data: add config-vuln annotation suite for entry-00241..244#19
Open
perhaps468 wants to merge 1 commit into
Open
data: add config-vuln annotation suite for entry-00241..244#19perhaps468 wants to merge 1 commit into
perhaps468 wants to merge 1 commit into
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
概述
Closes [#8]
本 PR 新增了 Dockerfile 类配置漏洞(非污点流型 CWE-250)的标注规范与配套工具链,针对 GHSA-w7j5-j98m-w679 中
entry-00241..244共 4 条样本,将 trace 由 7 节点折叠为 1 节点,critical_operation 由单点 sink 改为整结构性缺陷范围。变更内容
• 新增
data/config_vuln_annotation.md(规范文档,约 137 行)◦ §2 标注原则:entry_point / critical_operation / trace 取值与反例
◦ §3 本次 4 条样本的"前 → 后"对照表
◦ §4 验收检查表 8 条
◦ §7 12 条硬约束复核报告
• 新增
scripts/data_fixes/gen_config_vuln_fixed.py(幂等生成器)◦ 从
entries.jsonlbaseline 仅替换 4 条目标 entry◦ 输出 fixed JSONL + diff CSV
• 新增
scripts/data_fixes/verify_config_vuln_fixes.py(只读复核器)◦ 6 轮独立校验:upstream fetch / schema /
{file,line,code}字符匹配 / desc 质量 / diff-CSV 一致 / 生成器幂等• 新增生成产物
◦
data/entries.config_vuln.fixed.jsonl(408 行,仅 4 条目标 entry 被替换)◦
data/config_vuln_diff.csv(16 行 = 4 entry × 4 字段,含原始/修复两侧 JSON)说明
• 不修改
data/entries.jsonlbaseline,修复结果独立输出便于按需合并• 未引入 SCHEMA 新顶层字段(
line用int | "start-end",code用多行,约定均已存在)• 本地复核命令: