jordan/stemedb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
e73bf3c4b7
stemedb/applications/aphoria/tests/llm_fixtures/tls/tls-001-disabled-verification.toml
jordan 157dbbb9eb feat: Complete Aphoria Phase 8-9 + UAT suite (90/90 tests passing) 
## Phase 8: Enterprise Extractor Improvements 
- 14 security extractors (TLS, JWT, SQL injection, XSS, etc.)
- 10 framework-specific extractors (Spring, Django, Rails, etc.)
- Config file security detection (YAML, TOML)

## Phase 9: Autonomous Extractor Generation 
- Shadow mode executor with TP/FP tracking
- Graduation pipeline with confidence thresholds
- Auto-rollback on regression detection
- Cross-project pattern syncing

## UAT Suite Complete (14 scripts, 90 tests)
- test-core-detection.sh (6 tests)
- test-declarative-extractors.sh (5 tests)
- test-domain-frameworks.sh (5 tests)
- test-domain-unreal.sh (3 tests)
- test-llm-extraction.sh (6 tests)
- test-eval-harness.sh (5 tests)
- test-cross-language.sh (3 tests)
- test-precommit-performance.sh (4 tests)
- test-output-formats.sh (8 tests)
- test-drift-detection.sh (6 tests)
- test-exit-codes.sh (12 tests)
+ 3 more scripts

## Other Changes
- Updated roadmap to mark Phase 8-9 complete
- Added .gitignore entries for build artifacts
- Updated pre-commit: 800 line limit, exclude tests/data/cmd

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-06 22:50:55 -07:00

39 lines
1.0 KiB
TOML
Raw Blame History

# TLS-001: Disabled Certificate Verification
#
# Python requests library with verify=False disables TLS certificate verification,
# allowing man-in-the-middle attacks.
[metadata]
id = "tls-001"
name = "TLS verification disabled in Python requests"
category = "tls"
language = "python"
difficulty = "easy"
source = "hand-curated"
created = "2025-02-05"
notes = "Classic security anti-pattern in Python HTTP clients"
[input]
filename = "api_client.py"
content = """
import requests
def fetch_data(url: str) -> dict:
# Disable SSL verification for development
response = requests.get(url, verify=False)
return response.json()
"""
[expected]
must_contain = [
{ subject = "tls/cert_verification", predicate = "enabled", value = false, rationale = "verify=False explicitly disables certificate verification" }
]
must_not_contain = [
{ subject = "tls/cert_verification", predicate = "enabled", value = true, rationale = "Should not claim verification is enabled when it's disabled" }
]
[scoring]
weight = 1.0
min_confidence = 0.8
Reference in New Issue View Git Blame Copy Permalink