stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
8bbfe4d2d2248c3e93122c82828eb819a9dbcc71
git.stella-ops.org/tests/reachability/fixtures/reachbench-2025-expanded/cases/java-log4j-CVE-2021-44228-log4shell/docs
History
master 536f6249a6
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Add SBOM, symbols, traces, and VEX files for CVE-2022-21661 SQLi case 
- Created CycloneDX and SPDX SBOM files for both reachable and unreachable images.
- Added symbols.json detailing function entry and sink points in the WordPress code.
- Included runtime traces for function calls in both reachable and unreachable scenarios.
- Developed OpenVEX files indicating vulnerability status and justification for both cases.
- Updated README for evaluator harness to guide integration with scanner output.
2025-11-08 20:53:45 +02:00
..
README.md
Add SBOM, symbols, traces, and VEX files for CVE-2022-21661 SQLi case
2025-11-08 20:53:45 +02:00

README.md

java-log4j-CVE-2021-44228-log4shell

Primary axis: lang-jvm Tags: jndi, deserialization, rce Languages: java

Variants

  • reachable: vulnerable function/path is on an executable route.
  • unreachable: same base image/config with control toggles that prune the path.

Entrypoint & Controls (fill in)

  • entrypoints: e.g., http:/route, grpc method, tcp port, OCI hook
  • flags: e.g., feature_on=true, middleware_order=bad|good, module_loaded=true|false, LSM=enforcing|permissive

Expected ground-truth path(s)

See images/*/reachgraph.truth.json.