Curry240123

iast-java/src/main/java/com/iast/astbenchmark/analyser/bean/consts/CaseTypeEnum.java

@@ -1,16 +1,32 @@
 package com.iast.astbenchmark.analyser.bean.consts;
 
+import org.apache.commons.lang.StringUtils;
+
 public enum CaseTypeEnum {
-    T001("污点对象完整度能力检测"),
-    T002("污点链路完整度能力检测"),
-    T003("异步跟踪能力检测"),
-    T004("跨进程跟踪能力检测"),
-    T005("污点准确度能力检测");
+    T001("IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点对象完整度","污点对象完整度能力检测"),
+    T002("IAST引擎能力评估体系(JAVA)->完整度->基础跟踪能力->污点链路完整度","污点链路完整度能力检测"),
+    T003("IAST引擎能力评估体系(JAVA)->完整度->异步跟踪能力","异步跟踪能力检测"),
+    T004("IAST引擎能力评估体系(JAVA)->完整度->跨进城跟踪能力","跨进程跟踪能力检测"),
+    T005("IAST引擎能力评估体系(JAVA)->准确度","污点准确度能力检测");
     String desc;
-    CaseTypeEnum(String desc){
+
+    String tag;
+    CaseTypeEnum(String tag,String desc){
         this.desc=desc;
+        this.tag=tag;
     }
 
+    public static String getDescByTag(String data) {
+        if(StringUtils.isEmpty(data)){
+            return data;
+        }
+        for (CaseTypeEnum caseTypeEnum : values()) {
+            if (data.contains(caseTypeEnum.getTag())) {
+                return caseTypeEnum.name();
+            }
+        }
+        return null;
+    }
 
     public String getDesc() {
         return desc;
@@ -19,4 +35,12 @@ public String getDesc() {
     public void setDesc(String desc) {
         this.desc = desc;
     }
+
+    public String getTag() {
+        return tag;
+    }
+
+    public void setTag(String tag) {
+        this.tag = tag;
+    }
 }

iast-java/src/main/java/com/iast/astbenchmark/analyser/cache/AnnotationProcessorUtil.java

@@ -0,0 +1,127 @@
+package com.iast.astbenchmark.analyser.cache;
+
+import com.google.common.collect.Lists;
+import com.iast.astbenchmark.analyser.bean.CaseTargetBean;
+import com.iast.astbenchmark.analyser.bean.CaseTargetItemBean;
+import com.iast.astbenchmark.analyser.bean.consts.CaseTypeEnum;
+import org.springframework.util.CollectionUtils;
+
+import java.lang.reflect.Method;
+import java.util.List;
+
+public final class AnnotationProcessorUtil {
+
+    /**
+     * 处理类注解
+     * test method
+     * @param clazz 待处理的类
+     */
+    public static void processAnnotations(Class<?> clazz) {
+        // 处理方法注解
+
+        // 处理方法注解
+        for (Method method : clazz.getDeclaredMethods()) {
+            // 判断方法是否有@CaseTag注解
+            if (method.isAnnotationPresent(CaseTag.class)) {
+                // 获取方法上的@CaseTag注解
+                CaseTag methodAnnotation = method.getAnnotation(CaseTag.class);
+                // 打印方法名和注解值
+                System.out.println("Method " + method.getName() + " has annotation with value: " + methodAnnotation.caseNo());
+            }
+        }
+    }
+
+
+    /**
+     * 构建用例映射
+     *
+     * @param clazz 待处理的类
+     */
+    public static void buildCaseMap(Class<?> clazz) {
+        // 遍历类中的所有方法
+        for (Method method : clazz.getDeclaredMethods()) {
+            // 判断方法是否被@CaseTag注解标记
+            if (method.isAnnotationPresent(CaseTag.class)) {
+                // 获取@CaseTag注解实例
+                CaseTag methodAnnotation = method.getAnnotation(CaseTag.class);
+                // 获取用例编号
+                String caseNo = methodAnnotation.caseNo();
+                // 判断用例编号对应的目标对象是否已存在
+                if (!CasetargeCache.targetMap.containsKey(caseNo)) {
+                    // 如果不存在，则构建新的目标对象并添加到缓存中
+                    CasetargeCache.targetMap.put(caseNo, buildTargetBean(methodAnnotation));
+                } else {
+                    // 如果已存在，则修改目标对象并替换缓存中的对象
+                    CaseTargetBean modifyBean = modifyTargetBean(CasetargeCache.targetMap.get(caseNo), methodAnnotation);
+                    CasetargeCache.targetMap.replace(caseNo, modifyBean);
+                }
+            }
+        }
+    }
+
+    /**
+     * 构建用例目标 bean
+     *
+     * @param methodAnnotation 方法注解
+     * @return 用例目标 bean
+     */
+    private static CaseTargetBean buildTargetBean(CaseTag methodAnnotation) {
+        String caseNo = methodAnnotation.caseNo();
+        String caseFullName = methodAnnotation.caseFullName();
+        String thisMethodTag = methodAnnotation.thisMethodTag();
+        boolean result = methodAnnotation.thisMethodExpectedResult();
+        CaseTargetBean targetBean = new CaseTargetBean();
+        targetBean.setCaseNo(caseNo);
+        CaseTargetItemBean itemBean = new CaseTargetItemBean();
+        itemBean.setTag(thisMethodTag);
+        itemBean.setResult(result);
+        List<CaseTargetItemBean> item = Lists.newArrayList();
+        item.add(itemBean);
+        targetBean.setCaseDesc(caseFullName);
+        targetBean.setData(item);
+        targetBean.setCaseType(CaseTypeEnum.getDescByTag(caseFullName));
+        targetBean.setWeight(1);
+        return targetBean;
+    }
+
+    /**
+     * 修改用例目标 bean
+     *
+     * @param caseTargetBean   原始的用例目标 bean
+     * @param methodAnnotation 方法注解，包含用例标签和预期结果
+     * @return 修改后的用例目标 bean，包含新的用例标签和预期结果
+     */
+    private static CaseTargetBean modifyTargetBean(CaseTargetBean caseTargetBean, CaseTag methodAnnotation) {
+        // 获取方法注解中的用例标签和预期结果
+        String thisMethodTag = methodAnnotation.thisMethodTag();
+        boolean result = methodAnnotation.thisMethodExpectedResult();
+        // 创建一个新的用例目标项 bean，设置用例标签和预期结果
+        CaseTargetItemBean itemBean = new CaseTargetItemBean();
+        itemBean.setTag(thisMethodTag);
+        itemBean.setResult(result);
+        // 获取原始用例目标 bean 中的用例目标项列表
+        List<CaseTargetItemBean> itemBeans = caseTargetBean.getData();
+        // 如果用例目标项列表为空，则直接将新的用例目标项添加到列表中
+        if (CollectionUtils.isEmpty(itemBeans)) {
+            itemBeans.add(itemBean);
+        } else {
+            // 如果用例目标项列表不为空，则判断是否已存在相同标签的用例目标项
+            boolean itemExist = false;
+            for (CaseTargetItemBean item : itemBeans) {
+                if (item.getTag().equalsIgnoreCase(thisMethodTag)) {
+                    itemExist = true;
+                    break;
+                }
+            }
+            // 如果不存在相同标签的用例目标项，则将新的用例目标项添加到列表中
+            if (!itemExist) {
+                itemBeans.add(itemBean);
+            }
+        }
+
+        // 将更新后的用例目标项列表设置回用例目标 bean 中，并返回修改后的用例目标 bean
+        caseTargetBean.setData(itemBeans);
+        return caseTargetBean;
+    }
+
+}

iast-java/src/main/java/com/iast/astbenchmark/analyser/cache/CaseStuctCache.java

@@ -8,12 +8,9 @@
 
 @Slf4j
 public class CaseStuctCache {
-    private static CaseNode root;
-    private static Map<String, CaseNode> leafData ;
-    static {
-        root = CaseNodeTreeUtil.initRoot();
-        leafData=CaseNodeTreeUtil.leafMap(root);
-    }
+    protected static CaseNode root;
+    protected static Map<String, CaseNode> leafData ;
+
 
     public static CaseNode getLeafByCaseNo(String caseNo){
         try {
@@ -31,9 +28,9 @@ public static CaseNode getRoot(){
         return root;
     }
 
-    public static void main(String[] args) {
-        for (CaseNode value : CaseStuctCache.getAllLeaf().values()) {
-            System.out.println(value.getFullName());
-        }
-    }
+    //public static void main(String[] args) {
+    //    for (CaseNode value : CaseStuctCache.getAllLeaf().values()) {
+    //        System.out.println(value.getFullName());
+    //    }
+    //}
 }

iast-java/src/main/java/com/iast/astbenchmark/analyser/cache/CaseTag.java

@@ -0,0 +1,39 @@
+package com.iast.astbenchmark.analyser.cache;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Target(ElementType.METHOD) // 定义注解可以应用于方法
+@Retention(RetentionPolicy.RUNTIME) // 定义注解在运行时可用
+public @interface CaseTag {
+    /**
+     * Case编码
+     *
+     * @return
+     */
+    String caseNo();
+
+
+    /**
+     * case 全名包括路径
+     *
+     * @return
+     */
+    String caseFullName();
+
+    /**
+     * 这个方法期望检出漏洞的结果,true为期待检出,false为不期待检出
+     *
+     * @return
+     */
+    boolean thisMethodExpectedResult();
+
+    /**
+     * 这个方法的标识，可以用于日志等检出结果中检索
+     *
+     * @return
+     */
+    String thisMethodTag();
+}

iast-java/src/main/java/com/iast/astbenchmark/analyser/cache/CasetargeCache.java

@@ -1,23 +1,37 @@
 package com.iast.astbenchmark.analyser.cache;
 
-import cn.hutool.core.io.FileUtil;
 import cn.hutool.core.io.IoUtil;
 import cn.hutool.core.io.resource.ClassPathResource;
 import cn.hutool.json.JSONArray;
 import cn.hutool.json.JSONUtil;
-import com.iast.astbenchmark.analyser.bean.CaseTargetBean;
 import com.google.common.collect.Maps;
+import com.iast.astbenchmark.analyser.bean.CaseTargetBean;
+import com.iast.astbenchmark.cases.AstTaintCase001;
+import com.iast.astbenchmark.cases.AstTaintCase002;
+import com.iast.astbenchmark.cases.AstTaintCase003;
+import com.iast.astbenchmark.cases.AstTaintCase004;
+import com.iast.astbenchmark.cli.tree.CaseNode;
+import com.iast.astbenchmark.cli.tree.CaseNodeTreeUtil;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.stereotype.Component;
 
 import javax.annotation.PostConstruct;
 import java.nio.charset.Charset;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.List;
 import java.util.Map;
+import java.util.Set;
+import java.util.stream.Collectors;
+
+import static com.iast.astbenchmark.analyser.cache.AnnotationProcessorUtil.buildCaseMap;
+import static com.iast.astbenchmark.analyser.cache.CaseStuctCache.leafData;
 
 @Component
 @Slf4j
 public class CasetargeCache {
-    private static Map<String, CaseTargetBean> targetMap = Maps.newLinkedHashMap();
+    protected static Map<String, CaseTargetBean> targetMap = Maps.newLinkedHashMap();
+    protected static Map<String, CaseTargetBean> targetMap2 = Maps.newLinkedHashMap();
 
     @PostConstruct
     void init() {
@@ -28,33 +42,65 @@ public static void initNow() {
         new CasetargeCache().goinit();
     }
 
