SBOM Bom-Ref Linkage in Binary Function Identity

Module

BinaryIndex

Status

IMPLEMENTED

Description

Extended function identity model (SymbolSignatureV2) with SBOM bom-ref linkage following the format module:bom-ref:offset:canonical-IR-hash. Includes IBomRefResolver interface for resolving binary artifacts to SBOM component references with graceful fallback.

Implementation Details

Modules: src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.DeltaSig/
Key Classes:
- DeltaSigPredicateV2 (src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.DeltaSig/Attestation/DeltaSigPredicateV2.cs) - V2 predicate including SBOM bom-ref linkage in function identity records
- DeltaSigVexBridge (src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.DeltaSig/VexIntegration/DeltaSigVexBridge.cs) - VEX bridge uses symbol provenance (which includes SBOM refs) to enrich VEX observations
- GroundTruthProvenanceResolver (src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.DeltaSig/Provenance/GroundTruthProvenanceResolver.cs) - enriches function matches with SymbolProvenance including source references
- Models.cs (src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.DeltaSig/Models.cs) - SymbolMatchResult with SymbolProvenance property for bom-ref linkage
Interfaces: ISymbolProvenanceResolver (src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.DeltaSig/Provenance/ISymbolProvenanceResolver.cs) - resolves SymbolProvenanceV2 with batch lookup support
Source: SPRINT_20260118_026_BinaryIndex_deltasig_enhancements.md

E2E Test Plan

Resolve a binary function to its SBOM bom-ref via ISymbolProvenanceResolver and verify the linkage format
Verify DeltaSigPredicateV2 includes bom-ref linkage in function identity records
Verify DeltaSigVexBridge includes provenance source from SBOM in VEX observations
Verify batch lookup via BatchLookupAsync resolves multiple symbols efficiently
Verify graceful fallback when SBOM bom-ref is not available (function identity still works without it)

2.0 KiB Raw Blame History