { ///

/// Diff operation type. ///

public required BinaryDiffOperation Operation { get; init; } ///

/// Symbol name. ///

public required string SymbolName { get; init; } ///

/// Symbol type (function, object, etc.). ///

public string? SymbolType { get; init; } ///

/// Section containing the symbol. ///

public string? Section { get; init; } ///

/// Symbol visibility. ///

public string? Visibility { get; init; } } ///

/// Section-level diff entry. ///

public sealed class BinarySectionDiff { ///

/// Diff operation type. ///

public required BinaryDiffOperation Operation { get; init; } ///

/// Section name. ///

public required string SectionName { get; init; } ///

/// Previous section size. ///

public long? PreviousSize { get; init; } ///

/// Current section size. ///

public long? CurrentSize { get; init; } ///

/// Size delta. ///

public long? SizeDelta { get; init; } ///

/// Section permissions/flags. ///

public string? Permissions { get; init; } } ///

/// Semantic diff summary. ///

public sealed class BinarySemanticDiff { ///

/// Previous semantic fingerprint hash. ///

public string? PreviousFingerprint { get; init; } ///

/// Current semantic fingerprint hash. ///

public string? CurrentFingerprint { get; init; } ///

/// Overall semantic similarity (0.0-1.0). ///

public double Similarity { get; init; } ///

/// Number of semantically identical functions. ///

public int IdenticalFunctions { get; init; } ///

/// Number of semantically similar functions. ///

public int SimilarFunctions { get; init; } ///

/// Number of semantically different functions. ///

public int DifferentFunctions { get; init; } ///

/// IR normalization recipe version used. ///

public string? NormalizationRecipe { get; init; } } ///

/// Security-relevant change in binary. ///

public sealed class BinarySecurityChange { ///

/// Type of security change. ///

public required BinarySecurityChangeType ChangeType { get; init; } ///

/// Severity of the change (low, medium, high, critical). ///

public required string Severity { get; init; } ///

/// Description of the change. ///

public required string Description { get; init; } ///

/// Affected function or symbol. ///

public string? AffectedSymbol { get; init; } ///

/// CVE IDs potentially related to this change. ///

public ImmutableArray RelatedCves { get; init; } = []; } ///

/// Type of security-relevant change. ///

[JsonConverter(typeof(JsonStringEnumConverter))] public enum BinarySecurityChangeType { ///

New security-sensitive function added.

SecurityFunctionAdded, ///

Security-sensitive function removed.

SecurityFunctionRemoved, ///

Security-sensitive function modified.

SecurityFunctionModified, ///

Crypto function changed.

CryptoChange, ///

Memory safety function changed.

MemorySafetyChange, ///

Authentication/authorization function changed.

AuthChange, ///

Input validation function changed.

InputValidationChange, ///

Hardening feature added or removed.

HardeningChange } ///

/// Binary diff operation types. ///

[JsonConverter(typeof(JsonStringEnumConverter))] public enum BinaryDiffOperation { ///

Element was added.

Added, ///

Element was removed.

Removed, ///

Element was modified.

Modified, ///

Element was renamed.

Renamed, ///

Element was moved to different location.

Moved }