{ "@type": "https://stellaops.dev/predicates/proof-of-exposure@v1", "evidence": { "graphHash": "blake3:f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5", "sbomRef": "cas://scanner-artifacts/sbom.cdx.json" }, "metadata": { "analyzer": { "name": "stellaops-scanner", "toolchainDigest": "sha256:567890123456789012345678901234567890123456789012345678901234", "version": "1.2.0" }, "generatedAt": "2025-12-23T12:15:00.000Z", "policy": { "evaluatedAt": "2025-12-23T12:13:00.000Z", "policyDigest": "sha256:890123456789012345678901234567890123456789012345678901234567", "policyId": "prod-release-v42" }, "reproSteps": [ "1. Build container image from Dockerfile (commit: ghi789)", "2. Run scanner with config: etc/scanner.yaml (includeGuards=true)", "3. Extract reachability graph with maxDepth=10", "4. Resolve CVE-2024-56789 to vulnerable symbols with guard predicates" ] }, "schema": "stellaops.dev/poe@v1", "subject": { "buildId": "gnu-build-id:9c0d1e2f3a4b5c6d7e8f9a0b1c2d3e4f", "componentRef": "pkg:nuget/VulnerableLib@2.3.1", "imageDigest": "sha256:ghi789012345678901234567890123456789012345678901234567890123", "vulnId": "CVE-2024-56789" }, "subgraph": { "edges": [ { "confidence": 0.98, "from": "sym:csharp:WebApi.Controllers.PaymentController.ProcessPayment", "guards": [], "to": "sym:csharp:WebApi.Services.PaymentService.Charge" }, { "confidence": 0.96, "from": "sym:csharp:WebApi.Services.PaymentService.Charge", "guards": [ "FeatureFlags.EnableLegacyPayment" ], "to": "sym:csharp:WebApi.Legacy.LegacyPaymentAdapter.ProcessLegacy" }, { "confidence": 0.94, "from": "sym:csharp:WebApi.Legacy.LegacyPaymentAdapter.ProcessLegacy", "guards": [], "to": "sym:csharp:VulnerableLib.Crypto.InsecureHasher.ComputeHash" }, { "confidence": 0.97, "from": "sym:csharp:WebApi.Controllers.PaymentController.ProcessPayment", "guards": [], "to": "sym:csharp:WebApi.Services.PaymentService.Validate" }, { "confidence": 0.95, "from": "sym:csharp:WebApi.Services.PaymentService.Validate", "guards": [ "RuntimeInformation.IsOSPlatform(OSPlatform.Windows)" ], "to": "sym:csharp:WebApi.Validation.WindowsValidator.CheckSignature" }, { "confidence": 0.93, "from": "sym:csharp:WebApi.Validation.WindowsValidator.CheckSignature", "guards": [], "to": "sym:csharp:VulnerableLib.Crypto.InsecureHasher.ComputeHash" }, { "confidence": 0.92, "from": "sym:csharp:WebApi.Controllers.AdminController.MigrateData", "guards": [ "Environment.GetEnvironmentVariable(\"ENABLE_MIGRATION\") == \"true\"" ], "to": "sym:csharp:WebApi.Migration.DataMigrator.ExecuteMigration" }, { "confidence": 0.90, "from": "sym:csharp:WebApi.Migration.DataMigrator.ExecuteMigration", "guards": [], "to": "sym:csharp:WebApi.Legacy.LegacyDataConverter.ConvertFormat" }, { "confidence": 0.88, "from": "sym:csharp:WebApi.Legacy.LegacyDataConverter.ConvertFormat", "guards": [], "to": "sym:csharp:VulnerableLib.Crypto.InsecureHasher.ComputeHash" }, { "confidence": 0.87, "from": "sym:csharp:WebApi.Services.PaymentService.Charge", "guards": [], "to": "sym:csharp:WebApi.Logging.AuditLogger.LogTransaction" } ], "entryRefs": [ "sym:csharp:WebApi.Controllers.PaymentController.ProcessPayment", "sym:csharp:WebApi.Controllers.AdminController.MigrateData" ], "nodes": [ { "addr": "0x601000", "file": "PaymentController.cs", "id": "sym:csharp:WebApi.Controllers.PaymentController.ProcessPayment", "line": 56, "moduleHash": "sha256:601234567890123456789012345678901234567890123456789012345678", "symbol": "WebApi.Controllers.PaymentController.ProcessPayment(PaymentRequest)" }, { "addr": "0x602000", "file": "AdminController.cs", "id": "sym:csharp:WebApi.Controllers.AdminController.MigrateData", "line": 89, "moduleHash": "sha256:601234567890123456789012345678901234567890123456789012345678", "symbol": "WebApi.Controllers.AdminController.MigrateData()" }, { "addr": "0x603000", "file": "PaymentService.cs", "id": "sym:csharp:WebApi.Services.PaymentService.Charge", "line": 123, "moduleHash": "sha256:612345678901234567890123456789012345678901234567890123456789", "symbol": "WebApi.Services.PaymentService.Charge(decimal, string)" }, { "addr": "0x603100", "file": "PaymentService.cs", "id": "sym:csharp:WebApi.Services.PaymentService.Validate", "line": 167, "moduleHash": "sha256:612345678901234567890123456789012345678901234567890123456789", "symbol": "WebApi.Services.PaymentService.Validate(PaymentRequest)" }, { "addr": "0x604000", "file": "LegacyPaymentAdapter.cs", "id": "sym:csharp:WebApi.Legacy.LegacyPaymentAdapter.ProcessLegacy", "line": 78, "moduleHash": "sha256:623456789012345678901234567890123456789012345678901234567890", "symbol": "WebApi.Legacy.LegacyPaymentAdapter.ProcessLegacy(LegacyPayment)" }, { "addr": "0x605000", "file": "WindowsValidator.cs", "id": "sym:csharp:WebApi.Validation.WindowsValidator.CheckSignature", "line": 45, "moduleHash": "sha256:634567890123456789012345678901234567890123456789012345678901", "symbol": "WebApi.Validation.WindowsValidator.CheckSignature(byte[])" }, { "addr": "0x606000", "file": "DataMigrator.cs", "id": "sym:csharp:WebApi.Migration.DataMigrator.ExecuteMigration", "line": 234, "moduleHash": "sha256:645678901234567890123456789012345678901234567890123456789012", "symbol": "WebApi.Migration.DataMigrator.ExecuteMigration(MigrationConfig)" }, { "addr": "0x607000", "file": "LegacyDataConverter.cs", "id": "sym:csharp:WebApi.Legacy.LegacyDataConverter.ConvertFormat", "line": 156, "moduleHash": "sha256:623456789012345678901234567890123456789012345678901234567890", "symbol": "WebApi.Legacy.LegacyDataConverter.ConvertFormat(byte[])" }, { "addr": "0x608000", "file": "InsecureHasher.cs", "id": "sym:csharp:VulnerableLib.Crypto.InsecureHasher.ComputeHash", "line": 67, "moduleHash": "sha256:656789012345678901234567890123456789012345678901234567890123", "symbol": "VulnerableLib.Crypto.InsecureHasher.ComputeHash(byte[])" }, { "addr": "0x609000", "file": "AuditLogger.cs", "id": "sym:csharp:WebApi.Logging.AuditLogger.LogTransaction", "line": 91, "moduleHash": "sha256:612345678901234567890123456789012345678901234567890123456789", "symbol": "WebApi.Logging.AuditLogger.LogTransaction(string, decimal)" } ], "sinkRefs": [ "sym:csharp:VulnerableLib.Crypto.InsecureHasher.ComputeHash" ] } }