stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

stabilize tests

Browse Source
This commit is contained in:
master
2026-02-01 21:37:40 +02:00
parent 55744f6a39
commit 5d5e80b2e4
6435 changed files with 33984 additions and 13802 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
src/tests/reachability/corpus/dotnet/dotnet-kestrel-CVE-2023-44487-http2-rapid-reset/callgraph.static.json Normal file
View File

@@ -0,0 +1,22 @@
{
"schema_version": "reach-corpus.callgraph/v1",
"nodes": [
{
"nodeId": "n1",
"symbol": "Kestrel.HandleRequestAsync",
"file": "KestrelServer.cs",
"line": 142,
"isEntrypoint": true
},
{
"nodeId": "n2",
"symbol": "Http2Connection.ProcessRstStreamFrame",
"file": "Http2Connection.cs",
"line": 445,
"isSink": true
}
],
"edges": [
{ "sourceId": "n1", "targetId": "n2", "callKind": "direct" }
]
}

8
src/tests/reachability/corpus/dotnet/dotnet-kestrel-CVE-2023-44487-http2-rapid-reset/ground-truth.json Normal file
View File

@@ -0,0 +1,8 @@
{
"schema_version": "reachbench.reachgraph.truth/v1",
"case_id": "dotnet-kestrel-CVE-2023-44487-http2-rapid-reset",
"variant": "reachable",
"paths": [
["sym://dotnet:entry", "sym://dotnet:sink"]
]
}

13
src/tests/reachability/corpus/dotnet/dotnet-kestrel-CVE-2023-44487-http2-rapid-reset/vex.openvex.json Normal file
View File

@@ -0,0 +1,13 @@
{
"context": "https://openvex.dev/ns/v0.2.0",
"author": "StellaOps",
"role": "reachability-corpus",
"timestamp": "2025-11-18T00:00:00Z",
"statements": [
{
"vulnerability": "CVE-2023-44487",
"products": ["pkg:nuget/Microsoft.AspNetCore.Server.Kestrel"],
"status": "affected"
}
]
}

10
src/tests/reachability/corpus/go/go-ssh-CVE-2020-9283-keyexchange/callgraph.static.json Normal file
View File

@@ -0,0 +1,10 @@
{
"schema_version": "reach-corpus.callgraph/v1",
"nodes": [
{ "nodeId": "n1", "symbol": "ssh.Dial", "isEntrypoint": true },
{ "nodeId": "n2", "symbol": "ssh.kexAlgo.exchange", "isSink": true }
],
"edges": [
{ "sourceId": "n1", "targetId": "n2", "callKind": "direct" }
]
}

8
src/tests/reachability/corpus/go/go-ssh-CVE-2020-9283-keyexchange/ground-truth.json Normal file
View File

@@ -0,0 +1,8 @@
{
"schema_version": "reachbench.reachgraph.truth/v1",
"case_id": "go-ssh-CVE-2020-9283-keyexchange",
"variant": "reachable",
"paths": [
["sym://go:entry", "sym://go:sink"]
]
}

13
src/tests/reachability/corpus/go/go-ssh-CVE-2020-9283-keyexchange/vex.openvex.json Normal file
View File

@@ -0,0 +1,13 @@
{
"context": "https://openvex.dev/ns/v0.2.0",
"author": "StellaOps",
"role": "reachability-corpus",
"timestamp": "2025-11-18T00:00:00Z",
"statements": [
{
"vulnerability": "CVE-2020-9283",
"products": ["pkg:golang/golang.org/x/crypto"],
"status": "affected"
}
]
}

38
src/tests/reachability/corpus/manifest.json Normal file
View File

@@ -0,0 +1,38 @@
[
{
"id": "dotnet-kestrel-CVE-2023-44487-http2-rapid-reset",
"language": "dotnet",
"files": {
"callgraph.static.json": "d0b2976cba236f1d55c10edfd9f7ff1256418f6d5c475aaa85d44351762ae47c",
"ground-truth.json": "5146e2cd086ecefb7247f6d013fca43056e91704d0c67b3760ef0629ea9b63d7",
"vex.openvex.json": "15f182ca04cd7516674b43ff621027d4cf7e22a03e87e75bf875631870d65a54"
}
},
{
"id": "go-ssh-CVE-2020-9283-keyexchange",
"language": "go",
"files": {
"callgraph.static.json": "4ee0cdeee190d8e034f05292b1ba5eec2b252fb370639c606a6b1def3e7aa48e",
"ground-truth.json": "65371e5a8d668d1a612576489fd5351485a67392db9e5f9b62d6a0c8f6af29bc",
"vex.openvex.json": "5dddabe58555f303dcf1147e73725b428fcaf0e6b41c64b84daac245948e8e67"
}
},
{
"id": "python-django-CVE-2019-19844-sqli-like",
"language": "python",
"files": {
"callgraph.static.json": "a3ace3bf6bd40562d1d502cf7c48dc17951407dd089ae91f4870da51cd2a7c35",
"ground-truth.json": "e786d7508c0324c3336eeeddd7fdbace165e919548aa46eb46849f1c006f0b95",
"vex.openvex.json": "1598d31ba924a045c3f4fbb8800fed2826c345a36c65e6d58a1261544b41ae13"
}
},
{
"id": "rust-axum-header-parsing-TBD",
"language": "rust",
"files": {
"callgraph.static.json": "dd35af150f6b7e5113003c3ef571aa48dcdff73c49c6ee335de23fc21cab01bf",
"ground-truth.json": "b8dceb0d3fb91d1a1f86091e00243993111b284d4d45d3674a04b87a0cf75a68",
"vex.openvex.json": "a0fd0a083682002f2235a74cb61787bd4c88e69b598c854b8c8cf23086da7605"
}
}
]

10
src/tests/reachability/corpus/python/python-django-CVE-2019-19844-sqli-like/callgraph.static.json Normal file
View File

@@ -0,0 +1,10 @@
{
"schema_version": "reach-corpus.callgraph/v1",
"nodes": [
{ "nodeId": "n1", "symbol": "django.views.PasswordResetView.post", "isEntrypoint": true },
{ "nodeId": "n2", "symbol": "django.contrib.auth.forms.PasswordResetForm.get_users", "isSink": true }
],
"edges": [
{ "sourceId": "n1", "targetId": "n2", "callKind": "direct" }
]
}

8
src/tests/reachability/corpus/python/python-django-CVE-2019-19844-sqli-like/ground-truth.json Normal file
View File

@@ -0,0 +1,8 @@
{
"schema_version": "reachbench.reachgraph.truth/v1",
"case_id": "python-django-CVE-2019-19844-sqli-like",
"variant": "reachable",
"paths": [
["sym://python:entry", "sym://python:sink"]
]
}

13
src/tests/reachability/corpus/python/python-django-CVE-2019-19844-sqli-like/vex.openvex.json Normal file
View File

@@ -0,0 +1,13 @@
{
"context": "https://openvex.dev/ns/v0.2.0",
"author": "StellaOps",
"role": "reachability-corpus",
"timestamp": "2025-11-18T00:00:00Z",
"statements": [
{
"vulnerability": "CVE-2019-19844",
"products": ["pkg:pypi/django"],
"status": "affected"
}
]
}

10
src/tests/reachability/corpus/rust/rust-axum-header-parsing-TBD/callgraph.static.json Normal file
View File

