stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
92bc4d3a0703a414969cdcbed3571a0fe382cda7
git.stella-ops.org/docs/schemas/dotnet-il-metadata.schema.json
StellaOps Bot 0de92144d2
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
Findings Ledger CI / build-test (push) Has been cancelled
Details
Findings Ledger CI / migration-validation (push) Has been cancelled
Details
Findings Ledger CI / generate-manifest (push) Has been cancelled
Details
mock-dev-release / package-mock-release (push) Has been cancelled
Details
feat(api): Implement Console Export Client and Models 
- Added ConsoleExportClient for managing export requests and responses.
- Introduced ConsoleExportRequest and ConsoleExportResponse models.
- Implemented methods for creating and retrieving exports with appropriate headers.

feat(crypto): Add Software SM2/SM3 Cryptography Provider

- Implemented SmSoftCryptoProvider for software-only SM2/SM3 cryptography.
- Added support for signing and verification using SM2 algorithm.
- Included hashing functionality with SM3 algorithm.
- Configured options for loading keys from files and environment gate checks.

test(crypto): Add unit tests for SmSoftCryptoProvider

- Created comprehensive tests for signing, verifying, and hashing functionalities.
- Ensured correct behavior for key management and error handling.

feat(api): Enhance Console Export Models

- Expanded ConsoleExport models to include detailed status and event types.
- Added support for various export formats and notification options.

test(time): Implement TimeAnchorPolicyService tests

- Developed tests for TimeAnchorPolicyService to validate time anchors.
- Covered scenarios for anchor validation, drift calculation, and policy enforcement.
2025-12-07 00:27:33 +02:00

1574 lines
39 KiB
JSON
Raw Blame History

{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://stella-ops.org/schemas/dotnet-il-metadata.schema.json",
"title": "StellaOps .NET IL Metadata Extraction Schema",
"description": "Schema for .NET/C# IL metadata extraction, assembly analysis, and entrypoint resolution. Unblocks C#/.NET Analyzer tasks 11-001 through 11-005 (5 tasks).",
"type": "object",
"definitions": {
"DotNetAnalysisConfig": {
"type": "object",
"description": ".NET IL analysis configuration",
"required": ["config_id"],
"properties": {
"config_id": {
"type": "string"
},
"version": {
"type": "string"
},
"target_frameworks": {
"type": "array",
"items": {
"type": "string"
},
"description": "Target framework monikers (e.g., net6.0, net8.0, netstandard2.1)"
},
"assembly_analysis": {
"$ref": "#/definitions/AssemblyAnalysisConfig"
},
"il_analysis": {
"$ref": "#/definitions/ILAnalysisConfig"
},
"reflection_analysis": {
"$ref": "#/definitions/ReflectionAnalysisConfig"
},
"framework_resolvers": {
"type": "array",
"items": {
"$ref": "#/definitions/DotNetFrameworkResolver"
}
},
"attribute_processors": {
"type": "array",
"items": {
"$ref": "#/definitions/AttributeProcessor"
}
},
"dependency_injection": {
"$ref": "#/definitions/DotNetDependencyInjection"
},
"native_interop": {
"$ref": "#/definitions/NativeInteropConfig"
},
"source_generator_support": {
"$ref": "#/definitions/SourceGeneratorConfig"
}
}
},
"AssemblyAnalysisConfig": {
"type": "object",
"description": "Assembly-level analysis configuration",
"properties": {
"enabled": {
"type": "boolean",
"default": true
},
"include_referenced_assemblies": {
"type": "boolean",
"default": true
},
"include_system_assemblies": {
"type": "boolean",
