stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
main
git.stella-ops.org/bench/reachability-benchmark/schemas/case.schema.yaml
StellaOps Bot e1262eb916 Add receipt input JSON and SHA256 hash for CVSS policy scoring tests 
- Introduced a new JSON fixture `receipt-input.json` containing base, environmental, and threat metrics for CVSS scoring.
- Added corresponding SHA256 hash file `receipt-input.sha256` to ensure integrity of the JSON fixture.
2025-12-04 07:30:42 +02:00

176 lines
4.1 KiB
YAML
Raw Permalink Blame History

$schema: "https://json-schema.org/draft/2020-12/schema"
$id: "https://stellaops.org/benchmark/reachability/case.schema.yaml"
title: Reachability Benchmark Case Descriptor
type: object
required:
- id
- language
- project
- version
- sinks
- environment
- build
- test
- sandbox
- redaction
properties:
id:
type: string
description: Unique, stable case identifier (e.g. js-express-blog:001)
pattern: "^[A-Za-z0-9._:-]+$"
language:
type: string
enum: [js, py, java, c]
project:
type: string
description: Short project name
version:
type: string
description: Semantic-ish version of the case contents
pattern: "^\\d+(\\.\\d+){0,2}(-[A-Za-z0-9._-]+)?$"
description:
type: string
repository:
type: string
format: uri
description: Upstream repo (if vendored); optional for in-repo cases
entrypoints:
type: array
items:
type: string
uniqueItems: true
sinks:
type: array
minItems: 1
items:
type: object
required: [id, path, kind, location]
additionalProperties: false
properties:
id:
type: string
pattern: "^[A-Za-z0-9._:-]+$"
path:
type: string
description: Fully-qualified function/method path for the sink
kind:
type: string
enum: [http, file, crypto, process, deserialization, custom, command, memory]
location:
type: object
required: [file]
additionalProperties: false
properties:
file:
type: string
line:
type: integer
minimum: 1
notes:
type: string
environment:
type: object
required: [os_image]
additionalProperties: false
properties:
os_image:
type: string
description: Base image or OS identifier (e.g. ubuntu:24.04)
runtime:
type: object
description: Language/runtime versions
additionalProperties:
type: string
compiler:
type: string
source_date_epoch:
type: integer
minimum: 0
resource_limits:
type: object
additionalProperties: false
properties:
cpu:
type: string
memory:
type: string
build:
type: object
required: [command, source_date_epoch]
additionalProperties: false
properties:
command:
type: string
description: Deterministic build command (invokes Dockerfile/build.sh)
source_date_epoch:
type: integer
minimum: 0
env:
type: object
additionalProperties: true
outputs:
type: object
additionalProperties: false
properties:
artifact_path:
type: string
sbom_path:
type: string
coverage_path:
type: string
traces_dir:
type: string
attestation_path:
type: string
test:
type: object
required: [command]
additionalProperties: false
properties:
command:
type: string
description: Oracle test command producing coverage/traces
expected_coverage:
type: array
items:
type: string
expected_traces:
type: array
items:
type: string
env:
type: object
additionalProperties: true
ground_truth:
type: object
description: Optional inline truth summary (full truth lives in truth files)
additionalProperties: false
properties:
summary:
type: string
evidence_files:
type: array
items:
type: string
notes:
type: string
sandbox:
type: object
additionalProperties: false
properties:
network:
type: string
enum: [none, loopback, local]
privileges:
type: string
enum: [rootless, root]
redaction:
type: object
additionalProperties: false
properties:
pii:
type: boolean
policy:
type: string
additionalProperties: false
Reference in New Issue View Git Blame Copy Permalink