@@ -0,0 +1,10 @@
{
"schema_version": "reach-corpus.callgraph/v1",
"nodes": [
{ "nodeId": "n1", "symbol": "axum::Router::route", "isEntrypoint": true },
{ "nodeId": "n2", "symbol": "axum::extract::header::parse_header", "isSink": true }
],
"edges": [
{ "sourceId": "n1", "targetId": "n2", "callKind": "direct" }
]
}

6
src/tests/reachability/corpus/rust/rust-axum-header-parsing-TBD/ground-truth.json Normal file
View File

@@ -0,0 +1,6 @@
{
"schema_version": "reachbench.reachgraph.truth/v1",
"case_id": "rust-axum-header-parsing-TBD",
"variant": "unreachable",
"paths": []
}

13
src/tests/reachability/corpus/rust/rust-axum-header-parsing-TBD/vex.openvex.json Normal file
View File

@@ -0,0 +1,13 @@
{
"context": "https://openvex.dev/ns/v0.2.0",
"author": "StellaOps",
"role": "reachability-corpus",
"timestamp": "2025-11-18T00:00:00Z",
"statements": [
{
"vulnerability": "TBD",
"products": ["pkg:cargo/axum"],
"status": "under_investigation"
}
]
}

26
src/tests/reachability/fixtures/patch-oracles/INDEX.json Normal file
View File

@@ -0,0 +1,26 @@
{
"version": "1.0",
"schema": "patch-oracle/v1",
"generated_at": "2025-11-18T00:00:00Z",
"description": "Patch-oracle definitions for reachability benchmark validation.",
"oracles": [
{
"id": "curl-CVE-2023-38545-socks5-heap-reachable",
"case_ref": "curl-CVE-2023-38545-socks5-heap",
"variant": "reachable",
"path": "oracles/curl-CVE-2023-38545-socks5-heap-reachable.json"
},
{
"id": "curl-CVE-2023-38545-socks5-heap-unreachable",
"case_ref": "curl-CVE-2023-38545-socks5-heap",
"variant": "unreachable",
"path": "oracles/curl-CVE-2023-38545-socks5-heap-unreachable.json"
},
{
"id": "java-log4j-CVE-2021-44228-log4shell-reachable",
"case_ref": "java-log4j-CVE-2021-44228-log4shell",
"variant": "reachable",
"path": "oracles/java-log4j-CVE-2021-44228-log4shell-reachable.json"
}
]
}

38
src/tests/reachability/fixtures/patch-oracles/oracles/curl-CVE-2023-38545-socks5-heap-reachable.json Normal file
View File

@@ -0,0 +1,38 @@
{
"schema_version": "patch-oracle/v1",
"id": "curl-CVE-2023-38545-socks5-heap-reachable",
"case_ref": "curl-CVE-2023-38545-socks5-heap",
"variant": "reachable",
"description": "Validates that the SOCKS5 heap buffer overflow path is reachable from curl_easy_perform through socks5_resolve.",
"min_confidence": 0.5,
"strict_mode": false,
"expected_functions": [
{
"symbol_id": "sym://c:curl_easy_perform",
"lang": "c",
"kind": "function",
"required": true,
"reason": "Entry point for curl operations"
},
{
"symbol_id": "sym://c:socks5_resolve",
"lang": "c",
"kind": "function",
"required": true,
"reason": "Vulnerable SOCKS5 hostname resolution"
}
],
"expected_edges": [
{
"from": "sym://c:curl_easy_perform",
"to": "sym://c:socks5_resolve",
"kind": "call",
"required": true,
"reason": "Path from entry to vulnerable code"
}
],
"expected_roots": [],
"forbidden_functions": [],
"forbidden_edges": [],
"created_at": "2025-11-18T00:00:00Z"
}

30
src/tests/reachability/fixtures/patch-oracles/oracles/curl-CVE-2023-38545-socks5-heap-unreachable.json Normal file
View File

@@ -0,0 +1,30 @@
{
"schema_version": "patch-oracle/v1",
"id": "curl-CVE-2023-38545-socks5-heap-unreachable",
"case_ref": "curl-CVE-2023-38545-socks5-heap",
"variant": "unreachable",
"description": "Validates that the SOCKS5 heap buffer overflow path is blocked after patching.",
"min_confidence": 0.5,
"strict_mode": false,
"expected_functions": [
{
"symbol_id": "sym://c:curl_easy_perform",
"lang": "c",
"kind": "function",
"required": true,
"reason": "Entry point for curl operations"
}
],
"expected_edges": [],
"expected_roots": [],
"forbidden_functions": [],
"forbidden_edges": [
{
"from": "sym://c:curl_easy_perform",
"to": "sym://c:socks5_resolve",
"kind": "call",
"reason": "Path should be blocked after patch"
}
],
"created_at": "2025-11-18T00:00:00Z"
}

23
src/tests/reachability/fixtures/patch-oracles/oracles/java-log4j-CVE-2021-44228-log4shell-reachable.json Normal file
View File

@@ -0,0 +1,23 @@
{
"schema_version": "patch-oracle/v1",
"id": "java-log4j-CVE-2021-44228-log4shell-reachable",
"case_ref": "java-log4j-CVE-2021-44228-log4shell",
"variant": "reachable",
"description": "Validates that Log4Shell JNDI lookup path is reachable from logging entry points.",
"min_confidence": 0.5,
"strict_mode": false,
"expected_functions": [
{
"symbol_id": "sym://java:org.apache.logging.log4j*",
"lang": "java",
"kind": "function",
"required": true,
"reason": "Log4j logging entry point"
}
],
"expected_edges": [],
"expected_roots": [],
"forbidden_functions": [],
"forbidden_edges": [],
"created_at": "2025-11-18T00:00:00Z"
}

26
src/tests/reachability/fixtures/reachbench-2025-expanded/INDEX.json Normal file
View File

@@ -0,0 +1,26 @@
{
"schema_version": "reachbench.index/v1",
"description": "Reachability benchmark expanded test pack with 20 cases covering diverse languages and vulnerability classes.",
"cases": [
{ "id": "c-libxml-CVE-2024-0012-xxe", "path": "cases/c-libxml-CVE-2024-0012-xxe" },
{ "id": "c-nginx-CVE-2024-0005-overflow", "path": "cases/c-nginx-CVE-2024-0005-overflow" },
{ "id": "curl-CVE-2023-38545-socks5-heap", "path": "cases/curl-CVE-2023-38545-socks5-heap" },
{ "id": "dotnet-blazor-CVE-2024-0010-deser", "path": "cases/dotnet-blazor-CVE-2024-0010-deser" },
{ "id": "dotnet-kestrel-CVE-2023-44487-h2", "path": "cases/dotnet-kestrel-CVE-2023-44487-h2" },
{ "id": "go-gin-CVE-2024-0008-path", "path": "cases/go-gin-CVE-2024-0008-path" },
{ "id": "go-ssh-CVE-2020-9283-keyexchange", "path": "cases/go-ssh-CVE-2020-9283-keyexchange" },
{ "id": "java-log4j-CVE-2021-44228-log4shell", "path": "cases/java-log4j-CVE-2021-44228-log4shell" },
{ "id": "java-spring-CVE-2024-0006-auth", "path": "cases/java-spring-CVE-2024-0006-auth" },
{ "id": "node-express-CVE-2024-0002-ssrf", "path": "cases/node-express-CVE-2024-0002-ssrf" },
{ "id": "node-fastify-CVE-2024-0011-proto", "path": "cases/node-fastify-CVE-2024-0011-proto" },
{ "id": "openssl-CVE-2022-3602-x509-buffer", "path": "cases/openssl-CVE-2022-3602-x509-buffer" },
{ "id": "php-laravel-CVE-2024-0003-inject", "path": "cases/php-laravel-CVE-2024-0003-inject" },
{ "id": "python-django-CVE-2019-19844-sqli", "path": "cases/python-django-CVE-2019-19844-sqli" },
{ "id": "python-flask-CVE-2024-0007-xss", "path": "cases/python-flask-CVE-2024-0007-xss" },
{ "id": "redis-CVE-2022-0543-lua-sandbox-escape", "path": "cases/redis-CVE-2022-0543-lua-sandbox-escape" },
{ "id": "ruby-rails-CVE-2024-0004-csrf", "path": "cases/ruby-rails-CVE-2024-0004-csrf" },
{ "id": "rust-actix-CVE-2024-0009-dos", "path": "cases/rust-actix-CVE-2024-0009-dos" },
{ "id": "rust-axum-CVE-2023-0001-header", "path": "cases/rust-axum-CVE-2023-0001-header" },
{ "id": "spring-CVE-2022-22965-rce", "path": "cases/spring-CVE-2022-22965-rce" }
]
}

