up

bench/findings/CVE-2023-38545-unreachable/decision.dsse.json

@@ -0,0 +1,10 @@
+{
+  "payload": "eyJAY29udGV4dCI6Imh0dHBzOi8vb3BlbnZleC5kZXYvbnMvdjAuMi4wIiwiQHR5cGUiOiJWRVgiLCJhdXRob3IiOiJTdGVsbGFPcHMgQmVuY2ggQXV0b21hdGlvbiIsInJvbGUiOiJzZWN1cml0eV90ZWFtIiwic3RhdGVtZW50cyI6W3siaW1wYWN0X3N0YXRlbWVudCI6IkV2aWRlbmNlIGhhc2g6IHNoYTI1NjplNGIxOTk0ZTU5NDEwNTYyZjQwYWI0YTVmZTIzNjM4YzExZTU4MTdiYjcwMDM5M2VkOTlmMjBkM2M5ZWY5ZmEwIiwianVzdGlmaWNhdGlvbiI6InZ1bG5lcmFibGVfY29kZV9ub3RfcHJlc2VudCIsInByb2R1Y3RzIjpbeyJAaWQiOiJwa2c6Z2VuZXJpYy9jdXJsLUNWRS0yMDIzLTM4NTQ1LXNvY2tzNS1oZWFwQDEuMC4wIn1dLCJzdGF0dXMiOiJub3RfYWZmZWN0ZWQiLCJ2dWxuZXJhYmlsaXR5Ijp7IkBpZCI6Imh0dHBzOi8vbnZkLm5pc3QuZ292L3Z1bG4vZGV0YWlsL0NWRS0yMDIzLTM4NTQ1IiwibmFtZSI6IkNWRS0yMDIzLTM4NTQ1In19XSwidGltZXN0YW1wIjoiMjAyNS0xMi0xNFQwMjoxMzozOFoiLCJ0b29saW5nIjoiU3RlbGxhT3BzL2JlbmNoLWF1dG9AMS4wLjAiLCJ2ZXJzaW9uIjoxfQ==",
+  "payloadType": "application/vnd.openvex+json",
+  "signatures": [
+    {
+      "keyid": "stella.ops/bench-automation@v1",
+      "sig": "PLACEHOLDER_SIGNATURE_REQUIRES_ACTUAL_SIGNING"
+    }
+  ]
+}

bench/findings/CVE-2023-38545-unreachable/decision.openvex.json

@@ -0,0 +1,25 @@
+{
+  "@context": "https://openvex.dev/ns/v0.2.0",
+  "@type": "VEX",
+  "author": "StellaOps Bench Automation",
+  "role": "security_team",
+  "statements": [
+    {
+      "impact_statement": "Evidence hash: sha256:e4b1994e59410562f40ab4a5fe23638c11e5817bb700393ed99f20d3c9ef9fa0",
+      "justification": "vulnerable_code_not_present",
+      "products": [
+        {
+          "@id": "pkg:generic/curl-CVE-2023-38545-socks5-heap@1.0.0"
+        }
+      ],
+      "status": "not_affected",
+      "vulnerability": {
+        "@id": "https://nvd.nist.gov/vuln/detail/CVE-2023-38545",
+        "name": "CVE-2023-38545"
+      }
+    }
+  ],
+  "timestamp": "2025-12-14T02:13:38Z",
+  "tooling": "StellaOps/bench-auto@1.0.0",
+  "version": 1
+}

bench/findings/CVE-2023-38545-unreachable/evidence/reachability.json

@@ -0,0 +1,13 @@
+{
+  "case_id": "curl-CVE-2023-38545-socks5-heap",
+  "generated_at": "2025-12-14T02:13:38Z",
+  "ground_truth": {
+    "case_id": "curl-CVE-2023-38545-socks5-heap",
+    "paths": [],
+    "schema_version": "reachbench.reachgraph.truth/v1",
+    "variant": "unreachable"
+  },
+  "paths": [],
+  "schema_version": "richgraph-excerpt/v1",
+  "variant": "unreachable"
+}

bench/findings/CVE-2023-38545-unreachable/evidence/sbom.cdx.json

@@ -0,0 +1,23 @@
+{
+  "bomFormat": "CycloneDX",
+  "components": [
+    {
+      "name": "curl-CVE-2023-38545-socks5-heap",
+      "purl": "pkg:generic/curl-CVE-2023-38545-socks5-heap@1.0.0",
+      "type": "library",
+      "version": "1.0.0"
+    }
+  ],
+  "metadata": {
+    "timestamp": "2025-12-14T02:13:38Z",
+    "tools": [
+      {
+        "name": "bench-auto",
+        "vendor": "StellaOps",
+        "version": "1.0.0"
+      }
+    ]
+  },
+  "specVersion": "1.6",
+  "version": 1
+}

bench/findings/CVE-2023-38545-unreachable/metadata.json

@@ -0,0 +1,11 @@
+{
+  "case_id": "curl-CVE-2023-38545-socks5-heap",
+  "cve_id": "CVE-2023-38545",
+  "generated_at": "2025-12-14T02:13:38Z",
+  "generator": "scripts/bench/populate-findings.py",
+  "generator_version": "1.0.0",
+  "ground_truth_schema": "reachbench.reachgraph.truth/v1",
+  "purl": "pkg:generic/curl-CVE-2023-38545-socks5-heap@1.0.0",
+  "reachability_status": "unreachable",
+  "variant": "unreachable"
+}

bench/findings/CVE-2023-38545-unreachable/rekor.txt

@@ -0,0 +1,5 @@
+# Rekor log entry placeholder
+# Submit DSSE envelope to Rekor to populate this file
+log_index: PENDING
+uuid: PENDING
+timestamp: 2025-12-14T02:13:38Z