4.8 KiB
4.8 KiB
Native Analyzer Task Board
Imposed rule: work of this type or tasks of this type on this component — and everywhere else it should be applied.
Native Static Analyzer (Sprint 37)
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|---|---|---|---|---|---|
| SCANNER-ANALYZERS-NATIVE-20-001 | TODO | Native Analyzer Guild | SCANNER-CORE-09-501 | Implement format detector and binary identity model supporting ELF, PE/COFF, and Mach-O (including fat slices). Capture arch, OS, build-id/UUID, interpreter metadata. | Detector recognises sample binaries across linux/windows/macos; entrypoint identity includes arch+os slice and stable hash; fixtures stored under fixtures/native/format-detector. |
| SCANNER-ANALYZERS-NATIVE-20-002 | TODO | Native Analyzer Guild | SCANNER-ANALYZERS-NATIVE-20-001 | Parse ELF dynamic sections: DT_NEEDED, DT_RPATH, DT_RUNPATH, symbol versions, interpreter, and note build-id. Emit declared dependency records with reason elf-dtneeded and attach version needs. |
ELF fixtures (glibc, musl, Go static) produce deterministic dependency records with runpath/rpath metadata and symbol version needs. |
| SCANNER-ANALYZERS-NATIVE-20-003 | TODO | Native Analyzer Guild | SCANNER-ANALYZERS-NATIVE-20-001 | Parse PE imports, delay-load tables, manifests/SxS metadata, and subsystem flags. Emit edges with reasons pe-import and pe-delayimport, plus SxS policy metadata. |
Windows fixtures (standard, delay-load, SxS) generate dependency edges with policy hashes and delay-load markers; unit tests validate manifest parsing. |
| SCANNER-ANALYZERS-NATIVE-20-004 | TODO | Native Analyzer Guild | SCANNER-ANALYZERS-NATIVE-20-001 | Parse Mach-O load commands (LC_LOAD_DYLIB, LC_REEXPORT_DYLIB, LC_RPATH, LC_UUID, fat headers). Handle @rpath/@loader_path placeholders and slice separation. |
Mach-O fixtures (single + universal) emit dependency edges per slice with expanded paths and UUID metadata; tests confirm @rpath expansion order. |
| SCANNER-ANALYZERS-NATIVE-20-005 | TODO | Native Analyzer Guild | SCANNER-ANALYZERS-NATIVE-20-002, SCANNER-ANALYZERS-NATIVE-20-003, SCANNER-ANALYZERS-NATIVE-20-004 | Implement resolver engine modeling loader search order for ELF (rpath/runpath/cache/default), PE (SafeDll search + SxS), and Mach-O (@rpath expansion). Works against virtual image roots, producing explain traces. |
Resolver passes golden tests across linux/windows/macos fixtures; resolution trace records attempted paths; no host filesystem access in tests. |
| SCANNER-ANALYZERS-NATIVE-20-006 | TODO | Native Analyzer Guild | SCANNER-ANALYZERS-NATIVE-20-005 | Build heuristic scanner for dlopen/LoadLibrary strings, plugin ecosystem configs, and Go/Rust static hints. Emit edges with reason_code (string-dlopen, config-plugin, ecosystem-heuristic) and confidence levels. |
Heuristic edges appear in fixtures (nginx modules, dlopen string literals); confidence flags applied; explain metadata references source string/config path. |
Native Observation Pipeline (Sprint 38)
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|---|---|---|---|---|---|
| SCANNER-ANALYZERS-NATIVE-20-007 | TODO | Native Analyzer Guild, SBOM Service Guild | SCANNER-ANALYZERS-NATIVE-20-005 | Serialize AOC-compliant observations: entrypoints + dependency edges + environment profiles (search paths, interpreter, loader metadata). Integrate with Scanner writer API. | Analyzer emits normalized entrypoints[]/edges[] JSON for fixtures; SBOM tests consume output; determinism harness updated. |
| SCANNER-ANALYZERS-NATIVE-20-008 | TODO | Native Analyzer Guild, QA Guild | SCANNER-ANALYZERS-NATIVE-20-007 | Author cross-platform fixtures (ELF dynamic/static, PE delay-load/SxS, Mach-O @rpath, plugin configs) and determinism benchmarks (<25 ms / binary, <250 MB). | Fixture suite committed; determinism CI passes; benchmark report documents perf budgets and regression guard rails. |
| SCANNER-ANALYZERS-NATIVE-20-009 | TODO | Native Analyzer Guild, Signals Guild | SCANNER-ANALYZERS-NATIVE-20-007 | Provide optional runtime capture adapters (Linux eBPF dlopen, Windows ETW ImageLoad, macOS dyld interpose) writing append-only runtime evidence. Include redaction/sandbox guidance. |
Runtime harness emits runtime-load edges for sample binaries; data scrubbed to image-relative paths; docs outline sandboxing and privacy. |
| SCANNER-ANALYZERS-NATIVE-20-010 | TODO | Native Analyzer Guild, DevOps Guild | SCANNER-ANALYZERS-NATIVE-20-007 | Package native analyzer as restart-time plug-in with manifest/DI registration; update Offline Kit bundle + documentation. | Plugin manifest copied to plugins/scanner/analyzers/native/; Worker loads analyzer on restart; Offline Kit instructions updated; smoke test verifies packaging. |