17
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/c-libxml-CVE-2024-0012-xxe/case.json Normal file
View File

@@ -0,0 +1,17 @@
{
"id": "c-libxml-CVE-2024-0012-xxe",
"ground_truth": {
"reachable_variant": {
"status": "affected",
"evidence": {
"paths": [["sym://entry", "sym://mid", "sym://sink"]]
}
},
"unreachable_variant": {
"status": "not_affected",
"evidence": {
"paths": []
}
}
}
}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/c-libxml-CVE-2024-0012-xxe/images/reachable/attestation.dsse.json Normal file
View File

@@ -0,0 +1 @@
{"payloadType":"application/vnd.in-toto+json","payload":"eyJ0eXBlIjogInJlYWNoYWJpbGl0eSJ9","signatures":[{"keyid":"test-key","sig":"dGVzdC1zaWduYXR1cmU="}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/c-libxml-CVE-2024-0012-xxe/images/reachable/callgraph.framework.json Normal file
View File

@@ -0,0 +1 @@
{"schema_version":"reach-corpus.callgraph/v1","nodes":[{"nodeId":"f1","symbol":"framework.init","isEntrypoint":true},{"nodeId":"f2","symbol":"framework.dispatch"}],"edges":[{"sourceId":"f1","targetId":"f2","callKind":"direct"}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/c-libxml-CVE-2024-0012-xxe/images/reachable/callgraph.static.json Normal file
View File

@@ -0,0 +1 @@
{"schema_version":"reach-corpus.callgraph/v1","nodes":[{"nodeId":"n1","symbol":"main","isEntrypoint":true},{"nodeId":"n2","symbol":"process"},{"nodeId":"n3","symbol":"vulnerable_call","isSink":true}],"edges":[{"sourceId":"n1","targetId":"n2","callKind":"direct"},{"sourceId":"n2","targetId":"n3","callKind":"direct"}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/c-libxml-CVE-2024-0012-xxe/images/reachable/manifest.json Normal file
View File

@@ -0,0 +1 @@
{"files":{"sbom.cdx.json":"c4e5ce55c629cf3aca72e7d877e24ac6b8a052168ad7d84edd936d4c04adcb5c","sbom.spdx.json":"2e29868b6d8b01fac364005d4a6ce6cb8d3719fe2be531fb68c409dfed7730b5","symbols.json":"155472d78a5d2a96988f588109409caf333377bfbb662c38a24beb27a93d05b1","callgraph.static.json":"22cbe4c7f001f6b3252a4551676935ee6956ee377fdac7489bb4b308b1a75337","callgraph.framework.json":"0bdf4b35631425d9e2ce630cd957d5622e4d5712a0a7d62bd03dabe63caf47a6","reachgraph.truth.json":"bdc66641670de172395dcceabd3d7f8e304b47634e003988a5d281a7842c6dd7","vex.openvex.json":"44acec0edfd927f0ff2c2bbef2f51c44ac04a66533f2b0abe10ee49fe39b022a","attestation.dsse.json":"2f12fedfb62669a7760d7e9c95e4b07aa50350dbd082dc6460c40f4ece51d66e"}}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/c-libxml-CVE-2024-0012-xxe/images/reachable/reachgraph.truth.json Normal file
View File

@@ -0,0 +1 @@
{"schema_version":"reachbench.reachgraph.truth/v1","case_id":"c-libxml-CVE-2024-0012-xxe","variant":"reachable","paths":[["sym://entry","sym://mid","sym://sink"]]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/c-libxml-CVE-2024-0012-xxe/images/reachable/sbom.cdx.json Normal file
View File

@@ -0,0 +1 @@
{"bomFormat":"CycloneDX","specVersion":"1.5","serialNumber":"urn:uuid:00000000-0000-0000-0000-000001b957f1","version":1,"components":[{"type":"library","name":"c-libxml-CVE-2024-0012-xxe","version":"1.0.0"}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/c-libxml-CVE-2024-0012-xxe/images/reachable/sbom.spdx.json Normal file
View File

@@ -0,0 +1 @@
{"spdxVersion":"SPDX-2.3","dataLicense":"CC0-1.0","SPDXID":"SPDXRef-DOCUMENT","name":"c-libxml-CVE-2024-0012-xxe","documentNamespace":"https://stellaops.dev/spdx/c-libxml-CVE-2024-0012-xxe","packages":[{"SPDXID":"SPDXRef-Package","name":"c-libxml-CVE-2024-0012-xxe","versionInfo":"1.0.0","downloadLocation":"NOASSERTION"}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/c-libxml-CVE-2024-0012-xxe/images/reachable/symbols.json Normal file
View File

@@ -0,0 +1 @@
{"schema_version":"reachbench.symbols/v1","symbols":[{"id":"sym://entry","name":"main","kind":"function"},{"id":"sym://mid","name":"process","kind":"function"},{"id":"sym://sink","name":"vulnerable_call","kind":"function"}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/c-libxml-CVE-2024-0012-xxe/images/reachable/vex.openvex.json Normal file
View File

@@ -0,0 +1 @@
{"context":"https://openvex.dev/ns/v0.2.0","author":"StellaOps","timestamp":"2025-11-18T00:00:00Z","statements":[{"vulnerability":"c-libxml-CVE-2024-0012-xxe","status":"affected"}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/c-libxml-CVE-2024-0012-xxe/images/unreachable/attestation.dsse.json Normal file
View File

@@ -0,0 +1 @@
{"payloadType":"application/vnd.in-toto+json","payload":"eyJ0eXBlIjogInJlYWNoYWJpbGl0eSJ9","signatures":[{"keyid":"test-key","sig":"dGVzdC1zaWduYXR1cmU="}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/c-libxml-CVE-2024-0012-xxe/images/unreachable/callgraph.framework.json Normal file
View File

@@ -0,0 +1 @@
{"schema_version":"reach-corpus.callgraph/v1","nodes":[{"nodeId":"f1","symbol":"framework.init","isEntrypoint":true},{"nodeId":"f2","symbol":"framework.dispatch"}],"edges":[{"sourceId":"f1","targetId":"f2","callKind":"direct"}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/c-libxml-CVE-2024-0012-xxe/images/unreachable/callgraph.static.json Normal file
View File

@@ -0,0 +1 @@
{"schema_version":"reach-corpus.callgraph/v1","nodes":[{"nodeId":"n1","symbol":"main","isEntrypoint":true},{"nodeId":"n2","symbol":"process"},{"nodeId":"n3","symbol":"vulnerable_call","isSink":true}],"edges":[{"sourceId":"n1","targetId":"n2","callKind":"direct"},{"sourceId":"n2","targetId":"n3","callKind":"direct"}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/c-libxml-CVE-2024-0012-xxe/images/unreachable/manifest.json Normal file
View File

@@ -0,0 +1 @@
{"files":{"sbom.cdx.json":"3710e766864956213da01fd34580d893bfea3a6b17f034fdf9e235e25c09790f","sbom.spdx.json":"2e29868b6d8b01fac364005d4a6ce6cb8d3719fe2be531fb68c409dfed7730b5","symbols.json":"155472d78a5d2a96988f588109409caf333377bfbb662c38a24beb27a93d05b1","callgraph.static.json":"22cbe4c7f001f6b3252a4551676935ee6956ee377fdac7489bb4b308b1a75337","callgraph.framework.json":"0bdf4b35631425d9e2ce630cd957d5622e4d5712a0a7d62bd03dabe63caf47a6","reachgraph.truth.json":"0572cc88c07168ba2383ec9bb904cfb1497d21dd609093e8c6bedb726778d787","vex.openvex.json":"5e87a00854adab158455e79499166dd1f253acca4f06ac874f1bd153a6cfae0b","attestation.dsse.json":"2f12fedfb62669a7760d7e9c95e4b07aa50350dbd082dc6460c40f4ece51d66e"}}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/c-libxml-CVE-2024-0012-xxe/images/unreachable/reachgraph.truth.json Normal file
View File

@@ -0,0 +1 @@
{"schema_version":"reachbench.reachgraph.truth/v1","case_id":"c-libxml-CVE-2024-0012-xxe","variant":"unreachable","paths":[]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/c-libxml-CVE-2024-0012-xxe/images/unreachable/sbom.cdx.json Normal file
View File

@@ -0,0 +1 @@
{"bomFormat":"CycloneDX","specVersion":"1.5","serialNumber":"urn:uuid:00000000-0000-0000-0000-000000342fba","version":1,"components":[{"type":"library","name":"c-libxml-CVE-2024-0012-xxe","version":"1.0.0"}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/c-libxml-CVE-2024-0012-xxe/images/unreachable/sbom.spdx.json Normal file
View File

@@ -0,0 +1 @@
{"spdxVersion":"SPDX-2.3","dataLicense":"CC0-1.0","SPDXID":"SPDXRef-DOCUMENT","name":"c-libxml-CVE-2024-0012-xxe","documentNamespace":"https://stellaops.dev/spdx/c-libxml-CVE-2024-0012-xxe","packages":[{"SPDXID":"SPDXRef-Package","name":"c-libxml-CVE-2024-0012-xxe","versionInfo":"1.0.0","downloadLocation":"NOASSERTION"}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/c-libxml-CVE-2024-0012-xxe/images/unreachable/symbols.json Normal file
View File

@@ -0,0 +1 @@
{"schema_version":"reachbench.symbols/v1","symbols":[{"id":"sym://entry","name":"main","kind":"function"},{"id":"sym://mid","name":"process","kind":"function"},{"id":"sym://sink","name":"vulnerable_call","kind":"function"}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/c-libxml-CVE-2024-0012-xxe/images/unreachable/vex.openvex.json Normal file
View File

@@ -0,0 +1 @@
{"context":"https://openvex.dev/ns/v0.2.0","author":"StellaOps","timestamp":"2025-11-18T00:00:00Z","statements":[{"vulnerability":"c-libxml-CVE-2024-0012-xxe","status":"not_affected"}]}

17
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/c-nginx-CVE-2024-0005-overflow/case.json Normal file
View File

@@ -0,0 +1,17 @@
{
"id": "c-nginx-CVE-2024-0005-overflow",
"ground_truth": {
"reachable_variant": {
"status": "affected",
"evidence": {
"paths": [["sym://entry", "sym://mid", "sym://sink"]]
}
},
"unreachable_variant": {
"status": "not_affected",
"evidence": {
"paths": []
}
}
}
}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/c-nginx-CVE-2024-0005-overflow/images/reachable/attestation.dsse.json Normal file
View File

@@ -0,0 +1 @@
{"payloadType":"application/vnd.in-toto+json","payload":"eyJ0eXBlIjogInJlYWNoYWJpbGl0eSJ9","signatures":[{"keyid":"test-key","sig":"dGVzdC1zaWduYXR1cmU="}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/c-nginx-CVE-2024-0005-overflow/images/reachable/callgraph.framework.json Normal file
View File

@@ -0,0 +1 @@
{"schema_version":"reach-corpus.callgraph/v1","nodes":[{"nodeId":"f1","symbol":"framework.init","isEntrypoint":true},{"nodeId":"f2","symbol":"framework.dispatch"}],"edges":[{"sourceId":"f1","targetId":"f2","callKind":"direct"}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/c-nginx-CVE-2024-0005-overflow/images/reachable/callgraph.static.json Normal file
View File

@@ -0,0 +1 @@
{"schema_version":"reach-corpus.callgraph/v1","nodes":[{"nodeId":"n1","symbol":"main","isEntrypoint":true},{"nodeId":"n2","symbol":"process"},{"nodeId":"n3","symbol":"vulnerable_call","isSink":true}],"edges":[{"sourceId":"n1","targetId":"n2","callKind":"direct"},{"sourceId":"n2","targetId":"n3","callKind":"direct"}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/c-nginx-CVE-2024-0005-overflow/images/reachable/manifest.json Normal file
View File

@@ -0,0 +1 @@
{"files":{"sbom.cdx.json":"e056945f6703b6755619d043b182222ea69139a69f225085b68b46e25ae977cb","sbom.spdx.json":"ea352e881b3eac19e886dd2e1646e120a0422972d27cc6175be16ca8ec79ac77","symbols.json":"155472d78a5d2a96988f588109409caf333377bfbb662c38a24beb27a93d05b1","callgraph.static.json":"22cbe4c7f001f6b3252a4551676935ee6956ee377fdac7489bb4b308b1a75337","callgraph.framework.json":"0bdf4b35631425d9e2ce630cd957d5622e4d5712a0a7d62bd03dabe63caf47a6","reachgraph.truth.json":"e115be264f7ce60a53b442d82bc67ceedc1b9fca20ed6aa3628f07bb525ec778","vex.openvex.json":"9861e7c3fb4b1bb508e55a4e2ca662015104a49e4fff39b4f4b4deda3ba26905","attestation.dsse.json":"2f12fedfb62669a7760d7e9c95e4b07aa50350dbd082dc6460c40f4ece51d66e"}}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/c-nginx-CVE-2024-0005-overflow/images/reachable/reachgraph.truth.json Normal file
View File

@@ -0,0 +1 @@
{"schema_version":"reachbench.reachgraph.truth/v1","case_id":"c-nginx-CVE-2024-0005-overflow","variant":"reachable","paths":[["sym://entry","sym://mid","sym://sink"]]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/c-nginx-CVE-2024-0005-overflow/images/reachable/sbom.cdx.json Normal file
View File

@@ -0,0 +1 @@
{"bomFormat":"CycloneDX","specVersion":"1.5","serialNumber":"urn:uuid:00000000-0000-0000-0000-0000030c06ec","version":1,"components":[{"type":"library","name":"c-nginx-CVE-2024-0005-overflow","version":"1.0.0"}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/c-nginx-CVE-2024-0005-overflow/images/reachable/sbom.spdx.json Normal file
View File

