stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
822a92faeebbceea6fa005b7eddb7572a8b29b41
git.stella-ops.org/docs/features/checked/scanner/3-bit-reachability-gate.md
master e9aeadc040 save checkpoint
2026-02-14 09:11:48 +02:00

52 lines
3.3 KiB
Markdown
Raw Blame History

# 3-Bit Reachability Gate
## Module
Scanner
## Status
VERIFIED
## Description
Gate-based reachability system with multiple gate detectors (auth, admin-only, feature flags, non-default config), gate multiplier calculator, and rich graph annotation for gate-aware reachability.
## Implementation Details
- **Gate Detectors** (each implements `IGateDetector`):
- `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Gates/Detectors/AuthGateDetector.cs` - Detects authentication gates on paths
- `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Gates/Detectors/AdminOnlyDetector.cs` - Detects admin-only access restrictions
- `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Gates/Detectors/FeatureFlagDetector.cs` - Detects feature flag conditions
- `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Gates/Detectors/NonDefaultConfigDetector.cs` - Detects non-default configuration gates
- `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Gates/Detectors/FileSystemCodeContentProvider.cs` - Provides file system code content for detection
- **Gate Composition & Scoring**:
- `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Gates/CompositeGateDetector.cs` - Combines multiple gate detectors
- `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Gates/GateMultiplierCalculator.cs` - Calculates gate multipliers for risk scoring
- `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Gates/GateModels.cs` - Gate data models
- `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Gates/GatePatterns.cs` - Pattern matching rules for gate detection
- **Rich Graph Annotation**:
- `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Gates/RichGraphGateAnnotator.cs` - Annotates rich graphs with gate information
- `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/RichGraph.cs` - Core rich graph model
- `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/RichGraphWriter.cs` - Writes gate-annotated rich graphs
- **SmartDiff Integration**:
- `src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Detection/ReachabilityGateBridge.cs` - Bridges gate detection into smart diff analysis
- **PR Gate**:
- `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Cache/PrReachabilityGate.cs` - PR-level reachability gate evaluation
## E2E Test Plan
- [ ] Set up a scan target image containing a web application with authenticated routes, admin-only endpoints, feature-flagged code, and non-default config paths
- [ ] Trigger a scan via `POST /api/v1/scans` with reachability analysis enabled
- [ ] Verify each gate detector identifies its respective gate type in the reachability graph via `GET /api/v1/scans/{scanId}/reachability`
- [ ] Verify `GateMultiplierCalculator` reduces risk scores for gated paths (auth-gated vulns score lower than ungated)
- [ ] Verify the rich graph response includes gate annotations on affected nodes and edges
- [ ] Verify SmartDiff output includes gate-aware reachability context via the `ReachabilityGateBridge`
- [ ] Verify PR gate evaluation correctly blocks/allows based on gate-modified reachability status
---
## Verification
| Check | Result |
|-------|--------|
| Tier 0 - Source files exist | PASS |
| Tier 1 - Build + code review | PASS |
| Tier 2 - Integration tests | PASS |
| Verified | 2026-02-13T18:10:00Z |
Reference in New Issue View Git Blame Copy Permalink