stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
1bf6bbf3955ecbd8d20f5eeb767da5c7f8324b57
git.stella-ops.org/docs/features/unchecked/reachgraph/reachability-analysis-with-call-graph-evidence.md

2.4 KiB
Raw Blame History

Reachability Analysis with Call Graph Evidence

Module

ReachGraph

Status

IMPLEMENTED

Description

Reachability analysis is implemented with a dedicated ReachGraph backend service, frontend reachability explanation views, and witness path components showing call graph evidence traces.

Implementation Details

  • ReachGraphController: src/ReachGraph/StellaOps.ReachGraph.WebService/Controllers/ReachGraphController.cs -- REST API at v1/reachgraphs with slice queries supporting call graph evidence; GET {digest}/slice with q (package), cve, entrypoint, file query parameters
  • IReachGraphSliceService: src/ReachGraph/StellaOps.ReachGraph.WebService/Services/IReachGraphSliceService.cs -- SliceByPackageAsync, SliceByCveAsync (returns CveSliceResponse with Sinks and Paths), SliceByEntrypointAsync, SliceByFileAsync
  • ReachGraphSliceService: src/ReachGraph/StellaOps.ReachGraph.WebService/Services/ReachGraphSliceService.cs -- cached slice computation with IReachGraphCache
  • ReachabilityPath model: src/ReachGraph/StellaOps.ReachGraph.WebService/Models/ReachGraphContracts.cs -- Entrypoint, Sink, Hops (call chain), Edges (graph edges showing evidence trace)
  • CveSliceResponse: src/ReachGraph/StellaOps.ReachGraph.WebService/Models/ReachGraphContracts.cs -- extends SliceQueryResponse with Sinks and Paths for call graph evidence
  • IReachabilityIndex: src/__Libraries/StellaOps.Reachability.Core/IReachabilityIndex.cs -- unified facade with QueryStaticAsync, QueryRuntimeAsync, QueryHybridAsync combining static call graph with runtime evidence
  • EvidenceUriBuilder: src/__Libraries/StellaOps.Reachability.Core/EvidenceUriBuilder.cs -- builds URIs for evidence artifacts
  • Frontend: reachability explanation views and witness path components in src/Web/
  • Tests: src/ReachGraph/__Tests/StellaOps.ReachGraph.WebService.Tests/ReachGraphApiIntegrationTests.cs
  • Source: Feature matrix scan

E2E Test Plan

  • Verify CVE slice returns reachability paths with entrypoint-to-sink hops
  • Test call graph evidence trace includes edge types and evidence URIs
  • Verify package slice shows upstream/downstream reachability with configurable depth
  • Test entrypoint slice traces all paths from a given entrypoint
  • Verify file-based slice returns reachability for symbols in a specific file
  • Test frontend reachability explanation view renders witness paths correctly