@@ -0,0 +1 @@
{"spdxVersion":"SPDX-2.3","dataLicense":"CC0-1.0","SPDXID":"SPDXRef-DOCUMENT","name":"c-nginx-CVE-2024-0005-overflow","documentNamespace":"https://stellaops.dev/spdx/c-nginx-CVE-2024-0005-overflow","packages":[{"SPDXID":"SPDXRef-Package","name":"c-nginx-CVE-2024-0005-overflow","versionInfo":"1.0.0","downloadLocation":"NOASSERTION"}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/c-nginx-CVE-2024-0005-overflow/images/reachable/symbols.json Normal file
View File

@@ -0,0 +1 @@
{"schema_version":"reachbench.symbols/v1","symbols":[{"id":"sym://entry","name":"main","kind":"function"},{"id":"sym://mid","name":"process","kind":"function"},{"id":"sym://sink","name":"vulnerable_call","kind":"function"}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/c-nginx-CVE-2024-0005-overflow/images/reachable/vex.openvex.json Normal file
View File

@@ -0,0 +1 @@
{"context":"https://openvex.dev/ns/v0.2.0","author":"StellaOps","timestamp":"2025-11-18T00:00:00Z","statements":[{"vulnerability":"c-nginx-CVE-2024-0005-overflow","status":"affected"}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/c-nginx-CVE-2024-0005-overflow/images/unreachable/attestation.dsse.json Normal file
View File

@@ -0,0 +1 @@
{"payloadType":"application/vnd.in-toto+json","payload":"eyJ0eXBlIjogInJlYWNoYWJpbGl0eSJ9","signatures":[{"keyid":"test-key","sig":"dGVzdC1zaWduYXR1cmU="}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/c-nginx-CVE-2024-0005-overflow/images/unreachable/callgraph.framework.json Normal file
View File

@@ -0,0 +1 @@
{"schema_version":"reach-corpus.callgraph/v1","nodes":[{"nodeId":"f1","symbol":"framework.init","isEntrypoint":true},{"nodeId":"f2","symbol":"framework.dispatch"}],"edges":[{"sourceId":"f1","targetId":"f2","callKind":"direct"}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/c-nginx-CVE-2024-0005-overflow/images/unreachable/callgraph.static.json Normal file
View File

@@ -0,0 +1 @@
{"schema_version":"reach-corpus.callgraph/v1","nodes":[{"nodeId":"n1","symbol":"main","isEntrypoint":true},{"nodeId":"n2","symbol":"process"},{"nodeId":"n3","symbol":"vulnerable_call","isSink":true}],"edges":[{"sourceId":"n1","targetId":"n2","callKind":"direct"},{"sourceId":"n2","targetId":"n3","callKind":"direct"}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/c-nginx-CVE-2024-0005-overflow/images/unreachable/manifest.json Normal file
View File

@@ -0,0 +1 @@
{"files":{"sbom.cdx.json":"e70870fecc7a54ed6152418a50cb01854fb0afd01c6fbc87c4cf7309ad7dadc9","sbom.spdx.json":"ea352e881b3eac19e886dd2e1646e120a0422972d27cc6175be16ca8ec79ac77","symbols.json":"155472d78a5d2a96988f588109409caf333377bfbb662c38a24beb27a93d05b1","callgraph.static.json":"22cbe4c7f001f6b3252a4551676935ee6956ee377fdac7489bb4b308b1a75337","callgraph.framework.json":"0bdf4b35631425d9e2ce630cd957d5622e4d5712a0a7d62bd03dabe63caf47a6","reachgraph.truth.json":"54ecf03df86a3a69fa1bb55ca8fb09a19d8cba8089805045021c0cc6a7b1618c","vex.openvex.json":"92a1954ff0b000e446761c7666967545ced511d8a21b8c795d76aa1143b3babe","attestation.dsse.json":"2f12fedfb62669a7760d7e9c95e4b07aa50350dbd082dc6460c40f4ece51d66e"}}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/c-nginx-CVE-2024-0005-overflow/images/unreachable/reachgraph.truth.json Normal file
View File

@@ -0,0 +1 @@
{"schema_version":"reachbench.reachgraph.truth/v1","case_id":"c-nginx-CVE-2024-0005-overflow","variant":"unreachable","paths":[]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/c-nginx-CVE-2024-0005-overflow/images/unreachable/sbom.cdx.json Normal file
View File

@@ -0,0 +1 @@
{"bomFormat":"CycloneDX","specVersion":"1.5","serialNumber":"urn:uuid:00000000-0000-0000-0000-0000037a54e8","version":1,"components":[{"type":"library","name":"c-nginx-CVE-2024-0005-overflow","version":"1.0.0"}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/c-nginx-CVE-2024-0005-overflow/images/unreachable/sbom.spdx.json Normal file
View File

@@ -0,0 +1 @@
{"spdxVersion":"SPDX-2.3","dataLicense":"CC0-1.0","SPDXID":"SPDXRef-DOCUMENT","name":"c-nginx-CVE-2024-0005-overflow","documentNamespace":"https://stellaops.dev/spdx/c-nginx-CVE-2024-0005-overflow","packages":[{"SPDXID":"SPDXRef-Package","name":"c-nginx-CVE-2024-0005-overflow","versionInfo":"1.0.0","downloadLocation":"NOASSERTION"}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/c-nginx-CVE-2024-0005-overflow/images/unreachable/symbols.json Normal file
View File

@@ -0,0 +1 @@
{"schema_version":"reachbench.symbols/v1","symbols":[{"id":"sym://entry","name":"main","kind":"function"},{"id":"sym://mid","name":"process","kind":"function"},{"id":"sym://sink","name":"vulnerable_call","kind":"function"}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/c-nginx-CVE-2024-0005-overflow/images/unreachable/vex.openvex.json Normal file
View File

@@ -0,0 +1 @@
{"context":"https://openvex.dev/ns/v0.2.0","author":"StellaOps","timestamp":"2025-11-18T00:00:00Z","statements":[{"vulnerability":"c-nginx-CVE-2024-0005-overflow","status":"not_affected"}]}

17
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/curl-CVE-2023-38545-socks5-heap/case.json Normal file
View File

@@ -0,0 +1,17 @@
{
"id": "curl-CVE-2023-38545-socks5-heap",
"ground_truth": {
"reachable_variant": {
"status": "affected",
"evidence": {
"paths": [["sym://entry", "sym://mid", "sym://sink"]]
}
},
"unreachable_variant": {
"status": "not_affected",
"evidence": {
"paths": []
}
}
}
}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/curl-CVE-2023-38545-socks5-heap/images/reachable/attestation.dsse.json Normal file
View File

@@ -0,0 +1 @@
{"payloadType":"application/vnd.in-toto+json","payload":"eyJ0eXBlIjogInJlYWNoYWJpbGl0eSJ9","signatures":[{"keyid":"test-key","sig":"dGVzdC1zaWduYXR1cmU="}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/curl-CVE-2023-38545-socks5-heap/images/reachable/callgraph.framework.json Normal file
View File

@@ -0,0 +1 @@
{"schema_version":"reach-corpus.callgraph/v1","nodes":[{"nodeId":"f1","symbol":"framework.init","isEntrypoint":true},{"nodeId":"f2","symbol":"framework.dispatch"}],"edges":[{"sourceId":"f1","targetId":"f2","callKind":"direct"}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/curl-CVE-2023-38545-socks5-heap/images/reachable/callgraph.static.json Normal file
View File

