stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
cf5b72974f923126944f4dcd47e85864ebb31a3b
git.stella-ops.org/docs/features/unchecked/scanner/layered-resolver-pipeline.md

3.3 KiB
Raw Blame History

Layered Resolver Pipeline (ELF/PE Feature Extraction)

Module

Scanner

Status

IMPLEMENTED

Description

Binary analysis with call graph extraction for ELF/PE formats and patch verification orchestration.

Implementation Details

  • Binary Call Graph Extraction:
    • src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/BinaryCallGraphExtractor.cs - BinaryCallGraphExtractor extracts call graphs from ELF/PE binaries
    • src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/BinaryEntrypointClassifier.cs - Classifies binary entrypoints (main, DllMain, init/fini)
    • src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/FunctionBoundaryDetector.cs - Detects function boundaries in binary code
    • src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/DwarfDebugReader.cs - Reads DWARF debug information from ELF binaries
  • Disassembly:
    • src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/Disassembly/X86Disassembler.cs - x86/x64 disassembly for call graph extraction
    • src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/Disassembly/Arm64Disassembler.cs - ARM64 disassembly support
    • src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/Disassembly/DirectCallExtractor.cs - Extracts direct call targets from disassembled code
    • src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/Disassembly/BinaryTextSectionReader.cs - Reads .text sections from binaries
  • Binary Analysis:
    • src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/Analysis/BinaryDynamicLoadDetector.cs - Detects dlopen/LoadLibrary dynamic loading patterns
    • src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/Analysis/BinaryStringLiteralScanner.cs - Scans string literals for library references
  • Patch Verification:
    • src/Scanner/__Libraries/StellaOps.Scanner.PatchVerification/PatchVerificationOrchestrator.cs - PatchVerificationOrchestrator coordinates patch verification steps
    • src/Scanner/__Libraries/StellaOps.Scanner.PatchVerification/IPatchVerificationOrchestrator.cs - Interface for orchestrator
    • src/Scanner/__Libraries/StellaOps.Scanner.PatchVerification/Models/PatchVerificationResult.cs - Verification result with status and evidence
    • src/Scanner/__Libraries/StellaOps.Scanner.PatchVerification/Models/PatchVerificationEvidence.cs - Evidence collected during verification
    • src/Scanner/__Libraries/StellaOps.Scanner.PatchVerification/Services/IPatchSignatureStore.cs - Interface for patch signature storage
    • src/Scanner/__Libraries/StellaOps.Scanner.PatchVerification/Services/InMemoryPatchSignatureStore.cs - In-memory patch signature store

E2E Test Plan

  • Scan a container image containing ELF binaries and verify call graph extraction produces function nodes and call edges
  • Scan a container with PE (Windows) binaries and verify PE-specific features (DllMain, exports) are extracted
  • Verify DWARF debug information is used to enrich function names when available
  • Verify dynamic loading patterns (dlopen/LoadLibrary) are detected and reported
  • Verify patch verification orchestrator validates that a claimed patch is present in the binary
  • Verify patch signature store records and retrieves known patch signatures for comparison