"default": false
},
"assembly_name_patterns": {
"type": "array",
"items": {
"type": "string"
},
"description": "Regex patterns for assemblies to analyze"
},
"exclude_patterns": {
"type": "array",
"items": {
"type": "string"
}
},
"metadata_extraction": {
"$ref": "#/definitions/AssemblyMetadataExtraction"
},
"strong_name_validation": {
"type": "boolean",
"default": false
},
"portable_pdb_support": {
"type": "boolean",
"default": true
}
}
},
"AssemblyMetadataExtraction": {
"type": "object",
"description": "Which assembly metadata to extract",
"properties": {
"extract_version_info": {
"type": "boolean",
"default": true
},
"extract_custom_attributes": {
"type": "boolean",
"default": true
},
"extract_module_refs": {
"type": "boolean",
"default": true
},
"extract_type_refs": {
"type": "boolean",
"default": true
},
"extract_member_refs": {
"type": "boolean",
"default": true
},
"extract_resources": {
"type": "boolean",
"default": false
},
"extract_security_permissions": {
"type": "boolean",
"default": true
}
}
},
"ILAnalysisConfig": {
"type": "object",
"description": "IL (Intermediate Language) analysis configuration",
"properties": {
"enabled": {
"type": "boolean",
"default": true
},
"analyze_method_bodies": {
"type": "boolean",
"default": true
},
"track_call_sites": {
"type": "boolean",
"default": true
},
"track_field_access": {
"type": "boolean",
"default": true
},
"track_object_creation": {
"type": "boolean",
"default": true
},
"opcode_patterns": {
"type": "array",
"items": {
"$ref": "#/definitions/OpcodePattern"
}
},
"call_analysis": {
"$ref": "#/definitions/CallAnalysisConfig"
},
"exception_handling_analysis": {
"type": "boolean",
"default": true
},
"async_await_analysis": {
"$ref": "#/definitions/AsyncAwaitConfig"
},
"linq_analysis": {
"$ref": "#/definitions/LinqAnalysisConfig"
},
"max_method_il_size": {
"type": "integer",
"default": 65535,
"description": "Max IL bytes per method to analyze"
}
}
},
"OpcodePattern": {
"type": "object",
"description": "IL opcode pattern for entrypoint detection",
"required": ["pattern_id", "opcodes"],
"properties": {
"pattern_id": {
"type": "string"
},
"opcodes": {
"type": "array",
"items": {
"type": "string",
"enum": ["call", "callvirt", "calli", "newobj", "newarr", "castclass", "isinst", "ldsfld", "stsfld", "ldfld", "stfld", "ldarg", "starg", "ldloc", "stloc", "ldtoken", "ldftn", "ldvirtftn", "initobj", "box", "unbox"]
}
},
"operand_pattern": {
"type": "string",
"description": "Regex for method/field token"
},
"entry_type": {
"type": "string",
"enum": ["main_entry", "host_entry", "web_entry", "controller_action", "api_endpoint", "grpc_method", "signalr_hub", "minimal_api", "blazor_component", "worker_service", "background_service"]
},
"confidence": {
"type": "number",
"minimum": 0,
"maximum": 1
}
}
},
"CallAnalysisConfig": {
"type": "object",
"description": "Call instruction analysis",
"properties": {
"track_virtual_calls": {
"type": "boolean",
"default": true
},
"track_interface_calls": {
"type": "boolean",
"default": true
},
"track_delegate_invocations": {
"type": "boolean",
"default": true
},
"resolve_generics": {
"type": "boolean",
"default": true
},
"track_extension_methods": {
"type": "boolean",
"default": true
}
}
},
"AsyncAwaitConfig": {
"type": "object",
"description": "async/await state machine analysis",
"properties": {
"enabled": {
"type": "boolean",
"default": true
},
"track_state_machines": {
"type": "boolean",
"default": true
},
"confidence_for_async": {
"type": "number",
"default": 0.85
},