@@ -0,0 +1 @@
{"schema_version":"reach-corpus.callgraph/v1","nodes":[{"nodeId":"n1","symbol":"main","isEntrypoint":true},{"nodeId":"n2","symbol":"process"},{"nodeId":"n3","symbol":"vulnerable_call","isSink":true}],"edges":[{"sourceId":"n1","targetId":"n2","callKind":"direct"},{"sourceId":"n2","targetId":"n3","callKind":"direct"}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/curl-CVE-2023-38545-socks5-heap/images/reachable/manifest.json Normal file
View File

@@ -0,0 +1 @@
{"files":{"sbom.cdx.json":"bb047650b9ae0a457db422a53f64c3c43726300442667426fa182c02fb9df558","sbom.spdx.json":"9646907cf3e236798f4260272f1c94ca22fd5b6566d5ef6b9365b45f1333e90b","symbols.json":"155472d78a5d2a96988f588109409caf333377bfbb662c38a24beb27a93d05b1","callgraph.static.json":"22cbe4c7f001f6b3252a4551676935ee6956ee377fdac7489bb4b308b1a75337","callgraph.framework.json":"0bdf4b35631425d9e2ce630cd957d5622e4d5712a0a7d62bd03dabe63caf47a6","reachgraph.truth.json":"42af31888147eb3e03a2edcb8dd140983acb9306f30a29e8478a8d4e60c9b504","vex.openvex.json":"9c3b1ab84853892983957887f42049bfb24ad7fad7a3d7398c8f2c6117b2ea55","attestation.dsse.json":"2f12fedfb62669a7760d7e9c95e4b07aa50350dbd082dc6460c40f4ece51d66e"}}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/curl-CVE-2023-38545-socks5-heap/images/reachable/reachgraph.truth.json Normal file
View File

@@ -0,0 +1 @@
{"schema_version":"reachbench.reachgraph.truth/v1","case_id":"curl-CVE-2023-38545-socks5-heap","variant":"reachable","paths":[["sym://entry","sym://mid","sym://sink"]]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/curl-CVE-2023-38545-socks5-heap/images/reachable/sbom.cdx.json Normal file
View File

@@ -0,0 +1 @@
{"bomFormat":"CycloneDX","specVersion":"1.5","serialNumber":"urn:uuid:00000000-0000-0000-0000-00000947ba1c","version":1,"components":[{"type":"library","name":"curl-CVE-2023-38545-socks5-heap","version":"1.0.0"}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/curl-CVE-2023-38545-socks5-heap/images/reachable/sbom.spdx.json Normal file
View File

@@ -0,0 +1 @@
{"spdxVersion":"SPDX-2.3","dataLicense":"CC0-1.0","SPDXID":"SPDXRef-DOCUMENT","name":"curl-CVE-2023-38545-socks5-heap","documentNamespace":"https://stellaops.dev/spdx/curl-CVE-2023-38545-socks5-heap","packages":[{"SPDXID":"SPDXRef-Package","name":"curl-CVE-2023-38545-socks5-heap","versionInfo":"1.0.0","downloadLocation":"NOASSERTION"}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/curl-CVE-2023-38545-socks5-heap/images/reachable/symbols.json Normal file
View File

@@ -0,0 +1 @@
{"schema_version":"reachbench.symbols/v1","symbols":[{"id":"sym://entry","name":"main","kind":"function"},{"id":"sym://mid","name":"process","kind":"function"},{"id":"sym://sink","name":"vulnerable_call","kind":"function"}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/curl-CVE-2023-38545-socks5-heap/images/reachable/vex.openvex.json Normal file
View File

@@ -0,0 +1 @@
{"context":"https://openvex.dev/ns/v0.2.0","author":"StellaOps","timestamp":"2025-11-18T00:00:00Z","statements":[{"vulnerability":"curl-CVE-2023-38545-socks5-heap","status":"affected"}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/curl-CVE-2023-38545-socks5-heap/images/unreachable/attestation.dsse.json Normal file
View File

@@ -0,0 +1 @@
{"payloadType":"application/vnd.in-toto+json","payload":"eyJ0eXBlIjogInJlYWNoYWJpbGl0eSJ9","signatures":[{"keyid":"test-key","sig":"dGVzdC1zaWduYXR1cmU="}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/curl-CVE-2023-38545-socks5-heap/images/unreachable/callgraph.framework.json Normal file
View File

@@ -0,0 +1 @@
{"schema_version":"reach-corpus.callgraph/v1","nodes":[{"nodeId":"f1","symbol":"framework.init","isEntrypoint":true},{"nodeId":"f2","symbol":"framework.dispatch"}],"edges":[{"sourceId":"f1","targetId":"f2","callKind":"direct"}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/curl-CVE-2023-38545-socks5-heap/images/unreachable/callgraph.static.json Normal file
View File

@@ -0,0 +1 @@
{"schema_version":"reach-corpus.callgraph/v1","nodes":[{"nodeId":"n1","symbol":"main","isEntrypoint":true},{"nodeId":"n2","symbol":"process"},{"nodeId":"n3","symbol":"vulnerable_call","isSink":true}],"edges":[{"sourceId":"n1","targetId":"n2","callKind":"direct"},{"sourceId":"n2","targetId":"n3","callKind":"direct"}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/curl-CVE-2023-38545-socks5-heap/images/unreachable/manifest.json Normal file
View File

@@ -0,0 +1 @@
{"files":{"sbom.cdx.json":"31593cee633f721422da8e3e3897d48a81b4083832bd4bb13e4766c790345a78","sbom.spdx.json":"9646907cf3e236798f4260272f1c94ca22fd5b6566d5ef6b9365b45f1333e90b","symbols.json":"155472d78a5d2a96988f588109409caf333377bfbb662c38a24beb27a93d05b1","callgraph.static.json":"22cbe4c7f001f6b3252a4551676935ee6956ee377fdac7489bb4b308b1a75337","callgraph.framework.json":"0bdf4b35631425d9e2ce630cd957d5622e4d5712a0a7d62bd03dabe63caf47a6","reachgraph.truth.json":"f008f082793871848b3511f2719964c9268b5e3d70b99042cd95c4f780a520f2","vex.openvex.json":"4c73c4e2a6ba2d8ec09fec9cbbe2b17aa14be4bd9ee7f459c666f057010c1820","attestation.dsse.json":"2f12fedfb62669a7760d7e9c95e4b07aa50350dbd082dc6460c40f4ece51d66e"}}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/curl-CVE-2023-38545-socks5-heap/images/unreachable/reachgraph.truth.json Normal file
View File

@@ -0,0 +1 @@
{"schema_version":"reachbench.reachgraph.truth/v1","case_id":"curl-CVE-2023-38545-socks5-heap","variant":"unreachable","paths":[]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/curl-CVE-2023-38545-socks5-heap/images/unreachable/sbom.cdx.json Normal file
View File

@@ -0,0 +1 @@
{"bomFormat":"CycloneDX","specVersion":"1.5","serialNumber":"urn:uuid:00000000-0000-0000-0000-000007e9fee2","version":1,"components":[{"type":"library","name":"curl-CVE-2023-38545-socks5-heap","version":"1.0.0"}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/curl-CVE-2023-38545-socks5-heap/images/unreachable/sbom.spdx.json Normal file
View File

