Refactor JSON structures for reachability cases in reachbench-2025
- Updated symbols.json for rust-axum-header-parsing-TBD to include case_id and schema_version, removing unnecessary components. - Modified vex.openvex.json for rust-axum-header-parsing-TBD to change author and role, and updated vulnerability status. - Simplified attestation.dsse.json for wordpress-core-CVE-2022-21661-sqli to remove unnecessary fields and added payloadType. - Adjusted callgraph.framework.json and callgraph.static.json for wordpress-core-CVE-2022-21661-sqli to include empty nodes and edges with updated schema_version. - Enhanced manifest.json for wordpress-core-CVE-2022-21661-sqli to include case_id and files with checksums, and updated schema_version. - Updated reachgraph.truth.json for wordpress-core-CVE-2022-21661-sqli to reflect empty paths and added case_id. - Modified sbom.cdx.json and sbom.spdx.json for wordpress-core-CVE-2022-21661-sqli to include metadata and updated specVersion. - Refined symbols.json for wordpress-core-CVE-2022-21661-sqli to include case_id and schema_version, with an empty symbols array. - Updated vex.openvex.json for wordpress-core-CVE-2022-21661-sqli to change author and role, and updated vulnerability status. - Adjusted unreachable cases for wordpress-core-CVE-2022-21661-sqli to reflect similar structural changes as reachable cases.
This commit is contained in:
master
@@ -1,30 +1,5 @@
|
||||
{
|
||||
"dsse_version": "1.0",
|
||||
"subject": [
|
||||
{
|
||||
"name": "ghcr.io/reachbench/python-urllib3-dos-regex-TBD:reachable",
|
||||
"digest": {
|
||||
"sha256": "STUB_DIGEST"
|
||||
}
|
||||
}
|
||||
],
|
||||
"statement": {
|
||||
"type": "reachbench.attestation",
|
||||
"materials": [
|
||||
"sbom.cdx.json",
|
||||
"sbom.spdx.json",
|
||||
"symbols.json",
|
||||
"callgraph.static.json",
|
||||
"callgraph.framework.json",
|
||||
"reachgraph.truth.json",
|
||||
"vex.openvex.json"
|
||||
]
|
||||
},
|
||||
"signatures": [
|
||||
{
|
||||
"keyid": "STUB",
|
||||
"sig": "STUB_SIGNATURE",
|
||||
"alg": "dilithium2"
|
||||
}
|
||||
]
|
||||
"payload": "",
|
||||
"payloadType": "application/vnd.in-toto+json",
|
||||
"signatures": []
|
||||
}
|
||||
@@ -1,4 +1,5 @@
|
||||
{
|
||||
"schema_version": "1.0",
|
||||
"edges": []
|
||||
"edges": [],
|
||||
"nodes": [],
|
||||
"schema_version": "reachbench.callgraph.framework/v1"
|
||||
}
|
||||
@@ -1,18 +1,5 @@
|
||||
{
|
||||
"schema_version": "1.0",
|
||||
"nodes": [
|
||||
{
|
||||
"sid": "sym://python:python.c#entry"
|
||||
},
|
||||
{
|
||||
"sid": "sym://python:python.c#sink"
|
||||
}
|
||||
],
|
||||
"edges": [
|
||||
{
|
||||
"from": "sym://python:python.c#entry",
|
||||
"to": "sym://python:python.c#sink",
|
||||
"kind": "direct"
|
||||
}
|
||||
]
|
||||
"edges": [],
|
||||
"nodes": [],
|
||||
"schema_version": "reachbench.callgraph.static/v1"
|
||||
}
|
||||
@@ -1,8 +1,15 @@
|
||||
{
|
||||
"image": "ghcr.io/reachbench/python-urllib3-dos-regex-TBD:reachable",
|
||||
"config_flags": {
|
||||
"FEATURE_FLAG": true,
|
||||
"POLICY_MODE": "permissive"
|
||||
"case_id": "python-urllib3-dos-regex-TBD",
|
||||
"files": {
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "77b65a72e7061171dd9bbabb55260c005e45c71156349c68995f5da21249f01d",
|
||||
"sbom.cdx.json": "6de2dac2a942c4f98be45913bc283490e0a633d96f622864eba2f7e9ed40ddef",
|
||||
"sbom.spdx.json": "fcc1da998d896c2a8d6c0b0386ae5a492ae242cc83dc03daaf2b6ee55d8ba9bb",
|
||||
"symbols.json": "0de9697f4fe6f5d80df4aec4593599f6dbfbf9c92f2e19e4e8f6d39630a37aee",
|
||||
"vex.openvex.json": "c785b009bc7c625f1e3cda129ab45ac436b43dc726f3902d092bfb4665a5a1dd"
|
||||
},
|
||||
"sha256": "STUB_DIGEST"
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "reachable"
