3.9 KiB
3.9 KiB
Symbol Mappers for .NET/JVM/Node/Python
Module
Scanner
Status
IMPLEMENTED
Description
Symbol mapping with sink matchers and entrypoint classifiers exists for Java, Python, JavaScript, and Node ecosystems.
Implementation Details
- Java Symbol Mapping:
src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Java/JavaCallGraphExtractor.cs-JavaCallGraphExtractorbuilding call graphs from Java bytecodesrc/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Java/JavaSinkMatcher.cs-JavaSinkMatchermatching Java methods against known vulnerability sinks (e.g., SQL injection, command injection, deserialization)src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Java/JavaEntrypointClassifier.cs-JavaEntrypointClassifierclassifying Java entrypoints (Spring Controllers, Servlets, main methods)
- Python Symbol Mapping:
src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Python/PythonCallGraphExtractor.cs-PythonCallGraphExtractorbuilding call graphs from Python ASTsrc/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Python/PythonSinkMatcher.cs-PythonSinkMatchermatching Python functions against known vulnerability sinkssrc/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Python/PythonEntrypointClassifier.cs-PythonEntrypointClassifierclassifying Python entrypoints (Flask routes, Django views, CLI entry)
- JavaScript Symbol Mapping:
src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/JavaScript/JavaScriptCallGraphExtractor.cs-JavaScriptCallGraphExtractorbuilding call graphs from JavaScript/TypeScriptsrc/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/JavaScript/JsSinkMatcher.cs-JsSinkMatchermatching JS functions against known vulnerability sinkssrc/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/JavaScript/JsEntrypointClassifier.cs-JsEntrypointClassifierclassifying JavaScript entrypoints (Express routes, event handlers)
- .NET Symbol Mapping:
src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/DotNet/DotNetCallGraphExtractor.cs-DotNetCallGraphExtractorbuilding call graphs from .NET assemblies
- PHP Symbol Mapping:
src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Php/PhpCallGraphExtractor.cs-PhpCallGraphExtractorbuilding call graphs from PHPsrc/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Php/PhpSinkMatcher.cs-PhpSinkMatchermatching PHP functions against vulnerability sinkssrc/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Php/PhpEntrypointClassifier.cs-PhpEntrypointClassifierclassifying PHP entrypoints
- Ruby Symbol Mapping:
src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Ruby/RubyCallGraphExtractor.cs-RubyCallGraphExtractorbuilding call graphs from Rubysrc/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Ruby/RubySinkMatcher.cs-RubySinkMatchermatching Ruby methods against vulnerability sinkssrc/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Ruby/RubyEntrypointClassifier.cs-RubyEntrypointClassifierclassifying Ruby entrypoints (Rails controllers, Rack apps)
E2E Test Plan
- Extract a Java call graph and verify
JavaSinkMatchercorrectly identifies SQL injection sinks (e.g.,Statement.executeQuery) - Verify
JavaEntrypointClassifiercorrectly classifies Spring@RequestMappingmethods as HTTP entrypoints - Extract a Python call graph and verify
PythonSinkMatcheridentifies dangerous function calls (e.g.,eval,subprocess.call) - Verify
JsSinkMatcheridentifies Node.js sinks likechild_process.execandeval - Verify
.NETcall graph extraction handles both framework-dependent and self-contained applications - Verify all sink matchers and entrypoint classifiers produce deterministic results for the same input