up
Some checks failed
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Policy Simulation / policy-simulate (push) Has been cancelled
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Signals CI & Image / signals-ci (push) Has been cancelled
Signals Reachability Scoring & Events / reachability-smoke (push) Has been cancelled
Signals Reachability Scoring & Events / sign-and-upload (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
Some checks failed
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Policy Simulation / policy-simulate (push) Has been cancelled
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Signals CI & Image / signals-ci (push) Has been cancelled
Signals Reachability Scoring & Events / reachability-smoke (push) Has been cancelled
Signals Reachability Scoring & Events / sign-and-upload (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
This commit is contained in:
StellaOps Bot
@@ -1,6 +1,5 @@
|
||||
using System.Security.Cryptography;
|
||||
using System.Text.Json;
|
||||
using System.Text.RegularExpressions;
|
||||
using FluentAssertions;
|
||||
using Xunit;
|
||||
|
||||
@@ -55,29 +54,47 @@ public class CorpusFixtureTests
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public void ExpectFilesContainRequiredFields()
|
||||
public void GroundTruthFilesContainRequiredFields()
|
||||
{
|
||||
var manifestPath = Path.Combine(CorpusRoot, "manifest.json");
|
||||
var manifest = JsonDocument.Parse(File.ReadAllBytes(manifestPath)).RootElement.EnumerateArray().ToArray();
|
||||
var required = new[] { "id", "language", "state", "score" };
|
||||
var idRegex = new Regex(@"^id:\s*(?<id>.+)$", RegexOptions.Multiline);
|
||||
const string expectedSchemaVersion = "reachbench.reachgraph.truth/v1";
|
||||
var allowedVariants = new[] { "reachable", "unreachable" };
|
||||
|
||||
foreach (var entry in manifest)
|
||||
{
|
||||
var id = entry.GetProperty("id").GetString()!;
|
||||
var language = entry.GetProperty("language").GetString()!;
|
||||
var expectPath = Path.Combine(CorpusRoot, language, id, "expect.yaml");
|
||||
File.Exists(expectPath).Should().BeTrue($"{id} missing expect.yaml");
|
||||
var text = File.ReadAllText(expectPath);
|
||||
var truthPath = Path.Combine(CorpusRoot, language, id, "ground-truth.json");
|
||||
File.Exists(truthPath).Should().BeTrue($"{id} missing ground-truth.json");
|
||||
|
||||
foreach (var field in required)
|
||||
using var truthDoc = JsonDocument.Parse(File.ReadAllBytes(truthPath));
|
||||
truthDoc.RootElement.GetProperty("schema_version").GetString().Should().Be(expectedSchemaVersion, $"{id} ground-truth schema_version mismatch");
|
||||
truthDoc.RootElement.GetProperty("case_id").GetString().Should().Be(id, $"{id} ground-truth case_id must match manifest id");
|
||||
|
||||
var variant = truthDoc.RootElement.GetProperty("variant").GetString();
|
||||
variant.Should().NotBeNullOrWhiteSpace($"{id} ground-truth must set variant");
|
||||
allowedVariants.Should().Contain(variant!, $"{id} variant must be reachable|unreachable");
|
||||
|
||||
truthDoc.RootElement.TryGetProperty("paths", out var pathsProp).Should().BeTrue($"{id} ground-truth must include paths");
|
||||
pathsProp.ValueKind.Should().Be(JsonValueKind.Array, $"{id} paths must be an array");
|
||||
|
||||
if (string.Equals(variant, "reachable", StringComparison.Ordinal))
|
||||
{
|
||||
text.Should().Contain($"{field}:", $"{id} expect.yaml missing '{field}:'");
|
||||
pathsProp.GetArrayLength().Should().BeGreaterThan(0, $"{id} reachable ground-truth should include at least one path");
|
||||
}
|
||||
|
||||
var match = idRegex.Match(text);
|
||||
match.Success.Should().BeTrue($"{id} expect.yaml should include matching id");
|
||||
match.Groups["id"].Value.Trim().Should().Be(id, $"{id} expect.yaml id must match manifest id");
|
||||
foreach (var path in pathsProp.EnumerateArray())
|
||||
{
|
||||
path.ValueKind.Should().Be(JsonValueKind.Array, $"{id} each path must be an array");
|
||||
path.GetArrayLength().Should().BeGreaterThan(0, $"{id} each path must contain at least one symbol");
|
||||
|
||||
foreach (var segment in path.EnumerateArray())
|
||||
{
|
||||
segment.ValueKind.Should().Be(JsonValueKind.String, $"{id} path segments must be strings");
|
||||
segment.GetString().Should().NotBeNullOrWhiteSpace($"{id} path segments must be non-empty strings");
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,56 @@
|
||||
using System.Text.Json;
|
||||
using FluentAssertions;
|
||||
using Xunit;
|
||||
|
||||
namespace StellaOps.Reachability.FixtureTests;
|
||||
|
||||
public sealed class FixtureCoverageTests
|
||||
{
|
||||
private static readonly string RepoRoot = ReachbenchFixtureTests.LocateRepoRoot();
|
||||
private static readonly string ReachabilityRoot = Path.Combine(RepoRoot, "tests", "reachability");
|
||||
private static readonly string CorpusRoot = Path.Combine(ReachabilityRoot, "corpus");
|
||||
private static readonly string SamplesPublicRoot = Path.Combine(ReachabilityRoot, "samples-public");
|
||||
|
||||
[Fact]
|
||||
public void CorpusAndPublicSamplesCoverExpectedLanguageBuckets()
|
||||
{
|
||||
var corpusLanguages = ReadManifestLanguages(Path.Combine(CorpusRoot, "manifest.json"));
|
||||
corpusLanguages.Should().Contain(new[] { "dotnet", "go", "python", "rust" });
|
||||
|
||||
var samplesLanguages = ReadManifestLanguages(Path.Combine(SamplesPublicRoot, "manifest.json"));
|
||||
samplesLanguages.Should().Contain(new[] { "csharp", "js", "php" });
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public void CorpusManifestIsSorted()
|
||||
{
|
||||
var keys = ReadManifestKeys(Path.Combine(CorpusRoot, "manifest.json"));
|
||||
keys.Should().NotBeEmpty("corpus manifest should have entries");
|
||||
keys.Should().BeInAscendingOrder(StringComparer.Ordinal);
|
||||
}
|
||||
|
||||
private static string[] ReadManifestLanguages(string manifestPath)
|
||||
{
|
||||
File.Exists(manifestPath).Should().BeTrue($"{manifestPath} should exist");
|
||||
|
||||
using var doc = JsonDocument.Parse(File.ReadAllBytes(manifestPath));
|
||||
return doc.RootElement.EnumerateArray()
|
||||
.Select(entry => entry.GetProperty("language").GetString())
|
||||
.Where(language => !string.IsNullOrWhiteSpace(language))
|
||||
.Select(language => language!)
|
||||
.Distinct(StringComparer.Ordinal)
|
||||
.OrderBy(language => language, StringComparer.Ordinal)
|
||||
.ToArray();
|
||||
}
|
||||
|
||||
private static string[] ReadManifestKeys(string manifestPath)
|
||||
{
|
||||
File.Exists(manifestPath).Should().BeTrue($"{manifestPath} should exist");
|
||||
|
||||
using var doc = JsonDocument.Parse(File.ReadAllBytes(manifestPath));
|
||||
return doc.RootElement.EnumerateArray()
|
||||
.Select(entry => $"{entry.GetProperty("language").GetString()}/{entry.GetProperty("id").GetString()}")
|
||||
.ToArray();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -32,7 +32,7 @@ public sealed class ReachabilityReplayWriterTests
|
||||
new("zastava", "cas://trace/1", "FFEE", DateTimeOffset.Parse("2025-10-15T09:00:00Z", CultureInfo.InvariantCulture)) // duplicate once normalized
|
||||
};
|
||||
|
||||
var writer = new ReachabilityReplayWriter();
|
||||
var writer = new StellaOps.Scanner.Reachability.ReachabilityReplayWriter();
|
||||
writer.AttachEvidence(manifest, graphs, traces);
|
||||
|
||||
manifest.Reachability.Should().NotBeNull();
|
||||
@@ -52,10 +52,12 @@ public sealed class ReachabilityReplayWriterTests
|
||||
public void AttachEvidence_DoesNotCreateSectionWhenEmpty()
|
||||
{
|
||||
var manifest = new ReplayManifest();
|
||||
var writer = new ReachabilityReplayWriter();
|
||||
var writer = new StellaOps.Scanner.Reachability.ReachabilityReplayWriter();
|
||||
|
||||
writer.AttachEvidence(manifest, Array.Empty<ReachabilityReplayGraph>(), Array.Empty<ReachabilityReplayTrace>());
|
||||
|
||||
manifest.Reachability.Should().BeNull();
|
||||
manifest.Reachability.AnalysisId.Should().BeNull();
|
||||
manifest.Reachability.Graphs.Should().BeEmpty();
|
||||
manifest.Reachability.RuntimeTraces.Should().BeEmpty();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,57 +0,0 @@
|
||||
using FluentAssertions;
|
||||
using MongoDB.Bson.Serialization;
|
||||
using StellaOps.Replay.Core;
|
||||
using Xunit;
|
||||
|
||||
namespace StellaOps.Replay.Core.Tests;
|
||||
|
||||
public sealed class ReplayMongoModelsTests
|
||||
{
|
||||
[Fact]
|
||||
public void ReplayRunRecord_SerializesWithExpectedFields()
|
||||
{
|
||||
var record = new ReplayRunRecord
|
||||
{
|
||||
Id = "scan-1",
|
||||
ManifestHash = "sha256:abc",
|
||||
Status = "verified",
|
||||
Outputs = new ReplayRunOutputs { Sbom = "sha256:sbom", Findings = "sha256:findings", Vex = "sha256:vex" },
|
||||
Signatures = new() { new ReplaySignatureRecord { Profile = "FIPS", Verified = true } }
|
||||
};
|
||||
|
||||
var bson = record.ToBsonDocument();
|
||||
|
||||
bson.Should().ContainKey("_id");
|
||||
bson["manifestHash"].AsString.Should().Be("sha256:abc");
|
||||
bson["status"].AsString.Should().Be("verified");
|
||||
bson["outputs"].AsBsonDocument["sbom"].AsString.Should().Be("sha256:sbom");
|
||||
bson["signatures"].AsBsonArray.Should().HaveCount(1);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public void ReplayBundleRecord_UsesIdAsDigest()
|
||||
{
|
||||
var record = new ReplayBundleRecord { Id = "abc", Type = "input", Size = 10, Location = "cas://replay/ab/abc.tar.zst" };
|
||||
|
||||
var bson = record.ToBsonDocument();
|
||||
bson["_id"].AsString.Should().Be("abc");
|
||||
bson["type"].AsString.Should().Be("input");
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public void ReplaySubjectRecord_StoresLayers()
|
||||
{
|
||||
var record = new ReplaySubjectRecord
|
||||
{
|
||||
OciDigest = "sha256:img",
|
||||
Layers = new()
|
||||
{
|
||||
new ReplayLayerRecord { LayerDigest = "l1", MerkleRoot = "m1", LeafCount = 2 },
|
||||
new ReplayLayerRecord { LayerDigest = "l2", MerkleRoot = "m2", LeafCount = 3 }
|
||||
}
|
||||
};
|
||||
|
||||
var doc = record.ToBsonDocument();
|
||||
doc["layers"].AsBsonArray.Should().HaveCount(2);
|
||||
}
|
||||
}
|
||||
@@ -10,7 +10,6 @@ using System.Threading.Tasks;
|
||||
using FluentAssertions;
|
||||
using Microsoft.Extensions.Logging.Abstractions;
|
||||
using Microsoft.Extensions.Options;
|
||||
using MongoDB.Bson;
|
||||
using StellaOps.Scanner.Reachability;
|
||||
using StellaOps.Signals.Models;
|
||||
using StellaOps.Signals.Options;
|
||||
@@ -36,7 +35,25 @@ public sealed class ScannerToSignalsReachabilityTests
|
||||
var variantPath = Path.Combine(FixtureRoot, caseId, "images", variant);
|
||||
Directory.Exists(variantPath).Should().BeTrue();
|
||||
|
||||
var builder = ReachabilityGraphBuilder.FromFixture(variantPath);
|
||||
var truth = JsonDocument.Parse(File.ReadAllText(Path.Combine(variantPath, "reachgraph.truth.json"))).RootElement;
|
||||
var paths = truth.GetProperty("paths")
|
||||
.EnumerateArray()
|
||||
.Select(path => path.EnumerateArray().Select(x => x.GetString()!).Where(x => !string.IsNullOrWhiteSpace(x)).ToList())
|
||||
.Where(path => path.Count > 0)
|
||||
.ToList();
|
||||
|
||||
var builder = new ReachabilityGraphBuilder();
|
||||
foreach (var path in paths)
|
||||
{
|
||||
for (var i = 0; i < path.Count; i++)
|
||||
{
|
||||
builder.AddNode(path[i]);
|
||||
if (i + 1 < path.Count)
|
||||
{
|
||||
builder.AddEdge(path[i], path[i + 1]);
|
||||
}
|
||||
}
|
||||
}
|
||||
var artifactJson = builder.BuildJson(indented: false);
|
||||
var parser = new SimpleJsonCallgraphParser("java");
|
||||
var parserResolver = new StaticParserResolver(new Dictionary<string, ICallgraphParser>
|
||||
@@ -45,10 +62,12 @@ public sealed class ScannerToSignalsReachabilityTests
|
||||
});
|
||||
var artifactStore = new InMemoryCallgraphArtifactStore();
|
||||
var callgraphRepo = new InMemoryCallgraphRepository();
|
||||
var reachabilityStore = new InMemoryReachabilityStoreRepository(TimeProvider.System);
|
||||
var ingestionService = new CallgraphIngestionService(
|
||||
parserResolver,
|
||||
artifactStore,
|
||||
callgraphRepo,
|
||||
reachabilityStore,
|
||||
new CallgraphNormalizationService(),
|
||||
Options.Create(new SignalsOptions()),
|
||||
TimeProvider.System,
|
||||
@@ -77,12 +96,14 @@ public sealed class ScannerToSignalsReachabilityTests
|
||||
new NullEventsPublisher(),
|
||||
NullLogger<ReachabilityScoringService>.Instance);
|
||||
|
||||
var truth = JsonDocument.Parse(File.ReadAllText(Path.Combine(variantPath, "reachgraph.truth.json"))).RootElement;
|
||||
var entryPoints = truth.GetProperty("paths").EnumerateArray()
|
||||
.Select(path => path[0].GetString()!)
|
||||
var entryPoints = paths
|
||||
.Select(path => path[0])
|
||||
.Distinct(StringComparer.Ordinal)
|
||||
.ToList();
|
||||
var targets = paths
|
||||
.Select(path => path[^1])
|
||||
.Distinct(StringComparer.Ordinal)
|
||||
.ToList();
|
||||
var targets = truth.GetProperty("sinks").EnumerateArray().Select(s => s.GetProperty("sid").GetString()!).ToList();
|
||||
|
||||
var recomputeRequest = new ReachabilityRecomputeRequest
|
||||
{
|
||||
@@ -161,7 +182,7 @@ public sealed class ScannerToSignalsReachabilityTests
|
||||
{
|
||||
if (string.IsNullOrWhiteSpace(document.Id))
|
||||
{
|
||||
document.Id = ObjectId.GenerateNewId().ToString();
|
||||
document.Id = $"cg-{storage.Count + 1}";
|
||||
}
|
||||
|
||||
storage[document.Id] = document;
|
||||
@@ -228,6 +249,9 @@ public sealed class ScannerToSignalsReachabilityTests
|
||||
|
||||
private sealed class InMemoryCallgraphArtifactStore : ICallgraphArtifactStore
|
||||
{
|
||||
private readonly Dictionary<string, byte[]> artifacts = new(StringComparer.OrdinalIgnoreCase);
|
||||
private readonly Dictionary<string, byte[]> manifests = new(StringComparer.OrdinalIgnoreCase);
|
||||
|
||||
public async Task<StoredCallgraphArtifact> SaveAsync(CallgraphArtifactSaveRequest request, Stream content, CancellationToken cancellationToken)
|
||||
{
|
||||
ArgumentNullException.ThrowIfNull(request);
|
||||
@@ -251,6 +275,15 @@ public sealed class ScannerToSignalsReachabilityTests
|
||||
var casUri = $"cas://fixtures/{request.Component}/{request.Version}/{computedHash}";
|
||||
var manifestPath = $"cas://fixtures/{request.Component}/{request.Version}/{computedHash}/manifest";
|
||||
|
||||
artifacts[computedHash] = bytes;
|
||||
|
||||
if (request.ManifestContent is not null)
|
||||
{
|
||||
await using var manifestBuffer = new MemoryStream();
|
||||
await request.ManifestContent.CopyToAsync(manifestBuffer, cancellationToken).ConfigureAwait(false);
|
||||
manifests[computedHash] = manifestBuffer.ToArray();
|
||||
}
|
||||
|
||||
return new StoredCallgraphArtifact(
|
||||
Path: $"fixtures/{request.Component}/{request.Version}/{request.FileName}",
|
||||
Length: bytes.Length,
|
||||
@@ -260,6 +293,29 @@ public sealed class ScannerToSignalsReachabilityTests
|
||||
ManifestPath: manifestPath,
|
||||
ManifestCasUri: manifestPath);
|
||||
}
|
||||
|
||||
public Task<Stream?> GetAsync(string hash, string? fileName, CancellationToken cancellationToken)
|
||||
{
|
||||
if (!artifacts.TryGetValue(hash, out var bytes))
|
||||
{
|
||||
return Task.FromResult<Stream?>(null);
|
||||
}
|
||||
|
||||
return Task.FromResult<Stream?>(new MemoryStream(bytes, writable: false));
|
||||
}
|
||||
|
||||
public Task<Stream?> GetManifestAsync(string hash, CancellationToken cancellationToken)
|
||||
{
|
||||
if (!manifests.TryGetValue(hash, out var bytes))
|
||||
{
|
||||
return Task.FromResult<Stream?>(null);
|
||||
}
|
||||
|
||||
return Task.FromResult<Stream?>(new MemoryStream(bytes, writable: false));
|
||||
}
|
||||
|
||||
public Task<bool> ExistsAsync(string hash, CancellationToken cancellationToken)
|
||||
=> Task.FromResult(artifacts.ContainsKey(hash));
|
||||
}
|
||||
private static string LocateRepoRoot()
|
||||
{
|
||||
|
||||
@@ -8,7 +8,6 @@ using System.Threading.Tasks;
|
||||
using FluentAssertions;
|
||||
using Microsoft.Extensions.Logging.Abstractions;
|
||||
using Microsoft.Extensions.Options;
|
||||
using MongoDB.Bson;
|
||||
using StellaOps.Signals.Models;
|
||||
using StellaOps.Signals.Options;
|
||||
using StellaOps.Signals.Parsing;
|
||||
@@ -47,15 +46,31 @@ public sealed class ReachabilityScoringTests
|
||||
public async Task RecomputedFactsMatchTruthFixtures(string caseId, string variant)
|
||||
{
|
||||
var casePath = Path.Combine(FixtureRoot, caseId);
|
||||
var variantPath = Path.Combine(casePath, "images", variant);
|
||||
var truth = JsonDocument.Parse(File.ReadAllText(Path.Combine(variantPath, "reachgraph.truth.json"))).RootElement;
|
||||
var sinks = truth.GetProperty("sinks").EnumerateArray().Select(x => x.GetProperty("sid").GetString()!).ToList();
|
||||
var entryPoints = truth.GetProperty("paths").EnumerateArray()
|
||||
.Select(path => path[0].GetString()!)
