stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
49922dff5ad4435420dac177e832ba4290ceaea9
git.stella-ops.org/docs/schemas/php-analyzer-bootstrap.schema.json
StellaOps Bot 8768c27f30
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Signals DSSE Sign & Evidence Locker / sign-signals-artifacts (push) Has been cancelled
Details
Signals DSSE Sign & Evidence Locker / verify-signatures (push) Has been cancelled
Details
Add signal contracts for reachability, exploitability, trust, and unknown symbols 
- Introduced `ReachabilityState`, `RuntimeHit`, `ExploitabilitySignal`, `ReachabilitySignal`, `SignalEnvelope`, `SignalType`, `TrustSignal`, and `UnknownSymbolSignal` records to define various signal types and their properties.
- Implemented JSON serialization attributes for proper data interchange.
- Created project files for the new signal contracts library and corresponding test projects.
- Added deterministic test fixtures for micro-interaction testing.
- Included cryptographic keys for secure operations with cosign.
2025-12-05 00:27:00 +02:00

966 lines
26 KiB
JSON
Raw Blame History

{
"$id": "https://stella.ops/schema/php-analyzer-bootstrap.json",
"$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "PhpAnalyzerBootstrap",
"description": "PHP Language Analyzer bootstrap specification for composer-based projects with autoload graph analysis",
"type": "object",
"oneOf": [
{ "$ref": "#/$defs/PluginManifest" },
{ "$ref": "#/$defs/AnalyzerConfig" },
{ "$ref": "#/$defs/AnalysisOutput" },
{ "$ref": "#/$defs/CapabilityReport" }
],
"$defs": {
"PluginManifest": {
"type": "object",
"required": ["schemaVersion", "id", "displayName", "version", "entryPoint", "capabilities"],
"description": "Plugin manifest for language analyzer discovery and loading",
"properties": {
"schemaVersion": {
"type": "string",
"const": "1.0",
"description": "Manifest schema version"
},
"id": {
"type": "string",
"pattern": "^stellaops\\.analyzer\\.lang\\.[a-z]+$",
"description": "Unique plugin identifier",
"examples": ["stellaops.analyzer.lang.php"]
},
"displayName": {
"type": "string",
"description": "Human-readable plugin name",
"examples": ["StellaOps PHP Analyzer"]
},
"version": {
"type": "string",
"pattern": "^\\d+\\.\\d+\\.\\d+(-[a-zA-Z0-9]+)?$",
"description": "Semantic version"
},
"requiresRestart": {
"type": "boolean",
"default": true,
"description": "Whether scanner restart is required after plugin load"
},
"entryPoint": {
"$ref": "#/$defs/EntryPoint",
"description": "Plugin entry point configuration"
},
"capabilities": {
"type": "array",
"items": {
"type": "string",
"enum": [
"language-analyzer",
"php",
"composer",
"packagist",
"autoload",
"phar",
"framework-detection",
"extension-scan"
]
},
"minItems": 1,
"description": "Plugin capabilities"
},
"metadata": {
"type": "object",
"properties": {
"org.stellaops.analyzer.language": {
"type": "string",
"const": "php"
},
"org.stellaops.analyzer.kind": {
"type": "string",
"const": "language"
},
"org.stellaops.restart.required": {
"type": "string",
"enum": ["true", "false"]
}
},
"description": "OCI-style metadata labels"
},
"dependencies": {
"type": "array",
"items": {
"$ref": "#/$defs/PluginDependency"
},
"description": "Required plugin dependencies"
}
}
},
"EntryPoint": {
"type": "object",
"required": ["type", "assembly", "typeName"],
"properties": {
"type": {
"type": "string",
"enum": ["dotnet", "native"],
"description": "Entry point type"
},
"assembly": {
"type": "string",
"description": "Assembly filename",
"examples": ["StellaOps.Scanner.Analyzers.Lang.Php.dll"]
},
"typeName": {
"type": "string",
"description": "Fully qualified type name",
"examples": ["StellaOps.Scanner.Analyzers.Lang.Php.PhpAnalyzerPlugin"]
}
}
},
"PluginDependency": {
"type": "object",
"required": ["pluginId", "versionRange"],
"properties": {
"pluginId": {
"type": "string",
"description": "Dependent plugin identifier"
