Skip to content

Commit c7cef8e

Browse files
curryooocurryooo
authored
Curry240123 (#35)
* remove unused case * 0096fix
1 parent 885cde0 commit c7cef8e

File tree

9 files changed

+554
-1219
lines changed

9 files changed

+554
-1219
lines changed

iast-java/src/main/java/com/iast/astbenchmark/analyser/cache/CasetargeCache.java

+11
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,17 @@ private void goinit() {
4545
}
4646
}
4747

48+
//public static void main(String[] args) {
49+
// String target = IoUtil.read(new ClassPathResource("config/case_target_list.json").getStream(),Charset.forName("utf-8"));
50+
// //JSONArray array = JSONUtil.readJSONArray(FileUtil.file("case_target_list.json"), Charset.forName("utf-8"));
51+
// JSONArray array =JSONUtil.parseArray(target);
52+
// array.stream().forEach(e -> {
53+
// CaseTargetBean bean = JSONUtil.toBean(JSONUtil.toJsonStr(e), CaseTargetBean.class);
54+
// targetMap.put(bean.getCaseNo(), bean);
55+
// });
56+
// targetMap.forEach((k,v)-> System.out.println(k+"____"+v.getCaseDesc()));
57+
//}
58+
4859
public static CaseTargetBean getTargetByCaseKey(String key) {
4960
return targetMap.get(key);
5061
}

iast-java/src/main/java/com/iast/astbenchmark/cases/AstTaintCase001.java

+1-253
Original file line numberDiff line numberDiff line change
@@ -42,40 +42,6 @@ public Map<String, Object> aTaintCase00901(@RequestParam String cmd) {
4242
return modelMap;
4343
}
4444

45-
/**
46-
* 字符串对象,StringBuffer
47-
* @param cmd
48-
* @return
49-
*/
50-
@PostMapping ("case00902")
51-
public Map<String, Object> aTaintCase00902(@RequestParam String cmd) {
52-
Map<String, Object> modelMap = new HashMap<>();
53-
try {
54-
StringBuffer buffer = new StringBuffer(cmd);
55-
Runtime.getRuntime().exec(new String(buffer));
56-
modelMap.put("status", SUCCESS_STR);
57-
} catch (IOException e) {
58-
modelMap.put("status", ERROR_STR);
59-
}
60-
return modelMap;
61-
}
62-
/**
63-
* 字符串对象,StringBuffer
64-
* @param cmd
65-
* @return
66-
*/
67-
@PostMapping("case00903")
68-
public Map<String, Object> aTaintCase00903(@RequestParam String cmd) {
69-
Map<String, Object> modelMap = new HashMap<>();
70-
try {
71-
StringBuilder buffer = new StringBuilder(cmd);
72-
Runtime.getRuntime().exec(new String(buffer));
73-
modelMap.put("status", SUCCESS_STR);
74-
} catch (IOException e) {
75-
modelMap.put("status", ERROR_STR);
76-
}
77-
return modelMap;
78-
}
7945

8046
/** 污点对象完整度 基础类型 **/
8147
/**
@@ -152,92 +118,6 @@ public Map<String, Object> aTaintCase004(@RequestParam long cmd) {
152118
}
153119

