Refactor JSON structures for reachability cases in reachbench-2025
- Updated symbols.json for rust-axum-header-parsing-TBD to include case_id and schema_version, removing unnecessary components. - Modified vex.openvex.json for rust-axum-header-parsing-TBD to change author and role, and updated vulnerability status. - Simplified attestation.dsse.json for wordpress-core-CVE-2022-21661-sqli to remove unnecessary fields and added payloadType. - Adjusted callgraph.framework.json and callgraph.static.json for wordpress-core-CVE-2022-21661-sqli to include empty nodes and edges with updated schema_version. - Enhanced manifest.json for wordpress-core-CVE-2022-21661-sqli to include case_id and files with checksums, and updated schema_version. - Updated reachgraph.truth.json for wordpress-core-CVE-2022-21661-sqli to reflect empty paths and added case_id. - Modified sbom.cdx.json and sbom.spdx.json for wordpress-core-CVE-2022-21661-sqli to include metadata and updated specVersion. - Refined symbols.json for wordpress-core-CVE-2022-21661-sqli to include case_id and schema_version, with an empty symbols array. - Updated vex.openvex.json for wordpress-core-CVE-2022-21661-sqli to change author and role, and updated vulnerability status. - Adjusted unreachable cases for wordpress-core-CVE-2022-21661-sqli to reflect similar structural changes as reachable cases.
This commit is contained in:
master
@@ -1,30 +1,5 @@
|
||||
{
|
||||
"dsse_version": "1.0",
|
||||
"subject": [
|
||||
{
|
||||
"name": "ghcr.io/reachbench/go-gateway-reflection-auth-bypass:reachable",
|
||||
"digest": {
|
||||
"sha256": "STUB_DIGEST"
|
||||
}
|
||||
}
|
||||
],
|
||||
"statement": {
|
||||
"type": "reachbench.attestation",
|
||||
"materials": [
|
||||
"sbom.cdx.json",
|
||||
"sbom.spdx.json",
|
||||
"symbols.json",
|
||||
"callgraph.static.json",
|
||||
"callgraph.framework.json",
|
||||
"reachgraph.truth.json",
|
||||
"vex.openvex.json"
|
||||
]
|
||||
},
|
||||
"signatures": [
|
||||
{
|
||||
"keyid": "STUB",
|
||||
"sig": "STUB_SIGNATURE",
|
||||
"alg": "dilithium2"
|
||||
}
|
||||
]
|
||||
"payload": "",
|
||||
"payloadType": "application/vnd.in-toto+json",
|
||||
"signatures": []
|
||||
}
|
||||
@@ -1,4 +1,5 @@
|
||||
{
|
||||
"schema_version": "1.0",
|
||||
"edges": []
|
||||
"edges": [],
|
||||
"nodes": [],
|
||||
"schema_version": "reachbench.callgraph.framework/v1"
|
||||
}
|
||||
@@ -1,18 +1,5 @@
|
||||
{
|
||||
"schema_version": "1.0",
|
||||
"nodes": [
|
||||
{
|
||||
"sid": "sym://go:go.c#entry"
|
||||
},
|
||||
{
|
||||
"sid": "sym://go:go.c#sink"
|
||||
}
|
||||
],
|
||||
"edges": [
|
||||
{
|
||||
"from": "sym://go:go.c#entry",
|
||||
"to": "sym://go:go.c#sink",
|
||||
"kind": "direct"
|
||||
}
|
||||
]
|
||||
"edges": [],
|
||||
"nodes": [],
|
||||
"schema_version": "reachbench.callgraph.static/v1"
|
||||
}
|
||||
@@ -1,8 +1,15 @@
|
||||
{
|
||||
"image": "ghcr.io/reachbench/go-gateway-reflection-auth-bypass:reachable",
|
||||
"config_flags": {
|
||||
"FEATURE_FLAG": true,
|
||||
"POLICY_MODE": "permissive"
|
||||
"case_id": "go-gateway-reflection-auth-bypass",
|
||||
"files": {
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "f7c362965a307a6cf40f7921d2ad508cd503fa924ed3a391dba3afe54ab0dcdd",
|
||||
"sbom.cdx.json": "16a041571c0641abe57929624e49f07353edb8980ecdd16340ef83f24f127cba",
|
||||
"sbom.spdx.json": "8abd620f40a28d379b861d6ef640017ea119a8870890009dbd8126ed621a5c73",
|
||||
"symbols.json": "dbf69a19ce1676cc809597ed9fce78c9fe8ebcf25186949a107971116a79a39b",
|
||||
"vex.openvex.json": "b550e30451d7ef7ff612606711ecede1089d914bd8a26f5fbcf01ff1d4e36149"
|
||||
},
|
||||
"sha256": "STUB_DIGEST"
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "reachable"
