diff --git a/bench/reachability-benchmark/cases/java/micronaut-deserialize/outputs/attestation.json b/bench/reachability-benchmark/cases/java/micronaut-deserialize/outputs/attestation.json new file mode 100644 index 000000000..310df298d --- /dev/null +++ b/bench/reachability-benchmark/cases/java/micronaut-deserialize/outputs/attestation.json @@ -0,0 +1,22 @@ +{ + "_type": "https://in-toto.io/Statement/v0.1", + "predicate": { + "buildType": "stub", + "builder": { + "id": "stub" + }, + "metadata": { + "buildFinishedOn": "1970-01-01T00:00:00Z", + "buildStartedOn": "1970-01-01T00:00:00Z" + } + }, + "predicateType": "https://slsa.dev/provenance/v0.2", + "subject": [ + { + "digest": { + "sha256": "stub" + }, + "name": "java-micronaut-deserialize:203" + } + ] +} \ No newline at end of file diff --git a/bench/reachability-benchmark/cases/java/micronaut-deserialize/outputs/binary.tar.gz b/bench/reachability-benchmark/cases/java/micronaut-deserialize/outputs/binary.tar.gz new file mode 100644 index 000000000..e9737cac2 Binary files /dev/null and b/bench/reachability-benchmark/cases/java/micronaut-deserialize/outputs/binary.tar.gz differ diff --git a/bench/reachability-benchmark/cases/java/micronaut-deserialize/outputs/classes/bench/reachability/micronaut/Controller$Response.class b/bench/reachability-benchmark/cases/java/micronaut-deserialize/outputs/classes/bench/reachability/micronaut/Controller$Response.class new file mode 100644 index 000000000..a8f5cb0ad Binary files /dev/null and b/bench/reachability-benchmark/cases/java/micronaut-deserialize/outputs/classes/bench/reachability/micronaut/Controller$Response.class differ diff --git a/bench/reachability-benchmark/cases/java/micronaut-deserialize/outputs/classes/bench/reachability/micronaut/Controller.class b/bench/reachability-benchmark/cases/java/micronaut-deserialize/outputs/classes/bench/reachability/micronaut/Controller.class new file mode 100644 index 000000000..c5ed7fede Binary files /dev/null and b/bench/reachability-benchmark/cases/java/micronaut-deserialize/outputs/classes/bench/reachability/micronaut/Controller.class differ diff --git a/bench/reachability-benchmark/cases/java/micronaut-deserialize/outputs/classes/bench/reachability/micronaut/ControllerTest.class b/bench/reachability-benchmark/cases/java/micronaut-deserialize/outputs/classes/bench/reachability/micronaut/ControllerTest.class new file mode 100644 index 000000000..8bb01d8dd Binary files /dev/null and b/bench/reachability-benchmark/cases/java/micronaut-deserialize/outputs/classes/bench/reachability/micronaut/ControllerTest.class differ diff --git a/bench/reachability-benchmark/cases/java/micronaut-deserialize/outputs/classes/outputs/SINK_REACHED b/bench/reachability-benchmark/cases/java/micronaut-deserialize/outputs/classes/outputs/SINK_REACHED new file mode 100644 index 000000000..f32a5804e --- /dev/null +++ b/bench/reachability-benchmark/cases/java/micronaut-deserialize/outputs/classes/outputs/SINK_REACHED @@ -0,0 +1 @@ +true \ No newline at end of file diff --git a/bench/reachability-benchmark/cases/java/micronaut-deserialize/outputs/coverage.json b/bench/reachability-benchmark/cases/java/micronaut-deserialize/outputs/coverage.json new file mode 100644 index 000000000..d9842ff5b --- /dev/null +++ b/bench/reachability-benchmark/cases/java/micronaut-deserialize/outputs/coverage.json @@ -0,0 +1,13 @@ +{ + "files": { + "src/Controller.java": { + "lines_covered": [ + 11, + 14, + 15, + 17 + ], + "lines_total": 40 + } + } +} \ No newline at end of file diff --git a/bench/reachability-benchmark/cases/java/micronaut-deserialize/outputs/sbom.cdx.json b/bench/reachability-benchmark/cases/java/micronaut-deserialize/outputs/sbom.cdx.json new file mode 100644 index 000000000..b7a8b9f4d --- /dev/null +++ b/bench/reachability-benchmark/cases/java/micronaut-deserialize/outputs/sbom.cdx.json @@ -0,0 +1,14 @@ +{ + "bomFormat": "CycloneDX", + "components": [], + "metadata": { + "component": { + "name": "micronaut-deserialize", + "type": "application", + "version": "1.0.0" + }, + "timestamp": "1970-01-01T00:00:00Z" + }, + "specVersion": "1.5", + "version": 1 +} \ No newline at end of file diff --git a/bench/reachability-benchmark/cases/java/micronaut-deserialize/outputs/traces/trace.json b/bench/reachability-benchmark/cases/java/micronaut-deserialize/outputs/traces/trace.json new file mode 100644 index 000000000..2d75dfb4c --- /dev/null +++ b/bench/reachability-benchmark/cases/java/micronaut-deserialize/outputs/traces/trace.json @@ -0,0 +1,9 @@ +{ + "entry": "POST /mn/upload", + "notes": "Base64 payload flows into ObjectInputStream without guard", + "path": [ + "Controller.handleUpload", + "ObjectInputStream.readObject" + ], + "sink": "MicronautDeserialize::handleUpload" +} \ No newline at end of file diff --git a/bench/reachability-benchmark/cases/java/micronaut-guarded/outputs/attestation.json b/bench/reachability-benchmark/cases/java/micronaut-guarded/outputs/attestation.json new file mode 100644 index 000000000..dd450804f --- /dev/null +++ b/bench/reachability-benchmark/cases/java/micronaut-guarded/outputs/attestation.json @@ -0,0 +1,22 @@ +{ + "_type": "https://in-toto.io/Statement/v0.1", + "predicate": { + "buildType": "stub", + "builder": { + "id": "stub" + }, + "metadata": { + "buildFinishedOn": "1970-01-01T00:00:00Z", + "buildStartedOn": "1970-01-01T00:00:00Z" + } + }, + "predicateType": "https://slsa.dev/provenance/v0.2", + "subject": [ + { + "digest": { + "sha256": "stub" + }, + "name": "java-micronaut-guarded:204" + } + ] +} \ No newline at end of file diff --git a/bench/reachability-benchmark/cases/java/micronaut-guarded/outputs/binary.tar.gz b/bench/reachability-benchmark/cases/java/micronaut-guarded/outputs/binary.tar.gz new file mode 100644 index 000000000..282b59790 Binary files /dev/null and b/bench/reachability-benchmark/cases/java/micronaut-guarded/outputs/binary.tar.gz differ diff --git a/bench/reachability-benchmark/cases/java/micronaut-guarded/outputs/classes/bench/reachability/micronautguard/Controller$Response.class b/bench/reachability-benchmark/cases/java/micronaut-guarded/outputs/classes/bench/reachability/micronautguard/Controller$Response.class new file mode 100644 index 000000000..47149251e Binary files /dev/null and b/bench/reachability-benchmark/cases/java/micronaut-guarded/outputs/classes/bench/reachability/micronautguard/Controller$Response.class differ diff --git a/bench/reachability-benchmark/cases/java/micronaut-guarded/outputs/classes/bench/reachability/micronautguard/Controller.class b/bench/reachability-benchmark/cases/java/micronaut-guarded/outputs/classes/bench/reachability/micronautguard/Controller.class new file mode 100644 index 000000000..a9fae38c2 Binary files /dev/null and b/bench/reachability-benchmark/cases/java/micronaut-guarded/outputs/classes/bench/reachability/micronautguard/Controller.class differ diff --git a/bench/reachability-benchmark/cases/java/micronaut-guarded/outputs/classes/bench/reachability/micronautguard/ControllerTest.class b/bench/reachability-benchmark/cases/java/micronaut-guarded/outputs/classes/bench/reachability/micronautguard/ControllerTest.class new file mode 100644 index 000000000..ef821dc3e Binary files /dev/null and b/bench/reachability-benchmark/cases/java/micronaut-guarded/outputs/classes/bench/reachability/micronautguard/ControllerTest.class differ diff --git a/bench/reachability-benchmark/cases/java/micronaut-guarded/outputs/classes/outputs/SINK_BLOCKED b/bench/reachability-benchmark/cases/java/micronaut-guarded/outputs/classes/outputs/SINK_BLOCKED new file mode 100644 index 000000000..f32a5804e --- /dev/null +++ b/bench/reachability-benchmark/cases/java/micronaut-guarded/outputs/classes/outputs/SINK_BLOCKED @@ -0,0 +1 @@ +true \ No newline at end of file diff --git a/bench/reachability-benchmark/cases/java/micronaut-guarded/outputs/coverage.json