stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

up
Some checks failed
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Policy Simulation / policy-simulate (push) Has been cancelled
Details
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Signals CI & Image / signals-ci (push) Has been cancelled
Details
Signals Reachability Scoring & Events / reachability-smoke (push) Has been cancelled
Details
Signals Reachability Scoring & Events / sign-and-upload (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Details
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
Details

Browse Source
This commit is contained in:
StellaOps Bot
2025-12-13 09:37:15 +02:00
parent e00f6365da
commit 6e45066e37
349 changed files with 17160 additions and 1867 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
tests/reachability/corpus/README.md
View File

@@ -2,9 +2,10 @@
Layout
- `manifest.json` — deterministic SHA-256 hashes for each case file.
- `<language>/<case>/expect.yaml` — state (`reachable|conditional|unreachable`), score, evidence refs.
- `<language>/<case>/ground-truth.json` — expected reachability outcome (`reachable|unreachable`) and example path(s) (Reachbench truth schema v1).
- `<language>/<case>/callgraph.static.json` — static call graph sample (stub for MVP).
- `<language>/<case>/vex.openvex.json` — expected VEX slice for the case.
- Legacy `expect.yaml` has been retired; its state/score are preserved under `legacy_expect` in `ground-truth.json`.
Determinism
- JSON files have sorted keys; hashes recorded in `manifest.json`.

11
tests/reachability/corpus/dotnet/dotnet-kestrel-CVE-2023-44487-http2-rapid-reset/expect.yaml
View File

@@ -1,11 +0,0 @@
schema_version: reach-corpus.expect/v1
id: dotnet-kestrel-CVE-2023-44487-http2-rapid-reset
language: dotnet
state: reachable
score: 0.85
static_evidence:
callgraphs:
- callgraph.static.json
runtime_evidence: []
vex: vex.openvex.json
notes: "MVP fixture stub; replace with real callgraph and traces when available."

16
tests/reachability/corpus/dotnet/dotnet-kestrel-CVE-2023-44487-http2-rapid-reset/ground-truth.json Normal file
View File

@@ -0,0 +1,16 @@
{
"case_id": "dotnet-kestrel-CVE-2023-44487-http2-rapid-reset",
"legacy_expect": {
"schema_version": "reach-corpus.expect/v1",
"score": 0.85,
"state": "reachable"
},
"paths": [
[
"sym://dotnet:entry",
"sym://dotnet:sink"
]
],
"schema_version": "reachbench.reachgraph.truth/v1",
"variant": "reachable"
}

11
tests/reachability/corpus/go/go-ssh-CVE-2020-9283-keyexchange/expect.yaml
View File

@@ -1,11 +0,0 @@
schema_version: reach-corpus.expect/v1
id: go-ssh-CVE-2020-9283-keyexchange
language: go
state: reachable
score: 0.80
static_evidence:
callgraphs:
- callgraph.static.json
runtime_evidence: []
vex: vex.openvex.json
notes: "MVP fixture stub; replace with real callgraph and traces when available."

16
tests/reachability/corpus/go/go-ssh-CVE-2020-9283-keyexchange/ground-truth.json Normal file
View File

@@ -0,0 +1,16 @@
{
"case_id": "go-ssh-CVE-2020-9283-keyexchange",
"legacy_expect": {
"schema_version": "reach-corpus.expect/v1",
"score": 0.8,
"state": "reachable"
},
"paths": [
[
"sym://go:entry",
"sym://go:sink"
]
],
"schema_version": "reachbench.reachgraph.truth/v1",
"variant": "reachable"
}