},
"versionRange": {
"type": "string",
"description": "SemVer version range",
"examples": [">=1.0.0", "^1.0.0", "1.x"]
}
}
},
"AnalyzerConfig": {
"type": "object",
"required": ["configType", "analyzerId"],
"description": "Runtime configuration for PHP analyzer",
"properties": {
"configType": {
"type": "string",
"const": "ANALYZER_CONFIG"
},
"analyzerId": {
"type": "string",
"const": "php"
},
"enabled": {
"type": "boolean",
"default": true,
"description": "Whether analyzer is enabled"
},
"composerDetection": {
"$ref": "#/$defs/ComposerDetectionConfig",
"description": "Composer manifest detection settings"
},
"autoloadAnalysis": {
"$ref": "#/$defs/AutoloadAnalysisConfig",
"description": "Autoload graph analysis settings"
},
"capabilityScanning": {
"$ref": "#/$defs/CapabilityScanConfig",
"description": "Runtime capability scanning settings"
},
"frameworkDetection": {
"$ref": "#/$defs/FrameworkDetectionConfig",
"description": "Framework detection settings"
},
"pharScanning": {
"$ref": "#/$defs/PharScanConfig",
"description": "PHAR archive scanning settings"
},
"extensionScanning": {
"$ref": "#/$defs/ExtensionScanConfig",
"description": "PHP extension detection settings"
},
"timeouts": {
"$ref": "#/$defs/AnalyzerTimeouts",
"description": "Per-phase timeout settings"
}
}
},
"ComposerDetectionConfig": {
"type": "object",
"properties": {
"searchPaths": {
"type": "array",
"items": { "type": "string" },
"default": ["composer.json"],
"description": "Paths to search for composer manifests"
},
"includeLockfile": {
"type": "boolean",
"default": true,
"description": "Parse composer.lock for exact versions"
},
"includeInstalledJson": {
"type": "boolean",
"default": true,
"description": "Parse vendor/composer/installed.json"
},
"ignoreDevDependencies": {
"type": "boolean",
"default": false,
"description": "Skip require-dev packages"
},
"trustLockfileVersions": {
"type": "boolean",
"default": true,
"description": "Use lockfile versions as authoritative"
}
}
},
"AutoloadAnalysisConfig": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"default": true,
"description": "Enable autoload graph analysis"
},
"includePsr0": {
"type": "boolean",
"default": true,
"description": "Analyze PSR-0 autoload mappings"
},
"includePsr4": {
"type": "boolean",
"default": true,
"description": "Analyze PSR-4 autoload mappings"
},
"includeClassmap": {
"type": "boolean",
"default": true,
"description": "Analyze classmap autoloading"
},
"includeFiles": {
"type": "boolean",
"default": true,
"description": "Analyze files autoloading"
},
"maxDepth": {
"type": "integer",
"minimum": 1,
"maximum": 100,
"default": 50,
"description": "Maximum autoload resolution depth"
}
}
},
"CapabilityScanConfig": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"default": true,
"description": "Enable capability scanning"
},
"detectFileOperations": {
"type": "boolean",
"default": true,
"description": "Detect file I/O capabilities"
},
"detectNetworkOperations": {
"type": "boolean",
"default": true,
"description": "Detect network capabilities"
},
"detectProcessOperations": {
"type": "boolean",
"default": true,
"description": "Detect process execution capabilities"
},
"detectCryptoOperations": {
"type": "boolean",
"default": true,
"description": "Detect cryptographic operations"
},
"maxFilesToScan": {
"type": "integer",
"minimum": 1,
"default": 10000,
"description": "Maximum PHP files to scan"
}
}
},
"FrameworkDetectionConfig": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"default": true,
"description": "Enable framework detection"
},
"frameworks": {
"type": "array",
"items": {
"type": "string",
"enum": [
"laravel",
"symfony",
"wordpress",
"drupal",
"magento",
"yii",
"codeigniter",
"cakephp",
"slim",
"lumen",
"zend",
"laminas"
]
},
"default": ["laravel", "symfony", "wordpress", "drupal"],
"description": "Frameworks to detect"
},
"detectPlugins": {
"type": "boolean",
"default": true,
"description": "Detect framework plugins/bundles"
}
}
},
"PharScanConfig": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"default": true,
"description": "Enable PHAR archive scanning"
},
"extractContents": {
"type": "boolean",
"default": true,
"description": "Extract and analyze PHAR contents"
},
"verifySignatures": {
"type": "boolean",
"default": true,
"description": "Verify PHAR signatures"
},
"maxPharSize": {
"type": "integer",
"minimum": 1,
"default": 104857600,
"description": "Maximum PHAR size to process (bytes)"
}
}
},
"ExtensionScanConfig": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"default": true,
"description": "Enable extension scanning"
},
"checkPhpIni": {
"type": "boolean",
"default": true,
"description": "Parse php.ini for extensions"
},
"checkDockerConfig": {
"type": "boolean",
"default": true,
"description": "Parse Dockerfile for php-ext-install"
},
"requiredExtensions": {
"type": "array",
"items": { "type": "string" },
"description": "Extensions to verify presence"
}
}
},
"AnalyzerTimeouts": {
"type": "object",
"properties": {
"composerParseMs": {
"type": "integer",
"minimum": 100,
"default": 5000,
"description": "Composer manifest parse timeout"
},
"autoloadAnalysisMs": {
"type": "integer",
"minimum": 100,
"default": 30000,
"description": "Autoload graph analysis timeout"
},
"capabilityScanMs": {
"type": "integer",
"minimum": 100,
"default": 60000,
"description": "Capability scan timeout"
},
"totalAnalysisMs": {
"type": "integer",
"minimum": 1000,
"default": 300000,
"description": "Total analysis timeout"
}
}
},
"AnalysisOutput": {
"type": "object",
"required": ["outputType", "analyzerId", "completedAt", "packages"],
"description": "PHP analyzer output with discovered packages",
"properties": {
"outputType": {
"type": "string",
"const": "ANALYSIS_OUTPUT"
},
"analyzerId": {
"type": "string",
"const": "php"
},
"completedAt": {
"type": "string",
"format": "date-time",
"description": "Analysis completion timestamp"
},
"durationMs": {
"type": "integer",
"minimum": 0,
"description": "Analysis duration in milliseconds"
},
"projectMetadata": {
"$ref": "#/$defs/PhpProjectMetadata",
"description": "Detected project metadata"
},
"packages": {
"type": "array",
"items": {
"$ref": "#/$defs/PhpPackage"
},
"description": "Discovered packages"
},
"autoloadGraph": {
"$ref": "#/$defs/AutoloadGraph",
"description": "Autoload dependency graph"
},
"capabilities": {
"$ref": "#/$defs/CapabilityReport",
"description": "Detected runtime capabilities"
},
"warnings": {
"type": "array",
"items": {
"$ref": "#/$defs/AnalysisWarning"
},
"description": "Non-fatal warnings during analysis"
}
}
},
"PhpProjectMetadata": {
"type": "object",
"properties": {
"name": {
"type": "string",
"description": "Project name from composer.json"
},
"description": {
"type": "string",
"description": "Project description"
},
"phpVersion": {
"type": "string",
"description": "Required PHP version constraint"
},
"type": {
"type": "string",
"enum": ["project", "library", "metapackage", "composer-plugin"],
"description": "Composer package type"
},
"license": {
"type": "string",
"description": "License identifier"
},
"framework": {
"type": "string",
"description": "Detected framework"
},
"frameworkVersion": {
"type": "string",
"description": "Detected framework version"
}
}
},
"PhpPackage": {
"type": "object",
"required": ["name", "version", "purl"],
"properties": {
"name": {
"type": "string",
"description": "Package name (vendor/package format)"
},
"version": {
"type": "string",
"description": "Installed version"
},
"purl": {
"type": "string",
"pattern": "^pkg:composer/",
"description": "Package URL",
"examples": ["pkg:composer/symfony/http-foundation@6.4.0"]
},
"componentKey": {
"type": "string",
"description": "Stable component identifier for ordering"
},
"isDev": {
"type": "boolean",
"default": false,
"description": "Whether package is a dev dependency"
},
"source": {
"type": "string",
"enum": ["lockfile", "installed.json", "manifest", "inferred"],
"description": "How package was discovered"
},
"installPath": {
"type": "string",
"description": "Relative installation path"
},
"autoloadType": {
"type": "string",
"enum": ["psr-0", "psr-4", "classmap", "files"],
"description": "Primary autoload type"
},
"license": {
"type": "string",
"description": "Package license"
},
"homepage": {
"type": "string",
"format": "uri",
"description": "Package homepage"
},
"sourceRef": {
"$ref": "#/$defs/SourceReference",
"description": "VCS source reference"
},
"distRef": {
"$ref": "#/$defs/DistReference",
"description": "Distribution reference"
}
}
},
"SourceReference": {
"type": "object",
"properties": {
"type": {
"type": "string",
"enum": ["git", "svn", "hg"],
"description": "VCS type"
},
"url": {
"type": "string",
"format": "uri",
"description": "Repository URL"
},
"reference": {
"type": "string",
"description": "Commit/tag reference"
}
}
},
"DistReference": {
"type": "object",
"properties": {
"type": {
"type": "string",
"enum": ["zip", "tar", "gzip"],
"description": "Distribution type"
},
"url": {
"type": "string",
"format": "uri",
"description": "Distribution URL"
},
"shasum": {
"type": "string",
"description": "Distribution checksum"
}
}
},
"AutoloadGraph": {
"type": "object",
"properties": {
"nodes": {
"type": "array",
"items": {
"$ref": "#/$defs/AutoloadNode"
},
"description": "Autoload graph nodes"
},
"edges": {
"type": "array",
"items": {
"$ref": "#/$defs/AutoloadEdge"
},
"description": "Autoload graph edges"
},
"entryPoints": {
"type": "array",
"items": {
"type": "string"
},
"description": "Application entry points"
}
}
},
"AutoloadNode": {
"type": "object",
"required": ["id", "type"],
"properties": {
"id": {
"type": "string",
"description": "Node identifier (namespace or file path)"
},
"type": {
"type": "string",
"enum": ["namespace", "class", "file", "package"],
"description": "Node type"
},
"package": {
"type": "string",
"description": "Owning package"
}
}
},
"AutoloadEdge": {
"type": "object",
"required": ["from", "to", "edgeType"],
"properties": {
"from": {
"type": "string",
"description": "Source node ID"
},
"to": {
"type": "string",
"description": "Target node ID"
},
"edgeType": {
"type": "string",
"enum": ["autoloads", "includes", "requires", "uses"],
"description": "Edge relationship type"
}
}
},
"CapabilityReport": {
"type": "object",
"properties": {
"reportType": {
"type": "string",
"const": "CAPABILITY_REPORT"
},
"fileOperations": {
"$ref": "#/$defs/FileCapabilities"
},
"networkOperations": {
"$ref": "#/$defs/NetworkCapabilities"
},
"processOperations": {
"$ref": "#/$defs/ProcessCapabilities"
},
"cryptoOperations": {
"$ref": "#/$defs/CryptoCapabilities"
},
"extensions": {
"$ref": "#/$defs/ExtensionCapabilities"
},
"pharArchives": {
"type": "array",
"items": {
"$ref": "#/$defs/PharInfo"
},
"description": "Detected PHAR archives"
},
"evidences": {
"type": "array",
"items": {
"$ref": "#/$defs/CapabilityEvidence"
},
"description": "Evidence supporting capability detection"
}
}
},
"FileCapabilities": {
"type": "object",
"properties": {
"detected": {
"type": "boolean"
},
"reads": {
"type": "boolean"
},
"writes": {
"type": "boolean"
},
"deletes": {
"type": "boolean"
},
"executes": {
"type": "boolean"
},
"tempFiles": {
"type": "boolean"
},
"uploads": {
"type": "boolean"
}
}
},
"NetworkCapabilities": {
"type": "object",
"properties": {
"detected": {
"type": "boolean"
},
"httpClient": {
"type": "boolean"
},
"sockets": {
"type": "boolean"
},
"curl": {
"type": "boolean"
},
"dnsLookup": {
"type": "boolean"
},
"smtp": {
"type": "boolean"
}
}
},
"ProcessCapabilities": {
"type": "object",
"properties": {
"detected": {
"type": "boolean"
},
"exec": {
"type": "boolean"
},
"shell_exec": {
"type": "boolean"
},
"system": {
"type": "boolean"
},
"passthru": {
"type": "boolean"
},
"proc_open": {
"type": "boolean"
},
"backticks": {
"type": "boolean"
}
}
},
"CryptoCapabilities": {
"type": "object",
"properties": {
"detected": {
"type": "boolean"
},
"openssl": {
"type": "boolean"
},
"sodium": {
"type": "boolean"
},
"mcrypt": {
"type": "boolean"
},
"hash": {
"type": "boolean"
},
"password_hash": {
"type": "boolean"
}
}
},
"ExtensionCapabilities": {
"type": "object",
"properties": {
"required": {
"type": "array",
"items": { "type": "string" },
"description": "Required PHP extensions"
},
"suggested": {
"type": "array",
"items": { "type": "string" },
"description": "Suggested PHP extensions"
},
"detected": {
"type": "array",
"items": { "type": "string" },
"description": "Extensions detected in code"
}
}
},
"PharInfo": {
"type": "object",
"required": ["path"],
"properties": {
"path": {
"type": "string",
"description": "PHAR file path"
},
"alias": {
"type": "string",
"description": "PHAR alias"
},
"signatureType": {
"type": "string",
"enum": ["md5", "sha1", "sha256", "sha512", "openssl", "none"],
"description": "Signature algorithm"
},
"signatureValid": {
"type": "boolean",
"description": "Signature verification result"
},
"fileCount": {
"type": "integer",
"description": "Number of files in archive"
},
"uncompressedSize": {
"type": "integer",
"description": "Uncompressed size in bytes"
}
}
},
"CapabilityEvidence": {
"type": "object",
"required": ["capability", "file", "line"],
"properties": {
"capability": {
"type": "string",
"description": "Capability type"
},
"file": {
"type": "string",
"description": "Source file path"
},
"line": {
"type": "integer",
"description": "Line number"
},
"function": {
"type": "string",
"description": "Function/method name"
},
"snippet": {
"type": "string",
"description": "Code snippet (redacted if sensitive)"
}
}
},
"AnalysisWarning": {
"type": "object",
"required": ["code", "message"],
"properties": {
"code": {
"type": "string",
"examples": [
"COMPOSER_LOCK_MISSING",
"INSTALLED_JSON_MISSING",
"AUTOLOAD_RESOLUTION_FAILED",
"PHAR_SIGNATURE_INVALID",
"TIMEOUT_EXCEEDED"
]
},
"message": {
"type": "string"
},
"file": {
"type": "string"
},
"recoverable": {
"type": "boolean",
"default": true
}
}
}
},
"examples": [
{
"schemaVersion": "1.0",
"id": "stellaops.analyzer.lang.php",
"displayName": "StellaOps PHP Analyzer",
"version": "0.1.0",
"requiresRestart": true,
"entryPoint": {
"type": "dotnet",
"assembly": "StellaOps.Scanner.Analyzers.Lang.Php.dll",
"typeName": "StellaOps.Scanner.Analyzers.Lang.Php.PhpAnalyzerPlugin"
},
"capabilities": [
"language-analyzer",
"php",
"composer",
"packagist",
"autoload",
"framework-detection"
],
"metadata": {
"org.stellaops.analyzer.language": "php",
"org.stellaops.analyzer.kind": "language",
"org.stellaops.restart.required": "true"
}
},
{
"outputType": "ANALYSIS_OUTPUT",
"analyzerId": "php",
"completedAt": "2025-11-21T10:15:00Z",
"durationMs": 2500,
"projectMetadata": {
"name": "acme/webapp",
"phpVersion": "^8.2",
"type": "project",
"framework": "laravel",
"frameworkVersion": "10.0"
},
"packages": [
{
"name": "laravel/framework",
"version": "10.48.0",
"purl": "pkg:composer/laravel/framework@10.48.0",
"componentKey": "laravel/framework@10.48.0",
"isDev": false,
"source": "lockfile",
"autoloadType": "psr-4",
"license": "MIT"
},
{
"name": "symfony/http-foundation",
"version": "6.4.0",
"purl": "pkg:composer/symfony/http-foundation@6.4.0",
"componentKey": "symfony/http-foundation@6.4.0",
"isDev": false,
"source": "lockfile",
"autoloadType": "psr-4",
"license": "MIT"
}
],
"capabilities": {
"fileOperations": {
"detected": true,
"reads": true,
"writes": true,
"uploads": true
},
"networkOperations": {
"detected": true,
"httpClient": true,
"curl": true
},
"extensions": {
"required": ["openssl", "pdo", "mbstring", "tokenizer"],
"detected": ["redis", "imagick"]
}
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink