108d1c64b3
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Findings Ledger CI / build-test (push) Has been cancelled
Findings Ledger CI / migration-validation (push) Has been cancelled
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Signals Reachability Scoring & Events / reachability-smoke (push) Has been cancelled
AOC Guard CI / aoc-guard (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
cryptopro-linux-csp / build-and-test (push) Has been cancelled
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Signals CI & Image / signals-ci (push) Has been cancelled
sm-remote-ci / build-and-test (push) Has been cancelled
Findings Ledger CI / generate-manifest (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
Signals Reachability Scoring & Events / sign-and-upload (push) Has been cancelled
203 lines
7.0 KiB
JSON
203 lines
7.0 KiB
JSON
{
|
|
"artifacts": {
|
|
"baselineSubmissions": [],
|
|
"scorer": {
|
|
"path": "tools/scorer/rb_score.py",
|
|
"sha256": "32d4f69f5d1d4b87902d6c4f020efde703487d526bf7d42b4438cb2499813f7f"
|
|
},
|
|
"submissionSchema": {
|
|
"path": "schemas/submission.schema.json",
|
|
"sha256": "de5bebb2dbcd085d7896f47a16b9d3837a65fb7f816dcf7e587967d5848c50a7"
|
|
}
|
|
},
|
|
"cases": [
|
|
{
|
|
"hashes": {
|
|
"attestation": {
|
|
"path": "cases/js/unsafe-eval/outputs/attestation.json",
|
|
"sha256": "be3b0971d805f68730a1c4c0f7a4c3c40dfc7a73099a5524c68759fcc1729d7c"
|
|
},
|
|
"binary": {
|
|
"path": "cases/js/unsafe-eval/outputs/binary.tar.gz",
|
|
"sha256": "72da19f28c2c36b6666afcc304514b387de20a5de881d5341067481e8418e23e"
|
|
},
|
|
"case": {
|
|
"path": "cases/js/unsafe-eval/case.yaml",
|
|
"sha256": "a858ff509fda65d69df476e870d9646c6a84744010c812f3d23a88576f20cb6b"
|
|
},
|
|
"coverage": {
|
|
"path": "cases/js/unsafe-eval/outputs/coverage.json",
|
|
"sha256": "c2cf5af508d33f6ecdc7c0f10200a02a4c0ddeb8e1fc08b55d9bd4a2d6cb926b"
|
|
},
|
|
"entrypoints": {
|
|
"path": "cases/js/unsafe-eval/entrypoints.yaml",
|
|
"sha256": "77829e728d34c9dc5f56c04784c97f619830ad43bd8410acb3d7134f372a49b3"
|
|
},
|
|
"sbom": {
|
|
"path": "cases/js/unsafe-eval/outputs/sbom.cdx.json",
|
|
"sha256": "c00ee1e12b1b6a6237e42174b2fe1393bcf575f6605205a2b84366e867b36d5f"
|
|
},
|
|
"source": {
|
|
"path": "cases/js/unsafe-eval",
|
|
"sha256": "69b0d1cbae1e2c9ddc0f4dba8c6db507e1d3a1c5ea0a0a545c6f3e785529c91c"
|
|
},
|
|
"traces": {
|
|
"path": "cases/js/unsafe-eval/outputs/traces/traces.json",
|
|
"sha256": "6e63c78e091cc9d06acdc5966dd9e54593ca6b0b97f502928de278b3f80adbd8"
|
|
},
|
|
"truth": {
|
|
"path": "benchmark/truth/js-unsafe-eval.json",
|
|
"sha256": "ab42f28ed229eb657ffcb36c3a99287436e1822a4c7d395a94de784457a08f62"
|
|
}
|
|
},
|
|
"id": "js-unsafe-eval:001",
|
|
"language": "js",
|
|
"redaction": {
|
|
"pii": false,
|
|
"policy": "benchmark-default/v1"
|
|
},
|
|
"sandbox": {
|
|
"network": "loopback",
|
|
"privileges": "rootless"
|
|
},
|
|
"size": "small",
|
|
"truth": {
|
|
"confidence": "high",
|
|
"label": "reachable",
|
|
"rationale": "Unit test hits eval sink via POST /api/exec"
|
|
}
|
|
},
|
|
{
|
|
"hashes": {
|
|
"attestation": {
|
|
"path": "cases/py/fastapi-guarded/outputs/attestation.json",
|
|
"sha256": "257aa5408a5c6ffe0e193a75a2a54597f8c6f61babfe8aaf26bd47340c3086c3"
|
|
},
|
|
"binary": {
|
|
"path": "cases/py/fastapi-guarded/outputs/binary.tar.gz",
|
|
"sha256": "ca964fef352dc535b63d35b8f8846cc051e10e54cfd8aceef7566f3c94178b76"
|
|
},
|
|
"case": {
|
|
"path": "cases/py/fastapi-guarded/case.yaml",
|
|
"sha256": "0add8a5f487ebd21ee20ab88b7c6436fe8471f0a54ab8da0e08c8416aa181346"
|
|
},
|
|
"coverage": {
|
|
"path": "cases/py/fastapi-guarded/outputs/coverage.json",
|
|
"sha256": "07b1f6dccaa02bd4e1c3e2771064fa3c6e06d02843a724151721ea694762c750"
|
|
},
|
|
"entrypoints": {
|
|
"path": "cases/py/fastapi-guarded/entrypoints.yaml",
|
|
"sha256": "47c9dd15bf7c5bb8641893a92791d3f7675ed6adba17b251f609335400d29d41"
|
|
},
|
|
"sbom": {
|
|
"path": "cases/py/fastapi-guarded/outputs/sbom.cdx.json",
|
|
"sha256": "13999d8f3d4c9bdb70ea54ad1de613be3f893d79bdd1a53f7c9401e6add88cf0"
|
|
},
|
|
"source": {
|
|
"path": "cases/py/fastapi-guarded",
|
|
"sha256": "0869cab10767ac7e7b33c9bbd634f811d98ce5cdeb244769f1a81949438460fb"
|
|
},
|
|
"traces": {
|
|
"path": "cases/py/fastapi-guarded/outputs/traces/traces.json",
|
|
"sha256": "4633748b8b428b45e3702f2f8f5b3f4270728078e26bce1e08900ed1d5bb3046"
|
|
},
|
|
"truth": {
|
|
"path": "benchmark/truth/py-fastapi-guarded.json",
|
|
"sha256": "f8c62abeb00006621feeb010d0e47d248918dffd6d6e20e0f47d74e1b3642760"
|
|
}
|
|
},
|
|
"id": "py-fastapi-guarded:104",
|
|
"language": "py",
|
|
"redaction": {
|
|
"pii": false,
|
|
"policy": "benchmark-default/v1"
|
|
},
|
|
"sandbox": {
|
|
"network": "loopback",
|
|
"privileges": "rootless"
|
|
},
|
|
"size": "small",
|
|
"truth": {
|
|
"confidence": "high",
|
|
"label": "unreachable",
|
|
"rationale": "Feature flag ALLOW_EXEC must be true before sink executes"
|
|
}
|
|
},
|
|
{
|
|
"hashes": {
|
|
"attestation": {
|
|
"path": "cases/c/unsafe-system/outputs/attestation.json",
|
|
"sha256": "c3755088182359a45492170fa8a57d826b605176333d109f4f113bc7ccf85f97"
|
|
},
|
|
"binary": {
|
|
"path": "cases/c/unsafe-system/outputs/binary.tar.gz",
|
|
"sha256": "62200167bd660bad6d131b21f941acdfebe00e949e353a53c97b6691ac8f0e49"
|
|
},
|
|
"case": {
|
|
"path": "cases/c/unsafe-system/case.yaml",
|
|
"sha256": "7799a3a629c22ad47197309f44e32aabbc4e6711ef78d606ba57a7a4974787ce"
|
|
},
|
|
"coverage": {
|
|
"path": "cases/c/unsafe-system/outputs/coverage.json",
|
|
"sha256": "03ba8cf09e7e0ed82e9fa8abb48f92355e894fd56e0c0160a504193a6f6ec48a"
|
|
},
|
|
"entrypoints": {
|
|
"path": "cases/c/unsafe-system/entrypoints.yaml",
|
|
"sha256": "06afee8350460c9d15b26ea9d4ea293e8eb3f4b86b3179e19401fa99947e4490"
|
|
},
|
|
"sbom": {
|
|
"path": "cases/c/unsafe-system/outputs/sbom.cdx.json",
|
|
"sha256": "4c72a213fc4c646f44b4d0be3c23711b120b2a386374ebaa4897e5058980e0f5"
|
|
},
|
|
"source": {
|
|
"path": "cases/c/unsafe-system",
|
|
"sha256": "bc39ab3a3e5cb3944a205912ecad8c1ac4b7d15c64b453c9d34a9a5df7fbbbf4"
|
|
},
|
|
"traces": {
|
|
"path": "cases/c/unsafe-system/outputs/traces/traces.json",
|
|
"sha256": "f6469e46a57b8a6e8e17c9b8e78168edd6657ea8a5e1e96fe6ab4a0fc88a734e"
|
|
},
|
|
"truth": {
|
|
"path": "benchmark/truth/c-unsafe-system.json",
|
|
"sha256": "9a8200c2cf549b3ac8b19b170e9d34df063351879f19f401d8492e280ad08c13"
|
|
}
|
|
},
|
|
"id": "c-unsafe-system:001",
|
|
"language": "c",
|
|
"redaction": {
|
|
"pii": false,
|
|
"policy": "benchmark-default/v1"
|
|
},
|
|
"sandbox": {
|
|
"network": "loopback",
|
|
"privileges": "rootless"
|
|
},
|
|
"size": "small",
|
|
"truth": {
|
|
"confidence": "high",
|
|
"label": "reachable",
|
|
"rationale": "Command injection sink reachable via argv -> system()"
|
|
}
|
|
}
|
|
],
|
|
"createdAt": "2025-12-03T00:00:00Z",
|
|
"kitId": "reachability-benchmark:public-v1",
|
|
"resourceLimits": {
|
|
"cpu": "4",
|
|
"memory": "8Gi"
|
|
},
|
|
"schemaVersion": "1.0.0",
|
|
"signatures": [],
|
|
"sourceDateEpoch": 1730000000,
|
|
"tools": {
|
|
"builder": {
|
|
"path": "tools/build/build_all.py",
|
|
"sha256": "64a73f3df9b6f2cdaf5cbb33852b8e9bf443f67cf9dff1573fb635a0252bda9a"
|
|
},
|
|
"validator": {
|
|
"path": "tools/validate.py",
|
|
"sha256": "776009ef0f3691e60cc87df3f0468181ee7a827be1bd0f73c77fdb68d3ed31c0"
|
|
}
|
|
},
|
|
"version": "1.0.2"
|
|
} |