108d1c64b3
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Findings Ledger CI / build-test (push) Has been cancelled
Findings Ledger CI / migration-validation (push) Has been cancelled
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Signals Reachability Scoring & Events / reachability-smoke (push) Has been cancelled
AOC Guard CI / aoc-guard (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
cryptopro-linux-csp / build-and-test (push) Has been cancelled
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Signals CI & Image / signals-ci (push) Has been cancelled
sm-remote-ci / build-and-test (push) Has been cancelled
Findings Ledger CI / generate-manifest (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
Signals Reachability Scoring & Events / sign-and-upload (push) Has been cancelled
35 lines
920 B
JSON
35 lines
920 B
JSON
{
|
|
"version": "1.0.0",
|
|
"cases": [
|
|
{
|
|
"case_id": "java-spring-reflection:205",
|
|
"case_version": "1.0.0",
|
|
"notes": "Reflection endpoint loads arbitrary classes supplied by caller",
|
|
"sinks": [
|
|
{
|
|
"sink_id": "SpringReflection::run",
|
|
"label": "reachable",
|
|
"confidence": "high",
|
|
"dynamic_evidence": {
|
|
"covered_by_tests": [
|
|
"src/ReflectControllerTest.java"
|
|
],
|
|
"coverage_files": [
|
|
"outputs/coverage.json"
|
|
]
|
|
},
|
|
"static_evidence": {
|
|
"call_path": [
|
|
"POST /api/reflect",
|
|
"ReflectController.run",
|
|
"Class.forName"
|
|
]
|
|
},
|
|
"config_conditions": [],
|
|
"notes": "User-controlled class name flows into Class.forName and reflection instantiation"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|