b/bench/reachability-benchmark/cases/java/micronaut-guarded/outputs/coverage.json new file mode 100644 index 000000000..cb48c78cf --- /dev/null +++ b/bench/reachability-benchmark/cases/java/micronaut-guarded/outputs/coverage.json @@ -0,0 +1,13 @@ +{ + "files": { + "src/Controller.java": { + "lines_covered": [ + 12, + 13, + 15, + 17 + ], + "lines_total": 42 + } + } +} \ No newline at end of file diff --git a/bench/reachability-benchmark/cases/java/micronaut-guarded/outputs/sbom.cdx.json b/bench/reachability-benchmark/cases/java/micronaut-guarded/outputs/sbom.cdx.json new file mode 100644 index 000000000..7d464b71d --- /dev/null +++ b/bench/reachability-benchmark/cases/java/micronaut-guarded/outputs/sbom.cdx.json @@ -0,0 +1,14 @@ +{ + "bomFormat": "CycloneDX", + "components": [], + "metadata": { + "component": { + "name": "micronaut-guarded", + "type": "application", + "version": "1.0.0" + }, + "timestamp": "1970-01-01T00:00:00Z" + }, + "specVersion": "1.5", + "version": 1 +} \ No newline at end of file diff --git a/bench/reachability-benchmark/cases/java/micronaut-guarded/outputs/traces/trace.json b/bench/reachability-benchmark/cases/java/micronaut-guarded/outputs/traces/trace.json new file mode 100644 index 000000000..dadf3b0b1 --- /dev/null +++ b/bench/reachability-benchmark/cases/java/micronaut-guarded/outputs/traces/trace.json @@ -0,0 +1,8 @@ +{ + "entry": "POST /mn/upload", + "notes": "Guard enforces ALLOW_MN_DESER feature flag; sink not reached by default", + "path": [ + "Controller.handleUpload" + ], + "sink": "MicronautDeserializeGuarded::handleUpload" +} \ No newline at end of file diff --git a/bench/reachability-benchmark/cases/java/spring-deserialize/outputs/attestation.json b/bench/reachability-benchmark/cases/java/spring-deserialize/outputs/attestation.json new file mode 100644 index 000000000..221f2bba1 --- /dev/null +++ b/bench/reachability-benchmark/cases/java/spring-deserialize/outputs/attestation.json @@ -0,0 +1,22 @@ +{ + "_type": "https://in-toto.io/Statement/v0.1", + "predicate": { + "buildType": "stub", + "builder": { + "id": "stub" + }, + "metadata": { + "buildFinishedOn": "1970-01-01T00:00:00Z", + "buildStartedOn": "1970-01-01T00:00:00Z" + } + }, + "predicateType": "https://slsa.dev/provenance/v0.2", + "subject": [ + { + "digest": { + "sha256": "stub" + }, + "name": "java-spring-deserialize:201" + } + ] +} \ No newline at end of file diff --git a/bench/reachability-benchmark/cases/java/spring-deserialize/outputs/binary.tar.gz b/bench/reachability-benchmark/cases/java/spring-deserialize/outputs/binary.tar.gz new file mode 100644 index 000000000..fb19054f1 Binary files /dev/null and b/bench/reachability-benchmark/cases/java/spring-deserialize/outputs/binary.tar.gz differ diff --git a/bench/reachability-benchmark/cases/java/spring-deserialize/outputs/classes/bench/reachability/App$Response.class b/bench/reachability-benchmark/cases/java/spring-deserialize/outputs/classes/bench/reachability/App$Response.class new file mode 100644 index 000000000..d7200ca5b Binary files /dev/null and b/bench/reachability-benchmark/cases/java/spring-deserialize/outputs/classes/bench/reachability/App$Response.class differ diff --git a/bench/reachability-benchmark/cases/java/spring-deserialize/outputs/classes/bench/reachability/App.class b/bench/reachability-benchmark/cases/java/spring-deserialize/outputs/classes/bench/reachability/App.class new file mode 100644 index 000000000..4b84e4b07 Binary files /dev/null and b/bench/reachability-benchmark/cases/java/spring-deserialize/outputs/classes/bench/reachability/App.class differ diff --git a/bench/reachability-benchmark/cases/java/spring-deserialize/outputs/classes/bench/reachability/AppTest.class b/bench/reachability-benchmark/cases/java/spring-deserialize/outputs/classes/bench/reachability/AppTest.class new file mode 100644 index 000000000..c6416f90e Binary files /dev/null and b/bench/reachability-benchmark/cases/java/spring-deserialize/outputs/classes/bench/reachability/AppTest.class