stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

feat: add security sink detection patterns for JavaScript/TypeScript

Browse Source 
- Introduced `sink-detect.js` with various security sink detection patterns categorized by type (e.g., command injection, SQL injection, file operations).
- Implemented functions to build a lookup map for fast sink detection and to match sink calls against known patterns.
- Added `package-lock.json` for dependency management.
This commit is contained in:
StellaOps Bot
2025-12-22 23:21:21 +02:00
parent 3ba7157b00
commit 5146204f1b
529 changed files with 73579 additions and 5985 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
docs/implplan/SPRINT_4200_0002_0005_counterfactuals.md
View File

@@ -1014,14 +1014,14 @@ public class CounterfactualEngineTests
| # | Task ID | Status | Dependency | Owners | Task Definition |
|---|---------|--------|------------|--------|-----------------|
| 1 | T1 | TODO | — | Policy Team | Define CounterfactualResult |
| 2 | T2 | TODO | T1 | Policy Team | Create CounterfactualEngine |
| 3 | T3 | TODO | T2 | Policy Team | Integrate with PolicyExplanation |
| 4 | T4 | TODO | T2 | Policy Team | Handle VEX counterfactuals |
| 5 | T5 | TODO | T2 | Policy Team | Handle exception counterfactuals |
| 6 | T6 | TODO | T2 | Policy Team | Handle reachability counterfactuals |
| 7 | T7 | TODO | T2, T3 | Policy Team | API endpoint |
| 8 | T8 | TODO | T1-T7 | Policy Team | Tests |
| 1 | T1 | DONE | — | Policy Team | Define CounterfactualResult |
| 2 | T2 | DONE | T1 | Policy Team | Create CounterfactualEngine |
| 3 | T3 | DONE | T2 | Policy Team | Integrate with PolicyExplanation |
| 4 | T4 | DONE | T2 | Policy Team | Handle VEX counterfactuals |
| 5 | T5 | DONE | T2 | Policy Team | Handle exception counterfactuals |
| 6 | T6 | DONE | T2 | Policy Team | Handle reachability counterfactuals |
| 7 | T7 | DONE | T2, T3 | Policy Team | API endpoint |
| 8 | T8 | DONE | T1-T7 | Policy Team | Tests |
---
@@ -1031,6 +1031,9 @@ public class CounterfactualEngineTests
|------------|--------|-------|
| 2025-12-21 | Sprint created from UX Gap Analysis. Counterfactuals identified as key actionability feature. | Claude |
| 2025-12-22 | Normalized sprint file to standard template; no semantic changes. | Codex |
| 2025-12-22 | Implemented T1-T6: Created CounterfactualResult.cs, CounterfactualEngine.cs, updated PolicyExplanation.cs. | Claude |
| 2025-12-22 | Implemented T7: Created CounterfactualEndpoints.cs in Scanner WebService with compute, finding, and scan-summary endpoints. | Claude |
| 2025-12-22 | Implemented T8: Created CounterfactualEndpointsTests.cs with comprehensive integration tests. | Claude |
---