+    //public static void main(String[] args) {
+    //    /**
+    //     * json转注解，两边结果对比
+    //     * root2,json解析的root
+    //     * leafData2,json解析的所有叶子节点数据
+    //     */
+    //     CaseNode root2;
+    //    Map<String, CaseNode> leafData2 ;
+    //    new CasetargeCache().initNow();
+    //    String target = IoUtil.read(new ClassPathResource("config/case_target_list.json").getStream(), Charset.forName("utf-8"));
+    //    JSONArray array = JSONUtil.parseArray(target);
+    //    array.stream().forEach(e -> {
+    //        CaseTargetBean bean = JSONUtil.toBean(JSONUtil.toJsonStr(e), CaseTargetBean.class);
+    //        targetMap2.put(bean.getCaseNo(), bean);
+    //    });
+    //    root2=CaseNodeTreeUtil.initRoot2();
+    //    leafData2=CaseNodeTreeUtil.leafMap(root2);
+    //    System.out.println(leafData.size()+"/"+ leafData2.size());
+    //    Set<String> keySet= new HashSet<>();
+    //    keySet.addAll(leafData2.keySet())  ;
+    //    keySet.addAll(leafData.keySet());
+    //    for (String key : keySet) {
+    //        if(!leafData.containsKey(key)){
+    //            System.out.println("注解缺少"+key);
+    //            continue;
+    //        }
+    //        if(!leafData2.containsKey(key)){
+    //            System.out.println("json缺少:"+key);
+    //            continue;
+    //        }
+    //        CaseTargetBean leaf =leafData.get(key).getLeafData();
+    //        List<String> targetData=leaf.getData().stream().map(e->e.getTag()+e.getResult()).collect(Collectors.toList());
+    //        CaseTargetBean leaf2 =leafData2.get(key).getLeafData();
+    //        List<String> targetData2=leaf2.getData().stream().map(e->e.getTag()+e.getResult()).collect(Collectors.toList());
+    //        Collections.sort(targetData);
+    //        Collections.sort(targetData2);
+    //        if(!targetData.equals(targetData2)){
+    //            System.out.println(key);
+    //        }
+    //
+    //    }
+    //
+    //}
     private void goinit() {
         if (targetMap.isEmpty()) {
             try {
-                String target = IoUtil.read(new ClassPathResource("config/case_target_list.json").getStream(),Charset.forName("utf-8"));
-                //JSONArray array = JSONUtil.readJSONArray(FileUtil.file("case_target_list.json"), Charset.forName("utf-8"));
-                JSONArray array =JSONUtil.parseArray(target);
-                array.stream().forEach(e -> {
-                    CaseTargetBean bean = JSONUtil.toBean(JSONUtil.toJsonStr(e), CaseTargetBean.class);
-                    targetMap.put(bean.getCaseNo(), bean);
-                });
-
+                buildCaseMap(AstTaintCase001.class);
+                buildCaseMap(AstTaintCase002.class);
+                buildCaseMap(AstTaintCase003.class);
+                buildCaseMap(AstTaintCase004.class);
+                CaseStuctCache.root = CaseNodeTreeUtil.initRoot();
+                CaseStuctCache.leafData=CaseNodeTreeUtil.leafMap(CaseStuctCache.root);
             } catch (Exception e) {
                 log.error("ERROR : Case加载失败，请检查您的case_target_list.json:{}", e);
             }
         }
     }
 
-    //public static void main(String[] args) {
-    //    String target = IoUtil.read(new ClassPathResource("config/case_target_list.json").getStream(),Charset.forName("utf-8"));
-    //    //JSONArray array = JSONUtil.readJSONArray(FileUtil.file("case_target_list.json"), Charset.forName("utf-8"));
-    //    JSONArray array =JSONUtil.parseArray(target);
-    //    array.stream().forEach(e -> {
-    //        CaseTargetBean bean = JSONUtil.toBean(JSONUtil.toJsonStr(e), CaseTargetBean.class);
-    //        targetMap.put(bean.getCaseNo(), bean);
-    //    });
-    //    targetMap.forEach((k,v)-> System.out.println(k+"____"+v.getCaseDesc()));
-    //}
+
 
     public static CaseTargetBean getTargetByCaseKey(String key) {
         return targetMap.get(key);