nyx/tests/recall_gaps_baseline.json

{
  "_doc": "Frozen recall-gap baseline. Phases 02-11 prove non-regression by re-running the corpus scan and verifying corpus_findings_total does not drop and rule_id_full counts do not regress per-rule. Hard rule: pitboss agents may not write under .pitboss/, so the baseline lives here in tests/ next to the harness it documents.",
  "captured_on": "2026-05-08",
  "captured_against": "master @ ea82ea98 (post phase 03/05/06/07 land)",
  "recall_gaps_tests": {
    "binary": "recall_gaps",
    "ignored_count": 3,
    "ignored": [
      "cross_package_ipa",
      "nextjs_entrypoints",
      "ssrf_url_builders"
    ],
    "non_ignored": [
      "async_await",
      "baseline_loads",
      "for_await_of_stream",
      "fs_promises_alias_form",
      "fs_promises_alias_require_form",
      "fs_promises_namespace_import",
      "fs_promises_node_import",
      "fs_promises_open",
      "fs_promises_readfile",
      "fs_promises_require_form",
      "fs_promises_safe_userfn",
      "jsx_dangerous_html",
      "orm_builders",
      "promise_all_taint",
      "promise_then_callback",
      "promise_then_chain_reentrant"
    ]
  },
  "corpus_finding_lines": {
    "scan_root": "tests/fixtures",
    "command": "nyx scan tests/fixtures --index off --format console",
    "output_lines": 6466,
    "json_command": "nyx scan tests/fixtures --index off --format json",
    "findings_total": 1121,
    "findings_by_severity": {
      "Low": 20,
      "Medium": 1101
    },
    "rule_id_distinct": 81,
    "rule_id_top": {
      "taint-unsanitised-flow": 542,
      "state-unauthed-access": 41,
      "py.cmdi.subprocess_shell": 35,
      "js.code_exec.eval": 30,
      "taint-data-exfiltration": 29,
      "js.auth.missing_ownership_check": 26,
      "go.cmdi.exec_command": 20,
      "taint-open-redirect": 19,
      "cfg-unguarded-sink": 18,
      "state-use-after-close": 17,
      "java.cmdi.runtime_exec": 17,
      "taint-prototype-pollution": 16,
      "taint-template-injection": 15,
      "py.auth.missing_ownership_check": 15,
      "rb.cmdi.system_interp": 14
    },
    "rule_id_full": {
      "c.cmdi.system": 10,
      "c.memory.gets": 3,
      "c.memory.printf_no_fmt": 2,
      "c.memory.scanf_percent_s": 3,
      "c.memory.sprintf": 12,
      "c.memory.strcat": 3,
      "c.memory.strcpy": 6,
      "cfg-auth-gap": 2,
      "cfg-unguarded-sink": 18,
      "cpp.cmdi.popen": 1,
      "cpp.cmdi.system": 8,
      "cpp.memory.gets": 2,
      "cpp.memory.printf_no_fmt": 3,
      "cpp.memory.sprintf": 2,
      "cpp.memory.strcat": 1,
      "cpp.memory.strcpy": 2,
      "go.auth.admin_route_missing_admin_check": 3,
      "go.auth.missing_ownership_check": 8,
      "go.auth.partial_batch_authorization": 2,
      "go.auth.token_override_without_validation": 1,
      "go.cmdi.exec_command": 20,
      "go.transport.insecure_skip_verify": 1,
      "java.auth.admin_route_missing_admin_check": 2,
      "java.auth.missing_ownership_check": 3,
      "java.cmdi.runtime_exec": 17,
      "java.code_exec.text4shell_interpolator": 1,
      "java.deser.readobject": 5,
      "java.deser.snakeyaml_unsafe_constructor": 1,
      "js.auth.admin_route_missing_admin_check": 9,
      "js.auth.missing_ownership_check": 26,
      "js.auth.partial_batch_authorization": 3,
      "js.auth.token_override_without_validation": 6,
      "js.code_exec.eval": 30,
      "js.code_exec.new_function": 1,
      "js.config.cors_dynamic_origin": 1,
