39 lines
2.9 KiB
Markdown
39 lines
2.9 KiB
Markdown
# Binary Intelligence Graph / Binary Identity Indexing
|
|
|
|
## Module
|
|
BinaryIndex
|
|
|
|
## Status
|
|
PARTIALLY_IMPLEMENTED
|
|
|
|
## Description
|
|
Complete BinaryIndex module with binary identity indexing, ELF feature extraction, vulnerability fingerprint matching, and reachability status tracking. Advisory marked as SUPERSEDED by this implementation.
|
|
|
|
## Implementation Details
|
|
- **Modules**: `src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Core/`, `src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Persistence/`, `src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Analysis/`
|
|
- **Key Classes**:
|
|
- `BinaryIdentityService` (`src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Core/Services/BinaryIdentityService.cs`) - binary identity management
|
|
- `ElfFeatureExtractor` (`src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Core/Services/ElfFeatureExtractor.cs`) - ELF feature extraction
|
|
- `BinaryVulnerabilityService` (`src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Persistence/Services/BinaryVulnerabilityService.cs`) - vulnerability matching with Build-ID catalog lookups
|
|
- `SignatureMatcher` (`src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Analysis/SignatureMatcher.cs`) - signature-based vulnerability fingerprint matching
|
|
- `ReachGraphBinaryReachabilityService` (`src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Analysis/ReachGraphBinaryReachabilityService.cs`) - reachability status tracking
|
|
- **Models**: `BinaryIdentity`, `FixModels` (`src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Core/Models/`)
|
|
- **Persistence**: `IBinaryVulnAssertionRepository`, `IBinaryVulnerabilityService` (`src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Core/Services/`)
|
|
|
|
## E2E Test Plan
|
|
- [ ] Verify end-to-end flow: submit binary, extract identity, index in the graph, and query by Build-ID
|
|
- [ ] Verify vulnerability fingerprint matching via `SignatureMatcher` returns correct match scores
|
|
- [ ] Verify reachability status tracking integrates with ReachGraph
|
|
- [ ] Verify `BinaryVulnerabilityService` correctly maps match methods (buildid_catalog, delta_signature, etc.)
|
|
- [ ] Verify binary identity indexing supports multi-tenant contexts via `ITenantContext`
|
|
|
|
## Verification
|
|
- Run: `docs/qa/feature-checks/runs/binaryindex/binary-intelligence-graph-binary-identity-indexing/run-001/`
|
|
- Date (UTC): 2026-02-11
|
|
- Verdict: `not_implemented`
|
|
|
|
## Missing / Mismatched Behavior
|
|
- Default WebService runtime composition wires `IBinaryVulnerabilityService` to `InMemoryBinaryVulnerabilityService`, so live resolution API behavior does not exercise full persistence-backed vulnerability matching.
|
|
- Analysis service registration defaults to `NullBinaryReachabilityService` unless explicitly overridden, so ReachGraph-backed reachability tracking is not active by default.
|
|
- `BinaryVulnerabilityService` method mapping does not explicitly include `delta_signature` in `MapMethod`, which mismatches the documented match-method coverage claim.
|