stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
cf5b72974f923126944f4dcd47e85864ebb31a3b
git.stella-ops.org/docs/features/unchecked/binaryindex/delta-signature-matching-and-patch-coverage-analysis.md

2.3 KiB
Raw Blame History

Delta signature matching and patch coverage analysis

Module

BinaryIndex

Status

IMPLEMENTED

Description

Delta signature matching traces symbol-level changes between vulnerable and fixed builds. PatchCoverageController exposes an API for patch coverage assessment.

Implementation Details

  • Modules: src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.DeltaSig/, src/BinaryIndex/StellaOps.BinaryIndex.WebService/Controllers/
  • Key Classes:
    • DeltaSignatureMatcher (src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.DeltaSig/DeltaSignatureMatcher.cs) - matches delta signatures against target binaries
    • DeltaSignatureGenerator (src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.DeltaSig/DeltaSignatureGenerator.cs) - generates delta signatures from binary pairs
    • DeltaSigService / DeltaSigServiceV2 (src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.DeltaSig/) - service layer for delta signature operations (V2 adds IR diffs)
    • PatchCoverageController (src/BinaryIndex/StellaOps.BinaryIndex.WebService/Controllers/PatchCoverageController.cs) - REST API for patch coverage queries using IDeltaSignatureRepository
    • SymbolChangeTracer (src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.DeltaSig/SymbolChangeTracer.cs) - traces symbol-level changes between builds
    • DeltaScopePolicyGate (src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.DeltaSig/Policy/DeltaScopePolicyGate.cs) - policy gate for delta scope enforcement
  • Interfaces: IDeltaSigService, IDeltaSignatureGenerator, IDeltaSignatureMatcher, ISymbolChangeTracer
  • IR Diff: IrDiffGenerator (src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.DeltaSig/IrDiff/) - generates IR-level diffs between function versions

E2E Test Plan

  • Generate a delta signature from known vulnerable/fixed binary pair and verify signature captures changed functions
  • Match the generated delta signature against a target binary and verify correct patch status detection
  • Query PatchCoverageController API for patch coverage and verify coverage percentage
  • Verify SymbolChangeTracer identifies added, removed, and modified symbols
  • Verify DeltaScopePolicyGate enforces delta scope policies
  • Verify IR-level diff generation captures semantic function changes beyond byte-level diffs