stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Add integration tests for Proof Chain and Reachability workflows

Browse Source 
- Implement ProofChainTestFixture for PostgreSQL-backed integration tests.
- Create StellaOps.Integration.ProofChain project with necessary dependencies.
- Add ReachabilityIntegrationTests to validate call graph extraction and reachability analysis.
- Introduce ReachabilityTestFixture for managing corpus and fixture paths.
- Establish StellaOps.Integration.Reachability project with required references.
- Develop UnknownsWorkflowTests to cover the unknowns lifecycle: detection, ranking, escalation, and resolution.
- Create StellaOps.Integration.Unknowns project with dependencies for unknowns workflow.
This commit is contained in:
StellaOps Bot
2025-12-20 22:19:26 +02:00
parent 3c6e14fca5
commit efe9bd8cfe
86 changed files with 9616 additions and 323 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
bench/golden-corpus/reachability/reachable/confirmed-path/callgraph.json Normal file
View File

@@ -0,0 +1,61 @@
{
"schema_version": "reach-corpus.callgraph/v1",
"analysis_timestamp": "2025-01-15T00:00:00Z",
"target_package": "pkg:nuget/SerializationLib@2.0.0",
"nodes": [
{
"id": "node-001",
"symbol": "Example.Api.Controllers.DataController.Import",
"type": "entrypoint",
"file": "src/Controllers/DataController.cs",
"line": 25,
"attributes": {
"http_method": "POST",
"route": "/api/data/import"
}
},
{
"id": "node-002",
"symbol": "Example.Services.ImportService.ProcessData",
"type": "method",
"file": "src/Services/ImportService.cs",
"line": 42
},
{
"id": "node-003",
"symbol": "SerializationLib.JsonSerializer.Deserialize",
"type": "sink",
"file": null,
"line": null,
"package": "pkg:nuget/SerializationLib@2.0.0",
"vulnerable": true,
"cve_ids": ["CVE-2024-11111"]
}
],
"edges": [
{
"from": "node-001",
"to": "node-002",
"type": "call"
},
{
"from": "node-002",
"to": "node-003",
"type": "call",
"tainted": true,
"taint_source": "http_body"
}
],
"reachability_result": {
"status": "reachable",
"confidence": 0.92,
"paths": [
{
"path_id": "path-001",
"nodes": ["node-001", "node-002", "node-003"],
"taint_flow": true,
"explanation": "HTTP POST body flows through ImportService to vulnerable Deserialize method"
}
]
}
}

29
bench/golden-corpus/reachability/reachable/confirmed-path/case.json Normal file
View File

@@ -0,0 +1,29 @@
{
"schema_version": "stellaops.golden.case/v1",
"case_id": "reachability-confirmed-reachable",
"category": "reachability/reachable",
"description": "High severity CVE with confirmed reachable code path from entrypoint",
"tags": ["reachability", "reachable", "call-graph", "taint-analysis"],
"cve_id": "CVE-2024-11111",
"cwe_id": "CWE-502",
"affected_package": {
"purl": "pkg:nuget/SerializationLib@2.0.0",
"ecosystem": "nuget",
"name": "SerializationLib",
"version": "2.0.0",
"vendor": "Example"
},
"scenario": {
"base_cvss": 8.1,
"kev_listed": false,
"exploit_maturity": "proof-of-concept",
"reachability": "reachable",
"vex_status": null
},
"expected_outcome": {
"stella_score_min": 7.5,
"stella_score_max": 8.5,
"action": "remediate-soon"
},
"notes": "Call graph analysis confirms vulnerable deserialization code is reachable from HTTP endpoint."
}

30
bench/golden-corpus/reachability/reachable/confirmed-path/expected-score.json Normal file
View File

@@ -0,0 +1,30 @@
{
"schema_version": "stellaops.golden.expected/v1",
"case_id": "reachability-confirmed-reachable",
"determinism_salt": "frozen-2025-01-15T00:00:00Z",
"score_hash": "sha256:b8c9d0e1f2a34567890123456789012345678901234567890123456789b234",
"stella_score": 7.9,
"scoring_factors": {
"base_cvss": 8.1,
"temporal_cvss": 7.8,
"environmental_cvss": 7.9,
"kev_multiplier": 1.0,
"exploit_maturity_adjustment": -0.2,
"reachability_adjustment": 0.0,
"vex_adjustment": 0.0
},
"flags": {
"kev_listed": false,
"exploit_maturity": "proof-of-concept",
"reachability_status": "reachable",
"reachability_confidence": 0.92,
"vex_status": null
},
"action_recommendation": "remediate-soon",
"action_rationale": "High severity deserialization vulnerability (CVSS 8.1) with confirmed reachable path from HTTP endpoint. PoC exists.",
"expected_assertions": {
"score_ge": 7.5,
"score_le": 8.5,
"reachability_reachable": true
}
}

29
bench/golden-corpus/reachability/unknown/analysis-incomplete/case.json Normal file
View File

@@ -0,0 +1,29 @@
{
"schema_version": "stellaops.golden.case/v1",
"case_id": "reachability-unknown-analysis-incomplete",
"category": "reachability/unknown",
"description": "High severity CVE with unknown reachability - analysis inconclusive",
"tags": ["reachability", "unknown", "inconclusive"],
"cve_id": "CVE-2024-33333",
"cwe_id": "CWE-611",
"affected_package": {
"purl": "pkg:nuget/XmlParser@3.0.0",
"ecosystem": "nuget",
"name": "XmlParser",
"version": "3.0.0",
"vendor": "Example"
},
"scenario": {
"base_cvss": 7.5,
"kev_listed": false,
"exploit_maturity": "unproven",
"reachability": "unknown",
"vex_status": null
},
"expected_outcome": {
"stella_score_min": 5.5,
"stella_score_max": 7.5,
"action": "investigate"
},
"notes": "Static analysis could not determine reachability. Dynamic analysis or manual review recommended."
}

30
bench/golden-corpus/reachability/unknown/analysis-incomplete/expected-score.json Normal file
View File

@@ -0,0 +1,30 @@
{
"schema_version": "stellaops.golden.expected/v1",
"case_id": "reachability-unknown-analysis-incomplete",
"determinism_salt": "frozen-2025-01-15T00:00:00Z",
"score_hash": "sha256:d0e1f2a3b4c56789012345678901234567890123456789012345678901d456",
"stella_score": 6.5,
"scoring_factors": {
"base_cvss": 7.5,
"temporal_cvss": 7.0,
"environmental_cvss": 6.5,
"kev_multiplier": 1.0,
"exploit_maturity_adjustment": -0.5,
"reachability_adjustment": 0.0,
"vex_adjustment": 0.0
},
"flags": {
"kev_listed": false,
"exploit_maturity": "unproven",
"reachability_status": "unknown",
"reachability_confidence": 0.0,
"vex_status": null
},
"action_recommendation": "investigate",
"action_rationale": "High severity XXE (CVSS 7.5) with unknown reachability. Cannot confirm or deny exploitability. Manual review needed.",
"expected_assertions": {
"score_ge": 5.5,
"score_le": 7.5,
"reachability_unknown": true
}
}

60
bench/golden-corpus/reachability/unreachable/dead-code/callgraph.json Normal file
View File

@@ -0,0 +1,60 @@
{
"schema_version": "reach-corpus.callgraph/v1",
"analysis_timestamp": "2025-01-15T00:00:00Z",
"target_package": "pkg:nuget/ScriptEngine@1.5.0",
"nodes": [
{
"id": "node-001",
"symbol": "Example.Api.Controllers.MainController.Index",
"type": "entrypoint",
"file": "src/Controllers/MainController.cs",
"line": 15
},
{
"id": "node-002",
"symbol": "Example.Services.DataService.Process",
"type": "method",
"file": "src/Services/DataService.cs",
"line": 30
},
{
"id": "node-003",
"symbol": "Example.Legacy.ScriptRunner.Execute",
"type": "method",
"file": "src/Legacy/ScriptRunner.cs",
"line": 50,
"attributes": {
"dead_code": true,
"reason": "no_callers"
}
},
{
"id": "node-004",
"symbol": "ScriptEngine.Evaluator.Eval",
"type": "sink",
"file": null,
"line": null,
"package": "pkg:nuget/ScriptEngine@1.5.0",
"vulnerable": true,
"cve_ids": ["CVE-2024-22222"]
}
],
"edges": [
{
"from": "node-001",
"to": "node-002",
"type": "call"
},
{
"from": "node-003",
"to": "node-004",
"type": "call"
}
],
"reachability_result": {
"status": "unreachable",
"confidence": 0.95,
"paths": [],
"explanation": "ScriptRunner.Execute has no callers. The vulnerable Eval method is only called from dead code."
}
}

29
bench/golden-corpus/reachability/unreachable/dead-code/case.json Normal file
View File

@@ -0,0 +1,29 @@
{
"schema_version": "stellaops.golden.case/v1",
"case_id": "reachability-unreachable-dead-code",
"category": "reachability/unreachable",
"description": "High severity CVE in dead code - no path from entrypoints",
"tags": ["reachability", "unreachable", "dead-code"],
"cve_id": "CVE-2024-22222",
"cwe_id": "CWE-94",
"affected_package": {
"purl": "pkg:nuget/ScriptEngine@1.5.0",
"ecosystem": "nuget",
"name": "ScriptEngine",
"version": "1.5.0",
"vendor": "Example"
},
"scenario": {
"base_cvss": 9.0,
"kev_listed": false,
"exploit_maturity": "proof-of-concept",
"reachability": "unreachable",
"vex_status": null
},
"expected_outcome": {
"stella_score_min": 3.0,
"stella_score_max": 5.0,
"action": "backlog"
},
"notes": "Critical code injection CVE but vulnerable method is in dead code path. Score significantly reduced."
}

30
bench/golden-corpus/reachability/unreachable/dead-code/expected-score.json Normal file
View File

@@ -0,0 +1,30 @@
{
"schema_version": "stellaops.golden.expected/v1",
"case_id": "reachability-unreachable-dead-code",
"determinism_salt": "frozen-2025-01-15T00:00:00Z",
"score_hash": "sha256:c9d0e1f2a3b45678901234567890123456789012345678901234567890c345",
"stella_score": 4.2,
"scoring_factors": {
"base_cvss": 9.0,
"temporal_cvss": 8.5,
"environmental_cvss": 4.2,
"kev_multiplier": 1.0,
"exploit_maturity_adjustment": -0.3,
"reachability_adjustment": -4.3,
"vex_adjustment": 0.0
},
"flags": {
"kev_listed": false,
"exploit_maturity": "proof-of-concept",
"reachability_status": "unreachable",
"reachability_confidence": 0.95,
"vex_status": null
},
"action_recommendation": "backlog",
"action_rationale": "Critical code injection (CVSS 9.0) but vulnerable code is unreachable (dead code). Add to backlog for cleanup.",
"expected_assertions": {
"score_ge": 3.0,
"score_le": 5.0,
"reachability_unreachable": true
}
}