stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

feat: add security sink detection patterns for JavaScript/TypeScript

Browse Source 
- Introduced `sink-detect.js` with various security sink detection patterns categorized by type (e.g., command injection, SQL injection, file operations).
- Implemented functions to build a lookup map for fast sink detection and to match sink calls against known patterns.
- Added `package-lock.json` for dependency management.
This commit is contained in:
StellaOps Bot
2025-12-22 23:21:21 +02:00
parent 3ba7157b00
commit 5146204f1b
529 changed files with 73579 additions and 5985 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
docs/modules/authority/verdict-manifest.md
View File

@@ -1,6 +1,7 @@
# Verdict Manifest Specification
> **Status**: Draft (Sprint 7100)
> **Status**: Implementation Complete (Sprint 7100)
> **Version**: 1.0.0
> **Last Updated**: 2025-12-22
> **Source Advisory**: `docs/product-advisories/archived/22-Dec-2026 - Building a Trust Lattice for VEX Sources.md`
@@ -454,9 +455,44 @@ Content-Disposition: attachment; filename="verdict-{manifestId}.json"
---
---
## 9. Implementation Reference
### 9.1 Source Files
| Component | Location |
|-----------|----------|
| VerdictManifest model | `src/Authority/__Libraries/StellaOps.Authority.Core/VerdictManifest/VerdictManifest.cs` |
| VerdictManifestBuilder | `src/Authority/__Libraries/StellaOps.Authority.Core/VerdictManifest/VerdictManifestBuilder.cs` |
| IVerdictManifestSigner | `src/Authority/__Libraries/StellaOps.Authority.Core/VerdictManifest/IVerdictManifestSigner.cs` |
| IVerdictManifestStore | `src/Authority/__Libraries/StellaOps.Authority.Core/VerdictManifest/IVerdictManifestStore.cs` |
| VerdictReplayVerifier | `src/Authority/__Libraries/StellaOps.Authority.Core/VerdictManifest/VerdictReplayVerifier.cs` |
| PostgreSQL Store | `src/Authority/__Libraries/StellaOps.Authority.Persistence/Stores/PostgresVerdictManifestStore.cs` |
### 9.2 Database Migration
- Schema migration: `src/Authority/__Libraries/StellaOps.Authority.Persistence/Migrations/001_verdict_manifest_schema.sql`
### 9.3 Test Coverage
| Test Suite | Location |
|------------|----------|
| VerdictManifest tests | `src/Authority/__Tests/StellaOps.Authority.Core.Tests/VerdictManifest/` |
| Replay verification tests | `src/Authority/__Tests/StellaOps.Authority.Core.Tests/VerdictManifest/VerdictReplayVerifierTests.cs` |
| Integration tests | `src/Authority/__Tests/StellaOps.Authority.Integration.Tests/VerdictManifest/` |
---
## Related Documentation
- [Trust Lattice Specification](../excititor/trust-lattice.md)
- [Authority Architecture](./architecture.md)
- [DSSE Signing](../../dev/dsse-signing.md)
- [API Reference](../../09_API_CLI_REFERENCE.md)
---
*Document Version: 1.0.0*
*Sprint: 7100.0003.0002*
*Created: 2025-12-22*