82 lines
2.1 KiB
JSON
82 lines
2.1 KiB
JSON
{
|
|
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
"$id": "https://stella.ops/predicates/reachability@v1",
|
|
"title": "StellaOps Reachability Attestation Predicate",
|
|
"description": "Predicate for reachability analysis results.",
|
|
"type": "object",
|
|
"required": ["result", "confidence", "graphDigest"],
|
|
"properties": {
|
|
"result": {
|
|
"type": "string",
|
|
"enum": ["reachable", "unreachable", "unknown"],
|
|
"description": "Reachability analysis result."
|
|
},
|
|
"confidence": {
|
|
"type": "number",
|
|
"minimum": 0,
|
|
"maximum": 1,
|
|
"description": "Confidence score (0-1)."
|
|
},
|
|
"graphDigest": {
|
|
"type": "string",
|
|
"pattern": "^sha256:[a-f0-9]{64}$",
|
|
"description": "Digest of the call graph used."
|
|
},
|
|
"paths": {
|
|
"type": "array",
|
|
"items": {
|
|
"$ref": "#/$defs/reachabilityPath"
|
|
},
|
|
"description": "Paths from entrypoints to vulnerable code."
|
|
},
|
|
"entrypoints": {
|
|
"type": "array",
|
|
"items": { "$ref": "#/$defs/entrypoint" },
|
|
"description": "Entrypoints considered."
|
|
},
|
|
"computedAt": {
|
|
"type": "string",
|
|
"format": "date-time"
|
|
},
|
|
"expiresAt": {
|
|
"type": "string",
|
|
"format": "date-time"
|
|
}
|
|
},
|
|
"$defs": {
|
|
"reachabilityPath": {
|
|
"type": "object",
|
|
"required": ["pathId", "steps"],
|
|
"properties": {
|
|
"pathId": { "type": "string" },
|
|
"steps": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"properties": {
|
|
"node": { "type": "string" },
|
|
"fileHash": { "type": "string" },
|
|
"lines": {
|
|
"type": "array",
|
|
"items": { "type": "integer" },
|
|
"minItems": 2,
|
|
"maxItems": 2
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"entrypoint": {
|
|
"type": "object",
|
|
"required": ["type"],
|
|
"properties": {
|
|
"type": { "type": "string" },
|
|
"route": { "type": "string" },
|
|
"auth": { "type": "string" }
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
}
|