|
||||
var caseJson = JsonDocument.Parse(File.ReadAllText(Path.Combine(casePath, "case.json"))).RootElement;
|
||||
var reachablePathsNode = caseJson
|
||||
.GetProperty("ground_truth")
|
||||
.GetProperty("reachable_variant")
|
||||
.GetProperty("evidence")
|
||||
.GetProperty("paths");
|
||||
|
||||
var paths = reachablePathsNode.EnumerateArray()
|
||||
.Select(path => path.EnumerateArray().Select(x => x.GetString()!).Where(x => !string.IsNullOrWhiteSpace(x)).ToList())
|
||||
.Where(path => path.Count > 0)
|
||||
.ToList();
|
||||
|
||||
var entryPoints = paths
|
||||
.Select(path => path[0])
|
||||
.Where(p => !string.IsNullOrWhiteSpace(p))
|
||||
.Distinct(StringComparer.Ordinal)
|
||||
.ToList();
|
||||
|
||||
var callgraph = await LoadCallgraphAsync(caseId, variant, variantPath);
|
||||
var sinks = paths
|
||||
.Select(path => path[^1])
|
||||
.Where(p => !string.IsNullOrWhiteSpace(p))
|
||||
.Distinct(StringComparer.Ordinal)
|
||||
.ToList();
|
||||
|
||||
var callgraph = BuildCallgraphFromPaths(caseId, paths);
|
||||
var callgraphRepo = new InMemoryCallgraphRepository(callgraph);
|
||||
var factRepo = new InMemoryReachabilityFactRepository();
|
||||
var options = new SignalsOptions();
|
||||
@@ -66,7 +81,7 @@ public sealed class ReachabilityScoringTests
|
||||
callgraphRepo,
|
||||
factRepo,
|
||||
TimeProvider.System,
|
||||
Options.Create(options),
|
||||
Microsoft.Extensions.Options.Options.Create(options),
|
||||
cache,
|
||||
unknowns,
|
||||
eventsPublisher,
|
||||
@@ -149,41 +164,46 @@ public sealed class ReachabilityScoringTests
|
||||
};
|
||||
}
|
||||
|
||||
private static async Task<CallgraphDocument> LoadCallgraphAsync(string caseId, string variant, string variantPath)
|
||||
private static CallgraphDocument BuildCallgraphFromPaths(string caseId, IReadOnlyList<IReadOnlyList<string>> paths)
|
||||
{
|
||||
var parser = new SimpleJsonCallgraphParser("fixture");
|
||||
var nodes = new Dictionary<string, CallgraphNode>(StringComparer.Ordinal);
|
||||
var edges = new List<CallgraphEdge>();
|
||||
|
||||
foreach (var fileName in new[] { "callgraph.static.json", "callgraph.framework.json" })
|
||||
foreach (var path in paths)
|
||||
{
|
||||
var path = Path.Combine(variantPath, fileName);
|
||||
if (!File.Exists(path))
|
||||
if (path.Count == 0)
|
||||
{
|
||||
continue;
|
||||
}
|
||||
|
||||
await using var stream = File.OpenRead(path);
|
||||
var result = await parser.ParseAsync(stream, CancellationToken.None);
|
||||
foreach (var node in result.Nodes)
|
||||
foreach (var nodeId in path)
|
||||
{
|
||||
nodes[node.Id] = node;
|
||||
if (!nodes.ContainsKey(nodeId))
|
||||
{
|
||||
nodes[nodeId] = new CallgraphNode(nodeId, nodeId, "function", null, null, null);
|
||||
}
|
||||
}
|
||||
|
||||
edges.AddRange(result.Edges);
|
||||
for (var i = 0; i < path.Count - 1; i++)
|
||||
{
|
||||
edges.Add(new CallgraphEdge(path[i], path[i + 1], "call"));
|
||||
}
|
||||
}
|
||||
|
||||
return new CallgraphDocument
|
||||
{
|
||||
Id = ObjectId.GenerateNewId().ToString(),
|
||||
Id = caseId,
|
||||
Language = "fixture",
|
||||
Component = caseId,
|
||||
Version = variant,
|
||||
Nodes = nodes.Values.ToList(),
|
||||
Edges = edges,
|
||||
Version = "truth",
|
||||
Nodes = nodes.Values.OrderBy(n => n.Id, StringComparer.Ordinal).ToList(),
|
||||
Edges = edges
|
||||
.OrderBy(e => e.SourceId, StringComparer.Ordinal)
|
||||
.ThenBy(e => e.TargetId, StringComparer.Ordinal)
|
||||
.ToList(),
|
||||
Artifact = new CallgraphArtifactMetadata
|
||||
{
|
||||
Path = $"cas://fixtures/{caseId}/{variant}",
|
||||
Path = $"cas://fixtures/{caseId}",
|
||||
Hash = "stub",
|
||||
ContentType = "application/json",
|
||||
Length = 0
|
||||
|
||||
@@ -15,12 +15,23 @@ namespace StellaOps.Signals.Reachability.Tests;
|
||||
public sealed class RuntimeFactsIngestionServiceTests
|
||||
{
|
||||
private readonly FakeReachabilityFactRepository repository = new();
|
||||
private readonly FakeReachabilityCache cache = new();
|
||||
private readonly FakeEventsPublisher eventsPublisher = new();
|
||||
private readonly FakeScoringService scoringService = new();
|
||||
private readonly FakeProvenanceNormalizer provenanceNormalizer = new();
|
||||
private readonly FakeTimeProvider timeProvider = new(DateTimeOffset.Parse("2025-11-09T10:15:00Z", null, System.Globalization.DateTimeStyles.AssumeUniversal));
|
||||
private readonly RuntimeFactsIngestionService sut;
|
||||
|
||||
public RuntimeFactsIngestionServiceTests()
|
||||
{
|
||||
sut = new RuntimeFactsIngestionService(repository, timeProvider, NullLogger<RuntimeFactsIngestionService>.Instance);
|
||||
sut = new RuntimeFactsIngestionService(
|
||||
repository,
|
||||
timeProvider,
|
||||
cache,
|
||||
eventsPublisher,
|
||||
scoringService,
|
||||
provenanceNormalizer,
|
||||
NullLogger<RuntimeFactsIngestionService>.Instance);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
@@ -145,4 +156,83 @@ public sealed class RuntimeFactsIngestionServiceTests
|
||||
public Task<ReachabilityFactDocument?> GetBySubjectAsync(string subjectKey, CancellationToken cancellationToken) =>
|
||||
Task.FromResult(LastUpsert is { SubjectKey: not null } doc && doc.SubjectKey == subjectKey ? doc : null);
|
||||
}
|
||||
|
||||
private sealed class FakeReachabilityCache : IReachabilityCache
|
||||
{
|
||||
private readonly Dictionary<string, ReachabilityFactDocument> storage = new(StringComparer.Ordinal);
|
||||
|
||||
public Task<ReachabilityFactDocument?> GetAsync(string subjectKey, CancellationToken cancellationToken)
|
||||
{
|
||||
storage.TryGetValue(subjectKey, out var document);
|
||||
return Task.FromResult(document);
|
||||
}
|
||||
|
||||
public Task SetAsync(ReachabilityFactDocument document, CancellationToken cancellationToken)
|
||||
{
|
||||
storage[document.SubjectKey] = document;
|
||||
return Task.CompletedTask;
|
||||
}
|
||||
|
||||
public Task InvalidateAsync(string subjectKey, CancellationToken cancellationToken)
|
||||
{
|
||||
storage.Remove(subjectKey);
|
||||
return Task.CompletedTask;
|
||||
}
|
||||
}
|
||||
|
||||
private sealed class FakeEventsPublisher : IEventsPublisher
|
||||
{
|
||||
public List<ReachabilityFactDocument> Published { get; } = new();
|
||||
|
||||
public Task PublishFactUpdatedAsync(ReachabilityFactDocument fact, CancellationToken cancellationToken)
|
||||
{
|
||||
Published.Add(fact);
|
||||
return Task.CompletedTask;
|
||||
}
|
||||
}
|
||||
|
||||
private sealed class FakeScoringService : IReachabilityScoringService
|
||||
{
|
||||
public List<ReachabilityRecomputeRequest> Requests { get; } = new();
|
||||
|
||||
public Task<ReachabilityFactDocument> RecomputeAsync(ReachabilityRecomputeRequest request, CancellationToken cancellationToken)
|
||||
{
|
||||
Requests.Add(request);
|
||||
return Task.FromResult(new ReachabilityFactDocument
|
||||
{
|
||||
Subject = request.Subject,
|
||||
SubjectKey = request.Subject.ToSubjectKey(),
|
||||
CallgraphId = request.CallgraphId,
|
||||
ComputedAt = TimeProvider.System.GetUtcNow()
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
private sealed class FakeProvenanceNormalizer : IRuntimeFactsProvenanceNormalizer
|
||||
{
|
||||
public ProvenanceFeed NormalizeToFeed(
|
||||
IEnumerable<RuntimeFactEvent> events,
|
||||
ReachabilitySubject subject,
|
||||
string callgraphId,
|
||||
Dictionary<string, string?>? metadata,
|
||||
DateTimeOffset generatedAt) => new()
|
||||
{
|
||||
FeedId = "fixture",
|
||||
GeneratedAt = generatedAt,
|
||||
CorrelationId = callgraphId,
|
||||
Records = new List<ProvenanceRecord>()
|
||||
};
|
||||
|
||||
public ContextFacts CreateContextFacts(
|
||||
IEnumerable<RuntimeFactEvent> events,
|
||||
ReachabilitySubject subject,
|
||||
string callgraphId,
|
||||
Dictionary<string, string?>? metadata,
|
||||
DateTimeOffset timestamp) => new()
|
||||
{
|
||||
Provenance = NormalizeToFeed(events, subject, callgraphId, metadata, timestamp),
|
||||
LastUpdatedAt = timestamp,
|
||||
RecordCount = events is ICollection<RuntimeFactEvent> collection ? collection.Count : 0
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,9 +2,10 @@
|
||||
|
||||
Layout
|
||||
- `manifest.json` — deterministic SHA-256 hashes for each case file.
|
||||
- `<language>/<case>/expect.yaml` — state (`reachable|conditional|unreachable`), score, evidence refs.
|
||||
- `<language>/<case>/ground-truth.json` — expected reachability outcome (`reachable|unreachable`) and example path(s) (Reachbench truth schema v1).
|
||||
- `<language>/<case>/callgraph.static.json` — static call graph sample (stub for MVP).
|
||||
- `<language>/<case>/vex.openvex.json` — expected VEX slice for the case.
|
||||
- Legacy `expect.yaml` has been retired; its state/score are preserved under `legacy_expect` in `ground-truth.json`.
|
||||
|
||||
Determinism
|
||||
- JSON files have sorted keys; hashes recorded in `manifest.json`.
|
||||
|
||||
@@ -1,11 +0,0 @@
|
||||
schema_version: reach-corpus.expect/v1
|
||||
id: dotnet-kestrel-CVE-2023-44487-http2-rapid-reset
|
||||
language: dotnet
|
||||
state: reachable
|
||||
score: 0.85
|
||||
static_evidence:
|
||||
callgraphs:
|
||||
- callgraph.static.json
|
||||
runtime_evidence: []
|
||||
vex: vex.openvex.json
|
||||
notes: "MVP fixture stub; replace with real callgraph and traces when available."
|
||||
@@ -0,0 +1,16 @@
|
||||
{
|
||||
"case_id": "dotnet-kestrel-CVE-2023-44487-http2-rapid-reset",
|
||||
"legacy_expect": {
|
||||
"schema_version": "reach-corpus.expect/v1",
|
||||
"score": 0.85,
|
||||
"state": "reachable"
|
||||
},
|
||||
"paths": [
|
||||
[
|
||||
"sym://dotnet:entry",
|
||||
"sym://dotnet:sink"
|
||||
]
|
||||
],
|
||||
"schema_version": "reachbench.reachgraph.truth/v1",
|
||||
"variant": "reachable"
|
||||
}
|
||||
@@ -1,11 +0,0 @@
|
||||
schema_version: reach-corpus.expect/v1
|
||||
id: go-ssh-CVE-2020-9283-keyexchange
|
||||
language: go
|
||||
state: reachable
|
||||
score: 0.80
|
||||
static_evidence:
|
||||
callgraphs:
|
||||
- callgraph.static.json
|
||||
runtime_evidence: []
|
||||
vex: vex.openvex.json
|
||||
notes: "MVP fixture stub; replace with real callgraph and traces when available."