"unwrap_async_enumerables": {
"type": "boolean",
"default": true
}
}
},
"LinqAnalysisConfig": {
"type": "object",
"description": "LINQ expression analysis",
"properties": {
"enabled": {
"type": "boolean",
"default": true
},
"track_expression_trees": {
"type": "boolean",
"default": true
},
"track_query_syntax": {
"type": "boolean",
"default": true
},
"expand_deferred_execution": {
"type": "boolean",
"default": false
}
}
},
"ReflectionAnalysisConfig": {
"type": "object",
"description": "Reflection usage analysis",
"properties": {
"enabled": {
"type": "boolean",
"default": true
},
"confidence_penalty": {
"type": "number",
"default": 0.3
},
"track_type_gettype": {
"type": "boolean",
"default": true
},
"track_assembly_load": {
"type": "boolean",
"default": true
},
"track_activator_createinstance": {
"type": "boolean",
"default": true
},
"track_methodinfo_invoke": {
"type": "boolean",
"default": true
},
"track_dynamic_invoke": {
"type": "boolean",
"default": true
},
"rd_xml_support": {
"type": "boolean",
"default": true,
"description": "Parse rd.xml for NativeAOT reflection hints"
},
"trimming_xml_support": {
"type": "boolean",
"default": true,
"description": "Parse trimming descriptors"
}
}
},
"DotNetFrameworkResolver": {
"type": "object",
"description": ".NET framework-specific entrypoint resolver",
"required": ["framework_id", "name"],
"properties": {
"framework_id": {
"type": "string"
},
"name": {
"type": "string"
},
"nuget_packages": {
"type": "array",
"items": {
"type": "string"
},
"description": "NuGet package IDs that indicate framework"
},
"marker_types": {
"type": "array",
"items": {
"type": "string"
}
},
"marker_attributes": {
"type": "array",
"items": {
"type": "string"
}
},
"entrypoint_rules": {
"type": "array",
"items": {
"$ref": "#/definitions/DotNetEntrypointRule"
}
},
"middleware_chain": {
"$ref": "#/definitions/MiddlewareChainConfig"
},
"routing_analysis": {
"$ref": "#/definitions/RoutingAnalysisConfig"
}
}
},
"DotNetEntrypointRule": {
"type": "object",
"description": "Rule for detecting .NET entrypoints",
"required": ["rule_id", "type"],
"properties": {
"rule_id": {
"type": "string"
},
"type": {
"type": "string",
"enum": ["attribute", "interface", "base_class", "method_signature", "convention", "minimal_api_lambda"]
},
"attribute_fqn": {
"type": "string",
"description": "Fully qualified attribute name"
},
"interface_fqn": {
"type": "string"
},
"base_class_fqn": {
"type": "string"
},
"method_pattern": {
"type": "string"
},
"entry_type": {
"type": "string",
"enum": ["main_entry", "host_entry", "web_entry", "controller_action", "api_endpoint", "grpc_method", "signalr_hub", "minimal_api", "blazor_component", "worker_service", "background_service", "razor_page", "mvc_action", "health_check", "hosted_service"]
},
"metadata_extraction": {
"$ref": "#/definitions/DotNetMetadataExtraction"
},
"confidence": {
"type": "number",
"minimum": 0,
"maximum": 1
}
}
},
"DotNetMetadataExtraction": {
"type": "object",
"description": "Metadata extraction rules for .NET entrypoints",
"properties": {
"http_method_from": {
"type": "string"
},
"route_from": {
"type": "string"
},
"area_from": {
"type": "string"
},
"authorize_from": {
"type": "string"
},
"produces_from": {
"type": "string"
},
"consumes_from": {
"type": "string"
}
}
},
"MiddlewareChainConfig": {
"type": "object",
"description": "Middleware pipeline analysis",
"properties": {
"enabled": {
"type": "boolean",
"default": true
},
"track_use_middleware": {
"type": "boolean",
"default": true
},
"track_map_endpoints": {
"type": "boolean",
"default": true
},
"track_filters": {
"type": "boolean",
"default": true
}
}
},
"RoutingAnalysisConfig": {
"type": "object",
"description": "Route analysis configuration",
"properties": {
"enabled": {
"type": "boolean",
"default": true
},
"analyze_attribute_routing": {
"type": "boolean",
"default": true
},
"analyze_conventional_routing": {
"type": "boolean",
"default": true
},
"analyze_minimal_api_routes": {
"type": "boolean",
"default": true
},
"analyze_area_routes": {
"type": "boolean",
"default": true
}
}
},
"AttributeProcessor": {
"type": "object",
"description": "Attribute-based entrypoint processor",
"required": ["processor_id", "attribute_fqn"],
"properties": {
"processor_id": {
"type": "string"
},
"attribute_fqn": {
"type": "string"
},
"target_types": {
"type": "array",
"items": {
"type": "string",
"enum": ["Assembly", "Module", "Class", "Struct", "Enum", "Constructor", "Method", "Property", "Field", "Event", "Interface", "Parameter", "Delegate", "ReturnValue", "GenericParameter"]
}
},
"entry_type": {
"type": "string"
},
"property_mapping": {
"type": "object",
"additionalProperties": {
"type": "string"
}
},
"confidence": {
"type": "number",
"minimum": 0,
"maximum": 1
}
}
},
"DotNetDependencyInjection": {
"type": "object",
"description": "Dependency injection analysis",
"properties": {
"enabled": {
"type": "boolean",
"default": true
},
"track_service_registration": {
"type": "boolean",
"default": true
},
"track_constructor_injection": {
"type": "boolean",
"default": true
},
"track_property_injection": {
"type": "boolean",
"default": true
},
"supported_containers": {
"type": "array",
"items": {
"type": "string"
},
"default": ["Microsoft.Extensions.DependencyInjection", "Autofac", "Ninject", "SimpleInjector", "Castle.Windsor"]
},
"lifetime_tracking": {
"type": "boolean",
"default": true
}
}
},
"NativeInteropConfig": {
"type": "object",
"description": "Native interop (P/Invoke, COM) analysis",
"properties": {
"enabled": {
"type": "boolean",
"default": true
},
"track_pinvoke": {
"type": "boolean",
"default": true
},
"track_com_interop": {
"type": "boolean",
"default": true
},
"track_marshal_as": {
"type": "boolean",
"default": true
},
"track_unsafe_code": {
"type": "boolean",
"default": true
},
"confidence_for_native": {
"type": "number",
"default": 0.7
}
}
},
"SourceGeneratorConfig": {
"type": "object",
"description": "Source generator output analysis",
"properties": {
"enabled": {
"type": "boolean",
"default": true
},
"known_generators": {
"type": "array",
"items": {
"type": "string"
},
"description": "Known source generator assembly names"
},
"track_generated_types": {
"type": "boolean",
"default": true
},
"generated_file_patterns": {
"type": "array",
"items": {
"type": "string"
},
"default": ["*.g.cs", "*.Generated.cs"]
}
}
},
"ExtractedAssembly": {
"type": "object",
"description": "Extracted assembly metadata",
"required": ["assembly_name", "mvid"],
"properties": {
"assembly_name": {
"type": "string"
},
"full_name": {
"type": "string"
},
"mvid": {
"type": "string",
"format": "uuid",
"description": "Module Version ID"
},
"version": {
"type": "string"
},
"culture": {
"type": "string"
},
"public_key_token": {
"type": "string"
},
"target_framework": {
"type": "string"
},
"runtime_version": {
"type": "string"
},
"architecture": {
"type": "string",
"enum": ["AnyCPU", "x86", "x64", "ARM", "ARM64"]
},
"is_signed": {
"type": "boolean"
},
"entry_point": {
"$ref": "#/definitions/EntryPointInfo"