@@ -0,0 +1 @@
{"spdxVersion":"SPDX-2.3","dataLicense":"CC0-1.0","SPDXID":"SPDXRef-DOCUMENT","name":"curl-CVE-2023-38545-socks5-heap","documentNamespace":"https://stellaops.dev/spdx/curl-CVE-2023-38545-socks5-heap","packages":[{"SPDXID":"SPDXRef-Package","name":"curl-CVE-2023-38545-socks5-heap","versionInfo":"1.0.0","downloadLocation":"NOASSERTION"}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/curl-CVE-2023-38545-socks5-heap/images/unreachable/symbols.json Normal file
View File

@@ -0,0 +1 @@
{"schema_version":"reachbench.symbols/v1","symbols":[{"id":"sym://entry","name":"main","kind":"function"},{"id":"sym://mid","name":"process","kind":"function"},{"id":"sym://sink","name":"vulnerable_call","kind":"function"}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/curl-CVE-2023-38545-socks5-heap/images/unreachable/vex.openvex.json Normal file
View File

@@ -0,0 +1 @@
{"context":"https://openvex.dev/ns/v0.2.0","author":"StellaOps","timestamp":"2025-11-18T00:00:00Z","statements":[{"vulnerability":"curl-CVE-2023-38545-socks5-heap","status":"not_affected"}]}

17
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/dotnet-blazor-CVE-2024-0010-deser/case.json Normal file
View File

@@ -0,0 +1,17 @@
{
"id": "dotnet-blazor-CVE-2024-0010-deser",
"ground_truth": {
"reachable_variant": {
"status": "affected",
"evidence": {
"paths": [["sym://entry", "sym://mid", "sym://sink"]]
}
},
"unreachable_variant": {
"status": "not_affected",
"evidence": {
"paths": []
}
}
}
}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/dotnet-blazor-CVE-2024-0010-deser/images/reachable/attestation.dsse.json Normal file
View File

@@ -0,0 +1 @@
{"payloadType":"application/vnd.in-toto+json","payload":"eyJ0eXBlIjogInJlYWNoYWJpbGl0eSJ9","signatures":[{"keyid":"test-key","sig":"dGVzdC1zaWduYXR1cmU="}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/dotnet-blazor-CVE-2024-0010-deser/images/reachable/callgraph.framework.json Normal file
View File

@@ -0,0 +1 @@
{"schema_version":"reach-corpus.callgraph/v1","nodes":[{"nodeId":"f1","symbol":"framework.init","isEntrypoint":true},{"nodeId":"f2","symbol":"framework.dispatch"}],"edges":[{"sourceId":"f1","targetId":"f2","callKind":"direct"}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/dotnet-blazor-CVE-2024-0010-deser/images/reachable/callgraph.static.json Normal file
View File

@@ -0,0 +1 @@
{"schema_version":"reach-corpus.callgraph/v1","nodes":[{"nodeId":"n1","symbol":"main","isEntrypoint":true},{"nodeId":"n2","symbol":"process"},{"nodeId":"n3","symbol":"vulnerable_call","isSink":true}],"edges":[{"sourceId":"n1","targetId":"n2","callKind":"direct"},{"sourceId":"n2","targetId":"n3","callKind":"direct"}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/dotnet-blazor-CVE-2024-0010-deser/images/reachable/manifest.json Normal file
View File

@@ -0,0 +1 @@
{"files":{"sbom.cdx.json":"1b16cb9833bcfd22d95a31573bb30a9487345235e48be704533219c2301ad568","sbom.spdx.json":"0d587b282244805c2677c5ae1240ab1ceeee0d431ef91ec5ecab44f72a0236c7","symbols.json":"155472d78a5d2a96988f588109409caf333377bfbb662c38a24beb27a93d05b1","callgraph.static.json":"22cbe4c7f001f6b3252a4551676935ee6956ee377fdac7489bb4b308b1a75337","callgraph.framework.json":"0bdf4b35631425d9e2ce630cd957d5622e4d5712a0a7d62bd03dabe63caf47a6","reachgraph.truth.json":"77e6cc4d5b6a5d887f604609a77d0eddf03abc2491b84c49420a5d4c1a9c1c0a","vex.openvex.json":"b97f34cd380c7e2811935cba7a3703ae67b85c4745ebc106de0a5f71bebbc772","attestation.dsse.json":"2f12fedfb62669a7760d7e9c95e4b07aa50350dbd082dc6460c40f4ece51d66e"}}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/dotnet-blazor-CVE-2024-0010-deser/images/reachable/reachgraph.truth.json Normal file
View File

@@ -0,0 +1 @@
{"schema_version":"reachbench.reachgraph.truth/v1","case_id":"dotnet-blazor-CVE-2024-0010-deser","variant":"reachable","paths":[["sym://entry","sym://mid","sym://sink"]]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/dotnet-blazor-CVE-2024-0010-deser/images/reachable/sbom.cdx.json Normal file
View File

@@ -0,0 +1 @@
{"bomFormat":"CycloneDX","specVersion":"1.5","serialNumber":"urn:uuid:00000000-0000-0000-0000-000000922480","version":1,"components":[{"type":"library","name":"dotnet-blazor-CVE-2024-0010-deser","version":"1.0.0"}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/dotnet-blazor-CVE-2024-0010-deser/images/reachable/sbom.spdx.json Normal file
View File

@@ -0,0 +1 @@
{"spdxVersion":"SPDX-2.3","dataLicense":"CC0-1.0","SPDXID":"SPDXRef-DOCUMENT","name":"dotnet-blazor-CVE-2024-0010-deser","documentNamespace":"https://stellaops.dev/spdx/dotnet-blazor-CVE-2024-0010-deser","packages":[{"SPDXID":"SPDXRef-Package","name":"dotnet-blazor-CVE-2024-0010-deser","versionInfo":"1.0.0","downloadLocation":"NOASSERTION"}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/dotnet-blazor-CVE-2024-0010-deser/images/reachable/symbols.json Normal file
View File

@@ -0,0 +1 @@
{"schema_version":"reachbench.symbols/v1","symbols":[{"id":"sym://entry","name":"main","kind":"function"},{"id":"sym://mid","name":"process","kind":"function"},{"id":"sym://sink","name":"vulnerable_call","kind":"function"}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/dotnet-blazor-CVE-2024-0010-deser/images/reachable/vex.openvex.json Normal file
View File

@@ -0,0 +1 @@
{"context":"https://openvex.dev/ns/v0.2.0","author":"StellaOps","timestamp":"2025-11-18T00:00:00Z","statements":[{"vulnerability":"dotnet-blazor-CVE-2024-0010-deser","status":"affected"}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/dotnet-blazor-CVE-2024-0010-deser/images/unreachable/attestation.dsse.json Normal file
View File

@@ -0,0 +1 @@
{"payloadType":"application/vnd.in-toto+json","payload":"eyJ0eXBlIjogInJlYWNoYWJpbGl0eSJ9","signatures":[{"keyid":"test-key","sig":"dGVzdC1zaWduYXR1cmU="}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/dotnet-blazor-CVE-2024-0010-deser/images/unreachable/callgraph.framework.json Normal file
View File

@@ -0,0 +1 @@
{"schema_version":"reach-corpus.callgraph/v1","nodes":[{"nodeId":"f1","symbol":"framework.init","isEntrypoint":true},{"nodeId":"f2","symbol":"framework.dispatch"}],"edges":[{"sourceId":"f1","targetId":"f2","callKind":"direct"}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/dotnet-blazor-CVE-2024-0010-deser/images/unreachable/callgraph.static.json Normal file
View File