26
tests/reachability/corpus/manifest.json
View File

@@ -1,38 +1,38 @@
[
{
"files": {
"callgraph.static.json": "b2f32c667c8ec76d50d2b106dc055777f0135e2cf6938540fd1840eda82b4fe7",
"expect.yaml": "ffbbd4d12e2ee1898db9c34556754df8b7e1b21208298831714ee5e18ff4637d",
"vex.openvex.json": "e8cb5215049b9b1fe76354da6f67e8a5ef336a49780a0881e50b85d3ac526e63"
"callgraph.static.json": "7359d8c26f16151a4b05cf0e6675e5c66b5ffb6396b906e74c0d5bb2f290e972",
"ground-truth.json": "5e9fe73eabe607c9912c64d7b3d31b456a2b74631b935ce81f769d4520303c59",
"vex.openvex.json": "c3593790f769974b1b66aa5331f1d3ad4d699f77f198b2e77e78659ee79d3c15"
},
"id": "dotnet-kestrel-CVE-2023-44487-http2-rapid-reset",
"language": "dotnet"
},
{
"files": {
"callgraph.static.json": "b2f32c667c8ec76d50d2b106dc055777f0135e2cf6938540fd1840eda82b4fe7",
"expect.yaml": "e9b38f76f0814b90c401368335cc953afc511d2256f3bfa76a84928175b506ac",
"vex.openvex.json": "e8cb5215049b9b1fe76354da6f67e8a5ef336a49780a0881e50b85d3ac526e63"
"callgraph.static.json": "7359d8c26f16151a4b05cf0e6675e5c66b5ffb6396b906e74c0d5bb2f290e972",
"ground-truth.json": "430adb2d001b526cff666336689006bad00e27c9f82582795a2d9dd106e1797d",
"vex.openvex.json": "c3593790f769974b1b66aa5331f1d3ad4d699f77f198b2e77e78659ee79d3c15"
},
"id": "go-ssh-CVE-2020-9283-keyexchange",
"language": "go"
},
{
"files": {
"callgraph.static.json": "b2f32c667c8ec76d50d2b106dc055777f0135e2cf6938540fd1840eda82b4fe7",
"expect.yaml": "381e9379618014f346e11462ffe79b22785113f05def078bf85c26fe7a696830",
"vex.openvex.json": "e8cb5215049b9b1fe76354da6f67e8a5ef336a49780a0881e50b85d3ac526e63"
"callgraph.static.json": "7359d8c26f16151a4b05cf0e6675e5c66b5ffb6396b906e74c0d5bb2f290e972",
"ground-truth.json": "50538def2e0a8b28134051b52a848eb4b53d43cf7a6eb6d041e8fc9f1d9210f1",
"vex.openvex.json": "c3593790f769974b1b66aa5331f1d3ad4d699f77f198b2e77e78659ee79d3c15"
},
"id": "python-django-CVE-2019-19844-sqli-like",
"language": "python"
},
{
"files": {
"callgraph.static.json": "b2f32c667c8ec76d50d2b106dc055777f0135e2cf6938540fd1840eda82b4fe7",
"expect.yaml": "6c3bd42fd80277b874021b2f1a43133a9365ad298428b202d75970037de5d95f",
"vex.openvex.json": "e8cb5215049b9b1fe76354da6f67e8a5ef336a49780a0881e50b85d3ac526e63"
"callgraph.static.json": "7359d8c26f16151a4b05cf0e6675e5c66b5ffb6396b906e74c0d5bb2f290e972",
"ground-truth.json": "36312fc03b7f46c8655c21448c9fb7acd6495344896b79010fbd9644a182a865",
"vex.openvex.json": "c3593790f769974b1b66aa5331f1d3ad4d699f77f198b2e77e78659ee79d3c15"
},
"id": "rust-axum-header-parsing-TBD",
"language": "rust"
}
]
]

11
tests/reachability/corpus/python/python-django-CVE-2019-19844-sqli-like/expect.yaml
View File

@@ -1,11 +0,0 @@
schema_version: reach-corpus.expect/v1
id: python-django-CVE-2019-19844-sqli-like
language: python
state: reachable
score: 0.80
static_evidence:
callgraphs:
- callgraph.static.json
runtime_evidence: []
vex: vex.openvex.json
notes: "MVP fixture stub; replace with real callgraph and traces when available."

16
tests/reachability/corpus/python/python-django-CVE-2019-19844-sqli-like/ground-truth.json Normal file
View File

@@ -0,0 +1,16 @@
{
"case_id": "python-django-CVE-2019-19844-sqli-like",
"legacy_expect": {
"schema_version": "reach-corpus.expect/v1",
"score": 0.8,
"state": "reachable"
},
"paths": [
[
"sym://python:entry",
"sym://python:sink"
]
],
"schema_version": "reachbench.reachgraph.truth/v1",
"variant": "reachable"
}

11
tests/reachability/corpus/rust/rust-axum-header-parsing-TBD/expect.yaml
View File

@@ -1,11 +0,0 @@
schema_version: reach-corpus.expect/v1
id: rust-axum-header-parsing-TBD
language: rust
state: conditional
score: 0.60
static_evidence:
callgraphs:
- callgraph.static.json
runtime_evidence: []
vex: vex.openvex.json
notes: "MVP fixture stub; replace with real callgraph and traces when available."

11
tests/reachability/corpus/rust/rust-axum-header-parsing-TBD/ground-truth.json Normal file
View File

@@ -0,0 +1,11 @@
{
"case_id": "rust-axum-header-parsing-TBD",
"legacy_expect": {
"schema_version": "reach-corpus.expect/v1",
"score": 0.6,
"state": "conditional"
},
"paths": [],
"schema_version": "reachbench.reachgraph.truth/v1",
"variant": "unreachable"
}