Patch Coverage Tracking

Module

BinaryIndex

VERIFIED

Dedicated patch coverage API endpoint for tracking which CVE patches are covered in binary analysis.

Modules: src/BinaryIndex/StellaOps.BinaryIndex.WebService/Controllers/
Key Classes:
- PatchCoverageController (src/BinaryIndex/StellaOps.BinaryIndex.WebService/Controllers/PatchCoverageController.cs) - REST API controller for patch coverage queries using IDeltaSignatureRepository
- DeltaSignatureMatcher (src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.DeltaSig/DeltaSignatureMatcher.cs) - matches delta signatures to assess patch coverage
- DeltaSigService / DeltaSigServiceV2 (src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.DeltaSig/) - service layer for delta-sig operations
Interfaces: IDeltaSignatureRepository - repository for persisted delta signatures used by patch coverage queries

Query patch coverage API for a known CVE and verify coverage status (covered/not covered)
Verify patch coverage percentage calculation: submit binaries with partial patch coverage
Verify that delta signatures for the CVE fix are used to determine coverage
Verify API returns correct coverage for batch queries across multiple CVEs
Verify coverage tracking updates when new delta signatures are added

Tier 0/1/2 artifacts: docs/qa/feature-checks/runs/binaryindex/patch-coverage-tracking/run-001/.
Result: verified.
Evidence summary:
- tier1-test-webservice-patchcoverage.log: Passed 7/7.
- tier1-test-deltasig-matcher.log: Passed 8/8.
- tier2-test-webservice-patchcoverage.log: Passed 7/7.
- tier2-test-deltasig-matcher.log: Passed 8/8.
Note: webservice and webservice-tests builds were run with scoped output paths in this run to avoid concurrent binary-lock collisions on shared bin/Release outputs.