feat(rate-limiting): Implement core rate limiting functionality with configuration, decision-making, metrics, middleware, and service registration

- Add RateLimitConfig for configuration management with YAML binding support. - Introduce RateLimitDecision to encapsulate the result of rate limit checks. - Implement RateLimitMetrics for OpenTelemetry metrics tracking. - Create RateLimitMiddleware for enforcing rate limits on incoming requests. - Develop RateLimitService to orchestrate instance and environment rate limit checks. - Add RateLimitServiceCollectionExtensions for dependency injection registration.
2025-12-17 18:02:37 +02:00
parent 394b57f6bf
commit 8bbfe4d2d2
211 changed files with 47179 additions and 1590 deletions
--- a/datasets/reachability/ground-truth/basic/gt-0004/main.c
+++ b/datasets/reachability/ground-truth/basic/gt-0004/main.c
@@ -0,0 +1,37 @@
+// gt-0004: Function pointer call to sink
+// Expected: REACHABLE (tier: executed)
+// Vulnerability: CWE-120 (Buffer Copy without Checking Size)
+
+#include <stdio.h>
+#include <string.h>
+
+typedef void (*copy_func_t)(char *, const char *);
+
+void copy_data(char *dest, const char *src) {
+    // Vulnerable: strcpy without bounds check
+    strcpy(dest, src);  // SINK: CWE-120
+}
+
+void safe_copy(char *dest, const char *src) {
+    strncpy(dest, src, 31);
+    dest[31] = '\0';
+}
+
+int main(int argc, char *argv[]) {
+    char buffer[32];
+    copy_func_t copier;
+    
+    // Function pointer assignment - harder for static analysis
+    if (argc > 2 && argv[2][0] == 's') {
+        copier = safe_copy;
+    } else {
+        copier = copy_data;  // Vulnerable path selected
+    }
+    
+    if (argc > 1) {
+        copier(buffer, argv[1]);  // Indirect call
+        printf("Result: %s\n", buffer);
+    }
+    
+    return 0;
+}
--- a/datasets/reachability/ground-truth/basic/gt-0004/sample.manifest.json
+++ b/datasets/reachability/ground-truth/basic/gt-0004/sample.manifest.json
@@ -0,0 +1,31 @@
+{
+  "$schema": "https://stellaops.io/schemas/sample-manifest.v1.json",
+  "sampleId": "gt-0004",
+  "version": "1.0.0",
+  "category": "basic",
+  "description": "Function pointer call to sink - REACHABLE",
+  "language": "c",
+  "expectedResult": {
+    "reachable": true,
+    "tier": "executed",
+    "confidence": 0.9
+  },
+  "source": {
+    "files": ["main.c"],
+    "entrypoint": "main",
+    "sink": "strcpy",
+    "vulnerability": "CWE-120"
+  },
+  "callChain": [
+    {"function": "main", "file": "main.c", "line": 18},
+    {"function": "<function_ptr>", "file": "main.c", "line": 19},
+    {"function": "copy_data", "file": "main.c", "line": 8},
+    {"function": "strcpy", "file": "<libc>", "line": null}
+  ],
+  "annotations": {
+    "notes": "Indirect call via function pointer - harder for static analysis",
+    "difficulty": "medium"
+  },
+  "createdAt": "2025-12-17T00:00:00Z",
+  "createdBy": "corpus-team"
+}