BinaryIndex

Status: Implemented Source: src/BinaryIndex/ Owner: Scanner Guild + Concelier Guild

Purpose

BinaryIndex provides vulnerable binary detection independent of package metadata. It addresses the gap where package version strings can lie (backports, custom builds, stripped metadata) through binary-first vulnerability identification using Build-IDs, hash catalogs, and function fingerprints.

Components

Libraries:

StellaOps.BinaryIndex.Core - Core binary identity extraction and matching engine
StellaOps.BinaryIndex.Corpus - Binary-to-advisory mapping database
StellaOps.BinaryIndex.Corpus.Debian - Debian-specific corpus support
StellaOps.BinaryIndex.Fingerprints - Function fingerprint storage and matching (CFG/basic-block hashes)
StellaOps.BinaryIndex.FixIndex - Patch-aware backport handling
StellaOps.BinaryIndex.Persistence - Storage adapters for binary catalogs

Configuration

Configuration is typically embedded in Scanner and Concelier module settings.

Key features:

Three-tier binary identification (package/version, Build-ID/hash, function fingerprints)
Binary identity extraction (Build-ID, PE CodeView GUID, Mach-O UUID)
Integration with Scanner.Worker for binary lookup
Offline-first design with deterministic outputs

Dependencies

PostgreSQL (integrated with Scanner/Concelier schemas)
Scanner.Analyzers.Native (for binary disassembly/analysis)
Concelier (for advisory-to-binary mapping)

Architecture: ./architecture.md
High-Level Architecture: ../../07_HIGH_LEVEL_ARCHITECTURE.md
Scanner Architecture: ../scanner/architecture.md
Concelier Architecture: ../concelier/architecture.md

Current Status

Library implementation complete with support for ELF (Build-ID), PE (CodeView GUID), and Mach-O (UUID) binary formats. Integrated into Scanner's native binary analysis pipeline.

1.9 KiB Raw Blame History