      "js.xss.ejs_unescaped": 2,
      "php.cmdi.system": 10,
      "php.code_exec.eval": 6,
      "php.code_exec.preg_replace_e": 1,
      "php.deser.unserialize": 2,
      "py.auth.admin_route_missing_admin_check": 4,
      "py.auth.missing_ownership_check": 15,
      "py.auth.partial_batch_authorization": 2,
      "py.auth.token_override_without_validation": 6,
      "py.cmdi.os_popen": 2,
      "py.cmdi.os_system": 13,
      "py.cmdi.subprocess_shell": 35,
      "py.code_exec.eval": 6,
      "py.code_exec.exec": 3,
      "py.deser.pickle_loads": 3,
      "py.deser.yaml_load": 3,
      "rb.auth.admin_route_missing_admin_check": 5,
      "rb.auth.missing_ownership_check": 14,
      "rb.auth.partial_batch_authorization": 2,
      "rb.auth.token_override_without_validation": 3,
      "rb.cmdi.backtick": 2,
      "rb.cmdi.system_interp": 14,
      "rb.code_exec.class_eval": 1,
      "rb.code_exec.eval": 3,
      "rb.code_exec.instance_eval": 1,
      "rb.deser.marshal_load": 2,
      "rb.deser.yaml_load": 2,
      "rs.auth.admin_route_missing_admin_check": 3,
      "rs.auth.missing_ownership_check": 9,
      "rs.auth.partial_batch_authorization": 2,
      "rs.auth.token_override_without_validation": 2,
      "rs.memory.copy_nonoverlapping": 1,
      "rs.memory.mem_zeroed": 1,
      "rs.memory.ptr_read": 1,
      "rs.memory.transmute": 2,
      "state-unauthed-access": 41,
      "state-use-after-close": 17,
      "taint-data-exfiltration": 29,
      "taint-header-injection": 13,
      "taint-ldap-injection": 9,
      "taint-open-redirect": 19,
      "taint-prototype-pollution": 16,
      "taint-template-injection": 15,
      "taint-unsanitised-flow": 542,
      "taint-xpath-injection": 8,
      "taint-xxe": 11
    }
  }
}
Critical bug fixes and recall improvements (#68) 2026-05-11 12:42:39 -04:00			`{`
			`"_doc": "Frozen recall-gap baseline. Phases 02-11 prove non-regression by re-running the corpus scan and verifying corpus_findings_total does not drop and rule_id_full counts do not regress per-rule. Hard rule: pitboss agents may not write under .pitboss/, so the baseline lives here in tests/ next to the harness it documents.",`
			`"captured_on": "2026-05-08",`
			`"captured_against": "master @ ea82ea98 (post phase 03/05/06/07 land)",`
			`"recall_gaps_tests": {`
			`"binary": "recall_gaps",`
			`"ignored_count": 3,`
			`"ignored": [`
			`"cross_package_ipa",`
			`"nextjs_entrypoints",`
			`"ssrf_url_builders"`
			`],`
			`"non_ignored": [`
			`"async_await",`
			`"baseline_loads",`
			`"for_await_of_stream",`
			`"fs_promises_alias_form",`
			`"fs_promises_alias_require_form",`
			`"fs_promises_namespace_import",`
			`"fs_promises_node_import",`
			`"fs_promises_open",`
			`"fs_promises_readfile",`
			`"fs_promises_require_form",`
			`"fs_promises_safe_userfn",`
			`"jsx_dangerous_html",`
			`"orm_builders",`
			`"promise_all_taint",`
			`"promise_then_callback",`
			`"promise_then_chain_reentrant"`
			`]`
			`},`
			`"corpus_finding_lines": {`
			`"scan_root": "tests/fixtures",`
			`"command": "nyx scan tests/fixtures --index off --format console",`
			`"output_lines": 6466,`
			`"json_command": "nyx scan tests/fixtures --index off --format json",`
			`"findings_total": 1121,`
			`"findings_by_severity": {`
			`"Low": 20,`
			`"Medium": 1101`
			`},`
			`"rule_id_distinct": 81,`
			`"rule_id_top": {`
			`"taint-unsanitised-flow": 542,`
			`"state-unauthed-access": 41,`
			`"py.cmdi.subprocess_shell": 35,`
			`"js.code_exec.eval": 30,`
			`"taint-data-exfiltration": 29,`
			`"js.auth.missing_ownership_check": 26,`
			`"go.cmdi.exec_command": 20,`
			`"taint-open-redirect": 19,`
			`"cfg-unguarded-sink": 18,`
			`"state-use-after-close": 17,`
			`"java.cmdi.runtime_exec": 17,`
			`"taint-prototype-pollution": 16,`
			`"taint-template-injection": 15,`
			`"py.auth.missing_ownership_check": 15,`
			`"rb.cmdi.system_interp": 14`
			`},`
			`"rule_id_full": {`
			`"c.cmdi.system": 10,`
			`"c.memory.gets": 3,`
			`"c.memory.printf_no_fmt": 2,`
			`"c.memory.scanf_percent_s": 3,`
			`"c.memory.sprintf": 12,`
			`"c.memory.strcat": 3,`
			`"c.memory.strcpy": 6,`
			`"cfg-auth-gap": 2,`
			`"cfg-unguarded-sink": 18,`
			`"cpp.cmdi.popen": 1,`
			`"cpp.cmdi.system": 8,`
			`"cpp.memory.gets": 2,`
			`"cpp.memory.printf_no_fmt": 3,`
			`"cpp.memory.sprintf": 2,`
			`"cpp.memory.strcat": 1,`
			`"cpp.memory.strcpy": 2,`
			`"go.auth.admin_route_missing_admin_check": 3,`
			`"go.auth.missing_ownership_check": 8,`
			`"go.auth.partial_batch_authorization": 2,`
			`"go.auth.token_override_without_validation": 1,`
			`"go.cmdi.exec_command": 20,`
			`"go.transport.insecure_skip_verify": 1,`
			`"java.auth.admin_route_missing_admin_check": 2,`
			`"java.auth.missing_ownership_check": 3,`
			`"java.cmdi.runtime_exec": 17,`
			`"java.code_exec.text4shell_interpolator": 1,`
			`"java.deser.readobject": 5,`
			`"java.deser.snakeyaml_unsafe_constructor": 1,`
			`"js.auth.admin_route_missing_admin_check": 9,`
			`"js.auth.missing_ownership_check": 26,`
			`"js.auth.partial_batch_authorization": 3,`
			`"js.auth.token_override_without_validation": 6,`
			`"js.code_exec.eval": 30,`
			`"js.code_exec.new_function": 1,`
			`"js.config.cors_dynamic_origin": 1,`
			`"js.xss.ejs_unescaped": 2,`
			`"php.cmdi.system": 10,`
			`"php.code_exec.eval": 6,`
			`"php.code_exec.preg_replace_e": 1,`
			`"php.deser.unserialize": 2,`
			`"py.auth.admin_route_missing_admin_check": 4,`
			`"py.auth.missing_ownership_check": 15,`
			`"py.auth.partial_batch_authorization": 2,`
			`"py.auth.token_override_without_validation": 6,`
			`"py.cmdi.os_popen": 2,`
			`"py.cmdi.os_system": 13,`
			`"py.cmdi.subprocess_shell": 35,`
			`"py.code_exec.eval": 6,`
			`"py.code_exec.exec": 3,`
			`"py.deser.pickle_loads": 3,`
			`"py.deser.yaml_load": 3,`
			`"rb.auth.admin_route_missing_admin_check": 5,`
			`"rb.auth.missing_ownership_check": 14,`
			`"rb.auth.partial_batch_authorization": 2,`
			`"rb.auth.token_override_without_validation": 3,`
			`"rb.cmdi.backtick": 2,`
			`"rb.cmdi.system_interp": 14,`
			`"rb.code_exec.class_eval": 1,`
			`"rb.code_exec.eval": 3,`
			`"rb.code_exec.instance_eval": 1,`
			`"rb.deser.marshal_load": 2,`
			`"rb.deser.yaml_load": 2,`
			`"rs.auth.admin_route_missing_admin_check": 3,`
			`"rs.auth.missing_ownership_check": 9,`
			`"rs.auth.partial_batch_authorization": 2,`
			`"rs.auth.token_override_without_validation": 2,`
			`"rs.memory.copy_nonoverlapping": 1,`
			`"rs.memory.mem_zeroed": 1,`
			`"rs.memory.ptr_read": 1,`
			`"rs.memory.transmute": 2,`
			`"state-unauthed-access": 41,`
			`"state-use-after-close": 17,`
			`"taint-data-exfiltration": 29,`
			`"taint-header-injection": 13,`
			`"taint-ldap-injection": 9,`
			`"taint-open-redirect": 19,`
			`"taint-prototype-pollution": 16,`
			`"taint-template-injection": 15,`
			`"taint-unsanitised-flow": 542,`
			`"taint-xpath-injection": 8,`
			`"taint-xxe": 11`
			`}`
			`}`
			`}`