41 lines
3.3 KiB
Markdown
41 lines
3.3 KiB
Markdown
# Layered Resolver Pipeline (ELF/PE Feature Extraction)
|
|
|
|
## Module
|
|
Scanner
|
|
|
|
## Status
|
|
IMPLEMENTED
|
|
|
|
## Description
|
|
Binary analysis with call graph extraction for ELF/PE formats and patch verification orchestration.
|
|
|
|
## Implementation Details
|
|
- **Binary Call Graph Extraction**:
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/BinaryCallGraphExtractor.cs` - `BinaryCallGraphExtractor` extracts call graphs from ELF/PE binaries
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/BinaryEntrypointClassifier.cs` - Classifies binary entrypoints (main, DllMain, init/fini)
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/FunctionBoundaryDetector.cs` - Detects function boundaries in binary code
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/DwarfDebugReader.cs` - Reads DWARF debug information from ELF binaries
|
|
- **Disassembly**:
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/Disassembly/X86Disassembler.cs` - x86/x64 disassembly for call graph extraction
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/Disassembly/Arm64Disassembler.cs` - ARM64 disassembly support
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/Disassembly/DirectCallExtractor.cs` - Extracts direct call targets from disassembled code
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/Disassembly/BinaryTextSectionReader.cs` - Reads .text sections from binaries
|
|
- **Binary Analysis**:
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/Analysis/BinaryDynamicLoadDetector.cs` - Detects dlopen/LoadLibrary dynamic loading patterns
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/Analysis/BinaryStringLiteralScanner.cs` - Scans string literals for library references
|
|
- **Patch Verification**:
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.PatchVerification/PatchVerificationOrchestrator.cs` - `PatchVerificationOrchestrator` coordinates patch verification steps
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.PatchVerification/IPatchVerificationOrchestrator.cs` - Interface for orchestrator
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.PatchVerification/Models/PatchVerificationResult.cs` - Verification result with status and evidence
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.PatchVerification/Models/PatchVerificationEvidence.cs` - Evidence collected during verification
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.PatchVerification/Services/IPatchSignatureStore.cs` - Interface for patch signature storage
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.PatchVerification/Services/InMemoryPatchSignatureStore.cs` - In-memory patch signature store
|
|
|
|
## E2E Test Plan
|
|
- [ ] Scan a container image containing ELF binaries and verify call graph extraction produces function nodes and call edges
|
|
- [ ] Scan a container with PE (Windows) binaries and verify PE-specific features (DllMain, exports) are extracted
|
|
- [ ] Verify DWARF debug information is used to enrich function names when available
|
|
- [ ] Verify dynamic loading patterns (dlopen/LoadLibrary) are detected and reported
|
|
- [ ] Verify patch verification orchestrator validates that a claimed patch is present in the binary
|
|
- [ ] Verify patch signature store records and retrieves known patch signatures for comparison
|