|
||||
@@ -0,0 +1,16 @@
|
||||
{
|
||||
"case_id": "go-ssh-CVE-2020-9283-keyexchange",
|
||||
"legacy_expect": {
|
||||
"schema_version": "reach-corpus.expect/v1",
|
||||
"score": 0.8,
|
||||
"state": "reachable"
|
||||
},
|
||||
"paths": [
|
||||
[
|
||||
"sym://go:entry",
|
||||
"sym://go:sink"
|
||||
]
|
||||
],
|
||||
"schema_version": "reachbench.reachgraph.truth/v1",
|
||||
"variant": "reachable"
|
||||
}
|
||||
@@ -1,38 +1,38 @@
|
||||
[
|
||||
{
|
||||
"files": {
|
||||
"callgraph.static.json": "b2f32c667c8ec76d50d2b106dc055777f0135e2cf6938540fd1840eda82b4fe7",
|
||||
"expect.yaml": "ffbbd4d12e2ee1898db9c34556754df8b7e1b21208298831714ee5e18ff4637d",
|
||||
"vex.openvex.json": "e8cb5215049b9b1fe76354da6f67e8a5ef336a49780a0881e50b85d3ac526e63"
|
||||
"callgraph.static.json": "7359d8c26f16151a4b05cf0e6675e5c66b5ffb6396b906e74c0d5bb2f290e972",
|
||||
"ground-truth.json": "5e9fe73eabe607c9912c64d7b3d31b456a2b74631b935ce81f769d4520303c59",
|
||||
"vex.openvex.json": "c3593790f769974b1b66aa5331f1d3ad4d699f77f198b2e77e78659ee79d3c15"
|
||||
},
|
||||
"id": "dotnet-kestrel-CVE-2023-44487-http2-rapid-reset",
|
||||
"language": "dotnet"
|
||||
},
|
||||
{
|
||||
"files": {
|
||||
"callgraph.static.json": "b2f32c667c8ec76d50d2b106dc055777f0135e2cf6938540fd1840eda82b4fe7",
|
||||
"expect.yaml": "e9b38f76f0814b90c401368335cc953afc511d2256f3bfa76a84928175b506ac",
|
||||
"vex.openvex.json": "e8cb5215049b9b1fe76354da6f67e8a5ef336a49780a0881e50b85d3ac526e63"
|
||||
"callgraph.static.json": "7359d8c26f16151a4b05cf0e6675e5c66b5ffb6396b906e74c0d5bb2f290e972",
|
||||
"ground-truth.json": "430adb2d001b526cff666336689006bad00e27c9f82582795a2d9dd106e1797d",
|
||||
"vex.openvex.json": "c3593790f769974b1b66aa5331f1d3ad4d699f77f198b2e77e78659ee79d3c15"
|
||||
},
|
||||
"id": "go-ssh-CVE-2020-9283-keyexchange",
|
||||
"language": "go"
|
||||
},
|
||||
{
|
||||
"files": {
|
||||
"callgraph.static.json": "b2f32c667c8ec76d50d2b106dc055777f0135e2cf6938540fd1840eda82b4fe7",
|
||||
"expect.yaml": "381e9379618014f346e11462ffe79b22785113f05def078bf85c26fe7a696830",
|
||||
"vex.openvex.json": "e8cb5215049b9b1fe76354da6f67e8a5ef336a49780a0881e50b85d3ac526e63"
|
||||
"callgraph.static.json": "7359d8c26f16151a4b05cf0e6675e5c66b5ffb6396b906e74c0d5bb2f290e972",
|
||||
"ground-truth.json": "50538def2e0a8b28134051b52a848eb4b53d43cf7a6eb6d041e8fc9f1d9210f1",
|
||||
"vex.openvex.json": "c3593790f769974b1b66aa5331f1d3ad4d699f77f198b2e77e78659ee79d3c15"
|
||||
},
|
||||
"id": "python-django-CVE-2019-19844-sqli-like",
|
||||
"language": "python"
|
||||
},
|
||||
{
|
||||
"files": {
|
||||
"callgraph.static.json": "b2f32c667c8ec76d50d2b106dc055777f0135e2cf6938540fd1840eda82b4fe7",
|
||||
"expect.yaml": "6c3bd42fd80277b874021b2f1a43133a9365ad298428b202d75970037de5d95f",
|
||||
"vex.openvex.json": "e8cb5215049b9b1fe76354da6f67e8a5ef336a49780a0881e50b85d3ac526e63"
|
||||
"callgraph.static.json": "7359d8c26f16151a4b05cf0e6675e5c66b5ffb6396b906e74c0d5bb2f290e972",
|
||||
"ground-truth.json": "36312fc03b7f46c8655c21448c9fb7acd6495344896b79010fbd9644a182a865",
|
||||
"vex.openvex.json": "c3593790f769974b1b66aa5331f1d3ad4d699f77f198b2e77e78659ee79d3c15"
|
||||
},
|
||||
"id": "rust-axum-header-parsing-TBD",
|
||||
"language": "rust"
|
||||
}
|
||||
]
|
||||
]
|
||||
|
||||
@@ -1,11 +0,0 @@
|
||||
schema_version: reach-corpus.expect/v1
|
||||
id: python-django-CVE-2019-19844-sqli-like
|
||||
language: python
|
||||
state: reachable
|
||||
score: 0.80
|
||||
static_evidence:
|
||||
callgraphs:
|
||||
- callgraph.static.json
|
||||
runtime_evidence: []
|
||||
vex: vex.openvex.json
|
||||
notes: "MVP fixture stub; replace with real callgraph and traces when available."
|
||||
@@ -0,0 +1,16 @@
|
||||
{
|
||||
"case_id": "python-django-CVE-2019-19844-sqli-like",
|
||||
"legacy_expect": {
|
||||
"schema_version": "reach-corpus.expect/v1",
|
||||
"score": 0.8,
|
||||
"state": "reachable"
|
||||
},
|
||||
"paths": [
|
||||
[
|
||||
"sym://python:entry",
|
||||
"sym://python:sink"
|
||||
]
|
||||
],
|
||||
"schema_version": "reachbench.reachgraph.truth/v1",
|
||||
"variant": "reachable"
|
||||
}
|
||||
@@ -1,11 +0,0 @@
|
||||
schema_version: reach-corpus.expect/v1
|
||||
id: rust-axum-header-parsing-TBD
|
||||
language: rust
|
||||
state: conditional
|
||||
score: 0.60
|
||||
static_evidence:
|
||||
callgraphs:
|
||||
- callgraph.static.json
|
||||
runtime_evidence: []
|
||||
vex: vex.openvex.json
|
||||
notes: "MVP fixture stub; replace with real callgraph and traces when available."
|
||||
@@ -0,0 +1,11 @@
|
||||
{
|
||||
"case_id": "rust-axum-header-parsing-TBD",
|
||||
"legacy_expect": {
|
||||
"schema_version": "reach-corpus.expect/v1",
|
||||
"score": 0.6,
|
||||
"state": "conditional"
|
||||
},
|
||||
"paths": [],
|
||||
"schema_version": "reachbench.reachgraph.truth/v1",
|
||||
"variant": "unreachable"
|
||||
}
|
||||
@@ -1,14 +1,14 @@
|
||||
{
|
||||
"case_id": "curl-CVE-2023-38545-socks5-heap",
|
||||
"files": {
|
||||
"attestation.dsse.json": "30937c552127484d65b409f39fe31caa5a4f071142892cc336be2a22d747331d",
|
||||
"callgraph.framework.json": "9ca4a75a6d19744789c7b34011e67126ab749b9626158ae57b03dbdfa6147a5e",
|
||||
"callgraph.static.json": "0ae8872a65a499cc8109b36eac53dfa0b6cf60b29482ddcdab6992c49e35ec74",
|
||||
"reachgraph.truth.json": "73617ac40fc52b1f17fb157cc9b3b3112af81efc299a551fab811dae272ff905",
|
||||
"sbom.cdx.json": "c89dcfe1faad15e6cd441bc5d4a0269b9586238750c5b93350660cd0603e3318",
|
||||
"sbom.spdx.json": "abc7d79dd5ef2df5b2a3287fa761912cf04e7f5107b268fc96dfff157b92fdca",
|
||||
"symbols.json": "a701cf77e8bf77b8b46618bb9ed16938aa7c5fdefdcd56a4a21722622a711470",
|
||||
"vex.openvex.json": "e697ff8a01a9217f97736306fdfe11a323d1fda3c79e41e10fd7c18cbc4ba601"
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "9545261d413f4f85d120ebe8432c32ba97ba3feb2d34075fd689fcb5794f3ab0",
|
||||
"sbom.cdx.json": "ce41fd9b9edadf94a8cc84a3cce4e175b0602fd2e0d8dcb067273b9584479980",
|
||||
"sbom.spdx.json": "10d7417961d3cac0f3a5c4b083917fba3dc4f9bd9140d80aad0a873435158482",
|
||||
"symbols.json": "c5f473aff5b428df5a3f9c3393b7fbceb94214e3c2fd4f547d4f258ca25a3080",
|
||||
"vex.openvex.json": "0518d09c2ae692b96553feb821ff8138fc0ea6c840d75c1f80149add21127ddd"
|
||||
},
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "reachable"
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
{
|
||||
"case_id": "curl-CVE-2023-38545-socks5-heap",
|
||||
"files": {
|
||||
"attestation.dsse.json": "30937c552127484d65b409f39fe31caa5a4f071142892cc336be2a22d747331d",
|
||||
"callgraph.framework.json": "9ca4a75a6d19744789c7b34011e67126ab749b9626158ae57b03dbdfa6147a5e",
|
||||
"callgraph.static.json": "0ae8872a65a499cc8109b36eac53dfa0b6cf60b29482ddcdab6992c49e35ec74",
|
||||
"reachgraph.truth.json": "835f69f6cec3472d786be6cd1b66062dfef84dea87e1885023a10f77a9cf5c85",
|
||||
"sbom.cdx.json": "c89dcfe1faad15e6cd441bc5d4a0269b9586238750c5b93350660cd0603e3318",
|
||||
"sbom.spdx.json": "abc7d79dd5ef2df5b2a3287fa761912cf04e7f5107b268fc96dfff157b92fdca",
|
||||
"symbols.json": "a9c96e72421bfc775df8cc7cf7203eda01e7ce9101ec6eff03decc5960fe3c1a",
|
||||
"vex.openvex.json": "6ce74c0c7b7b9502a189334aea3e0c4b03c7d396bff553697dc41ae3d8eb21de"
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "490c4175eb06e0c623e60263d2ce029ffa8b236aea5780c448b8180f38a1bf6f",
|
||||
"sbom.cdx.json": "ce41fd9b9edadf94a8cc84a3cce4e175b0602fd2e0d8dcb067273b9584479980",
|
||||
"sbom.spdx.json": "10d7417961d3cac0f3a5c4b083917fba3dc4f9bd9140d80aad0a873435158482",
|
||||
"symbols.json": "1b6a9e5598d2521e0ca55ed0f3f287ef19dc11cb1fb24fe961370c2fa7036214",
|
||||
"vex.openvex.json": "a9fa7e917601538e17750fb1c25b24e18333c779ec0d5d98d4fbccf84e2f544e"
|
||||
},
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "unreachable"
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
{
|
||||
"case_id": "dotnet-kestrel-CVE-2023-44487-http2-rapid-reset",
|
||||
"files": {
|
||||
"attestation.dsse.json": "30937c552127484d65b409f39fe31caa5a4f071142892cc336be2a22d747331d",
|
||||
"callgraph.framework.json": "9ca4a75a6d19744789c7b34011e67126ab749b9626158ae57b03dbdfa6147a5e",
|
||||
"callgraph.static.json": "0ae8872a65a499cc8109b36eac53dfa0b6cf60b29482ddcdab6992c49e35ec74",
|
||||
"reachgraph.truth.json": "ea22d69670f767c677395af15b2b6098764b9ae3f5dd94c229886c22011a8a98",
|
||||
"sbom.cdx.json": "4728c4bbdafe8f157820bb8559c13105aba373526699695b5ee53283ef761582",
|
||||
"sbom.spdx.json": "84d8e2bd7b0fcc802cc91f21999908f1ae55659492969d48944a9652cbad0e7c",
|
||||
"symbols.json": "77c5d912fd82799e53f3082fd3cb21074ef9962e1809ef6f045da84dadc9516d",
|
||||
"vex.openvex.json": "d5c30749ed5dad4f2337f482d591e9755eb95efec99fdc9727fc8b7af1d13337"
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "5396e1c97612e0963bdaf9d5d3f570f095feaccfd46ed6e96af52a6dc4608608",
|
||||
"sbom.cdx.json": "8747790b2c9638b08aedca818367852889ee9bb50f1be1212b9c46b27296b8b9",
|
||||
"sbom.spdx.json": "fd5b8befa1a59f06c315406213426ee516276ad806f4acb1f53472149d97c402",
|
||||
"symbols.json": "c2bc2c131db1565b272900b2d86733086d601fc05a9072a43b9cd8b89a2e6f95",
|
||||
"vex.openvex.json": "2bc0466a7b733a0915b6a799e91ec731c0700d5bea8645c0bf983b6da180bc48"
|
||||
},
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "reachable"
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
{
|
||||
"case_id": "dotnet-kestrel-CVE-2023-44487-http2-rapid-reset",
|
||||
"files": {
|
||||
"attestation.dsse.json": "30937c552127484d65b409f39fe31caa5a4f071142892cc336be2a22d747331d",
|
||||
"callgraph.framework.json": "9ca4a75a6d19744789c7b34011e67126ab749b9626158ae57b03dbdfa6147a5e",
|
||||
"callgraph.static.json": "0ae8872a65a499cc8109b36eac53dfa0b6cf60b29482ddcdab6992c49e35ec74",
|
||||
"reachgraph.truth.json": "049dbb44a4e56e34d28fedaf09e41a025a0427935ee3b60017c23183ee58cb29",
|
||||
"sbom.cdx.json": "4728c4bbdafe8f157820bb8559c13105aba373526699695b5ee53283ef761582",
|
||||
"sbom.spdx.json": "84d8e2bd7b0fcc802cc91f21999908f1ae55659492969d48944a9652cbad0e7c",
|
||||
"symbols.json": "c983b416c449d0ff5735bb5cc7f1792e113ae465d2f76aa3512a58d0d44b6962",
|
||||
"vex.openvex.json": "5168a01bbbfe00f76ab536d818b9e2f156d37ffc01ffd278a52bebacbd6ee295"
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "86a0dad5b06b69018a35931b1ef8fb700abe6511f75aa81dcffc23f0411cc086",
|
||||
"sbom.cdx.json": "8747790b2c9638b08aedca818367852889ee9bb50f1be1212b9c46b27296b8b9",
|
||||
"sbom.spdx.json": "fd5b8befa1a59f06c315406213426ee516276ad806f4acb1f53472149d97c402",
|
||||
"symbols.json": "0793a11190a789d63cac1d15ae259dcbe48764dd0f75000176e3abf8f3a3beb6",
|
||||
"vex.openvex.json": "cd54fe28bf7f171a2a47e6118b05ad26013a32d97e2b9eef143eab75208d9fa4"
|
||||
},
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "unreachable"
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
{
|
||||
"case_id": "dotnet-newtonsoft-deser-TBD",
|
||||
"files": {
|
||||
"attestation.dsse.json": "30937c552127484d65b409f39fe31caa5a4f071142892cc336be2a22d747331d",
|
||||
"callgraph.framework.json": "9ca4a75a6d19744789c7b34011e67126ab749b9626158ae57b03dbdfa6147a5e",
|
||||
"callgraph.static.json": "0ae8872a65a499cc8109b36eac53dfa0b6cf60b29482ddcdab6992c49e35ec74",
|
||||
"reachgraph.truth.json": "0cb6f48faa72b41620612610e5e2e4f2ec03ec1a4e843a2e50437e9a95d5d261",
|
||||
"sbom.cdx.json": "f7a517a7608f0216f1596811a0184c6df1ccf6e71f88aff26e4ddf0e0ca1d9ff",
|
||||
"sbom.spdx.json": "c24a0ec0df18f1dea45f0afcb87fac8b17d1d0d87d711c9e9610244dc2ac9747",
|
||||
"symbols.json": "bcbace5bc3c071f4a751844420a948b3932657dc287191957ea5247349e68e32",
|
||||
"vex.openvex.json": "dafc01265689557670f9dc30874186942a018e9c095f64a03bb4b8d53e1e08d3"
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "7c1b7d56df4efc97360ba7754feb1051644e624afa2589971fab09507827e677",
|
||||
"sbom.cdx.json": "c7283a731ca81300f6cda9e944451062a92c7eb0559ebdc6b96f6afeea637187",
|
||||
"sbom.spdx.json": "da4978369cae300336e4abd570edb8c8de27bcb5ff2c5131975cae7d8ee01f8e",
|
||||
"symbols.json": "d03361b683ae570864824a8e57c91ca875590373d949d2f706af488c4ccbcc01",
|
||||
"vex.openvex.json": "41e52bf3c0b40ca614d32f5c9b719b68c53e2a0f08f483d6c429120060c9d930"
|
||||
},
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "reachable"
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
{
|
||||
"case_id": "dotnet-newtonsoft-deser-TBD",
|
||||
"files": {
|
||||
"attestation.dsse.json": "30937c552127484d65b409f39fe31caa5a4f071142892cc336be2a22d747331d",
|
||||
"callgraph.framework.json": "9ca4a75a6d19744789c7b34011e67126ab749b9626158ae57b03dbdfa6147a5e",
|
||||
"callgraph.static.json": "0ae8872a65a499cc8109b36eac53dfa0b6cf60b29482ddcdab6992c49e35ec74",
|
||||
"reachgraph.truth.json": "1cdc387fc4487201eddb3d00e8d75deb053f87dff23a61cfe232d168e60ff91d",
|
||||
"sbom.cdx.json": "f7a517a7608f0216f1596811a0184c6df1ccf6e71f88aff26e4ddf0e0ca1d9ff",
|
||||
"sbom.spdx.json": "c24a0ec0df18f1dea45f0afcb87fac8b17d1d0d87d711c9e9610244dc2ac9747",
|
||||
"symbols.json": "521cc59d537c4008afa37a1b8b379ede655f6619ee143bbae3123869fe12c653",
|
||||
"vex.openvex.json": "a75b2a1ed3086773162b80e9fa307c2ab3dec809643c9bbd614432891b2bf5c2"
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "aa1c4c8133ae26349e1a740293e875d91f3a5ba1b241eb39617a09ea1b6ced8e",
|
||||
"sbom.cdx.json": "c7283a731ca81300f6cda9e944451062a92c7eb0559ebdc6b96f6afeea637187",
|
||||
"sbom.spdx.json": "da4978369cae300336e4abd570edb8c8de27bcb5ff2c5131975cae7d8ee01f8e",
|
||||
"symbols.json": "a804343735751e99bda81ce614d890fe19cb510bcb3d3b17dff05ab01decf2e1",
|
||||
"vex.openvex.json": "65cdb8a5d02277eacf194c23cdb7a8adada7318f45f5ce4eb0e09fbcd9d8b615"
|
||||
},
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "unreachable"
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
{
|
||||
"case_id": "glibc-CVE-2023-4911-looney-tunables",
|
||||
"files": {
|
||||
"attestation.dsse.json": "30937c552127484d65b409f39fe31caa5a4f071142892cc336be2a22d747331d",
|
||||
"callgraph.framework.json": "9ca4a75a6d19744789c7b34011e67126ab749b9626158ae57b03dbdfa6147a5e",
|
||||
"callgraph.static.json": "0ae8872a65a499cc8109b36eac53dfa0b6cf60b29482ddcdab6992c49e35ec74",
|
||||
"reachgraph.truth.json": "d5dea5b832043e3268aecda2a423c959718e645589535c04f71652dfa06f54d1",
|
||||
"sbom.cdx.json": "e969033f28fe3debd8c93226cb7212ac2b0b54c8fc3e8a4d126d5dfb7bd8da1d",
|
||||
"sbom.spdx.json": "08a961ada88b9d5706f5baba763ccfddf2a474b9faf0981f0a87a2933f7031df",
|
||||
"symbols.json": "f9103b6f3df6caed469a68ec9677a34573e662de4ae61b7b1df630cbd2aab769",
|
||||
"vex.openvex.json": "207691b26721a773abe2b9242afe5e7f68ace37c307262d09adc188df9c20dbd"
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "f7200c066db6fefd2ed3168497ae7d8cb585f1d12479086217007df1bb2c1460",
|
||||
"sbom.cdx.json": "e3bbce1051a27f877fdd76634902c835ac21a7f53241308878a404dbced491fc",
|
||||
"sbom.spdx.json": "2b30ff6eabf0b4c5e76f2e5de6af21a6b48a746c51298a708a3674976ef5b8f8",
|
||||
"symbols.json": "27dd785d49ef6b4229a0e5a25107346eea5cc8b7dd01c2fb9ba73b53456bcaee",
|
||||
"vex.openvex.json": "bd6f67166fb31fa2a5e7211b71e083c8611f9c2b7d7e0607c31ce6df777a1f69"
|
||||
},
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "reachable"
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
{
|
||||
"case_id": "glibc-CVE-2023-4911-looney-tunables",
|
||||
"files": {
|
||||
"attestation.dsse.json": "30937c552127484d65b409f39fe31caa5a4f071142892cc336be2a22d747331d",
|
||||
"callgraph.framework.json": "9ca4a75a6d19744789c7b34011e67126ab749b9626158ae57b03dbdfa6147a5e",
|
||||
"callgraph.static.json": "0ae8872a65a499cc8109b36eac53dfa0b6cf60b29482ddcdab6992c49e35ec74",
|
||||
"reachgraph.truth.json": "04554e2014584d380d3d113ab6a81de20ba9a2097e6b828849e4f8d748664b30",
|
||||
"sbom.cdx.json": "e969033f28fe3debd8c93226cb7212ac2b0b54c8fc3e8a4d126d5dfb7bd8da1d",
|
||||
"sbom.spdx.json": "08a961ada88b9d5706f5baba763ccfddf2a474b9faf0981f0a87a2933f7031df",
|
||||
"symbols.json": "c328ec1c9620d072176a4409b740a6cf9dcba732e88cfa8427e40c17a76a498d",
|
||||
"vex.openvex.json": "3131068dec558feffad9cd829c02dab9dcf8dd9ea19505ef1f2ee104ce89f13a"
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "836f543e3e7b593582e2ffb529456ffc4309ec79d41e5f8b9eb5696f54d17883",
|
||||
"sbom.cdx.json": "e3bbce1051a27f877fdd76634902c835ac21a7f53241308878a404dbced491fc",
|
||||
"sbom.spdx.json": "2b30ff6eabf0b4c5e76f2e5de6af21a6b48a746c51298a708a3674976ef5b8f8",
|
||||
"symbols.json": "fe742caccb2134c46594f3816b58b06f1cad6f2d62ea8dd55ad31ce4ce672906",
|
||||
"vex.openvex.json": "3ebcafe7d9e0f211f80783568cd9bc4a92ddaa3609b2b0ef11471031246cadde"
|
||||
},
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "unreachable"
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
{
|
||||
"case_id": "go-gateway-reflection-auth-bypass",
|
||||
"files": {
|
||||
"attestation.dsse.json": "30937c552127484d65b409f39fe31caa5a4f071142892cc336be2a22d747331d",
|
||||
"callgraph.framework.json": "9ca4a75a6d19744789c7b34011e67126ab749b9626158ae57b03dbdfa6147a5e",
|
||||
"callgraph.static.json": "0ae8872a65a499cc8109b36eac53dfa0b6cf60b29482ddcdab6992c49e35ec74",
|
||||
"reachgraph.truth.json": "4af3b748615b65895a3137f5781e8b8043afd2d28746b93ee5e4ab752efc4dd7",
|
||||
"sbom.cdx.json": "033d6f89201c248b7d696af04d2dcf78434dd9f6ad8b64d5834d2fabe7ad5147",
|
||||
"sbom.spdx.json": "3adb2a7c66b8135e3e96c113ee670a6932d24ec4737f52fd6156d3293de4f391",
|
||||
"symbols.json": "55ce7298e1db590f299e9229b514a57b3ac6f461a876b07b1d80760c1df9cd5f",
|
||||
"vex.openvex.json": "8252cba56e4b2a7785f0d62c6d3a2752f6ef27611fcfbb5808a3caac94c75097"
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "f7c362965a307a6cf40f7921d2ad508cd503fa924ed3a391dba3afe54ab0dcdd",
|
||||
"sbom.cdx.json": "16a041571c0641abe57929624e49f07353edb8980ecdd16340ef83f24f127cba",
|
||||
"sbom.spdx.json": "8abd620f40a28d379b861d6ef640017ea119a8870890009dbd8126ed621a5c73",
|
||||
"symbols.json": "dbf69a19ce1676cc809597ed9fce78c9fe8ebcf25186949a107971116a79a39b",
|
||||
"vex.openvex.json": "b550e30451d7ef7ff612606711ecede1089d914bd8a26f5fbcf01ff1d4e36149"
|
||||
},
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "reachable"
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
{
|
||||
"case_id": "go-gateway-reflection-auth-bypass",
|
||||
"files": {
|
||||
"attestation.dsse.json": "30937c552127484d65b409f39fe31caa5a4f071142892cc336be2a22d747331d",
|
||||
"callgraph.framework.json": "9ca4a75a6d19744789c7b34011e67126ab749b9626158ae57b03dbdfa6147a5e",
|
||||
"callgraph.static.json": "0ae8872a65a499cc8109b36eac53dfa0b6cf60b29482ddcdab6992c49e35ec74",
|
||||
"reachgraph.truth.json": "b384a5d1977eab4f390c7112cc8006940d42701f7bfa71635c3e2edabc5929fa",
|
||||
"sbom.cdx.json": "033d6f89201c248b7d696af04d2dcf78434dd9f6ad8b64d5834d2fabe7ad5147",
|
||||
"sbom.spdx.json": "3adb2a7c66b8135e3e96c113ee670a6932d24ec4737f52fd6156d3293de4f391",
|
||||
"symbols.json": "6ef5a5a9514afba7c768af1e27f9963b066aa7c4dc0295a436d8716e089a86dd",
|
||||
"vex.openvex.json": "1a44ff9f0fa8098c5d74c12836d90efbe39dbf15a0360cf654b69e14fbf59cee"
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "df9749530b5dc16127ab6782877e19e2bde09a40f7cd44edc8af327619498d32",
|
||||
"sbom.cdx.json": "16a041571c0641abe57929624e49f07353edb8980ecdd16340ef83f24f127cba",
|
||||
"sbom.spdx.json": "8abd620f40a28d379b861d6ef640017ea119a8870890009dbd8126ed621a5c73",
|
||||
"symbols.json": "6571c9c658f4b0a967542a02cd5e5f4b82dd1ffaf7758c51d3ac9c2a83c6c86e",
|
||||
"vex.openvex.json": "69ffc3f74db3d723a0354c0aa05f4e5920fdb02fc8ac72e9d82392b5997f074d"
|
||||
},
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "unreachable"
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
{
|
||||
"case_id": "go-ssh-CVE-2020-9283-keyexchange",
|
||||
"files": {
|
||||
"attestation.dsse.json": "30937c552127484d65b409f39fe31caa5a4f071142892cc336be2a22d747331d",
|
||||
"callgraph.framework.json": "9ca4a75a6d19744789c7b34011e67126ab749b9626158ae57b03dbdfa6147a5e",
|
||||
"callgraph.static.json": "0ae8872a65a499cc8109b36eac53dfa0b6cf60b29482ddcdab6992c49e35ec74",
|
||||
"reachgraph.truth.json": "d5e2ec246dbd03eb9af759e416bba5a00eb18a3dc344590b31e87bf69098d877",
|
||||
"sbom.cdx.json": "1f685f8db5be777fe56e0d2f13769e2b7667bf7837b745e5c461175c1e3e6e1a",
|
||||
"sbom.spdx.json": "ea729e7e6842f10375261f5f2fe949521a513adee0eb72a6f38ca5d2e93798a7",
|
||||
"symbols.json": "4284612efe2a3770f720ffa490c5304a469baa36b5b7533f7ec9be24cf88be16",
|
||||
"vex.openvex.json": "9a62366bb238e0ad0e025fdd675226e3959ffc1307f890d009a69212897d4b04"
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "43fee4eeb52cec12879355873638959460eb91c463e2b2d3a67ef033f906469f",
|
||||
"sbom.cdx.json": "a975829c9537c16db4d19306ba6bc809930b6ad9f96495a8202d59d3f174cf2c",
|
||||
"sbom.spdx.json": "399d1f0946dfbe0fb66749f2b08df539f93285affbd059e0b66df55f485ed39a",
|
||||
"symbols.json": "189002d4626708cdad2ff1bda786c47dd90002915f411324ad5dccbce65ba26d",
|
||||
"vex.openvex.json": "1fdce721814a1a0c502882ab514ac7a361fdd3ea866869f4cf2c07578feb23d7"
|
||||
},
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "reachable"
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
{
|
||||
"case_id": "go-ssh-CVE-2020-9283-keyexchange",
|
||||
"files": {
|
||||
"attestation.dsse.json": "30937c552127484d65b409f39fe31caa5a4f071142892cc336be2a22d747331d",
|
||||
"callgraph.framework.json": "9ca4a75a6d19744789c7b34011e67126ab749b9626158ae57b03dbdfa6147a5e",
|
||||
"callgraph.static.json": "0ae8872a65a499cc8109b36eac53dfa0b6cf60b29482ddcdab6992c49e35ec74",
|
||||
"reachgraph.truth.json": "0fc5055224899bfc0fe645929dfc519e36fbdb2c939498fd22efc951f0b9f55c",
|
||||
"sbom.cdx.json": "1f685f8db5be777fe56e0d2f13769e2b7667bf7837b745e5c461175c1e3e6e1a",
|
||||
"sbom.spdx.json": "ea729e7e6842f10375261f5f2fe949521a513adee0eb72a6f38ca5d2e93798a7",
|
||||
"symbols.json": "2f50e84f8b75e56d77574781a392743a564a6602d50b19ceb551f99051a42a4b",
|
||||
"vex.openvex.json": "96f4f675a58cdf81002166b3d74b4a1481d9039593ed40b75e47e2c8ac262b5f"
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "ee1409484f2314be8471ebb0b1d3ab62d5bacbfd18dfc7380d9f94e2f214a6d4",
|
||||
"sbom.cdx.json": "a975829c9537c16db4d19306ba6bc809930b6ad9f96495a8202d59d3f174cf2c",
|
||||
"sbom.spdx.json": "399d1f0946dfbe0fb66749f2b08df539f93285affbd059e0b66df55f485ed39a",
|
||||
"symbols.json": "b40d34be3d26d3293e9f06c21c58d1f89ef75897697207f71aa6e461cf9f72bf",
|
||||
"vex.openvex.json": "537af070b5eb69fa842511fa63018ed6b8745631a156dcfc7abd1f60cc13e972"
|
||||
},
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "unreachable"
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
{
|
||||
"case_id": "java-jackson-CVE-2019-12384-polymorphic-deser",
|
||||
"files": {
|
||||
"attestation.dsse.json": "30937c552127484d65b409f39fe31caa5a4f071142892cc336be2a22d747331d",
|
||||
"callgraph.framework.json": "9ca4a75a6d19744789c7b34011e67126ab749b9626158ae57b03dbdfa6147a5e",
|
||||
"callgraph.static.json": "0ae8872a65a499cc8109b36eac53dfa0b6cf60b29482ddcdab6992c49e35ec74",
|
||||
"reachgraph.truth.json": "1a8a4447a07938fb604399b29f52c52fe8abcb5777fa94c32697be3b4936deb5",
|
||||
"sbom.cdx.json": "bc802fbfc6cd9cbe431416484872cbbaafe2e1e4bb8d00d1437a8d48bfc2d2cc",
|
||||
"sbom.spdx.json": "ffb869fd2e4d6d8bbad352d91a431f1038359995701dda2c44d15b32fbf6bb0c",
|
||||
"symbols.json": "d39267f0d6c8e267b8d4ec04f600012f08e9a9b3344ea4cbe5ebe8303e5fdd30",
|
||||
"vex.openvex.json": "28a1e5373cd7d22a0078e4655ca51ac127a81a056cb1bc751add88cbba886b78"
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "8030095b4fc7157d09af6fd16fd3fccfb013f5a744c7e13e1bba1fb01201b2e6",
|
||||
"sbom.cdx.json": "109a4ef5481c4597a26f3172e5f5fd1ead491b55f19c84bb93a46bd6e5c47b28",
|
||||
"sbom.spdx.json": "619548fa26467f19ddef9a2b1adae3c0fec5b166a3a4f494901ae23ddac0156d",
|
||||
"symbols.json": "4c4a40db721f39e3bd06a5dd63c408ebf6f8bd9dd3faf1892b2f0a712b81ad8c",
|
||||
"vex.openvex.json": "13e69a076e5d4c622d82b042ce26129e0fcdf62eb8a800303a23ab9915938c2e"
|
||||
},
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "reachable"
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
{
|
||||
"case_id": "java-jackson-CVE-2019-12384-polymorphic-deser",
|
||||
"files": {
|
||||
"attestation.dsse.json": "30937c552127484d65b409f39fe31caa5a4f071142892cc336be2a22d747331d",
|
||||
"callgraph.framework.json": "9ca4a75a6d19744789c7b34011e67126ab749b9626158ae57b03dbdfa6147a5e",
|
||||
"callgraph.static.json": "0ae8872a65a499cc8109b36eac53dfa0b6cf60b29482ddcdab6992c49e35ec74",
|
||||
"reachgraph.truth.json": "fab11e90f6e9fab6af782059b6ca8363d39dc57fe11c475566d60aabbdcf5579",
|
||||
"sbom.cdx.json": "bc802fbfc6cd9cbe431416484872cbbaafe2e1e4bb8d00d1437a8d48bfc2d2cc",
|
||||
"sbom.spdx.json": "ffb869fd2e4d6d8bbad352d91a431f1038359995701dda2c44d15b32fbf6bb0c",
|
||||
"symbols.json": "bf928643842abab67d785259cbe9c3b8b655969d037b678bd51e7834fd27926f",
|
||||
"vex.openvex.json": "d0028bf8a37999413fc66906394072a08ad47b48b53cd914e2e10cf128ad1e31"
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "0d7634e488cab16bd206235b80fb635187fe5c648f8ae97f7203d48490209c89",
|
||||
"sbom.cdx.json": "109a4ef5481c4597a26f3172e5f5fd1ead491b55f19c84bb93a46bd6e5c47b28",
|
||||
"sbom.spdx.json": "619548fa26467f19ddef9a2b1adae3c0fec5b166a3a4f494901ae23ddac0156d",
|
||||
"symbols.json": "dc67782d6a011629563b6274b2980b80e60cee3dcb55cab4e4ea9d80dd41046e",
|
||||
"vex.openvex.json": "c74db782f4df6c74b1a8ec386d2c698bd8ab2f26d7e11f2c4d0d80a5905e35c2"
|
||||
},
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "unreachable"
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
{
|
||||
"case_id": "java-log4j-CVE-2021-44228-log4shell",
|
||||
"files": {
|
||||
"attestation.dsse.json": "30937c552127484d65b409f39fe31caa5a4f071142892cc336be2a22d747331d",
|
||||
"callgraph.framework.json": "9ca4a75a6d19744789c7b34011e67126ab749b9626158ae57b03dbdfa6147a5e",
|
||||
"callgraph.static.json": "0ae8872a65a499cc8109b36eac53dfa0b6cf60b29482ddcdab6992c49e35ec74",
|
||||
"reachgraph.truth.json": "18e1e5f2d183fced40abed7ffd688b09688f28b0c96b6bf67f3bcd04fd39951e",
|
||||
"sbom.cdx.json": "372ddb8f9e5d47faaad77ad7c3629eac3283adff306c5891e3fdff073d741e9b",
|
||||
"sbom.spdx.json": "82f9f8e671138a3d2134be3ce583af42069cd20c2b57657cdad13668b0a9cfe2",
|
||||
"symbols.json": "69eef48ff4667ba0cd6d454f08405c7fb04891fd8182279fe8d42ced59d15328",
|
||||
"vex.openvex.json": "b2fad990e76faec9eb20475d1b1a4e0e42012f03db28973237ec338d076d26f9"
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "03d8edec093c07c9e0e77b6a52f015095db71ab9b8c2b2fdad245960e40bd2f2",
|
||||
"sbom.cdx.json": "a43b3ae67d9423a75c709209b5c4c15c389163931bd2c57df1a924f92d0b871e",
|
||||
"sbom.spdx.json": "b29f8c850043fbb66deb6a8ba9b764a3c66f8527ab47d0ea04cc63f10716334f",
|
||||
"symbols.json": "b7b75e6116d33e98ae5b92598394095510e27afa8e0facdb617070fd8866d20b",
|
||||
"vex.openvex.json": "67dd7e3220be878da101bc58d3e55bde4e69a6d56a4e14b4c3c3c5f4f1af8c3a"
|
||||
},
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "reachable"
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
{
|
||||
"case_id": "java-log4j-CVE-2021-44228-log4shell",
|
||||
"files": {
|
||||
"attestation.dsse.json": "30937c552127484d65b409f39fe31caa5a4f071142892cc336be2a22d747331d",
|
||||
"callgraph.framework.json": "9ca4a75a6d19744789c7b34011e67126ab749b9626158ae57b03dbdfa6147a5e",
|
||||
"callgraph.static.json": "0ae8872a65a499cc8109b36eac53dfa0b6cf60b29482ddcdab6992c49e35ec74",
|
||||
"reachgraph.truth.json": "2bcfc3d70ef20266eeb90a42ad92127be3b7fe17d1a3bc03a8002dc5d42498c9",
|
||||
"sbom.cdx.json": "372ddb8f9e5d47faaad77ad7c3629eac3283adff306c5891e3fdff073d741e9b",
|
||||
"sbom.spdx.json": "82f9f8e671138a3d2134be3ce583af42069cd20c2b57657cdad13668b0a9cfe2",
|
||||
"symbols.json": "32146204dbcc7be27e80cf6a12d15f53b5c2f36a043adad94266f70b371fbc6e",
|
||||
"vex.openvex.json": "e9db528da741ec09b92b6166f1382bfc340f1effc93a4ad61d0da8817a1df5d0"
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "80427fa6cc873a3f440db5686d134709d34613394762ed8dc411dbfdeadaa8c9",
|
||||
"sbom.cdx.json": "a43b3ae67d9423a75c709209b5c4c15c389163931bd2c57df1a924f92d0b871e",
|
||||
"sbom.spdx.json": "b29f8c850043fbb66deb6a8ba9b764a3c66f8527ab47d0ea04cc63f10716334f",
|
||||
"symbols.json": "7e4e19ff912bff2a72dd34cb814b2fd52b63f6dceb7e423ed2eb35a739d6719b",
|
||||
"vex.openvex.json": "e65779c3e3469b618c2b2c978a66e077e6c70311434fe2ca1364bf30c8b9570e"
|
||||
},
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "unreachable"
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
{
|
||||
"case_id": "java-spring-CVE-2022-22965-spring4shell",
|
||||
"files": {
|
||||
"attestation.dsse.json": "30937c552127484d65b409f39fe31caa5a4f071142892cc336be2a22d747331d",
|
||||
"callgraph.framework.json": "9ca4a75a6d19744789c7b34011e67126ab749b9626158ae57b03dbdfa6147a5e",
|
||||
"callgraph.static.json": "0ae8872a65a499cc8109b36eac53dfa0b6cf60b29482ddcdab6992c49e35ec74",
|
||||
"reachgraph.truth.json": "4e42e16ec75b44cd13fec0687b5baeae4fe9d3e909b2cd420d869831332b555b",
|
||||
"sbom.cdx.json": "607256a4708ac35a12f7fa3b229158e28bd4ac1183e81327c2369fa9cff4d214",
|
||||
"sbom.spdx.json": "cf583ebd3bba7aa0dba50b435adcbfdc8878e9c516f6fd540fcf59f16cb989b0",
|
||||
"symbols.json": "7eb263746a5371dcd706ae6f92ba9b01f16de87ba385d1c7ce5c94784ed309a0",
|
||||
"vex.openvex.json": "84af60858e98b8b8367c4a747176319357abd5e49cf4826454ee076ae07c759f"
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "316f1bc49235fad6e8aeb59c95028e79801d1e0e87599dc87cbeb919e55a332d",
|
||||
"sbom.cdx.json": "05d75b98871eb73a5f81774ce2eb9a74cd36e2e6751aebd28df64993a538501b",
|
||||
"sbom.spdx.json": "97a3f8f8c8424f7caf000dcf8da67fd12ce7662302f5113d39058f4fba8d7061",
|
||||
"symbols.json": "c45532d8f5df11d1ba108ee3203b66dc6eef453f7fad1df7b4f120c3be28d8e2",
|
||||
"vex.openvex.json": "3faeae83e4427b7ad268d55b38d246982713cb18d1dbbb1af7f55bfdec2c528c"
|
||||
},
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "reachable"
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
{
|
||||
"case_id": "java-spring-CVE-2022-22965-spring4shell",
|
||||
"files": {
|
||||
"attestation.dsse.json": "30937c552127484d65b409f39fe31caa5a4f071142892cc336be2a22d747331d",
|
||||
"callgraph.framework.json": "9ca4a75a6d19744789c7b34011e67126ab749b9626158ae57b03dbdfa6147a5e",
|
||||
"callgraph.static.json": "0ae8872a65a499cc8109b36eac53dfa0b6cf60b29482ddcdab6992c49e35ec74",
|
||||
"reachgraph.truth.json": "1ad19ebfd6a160fd4c1290aebaeda41c7dc2850c2355f407b1beb62743e6d385",
|
||||
"sbom.cdx.json": "607256a4708ac35a12f7fa3b229158e28bd4ac1183e81327c2369fa9cff4d214",
|
||||
"sbom.spdx.json": "cf583ebd3bba7aa0dba50b435adcbfdc8878e9c516f6fd540fcf59f16cb989b0",
|
||||
"symbols.json": "18f2e58edb1bb5e9c9526cde7e03f0e0f5c6dcac248b65efb7f4c53272f42376",
|
||||
"vex.openvex.json": "d214434c583ec25326745612135b6bde54f96c31040b4d20c1e82ae592c38e9f"
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "d5dfb70311cdfcbb9d9dc00f2c432e21994a567b73afc2e5e51105dd75098a9d",
|
||||
"sbom.cdx.json": "05d75b98871eb73a5f81774ce2eb9a74cd36e2e6751aebd28df64993a538501b",
|
||||
"sbom.spdx.json": "97a3f8f8c8424f7caf000dcf8da67fd12ce7662302f5113d39058f4fba8d7061",
|
||||
"symbols.json": "24c8f838eca93f887822a0e27608d21695c7e77aa5ffcb4f0b7f67e0c7f9254f",
|
||||
"vex.openvex.json": "64c8b4fbc6462876ab6861b9235c1f11200a881392c55c40371786f5d21fcec5"
|
||||
},
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "unreachable"
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
{
|
||||
"case_id": "linux-cgroups-CVE-2022-0492-release_agent",
|
||||
"files": {
|
||||
"attestation.dsse.json": "30937c552127484d65b409f39fe31caa5a4f071142892cc336be2a22d747331d",
|
||||
"callgraph.framework.json": "9ca4a75a6d19744789c7b34011e67126ab749b9626158ae57b03dbdfa6147a5e",
|
||||
"callgraph.static.json": "0ae8872a65a499cc8109b36eac53dfa0b6cf60b29482ddcdab6992c49e35ec74",
|
||||
"reachgraph.truth.json": "1b1d298f981935c318b3c010219ab24a4446b0525ad1016e914202922bc1661e",
|
||||
"sbom.cdx.json": "4490a3b78cbac995e5c4ed2e13e948d7e6b1ed042ab693e5d881871282b5d2b8",
|
||||
"sbom.spdx.json": "ee4568feb4a4c83d6cc10518bbc83a6f985b74a43f2ce4c8e3aaa519bb842e5c",
|
||||
"symbols.json": "ea98caf1fd5a099bd197eeccb973b951eefd48dbb1c8f1dba4230fb71a71ad8f",
|
||||
"vex.openvex.json": "cc7ac5157ccc6fff563a060e7af71150eba5af7023e159964fbd4f33629d2d40"
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "8b212a35b6bbd0eebf58c888fa3ba2f15df2c223f46aa0cbe3a819eb0b00a04e",
|
||||
"sbom.cdx.json": "011435c08b0937a16783c5513a7a6997562db09e5683663b72eef0582b117928",
|
||||
"sbom.spdx.json": "2ffd0b73f7fac20f929aa782ac97496b693846c63cea70b22ca1ab07801dd8e1",
|
||||
"symbols.json": "c8221bd84c11929566d8460068cc87b5b17fad5be3744b11bfde2f6c66ebb2cb",
|
||||
"vex.openvex.json": "ec5738e266b360a5b176af280a68c9e147bdfc21a30c6429845d320ff7766819"
|
||||
},
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "reachable"
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
{
|
||||
"case_id": "linux-cgroups-CVE-2022-0492-release_agent",
|
||||
"files": {
|
||||
"attestation.dsse.json": "30937c552127484d65b409f39fe31caa5a4f071142892cc336be2a22d747331d",
|
||||
"callgraph.framework.json": "9ca4a75a6d19744789c7b34011e67126ab749b9626158ae57b03dbdfa6147a5e",
|
||||
"callgraph.static.json": "0ae8872a65a499cc8109b36eac53dfa0b6cf60b29482ddcdab6992c49e35ec74",
|
||||
"reachgraph.truth.json": "d12f50088d87da6735bf77315520c649b7b270926487b35427eabf9c09c70f53",
|
||||
"sbom.cdx.json": "4490a3b78cbac995e5c4ed2e13e948d7e6b1ed042ab693e5d881871282b5d2b8",
|
||||
"sbom.spdx.json": "ee4568feb4a4c83d6cc10518bbc83a6f985b74a43f2ce4c8e3aaa519bb842e5c",
|
||||
"symbols.json": "74a8557624a8459c59919421209e564b8592a0a1e1e3c80f9c9ba267140b024c",
|
||||
"vex.openvex.json": "1f205cca143401fcfcd9c61f33ffce9bf51839546a8031f583ca04aa83ae6df7"
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "ceb7e2d85e6a23cc60caf2eb46e5e05cdc8af24661ffcc9ac674ed12234529e7",
|
||||
"sbom.cdx.json": "011435c08b0937a16783c5513a7a6997562db09e5683663b72eef0582b117928",
|
||||
"sbom.spdx.json": "2ffd0b73f7fac20f929aa782ac97496b693846c63cea70b22ca1ab07801dd8e1",
|
||||
"symbols.json": "89e6fe61fa90b366b00e0e7f61bd9f4452e490e6197ea6d606751caa2e31bbb5",
|
||||
"vex.openvex.json": "3e10a7fdece86c0aa73c1d8a86d693a75ad020d2351458878231944b9e4ae28a"
|
||||
},
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "unreachable"
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
{
|
||||
"case_id": "node-express-middleware-order-auth-bypass",
|
||||
"files": {
|
||||
"attestation.dsse.json": "30937c552127484d65b409f39fe31caa5a4f071142892cc336be2a22d747331d",
|
||||
"callgraph.framework.json": "9ca4a75a6d19744789c7b34011e67126ab749b9626158ae57b03dbdfa6147a5e",
|
||||
"callgraph.static.json": "0ae8872a65a499cc8109b36eac53dfa0b6cf60b29482ddcdab6992c49e35ec74",
|
||||
"reachgraph.truth.json": "b105d1e625d001e8e801b67f40b72f13ffaa3889505353e9ae9aa6316ae92e06",
|
||||
"sbom.cdx.json": "96830b648c0267ae5fea1bc534c2868778028f04b15365c8e42fcf0b9ad8ec90",
|
||||
"sbom.spdx.json": "432b218689fb7e6affe40229822ed1632823f59ffa7ce19d44ece9a512c4e7a4",
|
||||
"symbols.json": "5f2abc128a64ae085cffaca5b1c9d21cd22abcac35f3b79963c213a5e965d800",
|
||||
"vex.openvex.json": "4ae403a8c67fb67d430059af05c72358356f291c13fc3219b97c29d74acebc9a"
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "3ec9dce86031af5a893667834e8fd21c276a5afb1156544e0208a58e65f99841",
|
||||
"sbom.cdx.json": "104dd5cb4497b83d59c6cb0a3e59af02d4f2b52ffa4709086a7dcccb5ef4d7b8",
|
||||
"sbom.spdx.json": "3f4850fc7da4fde7f97d33d0c6b78a0e50bac716fbb4f0dab2b6a3c29fe302be",
|
||||
"symbols.json": "8cc43736be4fddfbd8947e03263cc1a3d7301aa4be6bad1d6bf99d91787c14ab",
|
||||
"vex.openvex.json": "d165dbc8f75c38b68a154f2ad365d686cb327883c96cd88669f4f163407598dd"
|
||||
},
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "reachable"
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
{
|
||||
"case_id": "node-express-middleware-order-auth-bypass",
|
||||
"files": {
|
||||
"attestation.dsse.json": "30937c552127484d65b409f39fe31caa5a4f071142892cc336be2a22d747331d",
|
||||
"callgraph.framework.json": "9ca4a75a6d19744789c7b34011e67126ab749b9626158ae57b03dbdfa6147a5e",
|
||||
"callgraph.static.json": "0ae8872a65a499cc8109b36eac53dfa0b6cf60b29482ddcdab6992c49e35ec74",
|
||||
"reachgraph.truth.json": "ae08f45e5718acefc99d0146143b699022486b8baad91d32622345b82aca46d6",
|
||||
"sbom.cdx.json": "96830b648c0267ae5fea1bc534c2868778028f04b15365c8e42fcf0b9ad8ec90",
|
||||
"sbom.spdx.json": "432b218689fb7e6affe40229822ed1632823f59ffa7ce19d44ece9a512c4e7a4",
|
||||
"symbols.json": "18062cd7e4c9e4e4313223533ca6308bb3d5d469feca8689aaf897f95830b4b7",
|
||||
"vex.openvex.json": "25a9db016befed97dd385225ad9bcdd25e7a60d65f049051884e504100ae6d6d"
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "7fc0d7bf7870b42b4d216d2c9001446761aa86b073da551776350cbb481b14ce",
|
||||
"sbom.cdx.json": "104dd5cb4497b83d59c6cb0a3e59af02d4f2b52ffa4709086a7dcccb5ef4d7b8",
|
||||
"sbom.spdx.json": "3f4850fc7da4fde7f97d33d0c6b78a0e50bac716fbb4f0dab2b6a3c29fe302be",
|
||||
"symbols.json": "45aa8a689a6fcca0a0c96e587da654d30301b37190d70dd25240231e14cf4df2",
|
||||
"vex.openvex.json": "3fa11fea858bb9520c1b9c656d1d6b8191fb15a11aa92ccb933ce999b115a29b"
|
||||
},
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "unreachable"
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
{
|
||||
"case_id": "node-tar-CVE-2021-37713-path-traversal",
|
||||
"files": {
|
||||
"attestation.dsse.json": "30937c552127484d65b409f39fe31caa5a4f071142892cc336be2a22d747331d",
|
||||
"callgraph.framework.json": "9ca4a75a6d19744789c7b34011e67126ab749b9626158ae57b03dbdfa6147a5e",
|
||||
"callgraph.static.json": "0ae8872a65a499cc8109b36eac53dfa0b6cf60b29482ddcdab6992c49e35ec74",
|
||||
"reachgraph.truth.json": "f4e47da91b002b9bbab2e79fc84b103ec3310fead248588abfe77c4bc0b9d8eb",
|
||||
"sbom.cdx.json": "3109ba08a7a9a908282f3d2014e78ff74418b925ead00b64c26400c508cce9d6",
|
||||
"sbom.spdx.json": "3422be00cedf9ff4a4a808bfb7c4abdd491fd545da2a6076cae6096710c4abc5",
|
||||
"symbols.json": "d9b88cab4fdc99df1f009fd65aa70da74c4f45e79919b754092d63439f1cdf9e",
|
||||
"vex.openvex.json": "f9e650b96ea369d484ffecb37787ce43d54feb09c2f49e2bf948213be7855c9f"
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "0bbbab7a034667021473bd75c43b5f4317e5b99aa55a1ffd37696c61899ffe14",
|
||||
"sbom.cdx.json": "bd237786ad3208f9f41ad2b56d05c4f3482966628f28bd7ece00dc37d247fb3d",
|
||||
"sbom.spdx.json": "971e3ef7be1edbf5b58b72753740742773333003d953ffbcc88581c97aea9464",
|
||||
"symbols.json": "c532dbbb307244b4f83dab9b7a767906c90e4bea518f3753159064e34d4d70aa",
|
||||
"vex.openvex.json": "bcd7c056e063ad8ed87cdfdfd3bb4e9bff1753acc738380b2e6c779db6f6ce46"
|
||||
},
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "reachable"
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
{
|
||||
"case_id": "node-tar-CVE-2021-37713-path-traversal",
|
||||
"files": {
|
||||
"attestation.dsse.json": "30937c552127484d65b409f39fe31caa5a4f071142892cc336be2a22d747331d",
|
||||
"callgraph.framework.json": "9ca4a75a6d19744789c7b34011e67126ab749b9626158ae57b03dbdfa6147a5e",
|
||||
"callgraph.static.json": "0ae8872a65a499cc8109b36eac53dfa0b6cf60b29482ddcdab6992c49e35ec74",
|
||||
"reachgraph.truth.json": "d4c0bdae4cbc822f587e626fe1dab278fb486b295f0b4451475afdede3bccb18",
|
||||
"sbom.cdx.json": "3109ba08a7a9a908282f3d2014e78ff74418b925ead00b64c26400c508cce9d6",
|
||||
"sbom.spdx.json": "3422be00cedf9ff4a4a808bfb7c4abdd491fd545da2a6076cae6096710c4abc5",
|
||||
"symbols.json": "31863df6aeb0fa6204816c0a4efc842b0af7ce8db22e9cd15849f94aa27b7e87",
|
||||
"vex.openvex.json": "204c982c4db778940bc3a65dec3c8b5e6fb867e5f348c6e5dc28be0f643fd01c"
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "02751e4826f1ebec26f76961b3993f0bf33d3af8d1778fb0ae384ef890eecc5c",
|
||||
"sbom.cdx.json": "bd237786ad3208f9f41ad2b56d05c4f3482966628f28bd7ece00dc37d247fb3d",
|
||||
"sbom.spdx.json": "971e3ef7be1edbf5b58b72753740742773333003d953ffbcc88581c97aea9464",
|
||||
"symbols.json": "806a418424cbf187306971605d13cc4243e9203b8e0529eebbc9846ed67314b1",
|
||||
"vex.openvex.json": "70174199bce72123d6a646dce6508d6693d7da1a92b464707b6a3fb3b2e4db7d"
|
||||
},
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "unreachable"
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
{
|
||||
"case_id": "openssh-CVE-2024-6387-regreSSHion",
|
||||
"files": {
|
||||
"attestation.dsse.json": "30937c552127484d65b409f39fe31caa5a4f071142892cc336be2a22d747331d",
|
||||
"callgraph.framework.json": "9ca4a75a6d19744789c7b34011e67126ab749b9626158ae57b03dbdfa6147a5e",
|
||||
"callgraph.static.json": "0ae8872a65a499cc8109b36eac53dfa0b6cf60b29482ddcdab6992c49e35ec74",
|
||||
"reachgraph.truth.json": "4f4b92f6d94f293e8c200a9254b88a92d5777cfe33a5b4e52ad5953284af6c24",
|
||||
"sbom.cdx.json": "d203047eb82f5fe63bc1254c83840dcefd25c80caa29d209416a4363b216a7e8",
|
||||
"sbom.spdx.json": "d6be2733c73b4615707f8b81b60b0c266febcd621094b2e75448073269aaf8dc",
|
||||
"symbols.json": "88fd0e3ec2b0f54c2f8bc610fe6a5086a361798f2d1a6e52bb21a3852bf1953e",
|
||||
"vex.openvex.json": "913cf9478b644202660c348f59ae09b540529549cc6937047a29d8397a43ff6f"
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "573a54be180f06ac67ad206a9fc55b6e24a92b5560d931ecef7e534d35e0bd59",
|
||||
"sbom.cdx.json": "04d9991ac2950015546093ad479344b1ab8365495c54a45a49ce6738d115b13d",
|
||||
"sbom.spdx.json": "adb3128162032496f058f46b0e821b4f8c1a673c8ebdcd1ba3b0961912c95886",
|
||||
"symbols.json": "73bdbf7929a114b682f37794706cbeb86d998a5558849fb17a6f74e07ddec575",
|
||||
"vex.openvex.json": "a9a5faa5120965062783d59139da86fb1e56dfb946e033678ce908889a65adec"
|
||||
},
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "reachable"
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
{
|
||||
"case_id": "openssh-CVE-2024-6387-regreSSHion",
|
||||
"files": {
|
||||
"attestation.dsse.json": "30937c552127484d65b409f39fe31caa5a4f071142892cc336be2a22d747331d",
|
||||
"callgraph.framework.json": "9ca4a75a6d19744789c7b34011e67126ab749b9626158ae57b03dbdfa6147a5e",
|
||||
"callgraph.static.json": "0ae8872a65a499cc8109b36eac53dfa0b6cf60b29482ddcdab6992c49e35ec74",
|
||||
"reachgraph.truth.json": "d5dd3c0bf3efa2aa38c5453fedf2a541a350c32f0b3f48507e9077b6a8d5674c",
|
||||
"sbom.cdx.json": "d203047eb82f5fe63bc1254c83840dcefd25c80caa29d209416a4363b216a7e8",
|
||||
"sbom.spdx.json": "d6be2733c73b4615707f8b81b60b0c266febcd621094b2e75448073269aaf8dc",
|
||||
"symbols.json": "bfc07a65bf9e823635068e606a75b6fb3cd8bd7a07493432ce3986c6ba22c028",
|
||||
"vex.openvex.json": "485f80b704b9e4a1f5a6c16d2d89eb02704f5337d47ebbf90cad6372a412bb91"
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "e6ecfb707f6ef8b89f52aa4883bc48642dea20a3d7bf647fb04b30a55e5e6be0",
|
||||
"sbom.cdx.json": "04d9991ac2950015546093ad479344b1ab8365495c54a45a49ce6738d115b13d",
|
||||
"sbom.spdx.json": "adb3128162032496f058f46b0e821b4f8c1a673c8ebdcd1ba3b0961912c95886",
|
||||
"symbols.json": "d57f06dcd7f95bf8dcc3c8dc7e2a5096b3a0b36098b9bb7714d4a434dd190371",
|
||||
"vex.openvex.json": "25a0ed4ff5e7bc23f5b0c80c2264ad14b6a8a1bb124cf32360a227b2b2e68daf"
|
||||
},
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "unreachable"
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
{
|
||||
"case_id": "openssl-CVE-2022-3602-x509-name-constraints",
|
||||
"files": {
|
||||
"attestation.dsse.json": "30937c552127484d65b409f39fe31caa5a4f071142892cc336be2a22d747331d",
|
||||
"callgraph.framework.json": "9ca4a75a6d19744789c7b34011e67126ab749b9626158ae57b03dbdfa6147a5e",
|
||||
"callgraph.static.json": "0ae8872a65a499cc8109b36eac53dfa0b6cf60b29482ddcdab6992c49e35ec74",
|
||||
"reachgraph.truth.json": "38e3f5d0bee340b5e41aae8c3f81a4d8c9f8dbcd9a558a562e072e54f235e11c",
|
||||
"sbom.cdx.json": "f38df383173720772d3e2da65d3c797c5f835dc6b69a3ec6fd2b3b3d1d108a59",
|
||||
"sbom.spdx.json": "3658e0973b3a78e9b497e16d86dc73c0d89ec21b6519911ca78e2e8b1a0688a2",
|
||||
"symbols.json": "49fbb599d179d7a5fc88cf24f6e6e9267f0fae43763c89c959342a795e61334b",
|
||||
"vex.openvex.json": "b7ce60d2e199ff3d58036665e268edc493114ce82d8e49c26b2e701d390b4198"
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "bcc9ce550ea18fae6bd12fe8ff7af87e39b751c1f74735d003598548569858f7",
|
||||
"sbom.cdx.json": "374cd5f25f0fcd1b58eb23707842ddc95a7755b934a4980ce128d3e03199620a",
|
||||
"sbom.spdx.json": "0edaca9b8d2b7bceed84e66f0733a4ce66bfecfeccb60ce913f67048df3bb193",
|
||||
"symbols.json": "a98a37d8759a6e9823d151d3485ef900e455bd6c7c0b47dae47a471ad0b4b8b2",
|
||||
"vex.openvex.json": "a06ce87aed550880248f6b4e7bd5c78b9a3c967fdda83868557d4cbd2547cd29"
|
||||
},
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "reachable"
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
{
|
||||
"case_id": "openssl-CVE-2022-3602-x509-name-constraints",
|
||||
"files": {
|
||||
"attestation.dsse.json": "30937c552127484d65b409f39fe31caa5a4f071142892cc336be2a22d747331d",
|
||||
"callgraph.framework.json": "9ca4a75a6d19744789c7b34011e67126ab749b9626158ae57b03dbdfa6147a5e",
|
||||
"callgraph.static.json": "0ae8872a65a499cc8109b36eac53dfa0b6cf60b29482ddcdab6992c49e35ec74",
|
||||
"reachgraph.truth.json": "7a53699425f69e94c99a5956a738d33ff8b213e79ab6c685cd2e5a516145d2a4",
|
||||
"sbom.cdx.json": "f38df383173720772d3e2da65d3c797c5f835dc6b69a3ec6fd2b3b3d1d108a59",
|
||||
"sbom.spdx.json": "3658e0973b3a78e9b497e16d86dc73c0d89ec21b6519911ca78e2e8b1a0688a2",
|
||||
"symbols.json": "7093617c7478ac80d89ac9e887d7ea16442d589a70d3f0b447ba0ef5ccc1a8f8",
|
||||
"vex.openvex.json": "576085af51d7388e605b6898261dadc425b4407e6182673d55108ff03779a7cb"
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "f114155ee62717f1d24fa2bdc42870eedb174e31a125e7e02a0fa2c469b10860",
|
||||
"sbom.cdx.json": "374cd5f25f0fcd1b58eb23707842ddc95a7755b934a4980ce128d3e03199620a",
|
||||
"sbom.spdx.json": "0edaca9b8d2b7bceed84e66f0733a4ce66bfecfeccb60ce913f67048df3bb193",
|
||||
"symbols.json": "0cede4adadb502cfe38e2bfa85fa7886d1bb112e929574de1d7427b512c97b76",
|
||||
"vex.openvex.json": "e478856a30ec642dfe6b63d8937de0a2ded4f73ad6d161f61b90326fbd6b2b65"
|
||||
},
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "unreachable"
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
{
|
||||
"case_id": "php-phpmailer-CVE-2016-10033-rce",
|
||||
"files": {
|
||||
"attestation.dsse.json": "30937c552127484d65b409f39fe31caa5a4f071142892cc336be2a22d747331d",
|
||||
"callgraph.framework.json": "9ca4a75a6d19744789c7b34011e67126ab749b9626158ae57b03dbdfa6147a5e",
|
||||
"callgraph.static.json": "0ae8872a65a499cc8109b36eac53dfa0b6cf60b29482ddcdab6992c49e35ec74",
|
||||
"reachgraph.truth.json": "6b470ec13b3e8db799ecccce16b10d36d6655e5951038801b51955071ff7ec90",
|
||||
"sbom.cdx.json": "f8d1582c3b6478cbd4879bcc07d60b21ff394df14f616bf12bb269217cfb57f1",
|
||||
"sbom.spdx.json": "553220191e8f1fa9956f47ebd232ee2554e531b1928ee9d3e1d479b5b360139d",
|
||||
"symbols.json": "f86de9fa107355075ccc3407dbefa15c27514975c211a9017e19ccc0cada9990",
|
||||
"vex.openvex.json": "c0117f2b546df8ebed8409ea7472ea8a8f3f959f2b17d44c738a7cd24a209d78"
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "8a4c1f78c866a351322eb9b12dca1b0a6218aee5094bca0a4b7090e00ae524cd",
|
||||
"sbom.cdx.json": "9fc0ad284188e41a23fc678128e5e0fa263c39431e7c976c82d8ec7d0b6b0339",
|
||||
"sbom.spdx.json": "96cf94ee5085078d14ee5c19666a9e146c278b785ed57eb2b47faf45b9d18b85",
|
||||
"symbols.json": "2c47399bcb375356772a6f5fd4e1230721a0807f450b33dd9a512e72f0f932b0",
|
||||
"vex.openvex.json": "2b258cf5cfb4a08edabcc0d865c4c4531b67a59b6c3835412f4b417e36693f84"
|
||||
},
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "reachable"
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
{
|
||||
"case_id": "php-phpmailer-CVE-2016-10033-rce",
|
||||
"files": {
|
||||
"attestation.dsse.json": "30937c552127484d65b409f39fe31caa5a4f071142892cc336be2a22d747331d",
|
||||
"callgraph.framework.json": "9ca4a75a6d19744789c7b34011e67126ab749b9626158ae57b03dbdfa6147a5e",
|
||||
"callgraph.static.json": "0ae8872a65a499cc8109b36eac53dfa0b6cf60b29482ddcdab6992c49e35ec74",
|
||||
"reachgraph.truth.json": "7d3476c3d86e0dbef128efdfc16a88bbb13e1df0095a17a97a7fc75402da42b6",
|
||||
"sbom.cdx.json": "f8d1582c3b6478cbd4879bcc07d60b21ff394df14f616bf12bb269217cfb57f1",
|
||||
"sbom.spdx.json": "553220191e8f1fa9956f47ebd232ee2554e531b1928ee9d3e1d479b5b360139d",
|
||||
"symbols.json": "891d0b017f95ff6d3f7f9e06495b39ed53565eab469d879f1a2fad2ca63e632b",
|
||||
"vex.openvex.json": "e04cbaf855c3d14e918ad06a524d89dabb06c427e4a96e72eaaaa86ff16c5595"
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "03c99d5de2d6da9de07480d43bed6ce79a73b1a9abb2ccdd02c04c2eaa3c9bc4",
|
||||
"sbom.cdx.json": "9fc0ad284188e41a23fc678128e5e0fa263c39431e7c976c82d8ec7d0b6b0339",
|
||||
"sbom.spdx.json": "96cf94ee5085078d14ee5c19666a9e146c278b785ed57eb2b47faf45b9d18b85",
|
||||
"symbols.json": "27a70634762c365d15ab5135cc5eb54721ad8407ae295ca71ca227f41847569c",
|
||||
"vex.openvex.json": "56a227d9bf325b0dce2875c99d09bf999d2c7b17402af641c6902314108ee980"
|
||||
},
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "unreachable"
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
{
|
||||
"case_id": "python-django-CVE-2019-19844-sqli-like",
|
||||
"files": {
|
||||
"attestation.dsse.json": "30937c552127484d65b409f39fe31caa5a4f071142892cc336be2a22d747331d",
|
||||
"callgraph.framework.json": "9ca4a75a6d19744789c7b34011e67126ab749b9626158ae57b03dbdfa6147a5e",
|
||||
"callgraph.static.json": "0ae8872a65a499cc8109b36eac53dfa0b6cf60b29482ddcdab6992c49e35ec74",
|
||||
"reachgraph.truth.json": "91bdcbbf9400beac3d6ce39b81e5794f5a6715657ff541ed9e3d947b29332096",
|
||||
"sbom.cdx.json": "12b2d32433bdf9c8c56c1f1de9dbd3d62c0205d815448789caeebe53cc7199cd",
|
||||
"sbom.spdx.json": "ebb5b23674d0d6b6877e60a658ead722cbdfb2097b3d98d16bde492544334b4d",
|
||||
"symbols.json": "b450cfbae441529396dbe049f5edb0e5a9c95e805d72c9baff25551a93e5633f",
|
||||
"vex.openvex.json": "aa8c5da2e3f03d116d045cee53bb1fd52a2d20a42cd935b7ab0649aada9c1eca"
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "2ccb39511b35781e96992a480df92beef1c8dbf600d46090b309bfa459397b4f",
|
||||
"sbom.cdx.json": "33856cb8dfc4b3f14550762c0d6f7d93ed4bc5bc249ed57fe963f7861839bf24",
|
||||
"sbom.spdx.json": "49ad943b01713c7b711ca2636b351e96581f1323b4be819c3ef25d5cbeeb78c3",
|
||||
"symbols.json": "b9e2cd285f58d83a44807eceb3011431bab2547dd4f8157f59e685d17b55a384",
|
||||
"vex.openvex.json": "390fbd7d3099d948046fb31d83e805ea532ce7fb20abdbb270eea55d4c7d3019"
|
||||
},
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "reachable"
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
{
|
||||
"case_id": "python-django-CVE-2019-19844-sqli-like",
|
||||
"files": {
|
||||
"attestation.dsse.json": "30937c552127484d65b409f39fe31caa5a4f071142892cc336be2a22d747331d",
|
||||
"callgraph.framework.json": "9ca4a75a6d19744789c7b34011e67126ab749b9626158ae57b03dbdfa6147a5e",
|
||||
"callgraph.static.json": "0ae8872a65a499cc8109b36eac53dfa0b6cf60b29482ddcdab6992c49e35ec74",
|
||||
"reachgraph.truth.json": "f8926492d1b5e8a15c9b0f82087797b26d0609bfb13f10d14f7803fe6a129d95",
|
||||
"sbom.cdx.json": "12b2d32433bdf9c8c56c1f1de9dbd3d62c0205d815448789caeebe53cc7199cd",
|
||||
"sbom.spdx.json": "ebb5b23674d0d6b6877e60a658ead722cbdfb2097b3d98d16bde492544334b4d",
|
||||
"symbols.json": "69b7846dd716b8730d2e08a2e293124949fd3642d9fc83837612a4d9d228fad4",
|
||||
"vex.openvex.json": "bbadc21dc72a1b9dd8e395b2b40c1dac987189a7f95c0064714737b1f9b00758"
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "ee0cdda20523335d8c65739d9509a710000e11d8bb2ece93ec7930e8d06590a7",
|
||||
"sbom.cdx.json": "33856cb8dfc4b3f14550762c0d6f7d93ed4bc5bc249ed57fe963f7861839bf24",
|
||||
"sbom.spdx.json": "49ad943b01713c7b711ca2636b351e96581f1323b4be819c3ef25d5cbeeb78c3",
|
||||
"symbols.json": "2f907e2686535d69767522c43fc0c71962ef6ce8bd9e48746707887ce186bf07",
|
||||
"vex.openvex.json": "a6bfc8b8e86ca4f9cd2d2d107a14531bc13f84261a13b5cafb4e8d4b1c92c01b"
|
||||
},
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "unreachable"
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
{
|
||||
"case_id": "python-jinja2-CVE-2019-10906-template-injection",
|
||||
"files": {
|
||||
"attestation.dsse.json": "30937c552127484d65b409f39fe31caa5a4f071142892cc336be2a22d747331d",
|
||||
"callgraph.framework.json": "9ca4a75a6d19744789c7b34011e67126ab749b9626158ae57b03dbdfa6147a5e",
|
||||
"callgraph.static.json": "0ae8872a65a499cc8109b36eac53dfa0b6cf60b29482ddcdab6992c49e35ec74",
|
||||
"reachgraph.truth.json": "bd19518d4bcaad1b2248ad44087296d0961c0b69ff92dd8dd3e02f2dd7ae50ad",
|
||||
"sbom.cdx.json": "bee4564ef6e541d6c9342da6e9ec5c32245934af538285742a70b1a5574bab63",
|
||||
"sbom.spdx.json": "fc8393d30763d114ec156faad13625a01d99637d6d5f94347f9103ec2f128c70",
|
||||
"symbols.json": "12e9bd031247b0e7ced80b9f0be7366d53e3f6bc55dba8bc8e29dffa33b1428a",
|
||||
"vex.openvex.json": "5831de3b541eb9cd8e318c3d9c58d4722c3706ae86dfe593edb7052bffa69d59"
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "2e56690ed9899e9ddad4a2dd9dd3715fe3b6349cc165fb10b797500d3b7bb240",
|
||||
"sbom.cdx.json": "8a2681fcd3eb2aa82e2f0380126a9fe2caf130aac6ae4c66cd47f971c4ea347e",
|
||||
"sbom.spdx.json": "4a04c563f3cf1b8a7b84add3443b9f2372150910844c2160193f26b75c004ff6",
|
||||
"symbols.json": "97f7be8fae7c41424553821007c4e8ce0784c21014ceba12d77a8487af445ebb",
|
||||
"vex.openvex.json": "088909aad48426345068b6373a27bacafcaa64fc49ecef43a15326d307f8b2e6"
|
||||
},
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "reachable"
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
{
|
||||
"case_id": "python-jinja2-CVE-2019-10906-template-injection",
|
||||
"files": {
|
||||
"attestation.dsse.json": "30937c552127484d65b409f39fe31caa5a4f071142892cc336be2a22d747331d",
|
||||
"callgraph.framework.json": "9ca4a75a6d19744789c7b34011e67126ab749b9626158ae57b03dbdfa6147a5e",
|
||||
"callgraph.static.json": "0ae8872a65a499cc8109b36eac53dfa0b6cf60b29482ddcdab6992c49e35ec74",
|
||||
"reachgraph.truth.json": "5e976a5b02be9d80f73279250b9c7dc6a7a35b4949485ec8a3e654b56e92b472",
|
||||
"sbom.cdx.json": "bee4564ef6e541d6c9342da6e9ec5c32245934af538285742a70b1a5574bab63",
|
||||
"sbom.spdx.json": "fc8393d30763d114ec156faad13625a01d99637d6d5f94347f9103ec2f128c70",
|
||||
"symbols.json": "7c9c852ec05f723da16662dafbee27d7f30930565483b3efd9a98124daf965ce",
|
||||
"vex.openvex.json": "4814babf16abd8827888413cb3545fa592a544da2818c510f39f5bf6d626fcce"
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "df69cb0fd97c3f90700905edbb739c872b13bca26ec8b23b5fca7df95c88e649",
|
||||
"sbom.cdx.json": "8a2681fcd3eb2aa82e2f0380126a9fe2caf130aac6ae4c66cd47f971c4ea347e",
|
||||
"sbom.spdx.json": "4a04c563f3cf1b8a7b84add3443b9f2372150910844c2160193f26b75c004ff6",
|
||||
"symbols.json": "e8b79c2d1c222102e4dd1b3f009c98301bb9d20bfe535959a968719f55dbe558",
|
||||
"vex.openvex.json": "14189de5cdec146e3f3690f9a33bf7bd43e788c1bd52deb9fccfbddf548d0fb3"
|
||||
},
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "unreachable"
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
{
|
||||
"case_id": "python-urllib3-dos-regex-TBD",
|
||||
"files": {
|
||||
"attestation.dsse.json": "30937c552127484d65b409f39fe31caa5a4f071142892cc336be2a22d747331d",
|
||||
"callgraph.framework.json": "9ca4a75a6d19744789c7b34011e67126ab749b9626158ae57b03dbdfa6147a5e",
|
||||
"callgraph.static.json": "0ae8872a65a499cc8109b36eac53dfa0b6cf60b29482ddcdab6992c49e35ec74",
|
||||
"reachgraph.truth.json": "b76721e7be720aab8e6a391c4307a49c9ac5f91370d5ad94e6990851cd9f5599",
|
||||
"sbom.cdx.json": "92f85cd1caf5e0d40bc489c74f61a10ef452f8a5929e95a52436e0a67827f1db",
|
||||
"sbom.spdx.json": "14a0b0f27eddab4452da4b7d9da1992b8eaee4c9a56720accedae3f5c1669a72",
|
||||
"symbols.json": "03872ddb4ff47802e1ca998b01e2578877bb0c73c0584d804002082f0be2d22f",
|
||||
"vex.openvex.json": "c1b2c2b8af62f5d198e8986f25763c64126b7c930cca6580bb115351080478f4"
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "77b65a72e7061171dd9bbabb55260c005e45c71156349c68995f5da21249f01d",
|
||||
"sbom.cdx.json": "6de2dac2a942c4f98be45913bc283490e0a633d96f622864eba2f7e9ed40ddef",
|
||||
"sbom.spdx.json": "fcc1da998d896c2a8d6c0b0386ae5a492ae242cc83dc03daaf2b6ee55d8ba9bb",
|
||||
"symbols.json": "0de9697f4fe6f5d80df4aec4593599f6dbfbf9c92f2e19e4e8f6d39630a37aee",
|
||||
"vex.openvex.json": "c785b009bc7c625f1e3cda129ab45ac436b43dc726f3902d092bfb4665a5a1dd"
|
||||
},
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "reachable"
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
{
|
||||
"case_id": "python-urllib3-dos-regex-TBD",
|
||||
"files": {
|
||||
"attestation.dsse.json": "30937c552127484d65b409f39fe31caa5a4f071142892cc336be2a22d747331d",
|
||||
"callgraph.framework.json": "9ca4a75a6d19744789c7b34011e67126ab749b9626158ae57b03dbdfa6147a5e",
|
||||
"callgraph.static.json": "0ae8872a65a499cc8109b36eac53dfa0b6cf60b29482ddcdab6992c49e35ec74",
|
||||
"reachgraph.truth.json": "022d9b1a05425205e685a3c3e0f4991f3dd0e311b0b443b0cbaed3e538fdece1",
|
||||
"sbom.cdx.json": "92f85cd1caf5e0d40bc489c74f61a10ef452f8a5929e95a52436e0a67827f1db",
|
||||
"sbom.spdx.json": "14a0b0f27eddab4452da4b7d9da1992b8eaee4c9a56720accedae3f5c1669a72",
|
||||
"symbols.json": "2b7cf80eb18cbc9d815a5d9310b167b7bdebd5ee3288d679af1a60aa39bc2efa",
|
||||
"vex.openvex.json": "b57bc50d2d4d3075d4797ed884546d733939c54b7ae5cc4dcf3e8aef1b5def08"
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "fee28d40dd848e5e59b662622f33e2644e4328c6a2eb1a4f22f558fea0c69dfd",
|
||||
"sbom.cdx.json": "6de2dac2a942c4f98be45913bc283490e0a633d96f622864eba2f7e9ed40ddef",
|
||||
"sbom.spdx.json": "fcc1da998d896c2a8d6c0b0386ae5a492ae242cc83dc03daaf2b6ee55d8ba9bb",
|
||||
"symbols.json": "bafb8c6703ba42f7fcb2d1bc5bba702282012d10f7d7026729083761e8b6bf26",
|
||||
"vex.openvex.json": "342a13c0f33bbf5228756e7444aa1a0740b0f971115ead4db2668669e8055fb5"
|
||||
},
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "unreachable"
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
{
|
||||
"case_id": "rails-CVE-2019-5418-file-content-disclosure",
|
||||
"files": {
|
||||
"attestation.dsse.json": "30937c552127484d65b409f39fe31caa5a4f071142892cc336be2a22d747331d",
|
||||
"callgraph.framework.json": "9ca4a75a6d19744789c7b34011e67126ab749b9626158ae57b03dbdfa6147a5e",
|
||||
"callgraph.static.json": "0ae8872a65a499cc8109b36eac53dfa0b6cf60b29482ddcdab6992c49e35ec74",
|
||||
"reachgraph.truth.json": "a1e201f50ab1de6dc8a63a368bd11b8a684f68232fc3afd9c159303023f93dd3",
|
||||
"sbom.cdx.json": "e311708a3d964928577bbcaa5422955d01d4ff41276cb1ced140d291c432f5df",
|
||||
"sbom.spdx.json": "5ce3a3ad477927485ddc6e4a4600c780336dc086a4ec931f0be0472858deb88a",
|
||||
"symbols.json": "bad5fe3ba1b5ebed91c92b95a4a579459220eefbda301f14f4c6e29b196fc646",
|
||||
"vex.openvex.json": "335d81c4776df1c000846591e5e34c97c5e9fa5dc0da140524cc68a697d95476"
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "c9d31abd8f660694b9cc88b0663390c36be5ca0c16da8061911ede2af396d64a",
|
||||
"sbom.cdx.json": "c50edcd3ebed1a651e29f3ab41cdb37e2a6a1f7bdb567191bcf83fc1e76eba24",
|
||||
"sbom.spdx.json": "7bcda4289b9cd770cad6408cbb1e9bbd6b8ef7ba15b79b795b5a183f22722925",
|
||||
"symbols.json": "895ed278a0c2eb90a697755ff7509d7e9df3a1aa26153d2deea2e2e858a62aea",
|
||||
"vex.openvex.json": "500bbf7564559d0f10e4cdf97f8142868d6d068b72bb223b8a4f6850e917aa93"
|
||||
},
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "reachable"
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
{
|
||||
"case_id": "rails-CVE-2019-5418-file-content-disclosure",
|
||||
"files": {
|
||||
"attestation.dsse.json": "30937c552127484d65b409f39fe31caa5a4f071142892cc336be2a22d747331d",
|
||||
"callgraph.framework.json": "9ca4a75a6d19744789c7b34011e67126ab749b9626158ae57b03dbdfa6147a5e",
|
||||
"callgraph.static.json": "0ae8872a65a499cc8109b36eac53dfa0b6cf60b29482ddcdab6992c49e35ec74",
|
||||
"reachgraph.truth.json": "bdc4a9b0600b2adbe376631ff42c62b0d2c09913ee5e6b709cfe2274aeafe5d9",
|
||||
"sbom.cdx.json": "e311708a3d964928577bbcaa5422955d01d4ff41276cb1ced140d291c432f5df",
|
||||
"sbom.spdx.json": "5ce3a3ad477927485ddc6e4a4600c780336dc086a4ec931f0be0472858deb88a",
|
||||
"symbols.json": "6bb75ea71e5e1bfa9fd3a86b40e47ce436fd0b2d0d542657858c01dab6b818fa",
|
||||
"vex.openvex.json": "d2958b20176758ba49b37add31f335c152b91f17aeedc2b0407bd2d673f7580f"
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "12a1d28dc31ce8a3e381fbfb195d942c879ac31003c2412d40d8b6e8a3808318",
|
||||
"sbom.cdx.json": "c50edcd3ebed1a651e29f3ab41cdb37e2a6a1f7bdb567191bcf83fc1e76eba24",
|
||||
"sbom.spdx.json": "7bcda4289b9cd770cad6408cbb1e9bbd6b8ef7ba15b79b795b5a183f22722925",
|
||||
"symbols.json": "ae28dfed9d506cd92a0608f8a742716764b7f3f15d7b35b5f6990010a1d0b8fd",
|
||||
"vex.openvex.json": "f3fe8061e72d74532921a4ac21107bfa5121cca2ce011c38580438738c071174"
|
||||
},
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "unreachable"
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
{
|
||||
"case_id": "redis-CVE-2022-0543-lua-sandbox-escape",
|
||||
"files": {
|
||||
"attestation.dsse.json": "30937c552127484d65b409f39fe31caa5a4f071142892cc336be2a22d747331d",
|
||||
"callgraph.framework.json": "9ca4a75a6d19744789c7b34011e67126ab749b9626158ae57b03dbdfa6147a5e",
|
||||
"callgraph.static.json": "0ae8872a65a499cc8109b36eac53dfa0b6cf60b29482ddcdab6992c49e35ec74",
|
||||
"reachgraph.truth.json": "f8c53484a0f0b476c46fdcb74eb369e9043528019ee36b0537be0964d1bc443a",
|
||||
"sbom.cdx.json": "262ee8cfcec9893d5eef21da86a51563d2f905fd0ded264ecd9b295c20ad4ff5",
|
||||
"sbom.spdx.json": "207e2ddd259d5cf0d1b4b6e26bc4abd26d38e119dc4c635b0600d5ce4e4d4fd1",
|
||||
"symbols.json": "add91063b52b65788cfcb6925811a9e51031d7d7bb7c97fcd4e45e1b1c702e43",
|
||||
"vex.openvex.json": "b4e4b865b0982c89f3d8bbe27d6984016a9b43b7282b9c158063c65a67c4dece"
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "fbdd8b9e479d40cea9068a83c98619af1aa18dc3abcafc2ea2bdb463c25710a9",
|
||||
"sbom.cdx.json": "66bcb9f575207e62f46230e9056c229d07821d700a7b90ebb6f84baaa28bc7ea",
|
||||
"sbom.spdx.json": "02a37695184dfe333892c420b4890ea69497e2808aeeda42c6c5e211919a5db2",
|
||||
"symbols.json": "9a5d1611a6e4d6d38feaa591be880bbb157680828b6e7c756442bc6995d960e7",
|
||||
"vex.openvex.json": "1d86a9a2973f1ab8e5f57c57857c49da3d0d02aa54a8b2d5425021d2f9627690"
|
||||
},
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "reachable"
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
{
|
||||
"case_id": "redis-CVE-2022-0543-lua-sandbox-escape",
|
||||
"files": {
|
||||
"attestation.dsse.json": "30937c552127484d65b409f39fe31caa5a4f071142892cc336be2a22d747331d",
|
||||
"callgraph.framework.json": "9ca4a75a6d19744789c7b34011e67126ab749b9626158ae57b03dbdfa6147a5e",
|
||||
"callgraph.static.json": "0ae8872a65a499cc8109b36eac53dfa0b6cf60b29482ddcdab6992c49e35ec74",
|
||||
"reachgraph.truth.json": "749316cd4d32d0fb0f9744f4ae7592674daed71c9000cd8b8e57f0372b665902",
|
||||
"sbom.cdx.json": "262ee8cfcec9893d5eef21da86a51563d2f905fd0ded264ecd9b295c20ad4ff5",
|
||||
"sbom.spdx.json": "207e2ddd259d5cf0d1b4b6e26bc4abd26d38e119dc4c635b0600d5ce4e4d4fd1",
|
||||
"symbols.json": "51e50884d378b4f49dc742323912f3af0d600c120e1f448ff3c6929cd265ecff",
|
||||
"vex.openvex.json": "7e8204c4e3ce4ac26028a390c3fecdd1251d6ad6e16653b1f972f2dc30688c4d"
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "bab266ab92040c3977c2f17cbddb6e91e0e9ea748b720ba4b3e35372063c8c75",
|
||||
"sbom.cdx.json": "66bcb9f575207e62f46230e9056c229d07821d700a7b90ebb6f84baaa28bc7ea",
|
||||
"sbom.spdx.json": "02a37695184dfe333892c420b4890ea69497e2808aeeda42c6c5e211919a5db2",
|
||||
"symbols.json": "e1f5a9f63042d050a3966e95a5902797e00ae1703a8ecb69dff149e1bf8371e8",
|
||||
"vex.openvex.json": "d0beebfb1d7a3cb086633040ddda7f9d4bb536d0df4176e8c093599988bb75f7"
|
||||
},
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "unreachable"
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
{
|
||||
"case_id": "runc-CVE-2024-21626-symlink-breakout",
|
||||
"files": {
|
||||
"attestation.dsse.json": "30937c552127484d65b409f39fe31caa5a4f071142892cc336be2a22d747331d",
|
||||
"callgraph.framework.json": "9ca4a75a6d19744789c7b34011e67126ab749b9626158ae57b03dbdfa6147a5e",
|
||||
"callgraph.static.json": "0ae8872a65a499cc8109b36eac53dfa0b6cf60b29482ddcdab6992c49e35ec74",
|
||||
"reachgraph.truth.json": "7462c1ff3fcfeaaf75793bc8cc6d433cfddcfc3c01aeed80d808368dbe7b208a",
|
||||
"sbom.cdx.json": "102a4aa9b079e95ce6603f1077a03716215067f9db450f6eeeee3ffe91a3c03f",
|
||||
"sbom.spdx.json": "84480ee0f19dd5bc8379dc257f9e86cec0644131f71304efab9d6f9343e5ddf7",
|
||||
"symbols.json": "b3e49a7b256a4185969742db54584eaaab094893b77b155c482e5784123d4705",
|
||||
"vex.openvex.json": "730b927596ceff24604ed3fdc008179b3b6a524e8ba1b2ce248706dfcbdd8e9f"
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "94d2522b2ab3632adadffdf2ca8c991260d2bbd1690fb4a00beb6207b1ba5c49",
|
||||
"sbom.cdx.json": "f5d25c84c10d3588526ba08d1a03a8105f8da1279a44e0defee66285814437d4",
|
||||
"sbom.spdx.json": "ee5aaaf68271588ee2b33d04e3815ca9a3f89a557a55c1f8d917c2af1b813c16",
|
||||
"symbols.json": "1b8a40f0c8aabd9f84f06647490f450170c48c9cbba929a50caf441c92791df8",
|
||||
"vex.openvex.json": "ca87293d1831169e427182e37e52713495b9e78a7e7b14f174012867f3cff6b9"
|
||||
},
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "reachable"