|
||||
}
|
||||
@@ -1,16 +1,12 @@
|
||||
{
|
||||
"schema_version": "1.0",
|
||||
"sinks": [
|
||||
{
|
||||
"sid": "sym://go:go.c#sink",
|
||||
"kind": "generic"
|
||||
}
|
||||
],
|
||||
"case_id": "go-gateway-reflection-auth-bypass",
|
||||
"paths": [
|
||||
[
|
||||
"sym://net:handler#read",
|
||||
"sym://go:go.c#entry",
|
||||
"sym://go:go.c#sink"
|
||||
]
|
||||
]
|
||||
],
|
||||
"schema_version": "reachbench.reachgraph.truth/v1",
|
||||
"variant": "reachable"
|
||||
}
|
||||
@@ -1,5 +1,11 @@
|
||||
{
|
||||
"bomFormat": "CycloneDX",
|
||||
"specVersion": "1.6",
|
||||
"components": []
|
||||
"components": [],
|
||||
"metadata": {
|
||||
"component": {
|
||||
"name": "go-gateway-reflection-auth-bypass",
|
||||
"version": "0.0.0"
|
||||
}
|
||||
},
|
||||
"specVersion": "1.5"
|
||||
}
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"spdxVersion": "SPDX-3.0",
|
||||
"creationInfo": {
|
||||
"created": "2025-11-07T22:40:04Z"
|
||||
}
|
||||
"SPDXID": "SPDXRef-DOCUMENT",
|
||||
"name": "go-gateway-reflection-auth-bypass",
|
||||
"packages": [],
|
||||
"spdxVersion": "SPDX-2.3"
|
||||
}
|
||||
@@ -1,31 +1,8 @@
|
||||
{
|
||||
"schema_version": "1.0",
|
||||
"components": [
|
||||
{
|
||||
"purl": "pkg:generic/go@0.0.1",
|
||||
"files": [
|
||||
{
|
||||
"path": "/src/go.c",
|
||||
"funcs": [
|
||||
{
|
||||
"sid": "sym://go:go.c#entry",
|
||||
"name": "entry",
|
||||
"range": {
|
||||
"start": 10,
|
||||
"end": 20
|
||||
}
|
||||
},
|
||||
{
|
||||
"sid": "sym://go:go.c#sink",
|
||||
"name": "sink",
|
||||
"range": {
|
||||
"start": 30,
|
||||
"end": 60
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
"case_id": "go-gateway-reflection-auth-bypass",
|
||||
"schema_version": "reachbench.symbols/v1",
|
||||
"symbols": [
|
||||
"sym://go:go.c#sink"
|
||||
],
|
||||
"variant": "reachable"
|
||||
}
|
||||
@@ -1,12 +1,15 @@
|
||||
{
|
||||
"author": "reachbench-2025",
|
||||
"timestamp": "2025-11-07T22:40:04Z",
|
||||
"author": "StellaOps",
|
||||
"role": "reachbench",
|
||||
"statements": [
|
||||
{
|
||||
"vulnerability": "TBD",
|
||||
"products": [
|
||||
"pkg:go-gateway-reflection-auth-bypass"
|
||||
],
|
||||
"status": "affected",
|
||||
"justification": "reasoning_provided",
|
||||
"impact_statement": "Function-level path is reachable."
|
||||
"statusJustification": "component_present",
|
||||
"vulnerability": "go-gateway-reflection-auth-bypass"
|
||||
}
|
||||
]
|
||||
],
|
||||
"timestamp": "2025-11-18T00:00:00Z"
|
||||
}
|
||||
@@ -1,30 +1,5 @@
|
||||
{
|
||||
"dsse_version": "1.0",
|
||||
"subject": [
|
||||
{
|
||||
"name": "ghcr.io/reachbench/go-gateway-reflection-auth-bypass:unreachable",
|
||||
"digest": {
|
||||
"sha256": "STUB_DIGEST"
|
||||
}
|
||||
}
|
||||
],
|
||||
"statement": {
|
||||
"type": "reachbench.attestation",
|
||||
"materials": [
|
||||
"sbom.cdx.json",
|
||||
"sbom.spdx.json",
|
||||
"symbols.json",
|
||||
"callgraph.static.json",
|
||||
"callgraph.framework.json",
|
||||
"reachgraph.truth.json",
|
||||
"vex.openvex.json"
|
||||
]
|
||||
},
|
||||
"signatures": [
|
||||
{
|
||||
"keyid": "STUB",
|
||||
"sig": "STUB_SIGNATURE",
|
||||
"alg": "dilithium2"
|
||||
}
|
||||
]
|
||||
"payload": "",
|
||||
"payloadType": "application/vnd.in-toto+json",
|
||||
"signatures": []
|
||||
}
|
||||
@@ -1,4 +1,5 @@
|
||||
{
|
||||
"schema_version": "1.0",
|
||||
"edges": []
|
||||
"edges": [],
|
||||
"nodes": [],
|
||||
"schema_version": "reachbench.callgraph.framework/v1"
|
||||
}
|
||||
@@ -1,18 +1,5 @@
|
||||
{
|
||||
"schema_version": "1.0",
|
||||
"nodes": [
|
||||
{
|
||||
"sid": "sym://go:go.c#entry"
|
||||
},
|
||||
{
|
||||
"sid": "sym://go:go.c#sink"
