e8537460a3
- Introduced AGENTS.md, README.md, TASKS.md, and implementation_plan.md for Vexer, detailing mission, responsibilities, key components, and operational notes. - Established similar documentation structure for Vulnerability Explorer and Zastava modules, including their respective workflows, integrations, and observability notes. - Created risk scoring profiles documentation outlining the core workflow, factor model, governance, and deliverables. - Ensured all modules adhere to the Aggregation-Only Contract and maintain determinism and provenance in outputs.
1.3 KiB
1.3 KiB
Entry-Point Runtime — Rust
Signals to gather
- ELF binaries with DWARF producer strings containing
rustc. - Symbols prefixed with
_ZN(mangled Rust) or section.rustc. - Presence of
panic=abortstrings,Rustmetadata, or Cargo artefacts (Cargo.toml,Cargo.lock). - Statically linked (no
.dynamicentries) in many cases, or musl loader (/lib/ld-musl-x86_64.so.1). - Environment such as
RUST_LOG,RUST_BACKTRACE.
Implementation notes
- Parse DWARF
.debug_infowhen available; short-circuit by scanning.commentsections forrustc. - Distinguish from Go by the absence of
.note.go.buildid. - When Cargo artefacts exist, include target name and profile in evidence.
- For binaries built with
--target x86_64-pc-windows-gnu, treat them under the same detector (PE + Rust markers).
Evidence & scoring
- Reward DWARF producer strings, Cargo files, and Rust-specific env vars.
- Penalise when only generic static binary traits are present (may defer to C/C++).
- Mention musl vs glibc loader differences for observability.
Edge cases
- Rust compiled to WebAssembly or run inside Wasmtime falls outside this detector; leave as
Other. - Stripped binaries without DWARF or comments may be indistinguishable from C—fall back to C/C++ and add note.
- Supervisors launching multiple Rust binaries handled upstream.