Add SBOM, symbols, traces, and VEX files for CVE-2022-21661 SQLi case
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
- Created CycloneDX and SPDX SBOM files for both reachable and unreachable images. - Added symbols.json detailing function entry and sink points in the WordPress code. - Included runtime traces for function calls in both reachable and unreachable scenarios. - Developed OpenVEX files indicating vulnerability status and justification for both cases. - Updated README for evaluator harness to guide integration with scanner output.
This commit is contained in:
master
@@ -0,0 +1,15 @@
|
||||
# python-urllib3-dos-regex-TBD
|
||||
Primary axis: lang-python
|
||||
Tags: regex-dos, parser
|
||||
Languages: python
|
||||
|
||||
## Variants
|
||||
- reachable: vulnerable function/path is on an executable route.
|
||||
- unreachable: same base image/config with control toggles that prune the path.
|
||||
|
||||
## Entrypoint & Controls (fill in)
|
||||
- entrypoints: e.g., http:/route, grpc method, tcp port, OCI hook
|
||||
- flags: e.g., feature_on=true, middleware_order=bad|good, module_loaded=true|false, LSM=enforcing|permissive
|
||||
|
||||
## Expected ground-truth path(s)
|
||||
See `images/*/reachgraph.truth.json`.
|
||||
Reference in New Issue
Block a user