2.1 KiB
2.1 KiB
Speculative Execution Engine (Shell Script Symbolic Execution)
Module
Scanner
Status
IMPLEMENTED
Description
Symbolic execution engine for shell scripts that enumerates all possible execution paths through entrypoint scripts (Dockerfile CMD/ENTRYPOINT), tracking symbolic variable states and branch conditions to determine all reachable terminal states with confidence scoring.
Implementation Details
- Symbolic Executor:
src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Speculative/ShellSymbolicExecutor.cs-ShellSymbolicExecutorperforming symbolic execution of shell scripts, tracking variable states and branch conditionssrc/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Speculative/ISymbolicExecutor.cs- Interface for symbolic execution
- Execution Tree:
src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Speculative/ExecutionTree.cs-ExecutionTreerepresenting all possible execution paths through the script with terminal states
- Path Analysis:
src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Speculative/PathEnumerator.cs-PathEnumeratorenumerating all possible execution paths through branch conditionssrc/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Speculative/PathConfidenceScorer.cs-PathConfidenceScorerscoring each path's likelihood based on branch conditions and variable constraints
E2E Test Plan
- Execute symbolic analysis on a Dockerfile ENTRYPOINT shell script with conditional branches and verify all possible execution paths are enumerated
- Verify the execution tree correctly tracks symbolic variable states through assignment and substitution
- Verify branch conditions (if/else, case/esac) create appropriate path forks in the execution tree
- Verify
PathConfidenceScorerassigns higher confidence to paths with fewer conditional dependencies - Verify the engine handles common shell constructs (loops, subshells, command substitution, environment variable expansion)
- Verify terminal states include the final command that would be executed in each path