stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
d2aca4c9d35d6e55bdc00195f02e81120afc7598
git.stella-ops.org/docs/features/unchecked/scanner/binary-intelligence-engine.md

2.4 KiB
Raw Blame History

Binary Intelligence Engine (Function-Level Code Fingerprinting)

Module

Scanner

Status

IMPLEMENTED

Description

Function-level binary code fingerprinting with symbol recovery for stripped binaries, vulnerable function matching against a fingerprint corpus, and source-to-binary correlation. Extends existing binary fingerprint capabilities with intelligence-grade analysis for entrypoint-scoped binary reachability.

Implementation Details

  • Core Analyzer:
    • src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Binary/BinaryIntelligenceAnalyzer.cs - Main analyzer for function-level binary code fingerprinting
  • Symbol Recovery:
    • src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Binary/ISymbolRecovery.cs - Interface for recovering symbols from stripped binaries
  • Fingerprint Index:
    • src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Binary/IFingerprintIndex.cs - Interface for fingerprint corpus lookup
  • Vulnerable Function Matching:
    • src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Binary/VulnerableFunctionMatcher.cs - Matches binary functions against known vulnerable function fingerprints
  • Analysis Results:
    • src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Binary/BinaryAnalysisResult.cs - Result models for binary intelligence analysis
  • Risk Scoring:
    • src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Risk/IRiskScorer.cs - Risk scorer integrating binary intelligence into entrypoint risk assessment
  • Worker Integration:
    • src/Scanner/StellaOps.Scanner.Worker/Processing/EntryTraceExecutionService.cs - Executes entry trace analysis including binary intelligence during scan
    • src/Scanner/StellaOps.Scanner.Worker/Processing/IEntryTraceExecutionService.cs - Interface for entry trace execution

E2E Test Plan

  • Scan a container image containing stripped ELF binaries and verify symbol recovery identifies function boundaries
  • Verify fingerprint matching identifies known library functions in the binary via the IFingerprintIndex
  • Scan an image with a binary containing a known vulnerable function and verify VulnerableFunctionMatcher flags it
  • Verify binary intelligence results include source-to-binary correlation where debug info is available
  • Verify binary analysis results appear in the entry trace response via GET /api/v1/scans/{scanId}/entry-trace
  • Verify binary-level reachability findings contribute to the overall risk score