feat: Complete Temporal migration cleanup and fixes

- Remove obsolete docker_logs.py module and container diagnostics from SDK
- Fix security_assessment workflow metadata (vertical: rust -> python)
- Remove all Prefect references from documentation
- Add SDK exception handling test suite
- Clean up old test artifacts

test_projects/rust_fuzz_test/cargo-results.sarif

@@ -1,5 +0,0 @@
-{
-  "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
-  "runs": [],
-  "version": "2.1.0"
-}

test_projects/rust_fuzz_test/fuzz/Cargo.toml

@@ -26,3 +26,10 @@ path = "fuzz_targets/fuzz_divide.rs"
 test = false
 doc = false
 bench = false
+
+[[bin]]
+name = "fuzz_waterfall"
+path = "fuzz_targets/fuzz_waterfall.rs"
+test = false
+doc = false
+bench = false

test_projects/rust_fuzz_test/src/lib.rs

@@ -41,6 +41,73 @@ pub fn divide_numbers(data: &[u8]) -> Option<i32> {
     Some(a / b)
 }
 
+/// Waterfall vulnerability: checks secret character by character
+/// This is a classic sequential comparison vulnerability that creates
+/// distinct code paths for coverage-guided fuzzing to discover.
+pub fn check_secret_waterfall(data: &[u8]) -> usize {
+    const SECRET: &[u8] = b"FUZZINGLABS";
+
+    if data.is_empty() {
+        return 0;
+    }
+
+    let mut matches = 0;
+
+    // Check each character sequentially
+    // Each comparison creates a distinct code path for coverage guidance
+    for i in 0..std::cmp::min(data.len(), SECRET.len()) {
+        if data[i] != SECRET[i] {
+            // Wrong character - stop checking
+            return matches;
+        }
+
+        matches += 1;
+
+        // Add explicit comparisons to help coverage-guided fuzzing
+        // Each comparison creates a distinct code path for the fuzzer to detect
+        if matches >= 1 && data[0] == b'F' {
+            // F
+        }
+        if matches >= 2 && data[1] == b'U' {
+            // FU
+        }
+        if matches >= 3 && data[2] == b'Z' {
+            // FUZ
+        }
+        if matches >= 4 && data[3] == b'Z' {
+            // FUZZ
+        }
+        if matches >= 5 && data[4] == b'I' {
+            // FUZZI
+        }
+        if matches >= 6 && data[5] == b'N' {
+            // FUZZIN
+        }
+        if matches >= 7 && data[6] == b'G' {
+            // FUZZING
+        }
+        if matches >= 8 && data[7] == b'L' {
+            // FUZZINGL
+        }
+        if matches >= 9 && data[8] == b'A' {
+            // FUZZINGLA
+        }
+        if matches >= 10 && data[9] == b'B' {
+            // FUZZINGLAB
+        }
+        if matches >= 11 && data[10] == b'S' {
+            // FUZZINGLABS
+        }
+    }
+
+    // VULNERABILITY: Panics when complete secret found
+    if matches == SECRET.len() && data.len() >= SECRET.len() {
+        panic!("SECRET COMPROMISED! Found: {:?}", &data[..SECRET.len()]);
+    }
+
+    matches
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;
@@ -55,4 +122,17 @@ mod tests {
         let data = vec![3, 1, 2, 3, 4];
         assert_eq!(process_buffer(&data), vec![3, 1, 2]);
     }
+
+    #[test]
+    fn test_waterfall_partial_match() {
+        assert_eq!(check_secret_waterfall(b"F"), 1);
+        assert_eq!(check_secret_waterfall(b"FU"), 2);
+        assert_eq!(check_secret_waterfall(b"FUZZ"), 4);
+    }
+
+    #[test]
+    #[should_panic(expected = "SECRET COMPROMISED")]
+    fn test_waterfall_full_match() {
+        check_secret_waterfall(b"FUZZINGLABS");
+    }
 }

test_projects/vulnerable_app/fuzzing-results.sarif

@@ -1 +0,0 @@
-{}