{
  "version": "1.0",
  "schema": "patch-oracle/v1",
  "generated_at": "2025-12-13T00:00:00Z",
  "description": "Patch-oracle fixtures for CI graph validation. Each oracle defines expected functions/edges that must be present (or absent) in generated reachability graphs.",
  "oracles": [
    {
      "id": "curl-CVE-2023-38545-socks5-heap-reachable",
      "case_ref": "curl-CVE-2023-38545-socks5-heap",
      "variant": "reachable",
      "path": "cases/curl-CVE-2023-38545-socks5-heap/reachable.oracle.json"
    },
    {
      "id": "curl-CVE-2023-38545-socks5-heap-unreachable",
      "case_ref": "curl-CVE-2023-38545-socks5-heap",
      "variant": "unreachable",
      "path": "cases/curl-CVE-2023-38545-socks5-heap/unreachable.oracle.json"
    },
    {
      "id": "java-log4j-CVE-2021-44228-log4shell-reachable",
      "case_ref": "java-log4j-CVE-2021-44228-log4shell",
      "variant": "reachable",
      "path": "cases/java-log4j-CVE-2021-44228-log4shell/reachable.oracle.json"
    },
    {
      "id": "dotnet-kestrel-CVE-2023-44487-http2-rapid-reset-reachable",
      "case_ref": "dotnet-kestrel-CVE-2023-44487-http2-rapid-reset",
      "variant": "reachable",
      "path": "cases/dotnet-kestrel-CVE-2023-44487-http2-rapid-reset/reachable.oracle.json"
    }
  ]
}