$schema: "https://json-schema.org/draft/2020-12/schema" $id: "https://stellaops.org/benchmark/reachability/case.schema.yaml" title: Reachability Benchmark Case Descriptor type: object required: - id - language - project - version - sinks - environment - build - test - sandbox - redaction properties: id: type: string description: Unique, stable case identifier (e.g. js-express-blog:001) pattern: "^[A-Za-z0-9._:-]+$" language: type: string enum: [js, py, java, c] project: type: string description: Short project name version: type: string description: Semantic-ish version of the case contents pattern: "^\\d+(\\.\\d+){0,2}(-[A-Za-z0-9._-]+)?$" description: type: string repository: type: string format: uri description: Upstream repo (if vendored); optional for in-repo cases entrypoints: type: array items: type: string uniqueItems: true sinks: type: array minItems: 1 items: type: object required: [id, path, kind, location] additionalProperties: false properties: id: type: string pattern: "^[A-Za-z0-9._:-]+$" path: type: string description: Fully-qualified function/method path for the sink kind: type: string enum: [http, file, crypto, process, deserialization, custom, command, memory] location: type: object required: [file] additionalProperties: false properties: file: type: string line: type: integer minimum: 1 notes: type: string environment: type: object required: [os_image] additionalProperties: false properties: os_image: type: string description: Base image or OS identifier (e.g. ubuntu:24.04) runtime: type: object description: Language/runtime versions additionalProperties: type: string compiler: type: string source_date_epoch: type: integer minimum: 0 resource_limits: type: object additionalProperties: false properties: cpu: type: string memory: type: string build: type: object required: [command, source_date_epoch] additionalProperties: false properties: command: type: string description: Deterministic build command (invokes Dockerfile/build.sh) source_date_epoch: type: integer minimum: 0 env: type: object additionalProperties: true outputs: type: object additionalProperties: false properties: artifact_path: type: string sbom_path: type: string coverage_path: type: string traces_dir: type: string attestation_path: type: string test: type: object required: [command] additionalProperties: false properties: command: type: string description: Oracle test command producing coverage/traces expected_coverage: type: array items: type: string expected_traces: type: array items: type: string env: type: object additionalProperties: true ground_truth: type: object description: Optional inline truth summary (full truth lives in truth files) additionalProperties: false properties: summary: type: string evidence_files: type: array items: type: string notes: type: string sandbox: type: object additionalProperties: false properties: network: type: string enum: [none, loopback, local] privileges: type: string enum: [rootless, root] redaction: type: object additionalProperties: false properties: pii: type: boolean policy: type: string additionalProperties: false