202 lines
5.9 KiB
JSON
202 lines
5.9 KiB
JSON
{
|
|
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
"$id": "https://stellaops.dev/schemas/stellaops-slice.v1.schema.json",
|
|
"title": "StellaOps Reachability Slice v1",
|
|
"type": "object",
|
|
"required": ["_type", "inputs", "query", "subgraph", "verdict", "manifest"],
|
|
"properties": {
|
|
"_type": {
|
|
"type": "string",
|
|
"const": "stellaops.dev/predicates/reachability-slice@v1"
|
|
},
|
|
"inputs": {
|
|
"type": "object",
|
|
"required": ["graphDigest"],
|
|
"properties": {
|
|
"graphDigest": { "type": "string" },
|
|
"binaryDigests": {
|
|
"type": "array",
|
|
"items": { "type": "string" }
|
|
},
|
|
"sbomDigest": { "type": ["string", "null"] },
|
|
"layerDigests": {
|
|
"type": "array",
|
|
"items": { "type": "string" }
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"query": {
|
|
"type": "object",
|
|
"properties": {
|
|
"cveId": { "type": ["string", "null"] },
|
|
"targetSymbols": {
|
|
"type": "array",
|
|
"items": { "type": "string" }
|
|
},
|
|
"entrypoints": {
|
|
"type": "array",
|
|
"items": { "type": "string" }
|
|
},
|
|
"policyHash": { "type": ["string", "null"] }
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"subgraph": {
|
|
"type": "object",
|
|
"required": ["nodes", "edges"],
|
|
"properties": {
|
|
"nodes": {
|
|
"type": "array",
|
|
"items": { "$ref": "#/definitions/sliceNode" }
|
|
},
|
|
"edges": {
|
|
"type": "array",
|
|
"items": { "$ref": "#/definitions/sliceEdge" }
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"verdict": {
|
|
"type": "object",
|
|
"required": ["status", "confidence"],
|
|
"properties": {
|
|
"status": {
|
|
"type": "string",
|
|
"enum": [
|
|
"reachable",
|
|
"unreachable",
|
|
"unknown",
|
|
"gated",
|
|
"observed_reachable"
|
|
]
|
|
},
|
|
"confidence": { "type": "number" },
|
|
"reasons": {
|
|
"type": "array",
|
|
"items": { "type": "string" }
|
|
},
|
|
"pathWitnesses": {
|
|
"type": "array",
|
|
"items": { "type": "string" }
|
|
},
|
|
"unknownCount": { "type": "integer" },
|
|
"gatedPaths": {
|
|
"type": "array",
|
|
"items": { "$ref": "#/definitions/gatedPath" }
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"manifest": {
|
|
"type": "object",
|
|
"required": [
|
|
"scanId",
|
|
"createdAtUtc",
|
|
"artifactDigest",
|
|
"scannerVersion",
|
|
"workerVersion",
|
|
"concelierSnapshotHash",
|
|
"excititorSnapshotHash",
|
|
"latticePolicyHash",
|
|
"deterministic",
|
|
"seed",
|
|
"knobs"
|
|
],
|
|
"properties": {
|
|
"scanId": { "type": "string" },
|
|
"createdAtUtc": { "type": "string", "format": "date-time" },
|
|
"artifactDigest": { "type": "string" },
|
|
"artifactPurl": { "type": ["string", "null"] },
|
|
"scannerVersion": { "type": "string" },
|
|
"workerVersion": { "type": "string" },
|
|
"concelierSnapshotHash": { "type": "string" },
|
|
"excititorSnapshotHash": { "type": "string" },
|
|
"latticePolicyHash": { "type": "string" },
|
|
"deterministic": { "type": "boolean" },
|
|
"seed": { "type": "string" },
|
|
"knobs": {
|
|
"type": "object",
|
|
"additionalProperties": { "type": "string" }
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
}
|
|
},
|
|
"additionalProperties": false,
|
|
"definitions": {
|
|
"sliceNode": {
|
|
"type": "object",
|
|
"required": ["id", "symbol", "kind"],
|
|
"properties": {
|
|
"id": { "type": "string" },
|
|
"symbol": { "type": "string" },
|
|
"kind": {
|
|
"type": "string",
|
|
"enum": ["entrypoint", "intermediate", "target", "unknown"]
|
|
},
|
|
"file": { "type": ["string", "null"] },
|
|
"line": { "type": ["integer", "null"] },
|
|
"purl": { "type": ["string", "null"] },
|
|
"attributes": {
|
|
"type": ["object", "null"],
|
|
"additionalProperties": { "type": "string" }
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"sliceEdge": {
|
|
"type": "object",
|
|
"required": ["from", "to"],
|
|
"properties": {
|
|
"from": { "type": "string" },
|
|
"to": { "type": "string" },
|
|
"kind": {
|
|
"type": "string",
|
|
"enum": ["direct", "plt", "iat", "dynamic", "unknown"]
|
|
},
|
|
"confidence": { "type": "number" },
|
|
"evidence": { "type": ["string", "null"] },
|
|
"gate": { "$ref": "#/definitions/sliceGateInfo" },
|
|
"observed": { "$ref": "#/definitions/observedEdgeMetadata" }
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"sliceGateInfo": {
|
|
"type": ["object", "null"],
|
|
"required": ["type", "condition", "satisfied"],
|
|
"properties": {
|
|
"type": {
|
|
"type": "string",
|
|
"enum": ["feature_flag", "auth", "config", "admin_only"]
|
|
},
|
|
"condition": { "type": "string" },
|
|
"satisfied": { "type": "boolean" }
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"observedEdgeMetadata": {
|
|
"type": ["object", "null"],
|
|
"required": ["firstObserved", "lastObserved", "count"],
|
|
"properties": {
|
|
"firstObserved": { "type": "string", "format": "date-time" },
|
|
"lastObserved": { "type": "string", "format": "date-time" },
|
|
"count": { "type": "integer" },
|
|
"traceDigest": { "type": ["string", "null"] }
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"gatedPath": {
|
|
"type": "object",
|
|
"required": ["pathId", "gateType", "gateCondition", "gateSatisfied"],
|
|
"properties": {
|
|
"pathId": { "type": "string" },
|
|
"gateType": { "type": "string" },
|
|
"gateCondition": { "type": "string" },
|
|
"gateSatisfied": { "type": "boolean" }
|
|
},
|
|
"additionalProperties": false
|
|
}
|
|
}
|
|
}
|