@@ -0,0 +1 @@
{"schema_version":"reach-corpus.callgraph/v1","nodes":[{"nodeId":"n1","symbol":"main","isEntrypoint":true},{"nodeId":"n2","symbol":"process"},{"nodeId":"n3","symbol":"vulnerable_call","isSink":true}],"edges":[{"sourceId":"n1","targetId":"n2","callKind":"direct"},{"sourceId":"n2","targetId":"n3","callKind":"direct"}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/dotnet-blazor-CVE-2024-0010-deser/images/unreachable/manifest.json Normal file
View File

@@ -0,0 +1 @@
{"files":{"sbom.cdx.json":"aa2a40349a53fa908e744292affc83162222159baccf9878de915348a1bb5649","sbom.spdx.json":"0d587b282244805c2677c5ae1240ab1ceeee0d431ef91ec5ecab44f72a0236c7","symbols.json":"155472d78a5d2a96988f588109409caf333377bfbb662c38a24beb27a93d05b1","callgraph.static.json":"22cbe4c7f001f6b3252a4551676935ee6956ee377fdac7489bb4b308b1a75337","callgraph.framework.json":"0bdf4b35631425d9e2ce630cd957d5622e4d5712a0a7d62bd03dabe63caf47a6","reachgraph.truth.json":"bc7316cfe06e57e16c5572858aa7a24c8e217116ce1fbf8e760f6730f3b2a1d9","vex.openvex.json":"98f71d002c15868ce4fb31a34f1d357125ababc56300bf6b65e33d1c140ebd1f","attestation.dsse.json":"2f12fedfb62669a7760d7e9c95e4b07aa50350dbd082dc6460c40f4ece51d66e"}}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/dotnet-blazor-CVE-2024-0010-deser/images/unreachable/reachgraph.truth.json Normal file
View File

@@ -0,0 +1 @@
{"schema_version":"reachbench.reachgraph.truth/v1","case_id":"dotnet-blazor-CVE-2024-0010-deser","variant":"unreachable","paths":[]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/dotnet-blazor-CVE-2024-0010-deser/images/unreachable/sbom.cdx.json Normal file
View File

@@ -0,0 +1 @@
{"bomFormat":"CycloneDX","specVersion":"1.5","serialNumber":"urn:uuid:00000000-0000-0000-0000-0000377a9e64","version":1,"components":[{"type":"library","name":"dotnet-blazor-CVE-2024-0010-deser","version":"1.0.0"}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/dotnet-blazor-CVE-2024-0010-deser/images/unreachable/sbom.spdx.json Normal file
View File

@@ -0,0 +1 @@
{"spdxVersion":"SPDX-2.3","dataLicense":"CC0-1.0","SPDXID":"SPDXRef-DOCUMENT","name":"dotnet-blazor-CVE-2024-0010-deser","documentNamespace":"https://stellaops.dev/spdx/dotnet-blazor-CVE-2024-0010-deser","packages":[{"SPDXID":"SPDXRef-Package","name":"dotnet-blazor-CVE-2024-0010-deser","versionInfo":"1.0.0","downloadLocation":"NOASSERTION"}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/dotnet-blazor-CVE-2024-0010-deser/images/unreachable/symbols.json Normal file
View File

@@ -0,0 +1 @@
{"schema_version":"reachbench.symbols/v1","symbols":[{"id":"sym://entry","name":"main","kind":"function"},{"id":"sym://mid","name":"process","kind":"function"},{"id":"sym://sink","name":"vulnerable_call","kind":"function"}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/dotnet-blazor-CVE-2024-0010-deser/images/unreachable/vex.openvex.json Normal file
View File

@@ -0,0 +1 @@
{"context":"https://openvex.dev/ns/v0.2.0","author":"StellaOps","timestamp":"2025-11-18T00:00:00Z","statements":[{"vulnerability":"dotnet-blazor-CVE-2024-0010-deser","status":"not_affected"}]}

17
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/dotnet-kestrel-CVE-2023-44487-h2/case.json Normal file
View File

@@ -0,0 +1,17 @@
{
"id": "dotnet-kestrel-CVE-2023-44487-h2",
"ground_truth": {
"reachable_variant": {
"status": "affected",
"evidence": {
"paths": [["sym://entry", "sym://mid", "sym://sink"]]
}
},
"unreachable_variant": {
"status": "not_affected",
"evidence": {
"paths": []
}
}
}
}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/dotnet-kestrel-CVE-2023-44487-h2/images/reachable/attestation.dsse.json Normal file
View File

@@ -0,0 +1 @@
{"payloadType":"application/vnd.in-toto+json","payload":"eyJ0eXBlIjogInJlYWNoYWJpbGl0eSJ9","signatures":[{"keyid":"test-key","sig":"dGVzdC1zaWduYXR1cmU="}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/dotnet-kestrel-CVE-2023-44487-h2/images/reachable/callgraph.framework.json Normal file
View File

@@ -0,0 +1 @@
{"schema_version":"reach-corpus.callgraph/v1","nodes":[{"nodeId":"f1","symbol":"framework.init","isEntrypoint":true},{"nodeId":"f2","symbol":"framework.dispatch"}],"edges":[{"sourceId":"f1","targetId":"f2","callKind":"direct"}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/dotnet-kestrel-CVE-2023-44487-h2/images/reachable/callgraph.static.json Normal file
View File

@@ -0,0 +1 @@
{"schema_version":"reach-corpus.callgraph/v1","nodes":[{"nodeId":"n1","symbol":"main","isEntrypoint":true},{"nodeId":"n2","symbol":"process"},{"nodeId":"n3","symbol":"vulnerable_call","isSink":true}],"edges":[{"sourceId":"n1","targetId":"n2","callKind":"direct"},{"sourceId":"n2","targetId":"n3","callKind":"direct"}]}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/dotnet-kestrel-CVE-2023-44487-h2/images/reachable/manifest.json Normal file
View File

@@ -0,0 +1 @@
{"files":{"sbom.cdx.json":"b9f4c0e1646ef086944d7d14d13c1e0341a3b6c53762cf8c50cea619e553002a","sbom.spdx.json":"c49460f0f2d48c84eeed1b27db9d59f506bb7ff7bedaf845654b26e391b43ae2","symbols.json":"155472d78a5d2a96988f588109409caf333377bfbb662c38a24beb27a93d05b1","callgraph.static.json":"22cbe4c7f001f6b3252a4551676935ee6956ee377fdac7489bb4b308b1a75337","callgraph.framework.json":"0bdf4b35631425d9e2ce630cd957d5622e4d5712a0a7d62bd03dabe63caf47a6","reachgraph.truth.json":"fc83da990d1b2f41eab83c726610ef6d5be710870722d709f5612001bb3a918f","vex.openvex.json":"2db3d216c11046948773d5a388efcd4f038bf7ba699eb07803a66f9531bb8afe","attestation.dsse.json":"2f12fedfb62669a7760d7e9c95e4b07aa50350dbd082dc6460c40f4ece51d66e"}}

1
src/tests/reachability/fixtures/reachbench-2025-expanded/cases/dotnet-kestrel-CVE-2023-44487-h2/images/reachable/reachgraph.truth.json Normal file
View File

@@ -0,0 +1 @@
{"schema_version":"reachbench.reachgraph.truth/v1","case_id":"dotnet-kestrel-CVE-2023-44487-h2","variant":"reachable","paths":[["sym://entry","sym://mid","sym://sink"]]}

Some files were not shown because too many files have changed in this diff Show More