up

2025-11-30 21:01:00 +02:00
parent 25254e3831
commit 808ab87b21
54 changed files with 1163 additions and 8 deletions
--- a/bench/reachability-benchmark/cases/js/express-eval/outputs/SINK_REACHED
+++ b/bench/reachability-benchmark/cases/js/express-eval/outputs/SINK_REACHED
@@ -0,0 +1 @@
+true
--- a/bench/reachability-benchmark/cases/js/express-eval/outputs/binary.tar.gz
+++ b/bench/reachability-benchmark/cases/js/express-eval/outputs/binary.tar.gz
--- a/bench/reachability-benchmark/cases/js/express-eval/outputs/coverage.json
+++ b/bench/reachability-benchmark/cases/js/express-eval/outputs/coverage.json
@@ -0,0 +1,15 @@
+{
+  "files": {
+    "src/app.js": {
+      "lines_covered": [
+        5,
+        6,
+        7,
+        13,
+        18,
+        19
+      ],
+      "lines_total": 40
+    }
+  }
+}
--- a/bench/reachability-benchmark/cases/js/express-eval/outputs/traces/traces.json
+++ b/bench/reachability-benchmark/cases/js/express-eval/outputs/traces/traces.json
@@ -0,0 +1,10 @@
+{
+  "entry": "POST /api/admin/exec",
+  "path": [
+    "app.js::createServer",
+    "handler",
+    "eval(code)"
+  ],
+  "sink": "ExpressEval::exec",
+  "notes": "Admin exec reached"
+}
--- a/bench/reachability-benchmark/cases/js/express-guarded/outputs/binary.tar.gz
+++ b/bench/reachability-benchmark/cases/js/express-guarded/outputs/binary.tar.gz
--- a/bench/reachability-benchmark/cases/js/express-guarded/outputs/coverage.json
+++ b/bench/reachability-benchmark/cases/js/express-guarded/outputs/coverage.json
@@ -0,0 +1,16 @@
+{
+  "files": {
+    "src/app.js": {
+      "lines_covered": [
+        5,
+        6,
+        7,
+        12,
+        13,
+        14,
+        15
+      ],
+      "lines_total": 50
+    }
+  }
+}
--- a/bench/reachability-benchmark/cases/js/express-guarded/outputs/traces/traces.json
+++ b/bench/reachability-benchmark/cases/js/express-guarded/outputs/traces/traces.json
@@ -0,0 +1,9 @@
+{
+  "entry": "POST /api/admin/exec",
+  "path": [
+    "app.js::createServer",
+    "guard: ALLOW_EXEC!=true"
+  ],
+  "sink": "ExpressGuarded::exec",
+  "notes": "Guard blocked sink"
+}
--- a/bench/reachability-benchmark/cases/js/fastify-template/outputs/SINK_REACHED
+++ b/bench/reachability-benchmark/cases/js/fastify-template/outputs/SINK_REACHED
@@ -0,0 +1 @@
+true
--- a/bench/reachability-benchmark/cases/js/fastify-template/outputs/binary.tar.gz
+++ b/bench/reachability-benchmark/cases/js/fastify-template/outputs/binary.tar.gz
--- a/bench/reachability-benchmark/cases/js/fastify-template/outputs/coverage.json
+++ b/bench/reachability-benchmark/cases/js/fastify-template/outputs/coverage.json
@@ -0,0 +1,15 @@
+{
+  "files": {
+    "src/app.js": {
+      "lines_covered": [
+        5,
+        6,
+        7,
+        13,
+        18,
+        20
+      ],
+      "lines_total": 45
+    }
+  }
+}
--- a/bench/reachability-benchmark/cases/js/fastify-template/outputs/traces/traces.json
+++ b/bench/reachability-benchmark/cases/js/fastify-template/outputs/traces/traces.json
@@ -0,0 +1,9 @@
+{
+  "entry": "POST /api/render",
+  "path": [
+    "app.js::createServer",
+    "render template"
+  ],
+  "sink": "FastifyTemplate::render",
+  "notes": "Template rendered with user input"
+}
--- a/bench/reachability-benchmark/cases/js/guarded-eval/outputs/binary.tar.gz
+++ b/bench/reachability-benchmark/cases/js/guarded-eval/outputs/binary.tar.gz
--- a/bench/reachability-benchmark/cases/js/guarded-eval/outputs/coverage.json
+++ b/bench/reachability-benchmark/cases/js/guarded-eval/outputs/coverage.json
@@ -0,0 +1,15 @@
+{
+  "files": {
+    "src/app.js": {
+      "lines_covered": [
+        5,
+        6,
+        7,
+        9,
+        10,
+        11
+      ],
+      "lines_total": 32
+    }
+  }
+}
--- a/bench/reachability-benchmark/cases/js/guarded-eval/outputs/traces/traces.json
+++ b/bench/reachability-benchmark/cases/js/guarded-eval/outputs/traces/traces.json
@@ -0,0 +1,9 @@
+{
+  "entry": "POST /api/exec",
+  "path": [
+    "app.js:handleRequest",
+    "guard: FEATURE_ENABLE != 1"
+  ],
+  "sink": "GuardedEval::handleRequest",
+  "notes": "Guard prevented sink execution"
+}
--- a/bench/reachability-benchmark/cases/js/unsafe-eval/outputs/SINK_REACHED
+++ b/bench/reachability-benchmark/cases/js/unsafe-eval/outputs/SINK_REACHED
@@ -0,0 +1 @@
+true
--- a/bench/reachability-benchmark/cases/js/unsafe-eval/outputs/binary.tar.gz
+++ b/bench/reachability-benchmark/cases/js/unsafe-eval/outputs/binary.tar.gz
--- a/bench/reachability-benchmark/cases/js/unsafe-eval/outputs/coverage.json
+++ b/bench/reachability-benchmark/cases/js/unsafe-eval/outputs/coverage.json
@@ -0,0 +1,14 @@
+{
+  "files": {
+    "src/app.js": {
+      "lines_covered": [
+        5,
+        6,
+        7,
+        12,
+        15
+      ],
+      "lines_total": 30
+    }
+  }
+}
--- a/bench/reachability-benchmark/cases/js/unsafe-eval/outputs/traces/traces.json
+++ b/bench/reachability-benchmark/cases/js/unsafe-eval/outputs/traces/traces.json
@@ -0,0 +1,9 @@
+{
+  "entry": "POST /api/exec",
+  "path": [
+    "app.js:handleRequest",
+    "eval(code)"
+  ],
+  "sink": "UnsafeEval::handleRequest",
+  "notes": "Test-driven dynamic trace"
+}
--- a/bench/reachability-benchmark/cases/py/django-ssti/outputs/SINK_REACHED
+++ b/bench/reachability-benchmark/cases/py/django-ssti/outputs/SINK_REACHED
@@ -0,0 +1 @@
+true
--- a/bench/reachability-benchmark/cases/py/django-ssti/outputs/binary.tar.gz
+++ b/bench/reachability-benchmark/cases/py/django-ssti/outputs/binary.tar.gz
--- a/bench/reachability-benchmark/cases/py/django-ssti/outputs/coverage.json
+++ b/bench/reachability-benchmark/cases/py/django-ssti/outputs/coverage.json
@@ -0,0 +1,16 @@
+{
+  "files": {
+    "src/app.py": {
+      "lines_covered": [
+        3,
+        4,
+        5,
+        7,
+        8,
+        9,
+        10
+      ],
+      "lines_total": 38
+    }
+  }
+}
--- a/bench/reachability-benchmark/cases/py/django-ssti/outputs/traces/traces.json
+++ b/bench/reachability-benchmark/cases/py/django-ssti/outputs/traces/traces.json
@@ -0,0 +1,9 @@
+{
+  "entry": "POST /render",
+  "path": [
+    "app.py::handle_request",
+    "render"
+  ],
+  "sink": "DjangoSSTI::render",
+  "notes": "Template rendered (autoescape off)"
+}
--- a/bench/reachability-benchmark/cases/py/fastapi-guarded/outputs/binary.tar.gz
+++ b/bench/reachability-benchmark/cases/py/fastapi-guarded/outputs/binary.tar.gz
--- a/bench/reachability-benchmark/cases/py/fastapi-guarded/outputs/coverage.json
+++ b/bench/reachability-benchmark/cases/py/fastapi-guarded/outputs/coverage.json
@@ -0,0 +1,15 @@
+{
+  "files": {
+    "src/app.py": {
+      "lines_covered": [
+        3,
+        4,
+        5,
+        8,
+        9,
+        11
+      ],
+      "lines_total": 40
+    }
+  }
+}
--- a/bench/reachability-benchmark/cases/py/fastapi-guarded/outputs/traces/traces.json
+++ b/bench/reachability-benchmark/cases/py/fastapi-guarded/outputs/traces/traces.json
@@ -0,0 +1,9 @@
+{
+  "entry": "POST /exec",
+  "path": [
+    "app.py::handle_request",
+    "guard: ALLOW_EXEC!=true"
+  ],
+  "sink": "FastApiGuarded::handle_request",
+  "notes": "Guard blocked eval"
+}
--- a/bench/reachability-benchmark/cases/py/flask-template/outputs/SINK_REACHED
+++ b/bench/reachability-benchmark/cases/py/flask-template/outputs/SINK_REACHED
@@ -0,0 +1 @@
+true
--- a/bench/reachability-benchmark/cases/py/flask-template/outputs/binary.tar.gz
+++ b/bench/reachability-benchmark/cases/py/flask-template/outputs/binary.tar.gz
--- a/bench/reachability-benchmark/cases/py/flask-template/outputs/coverage.json
+++ b/bench/reachability-benchmark/cases/py/flask-template/outputs/coverage.json
@@ -0,0 +1,16 @@
+{
+  "files": {
+    "src/app.py": {
+      "lines_covered": [
+        4,
+        5,
+        6,
+        8,
+        9,
+        10,
+        11
+      ],
+      "lines_total": 40
+    }
+  }
+}
--- a/bench/reachability-benchmark/cases/py/flask-template/outputs/traces/traces.json
+++ b/bench/reachability-benchmark/cases/py/flask-template/outputs/traces/traces.json
@@ -0,0 +1,9 @@
+{
+  "entry": "POST /render",
+  "path": [
+    "app.py::handle_request",
+    "render"
+  ],
+  "sink": "FlaskTemplate::render",
+  "notes": "Template rendered"
+}
--- a/bench/reachability-benchmark/cases/py/guarded-exec/outputs/binary.tar.gz
+++ b/bench/reachability-benchmark/cases/py/guarded-exec/outputs/binary.tar.gz
--- a/bench/reachability-benchmark/cases/py/guarded-exec/outputs/coverage.json
+++ b/bench/reachability-benchmark/cases/py/guarded-exec/outputs/coverage.json
@@ -0,0 +1,15 @@
+{
+  "files": {
+    "src/app.py": {
+      "lines_covered": [
+        3,
+        4,
+        5,
+        8,
+        9,
+        11
+      ],
+      "lines_total": 34
+    }
+  }
+}
--- a/bench/reachability-benchmark/cases/py/guarded-exec/outputs/traces/traces.json
+++ b/bench/reachability-benchmark/cases/py/guarded-exec/outputs/traces/traces.json
@@ -0,0 +1,9 @@
+{
+  "entry": "POST /api/exec",
+  "path": [
+    "app.py::handle_request",
+    "guard: FEATURE_ENABLE != 1"
+  ],
+  "sink": "PyGuardedExec::handle_request",
+  "notes": "Guard blocked eval"
+}
--- a/bench/reachability-benchmark/cases/py/unsafe-exec/outputs/SINK_REACHED
+++ b/bench/reachability-benchmark/cases/py/unsafe-exec/outputs/SINK_REACHED
@@ -0,0 +1 @@
+true
--- a/bench/reachability-benchmark/cases/py/unsafe-exec/outputs/binary.tar.gz
+++ b/bench/reachability-benchmark/cases/py/unsafe-exec/outputs/binary.tar.gz
--- a/bench/reachability-benchmark/cases/py/unsafe-exec/outputs/coverage.json
+++ b/bench/reachability-benchmark/cases/py/unsafe-exec/outputs/coverage.json
@@ -0,0 +1,14 @@
+{
+  "files": {
+    "src/app.py": {
+      "lines_covered": [
+        3,
+        4,
+        5,
+        8,
+        10
+      ],
+      "lines_total": 30
+    }
+  }
+}
--- a/bench/reachability-benchmark/cases/py/unsafe-exec/outputs/traces/traces.json
+++ b/bench/reachability-benchmark/cases/py/unsafe-exec/outputs/traces/traces.json
@@ -0,0 +1,9 @@
+{
+  "entry": "POST /api/exec",
+  "path": [
+    "app.py::handle_request",
+    "eval(code)"
+  ],
+  "sink": "PyUnsafeExec::handle_request",
+  "notes": "Eval reached"
+}