stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
acbb0ff637e49804eb39d6bcac87f2a7d29848c0
git.stella-ops.org/bench/reachability-benchmark/cases/c/unsafe-system/case.yaml
StellaOps Bot 909d9b6220
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
up
2025-12-01 21:16:22 +02:00

38 lines
1.0 KiB
YAML
Raw Blame History

id: "c-unsafe-system:001"
language: c
project: unsafe-system
version: "1.0.0"
description: "Command injection sink: user input passed directly to system()."
entrypoints:
- "main(argv)"
sinks:
- id: "UnsafeSystem::main"
path: "src/main.c::main"
kind: "command"
location:
file: src/main.c
line: 21
notes: "Untrusted input concatenated into shell command and executed."
environment:
os_image: "gcc:13-bookworm"
runtime:
gcc: "13"
source_date_epoch: 1730000000
build:
command: "./build/build.sh"
source_date_epoch: 1730000000
outputs:
artifact_path: outputs/binary.tar.gz
coverage_path: outputs/coverage.json
traces_path: outputs/traces/traces.json
test:
command: "./tests/run-tests.sh"
expected_coverage:
- outputs/coverage.json
expected_traces:
- outputs/traces/traces.json
ground_truth:
summary: "Running with argument 'echo OK' executes system() with user-controlled payload."
evidence_files:
- "../../../benchmark/truth/c-unsafe-system.json"
Reference in New Issue View Git Blame Copy Permalink