23602336398
79%

Ran 26 Mar 2026 03:20PM UTC

Jobs 1

Files 52

Run time 1min

Badge

Embed ▾

Committed 26 Mar 2026 03:19PM UTC coverage: 80.444% (+0.07%) from 80.376%

Build # 23602336398

Build Type

push

github

Committed by

rhino11

Commit Message

security: Add 10 attack replication tests for audit findings (REQ-SEC-001..010)

Proves the following vulnerabilities are exploitable:

CRITICAL:
- TestResultsTampering: crafted results.json flips MISSING to COMPLETE
- TestSyncProtocolAttacks: unauthenticated status override, replay, injection
- TestGrantEnforcementBypass: grants decorative, never checked during sync

HIGH:
- TestActionPinning: 41/41 GitHub Actions use mutable tags
- TestInstallScriptGPGVerification: checksums verified, signatures not
- TestMandatoryGPGSigning: GPG signing conditional on secret existence
- TestInputInjection: GitHub URL traversal, Jira SSRF, JQL injection
- TestPathTraversal: shadow resolver escapes to arbitrary paths
- TestCIPipelineSafety: auto-commit doesn't validate modified files

MEDIUM:
- TestAtomicDatabaseWrite: truncate-then-write loses data on interrupt

All tests PASS (attack succeeds). They will FAIL once vulnerabilities
are remediated, serving as regression tests.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Run Details

7063 of 8780 relevant lines covered (80.44%)

26.38 hits per line

Jobs

ID	Job ID	Ran	Files	Coverage
1	23602336398.1	26 Mar 2026 03:20PM UTC	52	80.44	GitHub Action Run

rtmx-ai / rtmx / 23602336398
79%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build 23602336398

rtmx-ai / rtmx / 23602336398 79%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build 23602336398

rtmx-ai / rtmx / 23602336398
79%

README BADGES
x