1.9 KiB
1.9 KiB
Patch Coverage Tracking
Module
BinaryIndex
Status
VERIFIED
Description
Dedicated patch coverage API endpoint for tracking which CVE patches are covered in binary analysis.
Implementation Details
- Modules:
src/BinaryIndex/StellaOps.BinaryIndex.WebService/Controllers/ - Key Classes:
PatchCoverageController(src/BinaryIndex/StellaOps.BinaryIndex.WebService/Controllers/PatchCoverageController.cs) - REST API controller for patch coverage queries usingIDeltaSignatureRepositoryDeltaSignatureMatcher(src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.DeltaSig/DeltaSignatureMatcher.cs) - matches delta signatures to assess patch coverageDeltaSigService/DeltaSigServiceV2(src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.DeltaSig/) - service layer for delta-sig operations
- Interfaces:
IDeltaSignatureRepository- repository for persisted delta signatures used by patch coverage queries
E2E Test Plan
- Query patch coverage API for a known CVE and verify coverage status (covered/not covered)
- Verify patch coverage percentage calculation: submit binaries with partial patch coverage
- Verify that delta signatures for the CVE fix are used to determine coverage
- Verify API returns correct coverage for batch queries across multiple CVEs
- Verify coverage tracking updates when new delta signatures are added
Verification
- Tier 0/1/2 artifacts:
docs/qa/feature-checks/runs/binaryindex/patch-coverage-tracking/run-001/. - Result: verified.
- Evidence summary:
tier1-test-webservice-patchcoverage.log: Passed 7/7.tier1-test-deltasig-matcher.log: Passed 8/8.tier2-test-webservice-patchcoverage.log: Passed 7/7.tier2-test-deltasig-matcher.log: Passed 8/8.
- Note: webservice and webservice-tests builds were run with scoped output paths in this run to avoid concurrent binary-lock collisions on shared
bin/Releaseoutputs.