git.stella-ops.org/bench/reachability-benchmark/benchmark/truth/js-unsafe-eval.json

{
  "version": "1.0.0",
  "cases": [
    {
      "case_id": "js-unsafe-eval:001",
      "case_version": "1.0.0",
      "notes": "Unsafe eval sink reachable via POST /api/exec",
      "sinks": [
        {
          "sink_id": "UnsafeEval::handleRequest",
          "label": "reachable",
          "confidence": "high",
          "dynamic_evidence": {
            "covered_by_tests": [
              "tests/test_reach.js"
            ],
            "coverage_files": [
              "outputs/coverage.json"
            ]
          },
          "static_evidence": {
            "call_path": [
              "POST /api/exec",
              "app.js::handleRequest",
              "eval(code)"
            ]
          },
          "config_conditions": [],
          "notes": "No guards; direct eval on user input"
        }
      ]
    }
  ]
}