stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity
Files
9e6d9fbae87f4d2c2ea0d8088431040051cca0a5
git.stella-ops.org/docs/modules/scanner/operations/entrypoint-lang-dotnet.md
master e8537460a3 feat(docs): Add comprehensive documentation for Vexer, Vulnerability Explorer, and Zastava modules 
- Introduced AGENTS.md, README.md, TASKS.md, and implementation_plan.md for Vexer, detailing mission, responsibilities, key components, and operational notes.
- Established similar documentation structure for Vulnerability Explorer and Zastava modules, including their respective workflows, integrations, and observability notes.
- Created risk scoring profiles documentation outlining the core workflow, factor model, governance, and deliverables.
- Ensured all modules adhere to the Aggregation-Only Contract and maintain determinism and provenance in outputs.
2025-10-30 00:09:39 +02:00

1.5 KiB
Raw Blame History

Entry-Point Runtime — .NET / C#

Signals to gather

  • Framework-dependent: dotnet <app.dll> invocation.
  • Adjacent *.runtimeconfig.json (parse tfm, framework references, roll-forward).
  • Self-contained or single-file apps: ELF/PE with DOTNET_BUNDLE, System.Private.CoreLib, or coreclr markers.
  • ASP.NET hints: ASPNETCORE_URLS, appsettings.json, presence of wwwroot.
  • Windows builds: PE with CLI header (managed assembly) or native host embedding a bundle.

Implementation notes

  • Resolve DLL paths relative to the working directory after env expansion.
  • When dotnet is invoked without a DLL, treat as low-confidence and record evidence.
  • For single-file executables, read the first few MB looking for bundle markers rather than full PE/ELF parsing.
  • Capture runtimeconfig metadata when available; store TFM in LanguageHit.MainModule.
  • Treat dotnet exec wrappers the same as dotnet <dll>.

Evidence & scoring

  • Large confidence boost when both host (dotnet) and DLL artefact are present.
  • Add evidence for runtimeconfig parsing ("runtimeconfig TFM=net8.0"), bundle markers, or ASP.NET env vars.
  • Penalise detections lacking artefact confirmation.

Edge cases

  • Native AOT (dotnet publish -p:PublishAot=true) emits native binaries without managed markers—should fall back to C/C++ detector.
  • PowerShell-launched apps: ShellFlow should rewrite before the detector runs.
  • Side-by-side deployment where multiple DLLs exist—prefer the one passed to dotnet or specified via DOTNET_STARTUP_HOOKS.