|
||||
}
|
||||
@@ -1,16 +1,12 @@
|
||||
{
|
||||
"schema_version": "1.0",
|
||||
"sinks": [
|
||||
{
|
||||
"sid": "sym://python:python.c#sink",
|
||||
"kind": "generic"
|
||||
}
|
||||
],
|
||||
"case_id": "python-urllib3-dos-regex-TBD",
|
||||
"paths": [
|
||||
[
|
||||
"sym://net:handler#read",
|
||||
"sym://python:python.c#entry",
|
||||
"sym://python:python.c#sink"
|
||||
]
|
||||
]
|
||||
],
|
||||
"schema_version": "reachbench.reachgraph.truth/v1",
|
||||
"variant": "reachable"
|
||||
}
|
||||
@@ -1,5 +1,11 @@
|
||||
{
|
||||
"bomFormat": "CycloneDX",
|
||||
"specVersion": "1.6",
|
||||
"components": []
|
||||
"components": [],
|
||||
"metadata": {
|
||||
"component": {
|
||||
"name": "python-urllib3-dos-regex-TBD",
|
||||
"version": "0.0.0"
|
||||
}
|
||||
},
|
||||
"specVersion": "1.5"
|
||||
}
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"spdxVersion": "SPDX-3.0",
|
||||
"creationInfo": {
|
||||
"created": "2025-11-07T22:40:04Z"
|
||||
}
|
||||
"SPDXID": "SPDXRef-DOCUMENT",
|
||||
"name": "python-urllib3-dos-regex-TBD",
|
||||
"packages": [],
|
||||
"spdxVersion": "SPDX-2.3"
|
||||
}
|
||||
@@ -1,31 +1,8 @@
|
||||
{
|
||||
"schema_version": "1.0",
|
||||
"components": [
|
||||
{
|
||||
"purl": "pkg:generic/python@0.0.1",
|
||||
"files": [
|
||||
{
|
||||
"path": "/src/python.c",
|
||||
"funcs": [
|
||||
{
|
||||
"sid": "sym://python:python.c#entry",
|
||||
"name": "entry",
|
||||
"range": {
|
||||
"start": 10,
|
||||
"end": 20
|
||||
}
|
||||
},
|
||||
{
|
||||
"sid": "sym://python:python.c#sink",
|
||||
"name": "sink",
|
||||
"range": {
|
||||
"start": 30,
|
||||
"end": 60
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
"case_id": "python-urllib3-dos-regex-TBD",
|
||||
"schema_version": "reachbench.symbols/v1",
|
||||
"symbols": [
|
||||
"sym://python:python.c#sink"
|
||||
],
|
||||
"variant": "reachable"
|
||||
}
|
||||
@@ -1,12 +1,15 @@
|
||||
{
|
||||
"author": "reachbench-2025",
|
||||
"timestamp": "2025-11-07T22:40:04Z",
|
||||
"author": "StellaOps",
|
||||
"role": "reachbench",
|
||||
"statements": [
|
||||
{
|
||||
"vulnerability": "TBD",
|
||||
"products": [
|
||||
"pkg:python-urllib3-dos-regex-TBD"
|
||||
],
|
||||
"status": "affected",
|
||||
"justification": "reasoning_provided",
|
||||
"impact_statement": "Function-level path is reachable."
|
||||
"statusJustification": "component_present",
|
||||
"vulnerability": "python-urllib3-dos-regex-TBD"
|
||||
}
|
||||
]
|
||||
],
|
||||
"timestamp": "2025-11-18T00:00:00Z"
|
||||
}
|
||||
@@ -1,30 +1,5 @@
|
||||
{
|
||||
"dsse_version": "1.0",
|
||||
"subject": [
|
||||
{
|
||||
"name": "ghcr.io/reachbench/python-urllib3-dos-regex-TBD:unreachable",
|
||||
"digest": {
|
||||
"sha256": "STUB_DIGEST"
|
||||
}
|
||||
}
|
||||
],
|
||||
"statement": {
|
||||
"type": "reachbench.attestation",
|
||||
"materials": [
|
||||
"sbom.cdx.json",
|
||||
"sbom.spdx.json",
|
||||
"symbols.json",
|
||||
"callgraph.static.json",
|
||||
"callgraph.framework.json",
|
||||
"reachgraph.truth.json",
|
||||
"vex.openvex.json"
|
||||
]
|
||||
},
|
||||
"signatures": [
|
||||
{
|
||||
"keyid": "STUB",
|
||||
"sig": "STUB_SIGNATURE",
|
||||
"alg": "dilithium2"
|
||||
}
|
||||
]
|
||||
"payload": "",
|
||||
"payloadType": "application/vnd.in-toto+json",
|
||||
"signatures": []
|
||||
}
|
||||
@@ -1,4 +1,5 @@
|
||||
{
|
||||
"schema_version": "1.0",
|
||||
"edges": []
|
||||
"edges": [],
|
||||
"nodes": [],
|
||||
"schema_version": "reachbench.callgraph.framework/v1"
|
||||
}
|
||||
@@ -1,18 +1,5 @@
|
||||
{
|
||||
"schema_version": "1.0",
|
||||
"nodes": [
|
||||
{
|
||||
"sid": "sym://python:python.c#entry"
|
||||
},
|
||||
{
|
||||
"sid": "sym://python:python.c#sink"