differ diff --git a/bench/reachability-benchmark/cases/java/spring-deserialize/outputs/classes/outputs/SINK_REACHED b/bench/reachability-benchmark/cases/java/spring-deserialize/outputs/classes/outputs/SINK_REACHED new file mode 100644 index 000000000..f32a5804e --- /dev/null +++ b/bench/reachability-benchmark/cases/java/spring-deserialize/outputs/classes/outputs/SINK_REACHED @@ -0,0 +1 @@ +true \ No newline at end of file diff --git a/bench/reachability-benchmark/cases/java/spring-deserialize/outputs/coverage.json b/bench/reachability-benchmark/cases/java/spring-deserialize/outputs/coverage.json new file mode 100644 index 000000000..288abce0a --- /dev/null +++ b/bench/reachability-benchmark/cases/java/spring-deserialize/outputs/coverage.json @@ -0,0 +1,14 @@ +{ + "files": { + "src/App.java": { + "lines_covered": [ + 9, + 15, + 16, + 17, + 19 + ], + "lines_total": 26 + } + } +} \ No newline at end of file diff --git a/bench/reachability-benchmark/cases/java/spring-deserialize/outputs/sbom.cdx.json b/bench/reachability-benchmark/cases/java/spring-deserialize/outputs/sbom.cdx.json new file mode 100644 index 000000000..803d8958d --- /dev/null +++ b/bench/reachability-benchmark/cases/java/spring-deserialize/outputs/sbom.cdx.json @@ -0,0 +1,14 @@ +{ + "bomFormat": "CycloneDX", + "components": [], + "metadata": { + "component": { + "name": "spring-deserialize", + "type": "application", + "version": "1.0.0" + }, + "timestamp": "1970-01-01T00:00:00Z" + }, + "specVersion": "1.5", + "version": 1 +} \ No newline at end of file diff --git a/bench/reachability-benchmark/cases/java/spring-deserialize/outputs/traces/trace.json b/bench/reachability-benchmark/cases/java/spring-deserialize/outputs/traces/trace.json new file mode 100644 index 000000000..cb0d10da4 --- /dev/null +++ b/bench/reachability-benchmark/cases/java/spring-deserialize/outputs/traces/trace.json @@ -0,0 +1,9 @@ +{ + "entry": "POST /api/upload", + "notes": "No guard; base64 payload deserialized", + "path": [ + "App.handleRequest", + "ObjectInputStream.readObject" + ], + "sink": "JavaDeserialize::handleRequest" +} \ No newline at end of file diff --git a/bench/reachability-benchmark/cases/java/spring-guarded/outputs/attestation.json b/bench/reachability-benchmark/cases/java/spring-guarded/outputs/attestation.json new file mode 100644 index 000000000..a176cbc57 --- /dev/null +++ b/bench/reachability-benchmark/cases/java/spring-guarded/outputs/attestation.json @@ -0,0 +1,22 @@ +{ + "_type": "https://in-toto.io/Statement/v0.1", + "predicate": { + "buildType": "stub", + "builder": { + "id": "stub" + }, + "metadata": { + "buildFinishedOn": "1970-01-01T00:00:00Z", + "buildStartedOn": "1970-01-01T00:00:00Z" + } + }, + "predicateType": "https://slsa.dev/provenance/v0.2", + "subject": [ + { + "digest": { + "sha256": "stub" + }, + "name": "java-spring-guarded:202" + } + ] +} \ No newline at end of file diff --git a/bench/reachability-benchmark/cases/java/spring-guarded/outputs/binary.tar.gz b/bench/reachability-benchmark/cases/java/spring-guarded/outputs/binary.tar.gz new file mode 100644 index 000000000..c8490106c Binary files /dev/null and b/bench/reachability-benchmark/cases/java/spring-guarded/outputs/binary.tar.gz differ diff --git a/bench/reachability-benchmark/cases/java/spring-guarded/outputs/classes/bench/reachability/App$Response.class b/bench/reachability-benchmark/cases/java/spring-guarded/outputs/classes/bench/reachability/App$Response.class new file mode 100644 index 000000000..5d0c3232a Binary files /dev/null and b/bench/reachability-benchmark/cases/java/spring-guarded/outputs/classes/bench/reachability/App$Response.class differ diff --git a/bench/reachability-benchmark/cases/java/spring-guarded/outputs/classes/bench/reachability/App.class b/bench/reachability-benchmark/cases/java/spring-guarded/outputs/classes/bench/reachability/App.class new file mode 100644 index 000000000..3be47e29e Binary