stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
1bf6bbf3955ecbd8d20f5eeb767da5c7f8324b57
git.stella-ops.org/docs/features/unchecked/reachgraph/reachability-aware-vulnerability-analysis.md

2.7 KiB
Raw Blame History

Reachability-Aware Vulnerability Analysis (Multi-Layer)

Module

ReachGraph

Status

IMPLEMENTED

Description

Multi-layer reachability with source (Layer1/2/3), binary mapping, and runtime correlation. Lattice-based states and hybrid results combining static and runtime analysis.

Implementation Details

  • IReachabilityIndex: src/__Libraries/StellaOps.Reachability.Core/IReachabilityIndex.cs -- unified facade: QueryStaticAsync (Layer 1-3 source analysis), QueryRuntimeAsync (runtime correlation), QueryHybridAsync (combines static + runtime with lattice state)
  • ReachabilityIndex: src/__Libraries/StellaOps.Reachability.Core/ReachabilityIndex.cs -- default implementation combining adapters
  • HybridReachabilityResult: src/__Libraries/StellaOps.Reachability.Core/HybridReachabilityResult.cs -- hybrid result with lattice state, confidence, VEX recommendation
  • StaticReachabilityResult: src/__Libraries/StellaOps.Reachability.Core/StaticReachabilityResult.cs -- static analysis result
  • RuntimeReachabilityResult: src/__Libraries/StellaOps.Reachability.Core/RuntimeReachabilityResult.cs -- runtime observation result
  • LatticeState enum: src/__Libraries/StellaOps.Reachability.Core/LatticeState.cs -- 8-state lattice (U/SR/SU/RO/RU/CR/CU/X)
  • ReachabilityLattice: src/__Libraries/StellaOps.Reachability.Core/ReachabilityLattice.cs -- state machine with FrozenDictionary transitions, evidence accumulation, confidence scoring
  • ConfidenceCalculator: src/__Libraries/StellaOps.Reachability.Core/ConfidenceCalculator.cs -- confidence computation
  • IReachGraphAdapter: src/__Libraries/StellaOps.Reachability.Core/IReachGraphAdapter.cs -- adapter for ReachGraph data
  • ISignalsAdapter: src/__Libraries/StellaOps.Reachability.Core/ISignalsAdapter.cs -- adapter for runtime signals
  • HybridQueryOptions: src/__Libraries/StellaOps.Reachability.Core/HybridQueryOptions.cs -- query options for hybrid analysis
  • Symbol infrastructure: src/__Libraries/StellaOps.Reachability.Core/Symbols/ -- SymbolCanonicalizer, SymbolMatcher, normalizers (DotNet, Java, Native, Script)
  • Tests: src/__Libraries/__Tests/StellaOps.Reachability.Core.Tests/
  • Source: Feature matrix scan

E2E Test Plan

  • Verify static reachability query (Layer 1-3) returns call graph path evidence
  • Test runtime reachability query correlates observed execution with observation window
  • Verify hybrid query combines static and runtime into lattice state with confidence
  • Test multi-layer analysis transitions correctly through lattice states
  • Verify batch query for CVE vulnerability analysis returns results for all symbols
  • Test symbol canonicalization across languages (Java, .NET, native, script)