feat: Implement dynamic verification layer with harness generation and payload orchestration

2026-06-24 20:28:06 +02:00 · 2026-05-05 03:43:45 -04:00 · 2026-05-05 03:43:45 -04:00 · 56e934656c
commit 56e934656c
parent fb698d2c27
10 changed files with 582 additions and 0 deletions
--- a/src/dynamic/report.rs
+++ b/src/dynamic/report.rs
@ -0,0 +1,42 @@
+//! Verdict types returned by the dynamic layer.
+//!
+//! Kept separate from the run pipeline so the CLI / JSON output side can
+//! depend on this without pulling in sandbox or harness deps.
+
+use serde::{Deserialize, Serialize};
+
+#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
+pub enum VerifyStatus {
+    /// Sink fired with at least one payload. Static finding is exploitable
+    /// against the live target.
+    Confirmed,
+    /// All payloads ran cleanly. Either the path is infeasible at runtime
+    /// or the corpus is too narrow. Treat as "static-only" not "false".
+    NotConfirmed,
+    /// Could not build, run, or observe (toolchain missing, sandbox refused,
+    /// timeout on every attempt, etc.).
+    Inconclusive,
+    /// We do not yet know how to drive this finding (missing language
+    /// support, unsupported entry kind, no payloads for cap).
+    Unsupported,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct VerifyResult {
+    pub finding_id: String,
+    pub status: VerifyStatus,
+    /// Label of the payload that triggered, when [`VerifyStatus::Confirmed`].
+    pub triggered_payload: Option<String>,
+    /// Free-form note for inconclusive/unsupported cases.
+    pub reason: Option<String>,
+    /// Per-attempt log (payload label, exit code, timed_out flag).
+    pub attempts: Vec<AttemptSummary>,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct AttemptSummary {
+    pub payload_label: String,
+    pub exit_code: Option<i32>,
+    pub timed_out: bool,
+    pub triggered: bool,
+}