171 lines
5.9 KiB
JSON
171 lines
5.9 KiB
JSON
{
|
|
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
"$id": "https://stellaops.dev/schemas/stellaops-slice.v1.schema.json",
|
|
"title": "Reachability Slice",
|
|
"type": "object",
|
|
"required": ["_type", "inputs", "query", "subgraph", "verdict", "manifest"],
|
|
"properties": {
|
|
"_type": {
|
|
"type": "string",
|
|
"const": "stellaops.dev/predicates/reachability-slice@v1"
|
|
},
|
|
"inputs": { "$ref": "#/$defs/SliceInputs" },
|
|
"query": { "$ref": "#/$defs/SliceQuery" },
|
|
"subgraph": { "$ref": "#/$defs/SliceSubgraph" },
|
|
"verdict": { "$ref": "#/$defs/SliceVerdict" },
|
|
"manifest": { "$ref": "#/$defs/ScanManifest" }
|
|
},
|
|
"$defs": {
|
|
"SliceInputs": {
|
|
"type": "object",
|
|
"required": ["graphDigest"],
|
|
"properties": {
|
|
"graphDigest": { "type": "string", "pattern": "^blake3:[a-f0-9]{64}$" },
|
|
"binaryDigests": {
|
|
"type": "array",
|
|
"items": { "type": "string", "pattern": "^(sha256|blake3):[a-f0-9]{64}$" }
|
|
},
|
|
"sbomDigest": { "type": "string" },
|
|
"layerDigests": {
|
|
"type": "array",
|
|
"items": { "type": "string" }
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"SliceQuery": {
|
|
"type": "object",
|
|
"properties": {
|
|
"cveId": { "type": "string", "pattern": "^CVE-\\d{4}-\\d+$" },
|
|
"targetSymbols": { "type": "array", "items": { "type": "string" } },
|
|
"entrypoints": { "type": "array", "items": { "type": "string" } },
|
|
"policyHash": { "type": "string" }
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"SliceSubgraph": {
|
|
"type": "object",
|
|
"required": ["nodes", "edges"],
|
|
"properties": {
|
|
"nodes": { "type": "array", "items": { "$ref": "#/$defs/SliceNode" } },
|
|
"edges": { "type": "array", "items": { "$ref": "#/$defs/SliceEdge" } }
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"SliceNode": {
|
|
"type": "object",
|
|
"required": ["id", "symbol", "kind"],
|
|
"properties": {
|
|
"id": { "type": "string" },
|
|
"symbol": { "type": "string" },
|
|
"kind": { "type": "string", "enum": ["entrypoint", "intermediate", "target", "unknown"] },
|
|
"file": { "type": "string" },
|
|
"line": { "type": "integer" },
|
|
"purl": { "type": "string" },
|
|
"attributes": {
|
|
"type": "object",
|
|
"additionalProperties": { "type": "string" }
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"SliceEdge": {
|
|
"type": "object",
|
|
"required": ["from", "to", "confidence"],
|
|
"properties": {
|
|
"from": { "type": "string" },
|
|
"to": { "type": "string" },
|
|
"kind": { "type": "string", "enum": ["direct", "plt", "iat", "dynamic", "unknown"] },
|
|
"confidence": { "type": "number", "minimum": 0, "maximum": 1 },
|
|
"evidence": { "type": "string" },
|
|
"gate": { "$ref": "#/$defs/SliceGateInfo" },
|
|
"observed": { "$ref": "#/$defs/ObservedEdgeMetadata" }
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"SliceGateInfo": {
|
|
"type": "object",
|
|
"required": ["type", "condition", "satisfied"],
|
|
"properties": {
|
|
"type": { "type": "string", "enum": ["feature_flag", "auth", "config", "admin_only"] },
|
|
"condition": { "type": "string" },
|
|
"satisfied": { "type": "boolean" }
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"ObservedEdgeMetadata": {
|
|
"type": "object",
|
|
"required": ["firstObserved", "lastObserved", "count"],
|
|
"properties": {
|
|
"firstObserved": { "type": "string", "format": "date-time" },
|
|
"lastObserved": { "type": "string", "format": "date-time" },
|
|
"count": { "type": "integer", "minimum": 0 },
|
|
"traceDigest": { "type": "string" }
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"SliceVerdict": {
|
|
"type": "object",
|
|
"required": ["status", "confidence"],
|
|
"properties": {
|
|
"status": {
|
|
"type": "string",
|
|
"enum": ["reachable", "unreachable", "unknown", "gated", "observed_reachable"]
|
|
},
|
|
"confidence": { "type": "number", "minimum": 0, "maximum": 1 },
|
|
"reasons": { "type": "array", "items": { "type": "string" } },
|
|
"pathWitnesses": { "type": "array", "items": { "type": "string" } },
|
|
"unknownCount": { "type": "integer", "minimum": 0 },
|
|
"gatedPaths": { "type": "array", "items": { "$ref": "#/$defs/GatedPath" } }
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"GatedPath": {
|
|
"type": "object",
|
|
"required": ["pathId", "gateType", "gateCondition", "gateSatisfied"],
|
|
"properties": {
|
|
"pathId": { "type": "string" },
|
|
"gateType": { "type": "string" },
|
|
"gateCondition": { "type": "string" },
|
|
"gateSatisfied": { "type": "boolean" }
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"ScanManifest": {
|
|
"type": "object",
|
|
"required": [
|
|
"scanId",
|
|
"createdAtUtc",
|
|
"artifactDigest",
|
|
"scannerVersion",
|
|
"workerVersion",
|
|
"concelierSnapshotHash",
|
|
"excititorSnapshotHash",
|
|
"latticePolicyHash",
|
|
"deterministic",
|
|
"seed",
|
|
"knobs"
|
|
],
|
|
"properties": {
|
|
"scanId": { "type": "string" },
|
|
"createdAtUtc": { "type": "string", "format": "date-time" },
|
|
"artifactDigest": { "type": "string", "pattern": "^sha256:[a-f0-9]{64}$" },
|
|
"artifactPurl": { "type": "string" },
|
|
"scannerVersion": { "type": "string" },
|
|
"workerVersion": { "type": "string" },
|
|
"concelierSnapshotHash": { "type": "string" },
|
|
"excititorSnapshotHash": { "type": "string" },
|
|
"latticePolicyHash": { "type": "string" },
|
|
"deterministic": { "type": "boolean" },
|
|
"seed": { "type": "string" },
|
|
"knobs": {
|
|
"type": "object",
|
|
"additionalProperties": { "type": "string" }
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
}
|