From 5db5a29f797353a3750869133e9a642b859f40b3 Mon Sep 17 00:00:00 2001 From: "mengmeng.meng" Date: Tue, 23 Jan 2024 11:25:17 +0800 Subject: [PATCH 01/17] remove unused case --- .../analyser/cache/CasetargeCache.java | 11 + .../astbenchmark/cases/AstTaintCase001.java | 288 +----- .../astbenchmark/cases/AstTaintCase002.java | 895 +++++++++--------- .../astbenchmark/cases/AstTaintCase003.java | 5 + .../cli/test/CopyTestCaseForRun.java | 27 +- .../resources/application-test.properties | 2 +- iast-java/src/main/resources/application.yml | 2 +- .../resources/config/case_target_list.json | 1 + .../AstbenchmarkApplicationTests.java | 284 +----- 9 files changed, 511 insertions(+), 1004 deletions(-) diff --git a/iast-java/src/main/java/com/iast/astbenchmark/analyser/cache/CasetargeCache.java b/iast-java/src/main/java/com/iast/astbenchmark/analyser/cache/CasetargeCache.java index e3c631eb..3d1df08e 100644 --- a/iast-java/src/main/java/com/iast/astbenchmark/analyser/cache/CasetargeCache.java +++ b/iast-java/src/main/java/com/iast/astbenchmark/analyser/cache/CasetargeCache.java @@ -45,6 +45,17 @@ private void goinit() { } } + //public static void main(String[] args) { + // String target = IoUtil.read(new ClassPathResource("config/case_target_list.json").getStream(),Charset.forName("utf-8")); + // //JSONArray array = JSONUtil.readJSONArray(FileUtil.file("case_target_list.json"), Charset.forName("utf-8")); + // JSONArray array =JSONUtil.parseArray(target); + // array.stream().forEach(e -> { + // CaseTargetBean bean = JSONUtil.toBean(JSONUtil.toJsonStr(e), CaseTargetBean.class); + // targetMap.put(bean.getCaseNo(), bean); + // }); + // targetMap.forEach((k,v)-> System.out.println(k+"____"+v.getCaseDesc())); + //} + public static CaseTargetBean getTargetByCaseKey(String key) { return targetMap.get(key); } diff --git a/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase001.java b/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase001.java index fa0f8b3b..e8701233 100644 --- a/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase001.java +++ b/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase001.java @@ -42,40 +42,40 @@ public Map aTaintCase00901(@RequestParam String cmd) { return modelMap; } - /** - * 字符串对象,StringBuffer - * @param cmd - * @return - */ - @PostMapping ("case00902") - public Map aTaintCase00902(@RequestParam String cmd) { - Map modelMap = new HashMap<>(); - try { - StringBuffer buffer = new StringBuffer(cmd); - Runtime.getRuntime().exec(new String(buffer)); - modelMap.put("status", SUCCESS_STR); - } catch (IOException e) { - modelMap.put("status", ERROR_STR); - } - return modelMap; - } - /** - * 字符串对象,StringBuffer - * @param cmd - * @return - */ - @PostMapping("case00903") - public Map aTaintCase00903(@RequestParam String cmd) { - Map modelMap = new HashMap<>(); - try { - StringBuilder buffer = new StringBuilder(cmd); - Runtime.getRuntime().exec(new String(buffer)); - modelMap.put("status", SUCCESS_STR); - } catch (IOException e) { - modelMap.put("status", ERROR_STR); - } - return modelMap; - } + ///** + // * 字符串对象,StringBuffer + // * @param cmd + // * @return + // */ + //@PostMapping ("case00902") + //public Map aTaintCase00902(@RequestParam String cmd) { + // Map modelMap = new HashMap<>(); + // try { + // StringBuffer buffer = new StringBuffer(cmd); + // Runtime.getRuntime().exec(new String(buffer)); + // modelMap.put("status", SUCCESS_STR); + // } catch (IOException e) { + // modelMap.put("status", ERROR_STR); + // } + // return modelMap; + //} + ///** + // * 字符串对象,StringBuffer + // * @param cmd + // * @return + // */ + //@PostMapping("case00903") + //public Map aTaintCase00903(@RequestParam String cmd) { + // Map modelMap = new HashMap<>(); + // try { + // StringBuilder buffer = new StringBuilder(cmd); + // Runtime.getRuntime().exec(new String(buffer)); + // modelMap.put("status", SUCCESS_STR); + // } catch (IOException e) { + // modelMap.put("status", ERROR_STR); + // } + // return modelMap; + //} /** 污点对象完整度 基础类型 **/ /** @@ -152,92 +152,6 @@ public Map aTaintCase004(@RequestParam long cmd) { } - /** 污点对象完整度 2.引用类型 **/ - - /** - * 引用类型Map 作为污点对象 - * - * @param cmd - * @return - */ - @PostMapping("case00927") - public Map aTaintCase927(@RequestBody Map cmd) { - Map modelMap = new HashMap<>(); - if (cmd == null || cmd.isEmpty()) { - modelMap.put("status", ERROR_STR); - return modelMap; - } - PrintWriter printWriter = new PrintWriter(System.out); - printWriter.print(cmd); - // Runtime.getRuntime().exec(cmd)); - modelMap.put("status", SUCCESS_STR); - return modelMap; - } - - /** - * 引用类型List 作为污点对象 - * - * @param cmd - * @return - */ - @PostMapping("case00928") - public Map aTaintCase00928(@RequestBody List cmd) { - Map modelMap = new HashMap<>(); - if (cmd == null || CollectionUtils.isEmpty(cmd)) { - modelMap.put("status", ERROR_STR); - return modelMap; - } - PrintWriter printWriter = new PrintWriter(System.out); - printWriter.print(cmd); - //Runtime.getRuntime().exec(cmd.get(0)); - modelMap.put("status", SUCCESS_STR); - return modelMap; - } - - /** - * 引用类型queue 作为污点对象 - * - * @param cmd - * @return - */ - @PostMapping("case00929") - public Map aTaintCase00929(@RequestBody List cmd) { - Map modelMap = new HashMap<>(); - if (cmd == null || CollectionUtils.isEmpty(cmd)) { - modelMap.put("status", ERROR_STR); - return modelMap; - } - Queue queue = new LinkedBlockingQueue(); - queue.add(cmd.get(0)); - PrintWriter printWriter = new PrintWriter(System.out); - printWriter.print(queue); - //Runtime.getRuntime().exec(queue.peek()); - modelMap.put("status", SUCCESS_STR); - return modelMap; - } - - /** - * 引用类型Set 作为污点对象 - * - * @param - * @return - */ - @Deprecated - @PostMapping("case00930") - public Map aTaintCase00930(@RequestBody List cmd) { - Map modelMap = new HashMap<>(); - if (cmd == null || CollectionUtils.isEmpty(cmd)) { - modelMap.put("status", ERROR_STR); - return modelMap; - } - Set stringSet = new HashSet<>(cmd); - PrintWriter printWriter = new PrintWriter(System.out); - printWriter.print(stringSet); - //Runtime.getRuntime().exec(cmd.get(stringSet.iterator().next())); - modelMap.put("status", SUCCESS_STR); - return modelMap; - } - @PostMapping("case005") public Map aTaintCase005(@RequestBody Map cmd) { Map modelMap = new HashMap<>(); @@ -515,139 +429,7 @@ public Map aTaintCase00926(@RequestBody SourceTestObject[][] cmd return modelMap; } - /** - * 其他对象 String 作为污点对象 - * - * @param cmd - * @return - */ - @PostMapping("case0017") - @Deprecated - public Map aTaintCase0017(@RequestBody String cmd) { - Map modelMap = new HashMap<>(); - if (cmd == null) { - modelMap.put("status", ERROR_STR); - return modelMap; - } - try { - Runtime.getRuntime().exec(cmd); - modelMap.put("status", SUCCESS_STR); - } catch (IOException e) { - modelMap.put("status", ERROR_STR); - } - return modelMap; - } - - /** - * 其他对象 StringBuffer 作为污点对象 - * - * @param cmd - * @return - */ - //@PostMapping("case0018") - //public Map aTaintCase0018(@RequestBody String cmd) { - // Map modelMap = new HashMap<>(); - // if (cmd == null) { - // modelMap.put("status", ERROR_STR); - // return modelMap; - // } - // StringBuffer data = new StringBuffer(); - // data.append(cmd); - // try { - // Runtime.getRuntime().exec(String.valueOf(data)); - // modelMap.put("status", SUCCESS_STR); - // } catch (IOException e) { - // modelMap.put("status", ERROR_STR); - // } - // return modelMap; - //} - // - ///** - // * 其他对象 StringBuilder 作为污点对象 - // * - // * @param cmd - // * @return - // */ - //@PostMapping("case0019") - //public Map aTaintCase0019(@RequestBody String cmd) { - // Map modelMap = new HashMap<>(); - // if (cmd == null) { - // modelMap.put("status", ERROR_STR); - // return modelMap; - // } - // StringBuilder data = new StringBuilder(); - // data.append(cmd); - // try { - // Runtime.getRuntime().exec(data.toString()); - // modelMap.put("status", SUCCESS_STR); - // } catch (IOException e) { - // modelMap.put("status", ERROR_STR); - // } - // return modelMap; - //} - - /** - * 其他对象 自定义对象 对象本身作为污点对象 - * - * @param cmd - * @return - */ - //@PostMapping("case0020") - //public Map aTaintCase0020(@RequestBody SourceTestObject cmd) { - // Map modelMap = new HashMap<>(); - // if (cmd == null) { - // modelMap.put("status", ERROR_STR); - // return modelMap; - // } - // try { - // java.io.PrintWriter printWriter = new PrintWriter(System.out); - // printWriter.print(cmd); - // //Runtime.getRuntime().exec(cmd); - // modelMap.put("status", SUCCESS_STR); - // } catch (IOException e) { - // modelMap.put("status", ERROR_STR); - // } - // return modelMap; - //} - - @PostMapping("case0021") - @Deprecated - public Map aTaintCase0021(@RequestBody SourceTestWithMPObject cmd) { - Map modelMap = new HashMap<>(); - try { - Runtime.getRuntime().exec(cmd.getCmd1()); - modelMap.put("status", SUCCESS_STR); - } catch (IOException e) { - modelMap.put("status", ERROR_STR); - } - return modelMap; - } - - @PostMapping("case0021/2") - @Deprecated - public Map aTaintCase0021_2(@RequestBody SourceTestWithMPObject cmd) { - Map modelMap = new HashMap<>(); - try { - Runtime.getRuntime().exec(cmd.getCmd10()); - modelMap.put("status", SUCCESS_STR); - } catch (IOException e) { - modelMap.put("status", ERROR_STR); - } - return modelMap; - } - @PostMapping("case0021/3") - @Deprecated - public Map aTaintCase0021_3(@RequestBody SourceTestWithMPObject cmd) { - Map modelMap = new HashMap<>(); - try { - Runtime.getRuntime().exec(cmd.getCmd20()); - modelMap.put("status", SUCCESS_STR); - } catch (IOException e) { - modelMap.put("status", ERROR_STR); - } - return modelMap; - } /** * 对象字段->单层字段(10)@aTaintCase00921 @@ -692,7 +474,7 @@ public Map aTaintCase00921_3(@RequestBody SourceTestWith10Fileds } /** - * 对象字段->单层字段(10)@aTaintCase00921 + * 对象字段->单层字段(100)@aTaintCase00921 * * @param cmd * @return diff --git a/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase002.java b/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase002.java index 1385edfb..ef01ee0c 100644 --- a/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase002.java +++ b/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase002.java @@ -1,30 +1,29 @@ package com.iast.astbenchmark.cases; -import cn.hutool.core.io.FileUtil; import cn.hutool.core.util.StrUtil; import com.iast.astbenchmark.cases.bean.SourceTestObject; import com.iast.astbenchmark.cases.bean.xml.TicketRequest; +import com.iast.astbenchmark.common.CommonConsts; import com.iast.astbenchmark.common.utils.JDKSerializationUtil; import com.iast.astbenchmark.common.utils.MyCommonTestUtil; -import com.iast.astbenchmark.common.CommonConsts; import com.iast.astbenchmark.common.utils.TaintMethodUtil; -import org.apache.commons.lang.StringEscapeUtils; import org.springframework.http.MediaType; -import org.springframework.web.bind.annotation.*; +import org.springframework.web.bind.annotation.PathVariable; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestBody; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.bind.annotation.RestController; import org.springframework.web.multipart.MultipartFile; import javax.servlet.ServletException; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import java.io.BufferedReader; -import java.io.FileInputStream; import java.io.IOException; -import java.io.InputStream; -import java.io.Serializable; import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; import java.nio.charset.Charset; -import java.sql.*; import java.util.Arrays; import java.util.HashMap; import java.util.Map; @@ -46,7 +45,7 @@ public class AstTaintCase002 { public Map aTaintCase0022(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { - Runtime.getRuntime().exec(StrUtil.addPrefixIfNot(cmd,"pre")); + Runtime.getRuntime().exec(StrUtil.addPrefixIfNot(cmd, "pre")); modelMap.put("status", CommonConsts.SUCCESS_STR); } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); @@ -154,24 +153,6 @@ public Map aTaintCase0025(@RequestBody String[] cmd) { return modelMap; } - /** - * 特殊链路跟踪能力->static方法追踪 - * - * @param cmd - * @return - */ - // @PostMapping("case0026/{cmd}") - // public Map aTaintCase0026(@PathVariable String cmd) { - // Map modelMap = new HashMap<>(); - // try { - // Runtime.getRuntime().exec(StringUtils.deleteAny(cmd,"a")); - // modelMap.put("status", SUCCESS_STR); - // } catch (IOException e) { - // modelMap.put("status", ERROR_STR); - // } - // return modelMap; - // } - /** 污点来源识别能力*/ /** @@ -192,105 +173,105 @@ public Map aTaintCase0027(HttpServletRequest request, @RequestPa return modelMap; } - /** - * 污点来自http url getContenPath - * - * @param - * @return - */ - @PostMapping("case0028") - @Deprecated - public Map aTaintCase0028(HttpServletRequest request) { - Map modelMap = new HashMap<>(); - try { - String datas = request.getContextPath(); - Runtime.getRuntime().exec(datas); - modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { - modelMap.put("status", CommonConsts.ERROR_STR); - } - return modelMap; - } - - /** - * 污点来自http url getRequestURL - * - * @param - * @return - */ - @PostMapping("case0029") - @Deprecated - public Map aTaintCase0029(HttpServletRequest request) { - Map modelMap = new HashMap<>(); - try { - String datas = String.valueOf(request.getRequestURL()); - Runtime.getRuntime().exec(datas); - modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { - modelMap.put("status", CommonConsts.ERROR_STR); - } - return modelMap; - } - - /** - * 污点来自http url getServletPath - * - * @param - * @return - */ - @PostMapping("case0030") - @Deprecated - public Map aTaintCase0030(HttpServletRequest request) { - Map modelMap = new HashMap<>(); - try { - String datas = request.getServletPath(); - Runtime.getRuntime().exec(datas); - modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { - modelMap.put("status", CommonConsts.ERROR_STR); - } - return modelMap; - } - - /** - * 污点来自http url getRequestURI - * - * @param - * @return - */ - @PostMapping("case0031") - @Deprecated - public Map aTaintCase0031(HttpServletRequest request) { - Map modelMap = new HashMap<>(); - try { - String datas = request.getRequestURI(); - Runtime.getRuntime().exec(datas); - modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { - modelMap.put("status", CommonConsts.ERROR_STR); - } - return modelMap; - } + ///** + // * 污点来自http url getContenPath + // * + // * @param + // * @return + // */ + //@PostMapping("case0028") + //@Deprecated + //public Map aTaintCase0028(HttpServletRequest request) { + // Map modelMap = new HashMap<>(); + // try { + // String datas = request.getContextPath(); + // Runtime.getRuntime().exec(datas); + // modelMap.put("status", CommonConsts.SUCCESS_STR); + // } catch (IOException e) { + // modelMap.put("status", CommonConsts.ERROR_STR); + // } + // return modelMap; + //} + // + ///** + // * 污点来自http url getRequestURL + // * + // * @param + // * @return + // */ + //@PostMapping("case0029") + //@Deprecated + //public Map aTaintCase0029(HttpServletRequest request) { + // Map modelMap = new HashMap<>(); + // try { + // String datas = String.valueOf(request.getRequestURL()); + // Runtime.getRuntime().exec(datas); + // modelMap.put("status", CommonConsts.SUCCESS_STR); + // } catch (IOException e) { + // modelMap.put("status", CommonConsts.ERROR_STR); + // } + // return modelMap; + //} + // + ///** + // * 污点来自http url getServletPath + // * + // * @param + // * @return + // */ + //@PostMapping("case0030") + //@Deprecated + //public Map aTaintCase0030(HttpServletRequest request) { + // Map modelMap = new HashMap<>(); + // try { + // String datas = request.getServletPath(); + // Runtime.getRuntime().exec(datas); + // modelMap.put("status", CommonConsts.SUCCESS_STR); + // } catch (IOException e) { + // modelMap.put("status", CommonConsts.ERROR_STR); + // } + // return modelMap; + //} + // + ///** + // * 污点来自http url getRequestURI + // * + // * @param + // * @return + // */ + //@PostMapping("case0031") + //@Deprecated + //public Map aTaintCase0031(HttpServletRequest request) { + // Map modelMap = new HashMap<>(); + // try { + // String datas = request.getRequestURI(); + // Runtime.getRuntime().exec(datas); + // modelMap.put("status", CommonConsts.SUCCESS_STR); + // } catch (IOException e) { + // modelMap.put("status", CommonConsts.ERROR_STR); + // } + // return modelMap; + //} - /** - * 污点来自http url getPathInfo - * - * @param - * @return - */ - @PostMapping("case0032") - @Deprecated - public Map aTaintCase0032(HttpServletRequest request) { - Map modelMap = new HashMap<>(); - try { - String datas = request.getPathInfo(); - Runtime.getRuntime().exec(datas); - modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { - modelMap.put("status", CommonConsts.ERROR_STR); - } - return modelMap; - } + ///** + // * 污点来自http url getPathInfo + // * + // * @param + // * @return + // */ + //@PostMapping("case0032") + //@Deprecated + //public Map aTaintCase0032(HttpServletRequest request) { + // Map modelMap = new HashMap<>(); + // try { + // String datas = request.getPathInfo(); + // Runtime.getRuntime().exec(datas); + // modelMap.put("status", CommonConsts.SUCCESS_STR); + // } catch (IOException e) { + // modelMap.put("status", CommonConsts.ERROR_STR); + // } + // return modelMap; + //} /** * 污点来自http body *json @@ -316,19 +297,6 @@ public Map aTaintCase0033(@RequestBody Map json) * @param /Users/curry/IdeaProjects/astbenchmark/src/main/resources/data/case0034.xml * @return */ - // @PostMapping("case0034") - // public Map aTaintCase0034(MultipartFile file) throws IOException { - // Map modelMap = new HashMap<>(); - // try { - // Document document = XmlUtil.readXML(file.getInputStream()); - // Object obj = XmlUtil.getByXPath("//cmd",document, XPathConstants.STRING); - // Runtime.getRuntime().exec(String.valueOf(obj)); - // modelMap.put("status", SUCCESS_STR); - // } catch (IOException e) { - // modelMap.put("status", ERROR_STR); - // } - // return modelMap; - // } @PostMapping(value = "/case0034", consumes = {MediaType.APPLICATION_XML_VALUE}, produces = MediaType.APPLICATION_XML_VALUE) @ResponseBody public Map aTaintCase0034(@RequestBody TicketRequest ticketRequest) { @@ -865,25 +833,25 @@ public Map aTaintCase00139(HttpServletRequest request) { // return modelMap; // } - /** - * 传播场景 - */ - /** - * aTaintCase0060 传播场景->运算符->赋值 - */ - @PostMapping(value = "case0060") - @Deprecated - public Map aTaintCase0060(@RequestParam String cmd) { - Map modelMap = new HashMap<>(); - try { - cmd = "ls"; - Runtime.getRuntime().exec(cmd); - modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { - modelMap.put("status", CommonConsts.ERROR_STR); - } - return modelMap; - } + ///** + // * 传播场景 + // */ + ///** + // * aTaintCase0060 传播场景->运算符->赋值 + // */ + //@PostMapping(value = "case0060") + //@Deprecated + //public Map aTaintCase0060(@RequestParam String cmd) { + // Map modelMap = new HashMap<>(); + // try { + // cmd = "ls"; + // Runtime.getRuntime().exec(cmd); + // modelMap.put("status", CommonConsts.SUCCESS_STR); + // } catch (IOException e) { + // modelMap.put("status", CommonConsts.ERROR_STR); + // } + // return modelMap; + //} /** * aTaintCase0061 传播场景->运算符->位运算 @@ -1132,23 +1100,23 @@ public Map aTaintCase0069(@RequestParam String cmd) { return modelMap; } - /** - * aTaintCase0070 传播场景->String操作->repeat - * // java11后的方法? - */ - @PostMapping(value = "case0070") - public Map aTaintCase0070(@RequestParam String cmd) { - Map modelMap = new HashMap<>(); - try { - //Arrays.fill System.arraycopy - // cmd=cmd.repeat(2); - Runtime.getRuntime().exec(cmd); - modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { - modelMap.put("status", CommonConsts.ERROR_STR); - } - return modelMap; - } + ///** + // * aTaintCase0070 传播场景->String操作->repeat + // * // java11后的方法? + // */ + //@PostMapping(value = "case0070") + //public Map aTaintCase0070(@RequestParam String cmd) { + // Map modelMap = new HashMap<>(); + // try { + // //Arrays.fill System.arraycopy + // // cmd=cmd.repeat(2); + // Runtime.getRuntime().exec(cmd); + // modelMap.put("status", CommonConsts.SUCCESS_STR); + // } catch (IOException e) { + // modelMap.put("status", CommonConsts.ERROR_STR); + // } + // return modelMap; + //} /** * aTaintCase0071 传播场景->String操作->replace @@ -1200,23 +1168,23 @@ public Map aTaintCase0072(@RequestParam String cmd) { return modelMap; } - /** - * aTaintCase0073 传播场景->String操作->strip - * // java11后的方法? - */ - @PostMapping(value = "case0073") - public Map aTaintCase0073(@RequestParam String cmd) { - Map modelMap = new HashMap<>(); - try { - //new String(Arrays.copyOfRange(val, index, index + len), - // cmd=cmd.strip(); - Runtime.getRuntime().exec(cmd); - modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { - modelMap.put("status", CommonConsts.ERROR_STR); - } - return modelMap; - } + ///** + // * aTaintCase0073 传播场景->String操作->strip + // * // java11后的方法? + // */ + //@PostMapping(value = "case0073") + //public Map aTaintCase0073(@RequestParam String cmd) { + // Map modelMap = new HashMap<>(); + // try { + // //new String(Arrays.copyOfRange(val, index, index + len), + // // cmd=cmd.strip(); + // Runtime.getRuntime().exec(cmd); + // modelMap.put("status", CommonConsts.SUCCESS_STR); + // } catch (IOException e) { + // modelMap.put("status", CommonConsts.ERROR_STR); + // } + // return modelMap; + //} /** * aTaintCase0074 传播场景->String操作->subSequence @@ -1379,23 +1347,23 @@ public Map aTaintCase0083(@RequestParam String cmd) { return modelMap; } - /** - * aTaintCase0084 传播场景->StringBuilder操作->charAt - */ - @PostMapping(value = "case0084") - public Map aTaintCase0084(@RequestParam String cmd) { - Map modelMap = new HashMap<>(); - try { - StringBuilder builder = new StringBuilder(); - builder.append(cmd); - char c = builder.charAt(0); - Runtime.getRuntime().exec(String.valueOf(c)); - modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { - modelMap.put("status", CommonConsts.ERROR_STR); - } - return modelMap; - } + ///** + // * aTaintCase0084 传播场景->StringBuilder操作->charAt + // */ + //@PostMapping(value = "case0084") + //public Map aTaintCase0084(@RequestParam String cmd) { + // Map modelMap = new HashMap<>(); + // try { + // StringBuilder builder = new StringBuilder(); + // builder.append(cmd); + // char c = builder.charAt(0); + // Runtime.getRuntime().exec(String.valueOf(c)); + // modelMap.put("status", CommonConsts.SUCCESS_STR); + // } catch (IOException e) { + // modelMap.put("status", CommonConsts.ERROR_STR); + // } + // return modelMap; + //} /** * aTaintCase0085 传播场景->StringBuilder操作->delete @@ -1606,22 +1574,29 @@ public Map aTaintCase0096(@RequestParam String cmd) { return modelMap; } + ///** + // * aTaintCase0097 传播场景-数组初始化->new 方式初始化 + // */ + //@PostMapping(value = "case0097") + //public Map aTaintCase0097(@RequestParam String cmd1, @RequestParam String cmd2) { + // Map modelMap = new HashMap<>(); + // try { + // String[] chars = new String[] {cmd1, cmd2}; + // Runtime.getRuntime().exec(chars); + // modelMap.put("status", CommonConsts.SUCCESS_STR); + // } catch (IOException e) { + // modelMap.put("status", CommonConsts.ERROR_STR); + // } + // return modelMap; + //} + /** - * aTaintCase0097 传播场景-数组初始化->new 方式初始化 + * jdk 序列化与反序列化 + * + * @param sourceTestObject + * @return + * @throws ClassNotFoundException */ - @PostMapping(value = "case0097") - public Map aTaintCase0097(@RequestParam String cmd1, @RequestParam String cmd2) { - Map modelMap = new HashMap<>(); - try { - String[] chars = new String[] {cmd1, cmd2}; - Runtime.getRuntime().exec(chars); - modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { - modelMap.put("status", CommonConsts.ERROR_STR); - } - return modelMap; - } - @PostMapping(value = "case00932") public Map aTaintCase00932(@RequestBody SourceTestObject sourceTestObject) throws ClassNotFoundException { Map modelMap = new HashMap<>(); @@ -1652,95 +1627,95 @@ public Map aTaintCase00932(@RequestBody SourceTestObject sourceT // } //TODO sanitizer 这里做的过程中需要思考一个问题,当结果未返回,可能是这种方法压根不是工具定义的传播方法;也可能是定义了白名单(已解决) - /** - * aTaintCase0099 污点无害化处理能力 sanitizer->sanitizer方法特性支持->sanitizer污点来自固定参数 - */ - @PostMapping(value = "case0099") - public Map aTaintCase0099(@RequestParam String cmd) { - Map modelMap = new HashMap<>(); - String res = StringEscapeUtils.escapeSql(cmd); - String driver = "org.sqlite.JDBC"; - String url = "jdbc:sqlite::resource:data/sqlite.db"; - Connection con = null; - Statement statement = null; - ResultSet resultSet = null; - - try { - Class.forName(driver); - con = DriverManager.getConnection(url); - if (!con.isClosed()) { - System.out.println("数据库连接成功"); - } - statement = con.createStatement(); - //模拟 SQL 注入,采用拼接字符串的形式 - String sqlQuery = "select * from REPORT where REPORT_ID=" + res; - resultSet = statement.executeQuery(sqlQuery); - - } catch (ClassNotFoundException e) { - System.out.println("数据库驱动没有安装"); - } catch (SQLException sqlException) { - System.out.println("数据库连接失败"); - } finally { - try { - if (resultSet != null) { - resultSet.close(); - } - if (statement != null) { - statement.close(); - } - if (con != null) { - con.close(); - } - } catch (SQLException e) { - System.out.println(e.getMessage()); - } - } - modelMap.put("status", CommonConsts.SUCCESS_STR); - return modelMap; - } - - @PostMapping(value = "case0099/2") - public Map aTaintCase0099_2(@RequestParam String cmd) { - Map modelMap = new HashMap<>(); - String driver = "org.sqlite.JDBC"; - String url = "jdbc:sqlite::resource:data/sqlite.db"; - Connection con = null; - Statement statement = null; - ResultSet resultSet = null; - - try { - Class.forName(driver); - con = DriverManager.getConnection(url); - if (!con.isClosed()) { - System.out.println("数据库连接成功"); - } - statement = con.createStatement(); - //模拟 SQL 注入,采用拼接字符串的形式 - String sqlQuery = "select * from REPORT where REPORT_ID=" + cmd; - resultSet = statement.executeQuery(sqlQuery); - - } catch (ClassNotFoundException e) { - System.out.println("数据库驱动没有安装"); - } catch (SQLException sqlException) { - System.out.println("数据库连接失败"); - } finally { - try { - if (resultSet != null) { - resultSet.close(); - } - if (statement != null) { - statement.close(); - } - if (con != null) { - con.close(); - } - } catch (SQLException e) { - System.out.println(e.getMessage()); - } - } - modelMap.put("status", CommonConsts.SUCCESS_STR); - return modelMap; - } + ///** + // * aTaintCase0099 污点无害化处理能力 sanitizer->sanitizer方法特性支持->sanitizer污点来自固定参数 + // */ + //@PostMapping(value = "case0099") + //public Map aTaintCase0099(@RequestParam String cmd) { + // Map modelMap = new HashMap<>(); + // String res = StringEscapeUtils.escapeSql(cmd); + // String driver = "org.sqlite.JDBC"; + // String url = "jdbc:sqlite::resource:data/sqlite.db"; + // Connection con = null; + // Statement statement = null; + // ResultSet resultSet = null; + // + // try { + // Class.forName(driver); + // con = DriverManager.getConnection(url); + // if (!con.isClosed()) { + // System.out.println("数据库连接成功"); + // } + // statement = con.createStatement(); + // //模拟 SQL 注入,采用拼接字符串的形式 + // String sqlQuery = "select * from REPORT where REPORT_ID=" + res; + // resultSet = statement.executeQuery(sqlQuery); + // + // } catch (ClassNotFoundException e) { + // System.out.println("数据库驱动没有安装"); + // } catch (SQLException sqlException) { + // System.out.println("数据库连接失败"); + // } finally { + // try { + // if (resultSet != null) { + // resultSet.close(); + // } + // if (statement != null) { + // statement.close(); + // } + // if (con != null) { + // con.close(); + // } + // } catch (SQLException e) { + // System.out.println(e.getMessage()); + // } + // } + // modelMap.put("status", CommonConsts.SUCCESS_STR); + // return modelMap; + //} + // + //@PostMapping(value = "case0099/2") + //public Map aTaintCase0099_2(@RequestParam String cmd) { + // Map modelMap = new HashMap<>(); + // String driver = "org.sqlite.JDBC"; + // String url = "jdbc:sqlite::resource:data/sqlite.db"; + // Connection con = null; + // Statement statement = null; + // ResultSet resultSet = null; + // + // try { + // Class.forName(driver); + // con = DriverManager.getConnection(url); + // if (!con.isClosed()) { + // System.out.println("数据库连接成功"); + // } + // statement = con.createStatement(); + // //模拟 SQL 注入,采用拼接字符串的形式 + // String sqlQuery = "select * from REPORT where REPORT_ID=" + cmd; + // resultSet = statement.executeQuery(sqlQuery); + // + // } catch (ClassNotFoundException e) { + // System.out.println("数据库驱动没有安装"); + // } catch (SQLException sqlException) { + // System.out.println("数据库连接失败"); + // } finally { + // try { + // if (resultSet != null) { + // resultSet.close(); + // } + // if (statement != null) { + // statement.close(); + // } + // if (con != null) { + // con.close(); + // } + // } catch (SQLException e) { + // System.out.println(e.getMessage()); + // } + // } + // modelMap.put("status", CommonConsts.SUCCESS_STR); + // return modelMap; + //} /** * aTaintCase0100 污点无害化处理能力sanitizer->sanitizer方法特性支持->sanitizer污点来自对象实例 */ @@ -1854,97 +1829,97 @@ public Map aTaintCase0099_2(@RequestParam String cmd) { // return modelMap; // } - /** - * aTaintCase00102 污点无害化处理能力sanitizer->sanitizer方法特性支持->sanitizer目标为固定参数 - * TODO 这里需要将 cmd 放入集合中,需要找到这样的方法支持 - * 目标为固定参数,理解为经过sanitizer函数后 返回的结果,继续作为污点传播 remove - */ - @PostMapping(value = "case00102") - public Map aTaintCase00102(@RequestParam String cmd) { - Map modelMap = new HashMap<>(); - String res = StringEscapeUtils.escapeSql(cmd); - String driver = "org.sqlite.JDBC"; - String url = "jdbc:sqlite::resource:data/sqlite.db"; - Connection con = null; - Statement statement = null; - ResultSet resultSet = null; - - try { - Class.forName(driver); - con = DriverManager.getConnection(url); - if (!con.isClosed()) { - System.out.println("数据库连接成功"); - } - statement = con.createStatement(); - //模拟 SQL 注入,采用拼接字符串的形式 - String sqlQuery = "select * from REPORT where REPORT_ID=" + res; - resultSet = statement.executeQuery(sqlQuery); - - } catch (ClassNotFoundException e) { - System.out.println("数据库驱动没有安装"); - } catch (SQLException sqlException) { - System.out.println("数据库连接失败"); - } finally { - try { - if (resultSet != null) { - resultSet.close(); - } - if (statement != null) { - statement.close(); - } - if (con != null) { - con.close(); - } - } catch (SQLException e) { - System.out.println(e.getMessage()); - } - } - modelMap.put("status", CommonConsts.SUCCESS_STR); - return modelMap; - } - - @PostMapping(value = "case00102/2") - public Map aTaintCase00102_2(@RequestParam String cmd) { - Map modelMap = new HashMap<>(); - String driver = "org.sqlite.JDBC"; - String url = "jdbc:sqlite::resource:data/sqlite.db"; - Connection con = null; - Statement statement = null; - ResultSet resultSet = null; - - try { - Class.forName(driver); - con = DriverManager.getConnection(url); - if (!con.isClosed()) { - System.out.println("数据库连接成功"); - } - statement = con.createStatement(); - //模拟 SQL 注入,采用拼接字符串的形式 - String sqlQuery = "select * from REPORT where REPORT_ID=" + cmd; - resultSet = statement.executeQuery(sqlQuery); - - } catch (ClassNotFoundException e) { - System.out.println("数据库驱动没有安装"); - } catch (SQLException sqlException) { - System.out.println("数据库连接失败"); - } finally { - try { - if (resultSet != null) { - resultSet.close(); - } - if (statement != null) { - statement.close(); - } - if (con != null) { - con.close(); - } - } catch (SQLException e) { - System.out.println(e.getMessage()); - } - } - modelMap.put("status", CommonConsts.SUCCESS_STR); - return modelMap; - } + ///** + // * aTaintCase00102 污点无害化处理能力sanitizer->sanitizer方法特性支持->sanitizer目标为固定参数 + // * TODO 这里需要将 cmd 放入集合中,需要找到这样的方法支持 + // * 目标为固定参数,理解为经过sanitizer函数后 返回的结果,继续作为污点传播 remove + // */ + //@PostMapping(value = "case00102") + //public Map aTaintCase00102(@RequestParam String cmd) { + // Map modelMap = new HashMap<>(); + // String res = StringEscapeUtils.escapeSql(cmd); + // String driver = "org.sqlite.JDBC"; + // String url = "jdbc:sqlite::resource:data/sqlite.db"; + // Connection con = null; + // Statement statement = null; + // ResultSet resultSet = null; + // + // try { + // Class.forName(driver); + // con = DriverManager.getConnection(url); + // if (!con.isClosed()) { + // System.out.println("数据库连接成功"); + // } + // statement = con.createStatement(); + // //模拟 SQL 注入,采用拼接字符串的形式 + // String sqlQuery = "select * from REPORT where REPORT_ID=" + res; + // resultSet = statement.executeQuery(sqlQuery); + // + // } catch (ClassNotFoundException e) { + // System.out.println("数据库驱动没有安装"); + // } catch (SQLException sqlException) { + // System.out.println("数据库连接失败"); + // } finally { + // try { + // if (resultSet != null) { + // resultSet.close(); + // } + // if (statement != null) { + // statement.close(); + // } + // if (con != null) { + // con.close(); + // } + // } catch (SQLException e) { + // System.out.println(e.getMessage()); + // } + // } + // modelMap.put("status", CommonConsts.SUCCESS_STR); + // return modelMap; + //} + // + //@PostMapping(value = "case00102/2") + //public Map aTaintCase00102_2(@RequestParam String cmd) { + // Map modelMap = new HashMap<>(); + // String driver = "org.sqlite.JDBC"; + // String url = "jdbc:sqlite::resource:data/sqlite.db"; + // Connection con = null; + // Statement statement = null; + // ResultSet resultSet = null; + // + // try { + // Class.forName(driver); + // con = DriverManager.getConnection(url); + // if (!con.isClosed()) { + // System.out.println("数据库连接成功"); + // } + // statement = con.createStatement(); + // //模拟 SQL 注入,采用拼接字符串的形式 + // String sqlQuery = "select * from REPORT where REPORT_ID=" + cmd; + // resultSet = statement.executeQuery(sqlQuery); + // + // } catch (ClassNotFoundException e) { + // System.out.println("数据库驱动没有安装"); + // } catch (SQLException sqlException) { + // System.out.println("数据库连接失败"); + // } finally { + // try { + // if (resultSet != null) { + // resultSet.close(); + // } + // if (statement != null) { + // statement.close(); + // } + // if (con != null) { + // con.close(); + // } + // } catch (SQLException e) { + // System.out.println(e.getMessage()); + // } + // } + // modelMap.put("status", CommonConsts.SUCCESS_STR); + // return modelMap; + //} /** * 污点直接赋值为硬编码值 (硬编码是一种sanitizer方式) @@ -1955,7 +1930,7 @@ public Map aTaintCase00102_2(@RequestParam String cmd) { @PostMapping(value = "case00141") public Map aTaintCase00141(@RequestParam String cmd) { Map modelMap = new HashMap<>(); - cmd="test"; + cmd = "test"; TaintMethodUtil.sink(cmd); modelMap.put("status", CommonConsts.SUCCESS_STR); return modelMap; @@ -2064,63 +2039,63 @@ public Map aTaintCase00105_2(@RequestParam String cmd) { return modelMap; } - /** - * aTaintCase00106 触发污点跟踪能力(sink)->sink方法特性支持->sink点污点来自固定参数 - */ - @PostMapping(value = "case00106") - @Deprecated - public Map aTaintCase00106(@RequestParam String cmd) { - Map modelMap = new HashMap<>(); - try { - Runtime.getRuntime().exec(cmd); - modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { - modelMap.put("status", CommonConsts.ERROR_STR); - } - return modelMap; - } - - /** - * aTaintCase00107 触发污点跟踪能力(sink)->sink方法特性支持->sink点污点来自可变参数 - */ - @PostMapping(value = "case00107") - @Deprecated - public Map aTaintCase00107(@RequestParam String cmd) { - Map modelMap = new HashMap<>(); - try { - ProcessBuilder processBuilder = new ProcessBuilder("/bin/bash", "-c", cmd); - processBuilder.start(); - modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { - modelMap.put("status", CommonConsts.ERROR_STR); - } - return modelMap; - } - - /** - * aTaintCase00108 触发污点跟踪能力(sink)->sink方法特性支持->sink点污点来自对象实例 - * path="/data/ls" - */ - @PostMapping(value = "case00108") - @Deprecated - public Map aTaintCase00108(@RequestParam String path) { - Map modelMap = new HashMap<>(); - InputStream in = null; - try { - in = new FileInputStream(FileUtil.file(path)); - modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { - modelMap.put("status", CommonConsts.ERROR_STR); - } finally { - if (in != null) { - try { - in.close(); - } catch (IOException e) { - } - } - } - return modelMap; - } + ///** + // * aTaintCase00106 触发污点跟踪能力(sink)->sink方法特性支持->sink点污点来自固定参数 + // */ + //@PostMapping(value = "case00106") + //@Deprecated + //public Map aTaintCase00106(@RequestParam String cmd) { + // Map modelMap = new HashMap<>(); + // try { + // Runtime.getRuntime().exec(cmd); + // modelMap.put("status", CommonConsts.SUCCESS_STR); + // } catch (IOException e) { + // modelMap.put("status", CommonConsts.ERROR_STR); + // } + // return modelMap; + //} + // + ///** + // * aTaintCase00107 触发污点跟踪能力(sink)->sink方法特性支持->sink点污点来自可变参数 + // */ + //@PostMapping(value = "case00107") + //@Deprecated + //public Map aTaintCase00107(@RequestParam String cmd) { + // Map modelMap = new HashMap<>(); + // try { + // ProcessBuilder processBuilder = new ProcessBuilder("/bin/bash", "-c", cmd); + // processBuilder.start(); + // modelMap.put("status", CommonConsts.SUCCESS_STR); + // } catch (IOException e) { + // modelMap.put("status", CommonConsts.ERROR_STR); + // } + // return modelMap; + //} + // + ///** + // * aTaintCase00108 触发污点跟踪能力(sink)->sink方法特性支持->sink点污点来自对象实例 + // * path="/data/ls" + // */ + //@PostMapping(value = "case00108") + //@Deprecated + //public Map aTaintCase00108(@RequestParam String path) { + // Map modelMap = new HashMap<>(); + // InputStream in = null; + // try { + // in = new FileInputStream(FileUtil.file(path)); + // modelMap.put("status", CommonConsts.SUCCESS_STR); + // } catch (IOException e) { + // modelMap.put("status", CommonConsts.ERROR_STR); + // } finally { + // if (in != null) { + // try { + // in.close(); + // } catch (IOException e) { + // } + // } + // } + // return modelMap; + //} /** * aTaintCase00109 触发污点跟踪能力(sink)->单污点来源传播至多sink点 diff --git a/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase003.java b/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase003.java index ae5d2b30..8f65347e 100644 --- a/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase003.java +++ b/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase003.java @@ -276,4 +276,9 @@ public Map aTaintCase00124_3(@RequestParam String cmd,@RequestPa return modelMap; } + /** + * rpc跨应用,至少支持一种框架,Sofa rpc/springcloud rpc/dubbo/grpc/hsf + * TODO 需要多工程之间的调用,暂无case作为单独工程调用验证 + */ + } diff --git a/iast-java/src/main/java/com/iast/astbenchmark/cli/test/CopyTestCaseForRun.java b/iast-java/src/main/java/com/iast/astbenchmark/cli/test/CopyTestCaseForRun.java index acb437f9..e24c82fd 100644 --- a/iast-java/src/main/java/com/iast/astbenchmark/cli/test/CopyTestCaseForRun.java +++ b/iast-java/src/main/java/com/iast/astbenchmark/cli/test/CopyTestCaseForRun.java @@ -47,6 +47,7 @@ class CopyTestCaseForRun { + void aTaintCase001() { HttpResponse response = doGet(url_root + "ataint/case001?cmd=1"); System.out.println(response.body()); @@ -137,14 +138,6 @@ void aTaintCase008() { - - - - - - - - void aTaintCase0013() { String[] strings = {"cd /", "ls"}; HttpResponse response = doPost(url_root + "ataint/case0013", JSONUtil.toJsonStr(strings)); @@ -153,6 +146,7 @@ void aTaintCase0013() { void aTaintCase0014() { + //int[] datas = {1,2}; HttpResponse response = doPost(url_root + "ataint/case0014?cmd=ls"); System.out.println(response.body()); } @@ -200,8 +194,6 @@ void aTaintCase00926() { - - void aTaintCase00921() { JSON json = JSONUtil.readJSON(FileUtil.file("data/big.json"), Charset.forName("utf-8")); SourceTestWith10Filedsbject object = JSONUtil.toBean(json, SourceTestWith10Filedsbject.class, true); @@ -341,6 +333,7 @@ void aTaintCase0025() { } + void aTaintCase0027() { HttpResponse response = doPost(url_root + "ataint/case0027?data=ls", ""); @@ -348,6 +341,7 @@ void aTaintCase0027() { } + void aTaintCase0033() { HttpResponse response = doPost(url_root + "ataint/case0033", "{\"cmd\":\"ls\"}"); System.out.println(response.body()); @@ -408,11 +402,14 @@ void aTaintCase0040() { void aTaintCase0041() { String[] aa = {"l", "s"}; + // HttpResponse response = HttpRequest.post(url_root+"ataint/case0041/ls?cmd=ls").body("ls").execute(); HttpResponse response = HttpRequest.post(url_root + "ataint/case0041" + "?auto_check_start_time=" + caseUniqGroupId).body(JSONUtil.toJsonStr(aa)).execute(); + //.form("file",FileUtil.file("data/ls")).execute(); System.out.println(response.body()); } + void aTaintCase0044() { HttpResponse response = doPost(url_root + "ataint/case0044/ls123"); System.out.println(response.body()); @@ -450,6 +447,7 @@ void aTaintCase00139() { } + void aTaintCase0062() { HttpResponse response = doPost(url_root + "ataint/case0062?cmd=ls"); System.out.println(response.body()); @@ -694,6 +692,8 @@ void aTaintCase0096() { } + + void aTaintCase0099() { HttpResponse response = doPost(url_root + "ataint/case0099?cmd=reportidsql"); System.out.println(response.body()); @@ -754,6 +754,7 @@ void aTaintCase00104_2() { System.out.println(response2.body()); } + //TODO 105 void aTaintCase00105() { HttpResponse response = doPost(url_root + "ataint/case00105?cmd=reportidsql"); @@ -866,6 +867,7 @@ void aTaintCase00120() { System.out.println(response.body()); } + //No 21~22 void aTaintCase00123() { HttpResponse response = doPost(url_root + "ataint/case00123?cmd=ls"); @@ -1085,6 +1087,7 @@ void aTaintCase00136_2() { + void aTaintCase00932() { SourceTestObject testObject = new SourceTestObject(); testObject.setCmd("ls"); @@ -1206,6 +1209,7 @@ void aTaintCase00946() { HttpResponse response3 = doPost(url_root + "ataint/case00946/3?cmd=ls"); System.out.println(response.body()+response2.body()+response3.body()); } + void aTaintCase00947() { HttpResponse response = doPost(url_root + "ataint/case00947?cmd=ls"); HttpResponse response2 = doPost(url_root + "ataint/case00947/2?cmd=ls"); @@ -1297,6 +1301,9 @@ void aTaintCase00960() { System.out.println(response.body()+response2.body()); } + + + private HttpResponse doGet(String url) { url = urlWithTime(url); try { diff --git a/iast-java/src/main/resources/application-test.properties b/iast-java/src/main/resources/application-test.properties index 1e899f96..1f198370 100644 --- a/iast-java/src/main/resources/application-test.properties +++ b/iast-java/src/main/resources/application-test.properties @@ -1,4 +1,4 @@ -server.port=39100 +server.port=8888 server.servlet.context-path=/ataint spring.redis.host=127.0.0.1 spring.redis.port=6379 diff --git a/iast-java/src/main/resources/application.yml b/iast-java/src/main/resources/application.yml index cb8e1961..87cabe2e 100644 --- a/iast-java/src/main/resources/application.yml +++ b/iast-java/src/main/resources/application.yml @@ -1,5 +1,5 @@ server: - port: 39100 + port: 8888 servlet: context-path: /ataint spring: diff --git a/iast-java/src/main/resources/config/case_target_list.json b/iast-java/src/main/resources/config/case_target_list.json index 54b75b0c..a93c51ce 100644 --- a/iast-java/src/main/resources/config/case_target_list.json +++ b/iast-java/src/main/resources/config/case_target_list.json @@ -74,6 +74,7 @@ {"data":[{"result":true,"tag":"aTaintCase0093"}],"caseNo":"aTaintCase0093","caseType":"T002","caseDesc":"传播场景-char[],byte[]操作->copyOf"}, {"data":[{"result":true,"tag":"aTaintCase0094"}],"caseNo":"aTaintCase0094","caseType":"T002","caseDesc":"传播场景-char[],byte[]操作-->copyOfRange"}, {"data":[{"result":true,"tag":"aTaintCase0095"}],"caseNo":"aTaintCase0095","caseType":"T002","caseDesc":"传播场景-char[],byte[]操作->deepToString"}, + {"data":[{"result":true,"tag":"aTaintCase0096"}],"caseNo":"aTaintCase0096","caseType":"T002","caseDesc":"传播场景-char[],byte[]操作->toString"}, {"data":[{"result":true,"tag":"aTaintCase00932"}],"caseNo":"aTaintCase00932","caseType":"T002","caseDesc":""}, {"data":[{"result":false,"tag":"aTaintCase00141"},{"result":true,"tag":"aTaintCase00141_1"}],"caseNo":"aTaintCase00141","caseType":"T002","caseDesc":"污点无害化处理能力sanitizer->sanitizer方法特性支持->污点直接赋值为硬编码值"}, {"data":[{"result":false,"tag":"aTaintCase00103"},{"result":true,"tag":"aTaintCase00103_1"},{"result":true,"tag":"aTaintCase00103_2"}],"caseNo":"aTaintCase00103","caseType":"T002","caseDesc":"污点无害化处理能力sanitizer->sanitizer支持区分类型"}, diff --git a/iast-java/src/test/java/com/iast/astbenchmark/AstbenchmarkApplicationTests.java b/iast-java/src/test/java/com/iast/astbenchmark/AstbenchmarkApplicationTests.java index 8d26d7f9..fca2015b 100644 --- a/iast-java/src/test/java/com/iast/astbenchmark/AstbenchmarkApplicationTests.java +++ b/iast-java/src/test/java/com/iast/astbenchmark/AstbenchmarkApplicationTests.java @@ -52,7 +52,7 @@ void contextLoads() { @BeforeAll static void init() { - url_root = "http://localhost:39100/"; + url_root = "http://localhost:8888/"; caseUniqGroupId=System.currentTimeMillis(); //caseUniqGroupId = 54877081211069L; System.out.println("请保存此次跑case的关键字:" + caseUniqGroupId); @@ -158,62 +158,6 @@ void aTaintCase008() { } - //@Test - //void aTaintCase00927() { - // Map map = Maps.newHashMap(); - // map.put("cmd", "ls"); - // HttpResponse response = doPost(url_root + "ataint/case00927", JSONUtil.toJsonStr(map)); - // System.out.println(response.body()); - //} - - //@Test - //void aTaintCase00928() { - // List list = Lists.newArrayList(); - // list.add("ls"); - // HttpResponse response = doPost(url_root + "ataint/case00928", JSONUtil.toJsonStr(list)); - // System.out.println(response.body()); - //} - - //@Test - //void aTaintCase00929() { - // List list = Lists.newArrayList(); - // list.add("ls"); - // HttpResponse response = doPost(url_root + "ataint/case00929", JSONUtil.toJsonStr(list)); - // System.out.println(response.body()); - //} - - //@Test - //void aTaintCase00930() { - // List list = Lists.newArrayList(); - // list.add("ls"); - // HttpResponse response = doPost(url_root + "ataint/case00930", JSONUtil.toJsonStr(list)); - // System.out.println(response.body()); - //} - - //@Test - //void aTaintCase009() { - // HttpResponse response = doPost(url_root + "ataint/case009/1"); - // System.out.println(response.body()); - //} - - //@Test - //void aTaintCase0010() { - // HttpResponse response = doPost(url_root + "ataint/case0010/1"); - // System.out.println(response.body()); - //} - - //@Test - //void aTaintCase0011() { - // HttpResponse response = doPost(url_root + "ataint/case0011/1"); - // System.out.println(response.body()); - //} - - //@Test - //void aTaintCase0012() { - // HttpResponse response = doPost(url_root + "ataint/case0012/1"); - // System.out.println(response.body()); - //} - @Test void aTaintCase0013() { String[] strings = {"cd /", "ls"}; @@ -269,56 +213,6 @@ void aTaintCase00926() { System.out.println(response.body()); } - //@Test - //void aTaintCase0017() { - // HttpResponse response = doPost(url_root + "ataint/case0017", "ls"); - // System.out.println(response.body()); - //} - // - //@Test - //void aTaintCase0018() { - // HttpResponse response = doPost(url_root + "ataint/case0018", "ls"); - // System.out.println(response.body()); - //} - // - //@Test - //@Test - //void aTaintCase0019() { - // HttpResponse response = doPost(url_root + "ataint/case0019", "ls"); - // System.out.println(response.body()); - //} - - //@Test - //void aTaintCase0020() { - // SourceTestObject object = new SourceTestObject(); - // object.setCmd("ls"); - // HttpResponse response = doPost(url_root + "ataint/case0020", JSONUtil.toJsonStr(object)); - // System.out.println(response.body()); - //} - - //@Test - //void aTaintCase0021() { - // JSON json = JSONUtil.readJSON(FileUtil.file("data/big.json"), Charset.forName("utf-8")); - // SourceTestWithMPObject object = JSONUtil.toBean(json, SourceTestWithMPObject.class, true); - // HttpResponse response = HttpRequest.post(url_root + "ataint/case0021" + "?auto_check_start_time=" + caseUniqGroupId).body(JSONUtil.toJsonStr(object)).execute(); - // System.out.println(response.body()); - //} - // - //@Test - //void aTaintCase0021_2() { - // JSON json = JSONUtil.readJSON(FileUtil.file("data/big.json"), Charset.forName("utf-8")); - // SourceTestWithMPObject object = JSONUtil.toBean(json, SourceTestWithMPObject.class, true); - // HttpResponse response = HttpRequest.post(url_root + "ataint/case0021/2" + "?auto_check_start_time=" + caseUniqGroupId).body(JSONUtil.toJsonStr(object)).execute(); - // System.out.println(response.body()); - //} - // - //@Test - //void aTaintCase0021_3() { - // JSON json = JSONUtil.readJSON(FileUtil.file("data/big.json"), Charset.forName("utf-8")); - // SourceTestWithMPObject object = JSONUtil.toBean(json, SourceTestWithMPObject.class, true); - // HttpResponse response = HttpRequest.post(url_root + "ataint/case0021/3" + "?auto_check_start_time=" + caseUniqGroupId).body(JSONUtil.toJsonStr(object)).execute(); - // System.out.println(response.body()); - //} @Test void aTaintCase00921() { @@ -459,12 +353,7 @@ void aTaintCase0025() { System.out.println(response.body()); } - // @Test -// void aTaintCase0026(){ -// HttpResponse response = doPost(url_root+"ataint/case0026/alasa",""); -// -// System.out.println(response.body()); -// } + @Test void aTaintCase0027() { HttpResponse response = doPost(url_root + "ataint/case0027?data=ls", ""); @@ -472,35 +361,7 @@ void aTaintCase0027() { System.out.println(response.body()); } - // @Test -// void aTaintCase0028(){ -// HttpResponse response = doPost(url_root+"ataint/case0028",""); -// -// System.out.println(response.body()); -// } -// @Test -// void aTaintCase0029(){ -// HttpResponse response = doPost(url_root+"ataint/case0029",""); -// -// System.out.println(response.body()); -// } -// @Test -// void aTaintCase0030(){ -// HttpResponse response = doPost(url_root+"ataint/case0030",""); -// -// System.out.println(response.body()); -// } -// @Test -// void aTaintCase0031(){ -// HttpResponse response = doPost(url_root+"ataint/case0031",""); -// -// System.out.println(response.body()); -// } -// @Test -// void aTaintCase0032(){ -// HttpResponse response = doPost(url_root+"ataint/case0032",""); -// System.out.println(response.body()); -// } + @Test void aTaintCase0033() { HttpResponse response = doPost(url_root + "ataint/case0033", "{\"cmd\":\"ls\"}"); @@ -568,16 +429,7 @@ void aTaintCase0041() { System.out.println(response.body()); } - // @Test -// void aTaintCase0042(){ -// HttpResponse response = doPost(url_root+"ataint/case0042/ls"); -// System.out.println(response.body()); -// } -// @Test -// void aTaintCase0043(){ -// HttpResponse response = doPost(url_root+"ataint/case0043/ls"); -// System.out.println(response.body()); -// } + @Test void aTaintCase0044() { HttpResponse response = doPost(url_root + "ataint/case0044/ls123"); @@ -615,104 +467,6 @@ void aTaintCase00139() { System.out.println(response.body()); } - //@Test - //void aTaintCase0048() { - // HttpResponse response = doPost(url_root + "ataint/case0048?cmd=ls"); - // - // System.out.println(response.body()); - //} - - //@Test - //void aTaintCase0049() { - // HttpResponse response = doPost(url_root + "ataint/case0049?cmd=ls"); - // - // System.out.println(response.body()); - //} - - //@Test - //void aTaintCase0050() { - // HttpResponse response = doPost(url_root + "ataint/case0050", "{\"cmd\":\"ls\"}"); - // - // System.out.println(response.body()); - //} - - //@Test - //void aTaintCase0051() { - // HttpResponse response = doPost(url_root + "ataint/case0051?cmd1=alasa&cmd2=a"); - // - // System.out.println(response.body()); - //} - - //@Test - //void aTaintCase0052() { - // HttpResponse response = doPost(url_root + "ataint/case0052?cmd=ls"); - // System.out.println(response.body()); - //} - - //@Test - //void aTaintCase0053() { - // HttpResponse response = doPost(url_root + "ataint/case0053?cmd=ls"); - // System.out.println(response.body()); - //} - - //@Test - //void aTaintCase0054() { - // SourceTestWithConstract01Bean bean = MyCommonTestUtil.buildTestObject("ls"); - // HttpResponse response = doPost(url_root + "ataint/case0054", JSONUtil.toJsonStr(bean)); - // System.out.println(response.body()); - //} - - //@Test - //void aTaintCase0055() { - // HttpResponse response = doPost(url_root + "ataint/case0055?cmd1=alas&cmd=a"); - // System.out.println(response.body()); - //} - - //@Test - //void aTaintCase0056() { - // HttpResponse response = doPost(url_root + "ataint/case0056?cmd=ls"); - // System.out.println(response.body()); - //} - - //@Test - //void aTaintCase0056_2() { - // HttpResponse response = doPost(url_root + "ataint/case0056/2?cmd=ls"); - // System.out.println(response.body()); - //} - - //@Test - //void aTaintCase0057() { - // HttpResponse response = doPost(url_root + "ataint/case0057?cmd=ls"); - // System.out.println(response.body()); - //} - - //@Test - //void aTaintCase0058() { - // HttpResponse response = doPost(url_root + "ataint/case0058?cmd=ls"); - // - // System.out.println(response.body()); - //} - - // @Test - //void aTaintCase0059() { - // HttpResponse response = doPost(url_root + "ataint/case0059?cmd=ls"); - // - // System.out.println(response.body()); - //} - - //@Test - //void aTaintCase0060() { - // HttpResponse response = doPost(url_root + "ataint/case0060?cmd=ls"); - // - // System.out.println(response.body()); - //} - - //@Test - //void aTaintCase0061() { - // HttpResponse response = doPost(url_root + "ataint/case0061?cmd=1"); - // - // System.out.println(response.body()); - //} @Test void aTaintCase0062() { @@ -873,12 +627,6 @@ void aTaintCase0083() { System.out.println(response.body()); } - //@Test - //void aTaintCase0084() { - // HttpResponse response = doPost(url_root + "ataint/case0084?cmd=ls"); - // - // System.out.println(response.body()); - //} @Test void aTaintCase0085() { @@ -960,22 +708,10 @@ void aTaintCase0095() { @Test void aTaintCase0096() { HttpResponse response = doPost(url_root + "ataint/case0096?cmd=ls"); - System.out.println(response.body()); } - //@Test - //void aTaintCase0097() { - // HttpResponse response = doPost(url_root + "ataint/case0097?cmd1=ls&cmd2=cd"); - // System.out.println(response.body()); - //} - //@Test - //void aTaintCase0098() { - // HttpResponse response = doPost(url_root + "ataint/case0098?cmd=ls"); - // - // System.out.println(response.body()); - //} @Test void aTaintCase0099() { @@ -1369,17 +1105,7 @@ void aTaintCase00136_2() { System.out.println(response.body()); } - //@Test - //void aTaintCase00137() { - // HttpResponse response = doPost(url_root + "ataint/case00137", "http://localhost/nothing"); - // System.out.println(response.body()); - //} - // - //@Test - //void aTaintCase00137_2() { - // HttpResponse response = doPost(url_root + "ataint/case00137/2", "/nothing"); - // System.out.println(response.body()); - //} + @Test void aTaintCase00932() { From a23e7a1f4bbcdbbe53beae2228523b6471d0e938 Mon Sep 17 00:00:00 2001 From: "mengmeng.meng" Date: Tue, 23 Jan 2024 11:34:14 +0800 Subject: [PATCH 02/17] 0096fix --- .../astbenchmark/cases/AstTaintCase001.java | 34 -- .../astbenchmark/cases/AstTaintCase002.java | 2 +- .../cli/test/CopyTestCaseForRun.java | 312 +++++------------- 3 files changed, 88 insertions(+), 260 deletions(-) diff --git a/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase001.java b/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase001.java index e8701233..184b7567 100644 --- a/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase001.java +++ b/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase001.java @@ -42,40 +42,6 @@ public Map aTaintCase00901(@RequestParam String cmd) { return modelMap; } - ///** - // * 字符串对象,StringBuffer - // * @param cmd - // * @return - // */ - //@PostMapping ("case00902") - //public Map aTaintCase00902(@RequestParam String cmd) { - // Map modelMap = new HashMap<>(); - // try { - // StringBuffer buffer = new StringBuffer(cmd); - // Runtime.getRuntime().exec(new String(buffer)); - // modelMap.put("status", SUCCESS_STR); - // } catch (IOException e) { - // modelMap.put("status", ERROR_STR); - // } - // return modelMap; - //} - ///** - // * 字符串对象,StringBuffer - // * @param cmd - // * @return - // */ - //@PostMapping("case00903") - //public Map aTaintCase00903(@RequestParam String cmd) { - // Map modelMap = new HashMap<>(); - // try { - // StringBuilder buffer = new StringBuilder(cmd); - // Runtime.getRuntime().exec(new String(buffer)); - // modelMap.put("status", SUCCESS_STR); - // } catch (IOException e) { - // modelMap.put("status", ERROR_STR); - // } - // return modelMap; - //} /** 污点对象完整度 基础类型 **/ /** diff --git a/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase002.java b/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase002.java index ef01ee0c..79da37f0 100644 --- a/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase002.java +++ b/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase002.java @@ -1566,7 +1566,7 @@ public Map aTaintCase0096(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { char[] chars = cmd.toCharArray(); - Runtime.getRuntime().exec(chars.toString()); + Runtime.getRuntime().exec(String.valueOf(chars)); modelMap.put("status", CommonConsts.SUCCESS_STR); } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); diff --git a/iast-java/src/main/java/com/iast/astbenchmark/cli/test/CopyTestCaseForRun.java b/iast-java/src/main/java/com/iast/astbenchmark/cli/test/CopyTestCaseForRun.java index e24c82fd..66f6c62e 100644 --- a/iast-java/src/main/java/com/iast/astbenchmark/cli/test/CopyTestCaseForRun.java +++ b/iast-java/src/main/java/com/iast/astbenchmark/cli/test/CopyTestCaseForRun.java @@ -45,58 +45,47 @@ class CopyTestCaseForRun { caseUniqGroupId = System.currentTimeMillis(); } - - - void aTaintCase001() { HttpResponse response = doGet(url_root + "ataint/case001?cmd=1"); System.out.println(response.body()); } - void aTaintCase002() { HttpResponse response = doGet(url_root + "ataint/case002?cmd=1"); System.out.println(response.body()); } - void aTaintCase003() { HttpResponse response = doGet(url_root + "ataint/case003?cmd=1"); System.out.println(response.body()); } - void aTaintCase004() { HttpResponse response = doGet(url_root + "ataint/case004?cmd=1"); System.out.println(response.body()); } - void aTaintCase009() { HttpResponse response = doPost(url_root + "ataint/case009?cmd=1"); System.out.println(response.body()); } - void aTaintCase0010() { HttpResponse response = doPost(url_root + "ataint/case0010?cmd=1"); System.out.println(response.body()); } - void aTaintCase0011() { HttpResponse response = doPost(url_root + "ataint/case0011?cmd=1"); System.out.println(response.body()); } - void aTaintCase00901() { String sink = "ls"; - HttpResponse response = doPost(url_root + "ataint/case00901?cmd="+sink); + HttpResponse response = doPost(url_root + "ataint/case00901?cmd=" + sink); System.out.println(response.body()); } - void aTaintCase005() { Map map = Maps.newHashMap(); map.put("cmd", "ls"); @@ -104,7 +93,6 @@ void aTaintCase005() { System.out.println(response.body()); } - void aTaintCase006() { List list = Lists.newArrayList(); list.add("ls"); @@ -112,7 +100,6 @@ void aTaintCase006() { System.out.println(response.body()); } - void aTaintCase007() throws InterruptedException { LinkedBlockingQueue queue = new LinkedBlockingQueue<>(); queue.put("ls"); @@ -124,9 +111,8 @@ void aTaintCase007() throws InterruptedException { System.out.println(response.body()); } - void aTaintCase008() { - Set set= new HashSet<>(); + Set set = new HashSet<>(); set.add("ls"); set.add("key"); SoureWithSetBean setBean = new SoureWithSetBean(); @@ -136,29 +122,24 @@ void aTaintCase008() { System.out.println(response.body()); } - - void aTaintCase0013() { String[] strings = {"cd /", "ls"}; HttpResponse response = doPost(url_root + "ataint/case0013", JSONUtil.toJsonStr(strings)); System.out.println(response.body()); } - void aTaintCase0014() { //int[] datas = {1,2}; HttpResponse response = doPost(url_root + "ataint/case0014?cmd=ls"); System.out.println(response.body()); } - void aTaintCase0015() { byte[] datas = {1, 2}; HttpResponse response = doPost(url_root + "ataint/case0015", JSONUtil.toJsonStr(datas)); System.out.println(response.body()); } - void aTaintCase0016() { SourceTestObject object1 = new SourceTestObject(); SourceTestObject object2 = new SourceTestObject(); @@ -172,7 +153,6 @@ void aTaintCase0016() { System.out.println(response.body()); } - void aTaintCase00926() { SourceTestObject object1 = new SourceTestObject(); SourceTestObject object2 = new SourceTestObject(); @@ -185,121 +165,122 @@ void aTaintCase00926() { SourceTestObject[][] objects = new SourceTestObject[2][2]; objects[0][0] = object1; objects[1][1] = object2; - objects[0][1] =object3; + objects[0][1] = object3; objects[1][0] = object4; HttpResponse response = doPost(url_root + "ataint/case00926", JSONUtil.toJsonStr(objects)); System.out.println(response.body()); } - - void aTaintCase00921() { JSON json = JSONUtil.readJSON(FileUtil.file("data/big.json"), Charset.forName("utf-8")); SourceTestWith10Filedsbject object = JSONUtil.toBean(json, SourceTestWith10Filedsbject.class, true); - HttpResponse response = HttpRequest.post(url_root + "ataint/case00921" + "?auto_check_start_time=" + caseUniqGroupId).body(JSONUtil.toJsonStr(object)).execute(); + HttpResponse response = HttpRequest.post(url_root + "ataint/case00921" + "?auto_check_start_time=" + caseUniqGroupId).body( + JSONUtil.toJsonStr(object)).execute(); System.out.println(response.body()); } - void aTaintCase00921_2() { JSON json = JSONUtil.readJSON(FileUtil.file("data/big.json"), Charset.forName("utf-8")); SourceTestWith10Filedsbject object = JSONUtil.toBean(json, SourceTestWith10Filedsbject.class, true); - HttpResponse response = HttpRequest.post(url_root + "ataint/case00921/2" + "?auto_check_start_time=" + caseUniqGroupId).body(JSONUtil.toJsonStr(object)).execute(); + HttpResponse response = HttpRequest.post(url_root + "ataint/case00921/2" + "?auto_check_start_time=" + caseUniqGroupId).body( + JSONUtil.toJsonStr(object)).execute(); System.out.println(response.body()); } - void aTaintCase00921_3() { JSON json = JSONUtil.readJSON(FileUtil.file("data/big.json"), Charset.forName("utf-8")); SourceTestWith10Filedsbject object = JSONUtil.toBean(json, SourceTestWith10Filedsbject.class, true); - HttpResponse response = HttpRequest.post(url_root + "ataint/case00921/3" + "?auto_check_start_time=" + caseUniqGroupId).body(JSONUtil.toJsonStr(object)).execute(); + HttpResponse response = HttpRequest.post(url_root + "ataint/case00921/3" + "?auto_check_start_time=" + caseUniqGroupId).body( + JSONUtil.toJsonStr(object)).execute(); System.out.println(response.body()); } - void aTaintCase00922() { JSON json = JSONUtil.readJSON(FileUtil.file("data/big.json"), Charset.forName("utf-8")); SourceTestWith100Filedsbject object = JSONUtil.toBean(json, SourceTestWith100Filedsbject.class, true); - HttpResponse response = HttpRequest.post(url_root + "ataint/case00922" + "?auto_check_start_time=" + caseUniqGroupId).body(JSONUtil.toJsonStr(object)).execute(); + HttpResponse response = HttpRequest.post(url_root + "ataint/case00922" + "?auto_check_start_time=" + caseUniqGroupId).body( + JSONUtil.toJsonStr(object)).execute(); System.out.println(response.body()); } - void aTaintCase00922_2() { JSON json = JSONUtil.readJSON(FileUtil.file("data/big.json"), Charset.forName("utf-8")); SourceTestWith100Filedsbject object = JSONUtil.toBean(json, SourceTestWith100Filedsbject.class, true); - HttpResponse response = HttpRequest.post(url_root + "ataint/case00922/2" + "?auto_check_start_time=" + caseUniqGroupId).body(JSONUtil.toJsonStr(object)).execute(); + HttpResponse response = HttpRequest.post(url_root + "ataint/case00922/2" + "?auto_check_start_time=" + caseUniqGroupId).body( + JSONUtil.toJsonStr(object)).execute(); System.out.println(response.body()); } - void aTaintCase00922_3() { JSON json = JSONUtil.readJSON(FileUtil.file("data/big.json"), Charset.forName("utf-8")); SourceTestWith100Filedsbject object = JSONUtil.toBean(json, SourceTestWith100Filedsbject.class, true); - HttpResponse response = HttpRequest.post(url_root + "ataint/case00922/3" + "?auto_check_start_time=" + caseUniqGroupId).body(JSONUtil.toJsonStr(object)).execute(); + HttpResponse response = HttpRequest.post(url_root + "ataint/case00922/3" + "?auto_check_start_time=" + caseUniqGroupId).body( + JSONUtil.toJsonStr(object)).execute(); System.out.println(response.body()); } - void aTaintCase00923() { JSON json = JSONUtil.readJSON(FileUtil.file("data/biglayer.json"), Charset.forName("utf-8")); LayerBaseBean2 object = JSONUtil.toBean(json, LayerBaseBean2.class, true); - HttpResponse response = HttpRequest.post(url_root + "ataint/case00923" + "?auto_check_start_time=" + caseUniqGroupId).body(JSONUtil.toJsonStr(object)).execute(); + HttpResponse response = HttpRequest.post(url_root + "ataint/case00923" + "?auto_check_start_time=" + caseUniqGroupId).body( + JSONUtil.toJsonStr(object)).execute(); System.out.println(response.body()); } - void aTaintCase00923_2() { JSON json = JSONUtil.readJSON(FileUtil.file("data/biglayer.json"), Charset.forName("utf-8")); LayerBaseBean2 object = JSONUtil.toBean(json, LayerBaseBean2.class, true); - HttpResponse response = HttpRequest.post(url_root + "ataint/case00923/2" + "?auto_check_start_time=" + caseUniqGroupId).body(JSONUtil.toJsonStr(object)).execute(); + HttpResponse response = HttpRequest.post(url_root + "ataint/case00923/2" + "?auto_check_start_time=" + caseUniqGroupId).body( + JSONUtil.toJsonStr(object)).execute(); System.out.println(response.body()); } - void aTaintCase00923_3() { JSON json = JSONUtil.readJSON(FileUtil.file("data/biglayer.json"), Charset.forName("utf-8")); LayerBaseBean2 object = JSONUtil.toBean(json, LayerBaseBean2.class, true); - HttpResponse response = HttpRequest.post(url_root + "ataint/case00923/3" + "?auto_check_start_time=" + caseUniqGroupId).body(JSONUtil.toJsonStr(object)).execute(); + HttpResponse response = HttpRequest.post(url_root + "ataint/case00923/3" + "?auto_check_start_time=" + caseUniqGroupId).body( + JSONUtil.toJsonStr(object)).execute(); System.out.println(response.body()); } void aTaintCase00924() { JSON json = JSONUtil.readJSON(FileUtil.file("data/biglayer.json"), Charset.forName("utf-8")); LayerBaseBean2 object = JSONUtil.toBean(json, LayerBaseBean9.class, true); - HttpResponse response = HttpRequest.post(url_root + "ataint/case00924" + "?auto_check_start_time=" + caseUniqGroupId).body(JSONUtil.toJsonStr(object)).execute(); + HttpResponse response = HttpRequest.post(url_root + "ataint/case00924" + "?auto_check_start_time=" + caseUniqGroupId).body( + JSONUtil.toJsonStr(object)).execute(); System.out.println(response.body()); } - void aTaintCase00924_2() { JSON json = JSONUtil.readJSON(FileUtil.file("data/biglayer.json"), Charset.forName("utf-8")); LayerBaseBean2 object = JSONUtil.toBean(json, LayerBaseBean9.class, true); - HttpResponse response = HttpRequest.post(url_root + "ataint/case00924/2" + "?auto_check_start_time=" + caseUniqGroupId).body(JSONUtil.toJsonStr(object)).execute(); + HttpResponse response = HttpRequest.post(url_root + "ataint/case00924/2" + "?auto_check_start_time=" + caseUniqGroupId).body( + JSONUtil.toJsonStr(object)).execute(); System.out.println(response.body()); } - void aTaintCase00924_3() { JSON json = JSONUtil.readJSON(FileUtil.file("data/biglayer.json"), Charset.forName("utf-8")); LayerBaseBean9 object = JSONUtil.toBean(json, LayerBaseBean9.class, true); - HttpResponse response = HttpRequest.post(url_root + "ataint/case00924/3" + "?auto_check_start_time=" + caseUniqGroupId).body(JSONUtil.toJsonStr(object)).execute(); + HttpResponse response = HttpRequest.post(url_root + "ataint/case00924/3" + "?auto_check_start_time=" + caseUniqGroupId).body( + JSONUtil.toJsonStr(object)).execute(); System.out.println(response.body()); } void aTaintCase00925() { JSON json = JSONUtil.readJSON(FileUtil.file("data/biglayer.json"), Charset.forName("utf-8")); LayerBaseBean2 object = JSONUtil.toBean(json, LayerBaseBean2.class, true); - HttpResponse response = HttpRequest.post(url_root + "ataint/case00925" + "?auto_check_start_time=" + caseUniqGroupId).body(JSONUtil.toJsonStr(object)).execute(); + HttpResponse response = HttpRequest.post(url_root + "ataint/case00925" + "?auto_check_start_time=" + caseUniqGroupId).body( + JSONUtil.toJsonStr(object)).execute(); System.out.println(response.body()); } - void aTaintCase00925_2() { JSON json = JSONUtil.readJSON(FileUtil.file("data/biglayer.json"), Charset.forName("utf-8")); LayerBaseBean2 object = JSONUtil.toBean(json, LayerBaseBean2.class, true); - HttpResponse response = HttpRequest.post(url_root + "ataint/case00925/2" + "?auto_check_start_time=" + caseUniqGroupId).body(JSONUtil.toJsonStr(object)).execute(); + HttpResponse response = HttpRequest.post(url_root + "ataint/case00925/2" + "?auto_check_start_time=" + caseUniqGroupId).body( + JSONUtil.toJsonStr(object)).execute(); System.out.println(response.body()); } @@ -308,7 +289,6 @@ void aTaintCase0022() { System.out.println(response.body()); } - void aTaintCase0023() { HttpResponse response = doPost(url_root + "ataint/case0023", "ls"); System.out.println(response.body()); @@ -319,37 +299,31 @@ void aTaintCase00931() { System.out.println(response.body()); } - void aTaintCase0024() { HttpResponse response = doPost(url_root + "ataint/case0024?cmd=ls"); System.out.println(response.body()); } - void aTaintCase0025() { String[] data = {"ls"}; HttpResponse response = doPost(url_root + "ataint/case0025", JSONUtil.toJsonStr(data)); System.out.println(response.body()); } - - void aTaintCase0027() { HttpResponse response = doPost(url_root + "ataint/case0027?data=ls", ""); System.out.println(response.body()); } - - void aTaintCase0033() { HttpResponse response = doPost(url_root + "ataint/case0033", "{\"cmd\":\"ls\"}"); System.out.println(response.body()); } - void aTaintCase0034() { - HttpResponse response = HttpRequest.post(url_root + "ataint/case0034" + "?auto_check_start_time=" + caseUniqGroupId).contentType(MediaType.APPLICATION_XML_VALUE) + HttpResponse response = HttpRequest.post(url_root + "ataint/case0034" + "?auto_check_start_time=" + caseUniqGroupId).contentType( + MediaType.APPLICATION_XML_VALUE) .body("\n" + "\n" + " \n" + @@ -359,7 +333,6 @@ void aTaintCase0034() { System.out.println(response.body()); } - void aTaintCase0035() { HttpResponse response = HttpRequest.post(url_root + "ataint/case0035" + "?auto_check_start_time=" + caseUniqGroupId) .form("file", FileUtil.file("data/ls")).execute(); @@ -367,55 +340,47 @@ void aTaintCase0035() { System.out.println(response.body()); } - void aTaintCase0036() { HttpResponse response = HttpRequest.post(url_root + "ataint/case0036" + "?auto_check_start_time=" + caseUniqGroupId) .form("file", FileUtil.file("data/ls")).execute(); System.out.println(response.body()); } - void aTaintCase0037() { HttpResponse response = doPost(url_root + "ataint/case0037?cmd=ls", ""); System.out.println(response.body()); } - void aTaintCase0038() { HttpResponse response = doPost(url_root + "ataint/case0038?cmd=ls", ""); System.out.println(response.body()); } - void aTaintCase0039() { HttpResponse response = doPost(url_root + "ataint/case0039?cmd=ls"); System.out.println(response.body()); } - void aTaintCase0040() { HttpResponse response = doPost(url_root + "ataint/case0040?cmd=ls"); System.out.println(response.body()); } - void aTaintCase0041() { String[] aa = {"l", "s"}; // HttpResponse response = HttpRequest.post(url_root+"ataint/case0041/ls?cmd=ls").body("ls").execute(); - HttpResponse response = HttpRequest.post(url_root + "ataint/case0041" + "?auto_check_start_time=" + caseUniqGroupId).body(JSONUtil.toJsonStr(aa)).execute(); + HttpResponse response = HttpRequest.post(url_root + "ataint/case0041" + "?auto_check_start_time=" + caseUniqGroupId).body( + JSONUtil.toJsonStr(aa)).execute(); //.form("file",FileUtil.file("data/ls")).execute(); System.out.println(response.body()); } - - void aTaintCase0044() { HttpResponse response = doPost(url_root + "ataint/case0044/ls123"); System.out.println(response.body()); } - void aTaintCase0045() { HttpResponse response = HttpRequest.post(url_root + "ataint/case0045" + "?auto_check_start_time=" + caseUniqGroupId) .cookie("ls").execute(); @@ -423,7 +388,6 @@ void aTaintCase0045() { System.out.println(response.body()); } - void aTaintCase0046() { HttpResponse response = HttpRequest.post(url_root + "ataint/case0046" + "?auto_check_start_time=" + caseUniqGroupId) .header("cmd", "ls").execute(); @@ -431,7 +395,6 @@ void aTaintCase0046() { System.out.println(response.body()); } - void aTaintCase0047() { HttpResponse response = HttpRequest.post(url_root + "ataint/case0047" + "?auto_check_start_time=" + caseUniqGroupId) .header("cmd", "ls").execute(); @@ -439,293 +402,246 @@ void aTaintCase0047() { System.out.println(response.body()); } - void aTaintCase00139() { HttpResponse response = HttpRequest.post(url_root + "ataint/case00139" + "?auto_check_start_time=" + caseUniqGroupId) .header("cmd", "ls").execute(); System.out.println(response.body()); } - - void aTaintCase0062() { HttpResponse response = doPost(url_root + "ataint/case0062?cmd=ls"); System.out.println(response.body()); } - void aTaintCase0063() { HttpResponse response = doPost(url_root + "ataint/case0063?cmd=ls"); System.out.println(response.body()); } - void aTaintCase0064() { HttpResponse response = doPost(url_root + "ataint/case0064?cmd=ls"); System.out.println(response.body()); } - void aTaintCase0065() { HttpResponse response = doPost(url_root + "ataint/case0065?cmd=ls"); System.out.println(response.body()); } - void aTaintCase0066() { HttpResponse response = doPost(url_root + "ataint/case0066?cmd=ls"); System.out.println(response.body()); } - void aTaintCase0067() { HttpResponse response = doPost(url_root + "ataint/case0067?cmd=lsaa"); System.out.println(response.body()); } - void aTaintCase0068() { HttpResponse response = doPost(url_root + "ataint/case0068?cmd=ls"); System.out.println(response.body()); } - void aTaintCase0069() { HttpResponse response = doPost(url_root + "ataint/case0069?cmd=ls"); System.out.println(response.body()); } - void aTaintCase0070() { HttpResponse response = doPost(url_root + "ataint/case0070?cmd=ls"); System.out.println(response.body()); } - void aTaintCase0071() { HttpResponse response = doPost(url_root + "ataint/case0071?cmd=ls"); System.out.println(response.body()); } - void aTaintCase00140() { HttpResponse response = doPost(url_root + "ataint/case00140?cmd=alasaa"); System.out.println(response.body()); } - void aTaintCase0072() { HttpResponse response = doPost(url_root + "ataint/case0072?cmd=ls%20pp"); System.out.println(response.body()); } - void aTaintCase0073() { HttpResponse response = doPost(url_root + "ataint/case0073?cmd=ls"); System.out.println(response.body()); } - - void aTaintCase0074() { + void aTaintCase0074() { HttpResponse response = doPost(url_root + "ataint/case0074?cmd=lsaa"); System.out.println(response.body()); } - void aTaintCase0075() { HttpResponse response = doPost(url_root + "ataint/case0075?cmd=ls"); System.out.println(response.body()); } - void aTaintCase0076() { HttpResponse response = doPost(url_root + "ataint/case0076?cmd=ls"); System.out.println(response.body()); } - void aTaintCase0077() { HttpResponse response = doPost(url_root + "ataint/case0077?cmd=LS"); System.out.println(response.body()); } - void aTaintCase0078() { HttpResponse response = doPost(url_root + "ataint/case0078?cmd=ls"); System.out.println(response.body()); } - void aTaintCase0079() { HttpResponse response = doPost(url_root + "ataint/case0079?cmd=ls"); System.out.println(response.body()); } - void aTaintCase0080() { HttpResponse response = doPost(url_root + "ataint/case0080?cmd=%20ls%20"); System.out.println(response.body()); } - void aTaintCase0081() { HttpResponse response = doPost(url_root + "ataint/case0081?cmd=ls"); System.out.println(response.body()); } - void aTaintCase0082() { HttpResponse response = doPost(url_root + "ataint/case0082?cmd=ls"); System.out.println(response.body()); } - void aTaintCase0083() { HttpResponse response = doPost(url_root + "ataint/case0083?cmd=ls"); System.out.println(response.body()); } - - void aTaintCase0085() { HttpResponse response = doPost(url_root + "ataint/case0085?cmd=lsabc"); System.out.println(response.body()); } - void aTaintCase0086() { HttpResponse response = doPost(url_root + "ataint/case0086?cmd=lsa"); System.out.println(response.body()); } - void aTaintCase0087() { HttpResponse response = doPost(url_root + "ataint/case0087?cmd=lsabc"); System.out.println(response.body()); } - void aTaintCase0088() { HttpResponse response = doPost(url_root + "ataint/case0088?cmd=ls"); System.out.println(response.body()); } - void aTaintCase0089() { HttpResponse response = doPost(url_root + "ataint/case0089?cmd=lsa"); System.out.println(response.body()); } - void aTaintCase0090() { HttpResponse response = doPost(url_root + "ataint/case0090?cmd=lsabc"); System.out.println(response.body()); } - void aTaintCase0091() { HttpResponse response = doPost(url_root + "ataint/case0091?cmd=lsabc"); System.out.println(response.body()); } - void aTaintCase0092() { HttpResponse response = doPost(url_root + "ataint/case0092?cmd=lsabc"); System.out.println(response.body()); } - void aTaintCase0093() { HttpResponse response = doPost(url_root + "ataint/case0093?cmd=ls"); System.out.println(response.body()); } - void aTaintCase0094() { HttpResponse response = doPost(url_root + "ataint/case0094?cmd=ls"); System.out.println(response.body()); } - void aTaintCase0095() { HttpResponse response = doPost(url_root + "ataint/case0095?cmd=ls"); System.out.println(response.body()); } - void aTaintCase0096() { HttpResponse response = doPost(url_root + "ataint/case0096?cmd=ls"); System.out.println(response.body()); } - - - void aTaintCase0099() { HttpResponse response = doPost(url_root + "ataint/case0099?cmd=reportidsql"); System.out.println(response.body()); } - void aTaintCase0099_2() { HttpResponse response2 = doPost(url_root + "ataint/case0099/2?cmd=reportidsql"); System.out.println(response2.body()); } - void aTaintCase00102() { HttpResponse response = doPost(url_root + "ataint/case00102?cmd=reportidsql"); System.out.println(response.body()); } - void aTaintCase00102_2() { HttpResponse response2 = doPost(url_root + "ataint/case00102/2?cmd=reportidsql"); System.out.println(response2.body()); } - void aTaintCase00141() { HttpResponse response = doPost(url_root + "ataint/case00141?cmd=test"); HttpResponse response1 = doPost(url_root + "ataint/case00141/1?cmd=test"); System.out.println(response.body()); } - - void aTaintCase00103() { HttpResponse response = doPost(url_root + "ataint/case00103?cmd=

ls

"); HttpResponse response2 = doPost(url_root + "ataint/case00103/2?cmd=

ls

"); @@ -733,7 +649,6 @@ void aTaintCase00103() { System.out.println(response.body()); } - /** * -------- */ @@ -748,7 +663,6 @@ void aTaintCase00104_1() { System.out.println(response2.body()); } - void aTaintCase00104_2() { HttpResponse response2 = doPost(url_root + "ataint/case00104/2?cmd=reportidsql"); System.out.println(response2.body()); @@ -769,36 +683,30 @@ void aTaintCase00106() { System.out.println(response.body()); } - - void aTaintCase00107() { HttpResponse response = doPost(url_root + "ataint/case00107?cmd=ls"); System.out.println(response.body()); } - void aTaintCase00108() { HttpResponse response = doPost(url_root + "ataint/case00108?path=data%2Fls"); System.out.println(response.body()); } - void aTaintCase00109() { HttpResponse response = doPost(url_root + "ataint/case00109?cmd=ls"); System.out.println(response.body()); } - void aTaintCase00110() { HttpResponse response = doPost(url_root + "ataint/case00110?cmd1=ls&cmd2=la"); System.out.println(response.body()); } - void aTaintCase00111() { HttpResponse response = doPost(url_root + "ataint/case00111?path=data\\/ls"); @@ -806,46 +714,40 @@ void aTaintCase00111() { System.out.println(response.body()); } - void aTaintCase00112() { HttpResponse response = doPost(url_root + "ataint/case00112?cmd=ls"); System.out.println(response.body()); } - void aTaintCase00113() { HttpResponse response = doPost(url_root + "ataint/case00113?cmd=ls"); System.out.println(response.body()); } - void aTaintCase00114() { HttpResponse response = doPost(url_root + "ataint/case00114/ls"); HttpResponse response2 = doPost(url_root + "ataint/case00114/1"); - System.out.println("aTaintCase00114"+response.body()); + System.out.println("aTaintCase00114" + response.body()); } - void aTaintCase00115() { HttpResponse response = doPost(url_root + "ataint/case00115?cmd=ls"); HttpResponse response2 = doPost(url_root + "ataint/case00115/1"); - System.out.println("aTaintCase00115"+response.body()); + System.out.println("aTaintCase00115" + response.body()); } - void aTaintCase00138() { HttpResponse response = doPost(url_root + "ataint/case00138?cmd=ls"); HttpResponse response2 = doPost(url_root + "ataint/case00138/1"); - System.out.println("aTaintCase00138"+response.body()); + System.out.println("aTaintCase00138" + response.body()); } - void aTaintCase00116() { HttpResponse response = doPost(url_root + "ataint/case00116?cmd=ls"); HttpResponse response2 = doPost(url_root + "ataint/case00116/1"); - System.out.println("aTaintCase00116"+response.body()); + System.out.println("aTaintCase00116" + response.body()); } /** * aTaintCase00117 异步跟踪能力->存储行异步->污点通过缓存存储后触发->OSS @@ -860,7 +762,6 @@ void aTaintCase00119() { System.out.println(response.body()); } - void aTaintCase00120() { HttpResponse response = doPost(url_root + "ataint/case00120?cmd=ls"); @@ -875,219 +776,191 @@ void aTaintCase00123() { System.out.println(response.body()); } - void aTaintCase00124() { HttpResponse response = doPost(url_root + "ataint/case00124?cmd=ls"); System.out.println(response.body()); } - void aTaintCase00125() { HttpResponse response = doPost(url_root + "ataint/case00125?cmd1=cd%20/&cmd2=ls"); System.out.println(response.body()); } - void aTaintCase00126() { HttpResponse response = doPost(url_root + "ataint/case00126?cmd=ls"); System.out.println(response.body()); } - void aTaintCase00126_2() { HttpResponse response = doPost(url_root + "ataint/case00126/2?cmd=ls"); System.out.println(response.body()); } - void aTaintCase00127() { HttpResponse response = doPost(url_root + "ataint/case00127?cmd=ls"); System.out.println(response.body()); } - void aTaintCase00127_2() { HttpResponse response = doPost(url_root + "ataint/case00127/2?cmd=ls"); System.out.println(response.body()); } - void aTaintCase00128() { HttpResponse response = doPost(url_root + "ataint/case00128?cmd=ls"); System.out.println(response.body()); } - void aTaintCase00128_2() { HttpResponse response = doPost(url_root + "ataint/case00128/2?cmd=ls"); System.out.println(response.body()); } - void aTaintCase00129() { HttpResponse response = doPost(url_root + "ataint/case00129?cmd=ls"); System.out.println(response.body()); } - void aTaintCase00129_2() { HttpResponse response = doPost(url_root + "ataint/case00129/2?cmd=ls"); System.out.println(response.body()); } - void aTaintCase00130() { String[][] strings = new String[2][2]; - strings[0][1]="ls"; - strings[1][1]="cd /"; - HttpResponse response = doPost(url_root + "ataint/case00130",JSONObject.toJSONString(strings)); + strings[0][1] = "ls"; + strings[1][1] = "cd /"; + HttpResponse response = doPost(url_root + "ataint/case00130", JSONObject.toJSONString(strings)); System.out.println(response.body()); } - void aTaintCase00130_2() { String[][] strings = new String[2][2]; - strings[0][1]="ls"; - strings[1][1]="cd /"; - HttpResponse response = doPost(url_root + "ataint/case00130",JSONObject.toJSONString(strings)); + strings[0][1] = "ls"; + strings[1][1] = "cd /"; + HttpResponse response = doPost(url_root + "ataint/case00130", JSONObject.toJSONString(strings)); System.out.println(response.body()); } - void aTaintCase00131() { String[][] strings = new String[2][2]; - strings[0][1]="ls"; - strings[1][1]="cd /"; - HttpResponse response = doPost(url_root + "ataint/case00131",JSONObject.toJSONString(strings)); + strings[0][1] = "ls"; + strings[1][1] = "cd /"; + HttpResponse response = doPost(url_root + "ataint/case00131", JSONObject.toJSONString(strings)); System.out.println(response.body()); } - void aTaintCase00131_2() { String[][] strings = new String[2][2]; - strings[0][1]="ls"; - strings[1][1]="cd /"; - HttpResponse response = doPost(url_root + "ataint/case00131",JSONObject.toJSONString(strings)); + strings[0][1] = "ls"; + strings[1][1] = "cd /"; + HttpResponse response = doPost(url_root + "ataint/case00131", JSONObject.toJSONString(strings)); System.out.println(response.body()); } - void aTaintCase00132() { List stringList = Lists.newArrayList(); stringList.add("ls"); - HttpResponse response = doPost(url_root + "ataint/case00132",JSONObject.toJSONString(stringList)); + HttpResponse response = doPost(url_root + "ataint/case00132", JSONObject.toJSONString(stringList)); System.out.println(response.body()); } - void aTaintCase00132_2() { List stringList = Lists.newArrayList(); stringList.add("ls"); - HttpResponse response = doPost(url_root + "ataint/case00132/2",JSONObject.toJSONString(stringList)); + HttpResponse response = doPost(url_root + "ataint/case00132/2", JSONObject.toJSONString(stringList)); System.out.println(response.body()); } - void aTaintCase00133() { Map map = Maps.newHashMap(); map.put("1", "ls"); - HttpResponse response = doPost(url_root + "ataint/case00133",JSONObject.toJSONString(map)); + HttpResponse response = doPost(url_root + "ataint/case00133", JSONObject.toJSONString(map)); System.out.println(response.body()); } - void aTaintCase00133_2() { Map map = Maps.newHashMap(); map.put("1", "ls"); - HttpResponse response = doPost(url_root + "ataint/case00133/2",JSONObject.toJSONString(map)); + HttpResponse response = doPost(url_root + "ataint/case00133/2", JSONObject.toJSONString(map)); System.out.println(response.body()); } - void aTaintCase00134() { - Set set= new HashSet<>(); + Set set = new HashSet<>(); set.add("ls"); SoureWithSetBean setBean = new SoureWithSetBean(); setBean.setKey("key"); setBean.setValue(set); - HttpResponse response = doPost(url_root + "ataint/case00134",JSONObject.toJSONString(setBean)); + HttpResponse response = doPost(url_root + "ataint/case00134", JSONObject.toJSONString(setBean)); System.out.println(response.body()); } - void aTaintCase00134_2() { - Set set= new HashSet<>(); + Set set = new HashSet<>(); set.add("ls"); SoureWithSetBean setBean = new SoureWithSetBean(); setBean.setKey("key"); setBean.setValue(set); - HttpResponse response = doPost(url_root + "ataint/case00134/2",JSONObject.toJSONString(setBean)); + HttpResponse response = doPost(url_root + "ataint/case00134/2", JSONObject.toJSONString(setBean)); System.out.println(response.body()); } - void aTaintCase00135() throws InterruptedException { LinkedBlockingQueue queue = new LinkedBlockingQueue<>(); queue.put("ls"); SoureWithQueueBean queueBean = new SoureWithQueueBean(); queueBean.setKey("key"); queueBean.setQueue(queue); - HttpResponse response = doPost(url_root + "ataint/case00135",JSONObject.toJSONString(queueBean)); + HttpResponse response = doPost(url_root + "ataint/case00135", JSONObject.toJSONString(queueBean)); System.out.println(response.body()); } - void aTaintCase00135_2() throws InterruptedException { LinkedBlockingQueue queue = new LinkedBlockingQueue<>(); queue.put("ls"); SoureWithQueueBean queueBean = new SoureWithQueueBean(); queueBean.setKey("key"); queueBean.setQueue(queue); - HttpResponse response = doPost(url_root + "ataint/case00135/2",JSONObject.toJSONString(queueBean)); - + HttpResponse response = doPost(url_root + "ataint/case00135/2", JSONObject.toJSONString(queueBean)); System.out.println(response.body()); } - void aTaintCase00136() { List list = Lists.newArrayList(); list.add("ls"); - HttpResponse response = doPost(url_root + "ataint/case00136",JSONObject.toJSONString(list)); + HttpResponse response = doPost(url_root + "ataint/case00136", JSONObject.toJSONString(list)); System.out.println(response.body()); } - void aTaintCase00136_2() { List list = Lists.newArrayList(); list.add("ls"); - HttpResponse response = doPost(url_root + "ataint/case00136/2",JSONObject.toJSONString(list)); + HttpResponse response = doPost(url_root + "ataint/case00136/2", JSONObject.toJSONString(list)); System.out.println(response.body()); } - - - void aTaintCase00932() { SourceTestObject testObject = new SourceTestObject(); testObject.setCmd("ls"); @@ -1104,7 +977,6 @@ void aTaintCase00142() { System.out.println(response.body()); } - void aTaintCase00142_2() { SourceTestObject testObject = new SourceTestObject(); testObject.setCmd("ls"); @@ -1113,26 +985,22 @@ void aTaintCase00142_2() { System.out.println(response2.body()); } - void aTaintCase00143() { HttpResponse response = doPost(url_root + "ataint/case00143?cmd=ls"); System.out.println("aTaintCase00143" + response.body()); } - void aTaintCase00144() { HttpResponse response = doPost(url_root + "ataint/case00144?cmd=ls"); System.out.println("aTaintCase00144" + response.body()); } - void aTaintCase00145() { int[] aa = {108, 115}; HttpResponse response = doPost(url_root + "ataint/case00145", JSONUtil.toJsonStr(aa)); System.out.println("aTaintCase00145" + response.body()); } - void aTaintCase00146() { HttpResponse response = doPost(url_root + "ataint/case00146?cmd=ls"); System.out.println("aTaintCase00146" + response.body()); @@ -1141,22 +1009,20 @@ void aTaintCase00146() { @Autowired private RestTemplate restTemplate; - void aTaintCase00147() { byte[] bytes = {108, 115}; HttpEntity httpEntity = new HttpEntity<>(new ByteArrayResource(bytes), new HttpHeaders()); - restTemplate.exchange(url_root + "ataint/case00147"+ "?auto_check_start_time=" + caseUniqGroupId, HttpMethod.POST, httpEntity, Object.class); + restTemplate.exchange(url_root + "ataint/case00147" + "?auto_check_start_time=" + caseUniqGroupId, HttpMethod.POST, httpEntity, + Object.class); System.out.println("aTaintCase00147"); } - void aTaintCase00148() { HttpResponse response = doPost(url_root + "ataint/case00148?cmd=ls"); System.out.println("aTaintCase00148" + response.body()); } - void aTaintCase00149() { HttpResponse response = doPost(url_root + "ataint/case00149?cmd=ls"); System.out.println("aTaintCase00149" + response.body()); @@ -1166,144 +1032,140 @@ void aTaintCase00940() { HttpResponse response = doPost(url_root + "ataint/case00940?cmd=ls"); HttpResponse response2 = doPost(url_root + "ataint/case00940/2?cmd=ls"); HttpResponse response3 = doPost(url_root + "ataint/case00940/3?cmd=ls"); - System.out.println(response.body()+response2.body()+response3.body()); + System.out.println(response.body() + response2.body() + response3.body()); } void aTaintCase00941() { HttpResponse response = doPost(url_root + "ataint/case00941?cmd=ls"); HttpResponse response2 = doPost(url_root + "ataint/case00941/2?cmd=ls"); HttpResponse response3 = doPost(url_root + "ataint/case00941/3?cmd=ls"); - System.out.println(response.body()+response2.body()+response3.body()); + System.out.println(response.body() + response2.body() + response3.body()); } void aTaintCase00942() { HttpResponse response = doPost(url_root + "ataint/case00942?cmd=ls"); HttpResponse response2 = doPost(url_root + "ataint/case00942/2?cmd=ls"); HttpResponse response3 = doPost(url_root + "ataint/case00942/3?cmd=ls"); - System.out.println(response.body()+response2.body()+response3.body()); + System.out.println(response.body() + response2.body() + response3.body()); } void aTaintCase00943() { HttpResponse response = doPost(url_root + "ataint/case00943?cmd=ls"); HttpResponse response2 = doPost(url_root + "ataint/case00943/2?cmd=ls"); HttpResponse response3 = doPost(url_root + "ataint/case00943/3?cmd=ls"); - System.out.println(response.body()+response2.body()+response3.body()); + System.out.println(response.body() + response2.body() + response3.body()); } void aTaintCase00944() { HttpResponse response = doPost(url_root + "ataint/case00944?cmd=ls"); HttpResponse response2 = doPost(url_root + "ataint/case00944/2?cmd=ls"); HttpResponse response3 = doPost(url_root + "ataint/case00944/3?cmd=ls"); - System.out.println(response.body()+response2.body()+response3.body()); + System.out.println(response.body() + response2.body() + response3.body()); } void aTaintCase00945() { HttpResponse response = doPost(url_root + "ataint/case00945?cmd=ls"); HttpResponse response2 = doPost(url_root + "ataint/case00945/2?cmd=ls"); - System.out.println(response.body()+response2.body()); + System.out.println(response.body() + response2.body()); } void aTaintCase00946() { HttpResponse response = doPost(url_root + "ataint/case00946?cmd=ls"); HttpResponse response2 = doPost(url_root + "ataint/case00946/2?cmd=ls"); HttpResponse response3 = doPost(url_root + "ataint/case00946/3?cmd=ls"); - System.out.println(response.body()+response2.body()+response3.body()); + System.out.println(response.body() + response2.body() + response3.body()); } void aTaintCase00947() { HttpResponse response = doPost(url_root + "ataint/case00947?cmd=ls"); HttpResponse response2 = doPost(url_root + "ataint/case00947/2?cmd=ls"); HttpResponse response3 = doPost(url_root + "ataint/case00947/2?cmd=ls"); - System.out.println(response.body()+response2.body()+response3.body()); + System.out.println(response.body() + response2.body() + response3.body()); } void aTaintCase00948() { HttpResponse response = doPost(url_root + "ataint/case00948?cmd=ls"); HttpResponse response2 = doPost(url_root + "ataint/case00948/2?cmd=ls"); HttpResponse response3 = doPost(url_root + "ataint/case00948/3?cmd=ls"); - System.out.println(response.body()+response2.body()+response3.body()); + System.out.println(response.body() + response2.body() + response3.body()); } void aTaintCase00949() { HttpResponse response = doPost(url_root + "ataint/case00949?cmd=ls"); HttpResponse response2 = doPost(url_root + "ataint/case00949/2?cmd=ls"); HttpResponse response3 = doPost(url_root + "ataint/case00949/3?cmd=ls"); - System.out.println(response.body()+response2.body()+response3.body()); + System.out.println(response.body() + response2.body() + response3.body()); } - void aTaintCase00950() { HttpResponse response = doPost(url_root + "ataint/case00950?cmd=ls"); HttpResponse response2 = doPost(url_root + "ataint/case00950/2?cmd=ls"); HttpResponse response3 = doPost(url_root + "ataint/case00950/3?cmd=ls"); - System.out.println(response.body()+response2.body()+response3.body()); + System.out.println(response.body() + response2.body() + response3.body()); } void aTaintCase00951() { HttpResponse response = doPost(url_root + "ataint/case00951?cmd=ls"); HttpResponse response2 = doPost(url_root + "ataint/case00951/2?cmd=ls"); HttpResponse response3 = doPost(url_root + "ataint/case00951/3?cmd=ls"); - System.out.println(response.body()+response2.body()+response3.body()); + System.out.println(response.body() + response2.body() + response3.body()); } void aTaintCase00952() { HttpResponse response = doPost(url_root + "ataint/case00952?cmd=ls"); HttpResponse response2 = doPost(url_root + "ataint/case00952/2?cmd=ls"); HttpResponse response3 = doPost(url_root + "ataint/case00952/3?cmd=ls"); - System.out.println(response.body()+response2.body()+response3.body()); + System.out.println(response.body() + response2.body() + response3.body()); } void aTaintCase00953() { HttpResponse response = doPost(url_root + "ataint/case00953?cmd=ls"); HttpResponse response2 = doPost(url_root + "ataint/case00953/2?cmd=ls"); - System.out.println(response.body()+response2.body()); + System.out.println(response.body() + response2.body()); } void aTaintCase00954() { HttpResponse response = doPost(url_root + "ataint/case00954?cmd=ls"); HttpResponse response2 = doPost(url_root + "ataint/case00954/2?cmd=ls"); - System.out.println(response.body()+response2.body()); + System.out.println(response.body() + response2.body()); } void aTaintCase00955() { HttpResponse response = doPost(url_root + "ataint/case00955?cmd=ls"); HttpResponse response2 = doPost(url_root + "ataint/case00955/2?cmd=ls"); - System.out.println(response.body()+response2.body()); + System.out.println(response.body() + response2.body()); } void aTaintCase00956() { HttpResponse response = doPost(url_root + "ataint/case00956?cmd=ls"); HttpResponse response2 = doPost(url_root + "ataint/case00956/2?cmd=ls"); - System.out.println(response.body()+response2.body()); + System.out.println(response.body() + response2.body()); } void aTaintCase00957() { HttpResponse response = doPost(url_root + "ataint/case00957?cmd=ls"); HttpResponse response2 = doPost(url_root + "ataint/case00957/2?cmd=ls"); - System.out.println(response.body()+response2.body()); + System.out.println(response.body() + response2.body()); } void aTaintCase00958() { HttpResponse response = doPost(url_root + "ataint/case00958?cmd=ls"); HttpResponse response2 = doPost(url_root + "ataint/case00958/2?cmd=ls"); - System.out.println(response.body()+response2.body()); + System.out.println(response.body() + response2.body()); } void aTaintCase00959() { HttpResponse response = doPost(url_root + "ataint/case00959?cmd=ls"); HttpResponse response2 = doPost(url_root + "ataint/case00959/2?cmd=ls"); - System.out.println(response.body()+response2.body()); + System.out.println(response.body() + response2.body()); } void aTaintCase00960() { HttpResponse response = doPost(url_root + "ataint/case00960?cmd=ls"); HttpResponse response2 = doPost(url_root + "ataint/case00960/2?cmd=ls"); - System.out.println(response.body()+response2.body()); + System.out.println(response.body() + response2.body()); } - - - private HttpResponse doGet(String url) { url = urlWithTime(url); try { From 415859daa61112412dac000ae55c3d77bea30149 Mon Sep 17 00:00:00 2001 From: "mengmeng.meng" Date: Tue, 23 Jan 2024 20:23:13 +0800 Subject: [PATCH 03/17] case stuct from file to anatation --- .../analyser/bean/consts/CaseTypeEnum.java | 36 +- .../cache/AnnotationProcessorUtil.java | 69 ++ .../astbenchmark/analyser/cache/CaseTag.java | 39 + .../analyser/cache/CasetargeCache.java | 27 +- .../astbenchmark/cases/AstTaintCase001.java | 206 ++++- .../astbenchmark/cases/AstTaintCase002.java | 503 +++++++++- .../astbenchmark/cases/AstTaintCase003.java | 57 +- .../astbenchmark/cases/AstTaintCase004.java | 856 ++++++++++++++---- .../astbenchmark/cases/TestController.java | 8 +- .../cli/tree/CaseNodeTreeUtil.java | 176 ++-- .../AstbenchmarkApplicationTests.java | 1 + 11 files changed, 1711 insertions(+), 267 deletions(-) create mode 100644 iast-java/src/main/java/com/iast/astbenchmark/analyser/cache/AnnotationProcessorUtil.java create mode 100644 iast-java/src/main/java/com/iast/astbenchmark/analyser/cache/CaseTag.java diff --git a/iast-java/src/main/java/com/iast/astbenchmark/analyser/bean/consts/CaseTypeEnum.java b/iast-java/src/main/java/com/iast/astbenchmark/analyser/bean/consts/CaseTypeEnum.java index c69e234a..0681fe57 100644 --- a/iast-java/src/main/java/com/iast/astbenchmark/analyser/bean/consts/CaseTypeEnum.java +++ b/iast-java/src/main/java/com/iast/astbenchmark/analyser/bean/consts/CaseTypeEnum.java @@ -1,16 +1,32 @@ package com.iast.astbenchmark.analyser.bean.consts; +import org.apache.commons.lang.StringUtils; + public enum CaseTypeEnum { - T001("污点对象完整度能力检测"), - T002("污点链路完整度能力检测"), - T003("异步跟踪能力检测"), - T004("跨进程跟踪能力检测"), - T005("污点准确度能力检测"); + T001("IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度","污点对象完整度能力检测"), + T002("IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度","污点链路完整度能力检测"), + T003("IAST引擎能力评估体系(JAVA)->完整度->异步跟踪能力","异步跟踪能力检测"), + T004("IAST引擎能力评估体系(JAVA)->完整度->跨进城跟踪能力","跨进程跟踪能力检测"), + T005("IAST引擎能力评估体系(JAVA)->准确度","污点准确度能力检测"); String desc; - CaseTypeEnum(String desc){ + + String tag; + CaseTypeEnum(String tag,String desc){ this.desc=desc; + this.tag=tag; } + public static String getDescByTag(String data) { + if(StringUtils.isEmpty(data)){ + return data; + } + for (CaseTypeEnum caseTypeEnum : values()) { + if (data.contains(caseTypeEnum.getTag())) { + return caseTypeEnum.name(); + } + } + return null; + } public String getDesc() { return desc; @@ -19,4 +35,12 @@ public String getDesc() { public void setDesc(String desc) { this.desc = desc; } + + public String getTag() { + return tag; + } + + public void setTag(String tag) { + this.tag = tag; + } } diff --git a/iast-java/src/main/java/com/iast/astbenchmark/analyser/cache/AnnotationProcessorUtil.java b/iast-java/src/main/java/com/iast/astbenchmark/analyser/cache/AnnotationProcessorUtil.java new file mode 100644 index 00000000..cbdfff76 --- /dev/null +++ b/iast-java/src/main/java/com/iast/astbenchmark/analyser/cache/AnnotationProcessorUtil.java @@ -0,0 +1,69 @@ +package com.iast.astbenchmark.analyser.cache; + +import com.google.common.collect.Lists; +import com.iast.astbenchmark.analyser.bean.CaseTargetBean; +import com.iast.astbenchmark.analyser.bean.CaseTargetItemBean; +import com.iast.astbenchmark.analyser.bean.consts.CaseTypeEnum; + +import java.lang.reflect.Method; +import java.util.List; + +public class AnnotationProcessorUtil { + public static void processAnnotations(Class clazz) { + // 处理方法注解 + for (Method method : clazz.getDeclaredMethods()) { + if (method.isAnnotationPresent(CaseTag.class)) { + CaseTag methodAnnotation = method.getAnnotation(CaseTag.class); + System.out.println("Method " + method.getName() + " has annotation with value: " + methodAnnotation.caseNo()); + } + } + } + + public static void buildCaseMap(Class clazz) { + // 处理方法注解 + for (Method method : clazz.getDeclaredMethods()) { + if (method.isAnnotationPresent(CaseTag.class)) { + CaseTag methodAnnotation = method.getAnnotation(CaseTag.class); + String caseNo = methodAnnotation.caseNo(); + if (!CasetargeCache.targetMap.containsKey(caseNo)) { + CasetargeCache.targetMap.put(caseNo, buildTargetBean(methodAnnotation)); + } else { + CaseTargetBean modifyBean = modifyTargetBean(CasetargeCache.targetMap.get(caseNo), methodAnnotation); + CasetargeCache.targetMap.replace(caseNo, modifyBean); + } + } + } + } + + private static CaseTargetBean buildTargetBean(CaseTag methodAnnotation) { + String caseNo = methodAnnotation.caseNo(); + String caseFullName = methodAnnotation.caseFullName(); + String thisMethodTag = methodAnnotation.thisMethodTag(); + boolean result = methodAnnotation.thisMethodExpectedResult(); + CaseTargetBean targetBean = new CaseTargetBean(); + targetBean.setCaseNo(caseNo); + CaseTargetItemBean itemBean = new CaseTargetItemBean(); + itemBean.setTag(thisMethodTag); + itemBean.setResult(result); + List item = Lists.newArrayList(); + item.add(itemBean); + targetBean.setCaseDesc(caseFullName); + targetBean.setData(item); + targetBean.setCaseType(CaseTypeEnum.getDescByTag(caseFullName)); + targetBean.setWeight(1); + return targetBean; + } + + private static CaseTargetBean modifyTargetBean(CaseTargetBean caseTargetBean, CaseTag methodAnnotation) { + String thisMethodTag = methodAnnotation.thisMethodTag(); + boolean result = methodAnnotation.thisMethodExpectedResult(); + CaseTargetItemBean itemBean = new CaseTargetItemBean(); + itemBean.setTag(thisMethodTag); + itemBean.setResult(result); + List item = caseTargetBean.getData(); + item.add(itemBean); + caseTargetBean.setData(item); + return caseTargetBean; + } + +} diff --git a/iast-java/src/main/java/com/iast/astbenchmark/analyser/cache/CaseTag.java b/iast-java/src/main/java/com/iast/astbenchmark/analyser/cache/CaseTag.java new file mode 100644 index 00000000..11d97651 --- /dev/null +++ b/iast-java/src/main/java/com/iast/astbenchmark/analyser/cache/CaseTag.java @@ -0,0 +1,39 @@ +package com.iast.astbenchmark.analyser.cache; + +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; + +@Target(ElementType.METHOD) // 定义注解可以应用于方法 +@Retention(RetentionPolicy.RUNTIME) // 定义注解在运行时可用 +public @interface CaseTag { + /** + * Case编码 + * + * @return + */ + String caseNo(); + + + /** + * case 全名包括路径 + * + * @return + */ + String caseFullName(); + + /** + * 这个方法期望检出漏洞的结果,true为期待检出,false为不期待检出 + * + * @return + */ + boolean thisMethodExpectedResult(); + + /** + * 这个方法的标识,可以用于日志等检出结果中检索 + * + * @return + */ + String thisMethodTag(); +} \ No newline at end of file diff --git a/iast-java/src/main/java/com/iast/astbenchmark/analyser/cache/CasetargeCache.java b/iast-java/src/main/java/com/iast/astbenchmark/analyser/cache/CasetargeCache.java index 3d1df08e..5eab13d3 100644 --- a/iast-java/src/main/java/com/iast/astbenchmark/analyser/cache/CasetargeCache.java +++ b/iast-java/src/main/java/com/iast/astbenchmark/analyser/cache/CasetargeCache.java @@ -7,6 +7,10 @@ import cn.hutool.json.JSONUtil; import com.iast.astbenchmark.analyser.bean.CaseTargetBean; import com.google.common.collect.Maps; +import com.iast.astbenchmark.cases.AstTaintCase001; +import com.iast.astbenchmark.cases.AstTaintCase002; +import com.iast.astbenchmark.cases.AstTaintCase003; +import com.iast.astbenchmark.cases.AstTaintCase004; import lombok.extern.slf4j.Slf4j; import org.springframework.stereotype.Component; @@ -14,10 +18,12 @@ import java.nio.charset.Charset; import java.util.Map; +import static com.iast.astbenchmark.analyser.cache.AnnotationProcessorUtil.buildCaseMap; + @Component @Slf4j public class CasetargeCache { - private static Map targetMap = Maps.newLinkedHashMap(); + protected static Map targetMap = Maps.newLinkedHashMap(); @PostConstruct void init() { @@ -31,14 +37,17 @@ public static void initNow() { private void goinit() { if (targetMap.isEmpty()) { try { - String target = IoUtil.read(new ClassPathResource("config/case_target_list.json").getStream(),Charset.forName("utf-8")); - //JSONArray array = JSONUtil.readJSONArray(FileUtil.file("case_target_list.json"), Charset.forName("utf-8")); - JSONArray array =JSONUtil.parseArray(target); - array.stream().forEach(e -> { - CaseTargetBean bean = JSONUtil.toBean(JSONUtil.toJsonStr(e), CaseTargetBean.class); - targetMap.put(bean.getCaseNo(), bean); - }); - + //String target = IoUtil.read(new ClassPathResource("config/case_target_list.json").getStream(),Charset.forName("utf-8")); + ////JSONArray array = JSONUtil.readJSONArray(FileUtil.file("case_target_list.json"), Charset.forName("utf-8")); + //JSONArray array =JSONUtil.parseArray(target); + //array.stream().forEach(e -> { + // CaseTargetBean bean = JSONUtil.toBean(JSONUtil.toJsonStr(e), CaseTargetBean.class); + // targetMap.put(bean.getCaseNo(), bean); + //}); + buildCaseMap(AstTaintCase001.class); + buildCaseMap(AstTaintCase002.class); + buildCaseMap(AstTaintCase003.class); + buildCaseMap(AstTaintCase004.class); } catch (Exception e) { log.error("ERROR : Case加载失败,请检查您的case_target_list.json:{}", e); } diff --git a/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase001.java b/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase001.java index 184b7567..b906a445 100644 --- a/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase001.java +++ b/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase001.java @@ -3,19 +3,16 @@ import com.iast.astbenchmark.cases.bean.SourceTestObject; import com.iast.astbenchmark.cases.bean.SourceTestWith100Filedsbject; import com.iast.astbenchmark.cases.bean.SourceTestWith10Filedsbject; -import com.iast.astbenchmark.cases.bean.SourceTestWithMPObject; import com.iast.astbenchmark.cases.bean.SoureWithQueueBean; import com.iast.astbenchmark.cases.bean.SoureWithSetBean; import com.iast.astbenchmark.cases.bean.layers.LayerBaseBean2; -import com.iast.astbenchmark.cases.bean.layers.LayerBaseBean3; import com.iast.astbenchmark.cases.bean.layers.LayerBaseBean9; +import com.iast.astbenchmark.analyser.cache.CaseTag; import org.springframework.util.CollectionUtils; import org.springframework.web.bind.annotation.*; import java.io.IOException; -import java.io.PrintWriter; import java.util.*; -import java.util.concurrent.LinkedBlockingQueue; import static com.iast.astbenchmark.common.CommonConsts.ERROR_STR; import static com.iast.astbenchmark.common.CommonConsts.SUCCESS_STR; @@ -31,6 +28,12 @@ public class AstTaintCase001 { * @return */ @PostMapping ("case00901") + @CaseTag( + caseNo = "aTaintCase99001", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->字符串对象->String", + thisMethodTag = "aTaintCase99001", + thisMethodExpectedResult = true + ) public Map aTaintCase00901(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -51,6 +54,12 @@ public Map aTaintCase00901(@RequestParam String cmd) { * @return */ @GetMapping("case001") + @CaseTag( + caseNo = "aTaintCase001", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->基础数据类型->int", + thisMethodTag = "aTaintCase001", + thisMethodExpectedResult = true + ) public Map aTaintCase001(@RequestParam int cmd) { Map modelMap = new HashMap<>(); try { @@ -70,6 +79,12 @@ public Map aTaintCase001(@RequestParam int cmd) { * @return */ @GetMapping("case002") + @CaseTag( + caseNo ="aTaintCase002", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->基础数据类型->char", + thisMethodTag = "aTaintCase002", + thisMethodExpectedResult = true + ) public Map aTaintCase002(@RequestParam char cmd) { Map modelMap = new HashMap<>(); try { @@ -88,6 +103,12 @@ public Map aTaintCase002(@RequestParam char cmd) { * @return */ @GetMapping("case003") + @CaseTag( + caseNo ="aTaintCase003", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->基础数据类型->byte", + thisMethodTag = "aTaintCase003", + thisMethodExpectedResult = true + ) public Map aTaintCase003(@RequestParam byte cmd) { Map modelMap = new HashMap<>(); try { @@ -106,6 +127,12 @@ public Map aTaintCase003(@RequestParam byte cmd) { * @return */ @GetMapping("case004") + @CaseTag( + caseNo ="aTaintCase004", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->基础数据类型->long", + thisMethodTag = "aTaintCase004", + thisMethodExpectedResult = true + ) public Map aTaintCase004(@RequestParam long cmd) { Map modelMap = new HashMap<>(); try { @@ -119,6 +146,12 @@ public Map aTaintCase004(@RequestParam long cmd) { @PostMapping("case005") + @CaseTag( + caseNo ="aTaintCase005", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->集合元素->Map元素", + thisMethodTag = "aTaintCase005", + thisMethodExpectedResult = true + ) public Map aTaintCase005(@RequestBody Map cmd) { Map modelMap = new HashMap<>(); if (cmd == null || cmd.isEmpty()) { @@ -141,6 +174,12 @@ public Map aTaintCase005(@RequestBody Map cmd) { * @return */ @PostMapping("case006") + @CaseTag( + caseNo ="aTaintCase006", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->集合元素->List元素", + thisMethodTag = "aTaintCase006", + thisMethodExpectedResult = true + ) public Map aTaintCase006(@RequestBody List cmd) { Map modelMap = new HashMap<>(); if (cmd == null || CollectionUtils.isEmpty(cmd)) { @@ -163,6 +202,13 @@ public Map aTaintCase006(@RequestBody List cmd) { * @return */ @PostMapping("case007") + + @CaseTag( + caseNo ="aTaintCase007", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->集合元素->Queue元素", + thisMethodTag = "aTaintCase007", + thisMethodExpectedResult = true + ) public Map aTaintCase007(@RequestBody SoureWithQueueBean queueBean) { Map modelMap = new HashMap<>(); try { @@ -181,6 +227,12 @@ public Map aTaintCase007(@RequestBody SoureWithQueueBean queueBe * @return */ @PostMapping("case008") + @CaseTag( + caseNo ="aTaintCase008", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->集合元素->Set元素", + thisMethodTag = "aTaintCase008", + thisMethodExpectedResult = true + ) public Map aTaintCase008(@RequestBody SoureWithSetBean setBean) { Map modelMap = new HashMap<>(); try { @@ -201,7 +253,13 @@ public Map aTaintCase008(@RequestBody SoureWithSetBean setBean) * @return */ @PostMapping("case009") - @Deprecated + @CaseTag( + caseNo ="aTaintCase009", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->引用类型->基本数据类型的封装类型->Byte", + thisMethodTag = "aTaintCase009", + thisMethodExpectedResult = true + ) + public Map aTaintCase009(@RequestParam Byte cmd) { Map modelMap = new HashMap<>(); if (cmd == null) { @@ -225,7 +283,12 @@ public Map aTaintCase009(@RequestParam Byte cmd) { * @return */ @PostMapping("case0010") - @Deprecated + @CaseTag( + caseNo ="aTaintCase0010", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->引用类型->基本数据类型的封装类型->Integer", + thisMethodTag = "aTaintCase0010", + thisMethodExpectedResult = true + ) public Map aTaintCase0010(@RequestParam Integer cmd) { Map modelMap = new HashMap<>(); if (cmd == null) { @@ -249,7 +312,12 @@ public Map aTaintCase0010(@RequestParam Integer cmd) { * @return */ @PostMapping("case0011") - @Deprecated + @CaseTag( + caseNo ="aTaintCase0011", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->引用类型->基本数据类型的封装类型->Long", + thisMethodTag = "aTaintCase0011", + thisMethodExpectedResult = true + ) public Map aTaintCase0011(@RequestParam Long cmd) { Map modelMap = new HashMap<>(); if (cmd == null) { @@ -272,7 +340,12 @@ public Map aTaintCase0011(@RequestParam Long cmd) { * @return */ @PostMapping("case0012") - @Deprecated + @CaseTag( + caseNo ="aTaintCase0012", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->引用类型->基本数据类型的封装类型->Character", + thisMethodTag = "aTaintCase0012", + thisMethodExpectedResult = true + ) public Map aTaintCase0012(@RequestParam Character cmd) { Map modelMap = new HashMap<>(); if (cmd == null) { @@ -295,6 +368,12 @@ public Map aTaintCase0012(@RequestParam Character cmd) { * @return */ @PostMapping("case0013") + @CaseTag( + caseNo ="aTaintCase0013", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->数组(数组全为污点)->数组对象String[]", + thisMethodTag = "aTaintCase0013", + thisMethodExpectedResult = true + ) public Map aTaintCase0013(@RequestBody String[] cmd) { Map modelMap = new HashMap<>(); if (cmd == null || cmd.length < 1) { @@ -317,6 +396,12 @@ public Map aTaintCase0013(@RequestBody String[] cmd) { * @return */ @PostMapping("case0014") + @CaseTag( + caseNo ="aTaintCase0014", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->数组(数组全为污点)->数组对象char[]", + thisMethodTag = "aTaintCase0014", + thisMethodExpectedResult = true + ) public Map aTaintCase0014(@RequestParam String cmd) { Map modelMap = new HashMap<>(); // if (cmd == null || cmd.length < 1) { @@ -343,6 +428,13 @@ public Map aTaintCase0014(@RequestParam String cmd) { * @return */ @PostMapping("case0015") + @CaseTag( + caseNo ="aTaintCase0015", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->数组(数组全为污点)->数组对象byte[]", + thisMethodTag = "aTaintCase0015", + thisMethodExpectedResult = true + ) + public Map aTaintCase0015(@RequestBody byte[] cmd) { Map modelMap = new HashMap<>(); if (cmd == null || cmd.length < 1) { @@ -365,6 +457,12 @@ public Map aTaintCase0015(@RequestBody byte[] cmd) { * @return */ @PostMapping("case0016") + @CaseTag( + caseNo ="aTaintCase0016", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->数组(数组全为污点)->单维数组对象的元素", + thisMethodTag = "aTaintCase0016", + thisMethodExpectedResult = true + ) public Map aTaintCase0016(@RequestBody SourceTestObject[] cmd) { Map modelMap = new HashMap<>(); if (cmd == null || cmd.length < 1) { @@ -380,6 +478,13 @@ public Map aTaintCase0016(@RequestBody SourceTestObject[] cmd) { return modelMap; } @PostMapping("case00926") + @CaseTag( + caseNo ="aTaintCase00926", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->数组(数组全为污点)->多维数组对象的元素", + thisMethodTag = "aTaintCase00926", + thisMethodExpectedResult = true + ) + public Map aTaintCase00926(@RequestBody SourceTestObject[][] cmd) { Map modelMap = new HashMap<>(); if (cmd == null || cmd.length < 1) { @@ -404,6 +509,12 @@ public Map aTaintCase00926(@RequestBody SourceTestObject[][] cmd * @return */ @PostMapping("case00921") + @CaseTag( + caseNo ="aTaintCase00921", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->自定义对象->对象字段->单层字段(10)", + thisMethodTag = "aTaintCase00921", + thisMethodExpectedResult = true + ) public Map aTaintCase00921(@RequestBody SourceTestWith10Filedsbject cmd) { Map modelMap = new HashMap<>(); try { @@ -416,6 +527,12 @@ public Map aTaintCase00921(@RequestBody SourceTestWith10Filedsbj } @PostMapping("case00921/2") + @CaseTag( + caseNo ="aTaintCase00921", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->自定义对象->对象字段->单层字段(10)", + thisMethodTag = "aTaintCase00921_2", + thisMethodExpectedResult = true + ) public Map aTaintCase00921_2(@RequestBody SourceTestWith10Filedsbject cmd) { Map modelMap = new HashMap<>(); try { @@ -428,6 +545,12 @@ public Map aTaintCase00921_2(@RequestBody SourceTestWith10Fileds } @PostMapping("case00921/3") + @CaseTag( + caseNo ="aTaintCase00921", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->自定义对象->对象字段->单层字段(10)", + thisMethodTag = "aTaintCase00921_3", + thisMethodExpectedResult = true + ) public Map aTaintCase00921_3(@RequestBody SourceTestWith10Filedsbject cmd) { Map modelMap = new HashMap<>(); try { @@ -446,6 +569,13 @@ public Map aTaintCase00921_3(@RequestBody SourceTestWith10Fileds * @return */ @PostMapping("case00922") + @CaseTag( + caseNo ="aTaintCase00922", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->自定义对象->对象字段->单层字段(100)", + thisMethodTag = "aTaintCase00922", + thisMethodExpectedResult = true + ) + public Map aTaintCase00922(@RequestBody SourceTestWith100Filedsbject cmd) { Map modelMap = new HashMap<>(); try { @@ -458,6 +588,12 @@ public Map aTaintCase00922(@RequestBody SourceTestWith100Filedsb } @PostMapping("case00922/2") + @CaseTag( + caseNo ="aTaintCase00922", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->自定义对象->对象字段->单层字段(100)", + thisMethodTag = "aTaintCase00922_2", + thisMethodExpectedResult = true + ) public Map aTaintCase00922_2(@RequestBody SourceTestWith100Filedsbject cmd) { Map modelMap = new HashMap<>(); try { @@ -470,6 +606,12 @@ public Map aTaintCase00922_2(@RequestBody SourceTestWith100Filed } @PostMapping("case00922/3") + @CaseTag( + caseNo ="aTaintCase00922", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->自定义对象->对象字段->单层字段(100)", + thisMethodTag = "aTaintCase00922_3", + thisMethodExpectedResult = true + ) public Map aTaintCase00922_3(@RequestBody SourceTestWith100Filedsbject cmd) { Map modelMap = new HashMap<>(); try { @@ -481,6 +623,12 @@ public Map aTaintCase00922_3(@RequestBody SourceTestWith100Filed return modelMap; } @PostMapping("case00923") + @CaseTag( + caseNo ="aTaintCase00923", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->自定义对象->对象字段->多层字段(3)", + thisMethodTag = "aTaintCase00923", + thisMethodExpectedResult = true + ) public Map aTaintCase00923(@RequestBody LayerBaseBean2 cmd) { Map modelMap = new HashMap<>(); try { @@ -492,6 +640,12 @@ public Map aTaintCase00923(@RequestBody LayerBaseBean2 cmd) { return modelMap; } @PostMapping("case00923/2") + @CaseTag( + caseNo ="aTaintCase00923", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->自定义对象->对象字段->多层字段(3)", + thisMethodTag = "aTaintCase00923_2", + thisMethodExpectedResult = true + ) public Map aTaintCase00923_2(@RequestBody LayerBaseBean2 cmd) { Map modelMap = new HashMap<>(); try { @@ -503,6 +657,12 @@ public Map aTaintCase00923_2(@RequestBody LayerBaseBean2 cmd) { return modelMap; } @PostMapping("case00923/3") + @CaseTag( + caseNo ="aTaintCase00923", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->自定义对象->对象字段->多层字段(3)", + thisMethodTag = "aTaintCase00923_3", + thisMethodExpectedResult = true + ) public Map aTaintCase00923_3(@RequestBody LayerBaseBean2 cmd) { Map modelMap = new HashMap<>(); try { @@ -515,6 +675,12 @@ public Map aTaintCase00923_3(@RequestBody LayerBaseBean2 cmd) { } @PostMapping("case00924") + @CaseTag( + caseNo ="aTaintCase00924", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->自定义对象->对象字段->多层字段(10)", + thisMethodTag = "aTaintCase00924", + thisMethodExpectedResult = true + ) public Map aTaintCase00924(@RequestBody LayerBaseBean9 cmd) { Map modelMap = new HashMap<>(); try { @@ -526,6 +692,12 @@ public Map aTaintCase00924(@RequestBody LayerBaseBean9 cmd) { return modelMap; } @PostMapping("case00924/2") + @CaseTag( + caseNo ="aTaintCase00924", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->自定义对象->对象字段->多层字段(10)", + thisMethodTag = "aTaintCase00924_2", + thisMethodExpectedResult = true + ) public Map aTaintCase00924_2(@RequestBody LayerBaseBean9 cmd) { Map modelMap = new HashMap<>(); try { @@ -537,6 +709,12 @@ public Map aTaintCase00924_2(@RequestBody LayerBaseBean9 cmd) { return modelMap; } @PostMapping("case00924/3") + @CaseTag( + caseNo ="aTaintCase00924", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->自定义对象->对象字段->多层字段(10)", + thisMethodTag = "aTaintCase00924_3", + thisMethodExpectedResult = true + ) public Map aTaintCase00924_3(@RequestBody LayerBaseBean9 cmd) { Map modelMap = new HashMap<>(); try { @@ -549,6 +727,12 @@ public Map aTaintCase00924_3(@RequestBody LayerBaseBean9 cmd) { } @PostMapping("case00925") + @CaseTag( + caseNo ="aTaintCase00925", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->自定义对象->对象字段->污点来自父类", + thisMethodTag = "aTaintCase00925", + thisMethodExpectedResult = true + ) public Map aTaintCase00925(@RequestBody LayerBaseBean2 cmd) { Map modelMap = new HashMap<>(); try { @@ -560,6 +744,12 @@ public Map aTaintCase00925(@RequestBody LayerBaseBean2 cmd) { return modelMap; } @PostMapping("case00925/2") + @CaseTag( + caseNo ="aTaintCase00925", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->自定义对象->对象字段->污点来自父类", + thisMethodTag = "aTaintCase00925_2", + thisMethodExpectedResult = true + ) public Map aTaintCase00925_2(@RequestBody LayerBaseBean2 cmd) { Map modelMap = new HashMap<>(); try { diff --git a/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase002.java b/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase002.java index 79da37f0..60a07e03 100644 --- a/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase002.java +++ b/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase002.java @@ -3,6 +3,7 @@ import cn.hutool.core.util.StrUtil; import com.iast.astbenchmark.cases.bean.SourceTestObject; import com.iast.astbenchmark.cases.bean.xml.TicketRequest; +import com.iast.astbenchmark.analyser.cache.CaseTag; import com.iast.astbenchmark.common.CommonConsts; import com.iast.astbenchmark.common.utils.JDKSerializationUtil; import com.iast.astbenchmark.common.utils.MyCommonTestUtil; @@ -42,6 +43,12 @@ public class AstTaintCase002 { * @return */ @PostMapping("case0022") + @CaseTag( + caseNo ="aTaintCase0022", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->特殊链路跟踪能力->三方包方法跟踪", + thisMethodTag = "aTaintCase0022", + thisMethodExpectedResult = true + ) public Map aTaintCase0022(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -60,6 +67,12 @@ public Map aTaintCase0022(@RequestParam String cmd) { * @return */ @PostMapping("case0023") + @CaseTag( + caseNo ="aTaintCase0023", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->特殊链路跟踪能力->超长链路追踪(100层)", + thisMethodTag = "aTaintCase0023", + thisMethodExpectedResult = true + ) public Map aTaintCase0023(@RequestBody String cmd) { Map modelMap = new HashMap<>(); if (cmd == null) { @@ -84,6 +97,13 @@ public Map aTaintCase0023(@RequestBody String cmd) { * @return */ @PostMapping("case00931") + @CaseTag( + caseNo ="aTaintCase00931", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->特殊链路跟踪能力->超长链路追踪(1000层)", + thisMethodTag = "aTaintCase00931", + thisMethodExpectedResult = true + ) + public Map aTaintCase00931(@RequestBody String cmd) { Map modelMap = new HashMap<>(); if (cmd == null) { @@ -108,6 +128,13 @@ public Map aTaintCase00931(@RequestBody String cmd) { * @return */ @PostMapping("case0024") + @CaseTag( + caseNo ="aTaintCase0024", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->特殊链路跟踪能力->反射调用方法跟踪", + thisMethodTag = "aTaintCase0024", + thisMethodExpectedResult = true + ) + public Map aTaintCase0024(@RequestParam String cmd) throws NoSuchMethodException, InvocationTargetException, IllegalAccessException { Map modelMap = new HashMap<>(); @@ -135,6 +162,13 @@ public Map aTaintCase0024(@RequestParam String cmd) * @return */ @PostMapping("case0025") + @CaseTag( + caseNo ="aTaintCase0025", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->特殊链路跟踪能力->调用native方法", + thisMethodTag = "aTaintCase0025", + thisMethodExpectedResult = true + ) + public Map aTaintCase0025(@RequestBody String[] cmd) { Map modelMap = new HashMap<>(); if (cmd == null) { @@ -162,6 +196,12 @@ public Map aTaintCase0025(@RequestBody String[] cmd) { * @return */ @PostMapping("case0027") + @CaseTag( + caseNo ="aTaintCase0027", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点来源识别能力(source)->污点来自http getQueryString", + thisMethodTag = "aTaintCase0027", + thisMethodExpectedResult = true + ) public Map aTaintCase0027(HttpServletRequest request, @RequestParam String data) { Map modelMap = new HashMap<>(); try { @@ -280,6 +320,12 @@ public Map aTaintCase0027(HttpServletRequest request, @RequestPa * @return //TODO */ @PostMapping("case0033") + @CaseTag( + caseNo ="aTaintCase0033", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点来源识别能力(source)->污点来自http body->*json", + thisMethodTag = "aTaintCase0033", + thisMethodExpectedResult = true + ) public Map aTaintCase0033(@RequestBody Map json) { Map modelMap = new HashMap<>(); try { @@ -299,6 +345,12 @@ public Map aTaintCase0033(@RequestBody Map json) */ @PostMapping(value = "/case0034", consumes = {MediaType.APPLICATION_XML_VALUE}, produces = MediaType.APPLICATION_XML_VALUE) @ResponseBody + @CaseTag( + caseNo ="aTaintCase0034", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点来源识别能力(source)->污点来自http body->*xml", + thisMethodTag = "aTaintCase0034", + thisMethodExpectedResult = true + ) public Map aTaintCase0034(@RequestBody TicketRequest ticketRequest) { Map modelMap = new HashMap<>(); try { @@ -317,6 +369,12 @@ public Map aTaintCase0034(@RequestBody TicketRequest ticketReque * @return */ @PostMapping(value = "case0035") + @CaseTag( + caseNo ="aTaintCase0035", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点来源识别能力(source)->污点来自http body->multipart/form-data getPart", + thisMethodTag = "aTaintCase0035", + thisMethodExpectedResult = true + ) public Map aTaintCase0035(@RequestParam MultipartFile file, HttpServletRequest request) { Map modelMap = new HashMap<>(); try { @@ -338,6 +396,12 @@ public Map aTaintCase0035(@RequestParam MultipartFile file, Http * @return */ @PostMapping(value = "case0036") + @CaseTag( + caseNo ="aTaintCase0036", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点来源识别能力(source)->污点来自http body->multipart/form-data getParts", + thisMethodTag = "aTaintCase0036", + thisMethodExpectedResult = true + ) public Map aTaintCase0036(@RequestParam MultipartFile file, HttpServletRequest request) { Map modelMap = new HashMap<>(); try { @@ -359,6 +423,13 @@ public Map aTaintCase0036(@RequestParam MultipartFile file, Http * @return */ @PostMapping(value = "case0037") + @CaseTag( + caseNo ="aTaintCase0037", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点来源识别能力(source)->污点来自http body->form/url-encode getParameter", + thisMethodTag = "aTaintCase0037", + thisMethodExpectedResult = true + ) + public Map aTaintCase0037(@RequestParam("cmd") String cmd, HttpServletRequest request) { Map modelMap = new HashMap<>(); try { @@ -378,6 +449,13 @@ public Map aTaintCase0037(@RequestParam("cmd") String cmd, HttpS * @return */ @PostMapping(value = "case0038") + @CaseTag( + caseNo ="aTaintCase0038", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点来源识别能力(source)->污点来自http body->form/url-encode getParameterMap", + thisMethodTag = "aTaintCase0038", + thisMethodExpectedResult = true + ) + public Map aTaintCase0038(@RequestParam("cmd") String cmd, HttpServletRequest request) { Map modelMap = new HashMap<>(); try { @@ -397,6 +475,13 @@ public Map aTaintCase0038(@RequestParam("cmd") String cmd, HttpS * @return */ @PostMapping(value = "case0039") + @CaseTag( + caseNo ="aTaintCase0039", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点来源识别能力(source)->污点来自http body->form/url-encode getParameterValues", + thisMethodTag = "aTaintCase0039", + thisMethodExpectedResult = true + ) + public Map aTaintCase0039(@RequestParam("cmd") String cmd, HttpServletRequest request) { Map modelMap = new HashMap<>(); try { @@ -416,6 +501,12 @@ public Map aTaintCase0039(@RequestParam("cmd") String cmd, HttpS * @return */ @PostMapping(value = "case0040") + @CaseTag( + caseNo ="aTaintCase0040", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点来源识别能力(source)->污点来自http body->form/url-encode getParameterNames", + thisMethodTag = "aTaintCase0040", + thisMethodExpectedResult = true + ) public Map aTaintCase0040(@RequestParam("cmd") String cmd, HttpServletRequest request) { Map modelMap = new HashMap<>(); try { @@ -436,6 +527,12 @@ public Map aTaintCase0040(@RequestParam("cmd") String cmd, HttpS * @return */ @PostMapping(value = "case0041") + @CaseTag( + caseNo ="aTaintCase0041", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点来源识别能力(source)->污点来自http body->getReader", + thisMethodTag = "aTaintCase0041", + thisMethodExpectedResult = true + ) public Map aTaintCase0041(@RequestBody String[] cmd, HttpServletRequest request) { Map modelMap = new HashMap<>(); try { @@ -499,6 +596,13 @@ public Map aTaintCase0041(@RequestBody String[] cmd, HttpServlet * @return */ @PostMapping(value = "case0044/{cmd}") + @CaseTag( + caseNo ="aTaintCase0044", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点来源识别能力(source)->污点来自http pathVarlables", + thisMethodTag = "aTaintCase0044", + thisMethodExpectedResult = true + ) + public Map aTaintCase0044(@PathVariable String cmd) { Map modelMap = new HashMap<>(); try { @@ -517,6 +621,13 @@ public Map aTaintCase0044(@PathVariable String cmd) { * @return */ @PostMapping(value = "case0045") + @CaseTag( + caseNo ="aTaintCase0045", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点来源识别能力(source)->污点来自http header getCookies", + thisMethodTag = "aTaintCase0045", + thisMethodExpectedResult = true + ) + public Map aTaintCase0045(HttpServletRequest request) { Map modelMap = new HashMap<>(); try { @@ -536,6 +647,12 @@ public Map aTaintCase0045(HttpServletRequest request) { * @return */ @PostMapping(value = "case0046") + @CaseTag( + caseNo ="aTaintCase0046", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点来源识别能力(source)->污点来自http header getHeader", + thisMethodTag = "aTaintCase0046", + thisMethodExpectedResult = true + ) public Map aTaintCase0046(HttpServletRequest request) { Map modelMap = new HashMap<>(); try { @@ -555,6 +672,12 @@ public Map aTaintCase0046(HttpServletRequest request) { * @return */ @PostMapping(value = "case0047") + @CaseTag( + caseNo ="aTaintCase0047", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点来源识别能力(source)->污点来自http header getHeaders", + thisMethodTag = "aTaintCase0047", + thisMethodExpectedResult = true + ) public Map aTaintCase0047(HttpServletRequest request) { Map modelMap = new HashMap<>(); try { @@ -574,6 +697,12 @@ public Map aTaintCase0047(HttpServletRequest request) { * @return */ @PostMapping(value = "case00139") + @CaseTag( + caseNo ="aTaintCase00139", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点来源识别能力(source)->污点来自http header getHeaderNames", + thisMethodTag = "aTaintCase00139", + thisMethodExpectedResult = true + ) public Map aTaintCase00139(HttpServletRequest request) { Map modelMap = new HashMap<>(); try { @@ -873,6 +1002,13 @@ public Map aTaintCase00139(HttpServletRequest request) { * aTaintCase0062 传播场景->String操作->构造方法 */ @PostMapping(value = "case0062") + @CaseTag( + caseNo ="aTaintCase0062", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点传播跟踪能力->传播场景->String操作->构造方法->String(String original)", + thisMethodTag = "aTaintCase0062", + thisMethodExpectedResult = true + ) + public Map aTaintCase0062(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -886,6 +1022,12 @@ public Map aTaintCase0062(@RequestParam String cmd) { } @PostMapping(value = "case00143") + @CaseTag( + caseNo ="aTaintCase00143", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点传播跟踪能力->传播场景->String操作->构造方法->String(char value[])", + thisMethodTag = "aTaintCase00143", + thisMethodExpectedResult = true + ) public Map aTaintCase00143(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -898,6 +1040,13 @@ public Map aTaintCase00143(@RequestParam String cmd) { } @PostMapping(value = "case00144") + @CaseTag( + caseNo ="aTaintCase00144", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点传播跟踪能力->传播场景->String操作->构造方法->String(char value[], int offset, int count)", + thisMethodTag = "aTaintCase00144", + thisMethodExpectedResult = true + ) + public Map aTaintCase00144(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -914,6 +1063,12 @@ public Map aTaintCase00144(@RequestParam String cmd) { * @return */ @PostMapping(value = "case00145") + @CaseTag( + caseNo ="aTaintCase00145", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点传播跟踪能力->传播场景->String操作->构造方法->String(int[] codePoints, int offset, int count)", + thisMethodTag = "aTaintCase00145", + thisMethodExpectedResult = true + ) public Map aTaintCase00145(@RequestBody int[] codePoints) { Map modelMap = new HashMap<>(); try { @@ -936,6 +1091,12 @@ public Map aTaintCase00145(@RequestBody int[] codePoints) { } @PostMapping(value = "case00146") + @CaseTag( + caseNo ="aTaintCase00146", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点传播跟踪能力->传播场景->String操作->构造方法->String(byte bytes[], int offset, int length, String charsetName)", + thisMethodTag = "aTaintCase00146", + thisMethodExpectedResult = true + ) public Map aTaintCase00146(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -949,6 +1110,12 @@ public Map aTaintCase00146(@RequestParam String cmd) { } @PostMapping(value = "case00147") + @CaseTag( + caseNo ="aTaintCase00147", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点传播跟踪能力->传播场景->String操作->构造方法->String(byte bytes[], int offset, int length, Charset charset)", + thisMethodTag = "aTaintCase00147", + thisMethodExpectedResult = true + ) public Map aTaintCase00147(@RequestBody byte[] bytes) { Map modelMap = new HashMap<>(); try { @@ -962,6 +1129,12 @@ public Map aTaintCase00147(@RequestBody byte[] bytes) { } @PostMapping(value = "case00148") + @CaseTag( + caseNo ="aTaintCase00148", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点传播跟踪能力->传播场景->String操作->构造方法->String(StringBuffer buffer)", + thisMethodTag = "aTaintCase00148", + thisMethodExpectedResult = true + ) public Map aTaintCase00148(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -975,6 +1148,12 @@ public Map aTaintCase00148(@RequestParam String cmd) { } @PostMapping(value = "case00149") + @CaseTag( + caseNo ="aTaintCase00149", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点传播跟踪能力->传播场景->String操作->构造方法->String(StringBuilder builder)", + thisMethodTag = "aTaintCase00149", + thisMethodExpectedResult = true + ) public Map aTaintCase00149(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -991,6 +1170,12 @@ public Map aTaintCase00149(@RequestParam String cmd) { * aTaintCase0063 传播场景->String操作->conact */ @PostMapping(value = "case0063") + @CaseTag( + caseNo ="aTaintCase0063", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点传播跟踪能力->传播场景->String操作->conact", + thisMethodTag = "aTaintCase0063", + thisMethodExpectedResult = true + ) public Map aTaintCase0063(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -1007,6 +1192,12 @@ public Map aTaintCase0063(@RequestParam String cmd) { * aTaintCase0064 传播场景->String操作->copyValueOf */ @PostMapping(value = "case0064") + @CaseTag( + caseNo ="aTaintCase0064", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点传播跟踪能力->传播场景->String操作->copyValueOf", + thisMethodTag = "aTaintCase0064", + thisMethodExpectedResult = true + ) public Map aTaintCase0064(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -1023,6 +1214,12 @@ public Map aTaintCase0064(@RequestParam String cmd) { * aTaintCase0065 传播场景->String操作->format */ @PostMapping(value = "case0065") + @CaseTag( + caseNo ="aTaintCase0065", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点传播跟踪能力->传播场景->String操作->format", + thisMethodTag = "aTaintCase0065", + thisMethodExpectedResult = true + ) public Map aTaintCase0065(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -1040,6 +1237,12 @@ public Map aTaintCase0065(@RequestParam String cmd) { */ @PostMapping(value = "case0066") + @CaseTag( + caseNo ="aTaintCase0066", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点传播跟踪能力->传播场景->String操作->getBytes", + thisMethodTag = "aTaintCase0066", + thisMethodExpectedResult = true + ) public Map aTaintCase0066(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -1056,6 +1259,13 @@ public Map aTaintCase0066(@RequestParam String cmd) { * aTaintCase0067 传播场景->String操作->getChars */ @PostMapping(value = "case0067") + @CaseTag( + caseNo ="aTaintCase0067", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点传播跟踪能力->传播场景->String操作->getChars", + thisMethodTag = "aTaintCase0067", + thisMethodExpectedResult = true + ) + public Map aTaintCase0067(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -1073,6 +1283,12 @@ public Map aTaintCase0067(@RequestParam String cmd) { * aTaintCase0068 传播场景->String操作->intern */ @PostMapping(value = "case0068") + @CaseTag( + caseNo ="aTaintCase0068", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点传播跟踪能力->传播场景->String操作->intern", + thisMethodTag = "aTaintCase0068", + thisMethodExpectedResult = true + ) public Map aTaintCase0068(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -1088,6 +1304,12 @@ public Map aTaintCase0068(@RequestParam String cmd) { * aTaintCase0069 传播场景->String操作->join */ @PostMapping(value = "case0069") + @CaseTag( + caseNo ="aTaintCase0069", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点传播跟踪能力->传播场景->String操作->join", + thisMethodTag = "aTaintCase0069", + thisMethodExpectedResult = true + ) public Map aTaintCase0069(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -1123,6 +1345,13 @@ public Map aTaintCase0069(@RequestParam String cmd) { * ls;-la */ @PostMapping(value = "case0071") + @CaseTag( + caseNo ="aTaintCase0071", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点传播跟踪能力->传播场景->String操作->replace", + thisMethodTag = "aTaintCase0071", + thisMethodExpectedResult = true + ) + public Map aTaintCase0071(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -1140,6 +1369,13 @@ public Map aTaintCase0071(@RequestParam String cmd) { * alasa */ @PostMapping(value = "case00140") + @CaseTag( + caseNo ="aTaintCase00140", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点传播跟踪能力->传播场景->String操作->replaceAll", + thisMethodTag = "aTaintCase00140", + thisMethodExpectedResult = true + ) + public Map aTaintCase00140(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -1156,6 +1392,12 @@ public Map aTaintCase00140(@RequestParam String cmd) { * aTaintCase0072 传播场景->String操作->split */ @PostMapping(value = "case0072") + @CaseTag( + caseNo ="aTaintCase0072", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点传播跟踪能力->传播场景->String操作->split", + thisMethodTag = "aTaintCase0072", + thisMethodExpectedResult = true + ) public Map aTaintCase0072(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -1190,6 +1432,13 @@ public Map aTaintCase0072(@RequestParam String cmd) { * aTaintCase0074 传播场景->String操作->subSequence */ @PostMapping(value = "case0074") + @CaseTag( + caseNo ="aTaintCase0074", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点传播跟踪能力->传播场景->String操作->subSequence", + thisMethodTag = "aTaintCase0074", + thisMethodExpectedResult = true + ) + public Map aTaintCase0074(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -1206,6 +1455,12 @@ public Map aTaintCase0074(@RequestParam String cmd) { * lsabc */ @PostMapping(value = "case0075") + @CaseTag( + caseNo ="aTaintCase0075", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点传播跟踪能力->传播场景->String操作->substring", + thisMethodTag = "aTaintCase0075", + thisMethodExpectedResult = true + ) public Map aTaintCase0075(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -1221,6 +1476,12 @@ public Map aTaintCase0075(@RequestParam String cmd) { * aTaintCase0076 传播场景->String操作->toCharArray */ @PostMapping(value = "case0076") + @CaseTag( + caseNo ="aTaintCase0076", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点传播跟踪能力->传播场景->String操作->toCharArray", + thisMethodTag = "aTaintCase0076", + thisMethodExpectedResult = true + ) public Map aTaintCase0076(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -1237,6 +1498,12 @@ public Map aTaintCase0076(@RequestParam String cmd) { * aTaintCase0077 传播场景->String操作->toLowerCase */ @PostMapping(value = "case0077") + @CaseTag( + caseNo ="aTaintCase0077", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点传播跟踪能力->传播场景->String操作->toLowerCase", + thisMethodTag = "aTaintCase0077", + thisMethodExpectedResult = true + ) public Map aTaintCase0077(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -1253,6 +1520,12 @@ public Map aTaintCase0077(@RequestParam String cmd) { * aTaintCase0078 传播场景->String操作->toString */ @PostMapping(value = "case0078") + @CaseTag( + caseNo ="aTaintCase0078", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点传播跟踪能力->传播场景->String操作->toString", + thisMethodTag = "aTaintCase0078", + thisMethodExpectedResult = true + ) public Map aTaintCase0078(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -1269,6 +1542,12 @@ public Map aTaintCase0078(@RequestParam String cmd) { * aTaintCase0079 传播场景->String操作->toUpperCase */ @PostMapping(value = "case0079") + @CaseTag( + caseNo ="aTaintCase0079", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点传播跟踪能力->传播场景->String操作->toUpperCase", + thisMethodTag = "aTaintCase0079", + thisMethodExpectedResult = true + ) public Map aTaintCase0079(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -1286,6 +1565,13 @@ public Map aTaintCase0079(@RequestParam String cmd) { */ @PostMapping(value = "case0080") + + @CaseTag( + caseNo ="aTaintCase0080", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点传播跟踪能力->传播场景->String操作->trim", + thisMethodTag = "aTaintCase0080", + thisMethodExpectedResult = true + ) public Map aTaintCase0080(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -1302,6 +1588,12 @@ public Map aTaintCase0080(@RequestParam String cmd) { * aTaintCase0081 传播场景->String操作->valueOf */ @PostMapping(value = "case0081") + @CaseTag( + caseNo ="aTaintCase0081", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点传播跟踪能力->传播场景->String操作->valueOf", + thisMethodTag = "aTaintCase0081", + thisMethodExpectedResult = true + ) public Map aTaintCase0081(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -1318,6 +1610,12 @@ public Map aTaintCase0081(@RequestParam String cmd) { * aTaintCase0082 传播场景->StringBuilder操作->构造方法 */ @PostMapping(value = "case0082") + @CaseTag( + caseNo ="aTaintCase0082", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点传播跟踪能力->传播场景->StringBuilder操作->构造方法", + thisMethodTag = "aTaintCase0082", + thisMethodExpectedResult = true + ) public Map aTaintCase0082(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -1334,6 +1632,12 @@ public Map aTaintCase0082(@RequestParam String cmd) { * aTaintCase0083 传播场景->StringBuilder操作->append */ @PostMapping(value = "case0083") + @CaseTag( + caseNo ="aTaintCase0083", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点传播跟踪能力->传播场景->StringBuilder操作->append", + thisMethodTag = "aTaintCase0083", + thisMethodExpectedResult = true + ) public Map aTaintCase0083(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -1369,6 +1673,12 @@ public Map aTaintCase0083(@RequestParam String cmd) { * aTaintCase0085 传播场景->StringBuilder操作->delete */ @PostMapping(value = "case0085") + @CaseTag( + caseNo ="aTaintCase0085", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点传播跟踪能力->传播场景->StringBuilder操作->delete", + thisMethodTag = "aTaintCase0085", + thisMethodExpectedResult = true + ) public Map aTaintCase0085(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -1387,6 +1697,12 @@ public Map aTaintCase0085(@RequestParam String cmd) { * aTaintCase0086 传播场景->StringBuilder操作->deleteCharAt */ @PostMapping(value = "case0086") + @CaseTag( + caseNo ="aTaintCase0086", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点传播跟踪能力->传播场景->StringBuilder操作->deleteCharAt", + thisMethodTag = "aTaintCase0086", + thisMethodExpectedResult = true + ) public Map aTaintCase0086(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -1405,6 +1721,12 @@ public Map aTaintCase0086(@RequestParam String cmd) { * aTaintCase0087 传播场景->StringBuilder操作->getChars */ @PostMapping(value = "case0087") + @CaseTag( + caseNo ="aTaintCase0087", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点传播跟踪能力->传播场景->StringBuilder操作->getChars", + thisMethodTag = "aTaintCase0087", + thisMethodExpectedResult = true + ) public Map aTaintCase0087(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -1424,6 +1746,12 @@ public Map aTaintCase0087(@RequestParam String cmd) { * aTaintCase0088 传播场景->StringBuilder操作->insert */ @PostMapping(value = "case0088") + @CaseTag( + caseNo ="aTaintCase0088", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点传播跟踪能力->传播场景->StringBuilder操作->insert", + thisMethodTag = "aTaintCase0088", + thisMethodExpectedResult = true + ) public Map aTaintCase0088(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -1441,6 +1769,13 @@ public Map aTaintCase0088(@RequestParam String cmd) { * aTaintCase0089 传播场景->StringBuilder操作->replace */ @PostMapping(value = "case0089") + @CaseTag( + caseNo ="aTaintCase0089", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点传播跟踪能力->传播场景->StringBuilder操作->replace", + thisMethodTag = "aTaintCase0089", + thisMethodExpectedResult = true + ) + public Map aTaintCase0089(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -1458,6 +1793,12 @@ public Map aTaintCase0089(@RequestParam String cmd) { * aTaintCase0090 传播场景->StringBuilder操作->subSequence */ @PostMapping(value = "case0090") + @CaseTag( + caseNo ="aTaintCase0090", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点传播跟踪能力->传播场景->StringBuilder操作->subSequence", + thisMethodTag = "aTaintCase0090", + thisMethodExpectedResult = true + ) public Map aTaintCase0090(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -1476,6 +1817,12 @@ public Map aTaintCase0090(@RequestParam String cmd) { * aTaintCase0091 传播场景->StringBuilder操作->subString */ @PostMapping(value = "case0091") + @CaseTag( + caseNo ="aTaintCase0091", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点传播跟踪能力->传播场景->StringBuilder操作->subString", + thisMethodTag = "aTaintCase0091", + thisMethodExpectedResult = true + ) public Map aTaintCase0091(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -1493,6 +1840,12 @@ public Map aTaintCase0091(@RequestParam String cmd) { * aTaintCase0092 传播场景->StringBuilder操作->toString */ @PostMapping(value = "case0092") + @CaseTag( + caseNo ="aTaintCase0092", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点传播跟踪能力->传播场景->StringBuilder操作->toString", + thisMethodTag = "aTaintCase0092", + thisMethodExpectedResult = true + ) public Map aTaintCase0092(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -1510,6 +1863,13 @@ public Map aTaintCase0092(@RequestParam String cmd) { * aTaintCase0093 传播场景-char[],byte[]操作->copyOf */ @PostMapping(value = "case0093") + + @CaseTag( + caseNo ="aTaintCase0093", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点传播跟踪能力->传播场景->char[],byte[]操作->copyOf", + thisMethodTag = "aTaintCase0093", + thisMethodExpectedResult = true + ) public Map aTaintCase0093(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -1527,6 +1887,12 @@ public Map aTaintCase0093(@RequestParam String cmd) { * aTaintCase0094 传播场景-char[],byte[]操作-->copyOfRange */ @PostMapping(value = "case0094") + @CaseTag( + caseNo ="aTaintCase0094", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点传播跟踪能力->传播场景->char[],byte[]操作-->copyOfRange", + thisMethodTag = "aTaintCase0094", + thisMethodExpectedResult = true + ) public Map aTaintCase0094(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -1545,6 +1911,12 @@ public Map aTaintCase0094(@RequestParam String cmd) { * //deepToString 的参数是Object[] *使用Byte[] */ @PostMapping(value = "case0095") + @CaseTag( + caseNo ="aTaintCase0095", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点传播跟踪能力->传播场景->char[],byte[]操作->deepToString", + thisMethodTag = "aTaintCase0095", + thisMethodExpectedResult = true + ) public Map aTaintCase0095(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -1562,6 +1934,12 @@ public Map aTaintCase0095(@RequestParam String cmd) { * aTaintCase0096 传播场景-char[],byte[]操作->toString */ @PostMapping(value = "case0096") + @CaseTag( + caseNo ="aTaintCase0096", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点传播跟踪能力->传播场景->char[],byte[]操作->toString", + thisMethodTag = "aTaintCase0096", + thisMethodExpectedResult = true + ) public Map aTaintCase0096(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -1598,6 +1976,12 @@ public Map aTaintCase0096(@RequestParam String cmd) { * @throws ClassNotFoundException */ @PostMapping(value = "case00932") + @CaseTag( + caseNo ="aTaintCase00932", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点传播跟踪能力->传播场景->JDK序列化与反序列化", + thisMethodTag = "aTaintCase00932", + thisMethodExpectedResult = true + ) public Map aTaintCase00932(@RequestBody SourceTestObject sourceTestObject) throws ClassNotFoundException { Map modelMap = new HashMap<>(); try { @@ -1928,6 +2312,12 @@ public Map aTaintCase00932(@RequestBody SourceTestObject sourceT * @return */ @PostMapping(value = "case00141") + @CaseTag( + caseNo ="aTaintCase00141", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点无害化处理能力sanitizer->sanitizer方法特性支持->污点直接赋值为硬编码值", + thisMethodTag = "aTaintCase00141", + thisMethodExpectedResult = false + ) public Map aTaintCase00141(@RequestParam String cmd) { Map modelMap = new HashMap<>(); cmd = "test"; @@ -1937,6 +2327,12 @@ public Map aTaintCase00141(@RequestParam String cmd) { } @PostMapping(value = "case00141/1") + @CaseTag( + caseNo ="aTaintCase00141", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点无害化处理能力sanitizer->sanitizer方法特性支持->污点直接赋值为硬编码值", + thisMethodTag = "aTaintCase00141_1", + thisMethodExpectedResult = true + ) public Map aTaintCase00141_1(@RequestParam String cmd) { Map modelMap = new HashMap<>(); TaintMethodUtil.sink(cmd); @@ -1948,6 +2344,12 @@ public Map aTaintCase00141_1(@RequestParam String cmd) { * aTaintCase00103 污点无害化处理能力sanitizer->sanitizer支持区分类型 */ @PostMapping(value = "case00103/2") + @CaseTag( + caseNo ="aTaintCase00103", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点无害化处理能力sanitizer->sanitizer支持区分类型", + thisMethodTag = "aTaintCase00103_2", + thisMethodExpectedResult = true + ) public Map aTaintCase00103_2(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -1961,6 +2363,12 @@ public Map aTaintCase00103_2(@RequestParam String cmd) { } @PostMapping(value = "case00103/1") + @CaseTag( + caseNo ="aTaintCase00103", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点无害化处理能力sanitizer->sanitizer支持区分类型", + thisMethodTag = "aTaintCase00103_1", + thisMethodExpectedResult = true + ) public Map aTaintCase00103_1(@RequestParam String cmd) { Map modelMap = new HashMap<>(); TaintMethodUtil.sink(cmd); @@ -1969,6 +2377,12 @@ public Map aTaintCase00103_1(@RequestParam String cmd) { } @PostMapping(value = "case00103") + @CaseTag( + caseNo ="aTaintCase00103", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点无害化处理能力sanitizer->sanitizer支持区分类型", + thisMethodTag = "aTaintCase00103", + thisMethodExpectedResult = false + ) public Map aTaintCase00103(@RequestParam String cmd) { Map modelMap = new HashMap<>(); String res = TaintMethodUtil.sanitizer(cmd); @@ -1981,6 +2395,12 @@ public Map aTaintCase00103(@RequestParam String cmd) { * aTaintCase00104 污点无害化处理能力sanitizer->触发sink后再执行sanitizer */ @PostMapping(value = "case00104") + @CaseTag( + caseNo ="aTaintCase00104", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点无害化处理能力sanitizer->触发sink后再执行sanitizer", + thisMethodTag = "aTaintCase00104", + thisMethodExpectedResult = true + ) public Map aTaintCase00104(@RequestParam String cmd) { Map modelMap = new HashMap<>(); TaintMethodUtil.sink(cmd); @@ -1990,6 +2410,12 @@ public Map aTaintCase00104(@RequestParam String cmd) { } @PostMapping(value = "case00104/1") + @CaseTag( + caseNo ="aTaintCase00104", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点无害化处理能力sanitizer->触发sink后再执行sanitizer", + thisMethodTag = "aTaintCase00104_1", + thisMethodExpectedResult = false + ) public Map aTaintCase00104_1(@RequestParam String cmd) { Map modelMap = new HashMap<>(); String res = TaintMethodUtil.sanitizer(cmd); @@ -1999,6 +2425,12 @@ public Map aTaintCase00104_1(@RequestParam String cmd) { } @PostMapping(value = "case00104/2") + @CaseTag( + caseNo ="aTaintCase00104", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点无害化处理能力sanitizer->触发sink后再执行sanitizer", + thisMethodTag = "aTaintCase00104_2", + thisMethodExpectedResult = true + ) public Map aTaintCase00104_2(@RequestParam String cmd) { Map modelMap = new HashMap<>(); TaintMethodUtil.sink(cmd); @@ -2011,6 +2443,12 @@ public Map aTaintCase00104_2(@RequestParam String cmd) { * 检出 */ @PostMapping(value = "case00105") + @CaseTag( + caseNo ="aTaintCase00105", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点无害化处理能力sanitizer->支持自定义unSanitizer(再次污点化)", + thisMethodTag = "aTaintCase00105", + thisMethodExpectedResult = true + ) public Map aTaintCase00105(@RequestParam String cmd) { Map modelMap = new HashMap<>(); TaintMethodUtil.sink(cmd); @@ -2020,6 +2458,12 @@ public Map aTaintCase00105(@RequestParam String cmd) { // 不检出 @PostMapping(value = "case00105/1") + @CaseTag( + caseNo ="aTaintCase00105", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点无害化处理能力sanitizer->支持自定义unSanitizer(再次污点化)", + thisMethodTag = "aTaintCase00105_1", + thisMethodExpectedResult = false + ) public Map aTaintCase00105_1(@RequestParam String cmd) { Map modelMap = new HashMap<>(); cmd = TaintMethodUtil.sanitizer(cmd); @@ -2030,6 +2474,12 @@ public Map aTaintCase00105_1(@RequestParam String cmd) { // 检出 @PostMapping(value = "case00105/2") + @CaseTag( + caseNo ="aTaintCase00105", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点无害化处理能力sanitizer->支持自定义unSanitizer(再次污点化)", + thisMethodTag = "aTaintCase00105_2", + thisMethodExpectedResult = true + ) public Map aTaintCase00105_2(@RequestParam String cmd) { Map modelMap = new HashMap<>(); cmd = TaintMethodUtil.sanitizer(cmd); @@ -2101,13 +2551,19 @@ public Map aTaintCase00105_2(@RequestParam String cmd) { * aTaintCase00109 触发污点跟踪能力(sink)->单污点来源传播至多sink点 */ @PostMapping(value = "case00109") + @CaseTag( + caseNo ="aTaintCase00109", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->触发污点跟踪能力(sink)->单污点来源传播至多sink点", + thisMethodTag = "aTaintCase00109", + thisMethodExpectedResult = true + ) public Map aTaintCase00109(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { Runtime.getRuntime().exec(cmd); cmd = cmd + " -la"; - //TODO 加另一个漏洞 + TaintMethodUtil.sink(cmd); modelMap.put("status", CommonConsts.SUCCESS_STR); } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); @@ -2119,6 +2575,13 @@ public Map aTaintCase00109(@RequestParam String cmd) { * aTaintCase00110 触发污点跟踪能力(sink)->多污点来源传播至单sink点 */ @PostMapping(value = "case00110") + @CaseTag( + caseNo ="aTaintCase00110", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->触发污点跟踪能力(sink)->多污点来源传播至单sink点", + thisMethodTag = "aTaintCase00110", + thisMethodExpectedResult = true + ) + public Map aTaintCase00110(@RequestParam String cmd1, @RequestParam String cmd2) { Map modelMap = new HashMap<>(); try { @@ -2134,24 +2597,36 @@ public Map aTaintCase00110(@RequestParam String cmd1, @RequestPa * aTaintCase00111 触发污点跟踪能力(sink)->sink点中嵌套其他sink点 * 从文件中读取命令,并用命令行执行 */ - @PostMapping(value = "case00111") - @Deprecated - public Map aTaintCase00111(@RequestParam String path) { - Map modelMap = new HashMap<>(); - - try { - Runtime.getRuntime().exec(path + MyCommonTestUtil.readStrFromFile(path)); - modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { - modelMap.put("status", CommonConsts.ERROR_STR); - } - return modelMap; - } + //@PostMapping(value = "case00111") + //@CaseTag( + // caseNo ="aTaintCase00111", + // caseFullName = "#IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->触发污点跟踪能力(sink)->sink点中嵌套其他sink点", + // thisMethodTag = "aTaintCase00111", + // thisMethodExpectedResult = true + //) + //@Deprecated + //public Map aTaintCase00111(@RequestParam String path) { + // Map modelMap = new HashMap<>(); + // + // try { + // Runtime.getRuntime().exec(path + MyCommonTestUtil.readStrFromFile(path)); + // modelMap.put("status", CommonConsts.SUCCESS_STR); + // } catch (IOException e) { + // modelMap.put("status", CommonConsts.ERROR_STR); + // } + // return modelMap; + //} /** * aTaintCase00112 触发污点跟踪能力(sink)->无污点传播过程,污点直接传入sink */ @PostMapping(value = "case00112") + @CaseTag( + caseNo ="aTaintCase00112", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->触发污点跟踪能力(sink)->无污点传播过程,污点直接传入sink", + thisMethodTag = "aTaintCase00112", + thisMethodExpectedResult = true + ) public Map aTaintCase00112(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { diff --git a/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase003.java b/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase003.java index 8f65347e..c783b228 100644 --- a/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase003.java +++ b/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase003.java @@ -7,6 +7,7 @@ import cn.hutool.db.Db; import cn.hutool.db.Entity; import cn.hutool.http.HttpRequest; +import com.iast.astbenchmark.analyser.cache.CaseTag; import com.iast.astbenchmark.common.CommonConsts; import com.iast.astbenchmark.common.utils.MyCommonTestUtil; import com.iast.astbenchmark.common.utils.SessionUtil; @@ -51,6 +52,12 @@ public Map aTaintCase00113(@RequestParam String cmd) { return modelMap; } @PostMapping(value = "case00113/1") + @CaseTag( + caseNo ="aTaintCase00113", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->异步跟踪能力->存储型异步->污点通过db存储后触发", + thisMethodTag = "aTaintCase00113_1", + thisMethodExpectedResult = true + ) public Map aTaintCase00113_1(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -83,6 +90,12 @@ public Map aTaintCase00114(HttpServletRequest request, @PathVari return modelMap; } @PostMapping(value = "case00114/1") + @CaseTag( + caseNo ="aTaintCase00114", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->异步跟踪能力->存储型异步->污点通过session存储后触发", + thisMethodTag = "aTaintCase00114_1", + thisMethodExpectedResult = true + ) public Map aTaintCase00114_1(HttpServletRequest request) { Map modelMap = new HashMap<>(); try { @@ -106,6 +119,12 @@ public Map aTaintCase00115(@RequestParam String cmd) { return modelMap; } @PostMapping(value = "case00115/1") + @CaseTag( + caseNo ="aTaintCase00115", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->异步跟踪能力->存储型异步->污点通过缓存存储后触发->本地缓存", + thisMethodTag = "aTaintCase00115_1", + thisMethodExpectedResult = true + ) public Map aTaintCase00115_1() { Map modelMap = new HashMap<>(); try { @@ -130,6 +149,12 @@ public Map aTaintCase00138(@RequestParam String cmd) { return modelMap; } @PostMapping(value = "case00138/1") + @CaseTag( + caseNo ="aTaintCase00138", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->异步跟踪能力->存储型异步->污点通过缓存存储后触发->非本地缓存", + thisMethodTag = "aTaintCase00138_1", + thisMethodExpectedResult = true + ) public Map aTaintCase00138_1() { Map modelMap = new HashMap<>(); String key ="cmd_key"; @@ -158,6 +183,12 @@ public Map aTaintCase00116(@RequestParam String cmd) { return modelMap; } @PostMapping(value = "case00116/1") + @CaseTag( + caseNo ="aTaintCase00116", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->异步跟踪能力->存储型异步->污点通过文件存储后触发->本地文件", + thisMethodTag = "aTaintCase00116_1", + thisMethodExpectedResult = true + ) public Map aTaintCase00116_1() { Map modelMap = new HashMap<>(); try { @@ -171,7 +202,7 @@ public Map aTaintCase00116_1() { } /** - * aTaintCase00117 异步跟踪能力->存储行异步->污点通过缓存存储后触发-> OSS + * TODO aTaintCase00117 异步跟踪能力->存储行异步->污点通过缓存存储后触发-> OSS */ /** @@ -181,6 +212,12 @@ public Map aTaintCase00116_1() { * aTaintCase00119 异步跟踪能力->多线程异步->污点的来源和触发在不同线程 */ @PostMapping(value = "case00119") + @CaseTag( + caseNo ="aTaintCase00119", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->异步跟踪能力->多线程异步->污点的来源和触发在不同线程", + thisMethodTag = "aTaintCase00119", + thisMethodExpectedResult = true + ) public Map aTaintCase00119(@RequestParam String cmd) { Map modelMap = new HashMap<>(); Thread thread = new Thread(()->{ @@ -199,6 +236,12 @@ public Map aTaintCase00119(@RequestParam String cmd) { */ ThreadPoolExecutor executorForTest = ThreadUtil.newExecutor(1,1); @PostMapping(value = "case00120") + @CaseTag( + caseNo ="aTaintCase00120", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->异步跟踪能力->多线程异步->污点的来源和触发在不同线程,sink的触发由线程池中的线程触发", + thisMethodTag = "aTaintCase00120", + thisMethodExpectedResult = true + ) public Map aTaintCase00120(@RequestParam String cmd) { Map modelMap = new HashMap<>(); executorForTest.execute(()->{ @@ -231,6 +274,12 @@ public Map aTaintCase00123(@RequestParam String cmd,@RequestPara } @PostMapping(value = "case00123/2") + @CaseTag( + caseNo ="aTaintCase00123", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->跨进城跟踪能力->http->跨一层进程调用", + thisMethodTag = "aTaintCase00123_2", + thisMethodExpectedResult = true + ) public Map aTaintCase00123_2(@RequestParam String cmd,@RequestParam String auto_check_start_time) { Map modelMap = new HashMap<>(); try { @@ -265,6 +314,12 @@ public Map aTaintCase00124_2(@RequestParam String cmd,@RequestPa } @PostMapping(value = "case00124/3") + @CaseTag( + caseNo ="aTaintCase00124", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->跨进城跟踪能力->http->跨多层进程调用", + thisMethodTag = "aTaintCase00124_3", + thisMethodExpectedResult = true + ) public Map aTaintCase00124_3(@RequestParam String cmd,@RequestParam String auto_check_start_time) { Map modelMap = new HashMap<>(); try { diff --git a/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase004.java b/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase004.java index b869a0a5..2ef0dacc 100644 --- a/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase004.java +++ b/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase004.java @@ -5,6 +5,7 @@ import com.iast.astbenchmark.cases.bean.SoureWithQueueBean; import com.iast.astbenchmark.cases.bean.SoureWithSetBean; import com.iast.astbenchmark.cases.bean.layers.LayerBaseBean99; +import com.iast.astbenchmark.analyser.cache.CaseTag; import com.iast.astbenchmark.common.CommonConsts; import com.iast.astbenchmark.common.utils.JDKSerializationUtil; import org.springframework.web.bind.annotation.PostMapping; @@ -32,20 +33,45 @@ public class AstTaintCase004 { * aTaintCase00125 污点对象跟踪粒度->变量级别->sink点的值非外部可控,但与某个参数值相同 * 这个case期望不能被检出污点 */ -// 考虑使用这个sink点 -// private PrintWriter pw = new PrintWriter(System.out); -// private void sink(Object obj) throws Exception{ -// pw.println(obj); -// pw.flush(); -// } + // 考虑使用这个sink点 + // private PrintWriter pw = new PrintWriter(System.out); + // private void sink(Object obj) throws Exception{ + // pw.println(obj); + // pw.flush(); + // } @PostMapping(value = "case00125") + @CaseTag( + caseNo = "aTaintCase00125", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->变量级别->sink点的值非外部可控,但与某个参数值相同", + thisMethodTag = "aTaintCase00125", + thisMethodExpectedResult = false + ) public Map aTaintCase00125(@RequestParam String cmd1, @RequestParam(defaultValue = "ls") String cmd2) { Map modelMap = new HashMap<>(); try { String exec = "ls"; Runtime.getRuntime().exec(exec); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { + modelMap.put("status", CommonConsts.ERROR_STR); + } + return modelMap; + } + + @PostMapping(value = "case00125/2") + @CaseTag( + caseNo = "aTaintCase00125", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->变量级别->sink点的值非外部可控,但与某个参数值相同", + thisMethodTag = "aTaintCase00125", + thisMethodExpectedResult = false + ) + public Map aTaintCase00125_2(@RequestParam String cmd1, @RequestParam(defaultValue = "") String cmd2) { + Map modelMap = new HashMap<>(); + try { + String exec = ""; + Runtime.getRuntime().exec(exec); + modelMap.put("status", CommonConsts.SUCCESS_STR); + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; @@ -56,6 +82,12 @@ public Map aTaintCase00125(@RequestParam String cmd1, @RequestPa * /2为参照组,期望case被检测出,参照组不被检测出 */ @PostMapping(value = "case00126") + @CaseTag( + caseNo = "aTaintCase00126", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->对象字段->单层简单对象部分字段为污点", + thisMethodTag = "aTaintCase00126", + thisMethodExpectedResult = true + ) public Map aTaintCase00126(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -64,13 +96,19 @@ public Map aTaintCase00126(@RequestParam String cmd) { simpleBean.setCmd2("cd /"); Runtime.getRuntime().exec(simpleBean.getCmd()); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } @PostMapping(value = "case00126/2") + @CaseTag( + caseNo = "aTaintCase00126", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->对象字段->单层简单对象部分字段为污点", + thisMethodTag = "aTaintCase00126_2", + thisMethodExpectedResult = false + ) public Map aTaintCase00126_2(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -79,7 +117,7 @@ public Map aTaintCase00126_2(@RequestParam String cmd) { simpleBean.setCmd2("cd /"); Runtime.getRuntime().exec(simpleBean.getCmd2()); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; @@ -89,6 +127,12 @@ public Map aTaintCase00126_2(@RequestParam String cmd) { * aTaintCase00127 污点对象跟踪粒度->字段/元素级别->对象字段->多层复杂对象部分字段为污点->污点来自父类 */ @PostMapping(value = "case00127") + @CaseTag( + caseNo = "aTaintCase00127", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->对象字段->多层复杂对象部分字段为污点->污点来自父类", + thisMethodTag = "aTaintCase00127", + thisMethodExpectedResult = true + ) public Map aTaintCase00127(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -99,13 +143,19 @@ public Map aTaintCase00127(@RequestParam String cmd) { simpleBean.setCmdb99("cd ~"); Runtime.getRuntime().exec(simpleBean.getCmda0()); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } @PostMapping(value = "case00127/2") + @CaseTag( + caseNo = "aTaintCase00127", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->对象字段->多层复杂对象部分字段为污点->污点来自父类", + thisMethodTag = "aTaintCase00127_2", + thisMethodExpectedResult = false + ) public Map aTaintCase00127_2(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -116,7 +166,7 @@ public Map aTaintCase00127_2(@RequestParam String cmd) { simpleBean.setCmdb99("cd ~"); Runtime.getRuntime().exec(simpleBean.getCmdb0()); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; @@ -126,6 +176,12 @@ public Map aTaintCase00127_2(@RequestParam String cmd) { * aTaintCase00128 污点对象跟踪粒度->字段/元素级别->对象字段->多层复杂对象部分字段为污点->污点来自子类 */ @PostMapping(value = "case00128") + @CaseTag( + caseNo = "aTaintCase00128", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->对象字段->多层复杂对象部分字段为污点->污点来当前类字段", + thisMethodTag = "aTaintCase00128", + thisMethodExpectedResult = true + ) public Map aTaintCase00128(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -136,13 +192,19 @@ public Map aTaintCase00128(@RequestParam String cmd) { simpleBean.setCmdb99("ls"); Runtime.getRuntime().exec(simpleBean.getCmda99()); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } @PostMapping(value = "case00128/2") + @CaseTag( + caseNo = "aTaintCase00128", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->对象字段->多层复杂对象部分字段为污点->污点来当前类字段", + thisMethodTag = "aTaintCase00128_2", + thisMethodExpectedResult = false + ) public Map aTaintCase00128_2(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -154,7 +216,7 @@ public Map aTaintCase00128_2(@RequestParam String cmd) { Runtime.getRuntime().exec(simpleBean.getCmdb99()); ; modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; @@ -164,6 +226,13 @@ public Map aTaintCase00128_2(@RequestParam String cmd) { * aTaintCase00129 污点对象跟踪粒度->字段/元素级别->数组元素->单维数组中的部分元素为污点 */ @PostMapping(value = "case00129") + @CaseTag( + caseNo = "aTaintCase00129", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->数组元素->单维数组中的部分元素为污点", + thisMethodTag = "aTaintCase00129", + thisMethodExpectedResult = true + ) + public Map aTaintCase00129(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -173,13 +242,19 @@ public Map aTaintCase00129(@RequestParam String cmd) { strings[2] = "cd /"; Runtime.getRuntime().exec(strings[1]); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } @PostMapping(value = "case00129/2") + @CaseTag( + caseNo = "aTaintCase00129", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->数组元素->单维数组中的部分元素为污点", + thisMethodTag = "aTaintCase00129", + thisMethodExpectedResult = false + ) public Map aTaintCase00129_2(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -194,12 +269,17 @@ public Map aTaintCase00129_2(@RequestParam String cmd) { } return modelMap; } - /** * aTaintCase00130 污点对象跟踪粒度->字段/元素级别->数组元素->多维数组中的部分元素为污点 */ @PostMapping(value = "case00130") + @CaseTag( + caseNo = "aTaintCase00130", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->数组元素->多维数组中的部分元素为污点", + thisMethodTag = "aTaintCase00130", + thisMethodExpectedResult = true + ) public Map aTaintCase00130(@RequestBody String[][] strings) { Map modelMap = new HashMap<>(); try { @@ -208,18 +288,24 @@ public Map aTaintCase00130(@RequestBody String[][] strings) { //strings[0][1] = cmd; //strings[1][0] = "cd /"; //strings[1][1] = "cd /home"; - strings[0][0]="ls"; + strings[0][0] = "ls"; strings[1][0] = "cd /"; strings[1][1] = "cd /home"; Runtime.getRuntime().exec(strings[0][1]); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } @PostMapping(value = "case00130/2") + @CaseTag( + caseNo = "aTaintCase00130", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->数组元素->多维数组中的部分元素为污点", + thisMethodTag = "aTaintCase00130_2", + thisMethodExpectedResult = false + ) public Map aTaintCase00130_2(@RequestBody String[][] strings) { Map modelMap = new HashMap<>(); try { @@ -228,7 +314,7 @@ public Map aTaintCase00130_2(@RequestBody String[][] strings) { strings[1][1] = "cd /home"; Runtime.getRuntime().exec(strings[0][0]); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; @@ -239,6 +325,12 @@ public Map aTaintCase00130_2(@RequestBody String[][] strings) { */ @PostMapping(value = "case00131") + @CaseTag( + caseNo = "aTaintCase00131", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->数组元素->部分元素为污点,经过JDK序列化后再反序列化", + thisMethodTag = "aTaintCase00131", + thisMethodExpectedResult = true + ) public Map aTaintCase00131(@RequestBody String[][] strings) { Map modelMap = new HashMap<>(); try { @@ -249,7 +341,7 @@ public Map aTaintCase00131(@RequestBody String[][] strings) { String[][] res = JDKSerializationUtil.deSerialize(bytes); Runtime.getRuntime().exec(res[0][1]); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } catch (ClassNotFoundException e) { throw new RuntimeException(e); @@ -258,6 +350,12 @@ public Map aTaintCase00131(@RequestBody String[][] strings) { } @PostMapping(value = "case00131/2") + @CaseTag( + caseNo = "aTaintCase00131", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->数组元素->部分元素为污点,经过JDK序列化后再反序列化", + thisMethodTag = "aTaintCase00131_2", + thisMethodExpectedResult = false + ) public Map aTaintCase00131_2(@RequestBody String[][] strings) { Map modelMap = new HashMap<>(); try { @@ -268,7 +366,7 @@ public Map aTaintCase00131_2(@RequestBody String[][] strings) { String[][] res = JDKSerializationUtil.deSerialize(bytes); Runtime.getRuntime().exec(res[0][0]); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } catch (ClassNotFoundException e) { throw new RuntimeException(e); @@ -280,6 +378,12 @@ public Map aTaintCase00131_2(@RequestBody String[][] strings) { * aTaintCase00132 污点对象跟踪粒度->字段/元素级别->集合元素->List中部分元素为污点 */ @PostMapping(value = "case00132") + @CaseTag( + caseNo = "aTaintCase00132", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->集合元素->List中部分元素为污点", + thisMethodTag = "aTaintCase00132", + thisMethodExpectedResult = true + ) public Map aTaintCase00132(@RequestBody List stringList) { Map modelMap = new HashMap<>(); try { @@ -287,13 +391,19 @@ public Map aTaintCase00132(@RequestBody List stringList) stringList.add("cd ~"); Runtime.getRuntime().exec(stringList.get(0)); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } @PostMapping(value = "case00132/2") + @CaseTag( + caseNo = "aTaintCase00132", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->集合元素->List中部分元素为污点", + thisMethodTag = "aTaintCase00132_2", + thisMethodExpectedResult = false + ) public Map aTaintCase00132_2(@RequestBody List stringList) { Map modelMap = new HashMap<>(); try { @@ -301,7 +411,7 @@ public Map aTaintCase00132_2(@RequestBody List stringLis stringList.add("cd ~"); Runtime.getRuntime().exec(stringList.get(1)); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; @@ -311,6 +421,12 @@ public Map aTaintCase00132_2(@RequestBody List stringLis * aTaintCase00133 污点对象跟踪粒度->字段/元素级别->集合元素->Map中部分元素为污点 */ @PostMapping(value = "case00133") + @CaseTag( + caseNo = "aTaintCase00133", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->集合元素->Map中部分元素为污点", + thisMethodTag = "aTaintCase00133", + thisMethodExpectedResult = true + ) public Map aTaintCase00133(@RequestBody Map map) { Map modelMap = new HashMap<>(); try { @@ -320,13 +436,19 @@ public Map aTaintCase00133(@RequestBody Map map) map.put("3", "cd ~"); Runtime.getRuntime().exec(map.get("1")); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } @PostMapping(value = "case00133/2") + @CaseTag( + caseNo = "aTaintCase00133", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->集合元素->Map中部分元素为污点", + thisMethodTag = "aTaintCase00133_2", + thisMethodExpectedResult = false + ) public Map aTaintCase00133_2(@RequestBody Map map) { Map modelMap = new HashMap<>(); try { @@ -334,7 +456,7 @@ public Map aTaintCase00133_2(@RequestBody Map ma map.put("3", "cd ~"); Runtime.getRuntime().exec(map.get("2")); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; @@ -344,6 +466,12 @@ public Map aTaintCase00133_2(@RequestBody Map ma * aTaintCase00134 污点对象跟踪粒度->字段/元素级别->集合元素->Set中部分元素为污点 */ @PostMapping(value = "case00134") + @CaseTag( + caseNo = "aTaintCase00134", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->集合元素->Set中部分元素为污点", + thisMethodTag = "aTaintCase00134", + thisMethodExpectedResult = true + ) public Map aTaintCase00134(@RequestBody SoureWithSetBean setBean) { Map modelMap = new HashMap<>(); Set set = setBean.getValue(); @@ -363,6 +491,12 @@ public Map aTaintCase00134(@RequestBody SoureWithSetBean setBean } @PostMapping(value = "case00134/2") + @CaseTag( + caseNo = "aTaintCase00134", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->集合元素->Set中部分元素为污点", + thisMethodTag = "aTaintCase00134", + thisMethodExpectedResult = false + ) public Map aTaintCase00134_2(@RequestBody SoureWithSetBean setBean) { Map modelMap = new HashMap<>(); Set set = setBean.getValue(); @@ -385,6 +519,12 @@ public Map aTaintCase00134_2(@RequestBody SoureWithSetBean setBe * aTaintCase00135 污点对象跟踪粒度->字段/元素级别->集合元素->Queue中部分元素为污点 */ @PostMapping(value = "case00135") + @CaseTag( + caseNo = "aTaintCase00135", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->集合元素->Queue中部分元素为污点", + thisMethodTag = "aTaintCase00135", + thisMethodExpectedResult = true + ) public Map aTaintCase00135(@RequestBody SoureWithQueueBean queueBean) { Map modelMap = new HashMap<>(); Queue queue = queueBean.getQueue(); @@ -404,6 +544,12 @@ public Map aTaintCase00135(@RequestBody SoureWithQueueBean queue } @PostMapping(value = "case00135/2") + @CaseTag( + caseNo = "aTaintCase00135", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->集合元素->Queue中部分元素为污点", + thisMethodTag = "aTaintCase00135", + thisMethodExpectedResult = false + ) public Map aTaintCase00135_2(@RequestBody SoureWithQueueBean queueBean) { Map modelMap = new HashMap<>(); Queue queue = queueBean.getQueue(); @@ -427,6 +573,13 @@ public Map aTaintCase00135_2(@RequestBody SoureWithQueueBean que */ @PostMapping(value = "case00136") + @CaseTag( + caseNo = "aTaintCase00136", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->集合元素->集合中部分元素为污点,经过JDK序列化后再反序列化", + thisMethodTag = "aTaintCase00136", + thisMethodExpectedResult = true + ) + public Map aTaintCase00136(@RequestBody List list) { Map modelMap = new HashMap<>(); try { @@ -438,7 +591,7 @@ public Map aTaintCase00136(@RequestBody List list) { List strings = JDKSerializationUtil.deSerialize(bytes); Runtime.getRuntime().exec(strings.get(0)); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } catch (ClassNotFoundException e) { throw new RuntimeException(e); @@ -447,6 +600,13 @@ public Map aTaintCase00136(@RequestBody List list) { } @PostMapping(value = "case00136/2") + @CaseTag( + caseNo = "aTaintCase00136", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->集合元素->集合中部分元素为污点,经过JDK序列化后再反序列化", + thisMethodTag = "aTaintCase00136", + thisMethodExpectedResult = false + ) + public Map aTaintCase00136_2(@RequestBody List list) { Map modelMap = new HashMap<>(); try { @@ -458,7 +618,7 @@ public Map aTaintCase00136_2(@RequestBody List list) { List strings = JDKSerializationUtil.deSerialize(bytes); Runtime.getRuntime().exec(strings.get(1)); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } catch (ClassNotFoundException e) { throw new RuntimeException(e); @@ -496,519 +656,772 @@ public Map aTaintCase00136_2(@RequestBody List list) { //} @PostMapping(value = "case00940") + + @CaseTag( + caseNo = "aTaintCase00940", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分->String操作->replcace", + thisMethodTag = "aTaintCase00940", + thisMethodExpectedResult = true + ) public Map aTaintCase00940(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { String hardcode = "abc"; String urlfull = hardcode + cmd; - String data=urlfull.replace(hardcode,""); + String data = urlfull.replace(hardcode, ""); Runtime.getRuntime().exec(data); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } @PostMapping(value = "case00940/2") + @CaseTag( + caseNo = "aTaintCase00940", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分->String操作->replcace", + thisMethodTag = "aTaintCase00940_2", + thisMethodExpectedResult = true + ) public Map aTaintCase00940_2(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { Runtime.getRuntime().exec(cmd); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } + @PostMapping(value = "case00940/3") + @CaseTag( + caseNo = "aTaintCase00940", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分->String操作->replcace", + thisMethodTag = "aTaintCase00940_3", + thisMethodExpectedResult = false + ) public Map aTaintCase00940_3(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { String hardcode = "abc"; String cmdfull = hardcode + cmd; - String data=cmdfull.replace(cmd,""); + String data = cmdfull.replace(cmd, ""); Runtime.getRuntime().exec(data); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } @PostMapping(value = "case00941") + @CaseTag( + caseNo = "aTaintCase00941", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分->String操作->replcaceAll", + thisMethodTag = "aTaintCase00941", + thisMethodExpectedResult = true + ) public Map aTaintCase00941(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { String hardcode = "abc"; - String cmdfull = hardcode + cmd+hardcode; - String data=cmdfull.replaceAll(hardcode,""); + String cmdfull = hardcode + cmd + hardcode; + String data = cmdfull.replaceAll(hardcode, ""); Runtime.getRuntime().exec(data); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } @PostMapping(value = "case00941/2") + @CaseTag( + caseNo = "aTaintCase00941", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分->String操作->replcaceAll", + thisMethodTag = "aTaintCase00941_2", + thisMethodExpectedResult = true + ) public Map aTaintCase00941_2(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { Runtime.getRuntime().exec(cmd); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } + @PostMapping(value = "case00941/3") + @CaseTag( + caseNo = "aTaintCase00941", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分->String操作->replcaceAll", + thisMethodTag = "aTaintCase00941_3", + thisMethodExpectedResult = false + ) public Map aTaintCase00941_3(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { String hardcode = "abc"; - String cmdfull = hardcode + cmd+hardcode; - String data=cmdfull.replaceAll(cmd,""); + String cmdfull = hardcode + cmd + hardcode; + String data = cmdfull.replaceAll(cmd, ""); Runtime.getRuntime().exec(data); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } @PostMapping(value = "case00942") + @CaseTag( + caseNo = "aTaintCase00942", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分->String操作->split", + thisMethodTag = "aTaintCase00942", + thisMethodExpectedResult = true + ) public Map aTaintCase00942(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { String hardcode = "abc@"; String cmdfull = hardcode + cmd; - String[] data=cmdfull.split("@"); + String[] data = cmdfull.split("@"); Runtime.getRuntime().exec(data[1]); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } @PostMapping(value = "case00942/2") + @CaseTag( + caseNo = "aTaintCase00942", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分->String操作->split", + thisMethodTag = "aTaintCase00942_2", + thisMethodExpectedResult = true + ) public Map aTaintCase00942_2(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { Runtime.getRuntime().exec(cmd); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } @PostMapping(value = "case00942/3") + @CaseTag( + caseNo = "aTaintCase00942", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分->String操作->split", + thisMethodTag = "aTaintCase00942_3", + thisMethodExpectedResult = false + ) public Map aTaintCase00942_3(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { String hardcode = "abc@"; String cmdfull = hardcode + cmd; - String[] data=cmdfull.split("@"); + String[] data = cmdfull.split("@"); Runtime.getRuntime().exec(data[0]); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } @PostMapping(value = "case00943") + @CaseTag( + caseNo = "aTaintCase00943", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分->String操作->subSequence", + thisMethodTag = "aTaintCase00943", + thisMethodExpectedResult = true + ) public Map aTaintCase00943(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { String hardcode = "abc"; String cmdfull = hardcode + cmd; - CharSequence data=cmdfull.subSequence(hardcode.length(),cmdfull.length()); + CharSequence data = cmdfull.subSequence(hardcode.length(), cmdfull.length()); Runtime.getRuntime().exec(data.toString()); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } @PostMapping(value = "case00943/2") + @CaseTag( + caseNo = "aTaintCase00943", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分->String操作->subSequence", + thisMethodTag = "aTaintCase00943_2", + thisMethodExpectedResult = true + ) public Map aTaintCase00943_2(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { Runtime.getRuntime().exec(cmd); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } + @PostMapping(value = "case00943/3") + @CaseTag( + caseNo = "aTaintCase00943", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分->String操作->subSequence", + thisMethodTag = "aTaintCase00943_3", + thisMethodExpectedResult = false + ) public Map aTaintCase00943_3(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { String hardcode = "abc"; String cmdfull = hardcode + cmd; - CharSequence data=cmdfull.subSequence(0,hardcode.length()); + CharSequence data = cmdfull.subSequence(0, hardcode.length()); Runtime.getRuntime().exec(data.toString()); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } - @PostMapping(value = "case00944") + @CaseTag( + caseNo = "aTaintCase00944", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分->String操作->substring", + thisMethodTag = "aTaintCase00944", + thisMethodExpectedResult = true + ) + public Map aTaintCase00944(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { String hardcode = "abc"; String cmdfull = hardcode + cmd; - String data=cmdfull.substring(hardcode.length()); + String data = cmdfull.substring(hardcode.length()); Runtime.getRuntime().exec(data); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } @PostMapping(value = "case00944/2") + @CaseTag( + caseNo = "aTaintCase00944", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分->String操作->substring", + thisMethodTag = "aTaintCase00944_2", + thisMethodExpectedResult = true + ) public Map aTaintCase00944_2(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { Runtime.getRuntime().exec(cmd); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } @PostMapping(value = "case00944/3") + @CaseTag( + caseNo = "aTaintCase00944", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分->String操作->substring", + thisMethodTag = "aTaintCase00944_3", + thisMethodExpectedResult = false + ) public Map aTaintCase00944_3(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { String hardcode = "abc"; String cmdfull = hardcode + cmd; - String data=cmdfull.substring(0,hardcode.length()); + String data = cmdfull.substring(0, hardcode.length()); Runtime.getRuntime().exec(data); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } @PostMapping(value = "case00945") + @CaseTag( + caseNo = "aTaintCase00945", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分->String操作->trim", + thisMethodTag = "aTaintCase00945", + thisMethodExpectedResult = true + ) public Map aTaintCase00945(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { String hardcode = " "; - String cmdfull = hardcode + cmd+hardcode; - String data=cmdfull.trim(); + String cmdfull = hardcode + cmd + hardcode; + String data = cmdfull.trim(); Runtime.getRuntime().exec(data); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } @PostMapping(value = "case00945/2") + @CaseTag( + caseNo = "aTaintCase00945", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分->String操作->trim", + thisMethodTag = "aTaintCase00945_2", + thisMethodExpectedResult = true + ) public Map aTaintCase00945_2(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { Runtime.getRuntime().exec(cmd); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } @PostMapping(value = "case00946") + @CaseTag( + caseNo = "aTaintCase00946", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分->StringBuilder操作->delete", + thisMethodTag = "aTaintCase00946", + thisMethodExpectedResult = true + ) public Map aTaintCase00946(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { String hardcode = "abc"; - StringBuilder builder = new StringBuilder(hardcode+cmd); - builder.delete(0,hardcode.length()); + StringBuilder builder = new StringBuilder(hardcode + cmd); + builder.delete(0, hardcode.length()); Runtime.getRuntime().exec(builder.toString()); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } + @PostMapping(value = "case00946/2") + @CaseTag( + caseNo = "aTaintCase00946", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分->StringBuilder操作->delete", + thisMethodTag = "aTaintCase00946_2", + thisMethodExpectedResult = true + ) public Map aTaintCase00946_2(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { Runtime.getRuntime().exec(cmd); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } + @PostMapping(value = "case00946/3") + @CaseTag( + caseNo = "aTaintCase00946", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分->StringBuilder操作->delete", + thisMethodTag = "aTaintCase00946_3", + thisMethodExpectedResult = false + ) public Map aTaintCase00946_3(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { String hardcode = "abc"; - StringBuilder builder = new StringBuilder(hardcode+cmd); - builder.delete(hardcode.length(),builder.length()); + StringBuilder builder = new StringBuilder(hardcode + cmd); + builder.delete(hardcode.length(), builder.length()); Runtime.getRuntime().exec(builder.toString()); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } + @PostMapping(value = "case00947") + + @CaseTag( + caseNo = "aTaintCase00947", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分->StringBuilder操作->deleteCharAt", + thisMethodTag = "aTaintCase00947", + thisMethodExpectedResult = true + ) public Map aTaintCase00947(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { String hardcode = "a"; - StringBuilder builder = new StringBuilder(hardcode+cmd); + StringBuilder builder = new StringBuilder(hardcode + cmd); builder.deleteCharAt(0); Runtime.getRuntime().exec(builder.toString()); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } + @PostMapping(value = "case00947/2") + + @CaseTag( + caseNo = "aTaintCase00947", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分->StringBuilder操作->deleteCharAt", + thisMethodTag = "aTaintCase00947_2", + thisMethodExpectedResult = true + ) public Map aTaintCase00947_2(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { Runtime.getRuntime().exec(cmd); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } + @PostMapping(value = "case00947/3") + @CaseTag( + caseNo = "aTaintCase00947", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分->StringBuilder操作->deleteCharAt", + thisMethodTag = "aTaintCase00947_3", + thisMethodExpectedResult = false + ) public Map aTaintCase00947_3(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { String hardcode = "a"; - StringBuilder builder = new StringBuilder(hardcode+cmd); + StringBuilder builder = new StringBuilder(hardcode + cmd); builder.deleteCharAt(1); Runtime.getRuntime().exec(builder.toString()); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } - @PostMapping(value = "case00948") + @CaseTag( + caseNo = "aTaintCase00948", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分->StringBuilder操作->getChars", + thisMethodTag = "aTaintCase00948", + thisMethodExpectedResult = true + ) public Map aTaintCase00948(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { String hardcode = "aa"; - char[] aa=new char[2]; - StringBuilder builder = new StringBuilder(hardcode+cmd); - builder.getChars(2,4,aa,0); + char[] aa = new char[2]; + StringBuilder builder = new StringBuilder(hardcode + cmd); + builder.getChars(2, 4, aa, 0); Runtime.getRuntime().exec(new String(aa)); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } @PostMapping(value = "case00948/2") + @CaseTag( + caseNo = "aTaintCase00948", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分->StringBuilder操作->getChars", + thisMethodTag = "aTaintCase00948_2", + thisMethodExpectedResult = true + ) public Map aTaintCase00948_2(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { Runtime.getRuntime().exec(cmd); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } + @PostMapping(value = "case00948/3") + @CaseTag( + caseNo = "aTaintCase00948", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分->StringBuilder操作->getChars", + thisMethodTag = "aTaintCase00948_3", + thisMethodExpectedResult = false + ) public Map aTaintCase00948_3(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { String hardcode = "aa"; - char[] aa=new char[2]; - StringBuilder builder = new StringBuilder(hardcode+cmd); - builder.getChars(0,2,aa,0); + char[] aa = new char[2]; + StringBuilder builder = new StringBuilder(hardcode + cmd); + builder.getChars(0, 2, aa, 0); Runtime.getRuntime().exec(new String(aa)); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } @PostMapping(value = "case00949") + @CaseTag( + caseNo = "aTaintCase00949", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分->StringBuilder操作->replace", + thisMethodTag = "aTaintCase00949", + thisMethodExpectedResult = false + ) public Map aTaintCase00949(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { String hardcode = "abc"; - StringBuilder builder = new StringBuilder(hardcode+cmd); - builder.replace(0,builder.length(),hardcode); + StringBuilder builder = new StringBuilder(hardcode + cmd); + builder.replace(0, builder.length(), hardcode); Runtime.getRuntime().exec(builder.toString()); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } + @PostMapping(value = "case00949/2") + + @CaseTag( + caseNo = "aTaintCase00949", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分->StringBuilder操作->replace", + thisMethodTag = "aTaintCase00949_2", + thisMethodExpectedResult = true + ) public Map aTaintCase00949_2(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { Runtime.getRuntime().exec(cmd); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } + @PostMapping(value = "case00949/3") + @CaseTag( + caseNo = "aTaintCase00949", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分->StringBuilder操作->replace", + thisMethodTag = "aTaintCase00949_3", + thisMethodExpectedResult = true + ) public Map aTaintCase00949_3(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { String hardcode = "abc"; - StringBuilder builder = new StringBuilder(hardcode+cmd); - builder.replace(0,builder.length(),cmd); + StringBuilder builder = new StringBuilder(hardcode + cmd); + builder.replace(0, builder.length(), cmd); Runtime.getRuntime().exec(builder.toString()); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } + @PostMapping(value = "case00950") + @CaseTag( + caseNo = "aTaintCase00950", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分->StringBuilder操作->subSequence", + thisMethodTag = "aTaintCase00950", + thisMethodExpectedResult = true + ) public Map aTaintCase00950(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { String hardcode = "abc"; - StringBuilder builder = new StringBuilder(hardcode+cmd); - CharSequence res = builder.subSequence(hardcode.length(),builder.length()); + StringBuilder builder = new StringBuilder(hardcode + cmd); + CharSequence res = builder.subSequence(hardcode.length(), builder.length()); Runtime.getRuntime().exec(res.toString()); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } + @PostMapping(value = "case00950/2") + @CaseTag( + caseNo = "aTaintCase00950", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分->StringBuilder操作->subSequence", + thisMethodTag = "aTaintCase00950_2", + thisMethodExpectedResult = true + ) public Map aTaintCase00950_2(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { Runtime.getRuntime().exec(cmd); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } + @PostMapping(value = "case00950/3") + @CaseTag( + caseNo = "aTaintCase00950", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分->StringBuilder操作->subSequence", + thisMethodTag = "aTaintCase00950_3", + thisMethodExpectedResult = false + ) public Map aTaintCase00950_3(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { String hardcode = "abc"; - StringBuilder builder = new StringBuilder(hardcode+cmd); - CharSequence res = builder.subSequence(0,hardcode.length()); + StringBuilder builder = new StringBuilder(hardcode + cmd); + CharSequence res = builder.subSequence(0, hardcode.length()); Runtime.getRuntime().exec(res.toString()); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } @PostMapping(value = "case00951") + @CaseTag( + caseNo = "aTaintCase00951", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分->StringBuilder操作->substring", + thisMethodTag = "aTaintCase00951", + thisMethodExpectedResult = true + ) + public Map aTaintCase00951(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { String hardcode = "abc"; - StringBuilder builder = new StringBuilder(hardcode+cmd); + StringBuilder builder = new StringBuilder(hardcode + cmd); String res = builder.substring(hardcode.length()); Runtime.getRuntime().exec(res); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } + @PostMapping(value = "case00951/2") + @CaseTag( + caseNo = "aTaintCase00951", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分->StringBuilder操作->substring", + thisMethodTag = "aTaintCase00951_2", + thisMethodExpectedResult = true + ) + public Map aTaintCase00951_2(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { Runtime.getRuntime().exec(cmd); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } + @PostMapping(value = "case00951/3") + @CaseTag( + caseNo = "aTaintCase00951", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分->StringBuilder操作->substring", + thisMethodTag = "aTaintCase00951_3", + thisMethodExpectedResult = true + ) public Map aTaintCase00951_3(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { String hardcode = "abc"; - StringBuilder builder = new StringBuilder(hardcode+cmd); - String res = builder.substring(0,hardcode.length()); + StringBuilder builder = new StringBuilder(hardcode + cmd); + String res = builder.substring(0, hardcode.length()); Runtime.getRuntime().exec(res); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } @PostMapping(value = "case00952") + @CaseTag( + caseNo = "aTaintCase00952", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分->char[]/byte[]操作->copyOfRange", + thisMethodTag = "aTaintCase00952", + thisMethodExpectedResult = true + ) public Map aTaintCase00952(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { String hardcode = "abc"; - String aa = hardcode+cmd; - char[] chars = aa.toCharArray(); - char[] data = Arrays.copyOfRange(chars,hardcode.length(),chars.length);; + String aa = hardcode + cmd; + char[] chars = aa.toCharArray(); + char[] data = Arrays.copyOfRange(chars, hardcode.length(), chars.length); + ; Runtime.getRuntime().exec(new String(data)); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } + @PostMapping(value = "case00952/2") + @CaseTag( + caseNo = "aTaintCase00952", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分->char[]/byte[]操作->copyOfRange", + thisMethodTag = "aTaintCase00952_2", + thisMethodExpectedResult = true + ) public Map aTaintCase00952_2(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { Runtime.getRuntime().exec(cmd); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } + @PostMapping(value = "case00952/3") + @CaseTag( + caseNo = "aTaintCase00952", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分->char[]/byte[]操作->copyOfRange", + thisMethodTag = "aTaintCase00952_2", + thisMethodExpectedResult = false + ) public Map aTaintCase00952_3(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { String hardcode = "ab"; - String aa = hardcode+cmd; + String aa = hardcode + cmd; char[] chars = aa.toCharArray(); - char[] data = Arrays.copyOfRange(chars,0,hardcode.length());; + char[] data = Arrays.copyOfRange(chars, 0, hardcode.length()); + ; Runtime.getRuntime().exec(new String(data)); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; @@ -1016,153 +1429,220 @@ public Map aTaintCase00952_3(@RequestParam String cmd) { /** * 字符串部分存在污点->截取非污点部分后再拼接污点->String操作->concat@aTaintCase00953 + * * @param cmd * @return */ @PostMapping(value = "case00953") + @CaseTag( + caseNo = "aTaintCase00953", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分后再拼接污点->String操作->concat", + thisMethodTag = "aTaintCase00953", + thisMethodExpectedResult = true + ) + public Map aTaintCase00953(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { String hardcode = "ls"; String cmdfull = hardcode + cmd; - String data1=cmdfull.substring(0,hardcode.length()); //截取到非无污点数据 - String dara2=data1.concat(cmd); //再拼接上污点 + String data1 = cmdfull.substring(0, hardcode.length()); //截取到非无污点数据 + String dara2 = data1.concat(cmd); //再拼接上污点 Runtime.getRuntime().exec(dara2); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } + @PostMapping(value = "case00953/1") + @CaseTag( + caseNo = "aTaintCase00953", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分后再拼接污点->String操作->concat", + thisMethodTag = "aTaintCase00953_1", + thisMethodExpectedResult = false + ) public Map aTaintCase00953_1(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { String hardcode = "ls"; String cmdfull = hardcode + cmd; - String data1=cmdfull.substring(0,hardcode.length()); - String dara2=data1.concat(hardcode); //再拼接上非污点 + String data1 = cmdfull.substring(0, hardcode.length()); + String dara2 = data1.concat(hardcode); //再拼接上非污点 Runtime.getRuntime().exec(dara2); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } @PostMapping(value = "case00953/2") + @CaseTag( + caseNo = "aTaintCase00953", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分后再拼接污点->String操作->concat", + thisMethodTag = "aTaintCase00953_2", + thisMethodExpectedResult = true + ) public Map aTaintCase00953_2(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { Runtime.getRuntime().exec(cmd); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } - @PostMapping(value = "case00954") + @CaseTag( + caseNo = "aTaintCase00954", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分后再拼接污点->String操作->join", + thisMethodTag = "aTaintCase00954", + thisMethodExpectedResult = true + ) + public Map aTaintCase00954(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { String hardcode = "ls"; String cmdfull = hardcode + cmd; - String data1=cmdfull.substring(0,hardcode.length()); - String dara2=String.join(cmd,data1,hardcode); + String data1 = cmdfull.substring(0, hardcode.length()); + String dara2 = String.join(cmd, data1, hardcode); Runtime.getRuntime().exec(dara2); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } + @PostMapping(value = "case00954/1") + @CaseTag( + caseNo = "aTaintCase00954", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分后再拼接污点->String操作->join", + thisMethodTag = "aTaintCase00954_1", + thisMethodExpectedResult = false + ) + public Map aTaintCase00954_1(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { String hardcode = "ls"; String cmdfull = hardcode + cmd; - String data1=cmdfull.substring(0,hardcode.length()); - String dara2=String.join(hardcode,data1,hardcode); + String data1 = cmdfull.substring(0, hardcode.length()); + String dara2 = String.join(hardcode, data1, hardcode); Runtime.getRuntime().exec(dara2); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } @PostMapping(value = "case00954/2") + @CaseTag( + caseNo = "aTaintCase00954", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分后再拼接污点->String操作->join", + thisMethodTag = "aTaintCase00954_2", + thisMethodExpectedResult = true + ) public Map aTaintCase00954_2(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { Runtime.getRuntime().exec(cmd); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } - /** * 字符串部分存在污点->截取非污点部分后再拼接污点->String操作->replace@aTaintCase00955 + * * @param cmd * @return */ @PostMapping(value = "case00955") + @CaseTag( + caseNo = "aTaintCase00955", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分后再拼接污点->String操作->replace", + thisMethodTag = "aTaintCase00955", + thisMethodExpectedResult = true + ) public Map aTaintCase00955(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { String hardcode = "abc"; String cmdfull = hardcode + cmd; - String data1=cmdfull.replace(cmd,""); //去掉污点 - String dara2=data1+cmd; //拼接污点 + String data1 = cmdfull.replace(cmd, ""); //去掉污点 + String dara2 = data1 + cmd; //拼接污点 Runtime.getRuntime().exec(dara2); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } @PostMapping(value = "case00955/2") + @CaseTag( + caseNo = "aTaintCase00955", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分后再拼接污点->String操作->replace", + thisMethodTag = "aTaintCase00955_2", + thisMethodExpectedResult = true + ) public Map aTaintCase00955_2(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { Runtime.getRuntime().exec(cmd); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } @PostMapping(value = "case00956") + @CaseTag( + caseNo = "aTaintCase00956", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分后再拼接污点->String操作->replaceAll", + thisMethodTag = "aTaintCase00956", + thisMethodExpectedResult = true + ) + public Map aTaintCase00956(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { String hardcode = "abc"; - String cmdfull = cmd+hardcode + cmd; - String data1=cmdfull.replaceAll(cmd,""); //去掉污点 - String dara2=data1+cmd; //拼接污点 + String cmdfull = cmd + hardcode + cmd; + String data1 = cmdfull.replaceAll(cmd, ""); //去掉污点 + String dara2 = data1 + cmd; //拼接污点 Runtime.getRuntime().exec(dara2); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } @PostMapping(value = "case00956/2") + @CaseTag( + caseNo = "aTaintCase00956", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分后再拼接污点->String操作->replaceAll", + thisMethodTag = "aTaintCase00956_2", + thisMethodExpectedResult = true + ) + public Map aTaintCase00956_2(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { Runtime.getRuntime().exec(cmd); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; @@ -1170,135 +1650,190 @@ public Map aTaintCase00956_2(@RequestParam String cmd) { /** * cmd = " " + * * @param cmd * @return */ @PostMapping(value = "case00957") + @CaseTag( + caseNo = "aTaintCase00957", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分后再拼接污点->String操作->trim", + thisMethodTag = "aTaintCase00957", + thisMethodExpectedResult = true + ) public Map aTaintCase00957(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { String hardcode = "ls"; - String cmdfull = cmd+hardcode + cmd; - String data1=cmdfull.trim(); //去掉污点 - String dara2=data1+cmd; //拼接污点 + String cmdfull = cmd + hardcode + cmd; + String data1 = cmdfull.trim(); //去掉污点 + String dara2 = data1 + cmd; //拼接污点 Runtime.getRuntime().exec(dara2); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } @PostMapping(value = "case00957/2") + @CaseTag( + caseNo = "aTaintCase00957", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分后再拼接污点->String操作->trim", + thisMethodTag = "aTaintCase00957_2", + thisMethodExpectedResult = true + ) public Map aTaintCase00957_2(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { Runtime.getRuntime().exec(cmd); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } + @PostMapping(value = "case00958") + @CaseTag( + caseNo = "aTaintCase00958", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分后再拼接污点->StringBuilder操作->append", + thisMethodTag = "aTaintCase00958", + thisMethodExpectedResult = true + ) public Map aTaintCase00958(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { String hardcode = "abc"; StringBuilder cmdfull = new StringBuilder(hardcode + cmd); - StringBuilder data1=cmdfull.replace(hardcode.length(),cmdfull.length(),""); + StringBuilder data1 = cmdfull.replace(hardcode.length(), cmdfull.length(), ""); data1.append(cmd); Runtime.getRuntime().exec(data1.toString()); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } @PostMapping(value = "case00958/2") + @CaseTag( + caseNo = "aTaintCase00958", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分后再拼接污点->StringBuilder操作->append", + thisMethodTag = "aTaintCase00958_2", + thisMethodExpectedResult = true + ) public Map aTaintCase00958_2(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { Runtime.getRuntime().exec(cmd); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } @PostMapping(value = "case00959") + @CaseTag( + caseNo = "aTaintCase00959", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分后再拼接污点->StringBuilder操作->replace", + thisMethodTag = "aTaintCase00959", + thisMethodExpectedResult = true + ) public Map aTaintCase00959(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { String hardcode = "abc"; StringBuilder cmdfull = new StringBuilder(hardcode + cmd); - StringBuilder data1=cmdfull.replace(hardcode.length(),cmdfull.length(),""); + StringBuilder data1 = cmdfull.replace(hardcode.length(), cmdfull.length(), ""); data1.append(cmd); Runtime.getRuntime().exec(data1.toString()); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } @PostMapping(value = "case00959/2") + @CaseTag( + caseNo = "aTaintCase00959", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分后再拼接污点->StringBuilder操作->replace", + thisMethodTag = "aTaintCase00959_2", + thisMethodExpectedResult = true + ) public Map aTaintCase00959_2(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { Runtime.getRuntime().exec(cmd); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } @PostMapping(value = "case00960") + @CaseTag( + caseNo = "aTaintCase00960", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字符串级别->字符串部分存在污点->截取非污点部分后再拼接污点->char[]/byte[]操作->copyOfRange", + thisMethodTag = "aTaintCase00960", + thisMethodExpectedResult = true + ) public Map aTaintCase00960(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { String hardcode = "abc"; - String aa = hardcode+cmd; + String aa = hardcode + cmd; char[] chars = aa.toCharArray(); - char[] data = Arrays.copyOfRange(chars,0,hardcode.length());//非无污点部分 + char[] data = Arrays.copyOfRange(chars, 0, hardcode.length());//非无污点部分 //char result[] = new char[info.length + data.length]; //System.arraycopy(info, 0, result, 0, info.length); //System.arraycopy(data, 0, result, info.length, data.length); char[] cmdChars = cmd.toCharArray(); - char[] res= new char[data.length+cmd.length()]; //将污点与非污点组合 + char[] res = new char[data.length + cmd.length()]; //将污点与非污点组合 for (int i = 0; i < res.length; i++) { - if(i aTaintCase00960_2(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { Runtime.getRuntime().exec(cmd); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; } - - @PostMapping(value = "case00142") + @CaseTag( + caseNo = "aTaintCase00142", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->对象字段->多层复杂对象部分字段为污点->对象部分字段为污点,经过JDK序列化后再反序列化", + thisMethodTag = "aTaintCase00142", + thisMethodExpectedResult = true + ) public Map aTaintCase00142(@RequestBody SourceTestObject testObject) { Map modelMap = new HashMap<>(); try { @@ -1308,20 +1843,27 @@ public Map aTaintCase00142(@RequestBody SourceTestObject testObj SourceTestObject object = JDKSerializationUtil.deSerialize(bytes); Runtime.getRuntime().exec(object.getCmd()); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } catch (ClassNotFoundException e) { throw new RuntimeException(e); } return modelMap; } + @PostMapping(value = "case00142/2") + @CaseTag( + caseNo = "aTaintCase00142", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->对象字段->多层复杂对象部分字段为污点->对象部分字段为污点,经过JDK序列化后再反序列化", + thisMethodTag = "aTaintCase00142_2", + thisMethodExpectedResult = true + ) public Map aTaintCase00142_2(@RequestBody SourceTestObject testObject) { Map modelMap = new HashMap<>(); try { Runtime.getRuntime().exec(testObject.getCmd()); modelMap.put("status", CommonConsts.SUCCESS_STR); - } catch (IOException e) { + } catch (IOException e) { modelMap.put("status", CommonConsts.ERROR_STR); } return modelMap; diff --git a/iast-java/src/main/java/com/iast/astbenchmark/cases/TestController.java b/iast-java/src/main/java/com/iast/astbenchmark/cases/TestController.java index ad397b99..4a263bf8 100644 --- a/iast-java/src/main/java/com/iast/astbenchmark/cases/TestController.java +++ b/iast-java/src/main/java/com/iast/astbenchmark/cases/TestController.java @@ -6,8 +6,7 @@ import com.iast.astbenchmark.analyser.service.DataAnalysisService; import com.iast.astbenchmark.analyser.bean.CaseDataCollectResultBean; import com.iast.astbenchmark.analyser.bean.consts.VendorEnum; -import com.iast.astbenchmark.analyser.factory.stategy.IastCaseDataTransfer; -import com.iast.astbenchmark.analyser.factory.stategy.SeekerCaseDataTransfer; +import com.iast.astbenchmark.analyser.cache.AnnotationProcessorUtil; import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.PathVariable; @@ -52,4 +51,9 @@ public void test003(@PathVariable Long id) { } System.out.println(res); } + + @PostMapping(value = "process") + public void test004() { + AnnotationProcessorUtil.processAnnotations(AstTaintCase001.class); + } } diff --git a/iast-java/src/main/java/com/iast/astbenchmark/cli/tree/CaseNodeTreeUtil.java b/iast-java/src/main/java/com/iast/astbenchmark/cli/tree/CaseNodeTreeUtil.java index 21b5b182..0f496281 100644 --- a/iast-java/src/main/java/com/iast/astbenchmark/cli/tree/CaseNodeTreeUtil.java +++ b/iast-java/src/main/java/com/iast/astbenchmark/cli/tree/CaseNodeTreeUtil.java @@ -1,47 +1,30 @@ package com.iast.astbenchmark.cli.tree; -import cn.hutool.core.io.FileUtil; -import cn.hutool.core.io.resource.ResourceUtil; import cn.hutool.core.util.StrUtil; -import com.iast.astbenchmark.analyser.bean.CaseTargetBean; -import com.iast.astbenchmark.analyser.cache.CasetargeCache; import com.google.common.collect.Lists; import com.google.common.collect.Maps; +import com.iast.astbenchmark.analyser.bean.CaseTargetBean; +import com.iast.astbenchmark.analyser.cache.CasetargeCache; import lombok.extern.slf4j.Slf4j; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.core.io.ResourceLoader; -import org.springframework.stereotype.Component; import org.springframework.util.CollectionUtils; import java.io.BufferedReader; -import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; -import java.io.Reader; -import java.nio.charset.Charset; import java.util.List; import java.util.Map; +import java.util.stream.Collectors; @Slf4j public class CaseNodeTreeUtil { - public static void main(String[] args) { - System.out.println(CaseNodeTreeUtil.initRoot()); - } - public static CaseNode initRoot() { - BufferedReader reader =null; - InputStream inputStream =null; try { - inputStream = CaseNodeTreeUtil.class.getClassLoader().getResourceAsStream("config/caseNodeTree.txt"); - reader= new BufferedReader(new InputStreamReader(inputStream)); - List lines =Lists.newArrayList(); - String line; - while ((line = reader.readLine()) != null) { - lines.add(line); - } - //= FileUtil.readLines("config/caseNodeTree.txt", Charset.forName("utf-8")); - CasetargeCache.initNow(); + // CasetargeCache.initNow(); + List lines = + CasetargeCache.getAllCases().values().stream() + .map(e -> e.getCaseDesc() + "@" + e.getCaseNo()).collect(Collectors.toList()); + CaseNode root = CaseNode.builder() .type(CaseNodeType.ROOT) .id(0) @@ -50,33 +33,68 @@ public static CaseNode initRoot() { .build(); for (int row = 0; row < lines.size(); row++) { - if (StrUtil.isEmpty(lines.get(row))||lines.get(row).startsWith("#")) { + if (StrUtil.isEmpty(lines.get(row)) || lines.get(row).startsWith("#")) { continue; } String[] nodesData = lines.get(row).split("->"); addTreeNode(root, 0, row + 1, nodesData); } return root; - }catch (Exception e){ - log.error("初始化异常:{}",e); - }finally { - try { - if(reader!=null){ - reader.close(); - } - if(inputStream!=null){ - inputStream.close(); - } - }catch (IOException e){ - - } - + } catch (Exception e) { + log.error("初始化异常:{}", e); } - return null; + return null; + } + //public static CaseNode initRoot() { + // BufferedReader reader = null; + // InputStream inputStream = null; + // try { + // inputStream = CaseNodeTreeUtil.class.getClassLoader().getResourceAsStream("config/caseNodeTree.txt"); + // reader = new BufferedReader(new InputStreamReader(inputStream)); + // List lines = Lists.newArrayList(); + // String line; + // while ((line = reader.readLine()) != null) { + // lines.add(line); + // } + // //= FileUtil.readLines("config/caseNodeTree.txt", Charset.forName("utf-8")); + // CasetargeCache.initNow(); + // CaseNode root = CaseNode.builder() + // .type(CaseNodeType.ROOT) + // .id(0) + // .deepth(1) + // .name("IAST引擎能力评估体系(JAVA)") + // .build(); + // + // for (int row = 0; row < lines.size(); row++) { + // if (StrUtil.isEmpty(lines.get(row)) || lines.get(row).startsWith("#")) { + // continue; + // } + // String[] nodesData = lines.get(row).split("->"); + // addTreeNode(root, 0, row + 1, nodesData); + // } + // return root; + // } catch (Exception e) { + // log.error("初始化异常:{}", e); + // } finally { + // try { + // if (reader != null) { + // reader.close(); + // } + // if (inputStream != null) { + // inputStream.close(); + // } + // } catch (IOException e) { + // + // } + // + // } + // return null; + //} + public static Map leafMap(CaseNode root) { - Map leafMap =Maps.newLinkedHashMap(); + Map leafMap = Maps.newLinkedHashMap(); findLeaf(leafMap, root); return leafMap; } @@ -84,9 +102,9 @@ public static Map leafMap(CaseNode root) { private static void findLeaf(Map leafMap, CaseNode parent) { if (parent.getType().equals(CaseNodeType.LEAF)) { CaseNode leaf = parent; - if(leaf.getLeafData()!=null&&StrUtil.isNotEmpty(leaf.getLeafData().getCaseNo())&&leaf!=null){ + if (leaf.getLeafData() != null && StrUtil.isNotEmpty(leaf.getLeafData().getCaseNo()) && leaf != null) { leafMap.put(leaf.getLeafData().getCaseNo(), leaf); - }else { + } else { System.out.println(leaf.getName()); } } else { @@ -96,39 +114,15 @@ private static void findLeaf(Map leafMap, CaseNode parent) { } } -// public static void main(String[] args) { -// List lines = FileUtil.readLines("data/caseNodeTree.txt", Charset.forName("utf-8")); -// List linesNew = Lists.newArrayList(); -// for (int i = 0; i <= 46; i++) { -// linesNew.add(lines.get(i)+"@aTaintCase00"+(i+1)); -// } -// linesNew.add(lines.get(47)+"@aTaintCase00139"); -// for (int i = 48; i <= 72; i++) { -// linesNew.add(lines.get(i)+"@aTaintCase00"+(i)); -// } -// linesNew.add(lines.get(73)+"@aTaintCase00140"); -// for (int i = 74; i <= 104; i++) { -// linesNew.add(lines.get(i)+"@aTaintCase00"+(i-1)); -// } -// linesNew.add(lines.get(105)+"@aTaintCase00141"); -// linesNew.add(lines.get(106)+"@aTaintCase00103_2"); -// for (int i = 107; i <= 129; i++) { -// linesNew.add(lines.get(i)+"@aTaintCase00"+(i-2)); -// } -// File file = FileUtil.file("data/caseNodeTree_bak.txt"); -// FileUtil.writeUtf8Lines(linesNew,file); -// -// } - private static void addTreeNode(CaseNode parent, Integer deepth, Integer row, String[] nodesData) { deepth = deepth + 1; CaseNodeType type = CaseNodeType.NODE; Integer id = Integer.valueOf("" + String.valueOf(row) + String.valueOf(deepth)); - if (nodesData.length <= deepth) { + if (nodesData.length <= deepth) { type = CaseNodeType.LEAF; } - String name = nodesData[deepth-1]; + String name = nodesData[deepth - 1]; List children = parent.getChildren(); if (CollectionUtils.isEmpty(children)) { children = Lists.newArrayList(); @@ -173,6 +167,48 @@ private static CaseNode nodeExit(List caseNodes, String name) { } return null; } + + //public static void main(String[] args) { + // BufferedReader reader = null; + // InputStream inputStream = null; + // try { + // inputStream = CaseNodeTreeUtil.class.getClassLoader().getResourceAsStream("config/caseNodeTree.txt"); + // reader = new BufferedReader(new InputStreamReader(inputStream)); + // List lines = Lists.newArrayList(); + // String line; + // while ((line = reader.readLine()) != null) { + // if (StrUtil.isNotEmpty(line) && line.contains("@")) { + // String[] tags = line.split("@"); + // Arrays.asList(tags); + // String caseNo = tags[1]; + // String caseFullName = tags[0]; + // System.out.println(" @CaseTag(\n" + // + " caseNo =\"" + caseNo + "\",\n" + // + " caseFullName = \"" + caseFullName + "\",\n" + // + " thisMethodTag = \"" + caseNo + "\",\n" + // + " thisMethodExpectedResult = true\n" + // + " )"); + // } + // System.out.println(); + // + // } + // + // } catch (Exception e) { + // log.error("初始化异常:{}", e); + // } finally { + // try { + // if (reader != null) { + // reader.close(); + // } + // if (inputStream != null) { + // inputStream.close(); + // } + // } catch (IOException e) { + // + // } + // + // } + //} } diff --git a/iast-java/src/test/java/com/iast/astbenchmark/AstbenchmarkApplicationTests.java b/iast-java/src/test/java/com/iast/astbenchmark/AstbenchmarkApplicationTests.java index fca2015b..a47a46d5 100644 --- a/iast-java/src/test/java/com/iast/astbenchmark/AstbenchmarkApplicationTests.java +++ b/iast-java/src/test/java/com/iast/astbenchmark/AstbenchmarkApplicationTests.java @@ -905,6 +905,7 @@ void aTaintCase00124() { @Test void aTaintCase00125() { HttpResponse response = doPost(url_root + "ataint/case00125?cmd1=cd%20/&cmd2=ls"); + HttpResponse response2 = doPost(url_root + "ataint/case00125/2?cmd1=&cmd2="); System.out.println(response.body()); } From 3df3ca8f1c0d7ce6dc7f50a527b0dc3da90e61ae Mon Sep 17 00:00:00 2001 From: "mengmeng.meng" Date: Wed, 24 Jan 2024 14:10:08 +0800 Subject: [PATCH 04/17] Update AnnotationProcessorUtil.java --- .../cache/AnnotationProcessorUtil.java | 68 +++++++++++++++++-- 1 file changed, 63 insertions(+), 5 deletions(-) diff --git a/iast-java/src/main/java/com/iast/astbenchmark/analyser/cache/AnnotationProcessorUtil.java b/iast-java/src/main/java/com/iast/astbenchmark/analyser/cache/AnnotationProcessorUtil.java index cbdfff76..bcac029a 100644 --- a/iast-java/src/main/java/com/iast/astbenchmark/analyser/cache/AnnotationProcessorUtil.java +++ b/iast-java/src/main/java/com/iast/astbenchmark/analyser/cache/AnnotationProcessorUtil.java @@ -4,30 +4,54 @@ import com.iast.astbenchmark.analyser.bean.CaseTargetBean; import com.iast.astbenchmark.analyser.bean.CaseTargetItemBean; import com.iast.astbenchmark.analyser.bean.consts.CaseTypeEnum; +import org.springframework.util.CollectionUtils; import java.lang.reflect.Method; import java.util.List; -public class AnnotationProcessorUtil { +public final class AnnotationProcessorUtil { + + /** + * 处理类注解 + * test method + * @param clazz 待处理的类 + */ public static void processAnnotations(Class clazz) { + // 处理方法注解 + // 处理方法注解 for (Method method : clazz.getDeclaredMethods()) { + // 判断方法是否有@CaseTag注解 if (method.isAnnotationPresent(CaseTag.class)) { + // 获取方法上的@CaseTag注解 CaseTag methodAnnotation = method.getAnnotation(CaseTag.class); + // 打印方法名和注解值 System.out.println("Method " + method.getName() + " has annotation with value: " + methodAnnotation.caseNo()); } } } + + /** + * 构建用例映射 + * + * @param clazz 待处理的类 + */ public static void buildCaseMap(Class clazz) { - // 处理方法注解 + // 遍历类中的所有方法 for (Method method : clazz.getDeclaredMethods()) { + // 判断方法是否被@CaseTag注解标记 if (method.isAnnotationPresent(CaseTag.class)) { + // 获取@CaseTag注解实例 CaseTag methodAnnotation = method.getAnnotation(CaseTag.class); + // 获取用例编号 String caseNo = methodAnnotation.caseNo(); + // 判断用例编号对应的目标对象是否已存在 if (!CasetargeCache.targetMap.containsKey(caseNo)) { + // 如果不存在,则构建新的目标对象并添加到缓存中 CasetargeCache.targetMap.put(caseNo, buildTargetBean(methodAnnotation)); } else { + // 如果已存在,则修改目标对象并替换缓存中的对象 CaseTargetBean modifyBean = modifyTargetBean(CasetargeCache.targetMap.get(caseNo), methodAnnotation); CasetargeCache.targetMap.replace(caseNo, modifyBean); } @@ -35,6 +59,12 @@ public static void buildCaseMap(Class clazz) { } } + /** + * 构建用例目标 bean + * + * @param methodAnnotation 方法注解 + * @return 用例目标 bean + */ private static CaseTargetBean buildTargetBean(CaseTag methodAnnotation) { String caseNo = methodAnnotation.caseNo(); String caseFullName = methodAnnotation.caseFullName(); @@ -54,15 +84,43 @@ private static CaseTargetBean buildTargetBean(CaseTag methodAnnotation) { return targetBean; } + /** + * 修改用例目标 bean + * + * @param caseTargetBean 原始的用例目标 bean + * @param methodAnnotation 方法注解,包含用例标签和预期结果 + * @return 修改后的用例目标 bean,包含新的用例标签和预期结果 + */ private static CaseTargetBean modifyTargetBean(CaseTargetBean caseTargetBean, CaseTag methodAnnotation) { + // 获取方法注解中的用例标签和预期结果 String thisMethodTag = methodAnnotation.thisMethodTag(); boolean result = methodAnnotation.thisMethodExpectedResult(); + // 创建一个新的用例目标项 bean,设置用例标签和预期结果 CaseTargetItemBean itemBean = new CaseTargetItemBean(); itemBean.setTag(thisMethodTag); itemBean.setResult(result); - List item = caseTargetBean.getData(); - item.add(itemBean); - caseTargetBean.setData(item); + // 获取原始用例目标 bean 中的用例目标项列表 + List itemBeans = caseTargetBean.getData(); + // 如果用例目标项列表为空,则直接将新的用例目标项添加到列表中 + if (CollectionUtils.isEmpty(itemBeans)) { + itemBeans.add(itemBean); + } else { + // 如果用例目标项列表不为空,则判断是否已存在相同标签的用例目标项 + boolean itemExist = false; + for (CaseTargetItemBean item : itemBeans) { + if (item.getTag().equalsIgnoreCase(thisMethodTag)) { + itemExist = true; + break; + } + } + // 如果不存在相同标签的用例目标项,则将新的用例目标项添加到列表中 + if (!itemExist) { + itemBeans.add(itemBean); + } + } + + // 将更新后的用例目标项列表设置回用例目标 bean 中,并返回修改后的用例目标 bean + caseTargetBean.setData(itemBeans); return caseTargetBean; } From 5f0829fa735d020f40bbb8b505c112618ba5eb3f Mon Sep 17 00:00:00 2001 From: "mengmeng.meng" Date: Wed, 24 Jan 2024 17:55:03 +0800 Subject: [PATCH 05/17] =?UTF-8?q?case=E5=BC=95=E6=93=8E=E4=B8=8E=E8=AF=84?= =?UTF-8?q?=E4=BB=B7=E4=BD=93=E7=B3=BBcase=E6=AF=94=E5=AF=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../analyser/cache/CaseStuctCache.java | 18 +- .../analyser/cache/CasetargeCache.java | 11 +- .../analyser/util/MermindUtil.java | 80 ++++++++ .../astbenchmark/cases/AstTaintCase001.java | 66 +++--- .../astbenchmark/cases/AstTaintCase002.java | 52 ++--- .../astbenchmark/cases/AstTaintCase003.java | 35 +++- .../astbenchmark/cases/AstTaintCase004.java | 70 +++---- .../cases/AstTaintOtherCasesForxind.java | 5 + ...ommands.java => IastBenchmarkCommand.java} | 31 ++- .../iast/astbenchmark/cli/tree/CaseNode.java | 12 +- .../cli/tree/CaseNodeTreeUtil.java | 22 +- ...04\344\273\267\344\275\223\347\263\273.md" | 192 ++++++++++++++++++ 12 files changed, 462 insertions(+), 132 deletions(-) create mode 100644 iast-java/src/main/java/com/iast/astbenchmark/analyser/util/MermindUtil.java create mode 100644 iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintOtherCasesForxind.java rename iast-java/src/main/java/com/iast/astbenchmark/cli/{MyCommands.java => IastBenchmarkCommand.java} (84%) create mode 100644 "iast-java/src/main/resources/doc/java\345\274\225\346\223\216\350\257\204\344\273\267\344\275\223\347\263\273.md" diff --git a/iast-java/src/main/java/com/iast/astbenchmark/analyser/cache/CaseStuctCache.java b/iast-java/src/main/java/com/iast/astbenchmark/analyser/cache/CaseStuctCache.java index 2a097bf6..569c982e 100644 --- a/iast-java/src/main/java/com/iast/astbenchmark/analyser/cache/CaseStuctCache.java +++ b/iast-java/src/main/java/com/iast/astbenchmark/analyser/cache/CaseStuctCache.java @@ -8,12 +8,8 @@ @Slf4j public class CaseStuctCache { - private static CaseNode root; - private static Map leafData ; - static { - root = CaseNodeTreeUtil.initRoot(); - leafData=CaseNodeTreeUtil.leafMap(root); - } + protected static CaseNode root; + protected static Map leafData ; public static CaseNode getLeafByCaseNo(String caseNo){ try { @@ -31,9 +27,9 @@ public static CaseNode getRoot(){ return root; } - public static void main(String[] args) { - for (CaseNode value : CaseStuctCache.getAllLeaf().values()) { - System.out.println(value.getFullName()); - } - } + //public static void main(String[] args) { + // for (CaseNode value : CaseStuctCache.getAllLeaf().values()) { + // System.out.println(value.getFullName()); + // } + //} } diff --git a/iast-java/src/main/java/com/iast/astbenchmark/analyser/cache/CasetargeCache.java b/iast-java/src/main/java/com/iast/astbenchmark/analyser/cache/CasetargeCache.java index 5eab13d3..4606846d 100644 --- a/iast-java/src/main/java/com/iast/astbenchmark/analyser/cache/CasetargeCache.java +++ b/iast-java/src/main/java/com/iast/astbenchmark/analyser/cache/CasetargeCache.java @@ -1,21 +1,16 @@ package com.iast.astbenchmark.analyser.cache; -import cn.hutool.core.io.FileUtil; -import cn.hutool.core.io.IoUtil; -import cn.hutool.core.io.resource.ClassPathResource; -import cn.hutool.json.JSONArray; -import cn.hutool.json.JSONUtil; -import com.iast.astbenchmark.analyser.bean.CaseTargetBean; import com.google.common.collect.Maps; +import com.iast.astbenchmark.analyser.bean.CaseTargetBean; import com.iast.astbenchmark.cases.AstTaintCase001; import com.iast.astbenchmark.cases.AstTaintCase002; import com.iast.astbenchmark.cases.AstTaintCase003; import com.iast.astbenchmark.cases.AstTaintCase004; +import com.iast.astbenchmark.cli.tree.CaseNodeTreeUtil; import lombok.extern.slf4j.Slf4j; import org.springframework.stereotype.Component; import javax.annotation.PostConstruct; -import java.nio.charset.Charset; import java.util.Map; import static com.iast.astbenchmark.analyser.cache.AnnotationProcessorUtil.buildCaseMap; @@ -48,6 +43,8 @@ private void goinit() { buildCaseMap(AstTaintCase002.class); buildCaseMap(AstTaintCase003.class); buildCaseMap(AstTaintCase004.class); + CaseStuctCache.root = CaseNodeTreeUtil.initRoot(); + CaseStuctCache.leafData=CaseNodeTreeUtil.leafMap(CaseStuctCache.root); } catch (Exception e) { log.error("ERROR : Case加载失败,请检查您的case_target_list.json:{}", e); } diff --git a/iast-java/src/main/java/com/iast/astbenchmark/analyser/util/MermindUtil.java b/iast-java/src/main/java/com/iast/astbenchmark/analyser/util/MermindUtil.java new file mode 100644 index 00000000..d2a37041 --- /dev/null +++ b/iast-java/src/main/java/com/iast/astbenchmark/analyser/util/MermindUtil.java @@ -0,0 +1,80 @@ +package com.iast.astbenchmark.analyser.util; + +import com.iast.astbenchmark.analyser.cache.CaseStuctCache; +import com.iast.astbenchmark.analyser.cache.CasetargeCache; +import com.iast.astbenchmark.cli.tree.CaseNode; +import org.springframework.util.CollectionUtils; +import org.springframework.util.StringUtils; + +import java.util.List; + +public class MermindUtil { + private static String mermindScript = ""; + + public static void main(String[] args) { + CasetargeCache.initNow(); + mermindScript = "```mermind\n"; + getGraph(CaseStuctCache.getRoot()); + //mermind graph脑图 + //System.out.println(mermindScript); + //mermind 脑图,这个版本格式有点乱 + printTree(CaseStuctCache.getRoot(),CaseStuctCache.getRoot().getDeepth()); + //FileUtil.writeUtf8String("java引擎评价体系.md", mermindScript); + } + public static void printTree(CaseNode node, int depth) { + if (node == null) { + return; + } + // 创建缩进字符串,每个深度级别增加一个空格 + String indent = new String(new char[depth]).replace('\0', ' '); + + String name =node.getName().replaceAll("\\)","").replace("(","") + .replaceAll("]","").replace("[",""); + // 打印当前节点的名称与缩进 + System.out.println(indent + "\""+name+ "\""); + + // 递归打印每个子节点,深度加一 + List children = node.getChildren(); + if (children != null) { + for (CaseNode child : children) { + printTree(child, depth + 1); + } + } + } + + public static String printMermindScript() { + mermindScript = "```mermind\n"; + getGraph(CaseStuctCache.getRoot()); + return mermindScript; + } + + private static void getGraph(CaseNode node) { + if (node.getDeepth() == 1) { + if (!mermindScript.contains("graph LR")) { + mermindScript = mermindScript + "graph LR\n"; + } + for (CaseNode child : node.getChildren()) { + getGraph(child); + } + return; + } + if (node.getDeepth() > 1) { + String parent = node.getParent().getId() + "[\"" + node.getParent().getName() + "\"]"; + String current = node.getId() + "[\"" + node.getName() + "\"]"; + + if (!CollectionUtils.isEmpty(node.getChildren())) { + for (CaseNode child : node.getChildren()) { + getGraph(child); + } + } + if (node.getLeafData() != null) { + current = node.getLeafData().getCaseNo() + "[\"" + node.getName() + "\"]"; + } + if (!StringUtils.isEmpty(node.getName())) { + mermindScript = mermindScript + parent + "==>" + current + "\n"; + } + + } + + } +} diff --git a/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase001.java b/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase001.java index b906a445..fef3154e 100644 --- a/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase001.java +++ b/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase001.java @@ -56,7 +56,7 @@ public Map aTaintCase00901(@RequestParam String cmd) { @GetMapping("case001") @CaseTag( caseNo = "aTaintCase001", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->基础数据类型->int", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->基本数据类型及其封装类型->int", thisMethodTag = "aTaintCase001", thisMethodExpectedResult = true ) @@ -81,7 +81,7 @@ public Map aTaintCase001(@RequestParam int cmd) { @GetMapping("case002") @CaseTag( caseNo ="aTaintCase002", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->基础数据类型->char", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->基本数据类型及其封装类型->char", thisMethodTag = "aTaintCase002", thisMethodExpectedResult = true ) @@ -105,7 +105,7 @@ public Map aTaintCase002(@RequestParam char cmd) { @GetMapping("case003") @CaseTag( caseNo ="aTaintCase003", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->基础数据类型->byte", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->基本数据类型及其封装类型->byte", thisMethodTag = "aTaintCase003", thisMethodExpectedResult = true ) @@ -129,7 +129,7 @@ public Map aTaintCase003(@RequestParam byte cmd) { @GetMapping("case004") @CaseTag( caseNo ="aTaintCase004", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->基础数据类型->long", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->基本数据类型及其封装类型->long", thisMethodTag = "aTaintCase004", thisMethodExpectedResult = true ) @@ -148,7 +148,7 @@ public Map aTaintCase004(@RequestParam long cmd) { @PostMapping("case005") @CaseTag( caseNo ="aTaintCase005", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->集合元素->Map元素", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->集合(集合对象全为污点)->Map元素", thisMethodTag = "aTaintCase005", thisMethodExpectedResult = true ) @@ -176,7 +176,7 @@ public Map aTaintCase005(@RequestBody Map cmd) { @PostMapping("case006") @CaseTag( caseNo ="aTaintCase006", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->集合元素->List元素", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->集合(集合对象全为污点)->List元素", thisMethodTag = "aTaintCase006", thisMethodExpectedResult = true ) @@ -205,7 +205,7 @@ public Map aTaintCase006(@RequestBody List cmd) { @CaseTag( caseNo ="aTaintCase007", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->集合元素->Queue元素", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->集合(集合对象全为污点)->Queue元素", thisMethodTag = "aTaintCase007", thisMethodExpectedResult = true ) @@ -229,7 +229,7 @@ public Map aTaintCase007(@RequestBody SoureWithQueueBean queueBe @PostMapping("case008") @CaseTag( caseNo ="aTaintCase008", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->集合元素->Set元素", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->集合(集合对象全为污点)->Set元素", thisMethodTag = "aTaintCase008", thisMethodExpectedResult = true ) @@ -255,7 +255,7 @@ public Map aTaintCase008(@RequestBody SoureWithSetBean setBean) @PostMapping("case009") @CaseTag( caseNo ="aTaintCase009", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->引用类型->基本数据类型的封装类型->Byte", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->基本数据类型及其封装类型->Byte", thisMethodTag = "aTaintCase009", thisMethodExpectedResult = true ) @@ -285,7 +285,7 @@ public Map aTaintCase009(@RequestParam Byte cmd) { @PostMapping("case0010") @CaseTag( caseNo ="aTaintCase0010", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->引用类型->基本数据类型的封装类型->Integer", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->基本数据类型及其封装类型->Integer", thisMethodTag = "aTaintCase0010", thisMethodExpectedResult = true ) @@ -314,7 +314,7 @@ public Map aTaintCase0010(@RequestParam Integer cmd) { @PostMapping("case0011") @CaseTag( caseNo ="aTaintCase0011", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->引用类型->基本数据类型的封装类型->Long", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->基本数据类型及其封装类型->Long", thisMethodTag = "aTaintCase0011", thisMethodExpectedResult = true ) @@ -342,7 +342,7 @@ public Map aTaintCase0011(@RequestParam Long cmd) { @PostMapping("case0012") @CaseTag( caseNo ="aTaintCase0012", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->引用类型->基本数据类型的封装类型->Character", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->基本数据类型及其封装类型->Character", thisMethodTag = "aTaintCase0012", thisMethodExpectedResult = true ) @@ -370,7 +370,7 @@ public Map aTaintCase0012(@RequestParam Character cmd) { @PostMapping("case0013") @CaseTag( caseNo ="aTaintCase0013", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->数组(数组全为污点)->数组对象String[]", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->数组(数组对象全为污点)->数组对象String[]", thisMethodTag = "aTaintCase0013", thisMethodExpectedResult = true ) @@ -398,7 +398,7 @@ public Map aTaintCase0013(@RequestBody String[] cmd) { @PostMapping("case0014") @CaseTag( caseNo ="aTaintCase0014", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->数组(数组全为污点)->数组对象char[]", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->数组(数组对象全为污点)->数组对象char[]", thisMethodTag = "aTaintCase0014", thisMethodExpectedResult = true ) @@ -430,7 +430,7 @@ public Map aTaintCase0014(@RequestParam String cmd) { @PostMapping("case0015") @CaseTag( caseNo ="aTaintCase0015", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->数组(数组全为污点)->数组对象byte[]", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->数组(数组对象全为污点)->数组对象byte[]", thisMethodTag = "aTaintCase0015", thisMethodExpectedResult = true ) @@ -459,7 +459,7 @@ public Map aTaintCase0015(@RequestBody byte[] cmd) { @PostMapping("case0016") @CaseTag( caseNo ="aTaintCase0016", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->数组(数组全为污点)->单维数组对象的元素", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->数组(数组对象全为污点)->单维数组对象的元素", thisMethodTag = "aTaintCase0016", thisMethodExpectedResult = true ) @@ -480,7 +480,7 @@ public Map aTaintCase0016(@RequestBody SourceTestObject[] cmd) { @PostMapping("case00926") @CaseTag( caseNo ="aTaintCase00926", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->数组(数组全为污点)->多维数组对象的元素", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->数组(数组对象全为污点)->多维数组对象的元素", thisMethodTag = "aTaintCase00926", thisMethodExpectedResult = true ) @@ -503,7 +503,7 @@ public Map aTaintCase00926(@RequestBody SourceTestObject[][] cmd /** - * 对象字段->单层字段(10)@aTaintCase00921 + * 对象字段->单层字段->10@aTaintCase00921 * * @param cmd * @return @@ -511,7 +511,7 @@ public Map aTaintCase00926(@RequestBody SourceTestObject[][] cmd @PostMapping("case00921") @CaseTag( caseNo ="aTaintCase00921", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->自定义对象->对象字段->单层字段(10)", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->自定义对象->对象字段->单层字段->10", thisMethodTag = "aTaintCase00921", thisMethodExpectedResult = true ) @@ -529,7 +529,7 @@ public Map aTaintCase00921(@RequestBody SourceTestWith10Filedsbj @PostMapping("case00921/2") @CaseTag( caseNo ="aTaintCase00921", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->自定义对象->对象字段->单层字段(10)", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->自定义对象->对象字段->单层字段->10", thisMethodTag = "aTaintCase00921_2", thisMethodExpectedResult = true ) @@ -547,7 +547,7 @@ public Map aTaintCase00921_2(@RequestBody SourceTestWith10Fileds @PostMapping("case00921/3") @CaseTag( caseNo ="aTaintCase00921", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->自定义对象->对象字段->单层字段(10)", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->自定义对象->对象字段->单层字段->10", thisMethodTag = "aTaintCase00921_3", thisMethodExpectedResult = true ) @@ -563,7 +563,7 @@ public Map aTaintCase00921_3(@RequestBody SourceTestWith10Fileds } /** - * 对象字段->单层字段(100)@aTaintCase00921 + * 对象字段->单层字段->100@aTaintCase00921 * * @param cmd * @return @@ -571,7 +571,7 @@ public Map aTaintCase00921_3(@RequestBody SourceTestWith10Fileds @PostMapping("case00922") @CaseTag( caseNo ="aTaintCase00922", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->自定义对象->对象字段->单层字段(100)", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->自定义对象->对象字段->单层字段->100", thisMethodTag = "aTaintCase00922", thisMethodExpectedResult = true ) @@ -590,7 +590,7 @@ public Map aTaintCase00922(@RequestBody SourceTestWith100Filedsb @PostMapping("case00922/2") @CaseTag( caseNo ="aTaintCase00922", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->自定义对象->对象字段->单层字段(100)", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->自定义对象->对象字段->单层字段->100", thisMethodTag = "aTaintCase00922_2", thisMethodExpectedResult = true ) @@ -608,7 +608,7 @@ public Map aTaintCase00922_2(@RequestBody SourceTestWith100Filed @PostMapping("case00922/3") @CaseTag( caseNo ="aTaintCase00922", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->自定义对象->对象字段->单层字段(100)", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->自定义对象->对象字段->单层字段->100", thisMethodTag = "aTaintCase00922_3", thisMethodExpectedResult = true ) @@ -625,7 +625,7 @@ public Map aTaintCase00922_3(@RequestBody SourceTestWith100Filed @PostMapping("case00923") @CaseTag( caseNo ="aTaintCase00923", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->自定义对象->对象字段->多层字段(3)", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->自定义对象->对象字段->多层字段->3层", thisMethodTag = "aTaintCase00923", thisMethodExpectedResult = true ) @@ -642,7 +642,7 @@ public Map aTaintCase00923(@RequestBody LayerBaseBean2 cmd) { @PostMapping("case00923/2") @CaseTag( caseNo ="aTaintCase00923", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->自定义对象->对象字段->多层字段(3)", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->自定义对象->对象字段->多层字段->3层", thisMethodTag = "aTaintCase00923_2", thisMethodExpectedResult = true ) @@ -659,7 +659,7 @@ public Map aTaintCase00923_2(@RequestBody LayerBaseBean2 cmd) { @PostMapping("case00923/3") @CaseTag( caseNo ="aTaintCase00923", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->自定义对象->对象字段->多层字段(3)", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->自定义对象->对象字段->多层字段->3层", thisMethodTag = "aTaintCase00923_3", thisMethodExpectedResult = true ) @@ -677,7 +677,7 @@ public Map aTaintCase00923_3(@RequestBody LayerBaseBean2 cmd) { @PostMapping("case00924") @CaseTag( caseNo ="aTaintCase00924", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->自定义对象->对象字段->多层字段(10)", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->自定义对象->对象字段->多层字段->10层", thisMethodTag = "aTaintCase00924", thisMethodExpectedResult = true ) @@ -694,7 +694,7 @@ public Map aTaintCase00924(@RequestBody LayerBaseBean9 cmd) { @PostMapping("case00924/2") @CaseTag( caseNo ="aTaintCase00924", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->自定义对象->对象字段->多层字段(10)", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->自定义对象->对象字段->多层字段->10层", thisMethodTag = "aTaintCase00924_2", thisMethodExpectedResult = true ) @@ -711,7 +711,7 @@ public Map aTaintCase00924_2(@RequestBody LayerBaseBean9 cmd) { @PostMapping("case00924/3") @CaseTag( caseNo ="aTaintCase00924", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->自定义对象->对象字段->多层字段(10)", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->自定义对象->对象字段->多层字段->10层", thisMethodTag = "aTaintCase00924_3", thisMethodExpectedResult = true ) @@ -729,7 +729,7 @@ public Map aTaintCase00924_3(@RequestBody LayerBaseBean9 cmd) { @PostMapping("case00925") @CaseTag( caseNo ="aTaintCase00925", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->自定义对象->对象字段->污点来自父类", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->自定义对象->对象字段->污点为父类字段", thisMethodTag = "aTaintCase00925", thisMethodExpectedResult = true ) @@ -746,7 +746,7 @@ public Map aTaintCase00925(@RequestBody LayerBaseBean2 cmd) { @PostMapping("case00925/2") @CaseTag( caseNo ="aTaintCase00925", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->自定义对象->对象字段->污点来自父类", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->自定义对象->对象字段->污点为父类字段", thisMethodTag = "aTaintCase00925_2", thisMethodExpectedResult = true ) diff --git a/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase002.java b/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase002.java index 60a07e03..8c5d89f6 100644 --- a/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase002.java +++ b/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase002.java @@ -69,7 +69,7 @@ public Map aTaintCase0022(@RequestParam String cmd) { @PostMapping("case0023") @CaseTag( caseNo ="aTaintCase0023", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->特殊链路跟踪能力->超长链路追踪(100层)", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->特殊链路跟踪能力->超长链路追踪->100层", thisMethodTag = "aTaintCase0023", thisMethodExpectedResult = true ) @@ -99,7 +99,7 @@ public Map aTaintCase0023(@RequestBody String cmd) { @PostMapping("case00931") @CaseTag( caseNo ="aTaintCase00931", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->特殊链路跟踪能力->超长链路追踪(1000层)", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->特殊链路跟踪能力->超长链路追踪->1000层", thisMethodTag = "aTaintCase00931", thisMethodExpectedResult = true ) @@ -322,7 +322,7 @@ public Map aTaintCase0027(HttpServletRequest request, @RequestPa @PostMapping("case0033") @CaseTag( caseNo ="aTaintCase0033", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点来源识别能力(source)->污点来自http body->*json", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点来源识别能力(source)->污点来自http body->json@RequestBody", thisMethodTag = "aTaintCase0033", thisMethodExpectedResult = true ) @@ -347,7 +347,7 @@ public Map aTaintCase0033(@RequestBody Map json) @ResponseBody @CaseTag( caseNo ="aTaintCase0034", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点来源识别能力(source)->污点来自http body->*xml", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点来源识别能力(source)->污点来自http body->xml/getInputStream", thisMethodTag = "aTaintCase0034", thisMethodExpectedResult = true ) @@ -371,7 +371,7 @@ public Map aTaintCase0034(@RequestBody TicketRequest ticketReque @PostMapping(value = "case0035") @CaseTag( caseNo ="aTaintCase0035", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点来源识别能力(source)->污点来自http body->multipart/form-data getPart", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点来源识别能力(source)->污点来自http body->multipart/form-data->getPart", thisMethodTag = "aTaintCase0035", thisMethodExpectedResult = true ) @@ -398,7 +398,7 @@ public Map aTaintCase0035(@RequestParam MultipartFile file, Http @PostMapping(value = "case0036") @CaseTag( caseNo ="aTaintCase0036", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点来源识别能力(source)->污点来自http body->multipart/form-data getParts", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点来源识别能力(source)->污点来自http body->multipart/form-data->getParts", thisMethodTag = "aTaintCase0036", thisMethodExpectedResult = true ) @@ -425,7 +425,7 @@ public Map aTaintCase0036(@RequestParam MultipartFile file, Http @PostMapping(value = "case0037") @CaseTag( caseNo ="aTaintCase0037", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点来源识别能力(source)->污点来自http body->form/url-encode getParameter", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点来源识别能力(source)->污点来自http body->form/url-encode->getParameter", thisMethodTag = "aTaintCase0037", thisMethodExpectedResult = true ) @@ -451,7 +451,7 @@ public Map aTaintCase0037(@RequestParam("cmd") String cmd, HttpS @PostMapping(value = "case0038") @CaseTag( caseNo ="aTaintCase0038", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点来源识别能力(source)->污点来自http body->form/url-encode getParameterMap", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点来源识别能力(source)->污点来自http body->form/url-encode->getParameterMap", thisMethodTag = "aTaintCase0038", thisMethodExpectedResult = true ) @@ -477,7 +477,7 @@ public Map aTaintCase0038(@RequestParam("cmd") String cmd, HttpS @PostMapping(value = "case0039") @CaseTag( caseNo ="aTaintCase0039", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点来源识别能力(source)->污点来自http body->form/url-encode getParameterValues", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点来源识别能力(source)->污点来自http body->form/url-encode->getParameterValues", thisMethodTag = "aTaintCase0039", thisMethodExpectedResult = true ) @@ -503,7 +503,7 @@ public Map aTaintCase0039(@RequestParam("cmd") String cmd, HttpS @PostMapping(value = "case0040") @CaseTag( caseNo ="aTaintCase0040", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点来源识别能力(source)->污点来自http body->form/url-encode getParameterNames", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点来源识别能力(source)->污点来自http body->form/url-encode->getParameterNames", thisMethodTag = "aTaintCase0040", thisMethodExpectedResult = true ) @@ -623,7 +623,7 @@ public Map aTaintCase0044(@PathVariable String cmd) { @PostMapping(value = "case0045") @CaseTag( caseNo ="aTaintCase0045", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点来源识别能力(source)->污点来自http header getCookies", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点来源识别能力(source)->污点来自http header->getCookies", thisMethodTag = "aTaintCase0045", thisMethodExpectedResult = true ) @@ -649,7 +649,7 @@ public Map aTaintCase0045(HttpServletRequest request) { @PostMapping(value = "case0046") @CaseTag( caseNo ="aTaintCase0046", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点来源识别能力(source)->污点来自http header getHeader", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点来源识别能力(source)->污点来自http header->getHeader", thisMethodTag = "aTaintCase0046", thisMethodExpectedResult = true ) @@ -674,7 +674,7 @@ public Map aTaintCase0046(HttpServletRequest request) { @PostMapping(value = "case0047") @CaseTag( caseNo ="aTaintCase0047", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点来源识别能力(source)->污点来自http header getHeaders", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点来源识别能力(source)->污点来自http header->getHeaders", thisMethodTag = "aTaintCase0047", thisMethodExpectedResult = true ) @@ -699,7 +699,7 @@ public Map aTaintCase0047(HttpServletRequest request) { @PostMapping(value = "case00139") @CaseTag( caseNo ="aTaintCase00139", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点来源识别能力(source)->污点来自http header getHeaderNames", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点来源识别能力(source)->污点来自http header->getHeaderNames", thisMethodTag = "aTaintCase00139", thisMethodExpectedResult = true ) @@ -1889,7 +1889,7 @@ public Map aTaintCase0093(@RequestParam String cmd) { @PostMapping(value = "case0094") @CaseTag( caseNo ="aTaintCase0094", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点传播跟踪能力->传播场景->char[],byte[]操作-->copyOfRange", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点传播跟踪能力->传播场景->char[],byte[]操作->copyOfRange", thisMethodTag = "aTaintCase0094", thisMethodExpectedResult = true ) @@ -2314,7 +2314,7 @@ public Map aTaintCase00932(@RequestBody SourceTestObject sourceT @PostMapping(value = "case00141") @CaseTag( caseNo ="aTaintCase00141", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点无害化处理能力sanitizer->sanitizer方法特性支持->污点直接赋值为硬编码值", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点无害化处理能力(sanitizer)->污点直接赋值为硬编码值", thisMethodTag = "aTaintCase00141", thisMethodExpectedResult = false ) @@ -2329,7 +2329,7 @@ public Map aTaintCase00141(@RequestParam String cmd) { @PostMapping(value = "case00141/1") @CaseTag( caseNo ="aTaintCase00141", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点无害化处理能力sanitizer->sanitizer方法特性支持->污点直接赋值为硬编码值", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点无害化处理能力(sanitizer)->污点直接赋值为硬编码值", thisMethodTag = "aTaintCase00141_1", thisMethodExpectedResult = true ) @@ -2346,7 +2346,7 @@ public Map aTaintCase00141_1(@RequestParam String cmd) { @PostMapping(value = "case00103/2") @CaseTag( caseNo ="aTaintCase00103", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点无害化处理能力sanitizer->sanitizer支持区分类型", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点无害化处理能力(sanitizer)->sanitizer支持区分类型", thisMethodTag = "aTaintCase00103_2", thisMethodExpectedResult = true ) @@ -2365,7 +2365,7 @@ public Map aTaintCase00103_2(@RequestParam String cmd) { @PostMapping(value = "case00103/1") @CaseTag( caseNo ="aTaintCase00103", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点无害化处理能力sanitizer->sanitizer支持区分类型", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点无害化处理能力(sanitizer)->sanitizer支持区分类型", thisMethodTag = "aTaintCase00103_1", thisMethodExpectedResult = true ) @@ -2379,7 +2379,7 @@ public Map aTaintCase00103_1(@RequestParam String cmd) { @PostMapping(value = "case00103") @CaseTag( caseNo ="aTaintCase00103", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点无害化处理能力sanitizer->sanitizer支持区分类型", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点无害化处理能力(sanitizer)->sanitizer支持区分类型", thisMethodTag = "aTaintCase00103", thisMethodExpectedResult = false ) @@ -2397,7 +2397,7 @@ public Map aTaintCase00103(@RequestParam String cmd) { @PostMapping(value = "case00104") @CaseTag( caseNo ="aTaintCase00104", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点无害化处理能力sanitizer->触发sink后再执行sanitizer", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点无害化处理能力(sanitizer)->触发sink后再执行sanitizer", thisMethodTag = "aTaintCase00104", thisMethodExpectedResult = true ) @@ -2412,7 +2412,7 @@ public Map aTaintCase00104(@RequestParam String cmd) { @PostMapping(value = "case00104/1") @CaseTag( caseNo ="aTaintCase00104", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点无害化处理能力sanitizer->触发sink后再执行sanitizer", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点无害化处理能力(sanitizer)->触发sink后再执行sanitizer", thisMethodTag = "aTaintCase00104_1", thisMethodExpectedResult = false ) @@ -2427,7 +2427,7 @@ public Map aTaintCase00104_1(@RequestParam String cmd) { @PostMapping(value = "case00104/2") @CaseTag( caseNo ="aTaintCase00104", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点无害化处理能力sanitizer->触发sink后再执行sanitizer", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点无害化处理能力(sanitizer)->触发sink后再执行sanitizer", thisMethodTag = "aTaintCase00104_2", thisMethodExpectedResult = true ) @@ -2445,7 +2445,7 @@ public Map aTaintCase00104_2(@RequestParam String cmd) { @PostMapping(value = "case00105") @CaseTag( caseNo ="aTaintCase00105", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点无害化处理能力sanitizer->支持自定义unSanitizer(再次污点化)", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点无害化处理能力(sanitizer)->支持自定义unSanitizer(再次污点化)", thisMethodTag = "aTaintCase00105", thisMethodExpectedResult = true ) @@ -2460,7 +2460,7 @@ public Map aTaintCase00105(@RequestParam String cmd) { @PostMapping(value = "case00105/1") @CaseTag( caseNo ="aTaintCase00105", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点无害化处理能力sanitizer->支持自定义unSanitizer(再次污点化)", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点无害化处理能力(sanitizer)->支持自定义unSanitizer(再次污点化)", thisMethodTag = "aTaintCase00105_1", thisMethodExpectedResult = false ) @@ -2476,7 +2476,7 @@ public Map aTaintCase00105_1(@RequestParam String cmd) { @PostMapping(value = "case00105/2") @CaseTag( caseNo ="aTaintCase00105", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点无害化处理能力sanitizer->支持自定义unSanitizer(再次污点化)", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点无害化处理能力(sanitizer)->支持自定义unSanitizer(再次污点化)", thisMethodTag = "aTaintCase00105_2", thisMethodExpectedResult = true ) diff --git a/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase003.java b/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase003.java index c783b228..d86977ff 100644 --- a/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase003.java +++ b/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase003.java @@ -255,14 +255,14 @@ public Map aTaintCase00120(@RequestParam String cmd) { } /** - * aTaintCase00121 跨进城跟踪能力->sofa tr(阿里内部)->单次rpc调用触发sink + * aTaintCase00121 跨进程跟踪能力->调用方式->sofa tr(阿里内部)->单次rpc调用触发sink */ /** - * aTaintCase00122 跨进城跟踪能力->sofa tr(阿里内部)->跨多个应用rpc 触发sink + * aTaintCase00122 跨进程跟踪能力->调用方式->sofa tr(阿里内部)->跨多个应用rpc 触发sink */ /** - * aTaintCase00123 跨进城跟踪能力->http->单次http调用触发sink + * aTaintCase00123 跨进程跟踪能力->调用方式->调用方式->http->单次http调用触发sink */ @PostMapping(value = "case00123") public Map aTaintCase00123(@RequestParam String cmd,@RequestParam String auto_check_start_time) { @@ -276,7 +276,7 @@ public Map aTaintCase00123(@RequestParam String cmd,@RequestPara @PostMapping(value = "case00123/2") @CaseTag( caseNo ="aTaintCase00123", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->跨进城跟踪能力->http->跨一层进程调用", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->跨进程跟踪能力->调用方式->http->跨一层进程调用", thisMethodTag = "aTaintCase00123_2", thisMethodExpectedResult = true ) @@ -292,7 +292,7 @@ public Map aTaintCase00123_2(@RequestParam String cmd,@RequestPa } /** - * aTaintCase00124 跨进城跟踪能力->http->跨多个应用http触发sink + * aTaintCase00124 跨进程跟踪能力->调用方式->http->跨多个应用http触发sink */ @PostMapping(value = "case00124") @@ -316,7 +316,7 @@ public Map aTaintCase00124_2(@RequestParam String cmd,@RequestPa @PostMapping(value = "case00124/3") @CaseTag( caseNo ="aTaintCase00124", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->跨进城跟踪能力->http->跨多层进程调用", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->跨进程跟踪能力->调用方式->http->跨多层进程调用", thisMethodTag = "aTaintCase00124_3", thisMethodExpectedResult = true ) @@ -336,4 +336,27 @@ public Map aTaintCase00124_3(@RequestParam String cmd,@RequestPa * TODO 需要多工程之间的调用,暂无case作为单独工程调用验证 */ + @PostMapping(value = "case001241") + @CaseTag( + caseNo ="aTaintCase001241", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->跨进程跟踪能力->调用方式->rpc(至少支持一种框架:Sofa/SpringCloud/Dubbo/gRpc/HSF)->跨一层进程间调用(暂无实现)", + thisMethodTag = "aTaintCase001241", + thisMethodExpectedResult = true + ) + public Map aTaintCase001241() { + //TODO + return null; + } + @PostMapping(value = "case001242") + @CaseTag( + caseNo ="aTaintCase001242", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->跨进程跟踪能力->调用方式->rpc(至少支持一种框架:Sofa/SpringCloud/Dubbo/gRpc/HSF)->跨多层进程间调用(暂无实现)", + thisMethodTag = "aTaintCase001242", + thisMethodExpectedResult = true + ) + public Map aTaintCase001242() { + //TODO + return null; + } + } diff --git a/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase004.java b/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase004.java index 2ef0dacc..91158220 100644 --- a/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase004.java +++ b/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase004.java @@ -78,13 +78,13 @@ public Map aTaintCase00125_2(@RequestParam String cmd1, @Request } /** - * aTaintCase00126 污点对象跟踪粒度->字段/元素级别->对象字段->单层简单对象部分字段为污点 + * aTaintCase00126 污点对象跟踪粒度->字段/元素级别->部分字段对象为污点->单层简单对象部分字段为污点 * /2为参照组,期望case被检测出,参照组不被检测出 */ @PostMapping(value = "case00126") @CaseTag( caseNo = "aTaintCase00126", - caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->对象字段->单层简单对象部分字段为污点", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->部分字段对象为污点->单层简单对象部分字段为污点", thisMethodTag = "aTaintCase00126", thisMethodExpectedResult = true ) @@ -105,7 +105,7 @@ public Map aTaintCase00126(@RequestParam String cmd) { @PostMapping(value = "case00126/2") @CaseTag( caseNo = "aTaintCase00126", - caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->对象字段->单层简单对象部分字段为污点", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->部分字段对象为污点->单层简单对象部分字段为污点", thisMethodTag = "aTaintCase00126_2", thisMethodExpectedResult = false ) @@ -124,12 +124,12 @@ public Map aTaintCase00126_2(@RequestParam String cmd) { } /** - * aTaintCase00127 污点对象跟踪粒度->字段/元素级别->对象字段->多层复杂对象部分字段为污点->污点来自父类 + * aTaintCase00127 污点对象跟踪粒度->字段/元素级别->部分字段对象为污点->多层复杂对象部分字段为污点->污点来自父类 */ @PostMapping(value = "case00127") @CaseTag( caseNo = "aTaintCase00127", - caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->对象字段->多层复杂对象部分字段为污点->污点来自父类", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->部分字段对象为污点->多层复杂对象部分字段为污点->污点来自父类", thisMethodTag = "aTaintCase00127", thisMethodExpectedResult = true ) @@ -152,7 +152,7 @@ public Map aTaintCase00127(@RequestParam String cmd) { @PostMapping(value = "case00127/2") @CaseTag( caseNo = "aTaintCase00127", - caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->对象字段->多层复杂对象部分字段为污点->污点来自父类", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->部分字段对象为污点->多层复杂对象部分字段为污点->污点来自父类", thisMethodTag = "aTaintCase00127_2", thisMethodExpectedResult = false ) @@ -173,12 +173,12 @@ public Map aTaintCase00127_2(@RequestParam String cmd) { } /** - * aTaintCase00128 污点对象跟踪粒度->字段/元素级别->对象字段->多层复杂对象部分字段为污点->污点来自子类 + * aTaintCase00128 污点对象跟踪粒度->字段/元素级别->部分字段对象为污点->多层复杂对象部分字段为污点->污点来自子类 */ @PostMapping(value = "case00128") @CaseTag( caseNo = "aTaintCase00128", - caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->对象字段->多层复杂对象部分字段为污点->污点来当前类字段", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->部分字段对象为污点->多层复杂对象部分字段为污点->污点来当前类字段", thisMethodTag = "aTaintCase00128", thisMethodExpectedResult = true ) @@ -201,7 +201,7 @@ public Map aTaintCase00128(@RequestParam String cmd) { @PostMapping(value = "case00128/2") @CaseTag( caseNo = "aTaintCase00128", - caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->对象字段->多层复杂对象部分字段为污点->污点来当前类字段", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->部分字段对象为污点->多层复杂对象部分字段为污点->污点来当前类字段", thisMethodTag = "aTaintCase00128_2", thisMethodExpectedResult = false ) @@ -223,12 +223,12 @@ public Map aTaintCase00128_2(@RequestParam String cmd) { } /** - * aTaintCase00129 污点对象跟踪粒度->字段/元素级别->数组元素->单维数组中的部分元素为污点 + * aTaintCase00129 污点对象跟踪粒度->字段/元素级别->部分数据元素为污点->单维数组中的部分元素为污点 */ @PostMapping(value = "case00129") @CaseTag( caseNo = "aTaintCase00129", - caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->数组元素->单维数组中的部分元素为污点", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->部分数据元素为污点->单维数组中的部分元素为污点", thisMethodTag = "aTaintCase00129", thisMethodExpectedResult = true ) @@ -251,7 +251,7 @@ public Map aTaintCase00129(@RequestParam String cmd) { @PostMapping(value = "case00129/2") @CaseTag( caseNo = "aTaintCase00129", - caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->数组元素->单维数组中的部分元素为污点", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->部分数据元素为污点->单维数组中的部分元素为污点", thisMethodTag = "aTaintCase00129", thisMethodExpectedResult = false ) @@ -271,12 +271,12 @@ public Map aTaintCase00129_2(@RequestParam String cmd) { } /** - * aTaintCase00130 污点对象跟踪粒度->字段/元素级别->数组元素->多维数组中的部分元素为污点 + * aTaintCase00130 污点对象跟踪粒度->字段/元素级别->部分数据元素为污点->多维数组中的部分元素为污点 */ @PostMapping(value = "case00130") @CaseTag( caseNo = "aTaintCase00130", - caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->数组元素->多维数组中的部分元素为污点", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->部分数据元素为污点->多维数组中的部分元素为污点", thisMethodTag = "aTaintCase00130", thisMethodExpectedResult = true ) @@ -302,7 +302,7 @@ public Map aTaintCase00130(@RequestBody String[][] strings) { @PostMapping(value = "case00130/2") @CaseTag( caseNo = "aTaintCase00130", - caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->数组元素->多维数组中的部分元素为污点", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->部分数据元素为污点->多维数组中的部分元素为污点", thisMethodTag = "aTaintCase00130_2", thisMethodExpectedResult = false ) @@ -321,13 +321,13 @@ public Map aTaintCase00130_2(@RequestBody String[][] strings) { } /** - * aTaintCase00131 污点对象跟踪粒度->字段/元素级别->数组元素->部分元素为污点,序列化后再反序列化 + * aTaintCase00131 污点对象跟踪粒度->字段/元素级别->部分数据元素为污点->部分元素为污点,序列化后再反序列化 */ @PostMapping(value = "case00131") @CaseTag( caseNo = "aTaintCase00131", - caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->数组元素->部分元素为污点,经过JDK序列化后再反序列化", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->部分数据元素为污点->部分元素为污点,经过JDK序列化后再反序列化", thisMethodTag = "aTaintCase00131", thisMethodExpectedResult = true ) @@ -352,7 +352,7 @@ public Map aTaintCase00131(@RequestBody String[][] strings) { @PostMapping(value = "case00131/2") @CaseTag( caseNo = "aTaintCase00131", - caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->数组元素->部分元素为污点,经过JDK序列化后再反序列化", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->部分数据元素为污点->部分元素为污点,经过JDK序列化后再反序列化", thisMethodTag = "aTaintCase00131_2", thisMethodExpectedResult = false ) @@ -375,12 +375,12 @@ public Map aTaintCase00131_2(@RequestBody String[][] strings) { } /** - * aTaintCase00132 污点对象跟踪粒度->字段/元素级别->集合元素->List中部分元素为污点 + * aTaintCase00132 污点对象跟踪粒度->字段/元素级别->部分集合元素为污点->List中部分元素为污点 */ @PostMapping(value = "case00132") @CaseTag( caseNo = "aTaintCase00132", - caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->集合元素->List中部分元素为污点", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->部分集合元素为污点->List中部分元素为污点", thisMethodTag = "aTaintCase00132", thisMethodExpectedResult = true ) @@ -400,7 +400,7 @@ public Map aTaintCase00132(@RequestBody List stringList) @PostMapping(value = "case00132/2") @CaseTag( caseNo = "aTaintCase00132", - caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->集合元素->List中部分元素为污点", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->部分集合元素为污点->List中部分元素为污点", thisMethodTag = "aTaintCase00132_2", thisMethodExpectedResult = false ) @@ -418,12 +418,12 @@ public Map aTaintCase00132_2(@RequestBody List stringLis } /** - * aTaintCase00133 污点对象跟踪粒度->字段/元素级别->集合元素->Map中部分元素为污点 + * aTaintCase00133 污点对象跟踪粒度->字段/元素级别->部分集合元素为污点->Map中部分元素为污点 */ @PostMapping(value = "case00133") @CaseTag( caseNo = "aTaintCase00133", - caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->集合元素->Map中部分元素为污点", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->部分集合元素为污点->Map中部分元素为污点", thisMethodTag = "aTaintCase00133", thisMethodExpectedResult = true ) @@ -445,7 +445,7 @@ public Map aTaintCase00133(@RequestBody Map map) @PostMapping(value = "case00133/2") @CaseTag( caseNo = "aTaintCase00133", - caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->集合元素->Map中部分元素为污点", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->部分集合元素为污点->Map中部分元素为污点", thisMethodTag = "aTaintCase00133_2", thisMethodExpectedResult = false ) @@ -463,12 +463,12 @@ public Map aTaintCase00133_2(@RequestBody Map ma } /** - * aTaintCase00134 污点对象跟踪粒度->字段/元素级别->集合元素->Set中部分元素为污点 + * aTaintCase00134 污点对象跟踪粒度->字段/元素级别->部分集合元素为污点->Set中部分元素为污点 */ @PostMapping(value = "case00134") @CaseTag( caseNo = "aTaintCase00134", - caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->集合元素->Set中部分元素为污点", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->部分集合元素为污点->Set中部分元素为污点", thisMethodTag = "aTaintCase00134", thisMethodExpectedResult = true ) @@ -493,7 +493,7 @@ public Map aTaintCase00134(@RequestBody SoureWithSetBean setBean @PostMapping(value = "case00134/2") @CaseTag( caseNo = "aTaintCase00134", - caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->集合元素->Set中部分元素为污点", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->部分集合元素为污点->Set中部分元素为污点", thisMethodTag = "aTaintCase00134", thisMethodExpectedResult = false ) @@ -516,12 +516,12 @@ public Map aTaintCase00134_2(@RequestBody SoureWithSetBean setBe } /** - * aTaintCase00135 污点对象跟踪粒度->字段/元素级别->集合元素->Queue中部分元素为污点 + * aTaintCase00135 污点对象跟踪粒度->字段/元素级别->部分集合元素为污点->Queue中部分元素为污点 */ @PostMapping(value = "case00135") @CaseTag( caseNo = "aTaintCase00135", - caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->集合元素->Queue中部分元素为污点", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->部分集合元素为污点->Queue中部分元素为污点", thisMethodTag = "aTaintCase00135", thisMethodExpectedResult = true ) @@ -546,7 +546,7 @@ public Map aTaintCase00135(@RequestBody SoureWithQueueBean queue @PostMapping(value = "case00135/2") @CaseTag( caseNo = "aTaintCase00135", - caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->集合元素->Queue中部分元素为污点", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->部分集合元素为污点->Queue中部分元素为污点", thisMethodTag = "aTaintCase00135", thisMethodExpectedResult = false ) @@ -569,13 +569,13 @@ public Map aTaintCase00135_2(@RequestBody SoureWithQueueBean que } /** - * aTaintCase00136 污点对象跟踪粒度->字段/元素级别->集合元素->集合中部分元素为污点,序列化后再反序列化 + * aTaintCase00136 污点对象跟踪粒度->字段/元素级别->部分集合元素为污点->集合中部分元素为污点,序列化后再反序列化 */ @PostMapping(value = "case00136") @CaseTag( caseNo = "aTaintCase00136", - caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->集合元素->集合中部分元素为污点,经过JDK序列化后再反序列化", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->部分集合元素为污点->集合中部分元素为污点,经过JDK序列化后再反序列化", thisMethodTag = "aTaintCase00136", thisMethodExpectedResult = true ) @@ -602,7 +602,7 @@ public Map aTaintCase00136(@RequestBody List list) { @PostMapping(value = "case00136/2") @CaseTag( caseNo = "aTaintCase00136", - caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->集合元素->集合中部分元素为污点,经过JDK序列化后再反序列化", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->部分集合元素为污点->集合中部分元素为污点,经过JDK序列化后再反序列化", thisMethodTag = "aTaintCase00136", thisMethodExpectedResult = false ) @@ -1830,7 +1830,7 @@ public Map aTaintCase00960_2(@RequestParam String cmd) { @PostMapping(value = "case00142") @CaseTag( caseNo = "aTaintCase00142", - caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->对象字段->多层复杂对象部分字段为污点->对象部分字段为污点,经过JDK序列化后再反序列化", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->部分字段对象为污点->对象部分字段为污点,经过JDK序列化后再反序列化", thisMethodTag = "aTaintCase00142", thisMethodExpectedResult = true ) @@ -1854,7 +1854,7 @@ public Map aTaintCase00142(@RequestBody SourceTestObject testObj @PostMapping(value = "case00142/2") @CaseTag( caseNo = "aTaintCase00142", - caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->对象字段->多层复杂对象部分字段为污点->对象部分字段为污点,经过JDK序列化后再反序列化", + caseFullName = "IAST引擎能力评估体系(JAVA)->准确度->污点对象跟踪粒度->字段/元素级别->部分字段对象为污点->对象部分字段为污点,经过JDK序列化后再反序列化", thisMethodTag = "aTaintCase00142_2", thisMethodExpectedResult = true ) diff --git a/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintOtherCasesForxind.java b/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintOtherCasesForxind.java new file mode 100644 index 00000000..3184f743 --- /dev/null +++ b/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintOtherCasesForxind.java @@ -0,0 +1,5 @@ +package com.iast.astbenchmark.cases; + +public class AstTaintOtherCasesForxind { + +} diff --git a/iast-java/src/main/java/com/iast/astbenchmark/cli/MyCommands.java b/iast-java/src/main/java/com/iast/astbenchmark/cli/IastBenchmarkCommand.java similarity index 84% rename from iast-java/src/main/java/com/iast/astbenchmark/cli/MyCommands.java rename to iast-java/src/main/java/com/iast/astbenchmark/cli/IastBenchmarkCommand.java index 9c522525..6c54b909 100644 --- a/iast-java/src/main/java/com/iast/astbenchmark/cli/MyCommands.java +++ b/iast-java/src/main/java/com/iast/astbenchmark/cli/IastBenchmarkCommand.java @@ -6,6 +6,7 @@ import com.iast.astbenchmark.analyser.bean.consts.VendorEnum; import com.iast.astbenchmark.analyser.service.ConfigService; import com.iast.astbenchmark.analyser.service.DataAnalysisService; +import com.iast.astbenchmark.analyser.util.MermindUtil; import com.iast.astbenchmark.cli.test.AutoRunTest; import com.iast.astbenchmark.cli.xmind.XmindUtil; import lombok.extern.slf4j.Slf4j; @@ -27,7 +28,7 @@ @ShellComponent @Slf4j -public class MyCommands { +public class IastBenchmarkCommand { @Autowired private DataAnalysisService dataAnalysisService; @@ -42,7 +43,7 @@ public PromptProvider promptProvider() { * 1 run Test ? */ - @ShellMethod("-v :input vendor;-p :input file;-c :input checkFlag;-o :result to file") + @ShellMethod("分析iast软件的跑测结果 -v :input vendor;-p :input file;-c :input checkFlag;-o :result to file") public String analysis(@ShellOption("-v") String vendor , @ShellOption(defaultValue = "", value = "-p") String path, @ShellOption(defaultValue = "", value = "-c") String checkFlag, @ShellOption(defaultValue = "", value = "-o") String resultFile) { @@ -77,7 +78,7 @@ public String analysis(@ShellOption("-v") String vendor } } - @ShellMethod("-i :input reportId;-o :result to file;-l list ;-x export results(xmind,plain txt...)") + @ShellMethod("查询已跑测的结果报告 -i :input reportId;-o :result to file;-l list ;-x export results(xmind,plain txt...)") public String search(@ShellOption(value = {"-i"}, defaultValue = "") String reportId, @ShellOption(defaultValue = "", value = "-o") String resultFile , @ShellOption(defaultValue = "", value = "-l") String listId, @@ -111,7 +112,7 @@ public String search(@ShellOption(value = {"-i"}, defaultValue = "") String repo return "请根据提示输入操作"; } - @ShellMethod("-a :input reportId1;-b: input reportId2;-o:result to file; (compare reportId1 to reportId2)") + @ShellMethod("对比两次跑测报告的差异 -a :input reportId1;-b: input reportId2;-o:result to file; (compare reportId1 to reportId2)") public String compare(@ShellOption(value = "-a") String reportId1, @ShellOption(value = "-b") String reportId2, @ShellOption(defaultValue = "", value = "-o") String resultFile) { try { @@ -134,7 +135,7 @@ public String compare(@ShellOption(value = "-a") String reportId1, @ShellOption( } } - @ShellMethod("-m :input MethodName(Which is CaseTag. eg:aTaintCase001);-i: input benchmark host (eg: http://localhost:39100/)") + @ShellMethod("跑测靶场 -m :input MethodName(Which is CaseTag. eg:aTaintCase001);-i: input benchmark host (eg: http://localhost:39100/)") public String runtest(@ShellOption(value = {"-m"}, defaultValue = "") String methodName, @ShellOption(defaultValue = "", value = "-i") String url) { @@ -150,7 +151,27 @@ public String runtest(@ShellOption(value = {"-m"}, defaultValue = "") String met } } + @ShellMethod("导出评价体系脑图(mermind格式) -o :mermind scripts to md file") + public String mermind(@ShellOption(defaultValue = "", value = "-o") String resultFile) { + + try { + if(StrUtil.isNotEmpty(resultFile)&&resultFile.endsWith(".md")){ + return "ERROR:请输入以md结尾的markdown文档"; + } + String res = MermindUtil.printMermindScript(); + if(StrUtil.isNotEmpty(resultFile)){ + FileUtil.writeString(res, resultFile, Charset.forName("utf-8")); + return "结果已写入文件" + resultFile + "请查看"; + } + return res; + } catch (Exception e) { + log.error("跑测异常:{}", e); + return "ERROR:跑测异常"; + } + } + private String checkParamSearch(String reportId, String resultFile, String vendor, Boolean exportFlag) { + if (StrUtil.isNotEmpty(reportId) && StrUtil.isNotEmpty(vendor)) { return "请选择输入一个操作 -i or -l"; } diff --git a/iast-java/src/main/java/com/iast/astbenchmark/cli/tree/CaseNode.java b/iast-java/src/main/java/com/iast/astbenchmark/cli/tree/CaseNode.java index e3475dbf..05e898d3 100644 --- a/iast-java/src/main/java/com/iast/astbenchmark/cli/tree/CaseNode.java +++ b/iast-java/src/main/java/com/iast/astbenchmark/cli/tree/CaseNode.java @@ -9,15 +9,11 @@ @Data @Builder public class CaseNode { - /** - * 类型 - */ - private CaseNodeType type; /** * 基础数据 */ - private Integer id; + private String id; private String name; private Integer deepth; @@ -27,6 +23,12 @@ public class CaseNode { private CaseNode parent; private List children; + /** + * 类型 + */ + private CaseNodeType type; + + /** * 以上为存储结构 * children 叶子节点数据区 diff --git a/iast-java/src/main/java/com/iast/astbenchmark/cli/tree/CaseNodeTreeUtil.java b/iast-java/src/main/java/com/iast/astbenchmark/cli/tree/CaseNodeTreeUtil.java index 0f496281..3a9bc3bd 100644 --- a/iast-java/src/main/java/com/iast/astbenchmark/cli/tree/CaseNodeTreeUtil.java +++ b/iast-java/src/main/java/com/iast/astbenchmark/cli/tree/CaseNodeTreeUtil.java @@ -27,7 +27,7 @@ public static CaseNode initRoot() { CaseNode root = CaseNode.builder() .type(CaseNodeType.ROOT) - .id(0) + .id("N0") .deepth(1) .name("IAST引擎能力评估体系(JAVA)") .build(); @@ -114,31 +114,45 @@ private static void findLeaf(Map leafMap, CaseNode parent) { } } + /** + * 添加树节点 + * + * @param parent 父节点 + * @param deepth 深度 + * @param row 行数 + * @param nodesData 节点数据 + */ private static void addTreeNode(CaseNode parent, Integer deepth, Integer row, String[] nodesData) { deepth = deepth + 1; + // 默认节点类型为NODE CaseNodeType type = CaseNodeType.NODE; - Integer id = Integer.valueOf("" + String.valueOf(row) + String.valueOf(deepth)); + // 节点id + String id = "N" + deepth + "_" + row; + // 判断节点类型 if (nodesData.length <= deepth) { type = CaseNodeType.LEAF; - } String name = nodesData[deepth - 1]; + // 获取父节点的子节点列表 List children = parent.getChildren(); + // 如果子节点列表为空,则初始化一个新的子节点列表 if (CollectionUtils.isEmpty(children)) { children = Lists.newArrayList(); parent.setChildren(children); } CaseNode currentNode = nodeExit(children, name); + // 判断子节点是否存在 if (currentNode == null) { currentNode = buildNode(type, id, deepth, name, parent); children.add(currentNode); } + // 递归添加子节点 if (type.equals(CaseNodeType.NODE)) { addTreeNode(currentNode, deepth, row, nodesData); } } - private static CaseNode buildNode(CaseNodeType type, Integer id, Integer deepth, String name, CaseNode parent) { + private static CaseNode buildNode(CaseNodeType type, String id, Integer deepth, String name, CaseNode parent) { CaseNode node = CaseNode.builder() .type(type) .id(id) diff --git "a/iast-java/src/main/resources/doc/java\345\274\225\346\223\216\350\257\204\344\273\267\344\275\223\347\263\273.md" "b/iast-java/src/main/resources/doc/java\345\274\225\346\223\216\350\257\204\344\273\267\344\275\223\347\263\273.md" new file mode 100644 index 00000000..8b1239a7 --- /dev/null +++ "b/iast-java/src/main/resources/doc/java\345\274\225\346\223\216\350\257\204\344\273\267\344\275\223\347\263\273.md" @@ -0,0 +1,192 @@ +```mermind +graph LR +N5_1["字符串对象"]==>aTaintCase99001["String"] +N4_1["污点对象完整度"]==>N5_1["字符串对象"] +N5_2["基本数据类型及其封装类型"]==>aTaintCase001["int"] +N5_2["基本数据类型及其封装类型"]==>aTaintCase002["char"] +N5_2["基本数据类型及其封装类型"]==>aTaintCase003["byte"] +N5_2["基本数据类型及其封装类型"]==>aTaintCase004["long"] +N5_2["基本数据类型及其封装类型"]==>aTaintCase009["Byte"] +N5_2["基本数据类型及其封装类型"]==>aTaintCase0010["Integer"] +N5_2["基本数据类型及其封装类型"]==>aTaintCase0011["Long"] +N5_2["基本数据类型及其封装类型"]==>aTaintCase0012["Character"] +N4_1["污点对象完整度"]==>N5_2["基本数据类型及其封装类型"] +N5_6["集合(集合对象全为污点)"]==>aTaintCase005["Map元素"] +N5_6["集合(集合对象全为污点)"]==>aTaintCase006["List元素"] +N5_6["集合(集合对象全为污点)"]==>aTaintCase007["Queue元素"] +N5_6["集合(集合对象全为污点)"]==>aTaintCase008["Set元素"] +N4_1["污点对象完整度"]==>N5_6["集合(集合对象全为污点)"] +N5_14["数组(数组对象全为污点)"]==>aTaintCase0013["数组对象String[]"] +N5_14["数组(数组对象全为污点)"]==>aTaintCase0014["数组对象char[]"] +N5_14["数组(数组对象全为污点)"]==>aTaintCase0015["数组对象byte[]"] +N5_14["数组(数组对象全为污点)"]==>aTaintCase0016["单维数组对象的元素"] +N5_14["数组(数组对象全为污点)"]==>aTaintCase00926["多维数组对象的元素"] +N4_1["污点对象完整度"]==>N5_14["数组(数组对象全为污点)"] +N7_19["单层字段"]==>aTaintCase00921["10"] +N7_19["单层字段"]==>aTaintCase00922["100"] +N6_19["对象字段"]==>N7_19["单层字段"] +N7_21["多层字段"]==>aTaintCase00923["3层"] +N7_21["多层字段"]==>aTaintCase00924["10层"] +N6_19["对象字段"]==>N7_21["多层字段"] +N6_19["对象字段"]==>aTaintCase00925["污点为父类字段"] +N5_19["自定义对象"]==>N6_19["对象字段"] +N4_1["污点对象完整度"]==>N5_19["自定义对象"] +N3_1["基础跟踪能力"]==>N4_1["污点对象完整度"] +N5_24["特殊链路跟踪能力"]==>aTaintCase0022["三方包方法跟踪"] +N6_25["超长链路追踪"]==>aTaintCase0023["100层"] +N6_25["超长链路追踪"]==>aTaintCase00931["1000层"] +N5_24["特殊链路跟踪能力"]==>N6_25["超长链路追踪"] +N5_24["特殊链路跟踪能力"]==>aTaintCase0024["反射调用方法跟踪"] +N5_24["特殊链路跟踪能力"]==>aTaintCase0025["调用native方法"] +N4_24["污点链路完整度"]==>N5_24["特殊链路跟踪能力"] +N5_29["污点来源识别能力(source)"]==>aTaintCase0027["污点来自http getQueryString"] +N6_30["污点来自http body"]==>N7_30["json"] +N6_30["污点来自http body"]==>aTaintCase0034["xml/getInputStream"] +N7_32["multipart/form-data"]==>aTaintCase0035["getPart"] +N7_32["multipart/form-data"]==>aTaintCase0036["getParts"] +N6_30["污点来自http body"]==>N7_32["multipart/form-data"] +N7_34["form/url-encode"]==>aTaintCase0037["getParameter"] +N7_34["form/url-encode"]==>aTaintCase0038["getParameterMap"] +N7_34["form/url-encode"]==>aTaintCase0039["getParameterValues"] +N7_34["form/url-encode"]==>aTaintCase0040["getParameterNames"] +N6_30["污点来自http body"]==>N7_34["form/url-encode"] +N6_30["污点来自http body"]==>aTaintCase0041["getReader"] +N5_29["污点来源识别能力(source)"]==>N6_30["污点来自http body"] +N5_29["污点来源识别能力(source)"]==>aTaintCase0044["污点来自http pathVarlables"] +N6_40["污点来自http header"]==>aTaintCase0045["getCookies"] +N6_40["污点来自http header"]==>aTaintCase0046["getHeader"] +N6_40["污点来自http header"]==>aTaintCase0047["getHeaders"] +N6_40["污点来自http header"]==>aTaintCase00139["getHeaderNames"] +N5_29["污点来源识别能力(source)"]==>N6_40["污点来自http header"] +N4_24["污点链路完整度"]==>N5_29["污点来源识别能力(source)"] +N8_44["构造方法"]==>aTaintCase0062["String(String original)"] +N8_44["构造方法"]==>aTaintCase00143["String(char value[])"] +N8_44["构造方法"]==>aTaintCase00144["String(char value[], int offset, int count)"] +N8_44["构造方法"]==>aTaintCase00145["String(int[] codePoints, int offset, int count)"] +N8_44["构造方法"]==>aTaintCase00146["String(byte bytes[], int offset, int length, String charsetName)"] +N8_44["构造方法"]==>aTaintCase00147["String(byte bytes[], int offset, int length, Charset charset)"] +N8_44["构造方法"]==>aTaintCase00148["String(StringBuffer buffer)"] +N8_44["构造方法"]==>aTaintCase00149["String(StringBuilder builder)"] +N7_44["String操作"]====>N8_44["构造方法"] +N7_44["String操作"]==>aTaintCase0063["conact"] +N7_44["String操作"]==>aTaintCase0064["copyValueOf"] +N7_44["String操作"]==>aTaintCase0065["format"] +N7_44["String操作"]==>aTaintCase0066["getBytes"] +N7_44["String操作"]==>aTaintCase0067["getChars"] +N7_44["String操作"]==>aTaintCase0068["intern"] +N7_44["String操作"]==>aTaintCase0069["join"] +N7_44["String操作"]==>aTaintCase0071["replace"] +N7_44["String操作"]==>aTaintCase00140["replaceAll"] +N7_44["String操作"]==>aTaintCase0072["split"] +N7_44["String操作"]==>aTaintCase0074["subSequence"] +N7_44["String操作"]==>aTaintCase0075["substring"] +N7_44["String操作"]==>aTaintCase0076["toCharArray"] +N7_44["String操作"]==>aTaintCase0077["toLowerCase"] +N7_44["String操作"]==>aTaintCase0078["toString"] +N7_44["String操作"]==>aTaintCase0079["toUpperCase"] +N7_44["String操作"]==>aTaintCase0080["trim"] +N7_44["String操作"]==>aTaintCase0081["valueOf"] +N6_44["传播场景"]==>N7_44["String操作"] +N7_70["StringBuilder操作"]==>aTaintCase0082["构造方法"] +N7_70["StringBuilder操作"]==>aTaintCase0083["append"] +N7_70["StringBuilder操作"]==>aTaintCase0085["delete"] +N7_70["StringBuilder操作"]==>aTaintCase0086["deleteCharAt"] +N7_70["StringBuilder操作"]==>aTaintCase0087["getChars"] +N7_70["StringBuilder操作"]==>aTaintCase0088["insert"] +N7_70["StringBuilder操作"]==>aTaintCase0089["replace"] +N7_70["StringBuilder操作"]==>aTaintCase0090["subSequence"] +N7_70["StringBuilder操作"]==>aTaintCase0091["subString"] +N7_70["StringBuilder操作"]==>aTaintCase0092["toString"] +N6_44["传播场景"]==>N7_70["StringBuilder操作"] +N7_80["char[],byte[]操作"]==>aTaintCase0093["copyOf"] +N7_80["char[],byte[]操作"]==>aTaintCase0094["copyOfRange"] +N7_80["char[],byte[]操作"]==>aTaintCase0095["deepToString"] +N7_80["char[],byte[]操作"]==>aTaintCase0096["toString"] +N6_44["传播场景"]==>N7_80["char[],byte[]操作"] +N6_44["传播场景"]==>aTaintCase00932["JDK序列化与反序列化"] +N5_44["污点传播跟踪能力"]===>N6_44["传播场景"] +N4_24["污点链路完整度"]==>N5_44["污点传播跟踪能力"] +N5_85["污点无害化处理能力(sanitizer)"]==>aTaintCase00141["污点直接赋值为硬编码值"] +N5_85["污点无害化处理能力(sanitizer)"]==>aTaintCase00103["sanitizer支持区分类型"] +N5_85["污点无害化处理能力(sanitizer)"]==>aTaintCase00104["触发sink后再执行sanitizer"] +N5_85["污点无害化处理能力(sanitizer)"]==>aTaintCase00105["支持自定义unSanitizer(再次污点化)"] +N4_24["污点链路完整度"]==>N5_85["污点无害化处理能力(sanitizer)"] +N5_89["触发污点跟踪能力(sink)"]==>aTaintCase00109["单污点来源传播至多sink点"] +N5_89["触发污点跟踪能力(sink)"]==>aTaintCase00110["多污点来源传播至单sink点"] +N5_89["触发污点跟踪能力(sink)"]==>aTaintCase00112["无污点传播过程,污点直接传入sink"] +N4_24["污点链路完整度"]==>N5_89["触发污点跟踪能力(sink)"] +N3_1["基础跟踪能力"]==>N4_24["污点链路完整度"] +N2_1["完整度"]==>N3_1["基础跟踪能力"] +N5_92["污点通过缓存存储后触发"]==>aTaintCase00138["非本地缓存"] +N5_92["污点通过缓存存储后触发"]==>aTaintCase00115["本地缓存"] +N4_92["存储型异步"]==>N5_92["污点通过缓存存储后触发"] +N5_93["污点通过文件存储后触发"]==>aTaintCase00116["本地文件"] +N4_92["存储型异步"]==>N5_93["污点通过文件存储后触发"] +N4_92["存储型异步"]==>aTaintCase00114["污点通过session存储后触发"] +N4_92["存储型异步"]==>aTaintCase00113["污点通过db存储后触发"] +N3_92["异步跟踪能力"]==>N4_92["存储型异步"] +N4_94["多线程异步"]==>aTaintCase00119["污点的来源和触发在不同线程"] +N4_94["多线程异步"]==>aTaintCase00120["污点的来源和触发在不同线程,sink的触发由线程池中的线程触发"] +N3_92["异步跟踪能力"]==>N4_94["多线程异步"] +N2_1["完整度"]==>N3_92["异步跟踪能力"] +N5_99["rpc(至少支持一种框架:Sofa/SpringCloud/Dubbo/gRpc/HSF)"]==>aTaintCase001242["跨多层进程间调用(暂无实现)"] +N5_99["rpc(至少支持一种框架:Sofa/SpringCloud/Dubbo/gRpc/HSF)"]==>aTaintCase001241["跨一层进程间调用(暂无实现)"] +N4_99["调用方式"]==>N5_99["rpc(至少支持一种框架:Sofa/SpringCloud/Dubbo/gRpc/HSF)"] +N5_100["http"]==>aTaintCase00124["跨多层进程调用"] +N5_100["http"]==>aTaintCase00123["跨一层进程调用"] +N4_99["调用方式"]==>N5_100["http"] +N3_99["跨进程跟踪能力"]==>N4_99["调用方式"] +N2_1["完整度"]==>N3_99["跨进程跟踪能力"] +N1_1["IAST引擎能力评估体系(JAVA)"]==>N2_1["完整度"] +N5_103["部分数据元素为污点"]==>aTaintCase00131["部分元素为污点,经过JDK序列化后再反序列化"] +N5_103["部分数据元素为污点"]==>aTaintCase00130["多维数组中的部分元素为污点"] +N5_103["部分数据元素为污点"]==>aTaintCase00129["单维数组中的部分元素为污点"] +N4_103["字段/元素级别"]==>N5_103["部分数据元素为污点"] +N5_104["部分集合元素为污点"]==>aTaintCase00132["List中部分元素为污点"] +N5_104["部分集合元素为污点"]==>aTaintCase00133["Map中部分元素为污点"] +N5_104["部分集合元素为污点"]==>aTaintCase00134["Set中部分元素为污点"] +N5_104["部分集合元素为污点"]==>aTaintCase00135["Queue中部分元素为污点"] +N5_104["部分集合元素为污点"]==>aTaintCase00136["集合中部分元素为污点,经过JDK序列化后再反序列化"] +N4_103["字段/元素级别"]==>N5_104["部分集合元素为污点"] +N5_130["部分字段对象为污点"]==>aTaintCase00142["对象部分字段为污点,经过JDK序列化后再反序列化"] +N6_133["多层复杂对象部分字段为污点"]==>aTaintCase00127["污点来自父类"] +N6_133["多层复杂对象部分字段为污点"]==>aTaintCase00128["污点来当前类字段"] +N5_130["部分字段对象为污点"]===>N6_133["多层复杂对象部分字段为污点"] +N5_130["部分字段对象为污点"]==>aTaintCase00126["单层简单对象部分字段为污点"] +N4_103["字段/元素级别"]==>N5_130["部分字段对象为污点"] +N3_103["污点对象跟踪粒度"]==>N4_103["字段/元素级别"] +N7_109["String操作"]==>aTaintCase00940["replcace"] +N7_109["String操作"]==>aTaintCase00941["replcaceAll"] +N7_109["String操作"]==>aTaintCase00942["split"] +N7_109["String操作"]==>aTaintCase00943["subSequence"] +N7_109["String操作"]==>aTaintCase00944["substring"] +N7_109["String操作"]==>aTaintCase00945["trim"] +N6_109["截取非污点部分"]=======>N7_109["String操作"] +N7_115["StringBuilder操作"]==>aTaintCase00946["delete"] +N7_115["StringBuilder操作"]==>aTaintCase00947["deleteCharAt"] +N7_115["StringBuilder操作"]==>aTaintCase00948["getChars"] +N7_115["StringBuilder操作"]==>aTaintCase00949["replace"] +N7_115["StringBuilder操作"]==>aTaintCase00950["subSequence"] +N7_115["StringBuilder操作"]==>aTaintCase00951["substring"] +N6_109["截取非污点部分"]==>N7_115["StringBuilder操作"] +N7_121["char[]/byte[]操作"]==>aTaintCase00952["copyOfRange"] +N6_109["截取非污点部分"]==>N7_121["char[]/byte[]操作"] +N5_109["字符串部分存在污点"]==>N6_109["截取非污点部分"] +N7_122["String操作"]==>aTaintCase00953["concat"] +N7_122["String操作"]==>aTaintCase00954["join"] +N7_122["String操作"]==>aTaintCase00955["replace"] +N7_122["String操作"]==>aTaintCase00956["replaceAll"] +N7_122["String操作"]==>aTaintCase00957["trim"] +N6_122["截取非污点部分后再拼接污点"]==>N7_122["String操作"] +N7_127["StringBuilder操作"]==>aTaintCase00958["append"] +N7_127["StringBuilder操作"]==>aTaintCase00959["replace"] +N6_122["截取非污点部分后再拼接污点"]==>N7_127["StringBuilder操作"] +N7_129["char[]/byte[]操作"]==>aTaintCase00960["copyOfRange"] +N6_122["截取非污点部分后再拼接污点"]==>N7_129["char[]/byte[]操作"] +N5_109["字符串部分存在污点"]==>N6_122["截取非污点部分后再拼接污点"] +N4_109["字符串级别"]==>N5_109["字符串部分存在污点"] +N3_103["污点对象跟踪粒度"]==>N4_109["字符串级别"] +N4_134["变量级别"]==>aTaintCase00125["sink点的值非外部可控,但与某个参数值相同"] +N3_103["污点对象跟踪粒度"]==>N4_134["变量级别"] +N2_103["准确度"]==>N3_103["污点对象跟踪粒度"] +N1_1["IAST引擎能力评估体系(JAVA)"]==>N2_103["准确度"] \ No newline at end of file From edb96233be3e91d64a6f31280d4b01a46233e45a Mon Sep 17 00:00:00 2001 From: "mengmeng.meng" Date: Thu, 25 Jan 2024 16:19:32 +0800 Subject: [PATCH 06/17] =?UTF-8?q?Update=20java=E5=BC=95=E6=93=8E=E8=AF=84?= =?UTF-8?q?=E4=BB=B7=E4=BD=93=E7=B3=BB.md?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...\223\216\350\257\204\344\273\267\344\275\223\347\263\273.md" | 2 ++ 1 file changed, 2 insertions(+) diff --git "a/iast-java/src/main/resources/doc/java\345\274\225\346\223\216\350\257\204\344\273\267\344\275\223\347\263\273.md" "b/iast-java/src/main/resources/doc/java\345\274\225\346\223\216\350\257\204\344\273\267\344\275\223\347\263\273.md" index 8b1239a7..a74d2c3f 100644 --- "a/iast-java/src/main/resources/doc/java\345\274\225\346\223\216\350\257\204\344\273\267\344\275\223\347\263\273.md" +++ "b/iast-java/src/main/resources/doc/java\345\274\225\346\223\216\350\257\204\344\273\267\344\275\223\347\263\273.md" @@ -1,3 +1,5 @@ +## JAVA引擎能力评价体系 + ```mermind graph LR N5_1["字符串对象"]==>aTaintCase99001["String"] From f0cd6316f0eea11bbc919f59b5c649e98de88756 Mon Sep 17 00:00:00 2001 From: "mengmeng.meng" Date: Thu, 25 Jan 2024 16:21:16 +0800 Subject: [PATCH 07/17] update --- .../java/com/iast/astbenchmark/analyser/util/MermindUtil.java | 2 +- .../src/main/resources/doc/JAVA.md | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename "iast-java/src/main/resources/doc/java\345\274\225\346\223\216\350\257\204\344\273\267\344\275\223\347\263\273.md" => iast-java/src/main/resources/doc/JAVA.md (100%) diff --git a/iast-java/src/main/java/com/iast/astbenchmark/analyser/util/MermindUtil.java b/iast-java/src/main/java/com/iast/astbenchmark/analyser/util/MermindUtil.java index d2a37041..cc2e4a92 100644 --- a/iast-java/src/main/java/com/iast/astbenchmark/analyser/util/MermindUtil.java +++ b/iast-java/src/main/java/com/iast/astbenchmark/analyser/util/MermindUtil.java @@ -19,7 +19,7 @@ public static void main(String[] args) { //System.out.println(mermindScript); //mermind 脑图,这个版本格式有点乱 printTree(CaseStuctCache.getRoot(),CaseStuctCache.getRoot().getDeepth()); - //FileUtil.writeUtf8String("java引擎评价体系.md", mermindScript); + //FileUtil.writeUtf8String("JAVA.md", mermindScript); } public static void printTree(CaseNode node, int depth) { if (node == null) { diff --git "a/iast-java/src/main/resources/doc/java\345\274\225\346\223\216\350\257\204\344\273\267\344\275\223\347\263\273.md" b/iast-java/src/main/resources/doc/JAVA.md similarity index 100% rename from "iast-java/src/main/resources/doc/java\345\274\225\346\223\216\350\257\204\344\273\267\344\275\223\347\263\273.md" rename to iast-java/src/main/resources/doc/JAVA.md From ac7e4365e4716d9bf80d7cb7ce91d045496af567 Mon Sep 17 00:00:00 2001 From: "mengmeng.meng" Date: Thu, 25 Jan 2024 16:23:48 +0800 Subject: [PATCH 08/17] Update JAVA.md --- iast-java/src/main/resources/doc/JAVA.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iast-java/src/main/resources/doc/JAVA.md b/iast-java/src/main/resources/doc/JAVA.md index a74d2c3f..839eb044 100644 --- a/iast-java/src/main/resources/doc/JAVA.md +++ b/iast-java/src/main/resources/doc/JAVA.md @@ -1,4 +1,4 @@ -## JAVA引擎能力评价体系 +

Java IAST引擎能力评价体系
