jordan/stemedb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
0ece696f5d
stemedb/applications/aphoria/tests/llm_fixtures/tls/tls-002-deprecated-protocol.toml
jordan 157dbbb9eb feat: Complete Aphoria Phase 8-9 + UAT suite (90/90 tests passing) 
## Phase 8: Enterprise Extractor Improvements 
- 14 security extractors (TLS, JWT, SQL injection, XSS, etc.)
- 10 framework-specific extractors (Spring, Django, Rails, etc.)
- Config file security detection (YAML, TOML)

## Phase 9: Autonomous Extractor Generation 
- Shadow mode executor with TP/FP tracking
- Graduation pipeline with confidence thresholds
- Auto-rollback on regression detection
- Cross-project pattern syncing

## UAT Suite Complete (14 scripts, 90 tests)
- test-core-detection.sh (6 tests)
- test-declarative-extractors.sh (5 tests)
- test-domain-frameworks.sh (5 tests)
- test-domain-unreal.sh (3 tests)
- test-llm-extraction.sh (6 tests)
- test-eval-harness.sh (5 tests)
- test-cross-language.sh (3 tests)
- test-precommit-performance.sh (4 tests)
- test-output-formats.sh (8 tests)
- test-drift-detection.sh (6 tests)
- test-exit-codes.sh (12 tests)
+ 3 more scripts

## Other Changes
- Updated roadmap to mark Phase 8-9 complete
- Added .gitignore entries for build artifacts
- Updated pre-commit: 800 line limit, exclude tests/data/cmd

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-06 22:50:55 -07:00

44 lines
1.1 KiB
TOML
Raw Blame History

# TLS-002: Deprecated TLS Protocol Version
#
# Node.js server configured to accept TLS 1.0, which has known vulnerabilities
# and is deprecated by RFC 8996.
[metadata]
id = "tls-002"
name = "Deprecated TLS 1.0 protocol accepted"
category = "tls"
language = "javascript"
difficulty = "medium"
source = "hand-curated"
created = "2025-02-05"
notes = "TLS 1.0/1.1 deprecated per RFC 8996"
[input]
filename = "server.js"
content = """
const https = require('https');
const fs = require('fs');
const options = {
key: fs.readFileSync('server.key'),
cert: fs.readFileSync('server.crt'),
minVersion: 'TLSv1', // Allow legacy clients
maxVersion: 'TLSv1.3'
};
https.createServer(options, (req, res) => {
res.writeHead(200);
res.end('hello world');
}).listen(443);
"""
[expected]
must_contain = [
{ subject = "tls/min_version", predicate = "value", value = "TLSv1", rationale = "minVersion explicitly set to TLSv1" },
{ subject = "tls/protocol", predicate = "deprecated", value = true, rationale = "TLS 1.0 is deprecated and should not be allowed" }
]
[scoring]
weight = 1.0
min_confidence = 0.7
Reference in New Issue View Git Blame Copy Permalink