|
||||
}
|
||||
],
|
||||
"edges": [
|
||||
{
|
||||
"from": "sym://go:go.c#entry",
|
||||
"to": "sym://go:go.c#sink",
|
||||
"kind": "direct"
|
||||
}
|
||||
]
|
||||
"edges": [],
|
||||
"nodes": [],
|
||||
"schema_version": "reachbench.callgraph.static/v1"
|
||||
}
|
||||
@@ -1,8 +1,15 @@
|
||||
{
|
||||
"image": "ghcr.io/reachbench/go-gateway-reflection-auth-bypass:unreachable",
|
||||
"config_flags": {
|
||||
"FEATURE_FLAG": false,
|
||||
"POLICY_MODE": "enforcing"
|
||||
"case_id": "go-gateway-reflection-auth-bypass",
|
||||
"files": {
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "df9749530b5dc16127ab6782877e19e2bde09a40f7cd44edc8af327619498d32",
|
||||
"sbom.cdx.json": "16a041571c0641abe57929624e49f07353edb8980ecdd16340ef83f24f127cba",
|
||||
"sbom.spdx.json": "8abd620f40a28d379b861d6ef640017ea119a8870890009dbd8126ed621a5c73",
|
||||
"symbols.json": "6571c9c658f4b0a967542a02cd5e5f4b82dd1ffaf7758c51d3ac9c2a83c6c86e",
|
||||
"vex.openvex.json": "69ffc3f74db3d723a0354c0aa05f4e5920fdb02fc8ac72e9d82392b5997f074d"
|
||||
},
|
||||
"sha256": "STUB_DIGEST"
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "unreachable"
|
||||
}
|
||||
@@ -1,16 +1,6 @@
|
||||
{
|
||||
"schema_version": "1.0",
|
||||
"sinks": [
|
||||
{
|
||||
"sid": "sym://go:go.c#sink",
|
||||
"kind": "generic"
|
||||
}
|
||||
],
|
||||
"paths": [
|
||||
[
|
||||
"sym://net:handler#read",
|
||||
"sym://go:go.c#entry",
|
||||
"sym://go:go.c#sink"
|
||||
]
|
||||
]
|
||||
"case_id": "go-gateway-reflection-auth-bypass",
|
||||
"paths": [],
|
||||
"schema_version": "reachbench.reachgraph.truth/v1",
|
||||
"variant": "unreachable"
|
||||
}
|
||||
@@ -1,5 +1,11 @@
|
||||
{
|
||||
"bomFormat": "CycloneDX",
|
||||
"specVersion": "1.6",
|
||||
"components": []
|
||||
"components": [],
|
||||
"metadata": {
|
||||
"component": {
|
||||
"name": "go-gateway-reflection-auth-bypass",
|
||||
"version": "0.0.0"
|
||||
}
|
||||
},
|
||||
"specVersion": "1.5"
|
||||
}
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"spdxVersion": "SPDX-3.0",
|
||||
"creationInfo": {
|
||||
"created": "2025-11-07T22:40:04Z"
|
||||
}
|
||||
"SPDXID": "SPDXRef-DOCUMENT",
|
||||
"name": "go-gateway-reflection-auth-bypass",
|
||||
"packages": [],
|
||||
"spdxVersion": "SPDX-2.3"
|
||||
}
|
||||
@@ -1,31 +1,6 @@
|
||||
{
|
||||
"schema_version": "1.0",
|
||||
"components": [
|
||||
{
|
||||
"purl": "pkg:generic/go@0.0.1",
|
||||
"files": [
|
||||
{
|
||||
"path": "/src/go.c",
|
||||
"funcs": [
|
||||
{
|
||||
"sid": "sym://go:go.c#entry",
|
||||
"name": "entry",
|
||||
"range": {
|
||||
"start": 10,
|
||||
"end": 20
|
||||
}
|
||||
},
|
||||
{
|
||||
"sid": "sym://go:go.c#sink",
|
||||
"name": "sink",
|
||||
"range": {
|
||||
"start": 30,
|
||||
"end": 60
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
"case_id": "go-gateway-reflection-auth-bypass",
|
||||
"schema_version": "reachbench.symbols/v1",
|
||||
"symbols": [],
|
||||
"variant": "unreachable"
|
||||
}
|
||||
@@ -1,12 +1,15 @@
|
||||
{
|
||||
"author": "reachbench-2025",
|
||||
"timestamp": "2025-11-07T22:40:04Z",
|
||||
"author": "StellaOps",
|
||||
"role": "reachbench",
|
||||
"statements": [
|
||||
{
|
||||
"vulnerability": "TBD",
|
||||
"products": [
|
||||
"pkg:go-gateway-reflection-auth-bypass"
|
||||
],
|
||||
"status": "not_affected",
|
||||
"justification": "vulnerable_code_not_in_execute_path",
|
||||
"impact_statement": "Pruned by configuration; path unreachable."
|
||||
"statusJustification": "component_not_present",
|
||||
"vulnerability": "go-gateway-reflection-auth-bypass"
|
||||
}
|
||||
]
|
||||
],
|
||||
"timestamp": "2025-11-18T00:00:00Z"
|
||||
}
|
||||
Reference in New Issue
Block a user