-
Notifications
You must be signed in to change notification settings - Fork 3
case对应表
AntJiuFo edited this page Jul 19, 2023
·
2 revisions
还在持续更新中~~
A类case为应该检出的真实有漏洞的case,case名称后不带AB标识的、或者带A的,都是A类case
B类case为实际无漏洞但是看起来很像有漏洞的case,易被引擎检出,case名称后带B的为B类case
| case编号 | 检测场景 |
|---|---|
| case011 | astTaintCase-Simple Assignment expression |
| case012 | astTaintCase-Prefix/Suffix expression |
| case013 | astTaintCase-infix expression |
| case014 | astTaintCase-Ternary expressions -- true |
| case015 | astTaintCase-Ternary expressions -- false |
| case016 | astTaintCase-invocation expression |
| case017 | astTaintCase-new expression |
| case018 | astTaintCase-object expression |
| case019 | astTaintCase-object property |
| case0110 | astTaintCase-Array Access |
| case0111 | astTaintCase-Map Access |
| case0112 | astTaintCase-if statement -- discriminant |
| case0113 | astTaintCase-if statement -- true |
| case0114 | astTaintCase-if statement -- false |
| case0115 | astTaintCase-return statement --yield |
| case0116 | astTaintCase-return statement --return |
| case0117 | astTaintCase-switch statement discriminant |
| case0118 | astTaintCase-switch statement case clause |
| case0119 | astTaintCase-switch statement default clause |
| case0120 | astTaintCase-for statement init clause |
| case0121 | astTaintCase-for statement discriminant clause |
| case0122 | astTaintCase-for statement update clause |
| case0123 | astTaintCase-for statement body clause |
| case0124 | astTaintCase-for in |
| case0125 | astTaintCase-for of |
| case0126 | astTaintCase-while condition |
| case0127 | astTaintCase-while body |
| case0128 | astTaintCase-do-while |
| case0129 | astTaintCase-try-statement |
| case0130 | astTaintCase-catch-statement |
| case0131 | astTaintCase-finally-statement |
| case0132 | astTaintCase-anonymous class |
| case0133 | astTaintCase-anonymous function |
| case0134 | astTaintCase-IIFE |
| case0135 | astTaintCase-arrowFunction |
| case0136 | astTaintCase-closure function |
| case0137 | astTaintCase-export statement+func |
| case0138 | astTaintCase-module exports statement + anonymous function |
| case0139 | astTaintCase-Unary expression+Binary expression |
| case0140 | astTaintCase-Binary expression+Binary expression |
| case0141 | astTaintCase-Ternary expressions+Unary/Binary/Ternary expressions |
| case0142 | astTaintCase-invocation expression+unary expression |
| case0143 | astTaintCase-invocation expression+binary expression |
| case0144 | astTaintCase-invocation expression+Ternary expression |
| case0145 | astTaintCase-invocation expression+object property |
| case0146 | astTaintCase-invocation expression+array |
| case0147 | astTaintCase-object property+array |
| case0148 | astTaintCase-method invocation+method invocation |
| case0149 | astTaintCase-method invocation in method invocation |
| case0150 | astTaintCase-return statement+function declaration |
| case0151 | astTaintCase-inner class -- Property access Internal instantiation |
| case0152 | astTaintCase-inner class -- new inner class |
| case0153 | astTaintCase-ThisExpression -- set-->property |
| case0154 | astTaintCase-ThisExpression -- set -->get property |
| case0155A | sourceCase-source Customization -- A |
| case0155B | sourceCase-source Customization -- B |
| case0155BB | sourceCase-source Customization -- BB |
| case0156 | sourceCase-source Customization -- Fuzzy matching |
| case0157A | sinkCase-sink parameter -- A |
| case0157B | sinkCase-sink parameter -- B |
| case0158 | sinkCase-sink directly |
| case0159 | sinkCase-sink object reassign |
| case0160 | sinkCase-sink object require |
| case0161 | sinkCase-sink object import as |
| case0162 | sinkCase-sink object import |
| case0163 | sinkCase-sink object import * as |
| case0164 | sinkCase-sink -- Fuzzy matching -- *.ctx.curl |
| case0165 | specialCase-Template string |
| case0166 | specialCase-Destructuring assignment -- 1 |
| case0167 | specialCase-Destructuring assignment -- 2 |
| case0168 | specialCase-Destructuring assignment -- 3 |
| case0169 | specialCase-Destructuring assignment -- 4 |
| case0170 | specialCase-Spread operator -- object assignment |
| case0171 | specialCase-Spread operator -- func param |
| case0172 | specialCase-constructor --> member |
| case0173 | specialCase-parent/child class + super |
| case0174 | specialCase-Native functions |
| case0175 | specialCase-prototype call |
| case0176 | specialCase-Two/Third-party pack |
| case0177 | specialCase-Chained calls |
| case0178 | specialCase-decorator |
| case0179 | specialCase-prototype modify |
| case0180 | specialCase-source --> multi sink |
| case0180-2 | specialCase-source --> multi sink |
| case0181 | specialCase-multi source --> sink |
| case0181-2 | specialCase-multi source --> sink |
| case0182 | specialCase-sink(source) |
| case0183 | specialCase-Promise |
| case0184 | specialCase-util.promisify |
| case0185 | specialCase-callback |
| case0186 | specialCase-sink-->func parameter |
| case0187 | tsCase-type |
| case0188 | tsCase-type as |
| case0189 | tsCase-union type |
| case0190 | tsCase-intersection type |
| case0191 | tsCase-interface implement |
| case0192 | tsCase-interface mixin |
| case0193 | tsCase-generic |
| case0194 | tsCase-reload |
| case0195 | tsCase-namespace |
| case0196 | specialCase-?. |
| case0197 | specialCase-?? |
| case021A | sourceSinkAccuracy-source Customization -- A |
| case021B | sourceSinkAccuracy-source Customization -- B |
| case022A | sourceSinkAccuracy-sink parameter -- A |
| case022B | sourceSinkAccuracy-sink parameter -- B |
| case023A | sourceSinkAccuracy-source/sink content -- A |
| case023B | sourceSinkAccuracy-source/sink content -- B |
| case023BB | sourceSinkAccuracy-source/sink content -- BB |
| case023BBB | sourceSinkAccuracy-source/sink content -- BBB |
| case024A | objectAccuracy-object -- source to sink |
| case024B | objectAccuracy-object -- source not to sink |
| case025A | objectAccuracy-Attribute sensitive - A |
| case025B | objectAccuracy-Attribute sensitive - B |
| case025AA | objectAccuracy-Attribute sensitive - AA |
| case025BB | objectAccuracy-Attribute sensitive - BB |
| case025AAA | objectAccuracy-Attribute sensitive - AAA |
| case025BBB | objectAccuracy-Attribute sensitive - BBB |
| case025AAAA | objectAccuracy-Attribute sensitive - AAAA |
| case025AAAAA | objectAccuracy-Attribute sensitive - AAAAA |
| case025BBBBB | objectAccuracy-Attribute sensitive - BBBBB |
| case026A | objectAccuracy-Array Element - A |
| case026B | objectAccuracy-Array Element - B |
| case027A | objectAccuracy-Map Element - A |
| case027B | objectAccuracy-Map Element - B |
| case028A | objectAccuracy-Multi-dimensional array -- A |
| case028B | objectAccuracy-Multi-dimensional array -- B |
| case029AB | objectAccuracy-Element not sure |
| case0210AB | objectAccuracy-char in string -AB |
| case0211B | unReachableAccuracy-static value assignment |
| case0212B | unReachableAccuracy-static value assignment by another value |
| case0213B | unReachableAccuracy-static array |
| case0214B | unReachableAccuracy-static map |
| case0215B | unReachableAccuracy-set method covers the taint value |
| case0216B | unReachableAccuracy-multi return statement |
| case0217B | unReachableAccuracy-logic unreachable |
| case0218B | unReachableAccuracy-logic unreachable |
| case0219B | unReachableAccuracy-Expression solving |
| case041 | mixedCase-if statement +try statement +new statement |
| case042 | mixedCase-object statement + try statement + Destructuring assignment |
| case043 | mixedCase-multi-level object statement + try + Destructuring assignment |
| case044 | mixedCase-try + Destructuring assignment |
| case045 | mixedCase-try + if + object statement + func pass |
| case046 | mixedCase-Destructuring assignment + multi service |
| case047 | mixedCase-promise + require |
| case048 | mixedCase-spread operator + obj expression + to sink |
| case049 | mixedCase-multi spread operator + obj expression in sink |
| case0410 | mixedCase-if statement + binary expression + ?. |
| case0411 | mixedCase-if statement + ?. + Ternary expressions |
| case0412 | mixedCase-?. + array |
| case0413 | mixedCase-binary expression + binary expression + Destructuring assignment |
| case0414 | mixedCase-spread operator + Destructuring assignment + binary expression |
| case0415 | mixedCase-spread operator + Destructuring assignment + third-party pack |
| case0416 | mixedCase-arrow func statement + obj statement + spread operator |
| case0417 | mixedCase-Template string + arrow func statement |
| case0418 | mixedCase-string operate + third-party pack + try statement |
| case0419 | mixedCase-for in + spread operator + arrow func statement |
| case0420 | mixedCase-IIFE + spread operator + Destructuring assignment |