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
{
|
||||
"case_id": "runc-CVE-2024-21626-symlink-breakout",
|
||||
"files": {
|
||||
"attestation.dsse.json": "30937c552127484d65b409f39fe31caa5a4f071142892cc336be2a22d747331d",
|
||||
"callgraph.framework.json": "9ca4a75a6d19744789c7b34011e67126ab749b9626158ae57b03dbdfa6147a5e",
|
||||
"callgraph.static.json": "0ae8872a65a499cc8109b36eac53dfa0b6cf60b29482ddcdab6992c49e35ec74",
|
||||
"reachgraph.truth.json": "d7aa1571a9338d19994f22672a0f21805b91433c44548db710f03bec7cf19293",
|
||||
"sbom.cdx.json": "102a4aa9b079e95ce6603f1077a03716215067f9db450f6eeeee3ffe91a3c03f",
|
||||
"sbom.spdx.json": "84480ee0f19dd5bc8379dc257f9e86cec0644131f71304efab9d6f9343e5ddf7",
|
||||
"symbols.json": "445405207e280de83a29d0d9eb24d73dcf0b822eddbf6af7b4fbf8e5f9f61d51",
|
||||
"vex.openvex.json": "4b5e515c8df7566a85a9a5628558157ce4f26d271b3c9d1ca9775b44970d9813"
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "2f4803eb568d4f294f4241d068266b6241fd20f463e6945e1df3b84ccd89459e",
|
||||
"sbom.cdx.json": "f5d25c84c10d3588526ba08d1a03a8105f8da1279a44e0defee66285814437d4",
|
||||
"sbom.spdx.json": "ee5aaaf68271588ee2b33d04e3815ca9a3f89a557a55c1f8d917c2af1b813c16",
|
||||
"symbols.json": "b48973486b29e184ae09ecfb9264a400fefae5c2df4d0d5f4bd868453fae1f99",
|
||||
"vex.openvex.json": "06610030b92a3a5eb4e77c44c87066ce66dfc0018e4477de99f4bbf70424cf5a"
|
||||
},
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "unreachable"
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
{
|
||||
"case_id": "rust-axum-header-parsing-TBD",
|
||||
"files": {
|
||||
"attestation.dsse.json": "30937c552127484d65b409f39fe31caa5a4f071142892cc336be2a22d747331d",
|
||||
"callgraph.framework.json": "9ca4a75a6d19744789c7b34011e67126ab749b9626158ae57b03dbdfa6147a5e",
|
||||
"callgraph.static.json": "0ae8872a65a499cc8109b36eac53dfa0b6cf60b29482ddcdab6992c49e35ec74",
|
||||
"reachgraph.truth.json": "db51a2ce78f32b9cb4ec3ed5553129592d6b283269b781da07c2b9d248d3eded",
|
||||
"sbom.cdx.json": "d591991aad584887e1febb7158aee2a8d255cb3bd904647c0465b2517f9b0420",
|
||||
"sbom.spdx.json": "952f2911841aef80876fa5f3ef6ea3bb025d3fdf15af12a8a2dfd1a4912de327",
|
||||
"symbols.json": "91f2bb239888454d2e868267474d31c7849348efab10296d50c2d542be287f18",
|
||||
"vex.openvex.json": "78675798250d81e833b06e465b80e367cc9a3385dc83e26c9126dc8b81e39f07"
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "f34d41548950529728b47d39699260a5a3b496f5b729c7981ef2d70622136df9",
|
||||
"sbom.cdx.json": "ff9bfeeef7e41d934a051d5c4e20965819d2c4be0ff9ad68ba250eccae3aa487",
|
||||
"sbom.spdx.json": "1de691c4665d49162633b6571bd142fbfdcf79a0c8bdfb6bbf8f8d4783587d01",
|
||||
"symbols.json": "fc3923137f963fe08398a0cfc11d51d063104758ea574705476bb5fb07b0d6e0",
|
||||
"vex.openvex.json": "f0aa98d011f0012ff230c44f69aaed51847a4ad9930bac52aa4467405c2122f5"
|
||||
},
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "reachable"
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
{
|
||||
"case_id": "rust-axum-header-parsing-TBD",
|
||||
"files": {
|
||||
"attestation.dsse.json": "30937c552127484d65b409f39fe31caa5a4f071142892cc336be2a22d747331d",
|
||||
"callgraph.framework.json": "9ca4a75a6d19744789c7b34011e67126ab749b9626158ae57b03dbdfa6147a5e",
|
||||
"callgraph.static.json": "0ae8872a65a499cc8109b36eac53dfa0b6cf60b29482ddcdab6992c49e35ec74",
|
||||
"reachgraph.truth.json": "6586881d4ab2e395e45ca6ca2c018ec6c8ef349d08a2d7729b1c2a39b79b578c",
|
||||
"sbom.cdx.json": "d591991aad584887e1febb7158aee2a8d255cb3bd904647c0465b2517f9b0420",
|
||||
"sbom.spdx.json": "952f2911841aef80876fa5f3ef6ea3bb025d3fdf15af12a8a2dfd1a4912de327",
|
||||
"symbols.json": "5fb1a7d62e2b9c38c22cd55bb48a71a46c38b7d9aac5eb55064ca0918f246e7f",
|
||||
"vex.openvex.json": "e24870c312cf61ce8e377993e2acda9f36ce817b8f97eedb339713cca52d8877"
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "918f742dbfd9e786640660f13f60b1f9da329caee367851990c7d5b678fa5c8e",
|
||||
"sbom.cdx.json": "ff9bfeeef7e41d934a051d5c4e20965819d2c4be0ff9ad68ba250eccae3aa487",
|
||||
"sbom.spdx.json": "1de691c4665d49162633b6571bd142fbfdcf79a0c8bdfb6bbf8f8d4783587d01",
|
||||
"symbols.json": "4ff5b34b01575558256364c017f6e3ed4dcb9c6d077b732d2dff1936431f607b",
|
||||
"vex.openvex.json": "48e178a71126b1c57aaedf47ed85da10a8b391ddcff61e118f7fc26b1786e490"
|
||||
},
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "unreachable"
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
{
|
||||
"case_id": "wordpress-core-CVE-2022-21661-sqli",
|
||||
"files": {
|
||||
"attestation.dsse.json": "30937c552127484d65b409f39fe31caa5a4f071142892cc336be2a22d747331d",
|
||||
"callgraph.framework.json": "9ca4a75a6d19744789c7b34011e67126ab749b9626158ae57b03dbdfa6147a5e",
|
||||
"callgraph.static.json": "0ae8872a65a499cc8109b36eac53dfa0b6cf60b29482ddcdab6992c49e35ec74",
|
||||
"reachgraph.truth.json": "3400d2e5bb7e2444c5d8794deaa470162ae84ead4da2f357578bad79ff79fc46",
|
||||
"sbom.cdx.json": "18ee89df532562af951ae92170a0c6fea0cf5260275becf2b136f58929565dd8",
|
||||
"sbom.spdx.json": "d8d65f2816de794aeda9b758f9b85d5dc2e771179b1c9a489c83bb9098088eae",
|
||||
"symbols.json": "b13fee6e67fd09b2655da862bc9557f516a73f8761d3d3ed6ac81839e9d61411",
|
||||
"vex.openvex.json": "edcaa5bd78afa9a5c2254a536efb9413bf212b247fb81b83d39c71d1a63aff49"
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "2491f25c8faaa3fcd6be0af96ee0bdb047ee457c674a3b0533a07bdf4f7bc9e6",
|
||||
"sbom.cdx.json": "4d680dc644aedae0656a9aaf619804cc5db818071b15a4d4bffba85e4a72ec16",
|
||||
"sbom.spdx.json": "654a9c21de6aece294f38e1b6590e82ddd4bbe92ca8dc17b9cdf404f7f423a05",
|
||||
"symbols.json": "5e50e1037f4c8d80ad3d4e589a62eb4748e37410e4dd1336b9556bcebdb7f2fa",
|
||||
"vex.openvex.json": "789eba2e95cc32972356f777b9b314cdd84d7ab8f62f9c65599ad46d53c1171c"
|
||||
},
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "reachable"
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
{
|
||||
"case_id": "wordpress-core-CVE-2022-21661-sqli",
|
||||
"files": {
|
||||
"attestation.dsse.json": "30937c552127484d65b409f39fe31caa5a4f071142892cc336be2a22d747331d",
|
||||
"callgraph.framework.json": "9ca4a75a6d19744789c7b34011e67126ab749b9626158ae57b03dbdfa6147a5e",
|
||||
"callgraph.static.json": "0ae8872a65a499cc8109b36eac53dfa0b6cf60b29482ddcdab6992c49e35ec74",
|
||||
"reachgraph.truth.json": "a84be394e3a8acc773ba5ffb2a6408850a1cc6e0729ed9223010e117d2270f8e",
|
||||
"sbom.cdx.json": "18ee89df532562af951ae92170a0c6fea0cf5260275becf2b136f58929565dd8",
|
||||
"sbom.spdx.json": "d8d65f2816de794aeda9b758f9b85d5dc2e771179b1c9a489c83bb9098088eae",
|
||||
"symbols.json": "3a8ad137ba4c6f6701f2f974c5bf44ff8e4ff098fdf505f2b874d5b24a62f6e7",
|
||||
"vex.openvex.json": "8ed2bbdb19741b03709d7bd095cb2ee8f2c035aa736cf1cc8938375a60f9f0dc"
|
||||
"attestation.dsse.json": "12ced21ccc633b0f458df44e276c954ccdbb14c5acd0d234fdf7934eec48696f",
|
||||
"callgraph.framework.json": "86ebf343e4b684a3bf2b3200e0bd1849397ea69f280330b1095aceefdff799ce",
|
||||
"callgraph.static.json": "99c850cccba6641635d1c668f831c80667930ddcd1f7acb2fe9c4c7771c63e7e",
|
||||
"reachgraph.truth.json": "0855e5a1023d4a03c71ca526cd383cb09adb3ab67aa91039c8b96bb370aff3e5",
|
||||
"sbom.cdx.json": "4d680dc644aedae0656a9aaf619804cc5db818071b15a4d4bffba85e4a72ec16",
|
||||
"sbom.spdx.json": "654a9c21de6aece294f38e1b6590e82ddd4bbe92ca8dc17b9cdf404f7f423a05",
|
||||
"symbols.json": "52cd52c683750cccde96c6d0034c129ede7e030bdf5df7b21d1b9bf64eb3b280",
|
||||
"vex.openvex.json": "72c17746b337df751658ad7104d5f4e5962d97f9227ecbab810e7d2d8dbcad96"
|
||||
},
|
||||
"schema_version": "reachbench.manifest/v1",
|
||||
"variant": "unreachable"
|
||||
|
||||
@@ -0,0 +1,82 @@
|
||||
#!/usr/bin/env python3
|
||||
from __future__ import annotations
|
||||
|
||||
import hashlib
|
||||
import json
|
||||
from pathlib import Path
|
||||
|
||||
REQUIRED_FILES: tuple[str, ...] = (
|
||||
"attestation.dsse.json",
|
||||
"callgraph.framework.json",
|
||||
"callgraph.static.json",
|
||||
"reachgraph.truth.json",
|
||||
"sbom.cdx.json",
|
||||
"sbom.spdx.json",
|
||||
"symbols.json",
|
||||
"vex.openvex.json",
|
||||
)
|
||||
|
||||
|
||||
def _sha256_hex(path: Path) -> str:
|
||||
digest = hashlib.sha256()
|
||||
with path.open("rb") as handle:
|
||||
for chunk in iter(lambda: handle.read(1024 * 1024), b""):
|
||||
digest.update(chunk)
|
||||
return digest.hexdigest()
|
||||
|
||||
|
||||
def _locate_repo_root(start: Path) -> Path:
|
||||
current = start.resolve()
|
||||
while True:
|
||||
if (current / "Directory.Build.props").is_file():
|
||||
return current
|
||||
if current.parent == current:
|
||||
raise RuntimeError("Cannot locate repo root (missing Directory.Build.props).")
|
||||
current = current.parent
|
||||
|
||||
|
||||
def _update_manifest(variant_dir: Path) -> bool:
|
||||
manifest_path = variant_dir / "manifest.json"
|
||||
if not manifest_path.is_file():
|
||||
return False
|
||||
|
||||
with manifest_path.open("r", encoding="utf-8") as handle:
|
||||
manifest = json.load(handle)
|
||||
|
||||
files: dict[str, str] = dict(manifest.get("files") or {})
|
||||
|
||||
for required in REQUIRED_FILES:
|
||||
required_path = variant_dir / required
|
||||
if not required_path.is_file():
|
||||
raise FileNotFoundError(f"Missing required fixture file: {required_path}")
|
||||
|
||||
files[required] = _sha256_hex(required_path)
|
||||
|
||||
manifest["files"] = files
|
||||
|
||||
with manifest_path.open("w", encoding="utf-8", newline="\n") as handle:
|
||||
json.dump(manifest, handle, indent=2, ensure_ascii=False)
|
||||
handle.write("\n")
|
||||
|
||||
return True
|
||||
|
||||
|
||||
def main() -> int:
|
||||
repo_root = _locate_repo_root(Path(__file__).parent)
|
||||
cases_root = repo_root / "tests" / "reachability" / "fixtures" / "reachbench-2025-expanded" / "cases"
|
||||
|
||||
updated = 0
|
||||
for case_dir in sorted([p for p in cases_root.iterdir() if p.is_dir()], key=lambda p: p.name):
|
||||
images = case_dir / "images"
|
||||
for variant_name in ("reachable", "unreachable"):
|
||||
variant_dir = images / variant_name
|
||||
if _update_manifest(variant_dir):
|
||||
updated += 1
|
||||
|
||||
print(f"Updated {updated} variant manifests under {cases_root}")
|
||||
return 0
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
raise SystemExit(main())
|
||||
|
||||
8
tests/reachability/runners/run_all.ps1
Normal file
8
tests/reachability/runners/run_all.ps1
Normal file
@@ -0,0 +1,8 @@
|
||||
$ErrorActionPreference = "Stop"
|
||||
|
||||
python (Join-Path $PSScriptRoot "..\\scripts\\update_corpus_manifest.py") | Out-Null
|
||||
python (Join-Path $PSScriptRoot "..\\samples-public\\scripts\\update_manifest.py") | Out-Null
|
||||
python (Join-Path $PSScriptRoot "..\\fixtures\\reachbench-2025-expanded\\harness\\update_variant_manifests.py") | Out-Null
|
||||
|
||||
Write-Host "reachability: manifests regenerated"
|
||||
|
||||
9
tests/reachability/runners/run_all.sh
Normal file
9
tests/reachability/runners/run_all.sh
Normal file
@@ -0,0 +1,9 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
python3 "$(dirname "$0")/../scripts/update_corpus_manifest.py" >/dev/null
|
||||
python3 "$(dirname "$0")/../samples-public/scripts/update_manifest.py" >/dev/null
|
||||
python3 "$(dirname "$0")/../fixtures/reachbench-2025-expanded/harness/update_variant_manifests.py" >/dev/null
|
||||
|
||||
echo "reachability: manifests regenerated"
|
||||
|
||||
@@ -9,7 +9,7 @@ import json
|
||||
from pathlib import Path
|
||||
|
||||
ROOT = Path(__file__).resolve().parents[1] / "corpus"
|
||||
FILE_LIST = ["expect.yaml", "callgraph.static.json", "vex.openvex.json"]
|
||||
FILE_LIST = ["callgraph.static.json", "ground-truth.json", "vex.openvex.json"]
|
||||
|
||||
def sha256(path: Path) -> str:
|
||||
return hashlib.sha256(path.read_bytes()).hexdigest()
|
||||
@@ -30,7 +30,7 @@ def main() -> int:
|
||||
"files": files,
|
||||
})
|
||||
manifest_path = ROOT / "manifest.json"
|
||||
manifest_path.write_text(json.dumps(entries, indent=2, sort_keys=True))
|
||||
manifest_path.write_text(json.dumps(entries, indent=2, sort_keys=True) + "\n")
|
||||
print(f"wrote {manifest_path} ({len(entries)} entries)")
|
||||
return 0
|
||||
|
||||
|
||||
@@ -3,7 +3,7 @@ using System.Runtime.CompilerServices;
|
||||
namespace StellaOps.Testing;
|
||||
|
||||
/// <summary>
|
||||
/// Automatically ensures OpenSSL 1.1 shim is visible for Mongo2Go-based tests.
|
||||
/// Automatically ensures OpenSSL 1.1 shim is visible for tests that require legacy OpenSSL.
|
||||
/// </summary>
|
||||
internal static class OpenSslAutoInit
|
||||
{
|
||||
|
||||
@@ -5,7 +5,7 @@ using System.Linq;
|
||||
namespace StellaOps.Testing;
|
||||
|
||||
/// <summary>
|
||||
/// Ensures OpenSSL 1.1 native libraries are visible to Mongo2Go on platforms that no longer ship them.
|
||||
/// Ensures OpenSSL 1.1 native libraries are visible on platforms that no longer ship them.
|
||||
/// </summary>
|
||||
public static class OpenSslLegacyShim
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user