stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
5593212b414864ab213082c8945a267451b99901
git.stella-ops.org/docs/features/checked/tools/golden-pairs-validation-infrastructure.md

2.3 KiB
Raw Blame History

Golden Pairs Validation Infrastructure

Module

Tools

Status

VERIFIED

Description

Data model for golden pair metadata, binary artifacts, and diff reports used to validate binary diff detection against known-good CVE fix pairs.

Implementation Details

  • Golden Pairs Models: src/Tools/GoldenPairs/Models/ (4 files, ~170 lines) -- GoldenPairMetadata (CVE ID, package name, distro, pre/post versions, binary artifacts with section hashes), GoldenDiffReport (sections, verdict, confidence, discrepancies), SectionHashModels (SectionHashSet, SectionHashEntry with Size), GoldenPairsIndex (version, pairs, summary).
  • Golden Pairs Schema Provider: src/Tools/GoldenPairs/Schema/GoldenPairsSchemaProvider.cs (36 lines) -- lazy-loads JSON schemas for metadata and index validation.
  • Golden Pair Loader: src/Tools/GoldenPairs/Services/GoldenPairLoader.cs (211 lines) -- loads and validates golden pair records with JSON Schema enforcement before deserialization, normalization, and error collection.
  • Serialization: src/Tools/GoldenPairs/Serialization/GoldenPairsJsonSerializer.cs (78 lines) -- DeterministicTypeInfoResolver for alphabetical property ordering, ensuring deterministic output for hash comparison and attestation.
  • Section Hash Provider: src/Tools/GoldenPairs/Services/SectionHashProvider.cs (87 lines) -- deterministic per-section hash computation via IElfSectionHashExtractor, producing ordered SectionHashSet.

E2E Test Plan

  • Load a golden pair record and verify all required fields are populated and valid
  • Validate metadata against schema and verify it passes; corrupt a field and verify validation fails
  • Serialize a golden pair record, deserialize it back, and verify round-trip fidelity
  • Compute section hashes on two separate runs and verify determinism
  • Load a diff report and verify it correctly identifies changed sections
  • Verify schema provider covers metadata and index schemas

Verification

  • Verified: 2026-02-10
  • Method: Tier 1 code review + Tier 2d test verification
  • Build: Passes (0 errors, 0 warnings)
  • Tests: 9 tests pass (shared with Golden Pairs Mirror feature: GoldenPairSchemaTests: 3, GoldenPairLoaderTests: 2, DiffPipelineServiceTests: 2, PackageMirrorServiceTests: 2)