Refactor JSON structures for reachability cases in reachbench-2025
- Updated symbols.json for rust-axum-header-parsing-TBD to include case_id and schema_version, removing unnecessary components. - Modified vex.openvex.json for rust-axum-header-parsing-TBD to change author and role, and updated vulnerability status. - Simplified attestation.dsse.json for wordpress-core-CVE-2022-21661-sqli to remove unnecessary fields and added payloadType. - Adjusted callgraph.framework.json and callgraph.static.json for wordpress-core-CVE-2022-21661-sqli to include empty nodes and edges with updated schema_version. - Enhanced manifest.json for wordpress-core-CVE-2022-21661-sqli to include case_id and files with checksums, and updated schema_version. - Updated reachgraph.truth.json for wordpress-core-CVE-2022-21661-sqli to reflect empty paths and added case_id. - Modified sbom.cdx.json and sbom.spdx.json for wordpress-core-CVE-2022-21661-sqli to include metadata and updated specVersion. - Refined symbols.json for wordpress-core-CVE-2022-21661-sqli to include case_id and schema_version, with an empty symbols array. - Updated vex.openvex.json for wordpress-core-CVE-2022-21661-sqli to change author and role, and updated vulnerability status. - Adjusted unreachable cases for wordpress-core-CVE-2022-21661-sqli to reflect similar structural changes as reachable cases.
This commit is contained in:
master
@@ -1,30 +1,5 @@
|
||||
{
|
||||
"dsse_version": "1.0",
|
||||
"subject": [
|
||||
{
|
||||
"name": "ghcr.io/reachbench/dotnet-newtonsoft-deser-TBD:reachable",
|
||||
"digest": {
|
||||
"sha256": "STUB_DIGEST"
|
||||
}
|
||||
}
|
||||
],
|
||||
"statement": {
|
||||
"type": "reachbench.attestation",
|
||||
"materials": [
|
||||
"sbom.cdx.json",
|
||||
"sbom.spdx.json",
|
||||
"symbols.json",
|
||||
"callgraph.static.json",
|
||||
"callgraph.framework.json",
|
||||
"reachgraph.truth.json",
|
||||
"vex.openvex.json"
|
||||
]
|
||||
},
|
||||
"signatures": [
|
||||
{
|
||||
"keyid": "STUB",
|
||||
"sig": "STUB_SIGNATURE",
|
||||
"alg": "dilithium2"
|
||||
}
|
||||
]
|
||||
"payload": "",
|
||||
"payloadType": "application/vnd.in-toto+json",
|
||||
"signatures": []
|
||||
}
|
||||
@@ -1,10 +1,5 @@
|
||||
{
|
||||
"schema_version": "1.0",
|
||||
"edges": [
|
||||
{
|
||||
"from": "sym://dotnet:Startup#Configure",
|
||||
"to": "sym://aspnet:UseEndpoints",
|
||||
"kind": "pipeline"
|
||||
}
|
||||
]
|
||||
"edges": [],
|
||||
"nodes": [],
|
||||
"schema_version": "reachbench.callgraph.framework/v1"
|
||||
}
|
||||
@@ -1,18 +1,5 @@
|
||||
{
|
||||
"schema_version": "1.0",
|
||||
"nodes": [
|
||||
{
|
||||
"sid": "sym://dotnet:dotnet.c#entry"
|
||||
},
|
||||
{
|
||||
"sid": "sym://dotnet:dotnet.c#sink"
|
||||
}
|
||||
],
|
||||
"edges": [
|
||||
{
|
||||
"from": "sym://dotnet:dotnet.c#entry",
|
||||
"to": "sym://dotnet:dotnet.c#sink",
|
||||
"kind": "direct"
|
||||
}
|
||||
]
|
||||
"edges": [],
|
||||
"nodes": [],
|
||||
"schema_version": "reachbench.callgraph.static/v1"
|
||||
}
|
||||
@@ -1,8 +1,15 @@
|
||||
{
|
||||
"image": "ghcr.io/reachbench/dotnet-newtonsoft-deser-TBD:reachable",
|
||||
"config_flags": {
|
||||
"FEATURE_FLAG": true,
|
||||
"POLICY_MODE": "permissive"
|
||||
"case_id": "dotnet-newtonsoft-deser-TBD",
|
||||
"files": {
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "7c1b7d56df4efc97360ba7754feb1051644e624afa2589971fab09507827e677",
|
||||
"sbom.cdx.json": "c7283a731ca81300f6cda9e944451062a92c7eb0559ebdc6b96f6afeea637187",
|
||||
"sbom.spdx.json": "da4978369cae300336e4abd570edb8c8de27bcb5ff2c5131975cae7d8ee01f8e",
|
||||
"symbols.json": "d03361b683ae570864824a8e57c91ca875590373d949d2f706af488c4ccbcc01",
|
||||
"vex.openvex.json": "41e52bf3c0b40ca614d32f5c9b719b68c53e2a0f08f483d6c429120060c9d930"
|
||||
},
|
||||
"sha256": "STUB_DIGEST"
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "reachable"
|
||||
}
|
||||
@@ -1,16 +1,12 @@
|
||||
{
|
||||
"schema_version": "1.0",
|
||||
"sinks": [
|
||||
{
|
||||
"sid": "sym://dotnet:dotnet.c#sink",
|
||||
"kind": "generic"
|
||||
}
|
||||
],
|
||||
"case_id": "dotnet-newtonsoft-deser-TBD",
|
||||
"paths": [
|
||||
[
|
||||
"sym://net:handler#read",
|
||||
"sym://dotnet:dotnet.c#entry",
|
||||
"sym://dotnet:dotnet.c#sink"
|
||||
]
|
||||
]
|
||||
],
|
||||
"schema_version": "reachbench.reachgraph.truth/v1",
|
||||
"variant": "reachable"
|
||||
}
|
||||
@@ -1,5 +1,11 @@
|
||||
{
|
||||
"bomFormat": "CycloneDX",
|
||||
"specVersion": "1.6",
|
||||
"components": []
|
||||
"components": [],
|
||||
"metadata": {
|
||||
"component": {
|
||||
"name": "dotnet-newtonsoft-deser-TBD",
|
||||
"version": "0.0.0"
|
||||
}
|
||||
},
|
||||
"specVersion": "1.5"
|
||||
}
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"spdxVersion": "SPDX-3.0",
|
||||
"creationInfo": {
|
||||
"created": "2025-11-07T22:40:04Z"
|
||||
}
|
||||
"SPDXID": "SPDXRef-DOCUMENT",
|
||||
"name": "dotnet-newtonsoft-deser-TBD",
|
||||
"packages": [],
|
||||
"spdxVersion": "SPDX-2.3"
|
||||
}
|
||||
@@ -1,31 +1,8 @@
|
||||
{
|
||||
"schema_version": "1.0",
|
||||
"components": [
|
||||
{
|
||||
"purl": "pkg:generic/dotnet@0.0.1",
|
||||
"files": [
|
||||
{
|
||||
"path": "/src/dotnet.c",
|
||||
"funcs": [
|
||||
{
|
||||
"sid": "sym://dotnet:dotnet.c#entry",
|
||||
"name": "entry",
|
||||
"range": {
|
||||
"start": 10,
|
||||
"end": 20
|
||||
}
|
||||
},
|
||||
{
|
||||
"sid": "sym://dotnet:dotnet.c#sink",
|
||||
"name": "sink",
|
||||
"range": {
|
||||
"start": 30,
|
||||
"end": 60
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
"case_id": "dotnet-newtonsoft-deser-TBD",
|
||||
"schema_version": "reachbench.symbols/v1",
|
||||
"symbols": [
|
||||
"sym://dotnet:dotnet.c#sink"
|
||||
],
|
||||
"variant": "reachable"
|
||||
}
|
||||
@@ -1,12 +1,15 @@
|
||||
{
|
||||
"author": "reachbench-2025",
|
||||
"timestamp": "2025-11-07T22:40:04Z",
|
||||
"author": "StellaOps",
|
||||
"role": "reachbench",
|
||||
"statements": [
|
||||
{
|
||||
"vulnerability": "TBD",
|
||||
"products": [
|
||||
"pkg:dotnet-newtonsoft-deser-TBD"
|
||||
],
|
||||
"status": "affected",
|
||||
"justification": "reasoning_provided",
|
||||
"impact_statement": "Function-level path is reachable."
|
||||
"statusJustification": "component_present",
|
||||
"vulnerability": "dotnet-newtonsoft-deser-TBD"
|
||||
}
|
||||
]
|
||||
],
|
||||
"timestamp": "2025-11-18T00:00:00Z"
|
||||
}
|
||||
@@ -1,30 +1,5 @@
|
||||
{
|
||||
"dsse_version": "1.0",
|
||||
"subject": [
|
||||
{
|
||||
"name": "ghcr.io/reachbench/dotnet-newtonsoft-deser-TBD:unreachable",
|
||||
"digest": {
|
||||
"sha256": "STUB_DIGEST"
|
||||
}
|
||||
}
|
||||
],
|
||||
"statement": {
|
||||
"type": "reachbench.attestation",
|
||||
"materials": [
|
||||
"sbom.cdx.json",
|
||||
"sbom.spdx.json",
|
||||
"symbols.json",
|
||||
"callgraph.static.json",
|
||||
"callgraph.framework.json",
|
||||
"reachgraph.truth.json",
|
||||
"vex.openvex.json"
|
||||
]
|
||||
},
|
||||
"signatures": [
|
||||
{
|
||||
"keyid": "STUB",
|
||||
"sig": "STUB_SIGNATURE",
|
||||
"alg": "dilithium2"
|
||||
}
|
||||
]
|
||||
"payload": "",
|
||||
"payloadType": "application/vnd.in-toto+json",
|
||||
"signatures": []
|
||||
}
|
||||
@@ -1,10 +1,5 @@
|
||||
{
|
||||
"schema_version": "1.0",
|
||||
"edges": [
|
||||
{
|
||||
"from": "sym://dotnet:Startup#Configure",
|
||||
"to": "sym://aspnet:UseEndpoints",
|
||||
"kind": "pipeline"
|
||||
}
|
||||
]
|
||||
"edges": [],
|
||||
"nodes": [],
|
||||
"schema_version": "reachbench.callgraph.framework/v1"
|
||||
}
|
||||
@@ -1,18 +1,5 @@
|
||||
{
|
||||
"schema_version": "1.0",
|
||||
"nodes": [
|
||||
{
|
||||
"sid": "sym://dotnet:dotnet.c#entry"
|
||||
},
|
||||
{
|
||||
"sid": "sym://dotnet:dotnet.c#sink"
|
||||
}
|
||||
],
|
||||
"edges": [
|
||||
{
|
||||
"from": "sym://dotnet:dotnet.c#entry",
|
||||
"to": "sym://dotnet:dotnet.c#sink",
|
||||
"kind": "direct"
|
||||
}
|
||||
]
|
||||
"edges": [],
|
||||
"nodes": [],
|
||||
"schema_version": "reachbench.callgraph.static/v1"
|
||||
}
|
||||
@@ -1,8 +1,15 @@
|
||||
{
|
||||
"image": "ghcr.io/reachbench/dotnet-newtonsoft-deser-TBD:unreachable",
|
||||
"config_flags": {
|
||||
"FEATURE_FLAG": false,
|
||||
"POLICY_MODE": "enforcing"
|
||||
"case_id": "dotnet-newtonsoft-deser-TBD",
|
||||
"files": {
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "aa1c4c8133ae26349e1a740293e875d91f3a5ba1b241eb39617a09ea1b6ced8e",
|
||||
"sbom.cdx.json": "c7283a731ca81300f6cda9e944451062a92c7eb0559ebdc6b96f6afeea637187",
|
||||
"sbom.spdx.json": "da4978369cae300336e4abd570edb8c8de27bcb5ff2c5131975cae7d8ee01f8e",
|
||||
"symbols.json": "a804343735751e99bda81ce614d890fe19cb510bcb3d3b17dff05ab01decf2e1",
|
||||
"vex.openvex.json": "65cdb8a5d02277eacf194c23cdb7a8adada7318f45f5ce4eb0e09fbcd9d8b615"
|
||||
},
|
||||
"sha256": "STUB_DIGEST"
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "unreachable"
|
||||
}
|
||||
@@ -1,16 +1,6 @@
|
||||
{
|
||||
"schema_version": "1.0",
|
||||
"sinks": [
|
||||
{
|
||||
"sid": "sym://dotnet:dotnet.c#sink",
|
||||
"kind": "generic"
|
||||
}
|
||||
],
|
||||
"paths": [
|
||||
[
|
||||
"sym://net:handler#read",
|
||||
"sym://dotnet:dotnet.c#entry",
|
||||
"sym://dotnet:dotnet.c#sink"
|
||||
]
|
||||
]
|
||||
"case_id": "dotnet-newtonsoft-deser-TBD",
|
||||
"paths": [],
|
||||
"schema_version": "reachbench.reachgraph.truth/v1",
|
||||
"variant": "unreachable"
|
||||
}
|
||||
@@ -1,5 +1,11 @@
|
||||
{
|
||||
"bomFormat": "CycloneDX",
|
||||
"specVersion": "1.6",
|
||||
"components": []
|
||||
"components": [],
|
||||
"metadata": {
|
||||
"component": {
|
||||
"name": "dotnet-newtonsoft-deser-TBD",
|
||||
"version": "0.0.0"
|
||||
}
|
||||
},
|
||||
"specVersion": "1.5"
|
||||
}
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"spdxVersion": "SPDX-3.0",
|
||||
"creationInfo": {
|
||||
"created": "2025-11-07T22:40:04Z"
|
||||
}
|
||||
"SPDXID": "SPDXRef-DOCUMENT",
|
||||
"name": "dotnet-newtonsoft-deser-TBD",
|
||||
"packages": [],
|
||||
"spdxVersion": "SPDX-2.3"
|
||||
}
|
||||
@@ -1,31 +1,6 @@
|
||||
{
|
||||
"schema_version": "1.0",
|
||||
"components": [
|
||||
{
|
||||
"purl": "pkg:generic/dotnet@0.0.1",
|
||||
"files": [
|
||||
{
|
||||
"path": "/src/dotnet.c",
|
||||
"funcs": [
|
||||
{
|
||||
"sid": "sym://dotnet:dotnet.c#entry",
|
||||
"name": "entry",
|
||||
"range": {
|
||||
"start": 10,
|
||||
"end": 20
|
||||
}
|
||||
},
|
||||
{
|
||||
"sid": "sym://dotnet:dotnet.c#sink",
|
||||
"name": "sink",
|
||||
"range": {
|
||||
"start": 30,
|
||||
"end": 60
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
"case_id": "dotnet-newtonsoft-deser-TBD",
|
||||
"schema_version": "reachbench.symbols/v1",
|
||||
"symbols": [],
|
||||
"variant": "unreachable"
|
||||
}
|
||||
@@ -1,12 +1,15 @@
|
||||
{
|
||||
"author": "reachbench-2025",
|
||||
"timestamp": "2025-11-07T22:40:04Z",
|
||||
"author": "StellaOps",
|
||||
"role": "reachbench",
|
||||
"statements": [
|
||||
{
|
||||
"vulnerability": "TBD",
|
||||
"products": [
|
||||
"pkg:dotnet-newtonsoft-deser-TBD"
|
||||
],
|
||||
"status": "not_affected",
|
||||
"justification": "vulnerable_code_not_in_execute_path",
|
||||
"impact_statement": "Pruned by configuration; path unreachable."
|
||||
"statusJustification": "component_not_present",
|
||||
"vulnerability": "dotnet-newtonsoft-deser-TBD"
|
||||
}
|
||||
]
|
||||
],
|
||||
"timestamp": "2025-11-18T00:00:00Z"
|
||||
}
|
||||
Reference in New Issue
Block a user