files /dev/null and b/bench/reachability-benchmark/cases/java/spring-guarded/outputs/classes/bench/reachability/App.class differ diff --git a/bench/reachability-benchmark/cases/java/spring-guarded/outputs/classes/bench/reachability/AppTest.class b/bench/reachability-benchmark/cases/java/spring-guarded/outputs/classes/bench/reachability/AppTest.class new file mode 100644 index 000000000..a416b9056 Binary files /dev/null and b/bench/reachability-benchmark/cases/java/spring-guarded/outputs/classes/bench/reachability/AppTest.class differ diff --git a/bench/reachability-benchmark/cases/java/spring-guarded/outputs/classes/outputs/SINK_BLOCKED b/bench/reachability-benchmark/cases/java/spring-guarded/outputs/classes/outputs/SINK_BLOCKED new file mode 100644 index 000000000..f32a5804e --- /dev/null +++ b/bench/reachability-benchmark/cases/java/spring-guarded/outputs/classes/outputs/SINK_BLOCKED @@ -0,0 +1 @@ +true \ No newline at end of file diff --git a/bench/reachability-benchmark/cases/java/spring-guarded/outputs/coverage.json b/bench/reachability-benchmark/cases/java/spring-guarded/outputs/coverage.json new file mode 100644 index 000000000..9b8cbaf62 --- /dev/null +++ b/bench/reachability-benchmark/cases/java/spring-guarded/outputs/coverage.json @@ -0,0 +1,13 @@ +{ + "files": { + "src/App.java": { + "lines_covered": [ + 10, + 11, + 13, + 15 + ], + "lines_total": 29 + } + } +} \ No newline at end of file diff --git a/bench/reachability-benchmark/cases/java/spring-guarded/outputs/sbom.cdx.json b/bench/reachability-benchmark/cases/java/spring-guarded/outputs/sbom.cdx.json new file mode 100644 index 000000000..942ffde47 --- /dev/null +++ b/bench/reachability-benchmark/cases/java/spring-guarded/outputs/sbom.cdx.json @@ -0,0 +1,14 @@ +{ + "bomFormat": "CycloneDX", + "components": [], + "metadata": { + "component": { + "name": "spring-guarded", + "type": "application", + "version": "1.0.0" + }, + "timestamp": "1970-01-01T00:00:00Z" + }, + "specVersion": "1.5", + "version": 1 +} \ No newline at end of file diff --git a/bench/reachability-benchmark/cases/java/spring-guarded/outputs/traces/trace.json b/bench/reachability-benchmark/cases/java/spring-guarded/outputs/traces/trace.json new file mode 100644 index 000000000..10fe7be76 --- /dev/null +++ b/bench/reachability-benchmark/cases/java/spring-guarded/outputs/traces/trace.json @@ -0,0 +1,8 @@ +{ + "entry": "POST /api/upload", + "notes": "Guard requires ALLOW_DESER=true; sink not executed by default", + "path": [ + "App.handleRequest" + ], + "sink": "JavaDeserializeGuarded::handleRequest" +} \ No newline at end of file diff --git a/bench/reachability-benchmark/cases/java/spring-reflection/outputs/attestation.json b/bench/reachability-benchmark/cases/java/spring-reflection/outputs/attestation.json new file mode 100644 index 000000000..92b9433d6 --- /dev/null +++ b/bench/reachability-benchmark/cases/java/spring-reflection/outputs/attestation.json @@ -0,0 +1,22 @@ +{ + "_type": "https://in-toto.io/Statement/v0.1", + "predicate": { + "buildType": "stub", + "builder": { + "id": "stub" + }, + "metadata": { + "buildFinishedOn": "1970-01-01T00:00:00Z", + "buildStartedOn": "1970-01-01T00:00:00Z" + } + }, + "predicateType": "https://slsa.dev/provenance/v0.2", + "subject": [ + { + "digest": { + "sha256": "stub" + }, + "name": "java-spring-reflection:205" + } + ] +} \ No newline at end of file diff --git a/bench/reachability-benchmark/cases/java/spring-reflection/outputs/binary.tar.gz b/bench/reachability-benchmark/cases/java/spring-reflection/outputs/binary.tar.gz new file mode 100644 index 000000000..a48160ea2 Binary files /dev/null and b/bench/reachability-benchmark/cases/java/spring-reflection/outputs/binary.tar.gz differ diff --git a/bench/reachability-benchmark/cases/java/spring-reflection/outputs/classes/bench/reachability/springreflection/ReflectController$Marker.class b/bench/reachability-benchmark/cases/java/spring-reflection/outputs/classes/bench/reachability/springreflection/ReflectController$Marker.class