efe9bd8cfe
- Implement ProofChainTestFixture for PostgreSQL-backed integration tests. - Create StellaOps.Integration.ProofChain project with necessary dependencies. - Add ReachabilityIntegrationTests to validate call graph extraction and reachability analysis. - Introduce ReachabilityTestFixture for managing corpus and fixture paths. - Establish StellaOps.Integration.Reachability project with required references. - Develop UnknownsWorkflowTests to cover the unknowns lifecycle: detection, ranking, escalation, and resolution. - Create StellaOps.Integration.Unknowns project with dependencies for unknowns workflow.
158 lines
4.9 KiB
JSON
158 lines
4.9 KiB
JSON
{
|
|
"schema_version": "stellaops.corpus.manifest/v1",
|
|
"corpus_version": "1.0.0",
|
|
"generated_at": "2025-01-15T00:00:00Z",
|
|
"total_cases": 12,
|
|
"categories": {
|
|
"severity-levels": 4,
|
|
"vex-scenarios": 4,
|
|
"reachability": 3,
|
|
"composite": 1
|
|
},
|
|
"cases": [
|
|
{
|
|
"case_id": "critical-log4shell-CVE-2021-44228",
|
|
"path": "severity-levels/critical/log4shell-CVE-2021-44228",
|
|
"category": "severity-levels/critical",
|
|
"cve_id": "CVE-2021-44228",
|
|
"expected_score": 10.0,
|
|
"files_hash": {
|
|
"case.json": "sha256:case001",
|
|
"sbom.spdx.json": "sha256:sbom001",
|
|
"manifest.json": "sha256:manifest001",
|
|
"callgraph.json": "sha256:callgraph001",
|
|
"expected-score.json": "sha256:expected001"
|
|
}
|
|
},
|
|
{
|
|
"case_id": "high-http2-rapid-reset-CVE-2023-44487",
|
|
"path": "severity-levels/high/http2-rapid-reset-CVE-2023-44487",
|
|
"category": "severity-levels/high",
|
|
"cve_id": "CVE-2023-44487",
|
|
"expected_score": 7.8,
|
|
"files_hash": {
|
|
"case.json": "sha256:case002",
|
|
"expected-score.json": "sha256:expected002"
|
|
}
|
|
},
|
|
{
|
|
"case_id": "medium-json-dos-CVE-2024-12345",
|
|
"path": "severity-levels/medium/json-dos-CVE-2024-12345",
|
|
"category": "severity-levels/medium",
|
|
"cve_id": "CVE-2024-12345",
|
|
"expected_score": 3.2,
|
|
"files_hash": {
|
|
"case.json": "sha256:case003",
|
|
"expected-score.json": "sha256:expected003"
|
|
}
|
|
},
|
|
{
|
|
"case_id": "low-info-disclosure-CVE-2024-99999",
|
|
"path": "severity-levels/low/info-disclosure-CVE-2024-99999",
|
|
"category": "severity-levels/low",
|
|
"cve_id": "CVE-2024-99999",
|
|
"expected_score": 3.1,
|
|
"files_hash": {
|
|
"case.json": "sha256:case004",
|
|
"expected-score.json": "sha256:expected004"
|
|
}
|
|
},
|
|
{
|
|
"case_id": "vex-not-affected-component-not-present",
|
|
"path": "vex-scenarios/not-affected/component-not-present",
|
|
"category": "vex-scenarios/not-affected",
|
|
"cve_id": "CVE-2023-99998",
|
|
"expected_score": 0.0,
|
|
"files_hash": {
|
|
"case.json": "sha256:case005",
|
|
"vex.openvex.json": "sha256:vex005",
|
|
"expected-score.json": "sha256:expected005"
|
|
}
|
|
},
|
|
{
|
|
"case_id": "vex-affected-action-required",
|
|
"path": "vex-scenarios/affected/action-required",
|
|
"category": "vex-scenarios/affected",
|
|
"cve_id": "CVE-2023-99997",
|
|
"expected_score": 8.2,
|
|
"files_hash": {
|
|
"case.json": "sha256:case006",
|
|
"vex.openvex.json": "sha256:vex006",
|
|
"expected-score.json": "sha256:expected006"
|
|
}
|
|
},
|
|
{
|
|
"case_id": "vex-fixed-remediated",
|
|
"path": "vex-scenarios/fixed/remediated",
|
|
"category": "vex-scenarios/fixed",
|
|
"cve_id": "CVE-2021-44228",
|
|
"expected_score": 0.0,
|
|
"files_hash": {
|
|
"case.json": "sha256:case007",
|
|
"vex.openvex.json": "sha256:vex007",
|
|
"expected-score.json": "sha256:expected007"
|
|
}
|
|
},
|
|
{
|
|
"case_id": "vex-under-investigation",
|
|
"path": "vex-scenarios/under-investigation/pending-analysis",
|
|
"category": "vex-scenarios/under-investigation",
|
|
"cve_id": "CVE-2025-00001",
|
|
"expected_score": 6.5,
|
|
"files_hash": {
|
|
"case.json": "sha256:case008",
|
|
"vex.openvex.json": "sha256:vex008",
|
|
"expected-score.json": "sha256:expected008"
|
|
}
|
|
},
|
|
{
|
|
"case_id": "reachability-confirmed-reachable",
|
|
"path": "reachability/reachable/confirmed-path",
|
|
"category": "reachability/reachable",
|
|
"cve_id": "CVE-2024-11111",
|
|
"expected_score": 7.9,
|
|
"files_hash": {
|
|
"case.json": "sha256:case009",
|
|
"callgraph.json": "sha256:callgraph009",
|
|
"expected-score.json": "sha256:expected009"
|
|
}
|
|
},
|
|
{
|
|
"case_id": "reachability-unreachable-dead-code",
|
|
"path": "reachability/unreachable/dead-code",
|
|
"category": "reachability/unreachable",
|
|
"cve_id": "CVE-2024-22222",
|
|
"expected_score": 4.2,
|
|
"files_hash": {
|
|
"case.json": "sha256:case010",
|
|
"callgraph.json": "sha256:callgraph010",
|
|
"expected-score.json": "sha256:expected010"
|
|
}
|
|
},
|
|
{
|
|
"case_id": "reachability-unknown-analysis-incomplete",
|
|
"path": "reachability/unknown/analysis-incomplete",
|
|
"category": "reachability/unknown",
|
|
"cve_id": "CVE-2024-33333",
|
|
"expected_score": 6.5,
|
|
"files_hash": {
|
|
"case.json": "sha256:case011",
|
|
"expected-score.json": "sha256:expected011"
|
|
}
|
|
},
|
|
{
|
|
"case_id": "composite-reachable-with-vex-mitigated",
|
|
"path": "composite/reachable-with-vex/mitigated",
|
|
"category": "composite/reachable-with-vex",
|
|
"cve_id": "CVE-2024-44444",
|
|
"expected_score": 2.5,
|
|
"files_hash": {
|
|
"case.json": "sha256:case012",
|
|
"vex.openvex.json": "sha256:vex012",
|
|
"callgraph.json": "sha256:callgraph012",
|
|
"expected-score.json": "sha256:expected012"
|
|
}
|
|
}
|
|
]
|
|
}
|