stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
8e1cb9448d752df07141efe450cf4b9b67fe55d1
git.stella-ops.org/docs/features/checked/binaryindex/sbom-bom-ref-linkage-in-binary-function-identity.md
master e9aeadc040 save checkpoint
2026-02-14 09:11:48 +02:00

28 lines
2.0 KiB
Markdown
Raw Blame History

# SBOM Bom-Ref Linkage in Binary Function Identity
## Module
BinaryIndex
## Status
IMPLEMENTED
## Description
Extended function identity model (SymbolSignatureV2) with SBOM bom-ref linkage following the format `module:bom-ref:offset:canonical-IR-hash`. Includes IBomRefResolver interface for resolving binary artifacts to SBOM component references with graceful fallback.
## Implementation Details
- **Modules**: `src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.DeltaSig/`
- **Key Classes**:
- `DeltaSigPredicateV2` (`src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.DeltaSig/Attestation/DeltaSigPredicateV2.cs`) - V2 predicate including SBOM bom-ref linkage in function identity records
- `DeltaSigVexBridge` (`src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.DeltaSig/VexIntegration/DeltaSigVexBridge.cs`) - VEX bridge uses symbol provenance (which includes SBOM refs) to enrich VEX observations
- `GroundTruthProvenanceResolver` (`src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.DeltaSig/Provenance/GroundTruthProvenanceResolver.cs`) - enriches function matches with `SymbolProvenance` including source references
- `Models.cs` (`src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.DeltaSig/Models.cs`) - `SymbolMatchResult` with `SymbolProvenance` property for bom-ref linkage
- **Interfaces**: `ISymbolProvenanceResolver` (`src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.DeltaSig/Provenance/ISymbolProvenanceResolver.cs`) - resolves `SymbolProvenanceV2` with batch lookup support
- **Source**: SPRINT_20260118_026_BinaryIndex_deltasig_enhancements.md
## E2E Test Plan
- [ ] Resolve a binary function to its SBOM bom-ref via `ISymbolProvenanceResolver` and verify the linkage format
- [ ] Verify `DeltaSigPredicateV2` includes bom-ref linkage in function identity records
- [ ] Verify `DeltaSigVexBridge` includes provenance source from SBOM in VEX observations
- [ ] Verify batch lookup via `BatchLookupAsync` resolves multiple symbols efficiently
- [ ] Verify graceful fallback when SBOM bom-ref is not available (function identity still works without it)
Reference in New Issue View Git Blame Copy Permalink