stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
c13355923f0f663dabc6935bb3251ffb90897b12
git.stella-ops.org/docs/reachability/corpus-plan.md
master 10212d67c0
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
api-governance / spectral-lint (push) Has been cancelled
Details
Refactor code structure for improved readability and maintainability; removed redundant code blocks and optimized function calls.
2025-11-20 07:50:52 +02:00

1.8 KiB
Raw Blame History

Reachability Corpus Plan (QA-CORPUS-401-031)

Objective

  • Build a multi-runtime reachability corpus (Go/.NET/Python/Rust) with EXPECT.yaml ground truths and captured traces.
  • Make fixtures CI-consumable to validate reachability scoring and VEX proofs continuously.

Scope & deliverables

  • Fixture layout: tests/reachability/corpus/<language>/<case>/
    • expect.yaml — states (reachable|conditional|unreachable), score, evidence refs.
    • callgraph.*.json — static graphs per language.
    • runtime/*.ndjson — traces/probes when available.
    • sbom.*.json — CycloneDX/SPDX slices.
    • vex.openvex.json — expected VEX statement.
  • CI integration: add corpus harness to tests/reachability/StellaOps.Reachability.FixtureTests to validate presence, schema, and determinism (hash manifest).
  • Offline posture: all artifacts deterministic, no external downloads; hashes recorded in manifest.

MVP slice (proposed)

  • Go: go-ssh-CVE-2020-9283-keyexchange
  • .NET: dotnet-kestrel-CVE-2023-44487-http2-rapid-reset
  • Python: python-django-CVE-2019-19844-sqli-like
  • Rust: rust-axum-header-parsing-TBD

Work plan

  1. Define shared manifest schema + hash manifest (NDJSON) under tests/reachability/corpus/manifest.json.
  2. For each MVP case, add minimal static callgraph + EXPECT.yaml with score/state and evidence links. (DONE: stub versions committed)
  3. Extend reachability fixture tests to cover corpus folders (presence, hashes, EXPECT.yaml schema). (DONE)
  4. Wire CI job to run the extended tests in tests/reachability/StellaOps.Reachability.FixtureTests. (TODO)
  5. Replace stubs with real callgraphs/traces and expand corpus after MVP passes CI. (TODO)

Determinism rules

  • Sort JSON keys; round scores to 2dp; UTC times only if needed.
  • Stable ordering of files in manifests; hash with SHA-256.
  • No network calls during test or generation.