{
  "version": "1.0.0",
  "cases": [
    {
      "case_id": "c-unsafe-system:001",
      "case_version": "1.0.0",
      "notes": "User input forwarded to system() without validation.",
      "sinks": [
        {
          "sink_id": "UnsafeSystem::main",
          "label": "reachable",
          "confidence": "high",
          "static_evidence": {
            "call_path": [
              "main(argv)",
              "run_command",
              "system()"
            ]
          },
          "dynamic_evidence": {
            "covered_by_tests": [
              "tests/run-tests.sh"
            ],
            "coverage_files": [
              "outputs/coverage.json"
            ]
          },
          "config_conditions": [],
          "notes": "Command injection sink reachable with any argument."
        }
      ]
    }
  ]
}