stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

up
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Signals CI & Image / signals-ci (push) Has been cancelled
Details
Signals Reachability Scoring & Events / reachability-smoke (push) Has been cancelled
Details
Signals Reachability Scoring & Events / sign-and-upload (push) Has been cancelled
Details
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Reachability Corpus Validation / validate-corpus (push) Has been cancelled
Details
Reachability Corpus Validation / validate-ground-truths (push) Has been cancelled
Details
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Details
Reachability Corpus Validation / determinism-check (push) Has been cancelled
Details
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
Details
Notify Smoke Test / Notify Unit Tests (push) Has been cancelled
Details
Notify Smoke Test / Notifier Service Tests (push) Has been cancelled
Details
Notify Smoke Test / Notification Smoke Test (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details

Browse Source
This commit is contained in:
StellaOps Bot
2025-12-14 15:50:38 +02:00
parent f1a39c4ce3
commit 233873f620
249 changed files with 29746 additions and 154 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
bench/findings/CVE-2022-3602-reachable/decision.dsse.json Normal file
View File

@@ -0,0 +1,10 @@
{
"payload": "eyJAY29udGV4dCI6Imh0dHBzOi8vb3BlbnZleC5kZXYvbnMvdjAuMi4wIiwiQHR5cGUiOiJWRVgiLCJhdXRob3IiOiJTdGVsbGFPcHMgQmVuY2ggQXV0b21hdGlvbiIsInJvbGUiOiJzZWN1cml0eV90ZWFtIiwic3RhdGVtZW50cyI6W3siYWN0aW9uX3N0YXRlbWVudCI6IlVwZ3JhZGUgdG8gcGF0Y2hlZCB2ZXJzaW9uIG9yIGFwcGx5IG1pdGlnYXRpb24uIiwiaW1wYWN0X3N0YXRlbWVudCI6IkV2aWRlbmNlIGhhc2g6IHNoYTI1NjowMTQzMWZmMWVlZTc5OWM2ZmFkZDU5M2E3ZWMxOGVlMDk0Zjk4MzE0MDk2M2RhNmNiZmQ0YjdmMDZiYTBmOTcwIiwicHJvZHVjdHMiOlt7IkBpZCI6InBrZzpnZW5lcmljL29wZW5zc2wtQ1ZFLTIwMjItMzYwMi14NTA5LW5hbWUtY29uc3RyYWludHNAMS4wLjAifV0sInN0YXR1cyI6ImFmZmVjdGVkIiwidnVsbmVyYWJpbGl0eSI6eyJAaWQiOiJodHRwczovL252ZC5uaXN0Lmdvdi92dWxuL2RldGFpbC9DVkUtMjAyMi0zNjAyIiwibmFtZSI6IkNWRS0yMDIyLTM2MDIifX1dLCJ0aW1lc3RhbXAiOiIyMDI1LTEyLTE0VDAyOjEzOjM4WiIsInRvb2xpbmciOiJTdGVsbGFPcHMvYmVuY2gtYXV0b0AxLjAuMCIsInZlcnNpb24iOjF9",
"payloadType": "application/vnd.openvex+json",
"signatures": [
{
"keyid": "stella.ops/bench-automation@v1",
"sig": "PLACEHOLDER_SIGNATURE_REQUIRES_ACTUAL_SIGNING"
}
]
}

25
bench/findings/CVE-2022-3602-reachable/decision.openvex.json Normal file
View File

@@ -0,0 +1,25 @@
{
"@context": "https://openvex.dev/ns/v0.2.0",
"@type": "VEX",
"author": "StellaOps Bench Automation",
"role": "security_team",
"statements": [
{
"action_statement": "Upgrade to patched version or apply mitigation.",
"impact_statement": "Evidence hash: sha256:01431ff1eee799c6fadd593a7ec18ee094f983140963da6cbfd4b7f06ba0f970",
"products": [
{
"@id": "pkg:generic/openssl-CVE-2022-3602-x509-name-constraints@1.0.0"
}
],
"status": "affected",
"vulnerability": {
"@id": "https://nvd.nist.gov/vuln/detail/CVE-2022-3602",
"name": "CVE-2022-3602"
}
}
],
"timestamp": "2025-12-14T02:13:38Z",
"tooling": "StellaOps/bench-auto@1.0.0",
"version": 1
}

25
bench/findings/CVE-2022-3602-reachable/evidence/reachability.json Normal file
View File

@@ -0,0 +1,25 @@
{
"case_id": "openssl-CVE-2022-3602-x509-name-constraints",
"generated_at": "2025-12-14T02:13:38Z",
"ground_truth": {
"case_id": "openssl-CVE-2022-3602-x509-name-constraints",
"paths": [
[
"sym://net:handler#read",
"sym://openssl:openssl.c#entry",
"sym://openssl:openssl.c#sink"
]
],
"schema_version": "reachbench.reachgraph.truth/v1",
"variant": "reachable"
},
"paths": [
[
"sym://net:handler#read",
"sym://openssl:openssl.c#entry",
"sym://openssl:openssl.c#sink"
]
],
"schema_version": "richgraph-excerpt/v1",
"variant": "reachable"
}

23
bench/findings/CVE-2022-3602-reachable/evidence/sbom.cdx.json Normal file
View File

@@ -0,0 +1,23 @@
{
"bomFormat": "CycloneDX",
"components": [
{
"name": "openssl-CVE-2022-3602-x509-name-constraints",
"purl": "pkg:generic/openssl-CVE-2022-3602-x509-name-constraints@1.0.0",
"type": "library",
"version": "1.0.0"
}
],
"metadata": {
"timestamp": "2025-12-14T02:13:38Z",
"tools": [
{
"name": "bench-auto",
"vendor": "StellaOps",
"version": "1.0.0"
}
]
},
"specVersion": "1.6",
"version": 1
}

11
bench/findings/CVE-2022-3602-reachable/metadata.json Normal file
View File

@@ -0,0 +1,11 @@
{
"case_id": "openssl-CVE-2022-3602-x509-name-constraints",
"cve_id": "CVE-2022-3602",
"generated_at": "2025-12-14T02:13:38Z",
"generator": "scripts/bench/populate-findings.py",
"generator_version": "1.0.0",
"ground_truth_schema": "reachbench.reachgraph.truth/v1",
"purl": "pkg:generic/openssl-CVE-2022-3602-x509-name-constraints@1.0.0",
"reachability_status": "reachable",
"variant": "reachable"
}

5
bench/findings/CVE-2022-3602-reachable/rekor.txt Normal file
View File

@@ -0,0 +1,5 @@
# Rekor log entry placeholder
# Submit DSSE envelope to Rekor to populate this file
log_index: PENDING
uuid: PENDING
timestamp: 2025-12-14T02:13:38Z