},
"referenced_assemblies": {
"type": "array",
"items": {
"$ref": "#/definitions/AssemblyReference"
}
},
"custom_attributes": {
"type": "array",
"items": {
"$ref": "#/definitions/ExtractedAttribute"
}
},
"types": {
"type": "array",
"items": {
"$ref": "#/definitions/ExtractedType"
}
},
"resources": {
"type": "array",
"items": {
"$ref": "#/definitions/EmbeddedResource"
}
},
"pdb_info": {
"$ref": "#/definitions/PdbInfo"
}
}
},
"EntryPointInfo": {
"type": "object",
"description": "Assembly entry point (Main method)",
"properties": {
"type_name": {
"type": "string"
},
"method_name": {
"type": "string"
},
"signature": {
"type": "string"
},
"is_async": {
"type": "boolean"
}
}
},
"AssemblyReference": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"version": {
"type": "string"
},
"public_key_token": {
"type": "string"
},
"culture": {
"type": "string"
}
}
},
"ExtractedAttribute": {
"type": "object",
"properties": {
"type_name": {
"type": "string"
},
"constructor_arguments": {
"type": "array",
"items": {}
},
"named_arguments": {
"type": "object",
"additionalProperties": true
}
}
},
"ExtractedType": {
"type": "object",
"description": "Extracted type information",
"required": ["name", "namespace"],
"properties": {
"name": {
"type": "string"
},
"namespace": {
"type": "string"
},
"full_name": {
"type": "string"
},
"kind": {
"type": "string",
"enum": ["Class", "Struct", "Interface", "Enum", "Delegate", "Record"]
},
"visibility": {
"type": "string",
"enum": ["Public", "Internal", "Private", "Protected", "ProtectedInternal", "PrivateProtected"]
},
"is_abstract": {
"type": "boolean"
},
"is_sealed": {
"type": "boolean"
},
"is_static": {
"type": "boolean"
},
"is_generic": {
"type": "boolean"
},
"generic_parameters": {
"type": "array",
"items": {
"type": "string"
}
},
"base_type": {
"type": "string"
},
"interfaces": {
"type": "array",
"items": {
"type": "string"
}
},
"attributes": {
"type": "array",
"items": {
"$ref": "#/definitions/ExtractedAttribute"
}
},
"methods": {
"type": "array",
"items": {
"$ref": "#/definitions/ExtractedMethod"
}
},
"properties": {
"type": "array",
"items": {
"$ref": "#/definitions/ExtractedProperty"
}
},
"fields": {
"type": "array",
"items": {
"$ref": "#/definitions/ExtractedField"
}
},
"events": {
"type": "array",
"items": {
"$ref": "#/definitions/ExtractedEvent"
}
},
"nested_types": {
"type": "array",
"items": {
"type": "string"
}
}
}
},
"ExtractedMethod": {
"type": "object",
"description": "Extracted method information",
"required": ["name", "signature"],
"properties": {
"name": {
"type": "string"
},
"signature": {
"type": "string"
},
"return_type": {
"type": "string"
},
"parameters": {
"type": "array",
"items": {
"$ref": "#/definitions/ExtractedParameter"
}
},
"visibility": {
"type": "string"
},
"is_static": {
"type": "boolean"
},
"is_virtual": {
"type": "boolean"
},
"is_abstract": {
"type": "boolean"
},
"is_override": {
"type": "boolean"
},
"is_async": {
"type": "boolean"
},
"is_extension": {
"type": "boolean"
},
"is_generic": {
"type": "boolean"
},
"generic_parameters": {
"type": "array",
"items": {
"type": "string"
}
},
"attributes": {
"type": "array",
"items": {
"$ref": "#/definitions/ExtractedAttribute"
}
},
"il_size": {
"type": "integer"
},
"max_stack": {
"type": "integer"
},
"locals_count": {
"type": "integer"
},
"call_sites": {
"type": "array",
"items": {
"$ref": "#/definitions/CallSiteInfo"
}
}
}
},
"ExtractedParameter": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"type": {
"type": "string"
},
