mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-18 20:15:14 +02:00
[pitboss] phase 01: M1 — Spec extraction + --verify plumbing (no sandbox)
This commit is contained in:
pitboss
parent
cb8688219a
commit
a10aba5d1f
25 changed files with 808 additions and 66 deletions
|
|
@ -1,42 +1,8 @@
|
|||
//! Verdict types returned by the dynamic layer.
|
||||
//! Verdict types for dynamic verification results.
|
||||
//!
|
||||
//! Kept separate from the run pipeline so the CLI / JSON output side can
|
||||
//! depend on this without pulling in sandbox or harness deps.
|
||||
//! The canonical definitions live in [`crate::evidence`] so they are always
|
||||
//! present regardless of the `dynamic` feature flag. This module re-exports
|
||||
//! them for use inside the dynamic pipeline without requiring callers to reach
|
||||
//! into `evidence` directly.
|
||||
|
||||
use serde::{Deserialize, Serialize};
|
||||
|
||||
#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
|
||||
pub enum VerifyStatus {
|
||||
/// Sink fired with at least one payload. Static finding is exploitable
|
||||
/// against the live target.
|
||||
Confirmed,
|
||||
/// All payloads ran cleanly. Either the path is infeasible at runtime
|
||||
/// or the corpus is too narrow. Treat as "static-only" not "false".
|
||||
NotConfirmed,
|
||||
/// Could not build, run, or observe (toolchain missing, sandbox refused,
|
||||
/// timeout on every attempt, etc.).
|
||||
Inconclusive,
|
||||
/// We do not yet know how to drive this finding (missing language
|
||||
/// support, unsupported entry kind, no payloads for cap).
|
||||
Unsupported,
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone, Serialize, Deserialize)]
|
||||
pub struct VerifyResult {
|
||||
pub finding_id: String,
|
||||
pub status: VerifyStatus,
|
||||
/// Label of the payload that triggered, when [`VerifyStatus::Confirmed`].
|
||||
pub triggered_payload: Option<String>,
|
||||
/// Free-form note for inconclusive/unsupported cases.
|
||||
pub reason: Option<String>,
|
||||
/// Per-attempt log (payload label, exit code, timed_out flag).
|
||||
pub attempts: Vec<AttemptSummary>,
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone, Serialize, Deserialize)]
|
||||
pub struct AttemptSummary {
|
||||
pub payload_label: String,
|
||||
pub exit_code: Option<i32>,
|
||||
pub timed_out: bool,
|
||||
pub triggered: bool,
|
||||
}
|
||||
pub use crate::evidence::{AttemptSummary, UnsupportedReason, VerifyResult, VerifyStatus};
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue