stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
9b58589ba01342d5df7ab3bbfd7370cc970cdd21
git.stella-ops.org/docs/features/unchecked/scanner/entropy-analysis-for-binaries.md

2.1 KiB
Raw Blame History

Entropy Analysis for Binaries

Module

Scanner

Status

IMPLEMENTED

Description

Shannon entropy analysis pass integrated into the binary scanning pipeline, detecting packed/encrypted/obfuscated sections in ELF and PE binaries to flag suspicious artifacts.

Implementation Details

  • Core Entropy Calculator:
    • src/Scanner/__Libraries/StellaOps.Scanner.Core/Entropy/EntropyCalculator.cs - Shannon entropy calculation
    • src/Scanner/__Libraries/StellaOps.Scanner.Core/Entropy/EntropyReportBuilder.cs - Builds entropy analysis reports
    • src/Scanner/__Libraries/StellaOps.Scanner.Core/Entropy/EntropyReportModels.cs - Report models
  • Worker Stage:
    • src/Scanner/StellaOps.Scanner.Worker/Processing/Entropy/EntropyStageExecutor.cs - Entropy analysis stage in scan pipeline
  • PE Hardening Integration:
    • src/Scanner/StellaOps.Scanner.Analyzers.Native/Hardening/PeHardeningExtractor.cs - PE hardening extraction including entropy analysis
    • src/Scanner/StellaOps.Scanner.Analyzers.Native/Hardening/HardeningFlags.cs - Hardening flags model
  • API Contracts:
    • src/Scanner/StellaOps.Scanner.WebService/Contracts/EntropyContracts.cs - Entropy analysis API contracts
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/ScanEndpoints.cs - Exposes entropy data in scan results
  • Secrets Detection Integration:
    • src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Secrets/Detectors/EntropyCalculator.cs - Entropy calculator for secret detection
    • src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Secrets/Detectors/EntropyDetector.cs - High-entropy string detection for secrets

E2E Test Plan

  • Scan a container image containing packed/UPX-compressed ELF binaries and verify high entropy sections are flagged
  • Scan an image with standard (non-packed) binaries and verify entropy values are within normal range
  • Verify PE binary analysis includes entropy data for each section
  • Verify entropy analysis results appear in scan API response
  • Verify the EntropyStageExecutor runs as part of the scan pipeline
  • Verify entropy-based secret detection flags high-entropy strings as potential secrets