"index": {
"type": "integer"
},
"is_optional": {
"type": "boolean"
},
"default_value": {},
"is_params": {
"type": "boolean"
},
"is_in": {
"type": "boolean"
},
"is_out": {
"type": "boolean"
},
"is_ref": {
"type": "boolean"
},
"attributes": {
"type": "array",
"items": {
"$ref": "#/definitions/ExtractedAttribute"
}
}
}
},
"ExtractedProperty": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"type": {
"type": "string"
},
"has_getter": {
"type": "boolean"
},
"has_setter": {
"type": "boolean"
},
"is_static": {
"type": "boolean"
},
"visibility": {
"type": "string"
},
"attributes": {
"type": "array",
"items": {
"$ref": "#/definitions/ExtractedAttribute"
}
}
}
},
"ExtractedField": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"type": {
"type": "string"
},
"is_static": {
"type": "boolean"
},
"is_readonly": {
"type": "boolean"
},
"is_const": {
"type": "boolean"
},
"visibility": {
"type": "string"
},
"constant_value": {}
}
},
"ExtractedEvent": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"handler_type": {
"type": "string"
},
"is_static": {
"type": "boolean"
},
"visibility": {
"type": "string"
}
}
},
"CallSiteInfo": {
"type": "object",
"description": "Call site within method body",
"properties": {
"il_offset": {
"type": "integer"
},
"opcode": {
"type": "string",
"enum": ["call", "callvirt", "calli", "newobj"]
},
"target_type": {
"type": "string"
},
"target_method": {
"type": "string"
},
"target_signature": {
"type": "string"
},
"is_virtual": {
"type": "boolean"
}
}
},
"EmbeddedResource": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"size": {
"type": "integer"
},
"type": {
"type": "string",
"enum": ["Embedded", "Linked", "AssemblyLinked"]
}
}
},
"PdbInfo": {
"type": "object",
"description": "PDB (debug symbols) information",
"properties": {
"has_pdb": {
"type": "boolean"
},
"pdb_type": {
"type": "string",
"enum": ["Portable", "Full", "Embedded"]
},
"pdb_path": {
"type": "string"
},
"pdb_guid": {
"type": "string",
"format": "uuid"
},
"checksum_algorithm": {
"type": "string"
},
"checksum": {
"type": "string"
}
}
},
"ResolvedDotNetEntrypoint": {
"type": "object",
"description": "Resolved .NET entrypoint",
"required": ["entry_id", "type_name", "method_signature", "entry_type"],
"properties": {
"entry_id": {
"type": "string"
},
"assembly_name": {
"type": "string"
},
"type_name": {
"type": "string",
"description": "Fully qualified type name"
},
"method_name": {
"type": "string"
},
"method_signature": {
"type": "string",
"description": "Full method signature"
},
"entry_type": {
"type": "string",
"enum": ["main_entry", "host_entry", "web_entry", "controller_action", "api_endpoint", "grpc_method", "signalr_hub", "minimal_api", "blazor_component", "worker_service", "background_service", "razor_page", "mvc_action", "health_check", "hosted_service", "test_method"]
},
"source_location": {
"$ref": "#/definitions/DotNetSourceLocation"
},
"il_location": {
"$ref": "#/definitions/ILLocation"
},
"confidence": {
"type": "number",
"minimum": 0,
"maximum": 1
},
"resolution_rules": {
"type": "array",
"items": {
"type": "string"
}
},
"framework": {
"type": "string"
},
"http_metadata": {
"$ref": "#/definitions/DotNetHttpMetadata"
},
"parameters": {
"type": "array",
"items": {
"$ref": "#/definitions/DotNetParameter"
}
},
"return_type": {
"type": "string"
},
"is_async": {
"type": "boolean"
},
"attributes": {
"type": "array",
"items": {
"$ref": "#/definitions/ExtractedAttribute"
}
},
"symbol_id": {
"type": "string",
"pattern": "^sym:dotnet:[A-Za-z0-9_-]+$",