154120

155-
/** 污点对象完整度 2.引用类型 **/
156-
157-
/**
158-
* 引用类型Map 作为污点对象
159-
*
160-
* @param cmd
161-
* @return
162-
*/
163-
@PostMapping("case00927")
164-
public Map<String, Object> aTaintCase927(@RequestBody Map<String, String> cmd) {
165-
Map<String, Object> modelMap = new HashMap<>();
166-
if (cmd == null || cmd.isEmpty()) {
167-
modelMap.put("status", ERROR_STR);
168-
return modelMap;
169-
}
170-
PrintWriter printWriter = new PrintWriter(System.out);
171-
printWriter.print(cmd);
172-
// Runtime.getRuntime().exec(cmd));
173-
modelMap.put("status", SUCCESS_STR);
174-
return modelMap;
175-
}
176-
177-
/**
178-
* 引用类型List 作为污点对象
179-
*
180-
* @param cmd
181-
* @return
182-
*/
183-
@PostMapping("case00928")
184-
public Map<String, Object> aTaintCase00928(@RequestBody List<String> cmd) {
185-
Map<String, Object> modelMap = new HashMap<>();
186-
if (cmd == null || CollectionUtils.isEmpty(cmd)) {
187-
modelMap.put("status", ERROR_STR);
188-
return modelMap;
189-
}
190-
PrintWriter printWriter = new PrintWriter(System.out);
191-
printWriter.print(cmd);
192-
//Runtime.getRuntime().exec(cmd.get(0));
193-
modelMap.put("status", SUCCESS_STR);
194-
return modelMap;
195-
}
196-
197-
/**
198-
* 引用类型queue 作为污点对象
199-
*
200-
* @param cmd
201-
* @return
202-
*/
203-
@PostMapping("case00929")
204-
public Map<String, Object> aTaintCase00929(@RequestBody List<String> cmd) {
205-
Map<String, Object> modelMap = new HashMap<>();
206-
if (cmd == null || CollectionUtils.isEmpty(cmd)) {
207-
modelMap.put("status", ERROR_STR);
208-
return modelMap;
209-
}
210-
Queue<String> queue = new LinkedBlockingQueue();
211-
queue.add(cmd.get(0));
212-
PrintWriter printWriter = new PrintWriter(System.out);
213-
printWriter.print(queue);
214-
//Runtime.getRuntime().exec(queue.peek());
215-
modelMap.put("status", SUCCESS_STR);
216-
return modelMap;
217-
}
218-
219-
/**
220-
* 引用类型Set 作为污点对象
221-
*
222-
* @param
223-
* @return
224-
*/
225-
@Deprecated
226-
@PostMapping("case00930")
227-
public Map<String, Object> aTaintCase00930(@RequestBody List<String> cmd) {
228-
Map<String, Object> modelMap = new HashMap<>();
229-
if (cmd == null || CollectionUtils.isEmpty(cmd)) {
230-
modelMap.put("status", ERROR_STR);
231-
return modelMap;
232-
}
233-
Set<String> stringSet = new HashSet<>(cmd);
234-
PrintWriter printWriter = new PrintWriter(System.out);
235-
printWriter.print(stringSet);
236-
//Runtime.getRuntime().exec(cmd.get(stringSet.iterator().next()));
237-
modelMap.put("status", SUCCESS_STR);
238-
return modelMap;
239-
}
240-
241121
@PostMapping("case005")
242122
public Map<String, Object> aTaintCase005(@RequestBody Map<String, String> cmd) {
243123
Map<String, Object> modelMap = new HashMap<>();
@@ -515,139 +395,7 @@ public Map<String, Object> aTaintCase00926(@RequestBody SourceTestObject[][] cmd
515395
return modelMap;
516396
}
517397

518-
/**
519-
* 其他对象 String 作为污点对象
520-
*
521-
* @param cmd
522-
* @return
523-
*/
524-
@PostMapping("case0017")
525-
@Deprecated
526-
public Map<String, Object> aTaintCase0017(@RequestBody String cmd) {
527-
Map<String, Object> modelMap = new HashMap<>();
528-
if (cmd == null) {
529-
modelMap.put("status", ERROR_STR);
530-
return modelMap;
531-
}
532-
try {
533-
Runtime.getRuntime().exec(cmd);
534-
modelMap.put("status", SUCCESS_STR);
535-
} catch (IOException e) {
536-
modelMap.put("status", ERROR_STR);
537-
}
538-
return modelMap;
539-
}
540398

541-
/**
542-
* 其他对象 StringBuffer 作为污点对象
543-
*
544-
* @param cmd
545-
* @return
546-
*/
547-
//@PostMapping("case0018")
548-
//public Map<String, Object> aTaintCase0018(@RequestBody String cmd) {
549-
// Map<String, Object> modelMap = new HashMap<>();
550-
// if (cmd == null) {
551-
// modelMap.put("status", ERROR_STR);
552-
// return modelMap;
553-
// }
554-
// StringBuffer data = new StringBuffer();
555-
// data.append(cmd);
556-
// try {
557-
// Runtime.getRuntime().exec(String.valueOf(data));
558-
// modelMap.put("status", SUCCESS_STR);
559-
// } catch (IOException e) {
560-
// modelMap.put("status", ERROR_STR);
561-
// }
562-
// return modelMap;
563-
//}
564-
//
565-
///**
566-
// * 其他对象 StringBuilder 作为污点对象
567-
// *
568-
// * @param cmd
569-
// * @return
570-
// */
571-
//@PostMapping("case0019")
572-
//public Map<String, Object> aTaintCase0019(@RequestBody String cmd) {
573-
// Map<String, Object> modelMap = new HashMap<>();
574-
// if (cmd == null) {
575-
// modelMap.put("status", ERROR_STR);
576-
// return modelMap;
577-
// }
578-
// StringBuilder data = new StringBuilder();
579-
// data.append(cmd);
580-
// try {
581-
// Runtime.getRuntime().exec(data.toString());
582-
// modelMap.put("status", SUCCESS_STR);
583-
// } catch (IOException e) {
584-
// modelMap.put("status", ERROR_STR);
585-
// }
586-
// return modelMap;
587-
//}
588-
589-
/**
590-
* 其他对象 自定义对象 对象本身作为污点对象
591-
*
592-
* @param cmd
593-
* @return
594-
*/
595-
//@PostMapping("case0020")
596-
//public Map<String, Object> aTaintCase0020(@RequestBody SourceTestObject cmd) {
597-
// Map<String, Object> modelMap = new HashMap<>();
598-
// if (cmd == null) {
599-
// modelMap.put("status", ERROR_STR);
600-
// return modelMap;
601-
// }
602-
// try {
603-
// java.io.PrintWriter printWriter = new PrintWriter(System.out);
604-
// printWriter.print(cmd);
605-
// //Runtime.getRuntime().exec(cmd);
606-
// modelMap.put("status", SUCCESS_STR);
607-
// } catch (IOException e) {
608-
// modelMap.put("status", ERROR_STR);
609-
// }
610-
// return modelMap;
611-
//}
612-
613-
@PostMapping("case0021")
614-
@Deprecated
615-
public Map<String, Object> aTaintCase0021(@RequestBody SourceTestWithMPObject cmd) {
616-
Map<String, Object> modelMap = new HashMap<>();
617-
try {
618-
Runtime.getRuntime().exec(cmd.getCmd1());
619-
modelMap.put("status", SUCCESS_STR);
620-
} catch (IOException e) {
621-
modelMap.put("status", ERROR_STR);
622-
}
623-
return modelMap;
624-
}
625-
626-
@PostMapping("case0021/2")
627-
@Deprecated
628-
public Map<String, Object> aTaintCase0021_2(@RequestBody SourceTestWithMPObject cmd) {
629-
Map<String, Object> modelMap = new HashMap<>();
630-
try {
631-
Runtime.getRuntime().exec(cmd.getCmd10());
632-
modelMap.put("status", SUCCESS_STR);
633-
} catch (IOException e) {
634-
modelMap.put("status", ERROR_STR);
635-
}
636-
return modelMap;
637-
}
638-
639-
@PostMapping("case0021/3")
640-
@Deprecated
641-
public Map<String, Object> aTaintCase0021_3(@RequestBody SourceTestWithMPObject cmd) {
642-
Map<String, Object> modelMap = new HashMap<>();
643-
try {
644-
Runtime.getRuntime().exec(cmd.getCmd20());
645-
modelMap.put("status", SUCCESS_STR);
646-
} catch (IOException e) {
647-
modelMap.put("status", ERROR_STR);
648-
}
649-
return modelMap;
650-
}
651399

652400
/**
653401
* 对象字段->单层字段(10)@aTaintCase00921
@@ -692,7 +440,7 @@ public Map<String, Object> aTaintCase00921_3(@RequestBody SourceTestWith10Fileds
692440
}
693441

694442
/**
695-
* 对象字段->单层字段(10)@aTaintCase00921
443+
* 对象字段->单层字段(100)@aTaintCase00921
696444
*
697445
* @param cmd
698446
* @return

0 commit comments

Comments
 (0)