1.9 KiB
1.9 KiB
Feature Flag Gate Conditions in Reachability Verdicts
Module
Scanner
Status
IMPLEMENTED
Description
Detects feature flag gates on reachability paths and marks paths as "conditionally reachable" with specific flag name/condition requirements. Gated paths receive 0.5x confidence multiplier.
Implementation Details
- Feature Flag Detector:
src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Gates/Detectors/FeatureFlagDetector.cs- Detects feature flag conditions on reachability pathssrc/Scanner/__Libraries/StellaOps.Scanner.Reachability/Gates/Detectors/IGateDetector.cs- Gate detector interface
- Gate Models & Scoring:
src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Gates/GateModels.cs- Gate models including feature flag conditionssrc/Scanner/__Libraries/StellaOps.Scanner.Reachability/Gates/GatePatterns.cs- Pattern matching for feature flag detectionsrc/Scanner/__Libraries/StellaOps.Scanner.Reachability/Gates/GateMultiplierCalculator.cs- Applies 0.5x confidence multiplier for feature-flag-gated paths
- Rich Graph Annotation:
src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Gates/RichGraphGateAnnotator.cs- Annotates rich graph with feature flag gate information
- Conditional Reachability:
src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Dependencies/ConditionalReachabilityAnalyzer.cs- Marks paths as "conditionally reachable"
E2E Test Plan
- Scan an image with code behind feature flags (e.g.,
if (featureEnabled("X"))) and verify paths are detected as conditionally reachable - Verify the feature flag name/condition is captured in the reachability verdict
- Verify gated paths receive 0.5x confidence multiplier in risk scoring
- Verify rich graph annotations include feature flag gate details
- Verify reachability status shows "conditionally reachable" vs "reachable" distinction