"description": "RichGraph SymbolID"
},
"code_id": {
"type": "string",
"pattern": "^code:dotnet:[A-Za-z0-9_-]+$",
"description": "RichGraph CodeID (for obfuscated assemblies)"
},
"taint_sources": {
"type": "array",
"items": {
"$ref": "#/definitions/DotNetTaintSource"
}
}
}
},
"DotNetSourceLocation": {
"type": "object",
"properties": {
"file_path": {
"type": "string"
},
"line_start": {
"type": "integer"
},
"line_end": {
"type": "integer"
},
"column_start": {
"type": "integer"
},
"column_end": {
"type": "integer"
},
"project_path": {
"type": "string"
}
}
},
"ILLocation": {
"type": "object",
"properties": {
"assembly_path": {
"type": "string"
},
"module_name": {
"type": "string"
},
"metadata_token": {
"type": "integer"
},
"il_offset": {
"type": "integer"
},
"mvid": {
"type": "string",
"format": "uuid"
}
}
},
"DotNetHttpMetadata": {
"type": "object",
"properties": {
"method": {
"type": "string",
"enum": ["GET", "POST", "PUT", "PATCH", "DELETE", "HEAD", "OPTIONS"]
},
"route_template": {
"type": "string"
},
"route_constraints": {
"type": "object",
"additionalProperties": {
"type": "string"
}
},
"area": {
"type": "string"
},
"consumes": {
"type": "array",
"items": {
"type": "string"
}
},
"produces": {
"type": "array",
"items": {
"type": "string"
}
},
"produces_response_type": {
"type": "array",
"items": {
"$ref": "#/definitions/ProducesResponseType"
}
},
"authorization": {
"$ref": "#/definitions/DotNetAuthorization"
},
"api_version": {
"type": "string"
},
"cors_policy": {
"type": "string"
}
}
},
"ProducesResponseType": {
"type": "object",
"properties": {
"status_code": {
"type": "integer"
},
"type": {
"type": "string"
},
"content_type": {
"type": "string"
}
}
},
"DotNetAuthorization": {
"type": "object",
"properties": {
"is_authenticated": {
"type": "boolean"
},
"policy": {
"type": "string"
},
"roles": {
"type": "array",
"items": {
"type": "string"
}
},
"schemes": {
"type": "array",
"items": {
"type": "string"
}
},
"allow_anonymous": {
"type": "boolean"
}
}
},
"DotNetParameter": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"type": {
"type": "string"
},
"source": {
"type": "string",
"enum": ["Route", "Query", "Header", "Body", "Form", "Services", "ModelBinder"]
},
"is_required": {
"type": "boolean"
},
"default_value": {},
"validation_attributes": {
"type": "array",
"items": {
"type": "string"
}
},
"is_taint_source": {
"type": "boolean"
}
}
},
"DotNetTaintSource": {
"type": "object",
"properties": {
"parameter_name": {
"type": "string"
},
"parameter_index": {
"type": "integer"
},
"taint_type": {
"type": "string",
"enum": ["user_input", "file_input", "network_input", "database_input", "environment", "configuration"]
},
"sanitization_required": {
"type": "array",
"items": {
"type": "string"
}
}
}
},
"DotNetAnalysisReport": {
"type": "object",
"description": ".NET IL analysis report",
"required": ["report_id", "scan_id", "assemblies", "entrypoints"],
"properties": {
"report_id": {
"type": "string",
"format": "uuid"
},
"scan_id": {
"type": "string"
},
"generated_at": {
"type": "string",
"format": "date-time"
},
"config_used": {
"type": "string"
},
"runtime_version": {
"type": "string"
},
"assemblies": {
"type": "array",
"items": {
"$ref": "#/definitions/ExtractedAssembly"
}
},
"entrypoints": {
"type": "array",
"items": {
"$ref": "#/definitions/ResolvedDotNetEntrypoint"
}
},
"frameworks_detected": {
"type": "array",
"items": {
"$ref": "#/definitions/DetectedDotNetFramework"
}
},
"statistics": {
"$ref": "#/definitions/DotNetAnalysisStatistics"
},
"analysis_warnings": {
"type": "array",
"items": {
"type": "string"
}
},
"analysis_duration_ms": {
"type": "integer"
},
"digest": {
"type": "string",
"pattern": "^sha256:[a-f0-9]{64}$"
}
}
},
"DetectedDotNetFramework": {
"type": "object",
"properties": {
"framework_id": {
"type": "string"
},
"name": {
"type": "string"
},
"version": {
"type": "string"
},
"nuget_packages": {
"type": "array",
"items": {
"type": "string"
}
},
"confidence": {
"type": "number",
"minimum": 0,
"maximum": 1
}
}
},
"DotNetAnalysisStatistics": {
"type": "object",
"properties": {
"total_assemblies": {
"type": "integer"
},
"total_types": {
"type": "integer"
},
"total_methods": {
"type": "integer"
},
"total_entrypoints": {
"type": "integer"
},
"by_entry_type": {
"type": "object",
"additionalProperties": {
"type": "integer"
}
},
"by_framework": {
"type": "object",
"additionalProperties": {
"type": "integer"
}
},
"by_confidence": {
"type": "object",
"properties": {
"high": {
"type": "integer"
},
"medium": {
"type": "integer"
},
"low": {
"type": "integer"
}
}
},
"reflection_usages": {
"type": "integer"
},
"async_methods": {
"type": "integer"
},
"native_interop_calls": {
"type": "integer"
},
"taint_sources_identified": {
"type": "integer"
}
}
}
},
"properties": {
"configs": {
"type": "array",
"items": {
"$ref": "#/definitions/DotNetAnalysisConfig"
}
},
"reports": {
"type": "array",
"items": {
"$ref": "#/definitions/DotNetAnalysisReport"
}
}
},
"examples": [
{
"configs": [
{
"config_id": "aspnet-core-analyzer",
"version": "1.0.0",
"target_frameworks": ["net6.0", "net7.0", "net8.0"],
"assembly_analysis": {
"enabled": true,
"include_referenced_assemblies": true,
"include_system_assemblies": false,
"portable_pdb_support": true
},
"il_analysis": {
"enabled": true,
"analyze_method_bodies": true,
"track_call_sites": true,
"async_await_analysis": {
"enabled": true,
"track_state_machines": true
},
"linq_analysis": {
"enabled": true,
"track_expression_trees": true
}
},
"reflection_analysis": {
"enabled": true,
"confidence_penalty": 0.3,
"track_type_gettype": true,
"track_activator_createinstance": true
},
"framework_resolvers": [
{
"framework_id": "aspnet-core",
"name": "ASP.NET Core",
"nuget_packages": ["Microsoft.AspNetCore.App"],
"marker_types": ["Microsoft.AspNetCore.Builder.WebApplication"],
"entrypoint_rules": [
{
"rule_id": "http-get",
"type": "attribute",
"attribute_fqn": "Microsoft.AspNetCore.Mvc.HttpGetAttribute",
"entry_type": "api_endpoint",
"metadata_extraction": {
"http_method_from": "GET",
"route_from": "Template"
},
"confidence": 0.98
},
{
"rule_id": "http-post",
"type": "attribute",
"attribute_fqn": "Microsoft.AspNetCore.Mvc.HttpPostAttribute",
"entry_type": "api_endpoint",
"confidence": 0.98
},
{
"rule_id": "controller-base",
"type": "base_class",
"base_class_fqn": "Microsoft.AspNetCore.Mvc.ControllerBase",
"entry_type": "controller_action",
"confidence": 0.9
},
{
"rule_id": "minimal-api-mapget",
"type": "minimal_api_lambda",
"method_pattern": "MapGet|MapPost|MapPut|MapDelete",
"entry_type": "minimal_api",
"confidence": 0.95
}
],
"middleware_chain": {
"enabled": true,
"track_use_middleware": true,
"track_map_endpoints": true
},
"routing_analysis": {
"enabled": true,
"analyze_attribute_routing": true,
"analyze_minimal_api_routes": true
}
}
],
"dependency_injection": {
"enabled": true,
"track_service_registration": true,
"supported_containers": ["Microsoft.Extensions.DependencyInjection"]
}
}
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink