27 lines
1.7 KiB
Markdown
27 lines
1.7 KiB
Markdown
# Exploit Path Grouping Service (Attack Chain Triage)
|
|
|
|
## Module
|
|
Scanner
|
|
|
|
## Status
|
|
IMPLEMENTED
|
|
|
|
## Description
|
|
Groups vulnerability findings into exploit paths based on (artifact, package, vulnerable symbol, entry point) tuples with deterministic SHA-256 path IDs. Correlates reachability evidence, VEX status, and active exceptions per path. Falls back to package-level grouping when no reachability data is available. Sorted by aggregated risk score.
|
|
|
|
## Implementation Details
|
|
- **Core Service**:
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.Triage/Services/IExploitPathGroupingService.cs` - Interface for exploit path grouping
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.Triage/Models/ExploitPath.cs` - Exploit path model with deterministic SHA-256 path IDs
|
|
- **API Integration**:
|
|
- `src/Scanner/StellaOps.Scanner.WebService/Endpoints/Triage/TriageInboxEndpoints.cs` - Triage inbox with exploit path grouping
|
|
- `src/Scanner/StellaOps.Scanner.WebService/Endpoints/Triage/ProofBundleEndpoints.cs` - Proof bundle endpoints including exploit path summaries (`ExploitPathSummary`)
|
|
|
|
## E2E Test Plan
|
|
- [ ] Scan an image with multiple vulnerabilities sharing the same entry point and verify they are grouped into a single exploit path
|
|
- [ ] Verify exploit path IDs are deterministic SHA-256 hashes of (artifact, package, vulnerable symbol, entry point) tuples
|
|
- [ ] Verify each exploit path correlates reachability evidence, VEX status, and active exceptions
|
|
- [ ] Verify fallback to package-level grouping when no reachability data is available
|
|
- [ ] Verify exploit paths are sorted by aggregated risk score (highest first)
|
|
- [ ] Query the triage inbox via API and verify grouped findings are returned
|