|
||||
}
|
||||
],
|
||||
"edges": [
|
||||
{
|
||||
"from": "sym://python:python.c#entry",
|
||||
"to": "sym://python:python.c#sink",
|
||||
"kind": "direct"
|
||||
}
|
||||
]
|
||||
"edges": [],
|
||||
"nodes": [],
|
||||
"schema_version": "reachbench.callgraph.static/v1"
|
||||
}
|
||||
@@ -1,8 +1,15 @@
|
||||
{
|
||||
"image": "ghcr.io/reachbench/python-urllib3-dos-regex-TBD:unreachable",
|
||||
"config_flags": {
|
||||
"FEATURE_FLAG": false,
|
||||
"POLICY_MODE": "enforcing"
|
||||
"case_id": "python-urllib3-dos-regex-TBD",
|
||||
"files": {
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "fee28d40dd848e5e59b662622f33e2644e4328c6a2eb1a4f22f558fea0c69dfd",
|
||||
"sbom.cdx.json": "6de2dac2a942c4f98be45913bc283490e0a633d96f622864eba2f7e9ed40ddef",
|
||||
"sbom.spdx.json": "fcc1da998d896c2a8d6c0b0386ae5a492ae242cc83dc03daaf2b6ee55d8ba9bb",
|
||||
"symbols.json": "bafb8c6703ba42f7fcb2d1bc5bba702282012d10f7d7026729083761e8b6bf26",
|
||||
"vex.openvex.json": "342a13c0f33bbf5228756e7444aa1a0740b0f971115ead4db2668669e8055fb5"
|
||||
},
|
||||
"sha256": "STUB_DIGEST"
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "unreachable"
|
||||
}
|
||||
@@ -1,16 +1,6 @@
|
||||
{
|
||||
"schema_version": "1.0",
|
||||
"sinks": [
|
||||
{
|
||||
"sid": "sym://python:python.c#sink",
|
||||
"kind": "generic"
|
||||
}
|
||||
],
|
||||
"paths": [
|
||||
[
|
||||
"sym://net:handler#read",
|
||||
"sym://python:python.c#entry",
|
||||
"sym://python:python.c#sink"
|
||||
]
|
||||
]
|
||||
"case_id": "python-urllib3-dos-regex-TBD",
|
||||
"paths": [],
|
||||
"schema_version": "reachbench.reachgraph.truth/v1",
|
||||
"variant": "unreachable"
|
||||
}
|
||||
@@ -1,5 +1,11 @@
|
||||
{
|
||||
"bomFormat": "CycloneDX",
|
||||
"specVersion": "1.6",
|
||||
"components": []
|
||||
"components": [],
|
||||
"metadata": {
|
||||
"component": {
|
||||
"name": "python-urllib3-dos-regex-TBD",
|
||||
"version": "0.0.0"
|
||||
}
|
||||
},
|
||||
"specVersion": "1.5"
|
||||
}
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"spdxVersion": "SPDX-3.0",
|
||||
"creationInfo": {
|
||||
"created": "2025-11-07T22:40:04Z"
|
||||
}
|
||||
"SPDXID": "SPDXRef-DOCUMENT",
|
||||
"name": "python-urllib3-dos-regex-TBD",
|
||||
"packages": [],
|
||||
"spdxVersion": "SPDX-2.3"
|
||||
}
|
||||
@@ -1,31 +1,6 @@
|
||||
{
|
||||
"schema_version": "1.0",
|
||||
"components": [
|
||||
{
|
||||
"purl": "pkg:generic/python@0.0.1",
|
||||
"files": [
|
||||
{
|
||||
"path": "/src/python.c",
|
||||
"funcs": [
|
||||
{
|
||||
"sid": "sym://python:python.c#entry",
|
||||
"name": "entry",
|
||||
"range": {
|
||||
"start": 10,
|
||||
"end": 20
|
||||
}
|
||||
},
|
||||
{
|
||||
"sid": "sym://python:python.c#sink",
|
||||
"name": "sink",
|
||||
"range": {
|
||||
"start": 30,
|
||||
"end": 60
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
"case_id": "python-urllib3-dos-regex-TBD",
|
||||
"schema_version": "reachbench.symbols/v1",
|
||||
"symbols": [],
|
||||
"variant": "unreachable"
|
||||
}
|
||||
@@ -1,12 +1,15 @@
|
||||
{
|
||||
"author": "reachbench-2025",
|
||||
"timestamp": "2025-11-07T22:40:04Z",
|
||||
"author": "StellaOps",
|
||||
"role": "reachbench",
|
||||
"statements": [
|
||||
{
|
||||
"vulnerability": "TBD",
|
||||
"products": [
|
||||
"pkg:python-urllib3-dos-regex-TBD"
|
||||
],
|
||||
"status": "not_affected",
|
||||
"justification": "vulnerable_code_not_in_execute_path",
|
||||
"impact_statement": "Pruned by configuration; path unreachable."
|
||||
"statusJustification": "component_not_present",
|
||||
"vulnerability": "python-urllib3-dos-regex-TBD"
|
||||
}
|
||||
]
|
||||
],
|
||||
"timestamp": "2025-11-18T00:00:00Z"
|
||||
}
|
||||
Reference in New Issue
Block a user