stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

up

Browse Source
This commit is contained in:
StellaOps Bot
2025-12-13 02:22:15 +02:00
parent 564df71bfb
commit 999e26a48e
395 changed files with 25045 additions and 2224 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
tests/reachability/samples-public/samples/js/js-002-yaml-unsafe-load/README.md Normal file
View File

@@ -0,0 +1,4 @@
# js-002-yaml-unsafe-load
Minimal JavaScript sample used as a public reachability fixture.

14
tests/reachability/samples-public/samples/js/js-002-yaml-unsafe-load/callgraph.static.json Normal file
View File

@@ -0,0 +1,14 @@
{
"schema_version": "1.0",
"roots": [
{ "id": "sym://js:src/index.js#main", "phase": "runtime", "source": "static" }
],
"nodes": [
{ "id": "sym://js:src/index.js#main", "name": "main", "kind": "function", "file": "src/index.js", "line": 1, "language": "nodejs" },
{ "id": "sym://js:node_modules/js-yaml#load", "name": "load", "kind": "function", "namespace": "js-yaml", "language": "nodejs" }
],
"edges": [
{ "from": "sym://js:src/index.js#main", "to": "sym://js:node_modules/js-yaml#load", "kind": "call" }
]
}

12
tests/reachability/samples-public/samples/js/js-002-yaml-unsafe-load/ground-truth.json Normal file
View File

@@ -0,0 +1,12 @@
{
"case_id": "js-002-yaml-unsafe-load",
"paths": [
[
"sym://js:src/index.js#main",
"sym://js:node_modules/js-yaml#load"
]
],
"schema_version": "reachbench.reachgraph.truth/v1",
"variant": "reachable"
}

6
tests/reachability/samples-public/samples/js/js-002-yaml-unsafe-load/index.js Normal file
View File

@@ -0,0 +1,6 @@
// Fixture-only sample: demonstrates an unsafe YAML load-style sink.
// Do not deploy.
const yaml = require("js-yaml");
yaml.load(process.env.PAYLOAD || "");

5
tests/reachability/samples-public/samples/js/js-002-yaml-unsafe-load/repro.sh Normal file
View File

@@ -0,0 +1,5 @@
#!/usr/bin/env bash
set -euo pipefail
echo "Fixture-only sample: no live repro; use callgraph.static.json + ground-truth.json for ingestion/tests."

22
tests/reachability/samples-public/samples/js/js-002-yaml-unsafe-load/sbom.cdx.json Normal file
View File

@@ -0,0 +1,22 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.6",
"version": 1,
"metadata": {
"component": {
"type": "application",
"name": "js-002-yaml-unsafe-load",
"version": "0.0.0",
"purl": "pkg:npm/js-002-yaml-unsafe-load@0.0.0"
}
},
"components": [
{
"type": "library",
"name": "js-yaml",
"version": "4.1.0",
"purl": "pkg:npm/js-yaml@4.1.0"
}
]
}

21
tests/reachability/samples-public/samples/js/js-002-yaml-unsafe-load/vex.openvex.json Normal file
View File

@@ -0,0 +1,21 @@
{
"@context": "https://openvex.dev/ns/v0.2.0",
"@id": "urn:stellaops:vex:js-002-yaml-unsafe-load",
"author": "StellaOps",
"timestamp": "2025-12-12T00:00:00Z",
"version": 1,
"statements": [
{
"vulnerability": {
"name": "CVE-TEST-0002"
},
"products": [
{
"@id": "pkg:npm/js-yaml@4.1.0"
}
],
"status": "under_investigation"
}
]
}