108d1c64b3
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Findings Ledger CI / build-test (push) Has been cancelled
Findings Ledger CI / migration-validation (push) Has been cancelled
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Signals Reachability Scoring & Events / reachability-smoke (push) Has been cancelled
AOC Guard CI / aoc-guard (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
cryptopro-linux-csp / build-and-test (push) Has been cancelled
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Signals CI & Image / signals-ci (push) Has been cancelled
sm-remote-ci / build-and-test (push) Has been cancelled
Findings Ledger CI / generate-manifest (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
Signals Reachability Scoring & Events / sign-and-upload (push) Has been cancelled
30 lines
767 B
JSON
30 lines
767 B
JSON
{
|
|
"version": "1.0.0",
|
|
"cases": [
|
|
{
|
|
"case_id": "java-spring-guarded:202",
|
|
"case_version": "1.0.0",
|
|
"notes": "Deserialization unreachable by default",
|
|
"sinks": [
|
|
{
|
|
"sink_id": "JavaDeserializeGuarded::handleRequest",
|
|
"label": "unreachable",
|
|
"confidence": "high",
|
|
"dynamic_evidence": {
|
|
"covered_by_tests": ["src/AppTest.java"],
|
|
"coverage_files": ["outputs/coverage.json"]
|
|
},
|
|
"static_evidence": {
|
|
"call_path": [
|
|
"POST /api/upload",
|
|
"App.handleRequest",
|
|
"guard: ALLOW_DESER!=true"
|
|
]
|
|
},
|
|
"config_conditions": ["ALLOW_DESER == 'true'"]
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|