stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

up
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Notify Smoke Test / Notify Unit Tests (push) Has been cancelled
Details
Notify Smoke Test / Notifier Service Tests (push) Has been cancelled
Details
Notify Smoke Test / Notification Smoke Test (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Details
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
Details
Signals CI & Image / signals-ci (push) Has been cancelled
Details
Signals Reachability Scoring & Events / reachability-smoke (push) Has been cancelled
Details
Signals Reachability Scoring & Events / sign-and-upload (push) Has been cancelled
Details
Manifest Integrity / Validate Schema Integrity (push) Has been cancelled
Details
Manifest Integrity / Validate Contract Documents (push) Has been cancelled
Details
Manifest Integrity / Validate Pack Fixtures (push) Has been cancelled
Details
Manifest Integrity / Audit SHA256SUMS Files (push) Has been cancelled
Details
Manifest Integrity / Verify Merkle Roots (push) Has been cancelled
Details
devportal-offline / build-offline (push) Has been cancelled
Details
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
Details

Browse Source
This commit is contained in:
StellaOps Bot
2025-12-13 18:08:55 +02:00
parent 6e45066e37
commit f1a39c4ce3
234 changed files with 24038 additions and 6910 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
tests/reachability/fixtures/patch-oracles/cases/curl-CVE-2023-38545-socks5-heap/reachable.oracle.json Normal file
View File

@@ -0,0 +1,56 @@
{
"schema_version": "patch-oracle/v1",
"id": "curl-CVE-2023-38545-socks5-heap-reachable",
"case_ref": "curl-CVE-2023-38545-socks5-heap",
"variant": "reachable",
"description": "Validates that the SOCKS5 heap overflow vulnerability path is reachable from network handler to vulnerable sink",
"expected_functions": [
{
"symbol_id": "sym://net:handler#read",
"kind": "entrypoint",
"required": true,
"reason": "Network read handler is the entry point for external data"
},
{
"symbol_id": "sym://curl:curl.c#entry",
"kind": "function",
"required": true,
"reason": "SOCKS5 protocol handling entry point"
},
{
"symbol_id": "sym://curl:curl.c#sink",
"kind": "function",
"required": true,
"reason": "Vulnerable buffer handling function"
}
],
"expected_edges": [
{
"from": "sym://net:handler#read",
"to": "sym://curl:curl.c#entry",
"kind": "call",
"min_confidence": 0.8,
"required": true,
"reason": "Data flows from network handler to SOCKS5 handler"
},
{
"from": "sym://curl:curl.c#entry",
"to": "sym://curl:curl.c#sink",
"kind": "call",
"min_confidence": 0.8,
"required": true,
"reason": "SOCKS5 handler invokes vulnerable buffer function"
}
],
"expected_roots": [
{
"id": "sym://net:handler#read",
"phase": "runtime",
"required": true,
"reason": "Network handler is the runtime entry point"
}
],
"min_confidence": 0.5,
"strict_mode": false,
"created_at": "2025-12-13T00:00:00Z"
}

32
tests/reachability/fixtures/patch-oracles/cases/curl-CVE-2023-38545-socks5-heap/unreachable.oracle.json Normal file
View File

@@ -0,0 +1,32 @@
{
"schema_version": "patch-oracle/v1",
"id": "curl-CVE-2023-38545-socks5-heap-unreachable",
"case_ref": "curl-CVE-2023-38545-socks5-heap",
"variant": "unreachable",
"description": "Validates that the SOCKS5 heap overflow vulnerability path is NOT reachable when SOCKS5 is disabled",
"expected_functions": [
{
"symbol_id": "sym://net:handler#read",
"kind": "entrypoint",
"required": true,
"reason": "Network read handler still exists but cannot reach vulnerable code"
}
],
"expected_edges": [],
"forbidden_functions": [
{
"symbol_id": "sym://curl:curl.c#sink",
"reason": "Vulnerable sink should not be in call graph when SOCKS5 disabled"
}
],
"forbidden_edges": [
{
"from": "sym://curl:curl.c#entry",
"to": "sym://curl:curl.c#sink",
"reason": "This edge should not exist when SOCKS5 is disabled"
}
],
"min_confidence": 0.5,
"strict_mode": false,
"created_at": "2025-12-13T00:00:00Z"
}

44
tests/reachability/fixtures/patch-oracles/cases/dotnet-kestrel-CVE-2023-44487-http2-rapid-reset/reachable.oracle.json Normal file
View File

@@ -0,0 +1,44 @@
{
"schema_version": "patch-oracle/v1",
"id": "dotnet-kestrel-CVE-2023-44487-http2-rapid-reset-reachable",
"case_ref": "dotnet-kestrel-CVE-2023-44487-http2-rapid-reset",
"variant": "reachable",
"description": "Validates that the HTTP/2 Rapid Reset DoS vulnerability path is reachable",
"expected_functions": [
{
"symbol_id": "sym://dotnet:Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http2.Http2Connection#ProcessRequestsAsync",
"lang": "dotnet",
"kind": "method",
"required": true,
"reason": "HTTP/2 connection handler entry point"
},
{
"symbol_id": "sym://dotnet:Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http2.Http2Stream#*",
"lang": "dotnet",
"kind": "method",
"required": true,
"reason": "HTTP/2 stream management affected by rapid reset"
}
],
"expected_edges": [
{
"from": "sym://dotnet:Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http2.Http2Connection#ProcessRequestsAsync",
"to": "sym://dotnet:Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http2.Http2Stream#*",
"kind": "call",
"min_confidence": 0.7,
"required": true,
"reason": "Connection handler creates/manages streams"
}
],
"expected_roots": [
{
"id": "sym://dotnet:Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http2.Http2Connection#ProcessRequestsAsync",
"phase": "runtime",
"required": true,
"reason": "HTTP/2 processing is a runtime entry point"
}
],
"min_confidence": 0.5,
"strict_mode": false,
"created_at": "2025-12-13T00:00:00Z"
}

64
tests/reachability/fixtures/patch-oracles/cases/java-log4j-CVE-2021-44228-log4shell/reachable.oracle.json Normal file
View File

@@ -0,0 +1,64 @@
{
"schema_version": "patch-oracle/v1",
"id": "java-log4j-CVE-2021-44228-log4shell-reachable",
"case_ref": "java-log4j-CVE-2021-44228-log4shell",
"variant": "reachable",
"description": "Validates that the Log4Shell JNDI injection path is reachable from logger to JNDI lookup",
"expected_functions": [
{
"symbol_id": "sym://java:org.apache.logging.log4j.core.Logger#logMessage",
"lang": "java",
"kind": "method",
"required": true,
"reason": "Logger entry point that processes user-controlled format strings"
},
{
"symbol_id": "sym://java:org.apache.logging.log4j.core.pattern.MessagePatternConverter#format",
"lang": "java",
"kind": "method",
"required": true,
"reason": "Pattern converter that triggers lookup substitution"
},
{
"symbol_id": "sym://java:org.apache.logging.log4j.core.lookup.StrSubstitutor#replace",
"lang": "java",
"kind": "method",
"required": true,
"reason": "String substitution that invokes lookups"
},
{
"symbol_id": "sym://java:org.apache.logging.log4j.core.lookup.JndiLookup#lookup",
"lang": "java",
"kind": "method",
"required": true,
"reason": "Vulnerable JNDI lookup method"
}
],
"expected_edges": [
{
"from": "sym://java:org.apache.logging.log4j.core.Logger#logMessage",
"to": "sym://java:org.apache.logging.log4j.core.pattern.MessagePatternConverter#format",
"kind": "call",
"required": true,
"reason": "Logger delegates to pattern converter"
},
{
"from": "sym://java:org.apache.logging.log4j.core.lookup.StrSubstitutor#replace",
"to": "sym://java:org.apache.logging.log4j.core.lookup.JndiLookup#lookup",
"kind": "call",
"required": true,
"reason": "String substitution invokes JNDI lookup"
}
],
"expected_roots": [
{
"id": "sym://java:org.apache.logging.log4j.core.Logger#*",
"phase": "runtime",
"required": true,
"reason": "Logger methods are runtime entry points"
}
],
"min_confidence": 0.6,
"strict_mode": false,
"created_at": "2025-12-13T00:00:00Z"
}