new file mode 100644 index 000000000..0be486ffe Binary files /dev/null and b/bench/reachability-benchmark/cases/java/spring-reflection/outputs/classes/bench/reachability/springreflection/ReflectController$Marker.class differ diff --git a/bench/reachability-benchmark/cases/java/spring-reflection/outputs/classes/bench/reachability/springreflection/ReflectController$Response.class b/bench/reachability-benchmark/cases/java/spring-reflection/outputs/classes/bench/reachability/springreflection/ReflectController$Response.class new file mode 100644 index 000000000..8deb4a49b Binary files /dev/null and b/bench/reachability-benchmark/cases/java/spring-reflection/outputs/classes/bench/reachability/springreflection/ReflectController$Response.class differ diff --git a/bench/reachability-benchmark/cases/java/spring-reflection/outputs/classes/bench/reachability/springreflection/ReflectController.class b/bench/reachability-benchmark/cases/java/spring-reflection/outputs/classes/bench/reachability/springreflection/ReflectController.class new file mode 100644 index 000000000..ad69e5219 Binary files /dev/null and b/bench/reachability-benchmark/cases/java/spring-reflection/outputs/classes/bench/reachability/springreflection/ReflectController.class differ diff --git a/bench/reachability-benchmark/cases/java/spring-reflection/outputs/classes/bench/reachability/springreflection/ReflectControllerTest.class b/bench/reachability-benchmark/cases/java/spring-reflection/outputs/classes/bench/reachability/springreflection/ReflectControllerTest.class new file mode 100644 index 000000000..a2223d15a Binary files /dev/null and b/bench/reachability-benchmark/cases/java/spring-reflection/outputs/classes/bench/reachability/springreflection/ReflectControllerTest.class differ diff --git a/bench/reachability-benchmark/cases/java/spring-reflection/outputs/classes/outputs/SINK_REACHED b/bench/reachability-benchmark/cases/java/spring-reflection/outputs/classes/outputs/SINK_REACHED new file mode 100644 index 000000000..f32a5804e --- /dev/null +++ b/bench/reachability-benchmark/cases/java/spring-reflection/outputs/classes/outputs/SINK_REACHED @@ -0,0 +1 @@ +true \ No newline at end of file diff --git a/bench/reachability-benchmark/cases/java/spring-reflection/outputs/coverage.json b/bench/reachability-benchmark/cases/java/spring-reflection/outputs/coverage.json new file mode 100644 index 000000000..0113cf0f8 --- /dev/null +++ b/bench/reachability-benchmark/cases/java/spring-reflection/outputs/coverage.json @@ -0,0 +1,13 @@ +{ + "files": { + "src/ReflectController.java": { + "lines_covered": [ + 7, + 13, + 14, + 15 + ], + "lines_total": 29 + } + } +} \ No newline at end of file diff --git a/bench/reachability-benchmark/cases/java/spring-reflection/outputs/sbom.cdx.json b/bench/reachability-benchmark/cases/java/spring-reflection/outputs/sbom.cdx.json new file mode 100644 index 000000000..cc69ede30 --- /dev/null +++ b/bench/reachability-benchmark/cases/java/spring-reflection/outputs/sbom.cdx.json @@ -0,0 +1,14 @@ +{ + "bomFormat": "CycloneDX", + "components": [], + "metadata": { + "component": { + "name": "spring-reflection", + "type": "application", + "version": "1.0.0" + }, + "timestamp": "1970-01-01T00:00:00Z" + }, + "specVersion": "1.5", + "version": 1 +} \ No newline at end of file diff --git a/bench/reachability-benchmark/cases/java/spring-reflection/outputs/traces/trace.json b/bench/reachability-benchmark/cases/java/spring-reflection/outputs/traces/trace.json new file mode 100644 index 000000000..ff8466e0c --- /dev/null +++ b/bench/reachability-benchmark/cases/java/spring-reflection/outputs/traces/trace.json @@ -0,0 +1,9 @@ +{ + "entry": "POST /api/reflect", + "notes": "User controls class name flowing into Class.forName/newInstance", + "path": [ + "ReflectController.run", + "Class.forName" + ], + "sink": "SpringReflection::run" +} \ No newline at end of file