17d45a6d30
- Added `FilesystemPackRunProvenanceWriter` to write provenance manifests to the filesystem. - Introduced `MongoPackRunArtifactReader` to read artifacts from MongoDB. - Created `MongoPackRunProvenanceWriter` to store provenance manifests in MongoDB. - Developed unit tests for filesystem and MongoDB provenance writers. - Established `ITimelineEventStore` and `ITimelineIngestionService` interfaces for timeline event handling. - Implemented `TimelineIngestionService` to validate and persist timeline events with hashing. - Created PostgreSQL schema and migration scripts for timeline indexing. - Added dependency injection support for timeline indexer services. - Developed tests for timeline ingestion and schema validation.
39 lines
1.0 KiB
YAML
39 lines
1.0 KiB
YAML
id: "java-spring-guarded:202"
|
|
language: java
|
|
project: spring-guarded
|
|
version: "1.0.0"
|
|
description: "Java deserialization guarded by ALLOW_DESER flag (unreachable by default)"
|
|
entrypoints:
|
|
- "POST /api/upload"
|
|
sinks:
|
|
- id: "JavaDeserializeGuarded::handleRequest"
|
|
path: "bench.reachability.App.handleRequest"
|
|
kind: "custom"
|
|
location:
|
|
file: src/App.java
|
|
line: 9
|
|
notes: "ObjectInputStream gated by ALLOW_DESER"
|
|
environment:
|
|
os_image: "eclipse-temurin:21-jdk"
|
|
runtime:
|
|
java: "21"
|
|
source_date_epoch: 1730000000
|
|
build:
|
|
command: "./build/build.sh"
|
|
source_date_epoch: 1730000000
|
|
outputs:
|
|
artifact_path: outputs/binary.tar.gz
|
|
sbom_path: outputs/sbom.cdx.json
|
|
coverage_path: outputs/coverage.json
|
|
traces_dir: outputs/traces
|
|
test:
|
|
command: "./build/build.sh"
|
|
expected_coverage: []
|
|
expected_traces: []
|
|
env:
|
|
JAVA_TOOL_OPTIONS: "-ea"
|
|
ground_truth:
|
|
summary: "Guard blocks deserialization unless ALLOW_DESER=true"
|
|
evidence_files:
|
|
- "../benchmark/truth/java-spring-guarded.json"
|