mirror of
https://github.com/elicpeter/nyx.git
synced 2026-07-03 20:41:00 +02:00
feat: Add SSA summaries support for validated parameter propagation and enhance loop body error handling
This commit is contained in:
parent
92aaa36ed6
commit
48bc43e1a6
11 changed files with 438 additions and 69 deletions
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"benchmark_version": "1.0",
|
||||
"timestamp": "2026-05-02T19:35:12Z",
|
||||
"timestamp": "2026-05-03T00:57:12Z",
|
||||
"scanner_version": "0.6.0",
|
||||
"scanner_config": {
|
||||
"analysis_mode": "Full",
|
||||
|
|
@ -9,10 +9,10 @@
|
|||
"state_analysis_enabled": true,
|
||||
"worker_threads": 1
|
||||
},
|
||||
"ground_truth_hash": "sha256:de2df25545527c2c90c665a5d4db257fb8f0d7aefe16eb742ee8e70f7de55e99",
|
||||
"ground_truth_hash": "sha256:4a510fd65a169290c8d44c11f764387f2c3f39d18a92d393839f975a492cd64b",
|
||||
"corpus_size": 507,
|
||||
"cases_run": 504,
|
||||
"cases_skipped": 3,
|
||||
"cases_run": 506,
|
||||
"cases_skipped": 1,
|
||||
"outcomes": [
|
||||
{
|
||||
"case_id": "c-buf-001",
|
||||
|
|
@ -2048,6 +2048,42 @@
|
|||
"security_finding_count": 1,
|
||||
"non_security_finding_count": 0
|
||||
},
|
||||
{
|
||||
"case_id": "cve-ts-2026-25544-patched",
|
||||
"file": "cve_corpus/typescript/CVE-2026-25544/patched.ts",
|
||||
"language": "typescript",
|
||||
"vuln_class": "safe",
|
||||
"is_vulnerable": false,
|
||||
"outcome_file_level": "TN",
|
||||
"outcome_rule_level": "TN",
|
||||
"outcome_location_level": null,
|
||||
"matched_rule_ids": [],
|
||||
"unexpected_rule_ids": [],
|
||||
"all_finding_ids": [],
|
||||
"security_finding_count": 0,
|
||||
"non_security_finding_count": 0
|
||||
},
|
||||
{
|
||||
"case_id": "cve-ts-2026-25544-vulnerable",
|
||||
"file": "cve_corpus/typescript/CVE-2026-25544/vulnerable.ts",
|
||||
"language": "typescript",
|
||||
"vuln_class": "sqli",
|
||||
"is_vulnerable": true,
|
||||
"outcome_file_level": "TP",
|
||||
"outcome_rule_level": "TP",
|
||||
"outcome_location_level": "TP",
|
||||
"matched_rule_ids": [
|
||||
"taint-unsanitised-flow (source 73:5)",
|
||||
"taint-unsanitised-flow (source 72:20)"
|
||||
],
|
||||
"unexpected_rule_ids": [],
|
||||
"all_finding_ids": [
|
||||
"taint-unsanitised-flow (source 73:5)",
|
||||
"taint-unsanitised-flow (source 72:20)"
|
||||
],
|
||||
"security_finding_count": 2,
|
||||
"non_security_finding_count": 0
|
||||
},
|
||||
{
|
||||
"case_id": "cve-ts-ghsa-4x48-cgf9-q33f-patched",
|
||||
"file": "cve_corpus/typescript/GHSA-4x48-cgf9-q33f/patched.ts",
|
||||
|
|
@ -7364,20 +7400,17 @@
|
|||
"language": "rust",
|
||||
"vuln_class": "sqli",
|
||||
"is_vulnerable": true,
|
||||
"outcome_file_level": "TP",
|
||||
"outcome_rule_level": "TP",
|
||||
"outcome_location_level": "TP",
|
||||
"matched_rule_ids": [
|
||||
"taint-unsanitised-flow (source 5:19)"
|
||||
],
|
||||
"outcome_file_level": "FN",
|
||||
"outcome_rule_level": "FN",
|
||||
"outcome_location_level": "FN",
|
||||
"matched_rule_ids": [],
|
||||
"unexpected_rule_ids": [],
|
||||
"all_finding_ids": [
|
||||
"rs.quality.unwrap",
|
||||
"rs.quality.unwrap",
|
||||
