jordan/stemedb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
200b84751e
stemedb/applications/aphoria/tests/llm_fixtures/secrets/secrets-002-high-entropy-token.toml
jordan 157dbbb9eb feat: Complete Aphoria Phase 8-9 + UAT suite (90/90 tests passing) 
## Phase 8: Enterprise Extractor Improvements 
- 14 security extractors (TLS, JWT, SQL injection, XSS, etc.)
- 10 framework-specific extractors (Spring, Django, Rails, etc.)
- Config file security detection (YAML, TOML)

## Phase 9: Autonomous Extractor Generation 
- Shadow mode executor with TP/FP tracking
- Graduation pipeline with confidence thresholds
- Auto-rollback on regression detection
- Cross-project pattern syncing

## UAT Suite Complete (14 scripts, 90 tests)
- test-core-detection.sh (6 tests)
- test-declarative-extractors.sh (5 tests)
- test-domain-frameworks.sh (5 tests)
- test-domain-unreal.sh (3 tests)
- test-llm-extraction.sh (6 tests)
- test-eval-harness.sh (5 tests)
- test-cross-language.sh (3 tests)
- test-precommit-performance.sh (4 tests)
- test-output-formats.sh (8 tests)
- test-drift-detection.sh (6 tests)
- test-exit-codes.sh (12 tests)
+ 3 more scripts

## Other Changes
- Updated roadmap to mark Phase 8-9 complete
- Added .gitignore entries for build artifacts
- Updated pre-commit: 800 line limit, exclude tests/data/cmd

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-06 22:50:55 -07:00

43 lines
1.1 KiB
TOML
Raw Blame History

# SECRETS-002: High-Entropy Token in Config
#
# A high-entropy string that appears to be a secret token embedded in
# configuration file, detected by entropy analysis.
[metadata]
id = "secrets-002"
name = "High-entropy token in YAML config"
category = "secrets"
language = "yaml"
difficulty = "medium"
source = "hand-curated"
created = "2025-02-05"
notes = "Entropy-based secret detection"
[input]
filename = "config.yaml"
content = """
server:
host: localhost
port: 8080
database:
connection_string: "postgresql://user:pass@localhost/db"
auth:
# Generated token for service-to-service auth
service_token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
logging:
level: info
"""
[expected]
must_contain = [
{ subject = "secrets/token", predicate = "hardcoded", value = true, rationale = "JWT token is hardcoded in config" },
{ subject = "secrets/token", predicate = "high_entropy", value = true, rationale = "Base64-encoded JWT has high entropy" }
]
[scoring]
weight = 1.0
min_confidence = 0.75
Reference in New Issue View Git Blame Copy Permalink