26 lines
2.4 KiB
Markdown
26 lines
2.4 KiB
Markdown
# Golden Pairs Validation Infrastructure
|
|
|
|
## Module
|
|
Tools
|
|
|
|
## Status
|
|
IMPLEMENTED
|
|
|
|
## Description
|
|
Data model for golden pair metadata, binary artifacts, and diff reports used to validate binary diff detection against known-good CVE fix pairs.
|
|
|
|
## Implementation Details
|
|
- **Golden Pairs Models**: `src/Tools/GoldenPairs/StellaOps.Tools.GoldenPairs/Models/` -- data models defining golden pair records (CVE ID, package name, distro, pre/post versions), binary artifact metadata (section hashes, file sizes, architectures), and diff report structures (changed sections, confidence scores).
|
|
- **Golden Pairs Schema Provider**: `src/Tools/GoldenPairs/StellaOps.Tools.GoldenPairs/Schema/GoldenPairsSchemaProvider.cs` -- provides JSON schema definitions for validating golden pair metadata files, diff reports, and mirror source configurations.
|
|
- **Golden Pair Loader**: `src/Tools/GoldenPairs/StellaOps.Tools.GoldenPairs/Services/GoldenPairLoader.cs` -- loads and validates golden pair records from the local file store, resolving binary artifact paths and associated diff reports.
|
|
- **Serialization**: `src/Tools/GoldenPairs/StellaOps.Tools.GoldenPairs/Serialization/` -- canonical JSON serialization for golden pair data ensuring deterministic output for hash comparison and attestation purposes.
|
|
- **Section Hash Provider**: `src/Tools/GoldenPairs/StellaOps.Tools.GoldenPairs/Services/SectionHashProvider.cs` -- computes deterministic per-section hashes for binary artifacts, enabling reproducible diff comparisons across environments.
|
|
|
|
## E2E Test Plan
|
|
- [ ] Load a golden pair record via `GoldenPairLoader` and verify all required fields (CVE ID, package name, pre/post versions, distro) are populated and valid
|
|
- [ ] Validate a golden pair metadata file against the schema from `GoldenPairsSchemaProvider` and verify it passes; then corrupt a required field and verify validation fails
|
|
- [ ] Serialize a golden pair record via the canonical serializer, deserialize it back, and verify round-trip fidelity (all fields match, no data loss)
|
|
- [ ] Compute section hashes for a binary artifact using `SectionHashProvider` on two separate runs and verify the hashes are identical (determinism check)
|
|
- [ ] Load a diff report for a known CVE fix pair and verify it correctly identifies which binary sections changed between pre-patch and post-patch versions
|
|
- [ ] Verify the schema provider covers all model types: golden pair records, diff reports, and mirror source configurations
|