"rs.quality.unwrap",
|
||||
"taint-unsanitised-flow (source 5:19)"
|
||||
"rs.quality.unwrap"
|
||||
],
|
||||
"security_finding_count": 1,
|
||||
"security_finding_count": 0,
|
||||
"non_security_finding_count": 3
|
||||
},
|
||||
{
|
||||
|
|
@ -9015,20 +9048,20 @@
|
|||
"aggregate_file_level": {
|
||||
"tp": 249,
|
||||
"fp": 1,
|
||||
"fn_": 0,
|
||||
"tn": 254,
|
||||
"fn_": 1,
|
||||
"tn": 255,
|
||||
"precision": 0.996,
|
||||
"recall": 1.0,
|
||||
"f1": 0.9979959919839679
|
||||
"recall": 0.996,
|
||||
"f1": 0.996
|
||||
},
|
||||
"aggregate_rule_level": {
|
||||
"tp": 249,
|
||||
"fp": 1,
|
||||
"fn_": 0,
|
||||
"tn": 254,
|
||||
"fn_": 1,
|
||||
"tn": 255,
|
||||
"precision": 0.996,
|
||||
"recall": 1.0,
|
||||
"f1": 0.9979959919839679
|
||||
"recall": 0.996,
|
||||
"f1": 0.996
|
||||
},
|
||||
"by_language": {
|
||||
"c": {
|
||||
|
|
@ -9104,19 +9137,19 @@
|
|||
"f1": 1.0
|
||||
},
|
||||
"rust": {
|
||||
"tp": 37,
|
||||
"tp": 36,
|
||||
"fp": 0,
|
||||
"fn_": 0,
|
||||
"fn_": 1,
|
||||
"tn": 41,
|
||||
"precision": 1.0,
|
||||
"recall": 1.0,
|
||||
"f1": 1.0
|
||||
"recall": 0.972972972972973,
|
||||
"f1": 0.9863013698630138
|
||||
},
|
||||
"typescript": {
|
||||
"tp": 34,
|
||||
"tp": 35,
|
||||
"fp": 0,
|
||||
"fn_": 0,
|
||||
"tn": 25,
|
||||
"tn": 26,
|
||||
"precision": 1.0,
|
||||
"recall": 1.0,
|
||||
"f1": 1.0
|
||||
|
|
@ -9262,7 +9295,7 @@
|
|||
"tp": 0,
|
||||
"fp": 1,
|
||||
"fn_": 0,
|
||||
"tn": 254,
|
||||
"tn": 255,
|
||||
"precision": 0.0,
|
||||
"recall": 1.0,
|
||||
"f1": 0.0
|
||||
|
|
@ -9288,11 +9321,11 @@
|
|||
"sqli": {
|
||||
"tp": 30,
|
||||
"fp": 0,
|
||||
"fn_": 0,
|
||||
"fn_": 1,
|
||||
"tn": 0,
|
||||
"precision": 1.0,
|
||||
"recall": 1.0,
|
||||
"f1": 1.0
|
||||
"recall": 0.967741935483871,
|
||||
"f1": 0.9836065573770492
|
||||
},
|
||||
"ssrf": {
|
||||
"tp": 30,
|
||||
|
|
@ -9315,31 +9348,31 @@
|
|||
},
|
||||
"by_confidence": {
|
||||
">=High": {
|
||||
"tp": 78,
|
||||
"fp": 107,
|
||||
"fn_": 171,
|
||||
"tn": 148,
|
||||
"precision": 0.42162162162162165,
|
||||
"recall": 0.3132530120481928,
|
||||
"f1": 0.359447004608295
|
||||
"tp": 81,
|
||||
"fp": 105,
|
||||
"fn_": 169,
|
||||
"tn": 151,
|
||||
"precision": 0.43548387096774194,
|
||||
"recall": 0.324,
|
||||
"f1": 0.37155963302752293
|
||||
},
|
||||
">=Low": {
|
||||
"tp": 82,
|
||||
"fp": 126,
|
||||
"fn_": 167,
|
||||
"tn": 129,
|
||||
"precision": 0.3942307692307692,
|
||||
"recall": 0.3293172690763052,
|
||||
"f1": 0.35886214442013126
|
||||
"tp": 87,
|
||||
"fp": 124,
|
||||
"fn_": 163,
|
||||
"tn": 132,
|
||||
"precision": 0.41232227488151657,
|
||||
"recall": 0.348,
|
||||
"f1": 0.3774403470715834
|
||||
},
|
||||
">=Medium": {
|
||||
"tp": 82,
|
||||
"fp": 121,
|
||||
"fn_": 167,
|
||||
"tn": 134,
|
||||
"precision": 0.4039408866995074,
|
||||
"recall": 0.3293172690763052,
|
||||
"f1": 0.3628318584070796
|
||||
"tp": 87,
|
||||
"fp": 118,
|
||||
"fn_": 163,
|
||||
"tn": 138,
|
||||
"precision": 0.424390243902439,
|
||||
"recall": 0.348,
|
||||
"f1": 0.3824175824175824
|
||||
}
|
||||
}
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue