stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
29b68f5beee057d465b1454a28d0a2aace2607d7
git.stella-ops.org/docs/features/unimplemented/binaryindex/binary-intelligence-graph-binary-identity-indexing.md
master 5bca406787 save checkpoint: save features
2026-02-12 10:27:23 +02:00

2.9 KiB
Raw Blame History

Binary Intelligence Graph / Binary Identity Indexing

Module

BinaryIndex

Status

PARTIALLY_IMPLEMENTED

Description

Complete BinaryIndex module with binary identity indexing, ELF feature extraction, vulnerability fingerprint matching, and reachability status tracking. Advisory marked as SUPERSEDED by this implementation.

Implementation Details

  • Modules: src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Core/, src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Persistence/, src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Analysis/
  • Key Classes:
    • BinaryIdentityService (src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Core/Services/BinaryIdentityService.cs) - binary identity management
    • ElfFeatureExtractor (src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Core/Services/ElfFeatureExtractor.cs) - ELF feature extraction
    • BinaryVulnerabilityService (src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Persistence/Services/BinaryVulnerabilityService.cs) - vulnerability matching with Build-ID catalog lookups
    • SignatureMatcher (src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Analysis/SignatureMatcher.cs) - signature-based vulnerability fingerprint matching
    • ReachGraphBinaryReachabilityService (src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Analysis/ReachGraphBinaryReachabilityService.cs) - reachability status tracking
  • Models: BinaryIdentity, FixModels (src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Core/Models/)
  • Persistence: IBinaryVulnAssertionRepository, IBinaryVulnerabilityService (src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Core/Services/)

E2E Test Plan

  • Verify end-to-end flow: submit binary, extract identity, index in the graph, and query by Build-ID
  • Verify vulnerability fingerprint matching via SignatureMatcher returns correct match scores
  • Verify reachability status tracking integrates with ReachGraph
  • Verify BinaryVulnerabilityService correctly maps match methods (buildid_catalog, delta_signature, etc.)
  • Verify binary identity indexing supports multi-tenant contexts via ITenantContext

Verification

  • Run: docs/qa/feature-checks/runs/binaryindex/binary-intelligence-graph-binary-identity-indexing/run-001/
  • Date (UTC): 2026-02-11
  • Verdict: not_implemented

Missing / Mismatched Behavior

  • Default WebService runtime composition wires IBinaryVulnerabilityService to InMemoryBinaryVulnerabilityService, so live resolution API behavior does not exercise full persistence-backed vulnerability matching.
  • Analysis service registration defaults to NullBinaryReachabilityService unless explicitly overridden, so ReachGraph-backed reachability tracking is not active by default.
  • BinaryVulnerabilityService method mapping does not explicitly include delta_signature in MapMethod, which mismatches the documented match-method coverage claim.