stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity
Files
4b3db9ca8535e02cbfd2a0114e749023ab7b921b
git.stella-ops.org/bench/reachability-benchmark/cases/go/grpc-sql/case.yaml
master 8779e9226f feat: add stella-callgraph-node for JavaScript/TypeScript call graph extraction 
- Implemented a new tool `stella-callgraph-node` that extracts call graphs from JavaScript/TypeScript projects using Babel AST.
- Added command-line interface with options for JSON output and help.
- Included functionality to analyze project structure, detect functions, and build call graphs.
- Created a package.json file for dependency management.

feat: introduce stella-callgraph-python for Python call graph extraction

- Developed `stella-callgraph-python` to extract call graphs from Python projects using AST analysis.
- Implemented command-line interface with options for JSON output and verbose logging.
- Added framework detection to identify popular web frameworks and their entry points.
- Created an AST analyzer to traverse Python code and extract function definitions and calls.
- Included requirements.txt for project dependencies.

chore: add framework detection for Python projects

- Implemented framework detection logic to identify frameworks like Flask, FastAPI, Django, and others based on project files and import patterns.
- Enhanced the AST analyzer to recognize entry points based on decorators and function definitions.
2025-12-19 18:11:59 +02:00

47 lines
1.1 KiB
YAML
Raw Blame History

id: "go-grpc-sql:302"
language: go
project: grpc-sql
version: "1.0.0"
description: "SQL injection sink reachable via gRPC GetUser method"
entrypoints:
- "grpc:UserService.GetUser"
sinks:
- id: "SqlInjection::GetUser"
path: "main.(*userServer).GetUser"
kind: "custom"
location:
file: main.go
line: 35
notes: "database/sql.Query with string concatenation"
environment:
os_image: "golang:1.22-alpine"
runtime:
go: "1.22"
source_date_epoch: 1730000000
resource_limits:
cpu: "2"
memory: "2Gi"
build:
command: "go build -o outputs/app ."
source_date_epoch: 1730000000
outputs:
artifact_path: outputs/app
sbom_path: outputs/sbom.cdx.json
coverage_path: outputs/coverage.json
traces_dir: outputs/traces
attestation_path: outputs/attestation.json
test:
command: "go test -v ./..."
expected_coverage: []
expected_traces: []
ground_truth:
summary: "SQL injection reachable"
evidence_files:
- "../benchmark/truth/go-grpc-sql.json"
sandbox:
network: loopback
privileges: rootless
redaction:
pii: false
policy: "benchmark-default/v1"
Reference in New Issue View Git Blame Copy Permalink