e1262eb916
- Introduced a new JSON fixture `receipt-input.json` containing base, environmental, and threat metrics for CVSS scoring. - Added corresponding SHA256 hash file `receipt-input.sha256` to ensure integrity of the JSON fixture.
49 lines
1.3 KiB
YAML
49 lines
1.3 KiB
YAML
id: "c-memcpy-overflow:001"
|
|
language: c
|
|
project: memcpy-overflow
|
|
version: "1.0.0"
|
|
description: "Potential overflow: user-controlled length passed to memcpy without bounds."
|
|
entrypoints:
|
|
- "process_buffer(len)"
|
|
sinks:
|
|
- id: "Overflow::process"
|
|
path: "src/main.c::process"
|
|
kind: "memory"
|
|
location:
|
|
file: src/main.c
|
|
line: 23
|
|
notes: "memcpy uses attacker-controlled length; reachable via process_buffer."
|
|
environment:
|
|
os_image: "gcc:13-bookworm"
|
|
runtime:
|
|
gcc: "13"
|
|
source_date_epoch: 1730000000
|
|
resource_limits:
|
|
cpu: "2"
|
|
memory: "4Gi"
|
|
build:
|
|
command: "./build/build.sh"
|
|
source_date_epoch: 1730000000
|
|
outputs:
|
|
artifact_path: outputs/binary.tar.gz
|
|
sbom_path: outputs/sbom.cdx.json
|
|
coverage_path: outputs/coverage.json
|
|
traces_dir: outputs/traces
|
|
attestation_path: outputs/attestation.json
|
|
test:
|
|
command: "./tests/run-tests.sh"
|
|
expected_coverage:
|
|
- outputs/coverage.json
|
|
expected_traces:
|
|
- outputs/traces/traces.json
|
|
ground_truth:
|
|
summary: "Calling process_buffer with len>256 drives memcpy with attacker length (reachable)."
|
|
evidence_files:
|
|
- "../../../benchmark/truth/c-memcpy-overflow.json"
|
|
sandbox:
|
|
network: loopback
|
|
privileges: rootless
|
|
redaction:
|
|
pii: false
|
|
policy: "benchmark-default/v1"
|