```mermind graph LR From defabfd521b1283e0ca96bbb1714e39b1a335d56 Mon Sep 17 00:00:00 2001 From: "mengmeng.meng" Date: Thu, 25 Jan 2024 16:37:52 +0800 Subject: [PATCH 09/17] Update JAVA.md --- iast-java/src/main/resources/doc/JAVA.md | 132 +++++++++++------------ 1 file changed, 66 insertions(+), 66 deletions(-) diff --git a/iast-java/src/main/resources/doc/JAVA.md b/iast-java/src/main/resources/doc/JAVA.md index 839eb044..5e55ddc2 100644 --- a/iast-java/src/main/resources/doc/JAVA.md +++ b/iast-java/src/main/resources/doc/JAVA.md @@ -69,7 +69,7 @@ N8_44["构造方法"]==>aTaintCase00146["String(byte bytes[], int offset, int le N8_44["构造方法"]==>aTaintCase00147["String(byte bytes[], int offset, int length, Charset charset)"] N8_44["构造方法"]==>aTaintCase00148["String(StringBuffer buffer)"] N8_44["构造方法"]==>aTaintCase00149["String(StringBuilder builder)"] -N7_44["String操作"]====>N8_44["构造方法"] +N7_44["String操作"]==>N8_44["构造方法"] N7_44["String操作"]==>aTaintCase0063["conact"] N7_44["String操作"]==>aTaintCase0064["copyValueOf"] N7_44["String操作"]==>aTaintCase0065["format"] @@ -106,7 +106,7 @@ N7_80["char[],byte[]操作"]==>aTaintCase0095["deepToString"] N7_80["char[],byte[]操作"]==>aTaintCase0096["toString"] N6_44["传播场景"]==>N7_80["char[],byte[]操作"] N6_44["传播场景"]==>aTaintCase00932["JDK序列化与反序列化"] -N5_44["污点传播跟踪能力"]===>N6_44["传播场景"] +N5_44["污点传播跟踪能力"]==>N6_44["传播场景"] N4_24["污点链路完整度"]==>N5_44["污点传播跟踪能力"] N5_85["污点无害化处理能力(sanitizer)"]==>aTaintCase00141["污点直接赋值为硬编码值"] N5_85["污点无害化处理能力(sanitizer)"]==>aTaintCase00103["sanitizer支持区分类型"] @@ -119,76 +119,76 @@ N5_89["触发污点跟踪能力(sink)"]==>aTaintCase00112["无污点传播 N4_24["污点链路完整度"]==>N5_89["触发污点跟踪能力(sink)"] N3_1["基础跟踪能力"]==>N4_24["污点链路完整度"] N2_1["完整度"]==>N3_1["基础跟踪能力"] -N5_92["污点通过缓存存储后触发"]==>aTaintCase00138["非本地缓存"] -N5_92["污点通过缓存存储后触发"]==>aTaintCase00115["本地缓存"] -N4_92["存储型异步"]==>N5_92["污点通过缓存存储后触发"] -N5_93["污点通过文件存储后触发"]==>aTaintCase00116["本地文件"] -N4_92["存储型异步"]==>N5_93["污点通过文件存储后触发"] -N4_92["存储型异步"]==>aTaintCase00114["污点通过session存储后触发"] N4_92["存储型异步"]==>aTaintCase00113["污点通过db存储后触发"] +N4_92["存储型异步"]==>aTaintCase00114["污点通过session存储后触发"] +N5_94["污点通过缓存存储后触发"]==>aTaintCase00115["本地缓存"] +N5_94["污点通过缓存存储后触发"]==>aTaintCase00138["非本地缓存"] +N4_92["存储型异步"]==>N5_94["污点通过缓存存储后触发"] +N5_96["污点通过文件存储后触发"]==>aTaintCase00116["本地文件"] +N4_92["存储型异步"]==>N5_96["污点通过文件存储后触发"] N3_92["异步跟踪能力"]==>N4_92["存储型异步"] -N4_94["多线程异步"]==>aTaintCase00119["污点的来源和触发在不同线程"] -N4_94["多线程异步"]==>aTaintCase00120["污点的来源和触发在不同线程,sink的触发由线程池中的线程触发"] -N3_92["异步跟踪能力"]==>N4_94["多线程异步"] +N4_97["多线程异步"]==>aTaintCase00119["污点的来源和触发在不同线程"] +N4_97["多线程异步"]==>aTaintCase00120["污点的来源和触发在不同线程,sink的触发由线程池中的线程触发"] +N3_92["异步跟踪能力"]==>N4_97["多线程异步"] N2_1["完整度"]==>N3_92["异步跟踪能力"] -N5_99["rpc(至少支持一种框架:Sofa/SpringCloud/Dubbo/gRpc/HSF)"]==>aTaintCase001242["跨多层进程间调用(暂无实现)"] -N5_99["rpc(至少支持一种框架:Sofa/SpringCloud/Dubbo/gRpc/HSF)"]==>aTaintCase001241["跨一层进程间调用(暂无实现)"] -N4_99["调用方式"]==>N5_99["rpc(至少支持一种框架:Sofa/SpringCloud/Dubbo/gRpc/HSF)"] -N5_100["http"]==>aTaintCase00124["跨多层进程调用"] -N5_100["http"]==>aTaintCase00123["跨一层进程调用"] -N4_99["调用方式"]==>N5_100["http"] +N5_99["http"]==>aTaintCase00123["跨一层进程调用"] +N5_99["http"]==>aTaintCase00124["跨多层进程调用"] +N4_99["调用方式"]==>N5_99["http"] +N5_101["rpc(至少支持一种框架:Sofa/SpringCloud/Dubbo/gRpc/HSF)"]==>aTaintCase001241["跨一层进程间调用(暂无实现)"] +N5_101["rpc(至少支持一种框架:Sofa/SpringCloud/Dubbo/gRpc/HSF)"]==>aTaintCase001242["跨多层进程间调用(暂无实现)"] +N4_99["调用方式"]==>N5_101["rpc(至少支持一种框架:Sofa/SpringCloud/Dubbo/gRpc/HSF)"] N3_99["跨进程跟踪能力"]==>N4_99["调用方式"] N2_1["完整度"]==>N3_99["跨进程跟踪能力"] N1_1["IAST引擎能力评估体系(JAVA)"]==>N2_1["完整度"] -N5_103["部分数据元素为污点"]==>aTaintCase00131["部分元素为污点,经过JDK序列化后再反序列化"] -N5_103["部分数据元素为污点"]==>aTaintCase00130["多维数组中的部分元素为污点"] -N5_103["部分数据元素为污点"]==>aTaintCase00129["单维数组中的部分元素为污点"] -N4_103["字段/元素级别"]==>N5_103["部分数据元素为污点"] -N5_104["部分集合元素为污点"]==>aTaintCase00132["List中部分元素为污点"] -N5_104["部分集合元素为污点"]==>aTaintCase00133["Map中部分元素为污点"] -N5_104["部分集合元素为污点"]==>aTaintCase00134["Set中部分元素为污点"] -N5_104["部分集合元素为污点"]==>aTaintCase00135["Queue中部分元素为污点"] -N5_104["部分集合元素为污点"]==>aTaintCase00136["集合中部分元素为污点,经过JDK序列化后再反序列化"] -N4_103["字段/元素级别"]==>N5_104["部分集合元素为污点"] -N5_130["部分字段对象为污点"]==>aTaintCase00142["对象部分字段为污点,经过JDK序列化后再反序列化"] -N6_133["多层复杂对象部分字段为污点"]==>aTaintCase00127["污点来自父类"] -N6_133["多层复杂对象部分字段为污点"]==>aTaintCase00128["污点来当前类字段"] -N5_130["部分字段对象为污点"]===>N6_133["多层复杂对象部分字段为污点"] -N5_130["部分字段对象为污点"]==>aTaintCase00126["单层简单对象部分字段为污点"] -N4_103["字段/元素级别"]==>N5_130["部分字段对象为污点"] +N5_103["部分字段对象为污点"]==>aTaintCase00142["对象部分字段为污点,经过JDK序列化后再反序列化"] +N6_104["多层复杂对象部分字段为污点"]==>aTaintCase00127["污点来自父类"] +N6_104["多层复杂对象部分字段为污点"]==>aTaintCase00128["污点来当前类字段"] +N5_103["部分字段对象为污点"]==>N6_104["多层复杂对象部分字段为污点"] +N5_103["部分字段对象为污点"]==>aTaintCase00126["单层简单对象部分字段为污点"] +N4_103["字段/元素级别"]==>N5_103["部分字段对象为污点"] +N5_108["部分数据元素为污点"]==>aTaintCase00129["单维数组中的部分元素为污点"] +N5_108["部分数据元素为污点"]==>aTaintCase00130["多维数组中的部分元素为污点"] +N5_108["部分数据元素为污点"]==>aTaintCase00131["部分元素为污点,经过JDK序列化后再反序列化"] +N4_103["字段/元素级别"]==>N5_108["部分数据元素为污点"] +N5_111["部分集合元素为污点"]==>aTaintCase00132["List中部分元素为污点"] +N5_111["部分集合元素为污点"]==>aTaintCase00133["Map中部分元素为污点"] +N5_111["部分集合元素为污点"]==>aTaintCase00134["Set中部分元素为污点"] +N5_111["部分集合元素为污点"]==>aTaintCase00135["Queue中部分元素为污点"] +N5_111["部分集合元素为污点"]==>aTaintCase00136["集合中部分元素为污点,经过JDK序列化后再反序列化"] +N4_103["字段/元素级别"]==>N5_111["部分集合元素为污点"] N3_103["污点对象跟踪粒度"]==>N4_103["字段/元素级别"] -N7_109["String操作"]==>aTaintCase00940["replcace"] -N7_109["String操作"]==>aTaintCase00941["replcaceAll"] -N7_109["String操作"]==>aTaintCase00942["split"] -N7_109["String操作"]==>aTaintCase00943["subSequence"] -N7_109["String操作"]==>aTaintCase00944["substring"] -N7_109["String操作"]==>aTaintCase00945["trim"] -N6_109["截取非污点部分"]=======>N7_109["String操作"] -N7_115["StringBuilder操作"]==>aTaintCase00946["delete"] -N7_115["StringBuilder操作"]==>aTaintCase00947["deleteCharAt"] -N7_115["StringBuilder操作"]==>aTaintCase00948["getChars"] -N7_115["StringBuilder操作"]==>aTaintCase00949["replace"] -N7_115["StringBuilder操作"]==>aTaintCase00950["subSequence"] -N7_115["StringBuilder操作"]==>aTaintCase00951["substring"] -N6_109["截取非污点部分"]==>N7_115["StringBuilder操作"] -N7_121["char[]/byte[]操作"]==>aTaintCase00952["copyOfRange"] -N6_109["截取非污点部分"]==>N7_121["char[]/byte[]操作"] -N5_109["字符串部分存在污点"]==>N6_109["截取非污点部分"] -N7_122["String操作"]==>aTaintCase00953["concat"] -N7_122["String操作"]==>aTaintCase00954["join"] -N7_122["String操作"]==>aTaintCase00955["replace"] -N7_122["String操作"]==>aTaintCase00956["replaceAll"] -N7_122["String操作"]==>aTaintCase00957["trim"] -N6_122["截取非污点部分后再拼接污点"]==>N7_122["String操作"] -N7_127["StringBuilder操作"]==>aTaintCase00958["append"] -N7_127["StringBuilder操作"]==>aTaintCase00959["replace"] -N6_122["截取非污点部分后再拼接污点"]==>N7_127["StringBuilder操作"] -N7_129["char[]/byte[]操作"]==>aTaintCase00960["copyOfRange"] -N6_122["截取非污点部分后再拼接污点"]==>N7_129["char[]/byte[]操作"] -N5_109["字符串部分存在污点"]==>N6_122["截取非污点部分后再拼接污点"] -N4_109["字符串级别"]==>N5_109["字符串部分存在污点"] -N3_103["污点对象跟踪粒度"]==>N4_109["字符串级别"] -N4_134["变量级别"]==>aTaintCase00125["sink点的值非外部可控,但与某个参数值相同"] -N3_103["污点对象跟踪粒度"]==>N4_134["变量级别"] +N4_106["变量级别"]==>aTaintCase00125["sink点的值非外部可控,但与某个参数值相同"] +N3_103["污点对象跟踪粒度"]==>N4_106["变量级别"] +N7_116["String操作"]==>aTaintCase00940["replcace"] +N7_116["String操作"]==>aTaintCase00941["replcaceAll"] +N7_116["String操作"]==>aTaintCase00942["split"] +N7_116["String操作"]==>aTaintCase00943["subSequence"] +N7_116["String操作"]==>aTaintCase00944["substring"] +N7_116["String操作"]==>aTaintCase00945["trim"] +N6_116["截取非污点部分"]==>N7_116["String操作"] +N7_122["StringBuilder操作"]==>aTaintCase00946["delete"] +N7_122["StringBuilder操作"]==>aTaintCase00947["deleteCharAt"] +N7_122["StringBuilder操作"]==>aTaintCase00948["getChars"] +N7_122["StringBuilder操作"]==>aTaintCase00949["replace"] +N7_122["StringBuilder操作"]==>aTaintCase00950["subSequence"] +N7_122["StringBuilder操作"]==>aTaintCase00951["substring"] +N6_116["截取非污点部分"]==>N7_122["StringBuilder操作"] +N7_128["char[]/byte[]操作"]==>aTaintCase00952["copyOfRange"] +N6_116["截取非污点部分"]==>N7_128["char[]/byte[]操作"] +N5_116["字符串部分存在污点"]==>N6_116["截取非污点部分"] +N7_129["String操作"]==>aTaintCase00953["concat"] +N7_129["String操作"]==>aTaintCase00954["join"] +N7_129["String操作"]==>aTaintCase00955["replace"] +N7_129["String操作"]==>aTaintCase00956["replaceAll"] +N7_129["String操作"]==>aTaintCase00957["trim"] +N6_129["截取非污点部分后再拼接污点"]==>N7_129["String操作"] +N7_134["StringBuilder操作"]==>aTaintCase00958["append"] +N7_134["StringBuilder操作"]==>aTaintCase00959["replace"] +N6_129["截取非污点部分后再拼接污点"]==>N7_134["StringBuilder操作"] +N7_136["char[]/byte[]操作"]==>aTaintCase00960["copyOfRange"] +N6_129["截取非污点部分后再拼接污点"]==>N7_136["char[]/byte[]操作"] +N5_116["字符串部分存在污点"]==>N6_129["截取非污点部分后再拼接污点"] +N4_116["字符串级别"]==>N5_116["字符串部分存在污点"] +N3_103["污点对象跟踪粒度"]==>N4_116["字符串级别"] N2_103["准确度"]==>N3_103["污点对象跟踪粒度"] N1_1["IAST引擎能力评估体系(JAVA)"]==>N2_103["准确度"] \ No newline at end of file From a95cd9e67672a49fafa1988684eb72120fa898cd Mon Sep 17 00:00:00 2001 From: "mengmeng.meng" Date: Thu, 25 Jan 2024 16:42:19 +0800 Subject: [PATCH 10/17] Update JAVA.md --- iast-java/src/main/resources/doc/JAVA.md | 304 +++++++++++------------ 1 file changed, 152 insertions(+), 152 deletions(-) diff --git a/iast-java/src/main/resources/doc/JAVA.md b/iast-java/src/main/resources/doc/JAVA.md index 5e55ddc2..8c39f834 100644 --- a/iast-java/src/main/resources/doc/JAVA.md +++ b/iast-java/src/main/resources/doc/JAVA.md @@ -2,193 +2,193 @@ ```mermind graph LR -N5_1["字符串对象"]==>aTaintCase99001["String"] +N5_1["字符串对象"]==>N6_1["String"] N4_1["污点对象完整度"]==>N5_1["字符串对象"] -N5_2["基本数据类型及其封装类型"]==>aTaintCase001["int"] -N5_2["基本数据类型及其封装类型"]==>aTaintCase002["char"] -N5_2["基本数据类型及其封装类型"]==>aTaintCase003["byte"] -N5_2["基本数据类型及其封装类型"]==>aTaintCase004["long"] -N5_2["基本数据类型及其封装类型"]==>aTaintCase009["Byte"] -N5_2["基本数据类型及其封装类型"]==>aTaintCase0010["Integer"] -N5_2["基本数据类型及其封装类型"]==>aTaintCase0011["Long"] -N5_2["基本数据类型及其封装类型"]==>aTaintCase0012["Character"] +N5_2["基本数据类型及其封装类型"]==>N6_2["int"] +N5_2["基本数据类型及其封装类型"]==>N6_3["char"] +N5_2["基本数据类型及其封装类型"]==>N6_4["byte"] +N5_2["基本数据类型及其封装类型"]==>N6_5["long"] +N5_2["基本数据类型及其封装类型"]==>N6_10["Byte"] +N5_2["基本数据类型及其封装类型"]==>N6_11["Integer"] +N5_2["基本数据类型及其封装类型"]==>N6_12["Long"] +N5_2["基本数据类型及其封装类型"]==>N6_13["Character"] N4_1["污点对象完整度"]==>N5_2["基本数据类型及其封装类型"] -N5_6["集合(集合对象全为污点)"]==>aTaintCase005["Map元素"] -N5_6["集合(集合对象全为污点)"]==>aTaintCase006["List元素"] -N5_6["集合(集合对象全为污点)"]==>aTaintCase007["Queue元素"] -N5_6["集合(集合对象全为污点)"]==>aTaintCase008["Set元素"] +N5_6["集合(集合对象全为污点)"]==>N6_6["Map元素"] +N5_6["集合(集合对象全为污点)"]==>N6_7["List元素"] +N5_6["集合(集合对象全为污点)"]==>N6_8["Queue元素"] +N5_6["集合(集合对象全为污点)"]==>N6_9["Set元素"] N4_1["污点对象完整度"]==>N5_6["集合(集合对象全为污点)"] -N5_14["数组(数组对象全为污点)"]==>aTaintCase0013["数组对象String[]"] -N5_14["数组(数组对象全为污点)"]==>aTaintCase0014["数组对象char[]"] -N5_14["数组(数组对象全为污点)"]==>aTaintCase0015["数组对象byte[]"] -N5_14["数组(数组对象全为污点)"]==>aTaintCase0016["单维数组对象的元素"] -N5_14["数组(数组对象全为污点)"]==>aTaintCase00926["多维数组对象的元素"] +N5_14["数组(数组对象全为污点)"]==>N6_14["数组对象String[]"] +N5_14["数组(数组对象全为污点)"]==>N6_15["数组对象char[]"] +N5_14["数组(数组对象全为污点)"]==>N6_16["数组对象byte[]"] +N5_14["数组(数组对象全为污点)"]==>N6_17["单维数组对象的元素"] +N5_14["数组(数组对象全为污点)"]==>N6_18["多维数组对象的元素"] N4_1["污点对象完整度"]==>N5_14["数组(数组对象全为污点)"] -N7_19["单层字段"]==>aTaintCase00921["10"] -N7_19["单层字段"]==>aTaintCase00922["100"] +N7_19["单层字段"]==>N8_19["10"] +N7_19["单层字段"]==>N8_20["100"] N6_19["对象字段"]==>N7_19["单层字段"] -N7_21["多层字段"]==>aTaintCase00923["3层"] -N7_21["多层字段"]==>aTaintCase00924["10层"] +N7_21["多层字段"]==>N8_21["3层"] +N7_21["多层字段"]==>N8_22["10层"] N6_19["对象字段"]==>N7_21["多层字段"] -N6_19["对象字段"]==>aTaintCase00925["污点为父类字段"] +N6_19["对象字段"]==>N7_23["污点为父类字段"] N5_19["自定义对象"]==>N6_19["对象字段"] N4_1["污点对象完整度"]==>N5_19["自定义对象"] N3_1["基础跟踪能力"]==>N4_1["污点对象完整度"] -N5_24["特殊链路跟踪能力"]==>aTaintCase0022["三方包方法跟踪"] -N6_25["超长链路追踪"]==>aTaintCase0023["100层"] -N6_25["超长链路追踪"]==>aTaintCase00931["1000层"] +N5_24["特殊链路跟踪能力"]==>N6_24["三方包方法跟踪"] +N6_25["超长链路追踪"]==>N7_25["100层"] +N6_25["超长链路追踪"]==>N7_26["1000层"] N5_24["特殊链路跟踪能力"]==>N6_25["超长链路追踪"] -N5_24["特殊链路跟踪能力"]==>aTaintCase0024["反射调用方法跟踪"] -N5_24["特殊链路跟踪能力"]==>aTaintCase0025["调用native方法"] +N5_24["特殊链路跟踪能力"]==>N6_27["反射调用方法跟踪"] +N5_24["特殊链路跟踪能力"]==>N6_28["调用native方法"] N4_24["污点链路完整度"]==>N5_24["特殊链路跟踪能力"] -N5_29["污点来源识别能力(source)"]==>aTaintCase0027["污点来自http getQueryString"] +N5_29["污点来源识别能力(source)"]==>N6_29["污点来自http getQueryString"] N6_30["污点来自http body"]==>N7_30["json"] -N6_30["污点来自http body"]==>aTaintCase0034["xml/getInputStream"] -N7_32["multipart/form-data"]==>aTaintCase0035["getPart"] -N7_32["multipart/form-data"]==>aTaintCase0036["getParts"] +N6_30["污点来自http body"]==>N7_31["xml/getInputStream"] +N7_32["multipart/form-data"]==>N8_32["getPart"] +N7_32["multipart/form-data"]==>N8_33["getParts"] N6_30["污点来自http body"]==>N7_32["multipart/form-data"] -N7_34["form/url-encode"]==>aTaintCase0037["getParameter"] -N7_34["form/url-encode"]==>aTaintCase0038["getParameterMap"] -N7_34["form/url-encode"]==>aTaintCase0039["getParameterValues"] -N7_34["form/url-encode"]==>aTaintCase0040["getParameterNames"] +N7_34["form/url-encode"]==>N8_34["getParameter"] +N7_34["form/url-encode"]==>N8_35["getParameterMap"] +N7_34["form/url-encode"]==>N8_36["getParameterValues"] +N7_34["form/url-encode"]==>N8_37["getParameterNames"] N6_30["污点来自http body"]==>N7_34["form/url-encode"] -N6_30["污点来自http body"]==>aTaintCase0041["getReader"] +N6_30["污点来自http body"]==>N7_38["getReader"] N5_29["污点来源识别能力(source)"]==>N6_30["污点来自http body"] -N5_29["污点来源识别能力(source)"]==>aTaintCase0044["污点来自http pathVarlables"] -N6_40["污点来自http header"]==>aTaintCase0045["getCookies"] -N6_40["污点来自http header"]==>aTaintCase0046["getHeader"] -N6_40["污点来自http header"]==>aTaintCase0047["getHeaders"] -N6_40["污点来自http header"]==>aTaintCase00139["getHeaderNames"] +N5_29["污点来源识别能力(source)"]==>N6_39["污点来自http pathVarlables"] +N6_40["污点来自http header"]==>N7_40["getCookies"] +N6_40["污点来自http header"]==>N7_41["getHeader"] +N6_40["污点来自http header"]==>N7_42["getHeaders"] +N6_40["污点来自http header"]==>N7_43["getHeaderNames"] N5_29["污点来源识别能力(source)"]==>N6_40["污点来自http header"] N4_24["污点链路完整度"]==>N5_29["污点来源识别能力(source)"] -N8_44["构造方法"]==>aTaintCase0062["String(String original)"] -N8_44["构造方法"]==>aTaintCase00143["String(char value[])"] -N8_44["构造方法"]==>aTaintCase00144["String(char value[], int offset, int count)"] -N8_44["构造方法"]==>aTaintCase00145["String(int[] codePoints, int offset, int count)"] -N8_44["构造方法"]==>aTaintCase00146["String(byte bytes[], int offset, int length, String charsetName)"] -N8_44["构造方法"]==>aTaintCase00147["String(byte bytes[], int offset, int length, Charset charset)"] -N8_44["构造方法"]==>aTaintCase00148["String(StringBuffer buffer)"] -N8_44["构造方法"]==>aTaintCase00149["String(StringBuilder builder)"] +N8_44["构造方法"]==>N9_44["String(String original)"] +N8_44["构造方法"]==>N9_45["String(char value[])"] +N8_44["构造方法"]==>N9_46["String(char value[], int offset, int count)"] +N8_44["构造方法"]==>N9_47["String(int[] codePoints, int offset, int count)"] +N8_44["构造方法"]==>N9_48["String(byte bytes[], int offset, int length, String charsetName)"] +N8_44["构造方法"]==>N9_49["String(byte bytes[], int offset, int length, Charset charset)"] +N8_44["构造方法"]==>N9_50["String(StringBuffer buffer)"] +N8_44["构造方法"]==>N9_51["String(StringBuilder builder)"] N7_44["String操作"]==>N8_44["构造方法"] -N7_44["String操作"]==>aTaintCase0063["conact"] -N7_44["String操作"]==>aTaintCase0064["copyValueOf"] -N7_44["String操作"]==>aTaintCase0065["format"] -N7_44["String操作"]==>aTaintCase0066["getBytes"] -N7_44["String操作"]==>aTaintCase0067["getChars"] -N7_44["String操作"]==>aTaintCase0068["intern"] -N7_44["String操作"]==>aTaintCase0069["join"] -N7_44["String操作"]==>aTaintCase0071["replace"] -N7_44["String操作"]==>aTaintCase00140["replaceAll"] -N7_44["String操作"]==>aTaintCase0072["split"] -N7_44["String操作"]==>aTaintCase0074["subSequence"] -N7_44["String操作"]==>aTaintCase0075["substring"] -N7_44["String操作"]==>aTaintCase0076["toCharArray"] -N7_44["String操作"]==>aTaintCase0077["toLowerCase"] -N7_44["String操作"]==>aTaintCase0078["toString"] -N7_44["String操作"]==>aTaintCase0079["toUpperCase"] -N7_44["String操作"]==>aTaintCase0080["trim"] -N7_44["String操作"]==>aTaintCase0081["valueOf"] +N7_44["String操作"]==>N8_52["conact"] +N7_44["String操作"]==>N8_53["copyValueOf"] +N7_44["String操作"]==>N8_54["format"] +N7_44["String操作"]==>N8_55["getBytes"] +N7_44["String操作"]==>N8_56["getChars"] +N7_44["String操作"]==>N8_57["intern"] +N7_44["String操作"]==>N8_58["join"] +N7_44["String操作"]==>N8_59["replace"] +N7_44["String操作"]==>N8_60["replaceAll"] +N7_44["String操作"]==>N8_61["split"] +N7_44["String操作"]==>N8_62["subSequence"] +N7_44["String操作"]==>N8_63["substring"] +N7_44["String操作"]==>N8_64["toCharArray"] +N7_44["String操作"]==>N8_65["toLowerCase"] +N7_44["String操作"]==>N8_66["toString"] +N7_44["String操作"]==>N8_67["toUpperCase"] +N7_44["String操作"]==>N8_68["trim"] +N7_44["String操作"]==>N8_69["valueOf"] N6_44["传播场景"]==>N7_44["String操作"] -N7_70["StringBuilder操作"]==>aTaintCase0082["构造方法"] -N7_70["StringBuilder操作"]==>aTaintCase0083["append"] -N7_70["StringBuilder操作"]==>aTaintCase0085["delete"] -N7_70["StringBuilder操作"]==>aTaintCase0086["deleteCharAt"] -N7_70["StringBuilder操作"]==>aTaintCase0087["getChars"] -N7_70["StringBuilder操作"]==>aTaintCase0088["insert"] -N7_70["StringBuilder操作"]==>aTaintCase0089["replace"] -N7_70["StringBuilder操作"]==>aTaintCase0090["subSequence"] -N7_70["StringBuilder操作"]==>aTaintCase0091["subString"] -N7_70["StringBuilder操作"]==>aTaintCase0092["toString"] +N7_70["StringBuilder操作"]==>N8_70["构造方法"] +N7_70["StringBuilder操作"]==>N8_71["append"] +N7_70["StringBuilder操作"]==>N8_72["delete"] +N7_70["StringBuilder操作"]==>N8_73["deleteCharAt"] +N7_70["StringBuilder操作"]==>N8_74["getChars"] +N7_70["StringBuilder操作"]==>N8_75["insert"] +N7_70["StringBuilder操作"]==>N8_76["replace"] +N7_70["StringBuilder操作"]==>N8_77["subSequence"] +N7_70["StringBuilder操作"]==>N8_78["subString"] +N7_70["StringBuilder操作"]==>N8_79["toString"] N6_44["传播场景"]==>N7_70["StringBuilder操作"] -N7_80["char[],byte[]操作"]==>aTaintCase0093["copyOf"] -N7_80["char[],byte[]操作"]==>aTaintCase0094["copyOfRange"] -N7_80["char[],byte[]操作"]==>aTaintCase0095["deepToString"] -N7_80["char[],byte[]操作"]==>aTaintCase0096["toString"] +N7_80["char[],byte[]操作"]==>N8_80["copyOf"] +N7_80["char[],byte[]操作"]==>N8_81["copyOfRange"] +N7_80["char[],byte[]操作"]==>N8_82["deepToString"] +N7_80["char[],byte[]操作"]==>N8_83["toString"] N6_44["传播场景"]==>N7_80["char[],byte[]操作"] -N6_44["传播场景"]==>aTaintCase00932["JDK序列化与反序列化"] +N6_44["传播场景"]==>N7_84["JDK序列化与反序列化"] N5_44["污点传播跟踪能力"]==>N6_44["传播场景"] N4_24["污点链路完整度"]==>N5_44["污点传播跟踪能力"] -N5_85["污点无害化处理能力(sanitizer)"]==>aTaintCase00141["污点直接赋值为硬编码值"] -N5_85["污点无害化处理能力(sanitizer)"]==>aTaintCase00103["sanitizer支持区分类型"] -N5_85["污点无害化处理能力(sanitizer)"]==>aTaintCase00104["触发sink后再执行sanitizer"] -N5_85["污点无害化处理能力(sanitizer)"]==>aTaintCase00105["支持自定义unSanitizer(再次污点化)"] +N5_85["污点无害化处理能力(sanitizer)"]==>N6_85["污点直接赋值为硬编码值"] +N5_85["污点无害化处理能力(sanitizer)"]==>N6_86["sanitizer支持区分类型"] +N5_85["污点无害化处理能力(sanitizer)"]==>N6_87["触发sink后再执行sanitizer"] +N5_85["污点无害化处理能力(sanitizer)"]==>N6_88["支持自定义unSanitizer(再次污点化)"] N4_24["污点链路完整度"]==>N5_85["污点无害化处理能力(sanitizer)"] -N5_89["触发污点跟踪能力(sink)"]==>aTaintCase00109["单污点来源传播至多sink点"] -N5_89["触发污点跟踪能力(sink)"]==>aTaintCase00110["多污点来源传播至单sink点"] -N5_89["触发污点跟踪能力(sink)"]==>aTaintCase00112["无污点传播过程,污点直接传入sink"] +N5_89["触发污点跟踪能力(sink)"]==>N6_89["单污点来源传播至多sink点"] +N5_89["触发污点跟踪能力(sink)"]==>N6_90["多污点来源传播至单sink点"] +N5_89["触发污点跟踪能力(sink)"]==>N6_91["无污点传播过程,污点直接传入sink"] N4_24["污点链路完整度"]==>N5_89["触发污点跟踪能力(sink)"] N3_1["基础跟踪能力"]==>N4_24["污点链路完整度"] N2_1["完整度"]==>N3_1["基础跟踪能力"] -N4_92["存储型异步"]==>aTaintCase00113["污点通过db存储后触发"] -N4_92["存储型异步"]==>aTaintCase00114["污点通过session存储后触发"] -N5_94["污点通过缓存存储后触发"]==>aTaintCase00115["本地缓存"] -N5_94["污点通过缓存存储后触发"]==>aTaintCase00138["非本地缓存"] +N4_92["存储型异步"]==>N5_92["污点通过db存储后触发"] +N4_92["存储型异步"]==>N5_93["污点通过session存储后触发"] +N5_94["污点通过缓存存储后触发"]==>N6_94["本地缓存"] +N5_94["污点通过缓存存储后触发"]==>N6_95["非本地缓存"] N4_92["存储型异步"]==>N5_94["污点通过缓存存储后触发"] -N5_96["污点通过文件存储后触发"]==>aTaintCase00116["本地文件"] +N5_96["污点通过文件存储后触发"]==>N6_96["本地文件"] N4_92["存储型异步"]==>N5_96["污点通过文件存储后触发"] N3_92["异步跟踪能力"]==>N4_92["存储型异步"] -N4_97["多线程异步"]==>aTaintCase00119["污点的来源和触发在不同线程"] -N4_97["多线程异步"]==>aTaintCase00120["污点的来源和触发在不同线程,sink的触发由线程池中的线程触发"] +N4_97["多线程异步"]==>N5_97["污点的来源和触发在不同线程"] +N4_97["多线程异步"]==>N5_98["污点的来源和触发在不同线程,sink的触发由线程池中的线程触发"] N3_92["异步跟踪能力"]==>N4_97["多线程异步"] N2_1["完整度"]==>N3_92["异步跟踪能力"] -N5_99["http"]==>aTaintCase00123["跨一层进程调用"] -N5_99["http"]==>aTaintCase00124["跨多层进程调用"] +N5_99["http"]==>N6_99["跨一层进程调用"] +N5_99["http"]==>N6_100["跨多层进程调用"] N4_99["调用方式"]==>N5_99["http"] -N5_101["rpc(至少支持一种框架:Sofa/SpringCloud/Dubbo/gRpc/HSF)"]==>aTaintCase001241["跨一层进程间调用(暂无实现)"] -N5_101["rpc(至少支持一种框架:Sofa/SpringCloud/Dubbo/gRpc/HSF)"]==>aTaintCase001242["跨多层进程间调用(暂无实现)"] +N5_101["rpc(至少支持一种框架:Sofa/SpringCloud/Dubbo/gRpc/HSF)"]==>N6_101["跨一层进程间调用(暂无实现)"] +N5_101["rpc(至少支持一种框架:Sofa/SpringCloud/Dubbo/gRpc/HSF)"]==>N6_102["跨多层进程间调用(暂无实现)"] N4_99["调用方式"]==>N5_101["rpc(至少支持一种框架:Sofa/SpringCloud/Dubbo/gRpc/HSF)"] N3_99["跨进程跟踪能力"]==>N4_99["调用方式"] N2_1["完整度"]==>N3_99["跨进程跟踪能力"] N1_1["IAST引擎能力评估体系(JAVA)"]==>N2_1["完整度"] -N5_103["部分字段对象为污点"]==>aTaintCase00142["对象部分字段为污点,经过JDK序列化后再反序列化"] -N6_104["多层复杂对象部分字段为污点"]==>aTaintCase00127["污点来自父类"] -N6_104["多层复杂对象部分字段为污点"]==>aTaintCase00128["污点来当前类字段"] -N5_103["部分字段对象为污点"]==>N6_104["多层复杂对象部分字段为污点"] -N5_103["部分字段对象为污点"]==>aTaintCase00126["单层简单对象部分字段为污点"] -N4_103["字段/元素级别"]==>N5_103["部分字段对象为污点"] -N5_108["部分数据元素为污点"]==>aTaintCase00129["单维数组中的部分元素为污点"] -N5_108["部分数据元素为污点"]==>aTaintCase00130["多维数组中的部分元素为污点"] -N5_108["部分数据元素为污点"]==>aTaintCase00131["部分元素为污点,经过JDK序列化后再反序列化"] -N4_103["字段/元素级别"]==>N5_108["部分数据元素为污点"] -N5_111["部分集合元素为污点"]==>aTaintCase00132["List中部分元素为污点"] -N5_111["部分集合元素为污点"]==>aTaintCase00133["Map中部分元素为污点"] -N5_111["部分集合元素为污点"]==>aTaintCase00134["Set中部分元素为污点"] -N5_111["部分集合元素为污点"]==>aTaintCase00135["Queue中部分元素为污点"] -N5_111["部分集合元素为污点"]==>aTaintCase00136["集合中部分元素为污点,经过JDK序列化后再反序列化"] -N4_103["字段/元素级别"]==>N5_111["部分集合元素为污点"] -N3_103["污点对象跟踪粒度"]==>N4_103["字段/元素级别"] -N4_106["变量级别"]==>aTaintCase00125["sink点的值非外部可控,但与某个参数值相同"] -N3_103["污点对象跟踪粒度"]==>N4_106["变量级别"] -N7_116["String操作"]==>aTaintCase00940["replcace"] -N7_116["String操作"]==>aTaintCase00941["replcaceAll"] -N7_116["String操作"]==>aTaintCase00942["split"] -N7_116["String操作"]==>aTaintCase00943["subSequence"] -N7_116["String操作"]==>aTaintCase00944["substring"] -N7_116["String操作"]==>aTaintCase00945["trim"] -N6_116["截取非污点部分"]==>N7_116["String操作"] -N7_122["StringBuilder操作"]==>aTaintCase00946["delete"] -N7_122["StringBuilder操作"]==>aTaintCase00947["deleteCharAt"] -N7_122["StringBuilder操作"]==>aTaintCase00948["getChars"] -N7_122["StringBuilder操作"]==>aTaintCase00949["replace"] -N7_122["StringBuilder操作"]==>aTaintCase00950["subSequence"] -N7_122["StringBuilder操作"]==>aTaintCase00951["substring"] -N6_116["截取非污点部分"]==>N7_122["StringBuilder操作"] -N7_128["char[]/byte[]操作"]==>aTaintCase00952["copyOfRange"] -N6_116["截取非污点部分"]==>N7_128["char[]/byte[]操作"] -N5_116["字符串部分存在污点"]==>N6_116["截取非污点部分"] -N7_129["String操作"]==>aTaintCase00953["concat"] -N7_129["String操作"]==>aTaintCase00954["join"] -N7_129["String操作"]==>aTaintCase00955["replace"] -N7_129["String操作"]==>aTaintCase00956["replaceAll"] -N7_129["String操作"]==>aTaintCase00957["trim"] -N6_129["截取非污点部分后再拼接污点"]==>N7_129["String操作"] -N7_134["StringBuilder操作"]==>aTaintCase00958["append"] -N7_134["StringBuilder操作"]==>aTaintCase00959["replace"] -N6_129["截取非污点部分后再拼接污点"]==>N7_134["StringBuilder操作"] -N7_136["char[]/byte[]操作"]==>aTaintCase00960["copyOfRange"] -N6_129["截取非污点部分后再拼接污点"]==>N7_136["char[]/byte[]操作"] -N5_116["字符串部分存在污点"]==>N6_129["截取非污点部分后再拼接污点"] -N4_116["字符串级别"]==>N5_116["字符串部分存在污点"] -N3_103["污点对象跟踪粒度"]==>N4_116["字符串级别"] +N4_103["变量级别"]==>N5_103["sink点的值非外部可控,但与某个参数值相同"] +N3_103["污点对象跟踪粒度"]==>N4_103["变量级别"] +N5_104["部分字段对象为污点"]==>N6_104["单层简单对象部分字段为污点"] +N6_105["多层复杂对象部分字段为污点"]==>N7_105["污点来自父类"] +N6_105["多层复杂对象部分字段为污点"]==>N7_106["污点来当前类字段"] +N5_104["部分字段对象为污点"]==>N6_105["多层复杂对象部分字段为污点"] +N5_104["部分字段对象为污点"]==>N6_136["对象部分字段为污点,经过JDK序列化后再反序列化"] +N4_104["字段/元素级别"]==>N5_104["部分字段对象为污点"] +N5_107["部分数据元素为污点"]==>N6_107["单维数组中的部分元素为污点"] +N5_107["部分数据元素为污点"]==>N6_108["多维数组中的部分元素为污点"] +N5_107["部分数据元素为污点"]==>N6_109["部分元素为污点,经过JDK序列化后再反序列化"] +N4_104["字段/元素级别"]==>N5_107["部分数据元素为污点"] +N5_110["部分集合元素为污点"]==>N6_110["List中部分元素为污点"] +N5_110["部分集合元素为污点"]==>N6_111["Map中部分元素为污点"] +N5_110["部分集合元素为污点"]==>N6_112["Set中部分元素为污点"] +N5_110["部分集合元素为污点"]==>N6_113["Queue中部分元素为污点"] +N5_110["部分集合元素为污点"]==>N6_114["集合中部分元素为污点,经过JDK序列化后再反序列化"] +N4_104["字段/元素级别"]==>N5_110["部分集合元素为污点"] +N3_103["污点对象跟踪粒度"]==>N4_104["字段/元素级别"] +N7_115["String操作"]==>N8_115["replcace"] +N7_115["String操作"]==>N8_116["replcaceAll"] +N7_115["String操作"]==>N8_117["split"] +N7_115["String操作"]==>N8_118["subSequence"] +N7_115["String操作"]==>N8_119["substring"] +N7_115["String操作"]==>N8_120["trim"] +N6_115["截取非污点部分"]==>N7_115["String操作"] +N7_121["StringBuilder操作"]==>N8_121["delete"] +N7_121["StringBuilder操作"]==>N8_122["deleteCharAt"] +N7_121["StringBuilder操作"]==>N8_123["getChars"] +N7_121["StringBuilder操作"]==>N8_124["replace"] +N7_121["StringBuilder操作"]==>N8_125["subSequence"] +N7_121["StringBuilder操作"]==>N8_126["substring"] +N6_115["截取非污点部分"]==>N7_121["StringBuilder操作"] +N7_127["char[]/byte[]操作"]==>N8_127["copyOfRange"] +N6_115["截取非污点部分"]==>N7_127["char[]/byte[]操作"] +N5_115["字符串部分存在污点"]==>N6_115["截取非污点部分"] +N7_128["String操作"]==>N8_128["concat"] +N7_128["String操作"]==>N8_129["join"] +N7_128["String操作"]==>N8_130["replace"] +N7_128["String操作"]==>N8_131["replaceAll"] +N7_128["String操作"]==>N8_132["trim"] +N6_128["截取非污点部分后再拼接污点"]==>N7_128["String操作"] +N7_133["StringBuilder操作"]==>N8_133["append"] +N7_133["StringBuilder操作"]==>N8_134["replace"] +N6_128["截取非污点部分后再拼接污点"]==>N7_133["StringBuilder操作"] +N7_135["char[]/byte[]操作"]==>N8_135["copyOfRange"] +N6_128["截取非污点部分后再拼接污点"]==>N7_135["char[]/byte[]操作"] +N5_115["字符串部分存在污点"]==>N6_128["截取非污点部分后再拼接污点"] +N4_115["字符串级别"]==>N5_115["字符串部分存在污点"] +N3_103["污点对象跟踪粒度"]==>N4_115["字符串级别"] N2_103["准确度"]==>N3_103["污点对象跟踪粒度"] -N1_1["IAST引擎能力评估体系(JAVA)"]==>N2_103["准确度"] \ No newline at end of file +N1_1["IAST引擎能力评估体系(JAVA)"]==>N2_103["准确度"] From e02ae5d204e1180c0a40a66c7a6d1a15294042ac Mon Sep 17 00:00:00 2001 From: "mengmeng.meng" Date: Thu, 25 Jan 2024 17:00:39 +0800 Subject: [PATCH 11/17] Update JAVA.md --- iast-java/src/main/resources/doc/JAVA.md | 378 +++++++++++------------ 1 file changed, 187 insertions(+), 191 deletions(-) diff --git a/iast-java/src/main/resources/doc/JAVA.md b/iast-java/src/main/resources/doc/JAVA.md index 8c39f834..4679438e 100644 --- a/iast-java/src/main/resources/doc/JAVA.md +++ b/iast-java/src/main/resources/doc/JAVA.md @@ -1,194 +1,190 @@
Java IAST引擎能力评价体系
-```mermind +```mermaid graph LR -N5_1["字符串对象"]==>N6_1["String"] -N4_1["污点对象完整度"]==>N5_1["字符串对象"] -N5_2["基本数据类型及其封装类型"]==>N6_2["int"] -N5_2["基本数据类型及其封装类型"]==>N6_3["char"] -N5_2["基本数据类型及其封装类型"]==>N6_4["byte"] -N5_2["基本数据类型及其封装类型"]==>N6_5["long"] -N5_2["基本数据类型及其封装类型"]==>N6_10["Byte"] -N5_2["基本数据类型及其封装类型"]==>N6_11["Integer"] -N5_2["基本数据类型及其封装类型"]==>N6_12["Long"] -N5_2["基本数据类型及其封装类型"]==>N6_13["Character"] -N4_1["污点对象完整度"]==>N5_2["基本数据类型及其封装类型"] -N5_6["集合(集合对象全为污点)"]==>N6_6["Map元素"] -N5_6["集合(集合对象全为污点)"]==>N6_7["List元素"] -N5_6["集合(集合对象全为污点)"]==>N6_8["Queue元素"] -N5_6["集合(集合对象全为污点)"]==>N6_9["Set元素"] -N4_1["污点对象完整度"]==>N5_6["集合(集合对象全为污点)"] -N5_14["数组(数组对象全为污点)"]==>N6_14["数组对象String[]"] -N5_14["数组(数组对象全为污点)"]==>N6_15["数组对象char[]"] -N5_14["数组(数组对象全为污点)"]==>N6_16["数组对象byte[]"] -N5_14["数组(数组对象全为污点)"]==>N6_17["单维数组对象的元素"] -N5_14["数组(数组对象全为污点)"]==>N6_18["多维数组对象的元素"] -N4_1["污点对象完整度"]==>N5_14["数组(数组对象全为污点)"] -N7_19["单层字段"]==>N8_19["10"] -N7_19["单层字段"]==>N8_20["100"] -N6_19["对象字段"]==>N7_19["单层字段"] -N7_21["多层字段"]==>N8_21["3层"] -N7_21["多层字段"]==>N8_22["10层"] -N6_19["对象字段"]==>N7_21["多层字段"] -N6_19["对象字段"]==>N7_23["污点为父类字段"] -N5_19["自定义对象"]==>N6_19["对象字段"] -N4_1["污点对象完整度"]==>N5_19["自定义对象"] -N3_1["基础跟踪能力"]==>N4_1["污点对象完整度"] -N5_24["特殊链路跟踪能力"]==>N6_24["三方包方法跟踪"] -N6_25["超长链路追踪"]==>N7_25["100层"] -N6_25["超长链路追踪"]==>N7_26["1000层"] -N5_24["特殊链路跟踪能力"]==>N6_25["超长链路追踪"] -N5_24["特殊链路跟踪能力"]==>N6_27["反射调用方法跟踪"] -N5_24["特殊链路跟踪能力"]==>N6_28["调用native方法"] -N4_24["污点链路完整度"]==>N5_24["特殊链路跟踪能力"] -N5_29["污点来源识别能力(source)"]==>N6_29["污点来自http getQueryString"] -N6_30["污点来自http body"]==>N7_30["json"] -N6_30["污点来自http body"]==>N7_31["xml/getInputStream"] -N7_32["multipart/form-data"]==>N8_32["getPart"] -N7_32["multipart/form-data"]==>N8_33["getParts"] -N6_30["污点来自http body"]==>N7_32["multipart/form-data"] -N7_34["form/url-encode"]==>N8_34["getParameter"] -N7_34["form/url-encode"]==>N8_35["getParameterMap"] -N7_34["form/url-encode"]==>N8_36["getParameterValues"] -N7_34["form/url-encode"]==>N8_37["getParameterNames"] -N6_30["污点来自http body"]==>N7_34["form/url-encode"] -N6_30["污点来自http body"]==>N7_38["getReader"] -N5_29["污点来源识别能力(source)"]==>N6_30["污点来自http body"] -N5_29["污点来源识别能力(source)"]==>N6_39["污点来自http pathVarlables"] -N6_40["污点来自http header"]==>N7_40["getCookies"] -N6_40["污点来自http header"]==>N7_41["getHeader"] -N6_40["污点来自http header"]==>N7_42["getHeaders"] -N6_40["污点来自http header"]==>N7_43["getHeaderNames"] -N5_29["污点来源识别能力(source)"]==>N6_40["污点来自http header"] -N4_24["污点链路完整度"]==>N5_29["污点来源识别能力(source)"] -N8_44["构造方法"]==>N9_44["String(String original)"] -N8_44["构造方法"]==>N9_45["String(char value[])"] -N8_44["构造方法"]==>N9_46["String(char value[], int offset, int count)"] -N8_44["构造方法"]==>N9_47["String(int[] codePoints, int offset, int count)"] -N8_44["构造方法"]==>N9_48["String(byte bytes[], int offset, int length, String charsetName)"] -N8_44["构造方法"]==>N9_49["String(byte bytes[], int offset, int length, Charset charset)"] -N8_44["构造方法"]==>N9_50["String(StringBuffer buffer)"] -N8_44["构造方法"]==>N9_51["String(StringBuilder builder)"] -N7_44["String操作"]==>N8_44["构造方法"] -N7_44["String操作"]==>N8_52["conact"] -N7_44["String操作"]==>N8_53["copyValueOf"] -N7_44["String操作"]==>N8_54["format"] -N7_44["String操作"]==>N8_55["getBytes"] -N7_44["String操作"]==>N8_56["getChars"] -N7_44["String操作"]==>N8_57["intern"] -N7_44["String操作"]==>N8_58["join"] -N7_44["String操作"]==>N8_59["replace"] -N7_44["String操作"]==>N8_60["replaceAll"] -N7_44["String操作"]==>N8_61["split"] -N7_44["String操作"]==>N8_62["subSequence"] -N7_44["String操作"]==>N8_63["substring"] -N7_44["String操作"]==>N8_64["toCharArray"] -N7_44["String操作"]==>N8_65["toLowerCase"] -N7_44["String操作"]==>N8_66["toString"] -N7_44["String操作"]==>N8_67["toUpperCase"] -N7_44["String操作"]==>N8_68["trim"] -N7_44["String操作"]==>N8_69["valueOf"] -N6_44["传播场景"]==>N7_44["String操作"] -N7_70["StringBuilder操作"]==>N8_70["构造方法"] -N7_70["StringBuilder操作"]==>N8_71["append"] -N7_70["StringBuilder操作"]==>N8_72["delete"] -N7_70["StringBuilder操作"]==>N8_73["deleteCharAt"] -N7_70["StringBuilder操作"]==>N8_74["getChars"] -N7_70["StringBuilder操作"]==>N8_75["insert"] -N7_70["StringBuilder操作"]==>N8_76["replace"] -N7_70["StringBuilder操作"]==>N8_77["subSequence"] -N7_70["StringBuilder操作"]==>N8_78["subString"] -N7_70["StringBuilder操作"]==>N8_79["toString"] -N6_44["传播场景"]==>N7_70["StringBuilder操作"] -N7_80["char[],byte[]操作"]==>N8_80["copyOf"] -N7_80["char[],byte[]操作"]==>N8_81["copyOfRange"] -N7_80["char[],byte[]操作"]==>N8_82["deepToString"] -N7_80["char[],byte[]操作"]==>N8_83["toString"] -N6_44["传播场景"]==>N7_80["char[],byte[]操作"] -N6_44["传播场景"]==>N7_84["JDK序列化与反序列化"] -N5_44["污点传播跟踪能力"]==>N6_44["传播场景"] -N4_24["污点链路完整度"]==>N5_44["污点传播跟踪能力"] -N5_85["污点无害化处理能力(sanitizer)"]==>N6_85["污点直接赋值为硬编码值"] -N5_85["污点无害化处理能力(sanitizer)"]==>N6_86["sanitizer支持区分类型"] -N5_85["污点无害化处理能力(sanitizer)"]==>N6_87["触发sink后再执行sanitizer"] -N5_85["污点无害化处理能力(sanitizer)"]==>N6_88["支持自定义unSanitizer(再次污点化)"] -N4_24["污点链路完整度"]==>N5_85["污点无害化处理能力(sanitizer)"] -N5_89["触发污点跟踪能力(sink)"]==>N6_89["单污点来源传播至多sink点"] -N5_89["触发污点跟踪能力(sink)"]==>N6_90["多污点来源传播至单sink点"] -N5_89["触发污点跟踪能力(sink)"]==>N6_91["无污点传播过程,污点直接传入sink"] -N4_24["污点链路完整度"]==>N5_89["触发污点跟踪能力(sink)"] -N3_1["基础跟踪能力"]==>N4_24["污点链路完整度"] -N2_1["完整度"]==>N3_1["基础跟踪能力"] -N4_92["存储型异步"]==>N5_92["污点通过db存储后触发"] -N4_92["存储型异步"]==>N5_93["污点通过session存储后触发"] -N5_94["污点通过缓存存储后触发"]==>N6_94["本地缓存"] -N5_94["污点通过缓存存储后触发"]==>N6_95["非本地缓存"] -N4_92["存储型异步"]==>N5_94["污点通过缓存存储后触发"] -N5_96["污点通过文件存储后触发"]==>N6_96["本地文件"] -N4_92["存储型异步"]==>N5_96["污点通过文件存储后触发"] -N3_92["异步跟踪能力"]==>N4_92["存储型异步"] -N4_97["多线程异步"]==>N5_97["污点的来源和触发在不同线程"] -N4_97["多线程异步"]==>N5_98["污点的来源和触发在不同线程,sink的触发由线程池中的线程触发"] -N3_92["异步跟踪能力"]==>N4_97["多线程异步"] -N2_1["完整度"]==>N3_92["异步跟踪能力"] -N5_99["http"]==>N6_99["跨一层进程调用"] -N5_99["http"]==>N6_100["跨多层进程调用"] -N4_99["调用方式"]==>N5_99["http"] -N5_101["rpc(至少支持一种框架:Sofa/SpringCloud/Dubbo/gRpc/HSF)"]==>N6_101["跨一层进程间调用(暂无实现)"] -N5_101["rpc(至少支持一种框架:Sofa/SpringCloud/Dubbo/gRpc/HSF)"]==>N6_102["跨多层进程间调用(暂无实现)"] -N4_99["调用方式"]==>N5_101["rpc(至少支持一种框架:Sofa/SpringCloud/Dubbo/gRpc/HSF)"] -N3_99["跨进程跟踪能力"]==>N4_99["调用方式"] -N2_1["完整度"]==>N3_99["跨进程跟踪能力"] -N1_1["IAST引擎能力评估体系(JAVA)"]==>N2_1["完整度"] -N4_103["变量级别"]==>N5_103["sink点的值非外部可控,但与某个参数值相同"] -N3_103["污点对象跟踪粒度"]==>N4_103["变量级别"] -N5_104["部分字段对象为污点"]==>N6_104["单层简单对象部分字段为污点"] -N6_105["多层复杂对象部分字段为污点"]==>N7_105["污点来自父类"] -N6_105["多层复杂对象部分字段为污点"]==>N7_106["污点来当前类字段"] -N5_104["部分字段对象为污点"]==>N6_105["多层复杂对象部分字段为污点"] -N5_104["部分字段对象为污点"]==>N6_136["对象部分字段为污点,经过JDK序列化后再反序列化"] -N4_104["字段/元素级别"]==>N5_104["部分字段对象为污点"] -N5_107["部分数据元素为污点"]==>N6_107["单维数组中的部分元素为污点"] -N5_107["部分数据元素为污点"]==>N6_108["多维数组中的部分元素为污点"] -N5_107["部分数据元素为污点"]==>N6_109["部分元素为污点,经过JDK序列化后再反序列化"] -N4_104["字段/元素级别"]==>N5_107["部分数据元素为污点"] -N5_110["部分集合元素为污点"]==>N6_110["List中部分元素为污点"] -N5_110["部分集合元素为污点"]==>N6_111["Map中部分元素为污点"] -N5_110["部分集合元素为污点"]==>N6_112["Set中部分元素为污点"] -N5_110["部分集合元素为污点"]==>N6_113["Queue中部分元素为污点"] -N5_110["部分集合元素为污点"]==>N6_114["集合中部分元素为污点,经过JDK序列化后再反序列化"] -N4_104["字段/元素级别"]==>N5_110["部分集合元素为污点"] -N3_103["污点对象跟踪粒度"]==>N4_104["字段/元素级别"] -N7_115["String操作"]==>N8_115["replcace"] -N7_115["String操作"]==>N8_116["replcaceAll"] -N7_115["String操作"]==>N8_117["split"] -N7_115["String操作"]==>N8_118["subSequence"] -N7_115["String操作"]==>N8_119["substring"] -N7_115["String操作"]==>N8_120["trim"] -N6_115["截取非污点部分"]==>N7_115["String操作"] -N7_121["StringBuilder操作"]==>N8_121["delete"] -N7_121["StringBuilder操作"]==>N8_122["deleteCharAt"] -N7_121["StringBuilder操作"]==>N8_123["getChars"] -N7_121["StringBuilder操作"]==>N8_124["replace"] -N7_121["StringBuilder操作"]==>N8_125["subSequence"] -N7_121["StringBuilder操作"]==>N8_126["substring"] -N6_115["截取非污点部分"]==>N7_121["StringBuilder操作"] -N7_127["char[]/byte[]操作"]==>N8_127["copyOfRange"] -N6_115["截取非污点部分"]==>N7_127["char[]/byte[]操作"] -N5_115["字符串部分存在污点"]==>N6_115["截取非污点部分"] -N7_128["String操作"]==>N8_128["concat"] -N7_128["String操作"]==>N8_129["join"] -N7_128["String操作"]==>N8_130["replace"] -N7_128["String操作"]==>N8_131["replaceAll"] -N7_128["String操作"]==>N8_132["trim"] -N6_128["截取非污点部分后再拼接污点"]==>N7_128["String操作"] -N7_133["StringBuilder操作"]==>N8_133["append"] -N7_133["StringBuilder操作"]==>N8_134["replace"] -N6_128["截取非污点部分后再拼接污点"]==>N7_133["StringBuilder操作"] -N7_135["char[]/byte[]操作"]==>N8_135["copyOfRange"] -N6_128["截取非污点部分后再拼接污点"]==>N7_135["char[]/byte[]操作"] -N5_115["字符串部分存在污点"]==>N6_128["截取非污点部分后再拼接污点"] -N4_115["字符串级别"]==>N5_115["字符串部分存在污点"] -N3_103["污点对象跟踪粒度"]==>N4_115["字符串级别"] -N2_103["准确度"]==>N3_103["污点对象跟踪粒度"] -N1_1["IAST引擎能力评估体系(JAVA)"]==>N2_103["准确度"] +N11["IAST引擎能力评估体系(JAVA)"]-->N21["完整度"] +N21["完整度"]-->N31["基础跟踪能力"] +N31["基础跟踪能力"]-->N41["污点对象完整度"] +N41["污点对象完整度"]-->N51["基础数据类型"] +N51["基础数据类型"]-->N61["int"] +N51["基础数据类型"]-->N62["char"] +N51["基础数据类型"]-->N63["byte"] +N51["基础数据类型"]-->N64["long"] +N41["污点对象完整度"]-->N55["引用类型"] +N55["引用类型"]-->N65["基本数据类型的封装类型"] +N65["基本数据类型的封装类型"]-->N75["Byte"] +N65["基本数据类型的封装类型"]-->N76["Integer"] +N65["基本数据类型的封装类型"]-->N77["Long"] +N65["基本数据类型的封装类型"]-->N78["Character"] +N41["污点对象完整度"]-->N59["字符串对象"] +N59["字符串对象"]-->N69["String"] +N41["污点对象完整度"]-->N512["自定义对象"] +N512["自定义对象"]-->N612["对象字段"] +N612["对象字段"]-->N712["单层字段(10)"] +N612["对象字段"]-->N713["单层字段(100)"] +N612["对象字段"]-->N714["多层字段(3)"] +N612["对象字段"]-->N715["多层字段(10)"] +N612["对象字段"]-->N716["污点来自父类"] +N41["污点对象完整度"]-->N517["数组(数组全为污点)"] +N517["数组(数组全为污点)"]-->N617["数组对象String[]"] +N517["数组(数组全为污点)"]-->N618["数组对象char[]"] +N517["数组(数组全为污点)"]-->N619["数组对象byte[]"] +N517["数组(数组全为污点)"]-->N620["单维数组对象的元素"] +N517["数组(数组全为污点)"]-->N621["多维数组对象的元素"] +N41["污点对象完整度"]-->N522["集合元素"] +N522["集合元素"]-->N622["Map元素"] +N522["集合元素"]-->N623["List元素"] +N522["集合元素"]-->N624["Queue元素"] +N522["集合元素"]-->N625["Set元素"] +N31["基础跟踪能力"]-->N426["污点链路完整度"] +N426["污点链路完整度"]-->N526["特殊链路跟踪能力"] +N526["特殊链路跟踪能力"]-->N626["超长链路追踪(100层)"] +N526["特殊链路跟踪能力"]-->N627["超长链路追踪(1000层)"] +N526["特殊链路跟踪能力"]-->N628["三方包方法跟踪"] +N526["特殊链路跟踪能力"]-->N629["反射调用方法跟踪"] +N526["特殊链路跟踪能力"]-->N630["调用native方法"] +N426["污点链路完整度"]-->N531["污点来源识别能力(source)"] +N531["污点来源识别能力(source)"]-->N631["污点来自http getQueryString"] +N531["污点来源识别能力(source)"]-->N632["污点来自http body"] +N632["污点来自http body"]-->N732["*json"] +N632["污点来自http body"]-->N733["*xml"] +N632["污点来自http body"]-->N734["multipart/form-data getPart"] +N632["污点来自http body"]-->N735["multipart/form-data getParts"] +N632["污点来自http body"]-->N736["form/url-encode getParameter"] +N632["污点来自http body"]-->N737["form/url-encode getParameterMap"] +N632["污点来自http body"]-->N738["form/url-encode getParameterValues"] +N632["污点来自http body"]-->N739["form/url-encode getParameterNames"] +N632["污点来自http body"]-->N740["getReader"] +N531["污点来源识别能力(source)"]-->N643["污点来自http pathVarlables"] +N531["污点来源识别能力(source)"]-->N644["污点来自http header getCookies"] +N531["污点来源识别能力(source)"]-->N645["污点来自http header getHeader"] +N531["污点来源识别能力(source)"]-->N646["污点来自http header getHeaders"] +N531["污点来源识别能力(source)"]-->N647["污点来自http header getHeaderNames"] +N426["污点链路完整度"]-->N562["污点传播跟踪能力"] +N562["污点传播跟踪能力"]-->N662["传播场景"] +N662["传播场景"]-->N762["String操作"] +N762["String操作"]-->N862["构造方法"] +N862["构造方法"]-->N962["String(String original)"] +N862["构造方法"]-->N9161["String(char value[])"] +N862["构造方法"]-->N9162["String(char value[], int offset, int count)"] +N862["构造方法"]-->N9163["String(int[] codePoints, int offset, int count)"] +N862["构造方法"]-->N9164["String(byte bytes[], int offset, int length, String charsetName)"] +N862["构造方法"]-->N9165["String(byte bytes[], int offset, int length, Charset charset)"] +N862["构造方法"]-->N9166["String(StringBuffer buffer)"] +N862["构造方法"]-->N9167["String(StringBuilder builder)"] +N762["String操作"]-->N863["conact"] +N762["String操作"]-->N864["copyValueOf"] +N762["String操作"]-->N865["format"] +N762["String操作"]-->N866["getBytes"] +N762["String操作"]-->N867["getChars"] +N762["String操作"]-->N868["intern"] +N762["String操作"]-->N869["join"] +N762["String操作"]-->N870["repeat"] +N762["String操作"]-->N871["replace"] +N762["String操作"]-->N872["replaceAll"] +N762["String操作"]-->N873["split"] +N762["String操作"]-->N874["strip"] +N762["String操作"]-->N875["subSequence"] +N762["String操作"]-->N876["substring"] +N762["String操作"]-->N877["toCharArray"] +N762["String操作"]-->N878["toLowerCase"] +N762["String操作"]-->N879["toString"] +N762["String操作"]-->N880["toUpperCase"] +N762["String操作"]-->N881["trim"] +N762["String操作"]-->N882["valueOf"] +N662["传播场景"]-->N783["StringBuilder操作"] +N783["StringBuilder操作"]-->N883["构造方法"] +N783["StringBuilder操作"]-->N884["append"] +N783["StringBuilder操作"]-->N886["delete"] +N783["StringBuilder操作"]-->N887["deleteCharAt"] +N783["StringBuilder操作"]-->N888["getChars"] +N783["StringBuilder操作"]-->N889["insert"] +N783["StringBuilder操作"]-->N890["replace"] +N783["StringBuilder操作"]-->N891["subSequence"] +N783["StringBuilder操作"]-->N892["subString"] +N783["StringBuilder操作"]-->N893["toString"] +N662["传播场景"]-->N794["char[],byte[]操作"] +N794["char[],byte[]操作"]-->N894["copyOf"] +N794["char[],byte[]操作"]-->N896["deepToString"] +N794["char[],byte[]操作"]-->N897["toString"] +N662["传播场景"]-->N795["char[],byte[]操作-"] +N795["char[],byte[]操作-"]-->N895["copyOfRange"] +N662["传播场景"]-->N799["JDK序列化与反序列化"] +N426["污点链路完整度"]-->N5105["污点无害化处理能力sanitizer"] +N5105["污点无害化处理能力sanitizer"]-->N6105["sanitizer方法特性支持"] +N6105["sanitizer方法特性支持"]-->N7105["污点直接赋值为硬编码值"] +N5105["污点无害化处理能力sanitizer"]-->N6106["sanitizer支持区分类型"] +N5105["污点无害化处理能力sanitizer"]-->N6107["触发sink后再执行sanitizer"] +N5105["污点无害化处理能力sanitizer"]-->N6108["支持自定义unSanitizer(再次污点化)"] +N426["污点链路完整度"]-->N5112["触发污点跟踪能力(sink)"] +N5112["触发污点跟踪能力(sink)"]-->N6112["单污点来源传播至多sink点"] +N5112["触发污点跟踪能力(sink)"]-->N6113["多污点来源传播至单sink点"] +N5112["触发污点跟踪能力(sink)"]-->N6115["无污点传播过程,污点直接传入sink"] +N21["完整度"]-->N3116["异步跟踪能力"] +N3116["异步跟踪能力"]-->N4116["存储型异步"] +N4116["存储型异步"]-->N5116["污点通过db存储后触发"] +N4116["存储型异步"]-->N5117["污点通过session存储后触发"] +N4116["存储型异步"]-->N5118["污点通过缓存存储后触发"] +N5118["污点通过缓存存储后触发"]-->N6118["本地缓存"] +N5118["污点通过缓存存储后触发"]-->N6119["非本地缓存"] +N4116["存储型异步"]-->N5120["污点通过文件存储后触发"] +N5120["污点通过文件存储后触发"]-->N6120["本地文件"] +N3116["异步跟踪能力"]-->N4122["多线程异步"] +N4122["多线程异步"]-->N5122["污点的来源和触发在不同线程"] +N4122["多线程异步"]-->N5123["污点的来源和触发在不同线程,sink的触发由线程池中的线程触发"] +N21["完整度"]-->N3124["跨进城跟踪能力"] +N3124["跨进城跟踪能力"]-->N4124["http"] +N4124["http"]-->N5124["跨一层进程调用"] +N4124["http"]-->N5125["跨多层进程调用"] +N11["IAST引擎能力评估体系(JAVA)"]-->N2126["准确度"] +N2126["准确度"]-->N3126["污点对象跟踪粒度"] +N3126["污点对象跟踪粒度"]-->N4126["变量级别"] +N4126["变量级别"]-->N5126["sink点的值非外部可控,但与某个参数值相同"] +N3126["污点对象跟踪粒度"]-->N4127["字段/元素级别"] +N4127["字段/元素级别"]-->N5127["对象字段"] +N5127["对象字段"]-->N6127["单层简单对象部分字段为污点"] +N5127["对象字段"]-->N6128["多层复杂对象部分字段为污点"] +N6128["多层复杂对象部分字段为污点"]-->N7128["污点来自父类"] +N6128["多层复杂对象部分字段为污点"]-->N7129["污点来当前类字段"] +N6128["多层复杂对象部分字段为污点"]-->N7130["对象部分字段为污点,经过JDK序列化后再反序列化"] +N4127["字段/元素级别"]-->N5131["数组元素"] +N5131["数组元素"]-->N6131["单维数组中的部分元素为污点"] +N5131["数组元素"]-->N6132["多维数组中的部分元素为污点"] +N5131["数组元素"]-->N6133["部分元素为污点,经过JDK序列化后再反序列化"] +N4127["字段/元素级别"]-->N5134["集合元素"] +N5134["集合元素"]-->N6134["List中部分元素为污点"] +N5134["集合元素"]-->N6135["Map中部分元素为污点"] +N5134["集合元素"]-->N6136["Set中部分元素为污点"] +N5134["集合元素"]-->N6137["Queue中部分元素为污点"] +N5134["集合元素"]-->N6138["集合中部分元素为污点,经过JDK序列化后再反序列化"] +N3126["污点对象跟踪粒度"]-->N4140["字符串级别"] +N4140["字符串级别"]-->N5140["字符串部分存在污点"] +N5140["字符串部分存在污点"]-->N6140["截取非污点部分"] +N6140["截取非污点部分"]-->N7140["String操作"] +N7140["String操作"]-->N8140["replcace"] +N7140["String操作"]-->N8141["replcaceAll"] +N7140["String操作"]-->N8142["split"] +N7140["String操作"]-->N8143["subSequence"] +N7140["String操作"]-->N8144["substring"] +N7140["String操作"]-->N8145["trim"] +N6140["截取非污点部分"]-->N7146["StringBuilder操作"] +N7146["StringBuilder操作"]-->N8146["delete"] +N7146["StringBuilder操作"]-->N8147["deleteCharAt"] +N7146["StringBuilder操作"]-->N8148["getChars"] +N7146["StringBuilder操作"]-->N8149["replace"] +N7146["StringBuilder操作"]-->N8150["subSequence"] +N7146["StringBuilder操作"]-->N8151["substring"] +N6140["截取非污点部分"]-->N7152["char[]/byte[]操作"] +N7152["char[]/byte[]操作"]-->N8152["copyOfRange"] +N5140["字符串部分存在污点"]-->N6153["截取非污点部分后再拼接污点"] +N6153["截取非污点部分后再拼接污点"]-->N7153["String操作"] +N7153["String操作"]-->N8153["concat"] +N7153["String操作"]-->N8154["join"] +N7153["String操作"]-->N8155["replace"] +N7153["String操作"]-->N8156["replaceAll"] +N7153["String操作"]-->N8157["trim"] +N6153["截取非污点部分后再拼接污点"]-->N7158["StringBuilder操作"] +N7158["StringBuilder操作"]-->N8158["append"] +N7158["StringBuilder操作"]-->N8159["replace"] +N6153["截取非污点部分后再拼接污点"]-->N7160["char[]/byte[]操作"] +N7160["char[]/byte[]操作"]-->N8160["copyOfRange"] From 3df333e2aee0781fb43fbb4930680e90e53da961 Mon Sep 17 00:00:00 2001 From: "mengmeng.meng" Date: Fri, 26 Jan 2024 09:12:34 +0800 Subject: [PATCH 12/17] Update JAVA.md --- iast-java/src/main/resources/doc/JAVA.md | 376 ++++++++++++----------- 1 file changed, 190 insertions(+), 186 deletions(-) diff --git a/iast-java/src/main/resources/doc/JAVA.md b/iast-java/src/main/resources/doc/JAVA.md index 4679438e..e0b8e436 100644 --- a/iast-java/src/main/resources/doc/JAVA.md +++ b/iast-java/src/main/resources/doc/JAVA.md @@ -2,189 +2,193 @@ ```mermaid graph LR -N11["IAST引擎能力评估体系(JAVA)"]-->N21["完整度"] -N21["完整度"]-->N31["基础跟踪能力"] -N31["基础跟踪能力"]-->N41["污点对象完整度"] -N41["污点对象完整度"]-->N51["基础数据类型"] -N51["基础数据类型"]-->N61["int"] -N51["基础数据类型"]-->N62["char"] -N51["基础数据类型"]-->N63["byte"] -N51["基础数据类型"]-->N64["long"] -N41["污点对象完整度"]-->N55["引用类型"] -N55["引用类型"]-->N65["基本数据类型的封装类型"] -N65["基本数据类型的封装类型"]-->N75["Byte"] -N65["基本数据类型的封装类型"]-->N76["Integer"] -N65["基本数据类型的封装类型"]-->N77["Long"] -N65["基本数据类型的封装类型"]-->N78["Character"] -N41["污点对象完整度"]-->N59["字符串对象"] -N59["字符串对象"]-->N69["String"] -N41["污点对象完整度"]-->N512["自定义对象"] -N512["自定义对象"]-->N612["对象字段"] -N612["对象字段"]-->N712["单层字段(10)"] -N612["对象字段"]-->N713["单层字段(100)"] -N612["对象字段"]-->N714["多层字段(3)"] -N612["对象字段"]-->N715["多层字段(10)"] -N612["对象字段"]-->N716["污点来自父类"] -N41["污点对象完整度"]-->N517["数组(数组全为污点)"] -N517["数组(数组全为污点)"]-->N617["数组对象String[]"] -N517["数组(数组全为污点)"]-->N618["数组对象char[]"] -N517["数组(数组全为污点)"]-->N619["数组对象byte[]"] -N517["数组(数组全为污点)"]-->N620["单维数组对象的元素"] -N517["数组(数组全为污点)"]-->N621["多维数组对象的元素"] -N41["污点对象完整度"]-->N522["集合元素"] -N522["集合元素"]-->N622["Map元素"] -N522["集合元素"]-->N623["List元素"] -N522["集合元素"]-->N624["Queue元素"] -N522["集合元素"]-->N625["Set元素"] -N31["基础跟踪能力"]-->N426["污点链路完整度"] -N426["污点链路完整度"]-->N526["特殊链路跟踪能力"] -N526["特殊链路跟踪能力"]-->N626["超长链路追踪(100层)"] -N526["特殊链路跟踪能力"]-->N627["超长链路追踪(1000层)"] -N526["特殊链路跟踪能力"]-->N628["三方包方法跟踪"] -N526["特殊链路跟踪能力"]-->N629["反射调用方法跟踪"] -N526["特殊链路跟踪能力"]-->N630["调用native方法"] -N426["污点链路完整度"]-->N531["污点来源识别能力(source)"] -N531["污点来源识别能力(source)"]-->N631["污点来自http getQueryString"] -N531["污点来源识别能力(source)"]-->N632["污点来自http body"] -N632["污点来自http body"]-->N732["*json"] -N632["污点来自http body"]-->N733["*xml"] -N632["污点来自http body"]-->N734["multipart/form-data getPart"] -N632["污点来自http body"]-->N735["multipart/form-data getParts"] -N632["污点来自http body"]-->N736["form/url-encode getParameter"] -N632["污点来自http body"]-->N737["form/url-encode getParameterMap"] -N632["污点来自http body"]-->N738["form/url-encode getParameterValues"] -N632["污点来自http body"]-->N739["form/url-encode getParameterNames"] -N632["污点来自http body"]-->N740["getReader"] -N531["污点来源识别能力(source)"]-->N643["污点来自http pathVarlables"] -N531["污点来源识别能力(source)"]-->N644["污点来自http header getCookies"] -N531["污点来源识别能力(source)"]-->N645["污点来自http header getHeader"] -N531["污点来源识别能力(source)"]-->N646["污点来自http header getHeaders"] -N531["污点来源识别能力(source)"]-->N647["污点来自http header getHeaderNames"] -N426["污点链路完整度"]-->N562["污点传播跟踪能力"] -N562["污点传播跟踪能力"]-->N662["传播场景"] -N662["传播场景"]-->N762["String操作"] -N762["String操作"]-->N862["构造方法"] -N862["构造方法"]-->N962["String(String original)"] -N862["构造方法"]-->N9161["String(char value[])"] -N862["构造方法"]-->N9162["String(char value[], int offset, int count)"] -N862["构造方法"]-->N9163["String(int[] codePoints, int offset, int count)"] -N862["构造方法"]-->N9164["String(byte bytes[], int offset, int length, String charsetName)"] -N862["构造方法"]-->N9165["String(byte bytes[], int offset, int length, Charset charset)"] -N862["构造方法"]-->N9166["String(StringBuffer buffer)"] -N862["构造方法"]-->N9167["String(StringBuilder builder)"] -N762["String操作"]-->N863["conact"] -N762["String操作"]-->N864["copyValueOf"] -N762["String操作"]-->N865["format"] -N762["String操作"]-->N866["getBytes"] -N762["String操作"]-->N867["getChars"] -N762["String操作"]-->N868["intern"] -N762["String操作"]-->N869["join"] -N762["String操作"]-->N870["repeat"] -N762["String操作"]-->N871["replace"] -N762["String操作"]-->N872["replaceAll"] -N762["String操作"]-->N873["split"] -N762["String操作"]-->N874["strip"] -N762["String操作"]-->N875["subSequence"] -N762["String操作"]-->N876["substring"] -N762["String操作"]-->N877["toCharArray"] -N762["String操作"]-->N878["toLowerCase"] -N762["String操作"]-->N879["toString"] -N762["String操作"]-->N880["toUpperCase"] -N762["String操作"]-->N881["trim"] -N762["String操作"]-->N882["valueOf"] -N662["传播场景"]-->N783["StringBuilder操作"] -N783["StringBuilder操作"]-->N883["构造方法"] -N783["StringBuilder操作"]-->N884["append"] -N783["StringBuilder操作"]-->N886["delete"] -N783["StringBuilder操作"]-->N887["deleteCharAt"] -N783["StringBuilder操作"]-->N888["getChars"] -N783["StringBuilder操作"]-->N889["insert"] -N783["StringBuilder操作"]-->N890["replace"] -N783["StringBuilder操作"]-->N891["subSequence"] -N783["StringBuilder操作"]-->N892["subString"] -N783["StringBuilder操作"]-->N893["toString"] -N662["传播场景"]-->N794["char[],byte[]操作"] -N794["char[],byte[]操作"]-->N894["copyOf"] -N794["char[],byte[]操作"]-->N896["deepToString"] -N794["char[],byte[]操作"]-->N897["toString"] -N662["传播场景"]-->N795["char[],byte[]操作-"] -N795["char[],byte[]操作-"]-->N895["copyOfRange"] -N662["传播场景"]-->N799["JDK序列化与反序列化"] -N426["污点链路完整度"]-->N5105["污点无害化处理能力sanitizer"] -N5105["污点无害化处理能力sanitizer"]-->N6105["sanitizer方法特性支持"] -N6105["sanitizer方法特性支持"]-->N7105["污点直接赋值为硬编码值"] -N5105["污点无害化处理能力sanitizer"]-->N6106["sanitizer支持区分类型"] -N5105["污点无害化处理能力sanitizer"]-->N6107["触发sink后再执行sanitizer"] -N5105["污点无害化处理能力sanitizer"]-->N6108["支持自定义unSanitizer(再次污点化)"] -N426["污点链路完整度"]-->N5112["触发污点跟踪能力(sink)"] -N5112["触发污点跟踪能力(sink)"]-->N6112["单污点来源传播至多sink点"] -N5112["触发污点跟踪能力(sink)"]-->N6113["多污点来源传播至单sink点"] -N5112["触发污点跟踪能力(sink)"]-->N6115["无污点传播过程,污点直接传入sink"] -N21["完整度"]-->N3116["异步跟踪能力"] -N3116["异步跟踪能力"]-->N4116["存储型异步"] -N4116["存储型异步"]-->N5116["污点通过db存储后触发"] -N4116["存储型异步"]-->N5117["污点通过session存储后触发"] -N4116["存储型异步"]-->N5118["污点通过缓存存储后触发"] -N5118["污点通过缓存存储后触发"]-->N6118["本地缓存"] -N5118["污点通过缓存存储后触发"]-->N6119["非本地缓存"] -N4116["存储型异步"]-->N5120["污点通过文件存储后触发"] -N5120["污点通过文件存储后触发"]-->N6120["本地文件"] -N3116["异步跟踪能力"]-->N4122["多线程异步"] -N4122["多线程异步"]-->N5122["污点的来源和触发在不同线程"] -N4122["多线程异步"]-->N5123["污点的来源和触发在不同线程,sink的触发由线程池中的线程触发"] -N21["完整度"]-->N3124["跨进城跟踪能力"] -N3124["跨进城跟踪能力"]-->N4124["http"] -N4124["http"]-->N5124["跨一层进程调用"] -N4124["http"]-->N5125["跨多层进程调用"] -N11["IAST引擎能力评估体系(JAVA)"]-->N2126["准确度"] -N2126["准确度"]-->N3126["污点对象跟踪粒度"] -N3126["污点对象跟踪粒度"]-->N4126["变量级别"] -N4126["变量级别"]-->N5126["sink点的值非外部可控,但与某个参数值相同"] -N3126["污点对象跟踪粒度"]-->N4127["字段/元素级别"] -N4127["字段/元素级别"]-->N5127["对象字段"] -N5127["对象字段"]-->N6127["单层简单对象部分字段为污点"] -N5127["对象字段"]-->N6128["多层复杂对象部分字段为污点"] -N6128["多层复杂对象部分字段为污点"]-->N7128["污点来自父类"] -N6128["多层复杂对象部分字段为污点"]-->N7129["污点来当前类字段"] -N6128["多层复杂对象部分字段为污点"]-->N7130["对象部分字段为污点,经过JDK序列化后再反序列化"] -N4127["字段/元素级别"]-->N5131["数组元素"] -N5131["数组元素"]-->N6131["单维数组中的部分元素为污点"] -N5131["数组元素"]-->N6132["多维数组中的部分元素为污点"] -N5131["数组元素"]-->N6133["部分元素为污点,经过JDK序列化后再反序列化"] -N4127["字段/元素级别"]-->N5134["集合元素"] -N5134["集合元素"]-->N6134["List中部分元素为污点"] -N5134["集合元素"]-->N6135["Map中部分元素为污点"] -N5134["集合元素"]-->N6136["Set中部分元素为污点"] -N5134["集合元素"]-->N6137["Queue中部分元素为污点"] -N5134["集合元素"]-->N6138["集合中部分元素为污点,经过JDK序列化后再反序列化"] -N3126["污点对象跟踪粒度"]-->N4140["字符串级别"] -N4140["字符串级别"]-->N5140["字符串部分存在污点"] -N5140["字符串部分存在污点"]-->N6140["截取非污点部分"] -N6140["截取非污点部分"]-->N7140["String操作"] -N7140["String操作"]-->N8140["replcace"] -N7140["String操作"]-->N8141["replcaceAll"] -N7140["String操作"]-->N8142["split"] -N7140["String操作"]-->N8143["subSequence"] -N7140["String操作"]-->N8144["substring"] -N7140["String操作"]-->N8145["trim"] -N6140["截取非污点部分"]-->N7146["StringBuilder操作"] -N7146["StringBuilder操作"]-->N8146["delete"] -N7146["StringBuilder操作"]-->N8147["deleteCharAt"] -N7146["StringBuilder操作"]-->N8148["getChars"] -N7146["StringBuilder操作"]-->N8149["replace"] -N7146["StringBuilder操作"]-->N8150["subSequence"] -N7146["StringBuilder操作"]-->N8151["substring"] -N6140["截取非污点部分"]-->N7152["char[]/byte[]操作"] -N7152["char[]/byte[]操作"]-->N8152["copyOfRange"] -N5140["字符串部分存在污点"]-->N6153["截取非污点部分后再拼接污点"] -N6153["截取非污点部分后再拼接污点"]-->N7153["String操作"] -N7153["String操作"]-->N8153["concat"] -N7153["String操作"]-->N8154["join"] -N7153["String操作"]-->N8155["replace"] -N7153["String操作"]-->N8156["replaceAll"] -N7153["String操作"]-->N8157["trim"] -N6153["截取非污点部分后再拼接污点"]-->N7158["StringBuilder操作"] -N7158["StringBuilder操作"]-->N8158["append"] -N7158["StringBuilder操作"]-->N8159["replace"] -N6153["截取非污点部分后再拼接污点"]-->N7160["char[]/byte[]操作"] -N7160["char[]/byte[]操作"]-->N8160["copyOfRange"] +L51["字符串对象"]==>L61["String"] +L41["污点对象完整度"]==>L51["字符串对象"] +L52["基本数据类型及其封装类型"]==>L62["int"] +L52["基本数据类型及其封装类型"]==>L63["char"] +L52["基本数据类型及其封装类型"]==>L64["byte"] +L52["基本数据类型及其封装类型"]==>L65["long"] +L52["基本数据类型及其封装类型"]==>L610["Byte"] +L52["基本数据类型及其封装类型"]==>L611["Integer"] +L52["基本数据类型及其封装类型"]==>L612["Long"] +L52["基本数据类型及其封装类型"]==>L613["Character"] +L41["污点对象完整度"]==>L52["基本数据类型及其封装类型"] +L56["集合(集合对象全为污点)"]==>L66["Map元素"] +L56["集合(集合对象全为污点)"]==>L67["List元素"] +L56["集合(集合对象全为污点)"]==>L68["Queue元素"] +L56["集合(集合对象全为污点)"]==>L69["Set元素"] +L41["污点对象完整度"]==>L56["集合(集合对象全为污点)"] +L514["数组(数组对象全为污点)"]==>L614["数组对象String[]"] +L514["数组(数组对象全为污点)"]==>L615["数组对象char[]"] +L514["数组(数组对象全为污点)"]==>L616["数组对象byte[]"] +L514["数组(数组对象全为污点)"]==>L617["单维数组对象的元素"] +L514["数组(数组对象全为污点)"]==>L618["多维数组对象的元素"] +L41["污点对象完整度"]==>L514["数组(数组对象全为污点)"] +L719["单层字段"]==>L819["10"] +L719["单层字段"]==>L820["100"] +L619["对象字段"]==>L719["单层字段"] +L721["多层字段"]==>L821["3层"] +L721["多层字段"]==>L822["10层"] +L619["对象字段"]==>L721["多层字段"] +L619["对象字段"]==>L723["污点为父类字段"] +L519["自定义对象"]==>L619["对象字段"] +L41["污点对象完整度"]==>L519["自定义对象"] +L31["基础跟踪能力"]==>L41["污点对象完整度"] +L524["特殊链路跟踪能力"]==>L624["三方包方法跟踪"] +L625["超长链路追踪"]==>L725["100层"] +L625["超长链路追踪"]==>L726["1000层"] +L524["特殊链路跟踪能力"]==>L625["超长链路追踪"] +L524["特殊链路跟踪能力"]==>L627["反射调用方法跟踪"] +L524["特殊链路跟踪能力"]==>L628["调用native方法"] +L424["污点链路完整度"]==>L524["特殊链路跟踪能力"] +L529["污点来源识别能力(source)"]==>L629["污点来自http getQueryString"] +L630["污点来自http body"]==>L730["json"] +L630["污点来自http body"]==>L731["xml/getInputStream"] +L732["multipart/form-data"]==>L832["getPart"] +L732["multipart/form-data"]==>L833["getParts"] +L630["污点来自http body"]==>L732["multipart/form-data"] +L734["form/url-encode"]==>L834["getParameter"] +L734["form/url-encode"]==>L835["getParameterMap"] +L734["form/url-encode"]==>L836["getParameterValues"] +L734["form/url-encode"]==>L837["getParameterNames"] +L630["污点来自http body"]==>L734["form/url-encode"] +L630["污点来自http body"]==>L738["getReader"] +L529["污点来源识别能力(source)"]==>L630["污点来自http body"] +L529["污点来源识别能力(source)"]==>L639["污点来自http pathVarlables"] +L640["污点来自http header"]==>L740["getCookies"] +L640["污点来自http header"]==>L741["getHeader"] +L640["污点来自http header"]==>L742["getHeaders"] +L640["污点来自http header"]==>L743["getHeaderNames"] +L529["污点来源识别能力(source)"]==>L640["污点来自http header"] +L424["污点链路完整度"]==>L529["污点来源识别能力(source)"] +L844["构造方法"]==>L944["String(String original)"] +L844["构造方法"]==>L945["String(char value[])"] +L844["构造方法"]==>L946["String(char value[], int offset, int count)"] +L844["构造方法"]==>L947["String(int[] codePoints, int offset, int count)"] +L844["构造方法"]==>L948["String(byte bytes[], int offset, int length, String charsetName)"] +L844["构造方法"]==>L949["String(byte bytes[], int offset, int length, Charset charset)"] +L844["构造方法"]==>L950["String(StringBuffer buffer)"] +L844["构造方法"]==>L951["String(StringBuilder builder)"] +L744["String操作"]==>L844["构造方法"] +L744["String操作"]==>L852["conact"] +L744["String操作"]==>L853["copyValueOf"] +L744["String操作"]==>L854["format"] +L744["String操作"]==>L855["getBytes"] +L744["String操作"]==>L856["getChars"] +L744["String操作"]==>L857["intern"] +L744["String操作"]==>L858["join"] +L744["String操作"]==>L859["replace"] +L744["String操作"]==>L860["replaceAll"] +L744["String操作"]==>L861["split"] +L744["String操作"]==>L862["subSequence"] +L744["String操作"]==>L863["substring"] +L744["String操作"]==>L864["toCharArray"] +L744["String操作"]==>L865["toLowerCase"] +L744["String操作"]==>L866["toString"] +L744["String操作"]==>L867["toUpperCase"] +L744["String操作"]==>L868["trim"] +L744["String操作"]==>L869["valueOf"] +L644["传播场景"]==>L744["String操作"] +L770["StringBuilder操作"]==>L870["构造方法"] +L770["StringBuilder操作"]==>L871["append"] +L770["StringBuilder操作"]==>L872["delete"] +L770["StringBuilder操作"]==>L873["deleteCharAt"] +L770["StringBuilder操作"]==>L874["getChars"] +L770["StringBuilder操作"]==>L875["insert"] +L770["StringBuilder操作"]==>L876["replace"] +L770["StringBuilder操作"]==>L877["subSequence"] +L770["StringBuilder操作"]==>L878["subString"] +L770["StringBuilder操作"]==>L879["toString"] +L644["传播场景"]==>L770["StringBuilder操作"] +L780["char[],byte[]操作"]==>L880["copyOf"] +L780["char[],byte[]操作"]==>L881["copyOfRange"] +L780["char[],byte[]操作"]==>L882["deepToString"] +L780["char[],byte[]操作"]==>L883["toString"] +L644["传播场景"]==>L780["char[],byte[]操作"] +L644["传播场景"]==>L784["JDK序列化与反序列化"] +L544["污点传播跟踪能力"]==>L644["传播场景"] +L424["污点链路完整度"]==>L544["污点传播跟踪能力"] +L585["污点无害化处理能力(sanitizer)"]==>L685["污点直接赋值为硬编码值"] +L585["污点无害化处理能力(sanitizer)"]==>L686["sanitizer支持区分类型"] +L585["污点无害化处理能力(sanitizer)"]==>L687["触发sink后再执行sanitizer"] +L585["污点无害化处理能力(sanitizer)"]==>L688["支持自定义unSanitizer(再次污点化)"] +L424["污点链路完整度"]==>L585["污点无害化处理能力(sanitizer)"] +L589["触发污点跟踪能力(sink)"]==>L689["单污点来源传播至多sink点"] +L589["触发污点跟踪能力(sink)"]==>L690["多污点来源传播至单sink点"] +L589["触发污点跟踪能力(sink)"]==>L691["无污点传播过程,污点直接传入sink"] +L424["污点链路完整度"]==>L589["触发污点跟踪能力(sink)"] +L31["基础跟踪能力"]==>L424["污点链路完整度"] +L21["完整度"]==>L31["基础跟踪能力"] +L492["存储型异步"]==>L592["污点通过db存储后触发"] +L492["存储型异步"]==>L593["污点通过session存储后触发"] +L594["污点通过缓存存储后触发"]==>L694["本地缓存"] +L594["污点通过缓存存储后触发"]==>L695["非本地缓存"] +L492["存储型异步"]==>L594["污点通过缓存存储后触发"] +L596["污点通过文件存储后触发"]==>L696["本地文件"] +L492["存储型异步"]==>L596["污点通过文件存储后触发"] +L392["异步跟踪能力"]==>L492["存储型异步"] +L497["多线程异步"]==>L597["污点的来源和触发在不同线程"] +L497["多线程异步"]==>L598["污点的来源和触发在不同线程,sink的触发由线程池中的线程触发"] +L392["异步跟踪能力"]==>L497["多线程异步"] +L21["完整度"]==>L392["异步跟踪能力"] +L599["http"]==>L699["跨一层进程调用"] +L599["http"]==>L6100["跨多层进程调用"] +L499["调用方式"]==>L599["http"] +L5101["rpc(至少支持一种框架:Sofa/SpringCloud/Dubbo/gRpc/HSF)"]==>L6101["跨一层进程间调用(暂无实现)"] +L5101["rpc(至少支持一种框架:Sofa/SpringCloud/Dubbo/gRpc/HSF)"]==>L6102["跨多层进程间调用(暂无实现)"] +L499["调用方式"]==>L5101["rpc(至少支持一种框架:Sofa/SpringCloud/Dubbo/gRpc/HSF)"] +L399["跨进程跟踪能力"]==>L499["调用方式"] +L21["完整度"]==>L399["跨进程跟踪能力"] +L11["IAST引擎能力评估体系(JAVA)"]==>L21["完整度"] +L4103["变量级别"]==>L5103["sink点的值非外部可控,但与某个参数值相同"] +L3103["污点对象跟踪粒度"]==>L4103["变量级别"] +L5104["部分字段对象为污点"]==>L6104["单层简单对象部分字段为污点"] +L6105["多层复杂对象部分字段为污点"]==>L7105["污点来自父类"] +L6105["多层复杂对象部分字段为污点"]==>L7106["污点来当前类字段"] +L5104["部分字段对象为污点"]==>L6105["多层复杂对象部分字段为污点"] +L5104["部分字段对象为污点"]==>L6136["对象部分字段为污点,经过JDK序列化后再反序列化"] +L4104["字段/元素级别"]==>L5104["部分字段对象为污点"] +L5107["部分数据元素为污点"]==>L6107["单维数组中的部分元素为污点"] +L5107["部分数据元素为污点"]==>L6108["多维数组中的部分元素为污点"] +L5107["部分数据元素为污点"]==>L6109["部分元素为污点,经过JDK序列化后再反序列化"] +L4104["字段/元素级别"]==>L5107["部分数据元素为污点"] +L5110["部分集合元素为污点"]==>L6110["List中部分元素为污点"] +L5110["部分集合元素为污点"]==>L6111["Map中部分元素为污点"] +L5110["部分集合元素为污点"]==>L6112["Set中部分元素为污点"] +L5110["部分集合元素为污点"]==>L6113["Queue中部分元素为污点"] +L5110["部分集合元素为污点"]==>L6114["集合中部分元素为污点,经过JDK序列化后再反序列化"] +L4104["字段/元素级别"]==>L5110["部分集合元素为污点"] +L3103["污点对象跟踪粒度"]==>L4104["字段/元素级别"] +L7115["String操作"]==>L8115["replcace"] +L7115["String操作"]==>L8116["replcaceAll"] +L7115["String操作"]==>L8117["split"] +L7115["String操作"]==>L8118["subSequence"] +L7115["String操作"]==>L8119["substring"] +L7115["String操作"]==>L8120["trim"] +L6115["截取非污点部分"]==>L7115["String操作"] +L7121["StringBuilder操作"]==>L8121["delete"] +L7121["StringBuilder操作"]==>L8122["deleteCharAt"] +L7121["StringBuilder操作"]==>L8123["getChars"] +L7121["StringBuilder操作"]==>L8124["replace"] +L7121["StringBuilder操作"]==>L8125["subSequence"] +L7121["StringBuilder操作"]==>L8126["substring"] +L6115["截取非污点部分"]==>L7121["StringBuilder操作"] +L7127["char[]/byte[]操作"]==>L8127["copyOfRange"] +L6115["截取非污点部分"]==>L7127["char[]/byte[]操作"] +L5115["字符串部分存在污点"]==>L6115["截取非污点部分"] +L7128["String操作"]==>L8128["concat"] +L7128["String操作"]==>L8129["join"] +L7128["String操作"]==>L8130["replace"] +L7128["String操作"]==>L8131["replaceAll"] +L7128["String操作"]==>L8132["trim"] +L6128["截取非污点部分后再拼接污点"]==>L7128["String操作"] +L7133["StringBuilder操作"]==>L8133["append"] +L7133["StringBuilder操作"]==>L8134["replace"] +L6128["截取非污点部分后再拼接污点"]==>L7133["StringBuilder操作"] +L7135["char[]/byte[]操作"]==>L8135["copyOfRange"] +L6128["截取非污点部分后再拼接污点"]==>L7135["char[]/byte[]操作"] +L5115["字符串部分存在污点"]==>L6128["截取非污点部分后再拼接污点"] +L4115["字符串级别"]==>L5115["字符串部分存在污点"] +L3103["污点对象跟踪粒度"]==>L4115["字符串级别"] +L2103["准确度"]==>L3103["污点对象跟踪粒度"] +L11["IAST引擎能力评估体系(JAVA)"]==>L2103["准确度"] From decde7b98144443a22047b66f8915e9a30af8d82 Mon Sep 17 00:00:00 2001 From: "mengmeng.meng" Date: Fri, 26 Jan 2024 09:22:46 +0800 Subject: [PATCH 13/17] Update JAVA.md --- iast-java/src/main/resources/doc/JAVA.md | 382 ++++++++++++----------- 1 file changed, 192 insertions(+), 190 deletions(-) diff --git a/iast-java/src/main/resources/doc/JAVA.md b/iast-java/src/main/resources/doc/JAVA.md index e0b8e436..6ecd64f3 100644 --- a/iast-java/src/main/resources/doc/JAVA.md +++ b/iast-java/src/main/resources/doc/JAVA.md @@ -2,193 +2,195 @@ ```mermaid graph LR -L51["字符串对象"]==>L61["String"] -L41["污点对象完整度"]==>L51["字符串对象"] -L52["基本数据类型及其封装类型"]==>L62["int"] -L52["基本数据类型及其封装类型"]==>L63["char"] -L52["基本数据类型及其封装类型"]==>L64["byte"] -L52["基本数据类型及其封装类型"]==>L65["long"] -L52["基本数据类型及其封装类型"]==>L610["Byte"] -L52["基本数据类型及其封装类型"]==>L611["Integer"] -L52["基本数据类型及其封装类型"]==>L612["Long"] -L52["基本数据类型及其封装类型"]==>L613["Character"] -L41["污点对象完整度"]==>L52["基本数据类型及其封装类型"] -L56["集合(集合对象全为污点)"]==>L66["Map元素"] -L56["集合(集合对象全为污点)"]==>L67["List元素"] -L56["集合(集合对象全为污点)"]==>L68["Queue元素"] -L56["集合(集合对象全为污点)"]==>L69["Set元素"] -L41["污点对象完整度"]==>L56["集合(集合对象全为污点)"] -L514["数组(数组对象全为污点)"]==>L614["数组对象String[]"] -L514["数组(数组对象全为污点)"]==>L615["数组对象char[]"] -L514["数组(数组对象全为污点)"]==>L616["数组对象byte[]"] -L514["数组(数组对象全为污点)"]==>L617["单维数组对象的元素"] -L514["数组(数组对象全为污点)"]==>L618["多维数组对象的元素"] -L41["污点对象完整度"]==>L514["数组(数组对象全为污点)"] -L719["单层字段"]==>L819["10"] -L719["单层字段"]==>L820["100"] -L619["对象字段"]==>L719["单层字段"] -L721["多层字段"]==>L821["3层"] -L721["多层字段"]==>L822["10层"] -L619["对象字段"]==>L721["多层字段"] -L619["对象字段"]==>L723["污点为父类字段"] -L519["自定义对象"]==>L619["对象字段"] -L41["污点对象完整度"]==>L519["自定义对象"] -L31["基础跟踪能力"]==>L41["污点对象完整度"] -L524["特殊链路跟踪能力"]==>L624["三方包方法跟踪"] -L625["超长链路追踪"]==>L725["100层"] -L625["超长链路追踪"]==>L726["1000层"] -L524["特殊链路跟踪能力"]==>L625["超长链路追踪"] -L524["特殊链路跟踪能力"]==>L627["反射调用方法跟踪"] -L524["特殊链路跟踪能力"]==>L628["调用native方法"] -L424["污点链路完整度"]==>L524["特殊链路跟踪能力"] -L529["污点来源识别能力(source)"]==>L629["污点来自http getQueryString"] -L630["污点来自http body"]==>L730["json"] -L630["污点来自http body"]==>L731["xml/getInputStream"] -L732["multipart/form-data"]==>L832["getPart"] -L732["multipart/form-data"]==>L833["getParts"] -L630["污点来自http body"]==>L732["multipart/form-data"] -L734["form/url-encode"]==>L834["getParameter"] -L734["form/url-encode"]==>L835["getParameterMap"] -L734["form/url-encode"]==>L836["getParameterValues"] -L734["form/url-encode"]==>L837["getParameterNames"] -L630["污点来自http body"]==>L734["form/url-encode"] -L630["污点来自http body"]==>L738["getReader"] -L529["污点来源识别能力(source)"]==>L630["污点来自http body"] -L529["污点来源识别能力(source)"]==>L639["污点来自http pathVarlables"] -L640["污点来自http header"]==>L740["getCookies"] -L640["污点来自http header"]==>L741["getHeader"] -L640["污点来自http header"]==>L742["getHeaders"] -L640["污点来自http header"]==>L743["getHeaderNames"] -L529["污点来源识别能力(source)"]==>L640["污点来自http header"] -L424["污点链路完整度"]==>L529["污点来源识别能力(source)"] -L844["构造方法"]==>L944["String(String original)"] -L844["构造方法"]==>L945["String(char value[])"] -L844["构造方法"]==>L946["String(char value[], int offset, int count)"] -L844["构造方法"]==>L947["String(int[] codePoints, int offset, int count)"] -L844["构造方法"]==>L948["String(byte bytes[], int offset, int length, String charsetName)"] -L844["构造方法"]==>L949["String(byte bytes[], int offset, int length, Charset charset)"] -L844["构造方法"]==>L950["String(StringBuffer buffer)"] -L844["构造方法"]==>L951["String(StringBuilder builder)"] -L744["String操作"]==>L844["构造方法"] -L744["String操作"]==>L852["conact"] -L744["String操作"]==>L853["copyValueOf"] -L744["String操作"]==>L854["format"] -L744["String操作"]==>L855["getBytes"] -L744["String操作"]==>L856["getChars"] -L744["String操作"]==>L857["intern"] -L744["String操作"]==>L858["join"] -L744["String操作"]==>L859["replace"] -L744["String操作"]==>L860["replaceAll"] -L744["String操作"]==>L861["split"] -L744["String操作"]==>L862["subSequence"] -L744["String操作"]==>L863["substring"] -L744["String操作"]==>L864["toCharArray"] -L744["String操作"]==>L865["toLowerCase"] -L744["String操作"]==>L866["toString"] -L744["String操作"]==>L867["toUpperCase"] -L744["String操作"]==>L868["trim"] -L744["String操作"]==>L869["valueOf"] -L644["传播场景"]==>L744["String操作"] -L770["StringBuilder操作"]==>L870["构造方法"] -L770["StringBuilder操作"]==>L871["append"] -L770["StringBuilder操作"]==>L872["delete"] -L770["StringBuilder操作"]==>L873["deleteCharAt"] -L770["StringBuilder操作"]==>L874["getChars"] -L770["StringBuilder操作"]==>L875["insert"] -L770["StringBuilder操作"]==>L876["replace"] -L770["StringBuilder操作"]==>L877["subSequence"] -L770["StringBuilder操作"]==>L878["subString"] -L770["StringBuilder操作"]==>L879["toString"] -L644["传播场景"]==>L770["StringBuilder操作"] -L780["char[],byte[]操作"]==>L880["copyOf"] -L780["char[],byte[]操作"]==>L881["copyOfRange"] -L780["char[],byte[]操作"]==>L882["deepToString"] -L780["char[],byte[]操作"]==>L883["toString"] -L644["传播场景"]==>L780["char[],byte[]操作"] -L644["传播场景"]==>L784["JDK序列化与反序列化"] -L544["污点传播跟踪能力"]==>L644["传播场景"] -L424["污点链路完整度"]==>L544["污点传播跟踪能力"] -L585["污点无害化处理能力(sanitizer)"]==>L685["污点直接赋值为硬编码值"] -L585["污点无害化处理能力(sanitizer)"]==>L686["sanitizer支持区分类型"] -L585["污点无害化处理能力(sanitizer)"]==>L687["触发sink后再执行sanitizer"] -L585["污点无害化处理能力(sanitizer)"]==>L688["支持自定义unSanitizer(再次污点化)"] -L424["污点链路完整度"]==>L585["污点无害化处理能力(sanitizer)"] -L589["触发污点跟踪能力(sink)"]==>L689["单污点来源传播至多sink点"] -L589["触发污点跟踪能力(sink)"]==>L690["多污点来源传播至单sink点"] -L589["触发污点跟踪能力(sink)"]==>L691["无污点传播过程,污点直接传入sink"] -L424["污点链路完整度"]==>L589["触发污点跟踪能力(sink)"] -L31["基础跟踪能力"]==>L424["污点链路完整度"] -L21["完整度"]==>L31["基础跟踪能力"] -L492["存储型异步"]==>L592["污点通过db存储后触发"] -L492["存储型异步"]==>L593["污点通过session存储后触发"] -L594["污点通过缓存存储后触发"]==>L694["本地缓存"] -L594["污点通过缓存存储后触发"]==>L695["非本地缓存"] -L492["存储型异步"]==>L594["污点通过缓存存储后触发"] -L596["污点通过文件存储后触发"]==>L696["本地文件"] -L492["存储型异步"]==>L596["污点通过文件存储后触发"] -L392["异步跟踪能力"]==>L492["存储型异步"] -L497["多线程异步"]==>L597["污点的来源和触发在不同线程"] -L497["多线程异步"]==>L598["污点的来源和触发在不同线程,sink的触发由线程池中的线程触发"] -L392["异步跟踪能力"]==>L497["多线程异步"] -L21["完整度"]==>L392["异步跟踪能力"] -L599["http"]==>L699["跨一层进程调用"] -L599["http"]==>L6100["跨多层进程调用"] -L499["调用方式"]==>L599["http"] -L5101["rpc(至少支持一种框架:Sofa/SpringCloud/Dubbo/gRpc/HSF)"]==>L6101["跨一层进程间调用(暂无实现)"] -L5101["rpc(至少支持一种框架:Sofa/SpringCloud/Dubbo/gRpc/HSF)"]==>L6102["跨多层进程间调用(暂无实现)"] -L499["调用方式"]==>L5101["rpc(至少支持一种框架:Sofa/SpringCloud/Dubbo/gRpc/HSF)"] -L399["跨进程跟踪能力"]==>L499["调用方式"] -L21["完整度"]==>L399["跨进程跟踪能力"] -L11["IAST引擎能力评估体系(JAVA)"]==>L21["完整度"] -L4103["变量级别"]==>L5103["sink点的值非外部可控,但与某个参数值相同"] -L3103["污点对象跟踪粒度"]==>L4103["变量级别"] -L5104["部分字段对象为污点"]==>L6104["单层简单对象部分字段为污点"] -L6105["多层复杂对象部分字段为污点"]==>L7105["污点来自父类"] -L6105["多层复杂对象部分字段为污点"]==>L7106["污点来当前类字段"] -L5104["部分字段对象为污点"]==>L6105["多层复杂对象部分字段为污点"] -L5104["部分字段对象为污点"]==>L6136["对象部分字段为污点,经过JDK序列化后再反序列化"] -L4104["字段/元素级别"]==>L5104["部分字段对象为污点"] -L5107["部分数据元素为污点"]==>L6107["单维数组中的部分元素为污点"] -L5107["部分数据元素为污点"]==>L6108["多维数组中的部分元素为污点"] -L5107["部分数据元素为污点"]==>L6109["部分元素为污点,经过JDK序列化后再反序列化"] -L4104["字段/元素级别"]==>L5107["部分数据元素为污点"] -L5110["部分集合元素为污点"]==>L6110["List中部分元素为污点"] -L5110["部分集合元素为污点"]==>L6111["Map中部分元素为污点"] -L5110["部分集合元素为污点"]==>L6112["Set中部分元素为污点"] -L5110["部分集合元素为污点"]==>L6113["Queue中部分元素为污点"] -L5110["部分集合元素为污点"]==>L6114["集合中部分元素为污点,经过JDK序列化后再反序列化"] -L4104["字段/元素级别"]==>L5110["部分集合元素为污点"] -L3103["污点对象跟踪粒度"]==>L4104["字段/元素级别"] -L7115["String操作"]==>L8115["replcace"] -L7115["String操作"]==>L8116["replcaceAll"] -L7115["String操作"]==>L8117["split"] -L7115["String操作"]==>L8118["subSequence"] -L7115["String操作"]==>L8119["substring"] -L7115["String操作"]==>L8120["trim"] -L6115["截取非污点部分"]==>L7115["String操作"] -L7121["StringBuilder操作"]==>L8121["delete"] -L7121["StringBuilder操作"]==>L8122["deleteCharAt"] -L7121["StringBuilder操作"]==>L8123["getChars"] -L7121["StringBuilder操作"]==>L8124["replace"] -L7121["StringBuilder操作"]==>L8125["subSequence"] -L7121["StringBuilder操作"]==>L8126["substring"] -L6115["截取非污点部分"]==>L7121["StringBuilder操作"] -L7127["char[]/byte[]操作"]==>L8127["copyOfRange"] -L6115["截取非污点部分"]==>L7127["char[]/byte[]操作"] -L5115["字符串部分存在污点"]==>L6115["截取非污点部分"] -L7128["String操作"]==>L8128["concat"] -L7128["String操作"]==>L8129["join"] -L7128["String操作"]==>L8130["replace"] -L7128["String操作"]==>L8131["replaceAll"] -L7128["String操作"]==>L8132["trim"] -L6128["截取非污点部分后再拼接污点"]==>L7128["String操作"] -L7133["StringBuilder操作"]==>L8133["append"] -L7133["StringBuilder操作"]==>L8134["replace"] -L6128["截取非污点部分后再拼接污点"]==>L7133["StringBuilder操作"] -L7135["char[]/byte[]操作"]==>L8135["copyOfRange"] -L6128["截取非污点部分后再拼接污点"]==>L7135["char[]/byte[]操作"] -L5115["字符串部分存在污点"]==>L6128["截取非污点部分后再拼接污点"] -L4115["字符串级别"]==>L5115["字符串部分存在污点"] -L3103["污点对象跟踪粒度"]==>L4115["字符串级别"] -L2103["准确度"]==>L3103["污点对象跟踪粒度"] -L11["IAST引擎能力评估体系(JAVA)"]==>L2103["准确度"] +L1H1["IAST引擎能力评估体系(JAVA)"]==>L2H1["完整度"] +L2H1["完整度"]==>L3H1["基础跟踪能力"] +L3H1["基础跟踪能力"]==>L4H1["污点对象完整度"] +L4H1["污点对象完整度"]==>L5H1["字符串对象"] +L5H1["字符串对象"]==>aTaintCase99001["String"] +L4H1["污点对象完整度"]==>L5H2["基本数据类型及其封装类型"] +L5H2["基本数据类型及其封装类型"]==>aTaintCase001["int"] +L5H2["基本数据类型及其封装类型"]==>aTaintCase002["char"] +L5H2["基本数据类型及其封装类型"]==>aTaintCase003["byte"] +L5H2["基本数据类型及其封装类型"]==>aTaintCase004["long"] +L5H2["基本数据类型及其封装类型"]==>aTaintCase009["Byte"] +L5H2["基本数据类型及其封装类型"]==>aTaintCase0010["Integer"] +L5H2["基本数据类型及其封装类型"]==>aTaintCase0011["Long"] +L5H2["基本数据类型及其封装类型"]==>aTaintCase0012["Character"] +L4H1["污点对象完整度"]==>L5H6["集合(集合对象全为污点)"] +L5H6["集合(集合对象全为污点)"]==>aTaintCase005["Map元素"] +L5H6["集合(集合对象全为污点)"]==>aTaintCase006["List元素"] +L5H6["集合(集合对象全为污点)"]==>aTaintCase007["Queue元素"] +L5H6["集合(集合对象全为污点)"]==>aTaintCase008["Set元素"] +L4H1["污点对象完整度"]==>L5H14["数组(数组对象全为污点)"] +L5H14["数组(数组对象全为污点)"]==>aTaintCase0013["数组对象String[]"] +L5H14["数组(数组对象全为污点)"]==>aTaintCase0014["数组对象char[]"] +L5H14["数组(数组对象全为污点)"]==>aTaintCase0015["数组对象byte[]"] +L5H14["数组(数组对象全为污点)"]==>aTaintCase0016["单维数组对象的元素"] +L5H14["数组(数组对象全为污点)"]==>aTaintCase00926["多维数组对象的元素"] +L4H1["污点对象完整度"]==>L5H19["自定义对象"] +L5H19["自定义对象"]==>L6H19["对象字段"] +L6H19["对象字段"]==>L7H19["单层字段"] +L7H19["单层字段"]==>aTaintCase00921["10"] +L7H19["单层字段"]==>aTaintCase00922["100"] +L6H19["对象字段"]==>L7H21["多层字段"] +L7H21["多层字段"]==>aTaintCase00923["3层"] +L7H21["多层字段"]==>aTaintCase00924["10层"] +L6H19["对象字段"]==>aTaintCase00925["污点为父类字段"] +L3H1["基础跟踪能力"]==>L4H24["污点链路完整度"] +L4H24["污点链路完整度"]==>L5H24["特殊链路跟踪能力"] +L5H24["特殊链路跟踪能力"]==>aTaintCase0022["三方包方法跟踪"] +L5H24["特殊链路跟踪能力"]==>L6H25["超长链路追踪"] +L6H25["超长链路追踪"]==>aTaintCase0023["100层"] +L6H25["超长链路追踪"]==>aTaintCase00931["1000层"] +L5H24["特殊链路跟踪能力"]==>aTaintCase0024["反射调用方法跟踪"] +L5H24["特殊链路跟踪能力"]==>aTaintCase0025["调用native方法"] +L4H24["污点链路完整度"]==>L5H29["污点来源识别能力(source)"] +L5H29["污点来源识别能力(source)"]==>aTaintCase0027["污点来自http getQueryString"] +L5H29["污点来源识别能力(source)"]==>L6H30["污点来自http body"] +L6H30["污点来自http body"]==>L7H30["json"] +L6H30["污点来自http body"]==>aTaintCase0034["xml/getInputStream"] +L6H30["污点来自http body"]==>L7H32["multipart/form-data"] +L7H32["multipart/form-data"]==>aTaintCase0035["getPart"] +L7H32["multipart/form-data"]==>aTaintCase0036["getParts"] +L6H30["污点来自http body"]==>L7H34["form/url-encode"] +L7H34["form/url-encode"]==>aTaintCase0037["getParameter"] +L7H34["form/url-encode"]==>aTaintCase0038["getParameterMap"] +L7H34["form/url-encode"]==>aTaintCase0039["getParameterValues"] +L7H34["form/url-encode"]==>aTaintCase0040["getParameterNames"] +L6H30["污点来自http body"]==>aTaintCase0041["getReader"] +L5H29["污点来源识别能力(source)"]==>aTaintCase0044["污点来自http pathVarlables"] +L5H29["污点来源识别能力(source)"]==>L6H40["污点来自http header"] +L6H40["污点来自http header"]==>aTaintCase0045["getCookies"] +L6H40["污点来自http header"]==>aTaintCase0046["getHeader"] +L6H40["污点来自http header"]==>aTaintCase0047["getHeaders"] +L6H40["污点来自http header"]==>aTaintCase00139["getHeaderNames"] +L4H24["污点链路完整度"]==>L5H44["污点传播跟踪能力"] +L5H44["污点传播跟踪能力"]==>L6H44["传播场景"] +L6H44["传播场景"]==>L7H44["String操作"] +L7H44["String操作"]==>L8H44["构造方法"] +L8H44["构造方法"]==>aTaintCase0062["String(String original)"] +L8H44["构造方法"]==>aTaintCase00143["String(char value[])"] +L8H44["构造方法"]==>aTaintCase00144["String(char value[], int offset, int count)"] +L8H44["构造方法"]==>aTaintCase00145["String(int[] codePoints, int offset, int count)"] +L8H44["构造方法"]==>aTaintCase00146["String(byte bytes[], int offset, int length, String charsetName)"] +L8H44["构造方法"]==>aTaintCase00147["String(byte bytes[], int offset, int length, Charset charset)"] +L8H44["构造方法"]==>aTaintCase00148["String(StringBuffer buffer)"] +L8H44["构造方法"]==>aTaintCase00149["String(StringBuilder builder)"] +L7H44["String操作"]==>aTaintCase0063["conact"] +L7H44["String操作"]==>aTaintCase0064["copyValueOf"] +L7H44["String操作"]==>aTaintCase0065["format"] +L7H44["String操作"]==>aTaintCase0066["getBytes"] +L7H44["String操作"]==>aTaintCase0067["getChars"] +L7H44["String操作"]==>aTaintCase0068["intern"] +L7H44["String操作"]==>aTaintCase0069["join"] +L7H44["String操作"]==>aTaintCase0071["replace"] +L7H44["String操作"]==>aTaintCase00140["replaceAll"] +L7H44["String操作"]==>aTaintCase0072["split"] +L7H44["String操作"]==>aTaintCase0074["subSequence"] +L7H44["String操作"]==>aTaintCase0075["substring"] +L7H44["String操作"]==>aTaintCase0076["toCharArray"] +L7H44["String操作"]==>aTaintCase0077["toLowerCase"] +L7H44["String操作"]==>aTaintCase0078["toString"] +L7H44["String操作"]==>aTaintCase0079["toUpperCase"] +L7H44["String操作"]==>aTaintCase0080["trim"] +L7H44["String操作"]==>aTaintCase0081["valueOf"] +L6H44["传播场景"]==>L7H70["StringBuilder操作"] +L7H70["StringBuilder操作"]==>aTaintCase0082["构造方法"] +L7H70["StringBuilder操作"]==>aTaintCase0083["append"] +L7H70["StringBuilder操作"]==>aTaintCase0085["delete"] +L7H70["StringBuilder操作"]==>aTaintCase0086["deleteCharAt"] +L7H70["StringBuilder操作"]==>aTaintCase0087["getChars"] +L7H70["StringBuilder操作"]==>aTaintCase0088["insert"] +L7H70["StringBuilder操作"]==>aTaintCase0089["replace"] +L7H70["StringBuilder操作"]==>aTaintCase0090["subSequence"] +L7H70["StringBuilder操作"]==>aTaintCase0091["subString"] +L7H70["StringBuilder操作"]==>aTaintCase0092["toString"] +L6H44["传播场景"]==>L7H80["char[],byte[]操作"] +L7H80["char[],byte[]操作"]==>aTaintCase0093["copyOf"] +L7H80["char[],byte[]操作"]==>aTaintCase0094["copyOfRange"] +L7H80["char[],byte[]操作"]==>aTaintCase0095["deepToString"] +L7H80["char[],byte[]操作"]==>aTaintCase0096["toString"] +L6H44["传播场景"]==>aTaintCase00932["JDK序列化与反序列化"] +L4H24["污点链路完整度"]==>L5H85["污点无害化处理能力(sanitizer)"] +L5H85["污点无害化处理能力(sanitizer)"]==>aTaintCase00141["污点直接赋值为硬编码值"] +L5H85["污点无害化处理能力(sanitizer)"]==>aTaintCase00103["sanitizer支持区分类型"] +L5H85["污点无害化处理能力(sanitizer)"]==>aTaintCase00104["触发sink后再执行sanitizer"] +L5H85["污点无害化处理能力(sanitizer)"]==>aTaintCase00105["支持自定义unSanitizer(再次污点化)"] +L4H24["污点链路完整度"]==>L5H89["触发污点跟踪能力(sink)"] +L5H89["触发污点跟踪能力(sink)"]==>aTaintCase00109["单污点来源传播至多sink点"] +L5H89["触发污点跟踪能力(sink)"]==>aTaintCase00110["多污点来源传播至单sink点"] +L5H89["触发污点跟踪能力(sink)"]==>aTaintCase00112["无污点传播过程,污点直接传入sink"] +L2H1["完整度"]==>L3H92["异步跟踪能力"] +L3H92["异步跟踪能力"]==>L4H92["存储型异步"] +L4H92["存储型异步"]==>aTaintCase00113["污点通过db存储后触发"] +L4H92["存储型异步"]==>aTaintCase00114["污点通过session存储后触发"] +L4H92["存储型异步"]==>L5H94["污点通过缓存存储后触发"] +L5H94["污点通过缓存存储后触发"]==>aTaintCase00115["本地缓存"] +L5H94["污点通过缓存存储后触发"]==>aTaintCase00138["非本地缓存"] +L4H92["存储型异步"]==>L5H96["污点通过文件存储后触发"] +L5H96["污点通过文件存储后触发"]==>aTaintCase00116["本地文件"] +L3H92["异步跟踪能力"]==>L4H97["多线程异步"] +L4H97["多线程异步"]==>aTaintCase00119["污点的来源和触发在不同线程"] +L4H97["多线程异步"]==>aTaintCase00120["污点的来源和触发在不同线程,sink的触发由线程池中的线程触发"] +L2H1["完整度"]==>L3H99["跨进程跟踪能力"] +L3H99["跨进程跟踪能力"]==>L4H99["调用方式"] +L4H99["调用方式"]==>L5H99["http"] +L5H99["http"]==>aTaintCase00123["跨一层进程调用"] +L5H99["http"]==>aTaintCase00124["跨多层进程调用"] +L4H99["调用方式"]==>L5H101["rpc(至少支持一种框架:Sofa/SpringCloud/Dubbo/gRpc/HSF)"] +L5H101["rpc(至少支持一种框架:Sofa/SpringCloud/Dubbo/gRpc/HSF)"]==>aTaintCase001241["跨一层进程间调用(暂无实现)"] +L5H101["rpc(至少支持一种框架:Sofa/SpringCloud/Dubbo/gRpc/HSF)"]==>aTaintCase001242["跨多层进程间调用(暂无实现)"] +L1H1["IAST引擎能力评估体系(JAVA)"]==>L2H103["准确度"] +L2H103["准确度"]==>L3H103["污点对象跟踪粒度"] +L3H103["污点对象跟踪粒度"]==>L4H103["字段/元素级别"] +L4H103["字段/元素级别"]==>L5H103["部分字段对象为污点"] +L5H103["部分字段对象为污点"]==>aTaintCase00126["单层简单对象部分字段为污点"] +L5H103["部分字段对象为污点"]==>L6H105["多层复杂对象部分字段为污点"] +L6H105["多层复杂对象部分字段为污点"]==>aTaintCase00127["污点来自父类"] +L6H105["多层复杂对象部分字段为污点"]==>aTaintCase00128["污点来当前类字段"] +L5H103["部分字段对象为污点"]==>aTaintCase00142["对象部分字段为污点,经过JDK序列化后再反序列化"] +L4H103["字段/元素级别"]==>L5H107["部分数据元素为污点"] +L5H107["部分数据元素为污点"]==>aTaintCase00129["单维数组中的部分元素为污点"] +L5H107["部分数据元素为污点"]==>aTaintCase00130["多维数组中的部分元素为污点"] +L5H107["部分数据元素为污点"]==>aTaintCase00131["部分元素为污点,经过JDK序列化后再反序列化"] +L4H103["字段/元素级别"]==>L5H110["部分集合元素为污点"] +L5H110["部分集合元素为污点"]==>aTaintCase00132["List中部分元素为污点"] +L5H110["部分集合元素为污点"]==>aTaintCase00133["Map中部分元素为污点"] +L5H110["部分集合元素为污点"]==>aTaintCase00134["Set中部分元素为污点"] +L5H110["部分集合元素为污点"]==>aTaintCase00135["Queue中部分元素为污点"] +L5H110["部分集合元素为污点"]==>aTaintCase00136["集合中部分元素为污点,经过JDK序列化后再反序列化"] +L3H103["污点对象跟踪粒度"]==>L4H104["变量级别"] +L4H104["变量级别"]==>aTaintCase00125["sink点的值非外部可控,但与某个参数值相同"] +L3H103["污点对象跟踪粒度"]==>L4H115["字符串级别"] +L4H115["字符串级别"]==>L5H115["字符串部分存在污点"] +L5H115["字符串部分存在污点"]==>L6H115["截取非污点部分"] +L6H115["截取非污点部分"]==>L7H115["String操作"] +L7H115["String操作"]==>aTaintCase00940["replcace"] +L7H115["String操作"]==>aTaintCase00941["replcaceAll"] +L7H115["String操作"]==>aTaintCase00942["split"] +L7H115["String操作"]==>aTaintCase00943["subSequence"] +L7H115["String操作"]==>aTaintCase00944["substring"] +L7H115["String操作"]==>aTaintCase00945["trim"] +L6H115["截取非污点部分"]==>L7H121["StringBuilder操作"] +L7H121["StringBuilder操作"]==>aTaintCase00946["delete"] +L7H121["StringBuilder操作"]==>aTaintCase00947["deleteCharAt"] +L7H121["StringBuilder操作"]==>aTaintCase00948["getChars"] +L7H121["StringBuilder操作"]==>aTaintCase00949["replace"] +L7H121["StringBuilder操作"]==>aTaintCase00950["subSequence"] +L7H121["StringBuilder操作"]==>aTaintCase00951["substring"] +L6H115["截取非污点部分"]==>L7H127["char[]/byte[]操作"] +L7H127["char[]/byte[]操作"]==>aTaintCase00952["copyOfRange"] +L5H115["字符串部分存在污点"]==>L6H128["截取非污点部分后再拼接污点"] +L6H128["截取非污点部分后再拼接污点"]==>L7H128["String操作"] +L7H128["String操作"]==>aTaintCase00953["concat"] +L7H128["String操作"]==>aTaintCase00954["join"] +L7H128["String操作"]==>aTaintCase00955["replace"] +L7H128["String操作"]==>aTaintCase00956["replaceAll"] +L7H128["String操作"]==>aTaintCase00957["trim"] +L6H128["截取非污点部分后再拼接污点"]==>L7H133["StringBuilder操作"] +L7H133["StringBuilder操作"]==>aTaintCase00958["append"] +L7H133["StringBuilder操作"]==>aTaintCase00959["replace"] +L6H128["截取非污点部分后再拼接污点"]==>L7H135["char[]/byte[]操作"] +L7H135["char[]/byte[]操作"]==>aTaintCase00960["copyOfRange"] + + From 77be053157acf50812db870100ccf034e9fdbe60 Mon Sep 17 00:00:00 2001 From: "mengmeng.meng" Date: Fri, 26 Jan 2024 10:16:49 +0800 Subject: [PATCH 14/17] json --- .../analyser/cache/CaseStuctCache.java | 1 + .../analyser/cache/CasetargeCache.java | 74 +++++++++++---- .../analyser/util/MermindUtil.java | 18 ++-- .../astbenchmark/cases/AstTaintCase001.java | 4 +- .../astbenchmark/cases/AstTaintCase002.java | 2 +- .../cli/tree/CaseNodeTreeUtil.java | 94 +++++++++---------- 6 files changed, 118 insertions(+), 75 deletions(-) diff --git a/iast-java/src/main/java/com/iast/astbenchmark/analyser/cache/CaseStuctCache.java b/iast-java/src/main/java/com/iast/astbenchmark/analyser/cache/CaseStuctCache.java index 569c982e..7fd31867 100644 --- a/iast-java/src/main/java/com/iast/astbenchmark/analyser/cache/CaseStuctCache.java +++ b/iast-java/src/main/java/com/iast/astbenchmark/analyser/cache/CaseStuctCache.java @@ -11,6 +11,7 @@ public class CaseStuctCache { protected static CaseNode root; protected static Map leafData ; + public static CaseNode getLeafByCaseNo(String caseNo){ try { return leafData.get(caseNo); diff --git a/iast-java/src/main/java/com/iast/astbenchmark/analyser/cache/CasetargeCache.java b/iast-java/src/main/java/com/iast/astbenchmark/analyser/cache/CasetargeCache.java index 4606846d..5bcd20a6 100644 --- a/iast-java/src/main/java/com/iast/astbenchmark/analyser/cache/CasetargeCache.java +++ b/iast-java/src/main/java/com/iast/astbenchmark/analyser/cache/CasetargeCache.java @@ -1,24 +1,37 @@ package com.iast.astbenchmark.analyser.cache; +import cn.hutool.core.io.IoUtil; +import cn.hutool.core.io.resource.ClassPathResource; +import cn.hutool.json.JSONArray; +import cn.hutool.json.JSONUtil; import com.google.common.collect.Maps; import com.iast.astbenchmark.analyser.bean.CaseTargetBean; import com.iast.astbenchmark.cases.AstTaintCase001; import com.iast.astbenchmark.cases.AstTaintCase002; import com.iast.astbenchmark.cases.AstTaintCase003; import com.iast.astbenchmark.cases.AstTaintCase004; +import com.iast.astbenchmark.cli.tree.CaseNode; import com.iast.astbenchmark.cli.tree.CaseNodeTreeUtil; import lombok.extern.slf4j.Slf4j; import org.springframework.stereotype.Component; import javax.annotation.PostConstruct; +import java.nio.charset.Charset; +import java.util.Collections; +import java.util.HashSet; +import java.util.List; import java.util.Map; +import java.util.Set; +import java.util.stream.Collectors; import static com.iast.astbenchmark.analyser.cache.AnnotationProcessorUtil.buildCaseMap; +import static com.iast.astbenchmark.analyser.cache.CaseStuctCache.leafData; @Component @Slf4j public class CasetargeCache { protected static Map targetMap = Maps.newLinkedHashMap(); + protected static Map targetMap2 = Maps.newLinkedHashMap(); @PostConstruct void init() { @@ -29,16 +42,52 @@ public static void initNow() { new CasetargeCache().goinit(); } + //public static void main(String[] args) { + // /** + // * json转注解,两边结果对比 + // * root2,json解析的root + // * leafData2,json解析的所有叶子节点数据 + // */ + // CaseNode root2; + // Map leafData2 ; + // new CasetargeCache().initNow(); + // String target = IoUtil.read(new ClassPathResource("config/case_target_list.json").getStream(), Charset.forName("utf-8")); + // JSONArray array = JSONUtil.parseArray(target); + // array.stream().forEach(e -> { + // CaseTargetBean bean = JSONUtil.toBean(JSONUtil.toJsonStr(e), CaseTargetBean.class); + // targetMap2.put(bean.getCaseNo(), bean); + // }); + // root2=CaseNodeTreeUtil.initRoot2(); + // leafData2=CaseNodeTreeUtil.leafMap(root2); + // System.out.println(leafData.size()+"/"+ leafData2.size()); + // Set keySet= new HashSet<>(); + // keySet.addAll(leafData2.keySet()) ; + // keySet.addAll(leafData.keySet()); + // for (String key : keySet) { + // if(!leafData.containsKey(key)){ + // System.out.println("注解缺少"+key); + // continue; + // } + // if(!leafData2.containsKey(key)){ + // System.out.println("json缺少:"+key); + // continue; + // } + // CaseTargetBean leaf =leafData.get(key).getLeafData(); + // List targetData=leaf.getData().stream().map(e->e.getTag()+e.getResult()).collect(Collectors.toList()); + // CaseTargetBean leaf2 =leafData2.get(key).getLeafData(); + // List targetData2=leaf2.getData().stream().map(e->e.getTag()+e.getResult()).collect(Collectors.toList()); + // Collections.sort(targetData); + // Collections.sort(targetData2); + // if(!targetData.equals(targetData2)){ + // System.out.println(key); + // } + // + // } + // + //} private void goinit() { if (targetMap.isEmpty()) { try { - //String target = IoUtil.read(new ClassPathResource("config/case_target_list.json").getStream(),Charset.forName("utf-8")); - ////JSONArray array = JSONUtil.readJSONArray(FileUtil.file("case_target_list.json"), Charset.forName("utf-8")); - //JSONArray array =JSONUtil.parseArray(target); - //array.stream().forEach(e -> { - // CaseTargetBean bean = JSONUtil.toBean(JSONUtil.toJsonStr(e), CaseTargetBean.class); - // targetMap.put(bean.getCaseNo(), bean); - //}); buildCaseMap(AstTaintCase001.class); buildCaseMap(AstTaintCase002.class); buildCaseMap(AstTaintCase003.class); @@ -51,16 +100,7 @@ private void goinit() { } } - //public static void main(String[] args) { - // String target = IoUtil.read(new ClassPathResource("config/case_target_list.json").getStream(),Charset.forName("utf-8")); - // //JSONArray array = JSONUtil.readJSONArray(FileUtil.file("case_target_list.json"), Charset.forName("utf-8")); - // JSONArray array =JSONUtil.parseArray(target); - // array.stream().forEach(e -> { - // CaseTargetBean bean = JSONUtil.toBean(JSONUtil.toJsonStr(e), CaseTargetBean.class); - // targetMap.put(bean.getCaseNo(), bean); - // }); - // targetMap.forEach((k,v)-> System.out.println(k+"____"+v.getCaseDesc())); - //} + public static CaseTargetBean getTargetByCaseKey(String key) { return targetMap.get(key); diff --git a/iast-java/src/main/java/com/iast/astbenchmark/analyser/util/MermindUtil.java b/iast-java/src/main/java/com/iast/astbenchmark/analyser/util/MermindUtil.java index cc2e4a92..fe0e4076 100644 --- a/iast-java/src/main/java/com/iast/astbenchmark/analyser/util/MermindUtil.java +++ b/iast-java/src/main/java/com/iast/astbenchmark/analyser/util/MermindUtil.java @@ -16,9 +16,9 @@ public static void main(String[] args) { mermindScript = "```mermind\n"; getGraph(CaseStuctCache.getRoot()); //mermind graph脑图 - //System.out.println(mermindScript); + System.out.println(mermindScript); //mermind 脑图,这个版本格式有点乱 - printTree(CaseStuctCache.getRoot(),CaseStuctCache.getRoot().getDeepth()); + //printTree(CaseStuctCache.getRoot(),CaseStuctCache.getRoot().getDeepth()); //FileUtil.writeUtf8String("JAVA.md", mermindScript); } public static void printTree(CaseNode node, int depth) { @@ -62,17 +62,19 @@ private static void getGraph(CaseNode node) { String parent = node.getParent().getId() + "[\"" + node.getParent().getName() + "\"]"; String current = node.getId() + "[\"" + node.getName() + "\"]"; + if (!StringUtils.isEmpty(node.getName())) { + if (node.getLeafData() != null) { + current = node.getLeafData().getCaseNo() + "[\"" + node.getName() + "\"]"; + } + mermindScript = mermindScript + parent + "==>" + current + "\n"; + } if (!CollectionUtils.isEmpty(node.getChildren())) { for (CaseNode child : node.getChildren()) { getGraph(child); } } - if (node.getLeafData() != null) { - current = node.getLeafData().getCaseNo() + "[\"" + node.getName() + "\"]"; - } - if (!StringUtils.isEmpty(node.getName())) { - mermindScript = mermindScript + parent + "==>" + current + "\n"; - } + + } diff --git a/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase001.java b/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase001.java index fef3154e..344efff5 100644 --- a/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase001.java +++ b/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase001.java @@ -29,9 +29,9 @@ public class AstTaintCase001 { */ @PostMapping ("case00901") @CaseTag( - caseNo = "aTaintCase99001", + caseNo = "aTaintCase00901", caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度->字符串对象->String", - thisMethodTag = "aTaintCase99001", + thisMethodTag = "aTaintCase00901", thisMethodExpectedResult = true ) public Map aTaintCase00901(@RequestParam String cmd) { diff --git a/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase002.java b/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase002.java index 8c5d89f6..f26f0cc3 100644 --- a/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase002.java +++ b/iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase002.java @@ -322,7 +322,7 @@ public Map aTaintCase0027(HttpServletRequest request, @RequestPa @PostMapping("case0033") @CaseTag( caseNo ="aTaintCase0033", - caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点来源识别能力(source)->污点来自http body->json@RequestBody", + caseFullName = "IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度->污点来源识别能力(source)->污点来自http body->json/RequestBody", thisMethodTag = "aTaintCase0033", thisMethodExpectedResult = true ) diff --git a/iast-java/src/main/java/com/iast/astbenchmark/cli/tree/CaseNodeTreeUtil.java b/iast-java/src/main/java/com/iast/astbenchmark/cli/tree/CaseNodeTreeUtil.java index 3a9bc3bd..f9e5ea6a 100644 --- a/iast-java/src/main/java/com/iast/astbenchmark/cli/tree/CaseNodeTreeUtil.java +++ b/iast-java/src/main/java/com/iast/astbenchmark/cli/tree/CaseNodeTreeUtil.java @@ -27,7 +27,7 @@ public static CaseNode initRoot() { CaseNode root = CaseNode.builder() .type(CaseNodeType.ROOT) - .id("N0") + .id("ROOT") .deepth(1) .name("IAST引擎能力评估体系(JAVA)") .build(); @@ -47,51 +47,51 @@ public static CaseNode initRoot() { } - //public static CaseNode initRoot() { - // BufferedReader reader = null; - // InputStream inputStream = null; - // try { - // inputStream = CaseNodeTreeUtil.class.getClassLoader().getResourceAsStream("config/caseNodeTree.txt"); - // reader = new BufferedReader(new InputStreamReader(inputStream)); - // List lines = Lists.newArrayList(); - // String line; - // while ((line = reader.readLine()) != null) { - // lines.add(line); - // } - // //= FileUtil.readLines("config/caseNodeTree.txt", Charset.forName("utf-8")); - // CasetargeCache.initNow(); - // CaseNode root = CaseNode.builder() - // .type(CaseNodeType.ROOT) - // .id(0) - // .deepth(1) - // .name("IAST引擎能力评估体系(JAVA)") - // .build(); - // - // for (int row = 0; row < lines.size(); row++) { - // if (StrUtil.isEmpty(lines.get(row)) || lines.get(row).startsWith("#")) { - // continue; - // } - // String[] nodesData = lines.get(row).split("->"); - // addTreeNode(root, 0, row + 1, nodesData); - // } - // return root; - // } catch (Exception e) { - // log.error("初始化异常:{}", e); - // } finally { - // try { - // if (reader != null) { - // reader.close(); - // } - // if (inputStream != null) { - // inputStream.close(); - // } - // } catch (IOException e) { - // - // } - // - // } - // return null; - //} + public static CaseNode initRoot2() { + BufferedReader reader = null; + InputStream inputStream = null; + try { + inputStream = CaseNodeTreeUtil.class.getClassLoader().getResourceAsStream("config/caseNodeTree.txt"); + reader = new BufferedReader(new InputStreamReader(inputStream)); + List lines = Lists.newArrayList(); + String line; + while ((line = reader.readLine()) != null) { + lines.add(line); + } + //= FileUtil.readLines("config/caseNodeTree.txt", Charset.forName("utf-8")); + CasetargeCache.initNow(); + CaseNode root = CaseNode.builder() + .type(CaseNodeType.ROOT) + .id("ROOT") + .deepth(1) + .name("IAST引擎能力评估体系(JAVA)") + .build(); + + for (int row = 0; row < lines.size(); row++) { + if (StrUtil.isEmpty(lines.get(row)) || lines.get(row).startsWith("#")) { + continue; + } + String[] nodesData = lines.get(row).split("->"); + addTreeNode(root, 0, row + 1, nodesData); + } + return root; + } catch (Exception e) { + log.error("初始化异常:{}", e); + } finally { + try { + if (reader != null) { + reader.close(); + } + if (inputStream != null) { + inputStream.close(); + } + } catch (IOException e) { + + } + + } + return null; + } public static Map leafMap(CaseNode root) { Map leafMap = Maps.newLinkedHashMap(); @@ -127,7 +127,7 @@ private static void addTreeNode(CaseNode parent, Integer deepth, Integer row, St // 默认节点类型为NODE CaseNodeType type = CaseNodeType.NODE; // 节点id - String id = "N" + deepth + "_" + row; + String id = "L" + deepth +"H"+ row; // 判断节点类型 if (nodesData.length <= deepth) { type = CaseNodeType.LEAF; From 5c6d9cc600cb99b0e19873ce5f079b60224fe95c Mon Sep 17 00:00:00 2001 From: "mengmeng.meng" Date: Fri, 26 Jan 2024 10:20:21 +0800 Subject: [PATCH 15/17] Update JAVA.md --- iast-java/src/main/resources/doc/JAVA.md | 29 ++++++++++++------------ 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/iast-java/src/main/resources/doc/JAVA.md b/iast-java/src/main/resources/doc/JAVA.md index 6ecd64f3..34053c12 100644 --- a/iast-java/src/main/resources/doc/JAVA.md +++ b/iast-java/src/main/resources/doc/JAVA.md @@ -6,7 +6,7 @@ L1H1["IAST引擎能力评估体系(JAVA)"]==>L2H1["完整度"] L2H1["完整度"]==>L3H1["基础跟踪能力"] L3H1["基础跟踪能力"]==>L4H1["污点对象完整度"] L4H1["污点对象完整度"]==>L5H1["字符串对象"] -L5H1["字符串对象"]==>aTaintCase99001["String"] +L5H1["字符串对象"]==>aTaintCase00901["String"] L4H1["污点对象完整度"]==>L5H2["基本数据类型及其封装类型"] L5H2["基本数据类型及其封装类型"]==>aTaintCase001["int"] L5H2["基本数据类型及其封装类型"]==>aTaintCase002["char"] @@ -47,7 +47,7 @@ L5H24["特殊链路跟踪能力"]==>aTaintCase0025["调用native方法"] L4H24["污点链路完整度"]==>L5H29["污点来源识别能力(source)"] L5H29["污点来源识别能力(source)"]==>aTaintCase0027["污点来自http getQueryString"] L5H29["污点来源识别能力(source)"]==>L6H30["污点来自http body"] -L6H30["污点来自http body"]==>L7H30["json"] +L6H30["污点来自http body"]==>aTaintCase0033["json/RequestBody"] L6H30["污点来自http body"]==>aTaintCase0034["xml/getInputStream"] L6H30["污点来自http body"]==>L7H32["multipart/form-data"] L7H32["multipart/form-data"]==>aTaintCase0035["getPart"] @@ -62,8 +62,8 @@ L5H29["污点来源识别能力(source)"]==>aTaintCase0044["污点来自http pat L5H29["污点来源识别能力(source)"]==>L6H40["污点来自http header"] L6H40["污点来自http header"]==>aTaintCase0045["getCookies"] L6H40["污点来自http header"]==>aTaintCase0046["getHeader"] -L6H40["污点来自http header"]==>aTaintCase0047["getHeaders"] L6H40["污点来自http header"]==>aTaintCase00139["getHeaderNames"] +L6H40["污点来自http header"]==>aTaintCase0047["getHeaders"] L4H24["污点链路完整度"]==>L5H44["污点传播跟踪能力"] L5H44["污点传播跟踪能力"]==>L6H44["传播场景"] L6H44["传播场景"]==>L7H44["String操作"] @@ -89,16 +89,16 @@ L7H44["String操作"]==>aTaintCase0072["split"] L7H44["String操作"]==>aTaintCase0074["subSequence"] L7H44["String操作"]==>aTaintCase0075["substring"] L7H44["String操作"]==>aTaintCase0076["toCharArray"] -L7H44["String操作"]==>aTaintCase0077["toLowerCase"] L7H44["String操作"]==>aTaintCase0078["toString"] +L7H44["String操作"]==>aTaintCase0077["toLowerCase"] L7H44["String操作"]==>aTaintCase0079["toUpperCase"] L7H44["String操作"]==>aTaintCase0080["trim"] L7H44["String操作"]==>aTaintCase0081["valueOf"] L6H44["传播场景"]==>L7H70["StringBuilder操作"] L7H70["StringBuilder操作"]==>aTaintCase0082["构造方法"] L7H70["StringBuilder操作"]==>aTaintCase0083["append"] -L7H70["StringBuilder操作"]==>aTaintCase0085["delete"] L7H70["StringBuilder操作"]==>aTaintCase0086["deleteCharAt"] +L7H70["StringBuilder操作"]==>aTaintCase0085["delete"] L7H70["StringBuilder操作"]==>aTaintCase0087["getChars"] L7H70["StringBuilder操作"]==>aTaintCase0088["insert"] L7H70["StringBuilder操作"]==>aTaintCase0089["replace"] @@ -142,25 +142,25 @@ L5H101["rpc(至少支持一种框架:Sofa/SpringCloud/Dubbo/gRpc/HSF)"]==>aTai L5H101["rpc(至少支持一种框架:Sofa/SpringCloud/Dubbo/gRpc/HSF)"]==>aTaintCase001242["跨多层进程间调用(暂无实现)"] L1H1["IAST引擎能力评估体系(JAVA)"]==>L2H103["准确度"] L2H103["准确度"]==>L3H103["污点对象跟踪粒度"] -L3H103["污点对象跟踪粒度"]==>L4H103["字段/元素级别"] -L4H103["字段/元素级别"]==>L5H103["部分字段对象为污点"] -L5H103["部分字段对象为污点"]==>aTaintCase00126["单层简单对象部分字段为污点"] -L5H103["部分字段对象为污点"]==>L6H105["多层复杂对象部分字段为污点"] +L3H103["污点对象跟踪粒度"]==>L4H103["变量级别"] +L4H103["变量级别"]==>aTaintCase00125["sink点的值非外部可控,但与某个参数值相同"] +L3H103["污点对象跟踪粒度"]==>L4H104["字段/元素级别"] +L4H104["字段/元素级别"]==>L5H104["部分字段对象为污点"] +L5H104["部分字段对象为污点"]==>aTaintCase00126["单层简单对象部分字段为污点"] +L5H104["部分字段对象为污点"]==>L6H105["多层复杂对象部分字段为污点"] L6H105["多层复杂对象部分字段为污点"]==>aTaintCase00127["污点来自父类"] L6H105["多层复杂对象部分字段为污点"]==>aTaintCase00128["污点来当前类字段"] -L5H103["部分字段对象为污点"]==>aTaintCase00142["对象部分字段为污点,经过JDK序列化后再反序列化"] -L4H103["字段/元素级别"]==>L5H107["部分数据元素为污点"] +L5H104["部分字段对象为污点"]==>aTaintCase00142["对象部分字段为污点,经过JDK序列化后再反序列化"] +L4H104["字段/元素级别"]==>L5H107["部分数据元素为污点"] L5H107["部分数据元素为污点"]==>aTaintCase00129["单维数组中的部分元素为污点"] L5H107["部分数据元素为污点"]==>aTaintCase00130["多维数组中的部分元素为污点"] L5H107["部分数据元素为污点"]==>aTaintCase00131["部分元素为污点,经过JDK序列化后再反序列化"] -L4H103["字段/元素级别"]==>L5H110["部分集合元素为污点"] +L4H104["字段/元素级别"]==>L5H110["部分集合元素为污点"] L5H110["部分集合元素为污点"]==>aTaintCase00132["List中部分元素为污点"] L5H110["部分集合元素为污点"]==>aTaintCase00133["Map中部分元素为污点"] L5H110["部分集合元素为污点"]==>aTaintCase00134["Set中部分元素为污点"] L5H110["部分集合元素为污点"]==>aTaintCase00135["Queue中部分元素为污点"] L5H110["部分集合元素为污点"]==>aTaintCase00136["集合中部分元素为污点,经过JDK序列化后再反序列化"] -L3H103["污点对象跟踪粒度"]==>L4H104["变量级别"] -L4H104["变量级别"]==>aTaintCase00125["sink点的值非外部可控,但与某个参数值相同"] L3H103["污点对象跟踪粒度"]==>L4H115["字符串级别"] L4H115["字符串级别"]==>L5H115["字符串部分存在污点"] L5H115["字符串部分存在污点"]==>L6H115["截取非污点部分"] @@ -194,3 +194,4 @@ L6H128["截取非污点部分后再拼接污点"]==>L7H135["char[]/byte[]操作" L7H135["char[]/byte[]操作"]==>aTaintCase00960["copyOfRange"] + From 1234b6f0d66e1ce52e2adc41bae79b44ec9ca623 Mon Sep 17 00:00:00 2001 From: "mengmeng.meng" Date: Mon, 29 Jan 2024 09:42:39 +0800 Subject: [PATCH 16/17] Update JAVA.md --- iast-java/src/main/resources/doc/JAVA.md | 32 +++++++++++++++++++++--- 1 file changed, 29 insertions(+), 3 deletions(-) diff --git a/iast-java/src/main/resources/doc/JAVA.md b/iast-java/src/main/resources/doc/JAVA.md index 34053c12..846e2e13 100644 --- a/iast-java/src/main/resources/doc/JAVA.md +++ b/iast-java/src/main/resources/doc/JAVA.md @@ -192,6 +192,32 @@ L7H133["StringBuilder操作"]==>aTaintCase00958["append"] L7H133["StringBuilder操作"]==>aTaintCase00959["replace"] L6H128["截取非污点部分后再拼接污点"]==>L7H135["char[]/byte[]操作"] L7H135["char[]/byte[]操作"]==>aTaintCase00960["copyOfRange"] - - - +L1H1["IAST引擎能力评估体系(JAVA)"]==>L2H137["兼容性/JDK兼容性"] +L2H137["兼容性/JDK兼容性"]==>L3H138["Oracle JDK"] +L3H138["Oracle JDK"]==>L4H139["JDK 1.4 以下"] +L3H138["Oracle JDK"]==>L4H141["JDK 1.5"] +L3H138["Oracle JDK"]==>L4H142["JDK 1.6 以上"] +L2H137["兼容性/JDK兼容性"]==>L3H143["OpenJDK"] +L3H143["OpenJDK"]==>L3H144["JDK 1.4 以下"] +L3H143["OpenJDK"]==>L3H145["JDK 1.5"] +L3H143["OpenJDK"]==>L3H146["JDK 1.6 以上"] +L2H137["兼容性/JDK兼容性"]==>L3H147["JRocket"] +L2H137["兼容性/JDK兼容性"]==>L3H148["IBM J9"] +L2H137["兼容性/JDK兼容性"]==>L3H149["AdoptOpen JDK"] +L2H137["兼容性/JDK兼容性"]==>L3H150["Amazon Corretto"] +L2H137["兼容性/JDK兼容性"]==>L3H151["Eclipse OpenJ9"] +L2H137["兼容性/JDK兼容性"]==>L3H152["Red Hat Open JDK"] +L1H1["IAST引擎能力评估体系(JAVA)"]==>L2H153["性能"] +L2H153["性能"]==>L3H154["无漏洞场景"] +L3H154["无漏洞场景"]==>L3H155["内存占用"] +L3H154["无漏洞场景"]==>L3H156["CPU占用"] +L3H154["无漏洞场景"]==>L3H157["RT时长增幅"] +L3H154["无漏洞场景"]==>L3H158["load"] +L2H153["性能"]==>L3H159["有漏洞场景"] +L2H153["性能"]==>L3H160["超长调用链路有漏洞场景"] +L2H153["性能"]==>L3H161["超长调用链路无漏洞场景"] +L2H153["性能"]==>L3H162["大污点对象场景"] +L1H1["IAST引擎能力评估体系(JAVA)"]==>L2H163["接入成本"] +L2H163["接入成本"]==>L3H164["离线插桩-需被测程序使用插桩后的jdk"] +L2H163["接入成本"]==>L3H165["离线插桩-被测程序全部字节码静态插桩后使用"] +L2H163["接入成本"]==>L3H166["动态运行时插桩-需被测程序修改配置"] From 33c94e8397a4fdd11139603d4b5718737d199a73 Mon Sep 17 00:00:00 2001 From: curryooo <118245688+curryooo@users.noreply.github.com> Date: Mon, 29 Jan 2024 09:56:00 +0800 Subject: [PATCH 17/17] Update JAVA.md --- iast-java/src/main/resources/doc/JAVA.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/iast-java/src/main/resources/doc/JAVA.md b/iast-java/src/main/resources/doc/JAVA.md index 846e2e13..e73df81c 100644 --- a/iast-java/src/main/resources/doc/JAVA.md +++ b/iast-java/src/main/resources/doc/JAVA.md @@ -65,7 +65,9 @@ L6H40["污点来自http header"]==>aTaintCase0046["getHeader"] L6H40["污点来自http header"]==>aTaintCase00139["getHeaderNames"] L6H40["污点来自http header"]==>aTaintCase0047["getHeaders"] L4H24["污点链路完整度"]==>L5H44["污点传播跟踪能力"] -L5H44["污点传播跟踪能力"]==>L6H44["传播场景"] +L5H44["污点传播跟踪能力"]==>L6H45["--"] +L6H45["--"]==>L6H46["--"] +L6H46["--"]==>L6H44["传播场景"] L6H44["传播场景"]==>L7H44["String操作"] L7H44["String操作"]==>L8H44["构造方法"] L8H44["构造方法"]==>aTaintCase0062["String(String original)"]