jordan/stemedb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
0fa7cfdf9b
stemedb/applications/aphoria/tests/llm_fixtures/negative/negative-001-safe-tls.toml
jordan 157dbbb9eb feat: Complete Aphoria Phase 8-9 + UAT suite (90/90 tests passing) 
## Phase 8: Enterprise Extractor Improvements 
- 14 security extractors (TLS, JWT, SQL injection, XSS, etc.)
- 10 framework-specific extractors (Spring, Django, Rails, etc.)
- Config file security detection (YAML, TOML)

## Phase 9: Autonomous Extractor Generation 
- Shadow mode executor with TP/FP tracking
- Graduation pipeline with confidence thresholds
- Auto-rollback on regression detection
- Cross-project pattern syncing

## UAT Suite Complete (14 scripts, 90 tests)
- test-core-detection.sh (6 tests)
- test-declarative-extractors.sh (5 tests)
- test-domain-frameworks.sh (5 tests)
- test-domain-unreal.sh (3 tests)
- test-llm-extraction.sh (6 tests)
- test-eval-harness.sh (5 tests)
- test-cross-language.sh (3 tests)
- test-precommit-performance.sh (4 tests)
- test-output-formats.sh (8 tests)
- test-drift-detection.sh (6 tests)
- test-exit-codes.sh (12 tests)
+ 3 more scripts

## Other Changes
- Updated roadmap to mark Phase 8-9 complete
- Added .gitignore entries for build artifacts
- Updated pre-commit: 800 line limit, exclude tests/data/cmd

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-06 22:50:55 -07:00

45 lines
1.2 KiB
TOML
Raw Blame History

# NEGATIVE-001: Safe TLS Configuration
#
# This is a NEGATIVE test - the code is secure and should NOT trigger
# any TLS-related findings. Tests for false positives.
[metadata]
id = "negative-001"
name = "Safe TLS configuration (no findings expected)"
category = "negative"
language = "python"
difficulty = "easy"
source = "hand-curated"
created = "2025-02-05"
notes = "Negative test - should produce no findings"
[input]
filename = "secure_client.py"
content = """
import requests
import certifi
def fetch_data(url: str) -> dict:
# Use system CA bundle for proper verification
response = requests.get(
url,
verify=certifi.where(), # Explicit CA bundle
timeout=30
)
response.raise_for_status()
return response.json()
"""
[expected]
# No must_contain - this is a negative test
must_contain = []
must_not_contain = [
{ subject = "tls/cert_verification", predicate = "enabled", value = false, rationale = "verify is set to a CA bundle, not disabled" },
{ subject = "tls/cert_verification", predicate = "disabled", value = true, rationale = "TLS verification is properly enabled" }
]
[scoring]
weight = 1.0
min_confidence = 0.9
Reference in New Issue View Git Blame Copy Permalink