diff --git a/.gitignore b/.gitignore index e21c4c11..587db6a0 100644 --- a/.gitignore +++ b/.gitignore @@ -13,3 +13,8 @@ logs/ *.iml */.DS_Store .DS_Store +/dast-java/target +/tools/library/target +/tools/plugin/target +/tools/library/target +*.pyc diff --git a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_reference_004_T/argument_passing_reference_004_T.go b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_reference_004_T/argument_passing_reference_004_T.go index 5ca198ff..e089f10d 100644 --- a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_reference_004_T/argument_passing_reference_004_T.go +++ b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_reference_004_T/argument_passing_reference_004_T.go @@ -21,6 +21,7 @@ func process(inputArr []interface{}, src interface{}) { } func __taint_sink(o []interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() } func main() { diff --git a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_011_F/argument_passing_value_011_F.go b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_return_001_F/argument_passing_value_return_001_F.go similarity index 72% rename from sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_011_F/argument_passing_value_011_F.go rename to sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_return_001_F/argument_passing_value_return_001_F.go index 7c894e12..83a1adbb 100644 --- a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_011_F/argument_passing_value_011_F.go +++ b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_return_001_F/argument_passing_value_return_001_F.go @@ -3,13 +3,13 @@ // evaluation item = 准确度->上下文敏感分析->参数/返回值传递 // scene introduction = // level = 2 -// bind_url = accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_011_F/argument_passing_value_011_F +// bind_url = accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_return_001_F/argument_passing_value_return_001_F // evaluation information end package main import "os/exec" -func argument_passing_value_011_F(__taint_src interface{}) { +func argument_passing_value_return_001_F(__taint_src interface{}) { process(__taint_src) } @@ -24,5 +24,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - argument_passing_value_011_F(__taint_src) + argument_passing_value_return_001_F(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_012_T/argument_passing_value_012_T.go b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_return_002_T/argument_passing_value_return_002_T.go similarity index 72% rename from sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_012_T/argument_passing_value_012_T.go rename to sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_return_002_T/argument_passing_value_return_002_T.go index 760e3b1a..b6fa2c25 100644 --- a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_012_T/argument_passing_value_012_T.go +++ b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_return_002_T/argument_passing_value_return_002_T.go @@ -3,13 +3,13 @@ // evaluation item = 准确度->上下文敏感分析->参数/返回值传递 // scene introduction = // level = 2 -// bind_url = accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_012_T/argument_passing_value_012_T +// bind_url = accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_return_002_T/argument_passing_value_return_002_T // evaluation information end package main import "os/exec" -func argument_passing_value_012_T(__taint_src string) { +func argument_passing_value_return_002_T(__taint_src string) { process(__taint_src) } @@ -23,5 +23,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - argument_passing_value_012_T(__taint_src) + argument_passing_value_return_002_T(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_013_F/argument_passing_value_013_F.go b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_return_003_F/argument_passing_value_return_003_F.go similarity index 75% rename from sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_013_F/argument_passing_value_013_F.go rename to sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_return_003_F/argument_passing_value_return_003_F.go index ea4f9c29..79596f15 100644 --- a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_013_F/argument_passing_value_013_F.go +++ b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_return_003_F/argument_passing_value_return_003_F.go @@ -3,13 +3,13 @@ // evaluation item = 准确度->上下文敏感分析->参数/返回值传递 // scene introduction = 参数值传递->多函数 // level = 2 -// bind_url = accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_013_F/argument_passing_value_013_F +// bind_url = accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_return_003_F/argument_passing_value_return_003_F // evaluation information end package main import "os/exec" -func argument_passing_value_013_F(__taint_src interface{}) { +func argument_passing_value_return_003_F(__taint_src interface{}) { var clean string = "_" process1(clean) process2(__taint_src) @@ -28,5 +28,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - argument_passing_value_013_F(__taint_src) + argument_passing_value_return_003_F(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_014_T/argument_passing_value_014_T.go b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_return_004_T/argument_passing_value_return_004_T.go similarity index 75% rename from sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_014_T/argument_passing_value_014_T.go rename to sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_return_004_T/argument_passing_value_return_004_T.go index 2fd2c303..2d614a74 100644 --- a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_014_T/argument_passing_value_014_T.go +++ b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_return_004_T/argument_passing_value_return_004_T.go @@ -3,13 +3,13 @@ // evaluation item = 准确度->上下文敏感分析->参数/返回值传递 // scene introduction = 参数值传递->多函数 // level = 2 -// bind_url = accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_014_T/argument_passing_value_014_T +// bind_url = accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_return_004_T/argument_passing_value_return_004_T // evaluation information end package main import "os/exec" -func argument_passing_value_014_T(__taint_src interface{}) { +func argument_passing_value_return_004_T(__taint_src interface{}) { var clean string = "_" process2(clean) process1(__taint_src) @@ -28,5 +28,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - argument_passing_value_014_T(__taint_src) + argument_passing_value_return_004_T(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_015_F/argument_passing_value_015_F.go b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_return_005_F/argument_passing_value_return_005_F.go similarity index 74% rename from sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_015_F/argument_passing_value_015_F.go rename to sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_return_005_F/argument_passing_value_return_005_F.go index 78497a33..0ae0622e 100644 --- a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_015_F/argument_passing_value_015_F.go +++ b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_return_005_F/argument_passing_value_return_005_F.go @@ -3,13 +3,13 @@ // evaluation item = 准确度->上下文敏感分析->参数/返回值传递 // scene introduction = 参数值传递->参数顺序 // level = 2 -// bind_url = accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_015_F/argument_passing_value_015_F +// bind_url = accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_return_005_F/argument_passing_value_return_005_F // evaluation information end package main import "os/exec" -func argument_passing_value_015_F(__taint_src string) { +func argument_passing_value_return_005_F(__taint_src string) { process(__taint_src, "_") } @@ -23,5 +23,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - argument_passing_value_015_F(__taint_src) + argument_passing_value_return_005_F(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_016_T/argument_passing_value_016_T.go b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_return_006_T/argument_passing_value_return_006_T.go similarity index 74% rename from sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_016_T/argument_passing_value_016_T.go rename to sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_return_006_T/argument_passing_value_return_006_T.go index e936e822..f6423ee2 100644 --- a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_016_T/argument_passing_value_016_T.go +++ b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_return_006_T/argument_passing_value_return_006_T.go @@ -3,13 +3,13 @@ // evaluation item = 准确度->上下文敏感分析->参数/返回值传递 // scene introduction = 参数值传递->参数顺序 // level = 2 -// bind_url = accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_016_T/argument_passing_value_016_T +// bind_url = accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_return_006_T/argument_passing_value_return_006_T // evaluation information end package main import "os/exec" -func argument_passing_value_016_T(__taint_src string) { +func argument_passing_value_return_006_T(__taint_src string) { process(__taint_src, "_") } @@ -23,5 +23,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - argument_passing_value_016_T(__taint_src) + argument_passing_value_return_006_T(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/config.json b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/config.json index e2e2bf79..5f073b8a 100644 --- a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/config.json +++ b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/config.json @@ -7,15 +7,15 @@ "level": "2", "scene_list": [ { - "compose": "!argument_passing_value_011_F/argument_passing_value_011_F.go && argument_passing_value_012_T/argument_passing_value_012_T.go", + "compose": "!argument_passing_value_return_001_F/argument_passing_value_return_001_F.go && argument_passing_value_return_002_T/argument_passing_value_return_002_T.go", "scene": "1" }, { - "compose": "!argument_passing_value_013_F/argument_passing_value_013_F.go && argument_passing_value_014_T/argument_passing_value_014_T.go", + "compose": "!argument_passing_value_return_003_F/argument_passing_value_return_003_F.go && argument_passing_value_return_004_T/argument_passing_value_return_004_T.go", "scene": "参数值传递->多函数" }, { - "compose": "!argument_passing_value_015_F/argument_passing_value_015_F.go && argument_passing_value_016_T/argument_passing_value_016_T.go", + "compose": "!argument_passing_value_return_005_F/argument_passing_value_return_005_F.go && argument_passing_value_return_006_T/argument_passing_value_return_006_T.go", "scene": "参数值传递->参数顺序" }, { @@ -35,19 +35,19 @@ "scene": "参数值传递->引用传递->this" }, { - "compose": "!multiple_return_001_F/multiple_return_001_F.go && multiple_return_002_T/multiple_return_002_T.go", + "compose": "!multiple_return_value_passing_001_F/multiple_return_value_passing_001_F.go && multiple_return_value_passing_002_T/multiple_return_value_passing_002_T.go", "scene": "返回值传递->多返回值传递" }, { - "compose": "!multiple_return_003_F/multiple_return_003_F.go && multiple_return_004_T/multiple_return_004_T.go", + "compose": "!multiple_return_value_passing_003_F/multiple_return_value_passing_003_F.go && multiple_return_value_passing_004_T/multiple_return_value_passing_004_T.go", "scene": "返回值传递->函数内交换位置" }, { - "compose": "!named_return_001_F/named_return_001_F.go && named_return_002_T/named_return_002_T.go", + "compose": "!named_return_value_passing_001_F/named_return_value_passing_001_F.go && named_return_value_passing_002_T/named_return_value_passing_002_T.go", "scene": "返回值传递->具名返回值" }, { - "compose": "!return_value_passing_001_F/return_value_passing_001_F.go && return_value_passing_002_T/return_value_passing_002_T.go", + "compose": "!return_normal_value_passing_001_F/return_normal_value_passing_001_F.go && return_normal_value_passing_002_T/return_normal_value_passing_002_T.go", "scene": "2" } ] diff --git a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/multiple_return_001_F/multiple_return_001_F.go b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/multiple_return_value_passing_001_F/multiple_return_value_passing_001_F.go similarity index 76% rename from sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/multiple_return_001_F/multiple_return_001_F.go rename to sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/multiple_return_value_passing_001_F/multiple_return_value_passing_001_F.go index bb8036db..cec1f64c 100644 --- a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/multiple_return_001_F/multiple_return_001_F.go +++ b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/multiple_return_value_passing_001_F/multiple_return_value_passing_001_F.go @@ -4,13 +4,13 @@ // evaluation item = 准确度->上下文敏感分析->参数/返回值传递 // scene introduction = 返回值传递->多返回值传递 // level = 2 -// bind_url = accuracy/context_sensitive/argument_return_value_passing/multiple_return_001_F/multiple_return_001_F +// bind_url = accuracy/context_sensitive/argument_return_value_passing/multiple_return_value_passing_001_F/multiple_return_value_passing_001_F // evaluation information end package main import "os/exec" -func multiple_return_001_F(__taint_src interface{}) { +func multiple_return_value_passing_001_F(__taint_src interface{}) { a := "_" ret1, ret2 := processData(__taint_src, a) @@ -28,5 +28,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - multiple_return_001_F(__taint_src) + multiple_return_value_passing_001_F(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/multiple_return_002_T/multiple_return_002_T.go b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/multiple_return_value_passing_002_T/multiple_return_value_passing_002_T.go similarity index 76% rename from sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/multiple_return_002_T/multiple_return_002_T.go rename to sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/multiple_return_value_passing_002_T/multiple_return_value_passing_002_T.go index 21e5abae..d0c34a01 100644 --- a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/multiple_return_002_T/multiple_return_002_T.go +++ b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/multiple_return_value_passing_002_T/multiple_return_value_passing_002_T.go @@ -4,13 +4,13 @@ // evaluation item = 准确度->上下文敏感分析->参数/返回值传递 // scene introduction = 返回值传递->多返回值传递 // level = 2 -// bind_url = accuracy/context_sensitive/argument_return_value_passing/multiple_return_002_T/multiple_return_002_T +// bind_url = accuracy/context_sensitive/argument_return_value_passing/multiple_return_value_passing_002_T/multiple_return_value_passing_002_T // evaluation information end package main import "os/exec" -func multiple_return_002_T(__taint_src interface{}) { +func multiple_return_value_passing_002_T(__taint_src interface{}) { a := "_" ret1, ret2 := processData(__taint_src, a) @@ -28,5 +28,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - multiple_return_002_T(__taint_src) + multiple_return_value_passing_002_T(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/multiple_return_003_F/multiple_return_003_F.go b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/multiple_return_value_passing_003_F/multiple_return_value_passing_003_F.go similarity index 75% rename from sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/multiple_return_003_F/multiple_return_003_F.go rename to sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/multiple_return_value_passing_003_F/multiple_return_value_passing_003_F.go index 15205fde..97492b0d 100644 --- a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/multiple_return_003_F/multiple_return_003_F.go +++ b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/multiple_return_value_passing_003_F/multiple_return_value_passing_003_F.go @@ -4,13 +4,13 @@ // evaluation item = 准确度->上下文敏感分析->参数/返回值传递 // scene introduction = 返回值传递->函数内交换位置 // level = 2 -// bind_url = accuracy/context_sensitive/argument_return_value_passing_value_passing/multiple_return_003_F/multiple_return_003_F +// bind_url = accuracy/context_sensitive/argument_return_value_passing_value_passing/multiple_return_value_passing_003_F/multiple_return_value_passing_003_F // evaluation information end package main import "os/exec" -func multiple_return_003_F(__taint_src interface{}) { +func multiple_return_value_passing_003_F(__taint_src interface{}) { a := "_" ret1, ret2 := processData(__taint_src, a) @@ -28,5 +28,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - multiple_return_003_F(__taint_src) + multiple_return_value_passing_003_F(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/multiple_return_004_T/multiple_return_004_T.go b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/multiple_return_value_passing_004_T/multiple_return_value_passing_004_T.go similarity index 75% rename from sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/multiple_return_004_T/multiple_return_004_T.go rename to sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/multiple_return_value_passing_004_T/multiple_return_value_passing_004_T.go index 15e23b93..eed20141 100644 --- a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/multiple_return_004_T/multiple_return_004_T.go +++ b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/multiple_return_value_passing_004_T/multiple_return_value_passing_004_T.go @@ -4,13 +4,13 @@ // evaluation item = 准确度->上下文敏感分析->参数/返回值传递 // scene introduction = 返回值传递->函数内交换位置 // level = 2 -// bind_url = accuracy/context_sensitive/argument_return_value_passing_value_passing/multiple_return_004_T/multiple_return_004_T +// bind_url = accuracy/context_sensitive/argument_return_value_passing_value_passing/multiple_return_value_passing_004_T/multiple_return_value_passing_004_T // evaluation information end package main import "os/exec" -func multiple_return_004_T(__taint_src interface{}) { +func multiple_return_value_passing_004_T(__taint_src interface{}) { a := "_" ret1, ret2 := processData(__taint_src, a) @@ -26,5 +26,5 @@ func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run( func main() { __taint_src := "taint_src_value" - multiple_return_004_T(__taint_src) + multiple_return_value_passing_004_T(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/named_return_001_F/named_return_001_F.go b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/named_return_value_passing_001_F/named_return_value_passing_001_F.go similarity index 76% rename from sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/named_return_001_F/named_return_001_F.go rename to sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/named_return_value_passing_001_F/named_return_value_passing_001_F.go index 77f81b04..7c388c21 100644 --- a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/named_return_001_F/named_return_001_F.go +++ b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/named_return_value_passing_001_F/named_return_value_passing_001_F.go @@ -3,13 +3,13 @@ // evaluation item = 准确度->上下文敏感分析->参数/返回值传递 // scene introduction = 返回值传递->具名返回值 // level = 2 -// bind_url = accuracy/context_sensitive/argument_return_value_passing/named_return_001_F/named_return_001_F +// bind_url = accuracy/context_sensitive/argument_return_value_passing/named_return_value_passing_001_F/named_return_value_passing_001_F // evaluation information end package main import "os/exec" -func named_return_001_F(__taint_src interface{}) { +func named_return_value_passing_001_F(__taint_src interface{}) { a := "_" ret := processData(__taint_src, a) @@ -27,5 +27,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - named_return_001_F(__taint_src) + named_return_value_passing_001_F(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/named_return_002_T/named_return_002_T.go b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/named_return_value_passing_002_T/named_return_value_passing_002_T.go similarity index 76% rename from sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/named_return_002_T/named_return_002_T.go rename to sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/named_return_value_passing_002_T/named_return_value_passing_002_T.go index 6a153208..c3eace07 100644 --- a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/named_return_002_T/named_return_002_T.go +++ b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/named_return_value_passing_002_T/named_return_value_passing_002_T.go @@ -3,13 +3,13 @@ // evaluation item = 准确度->上下文敏感分析->参数/返回值传递 // scene introduction = 返回值传递->具名返回值 // level = 2 -// bind_url = accuracy/context_sensitive/argument_return_value_passing/named_return_002_T/named_return_002_T +// bind_url = accuracy/context_sensitive/argument_return_value_passing/named_return_value_passing_002_T/named_return_value_passing_002_T // evaluation information end package main import "os/exec" -func named_return_002_T(__taint_src interface{}) { +func named_return_value_passing_002_T(__taint_src interface{}) { a := "_" ret := processData(__taint_src, a) @@ -27,5 +27,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - named_return_002_T(__taint_src) + named_return_value_passing_002_T(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_001_F/return_value_passing_001_F.go b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/return_normal_value_passing_001_F/return_normal_value_passing_001_F.go similarity index 75% rename from sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_001_F/return_value_passing_001_F.go rename to sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/return_normal_value_passing_001_F/return_normal_value_passing_001_F.go index ad406aed..465da18d 100644 --- a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_001_F/return_value_passing_001_F.go +++ b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/return_normal_value_passing_001_F/return_normal_value_passing_001_F.go @@ -3,13 +3,13 @@ // evaluation item = 准确度->上下文敏感分析->参数/返回值传递 // scene introduction = // level = 2 -// bind_url = accuracy/context_sensitive/argument_return_value_passing/return_value_passing_001_F/return_value_passing_001_F +// bind_url = accuracy/context_sensitive/argument_return_value_passing/return_normal_value_passing_001_F/return_normal_value_passing_001_F // evaluation information end package main import "os/exec" -func return_value_passing_001_F(__taint_src string) { +func return_normal_value_passing_001_F(__taint_src string) { data := process(__taint_src) __taint_sink(data) } @@ -26,5 +26,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - return_value_passing_001_F(__taint_src) + return_normal_value_passing_001_F(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_002_T/return_value_passing_002_T.go b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/return_normal_value_passing_002_T/return_normal_value_passing_002_T.go similarity index 74% rename from sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_002_T/return_value_passing_002_T.go rename to sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/return_normal_value_passing_002_T/return_normal_value_passing_002_T.go index 5608839b..dd90a4e7 100644 --- a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_002_T/return_value_passing_002_T.go +++ b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/return_normal_value_passing_002_T/return_normal_value_passing_002_T.go @@ -3,13 +3,13 @@ // evaluation item = 准确度->上下文敏感分析->参数/返回值传递 // scene introduction = // level = 2 -// bind_url = accuracy/context_sensitive/argument_return_value_passing/return_value_passing_002_T/return_value_passing_002_T +// bind_url = accuracy/context_sensitive/argument_return_value_passing/return_normal_value_passing_002_T/return_normal_value_passing_002_T // evaluation information end package main import "os/exec" -func return_value_passing_002_T(__taint_src interface{}) { +func return_normal_value_passing_002_T(__taint_src interface{}) { data := process(__taint_src) __taint_sink(data) } @@ -24,5 +24,5 @@ func process(__taint_src interface{}) interface{} { func main() { __taint_src := "taint_src_value" - return_value_passing_002_T(__taint_src) + return_normal_value_passing_002_T(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/field_sensitive/multidimensional_collection/array_index_005_T/array_index_005_T.go b/sast-go/cases/accuracy/field_sensitive/multidimensional_collection/array_index_mc_001_T/array_index_mc_001_T.go similarity index 81% rename from sast-go/cases/accuracy/field_sensitive/multidimensional_collection/array_index_005_T/array_index_005_T.go rename to sast-go/cases/accuracy/field_sensitive/multidimensional_collection/array_index_mc_001_T/array_index_mc_001_T.go index 8f1b7274..cb46f26d 100644 --- a/sast-go/cases/accuracy/field_sensitive/multidimensional_collection/array_index_005_T/array_index_005_T.go +++ b/sast-go/cases/accuracy/field_sensitive/multidimensional_collection/array_index_mc_001_T/array_index_mc_001_T.go @@ -4,13 +4,13 @@ // evaluation item = 准确度->对象敏感与域敏感分析->区分多维字典/列表/数组的不同元素 // scene introduction = 数组索引->二维 // level = 4 -// bind_url = accuracy/field_sensitive/multidimensional_collection/array_index_005_T/array_index_005_T +// bind_url = accuracy/field_sensitive/multidimensional_collection/array_index_mc_001_T/array_index_mc_001_T // evaluation information end package main import "os/exec" -func array_index_005_T(__taint_src string) { +func array_index_mc_001_T(__taint_src string) { var str = [3][1]string{[1]string{__taint_src}, [1]string{"b"}, [1]string{"c"}} __taint_sink(str[0][0]) } @@ -21,5 +21,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - array_index_005_T(__taint_src) + array_index_mc_001_T(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/field_sensitive/multidimensional_collection/array_index_006_F/array_index_006_F.go b/sast-go/cases/accuracy/field_sensitive/multidimensional_collection/array_index_mc_002_F/array_index_mc_002_F.go similarity index 82% rename from sast-go/cases/accuracy/field_sensitive/multidimensional_collection/array_index_006_F/array_index_006_F.go rename to sast-go/cases/accuracy/field_sensitive/multidimensional_collection/array_index_mc_002_F/array_index_mc_002_F.go index b39558f6..826025b5 100644 --- a/sast-go/cases/accuracy/field_sensitive/multidimensional_collection/array_index_006_F/array_index_006_F.go +++ b/sast-go/cases/accuracy/field_sensitive/multidimensional_collection/array_index_mc_002_F/array_index_mc_002_F.go @@ -4,13 +4,13 @@ // evaluation item = 准确度->对象敏感与域敏感分析->区分多维字典/列表/数组的不同元素 // scene introduction = 数组索引->二维 // level = 4 -// bind_url = accuracy/field_sensitive/multidimensional_collection/array_index_006_F/array_index_006_F +// bind_url = accuracy/field_sensitive/multidimensional_collection/array_index_mc_002_F/array_index_mc_002_F // evaluation information end package main import "os/exec" -func array_index_006_F(__taint_src string) { +func array_index_mc_002_F(__taint_src string) { var str = [3][1]string{[1]string{__taint_src}, [1]string{"b"}, [1]string{"c"}} __taint_sink(str[1][0]) } @@ -21,5 +21,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - array_index_006_F(__taint_src) + array_index_mc_002_F(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/field_sensitive/multidimensional_collection/config.json b/sast-go/cases/accuracy/field_sensitive/multidimensional_collection/config.json index 7bd612ed..215f08e1 100644 --- a/sast-go/cases/accuracy/field_sensitive/multidimensional_collection/config.json +++ b/sast-go/cases/accuracy/field_sensitive/multidimensional_collection/config.json @@ -7,11 +7,11 @@ "level": "4", "scene_list": [ { - "compose": "array_index_005_T/array_index_005_T.go && !array_index_006_F/array_index_006_F.go", + "compose": "array_index_mc_001_T/array_index_mc_001_T.go && !array_index_mc_002_F/array_index_mc_002_F.go", "scene": "数组索引->二维" }, { - "compose": "slice_index_003_T/slice_index_003_T.go && !slice_index_004_F/slice_index_004_F.go", + "compose": "slice_index_mc_001_T/slice_index_mc_001_T.go && !slice_index_mc_002_F/slice_index_mc_002_F.go", "scene": "切片索引-二维" } ] diff --git a/sast-go/cases/accuracy/field_sensitive/multidimensional_collection/slice_index_003_T/slice_index_003_T.go b/sast-go/cases/accuracy/field_sensitive/multidimensional_collection/slice_index_mc_001_T/slice_index_mc_001_T.go similarity index 82% rename from sast-go/cases/accuracy/field_sensitive/multidimensional_collection/slice_index_003_T/slice_index_003_T.go rename to sast-go/cases/accuracy/field_sensitive/multidimensional_collection/slice_index_mc_001_T/slice_index_mc_001_T.go index 6396578e..c5b5fd54 100644 --- a/sast-go/cases/accuracy/field_sensitive/multidimensional_collection/slice_index_003_T/slice_index_003_T.go +++ b/sast-go/cases/accuracy/field_sensitive/multidimensional_collection/slice_index_mc_001_T/slice_index_mc_001_T.go @@ -4,13 +4,13 @@ // evaluation item = 准确度->对象敏感与域敏感分析->区分多维字典/列表/数组的不同元素 // scene introduction = 切片索引-二维 // level = 4 -// bind_url = accuracy/field_sensitive/multidimensional_collection/slice_index_003_T/slice_index_003_T +// bind_url = accuracy/field_sensitive/multidimensional_collection/slice_index_mc_001_T/slice_index_mc_001_T // evaluation information end package main import "os/exec" -func slice_index_003_T(__taint_src string) { +func slice_index_mc_001_T(__taint_src string) { s := [][]string{ []string{"a"}, []string{"b", "c"}, @@ -25,5 +25,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - slice_index_003_T(__taint_src) + slice_index_mc_001_T(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/field_sensitive/multidimensional_collection/slice_index_004_F/slice_index_004_F.go b/sast-go/cases/accuracy/field_sensitive/multidimensional_collection/slice_index_mc_002_F/slice_index_mc_002_F.go similarity index 82% rename from sast-go/cases/accuracy/field_sensitive/multidimensional_collection/slice_index_004_F/slice_index_004_F.go rename to sast-go/cases/accuracy/field_sensitive/multidimensional_collection/slice_index_mc_002_F/slice_index_mc_002_F.go index 9378f90d..25c1cc5f 100644 --- a/sast-go/cases/accuracy/field_sensitive/multidimensional_collection/slice_index_004_F/slice_index_004_F.go +++ b/sast-go/cases/accuracy/field_sensitive/multidimensional_collection/slice_index_mc_002_F/slice_index_mc_002_F.go @@ -4,13 +4,13 @@ // evaluation item = 准确度->对象敏感与域敏感分析->区分多维字典/列表/数组的不同元素 // scene introduction = 切片索引-二维 // level = 4 -// bind_url = accuracy/field_sensitive/multidimensional_collection/slice_index_004_F/slice_index_004_F +// bind_url = accuracy/field_sensitive/multidimensional_collection/slice_index_mc_002_F/slice_index_mc_002_F // evaluation information end package main import "os/exec" -func slice_index_004_F(__taint_src string) { +func slice_index_mc_002_F(__taint_src string) { s := [][]string{ []string{"a"}, []string{"b", "c"}, @@ -25,5 +25,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - slice_index_004_F(__taint_src) + slice_index_mc_002_F(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_001_T/array_index_001_T.go b/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_001_T/array_index_no_solver_001_T.go similarity index 77% rename from sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_001_T/array_index_001_T.go rename to sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_001_T/array_index_no_solver_001_T.go index 2244f61f..3b5fb956 100644 --- a/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_001_T/array_index_001_T.go +++ b/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_001_T/array_index_no_solver_001_T.go @@ -4,13 +4,13 @@ // evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) // scene introduction = 数组->数组索引 // level = 3 -// bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_001_T/array_index_001_T +// bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_001_T/array_index_no_solver_001_T // evaluation information end package main import "os/exec" -func array_index_001_T(__taint_src string) { +func array_index_no_solver_001_T(__taint_src string) { var str = [3]string{__taint_src, "b", "c"} __taint_sink(str[0]) } @@ -21,5 +21,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - array_index_001_T(__taint_src) + array_index_no_solver_001_T(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_002_F/array_index_002_F.go b/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_002_F/array_index_no_solver_002_F.go similarity index 77% rename from sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_002_F/array_index_002_F.go rename to sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_002_F/array_index_no_solver_002_F.go index 8a29e51b..0de51bf7 100644 --- a/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_002_F/array_index_002_F.go +++ b/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_002_F/array_index_no_solver_002_F.go @@ -4,13 +4,13 @@ // evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) // scene introduction = 数组->数组索引 // level = 3 -// bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_002_F/array_index_002_F +// bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_002_F/array_index_no_solver_002_F // evaluation information end package main import "os/exec" -func array_index_002_F(__taint_src string) { +func array_index_no_solver_002_F(__taint_src string) { var str = [3]string{__taint_src, "b", "c"} __taint_sink(str[1]) } @@ -21,5 +21,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - array_index_002_F(__taint_src) + array_index_no_solver_002_F(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_003_T/array_index_003_T.go b/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_003_T/array_index_no_solver_003_T.go similarity index 77% rename from sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_003_T/array_index_003_T.go rename to sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_003_T/array_index_no_solver_003_T.go index 4b084855..e58a1d2a 100644 --- a/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_003_T/array_index_003_T.go +++ b/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_003_T/array_index_no_solver_003_T.go @@ -4,13 +4,13 @@ // evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) // scene introduction = 数组->数组索引 // level = 3 -// bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_003_T/array_index_003_T +// bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_003_T/array_index_no_solver_003_T // evaluation information end package main import "os/exec" -func array_index_003_T(__taint_src string) { +func array_index_no_solver_003_T(__taint_src string) { var str = [3]string{__taint_src, "b", "c"} str[1] = "_" __taint_sink(str) @@ -22,5 +22,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - array_index_003_T(__taint_src) + array_index_no_solver_003_T(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_004_F/array_index_004_F.go b/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_004_F/array_index_no_solver_004_F.go similarity index 77% rename from sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_004_F/array_index_004_F.go rename to sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_004_F/array_index_no_solver_004_F.go index 6ed8cec8..c0881a2c 100644 --- a/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_004_F/array_index_004_F.go +++ b/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_004_F/array_index_no_solver_004_F.go @@ -4,13 +4,13 @@ // evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) // scene introduction = 数组->数组索引 // level = 3 -// bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_004_F/array_index_004_F +// bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_004_F/array_index_no_solver_004_F // evaluation information end package main import "os/exec" -func array_index_004_F(__taint_src string) { +func array_index_no_solver_004_F(__taint_src string) { var str = [3]string{__taint_src, "b", "c"} str[0] = "_" __taint_sink(str) @@ -22,5 +22,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - array_index_004_F(__taint_src) + array_index_no_solver_004_F(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_009_T/array_index_009_T.go b/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_005_T/array_index_no_solver_005_T.go similarity index 81% rename from sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_009_T/array_index_009_T.go rename to sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_005_T/array_index_no_solver_005_T.go index 86e32a59..d2acfe5e 100644 --- a/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_009_T/array_index_009_T.go +++ b/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_005_T/array_index_no_solver_005_T.go @@ -4,14 +4,14 @@ // evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) // scene introduction = 数组->数组赋值 // level = 3 -// bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_009_T/array_index_009_T +// bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_005_T/array_index_no_solver_005_T // evaluation information end // YASA中现在处理memberAccess时,以property的符号字面量作为key进行存取。导致精度损失。 package main import "os/exec" -func array_index_009_T(__taint_src string) { +func array_index_no_solver_005_T(__taint_src string) { var arr [3]string var symbol int = 0 arr[symbol] = __taint_src @@ -26,5 +26,5 @@ func __taint_sink(o interface{}) { } func main() { __taint_src := "taint_src_value" - array_index_009_T(__taint_src) + array_index_no_solver_005_T(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_010_F/array_index_010_F.go b/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_006_F/array_index_no_solver_006_F.go similarity index 79% rename from sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_010_F/array_index_010_F.go rename to sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_006_F/array_index_no_solver_006_F.go index 39243ed3..9632652a 100644 --- a/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_010_F/array_index_010_F.go +++ b/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_006_F/array_index_no_solver_006_F.go @@ -4,13 +4,13 @@ // evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) // scene introduction = 数组->数组赋值 // level = 3 -// bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_010_F/array_index_010_F +// bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_006_F/array_index_no_solver_006_F // evaluation information end package main import "os/exec" -func array_index_010_F(__taint_src string) { +func array_index_no_solver_006_F(__taint_src string) { var arr [3]string var symbol int = 0 arr[symbol] = __taint_src @@ -25,5 +25,5 @@ func __taint_sink(o interface{}) { } func main() { __taint_src := "taint_src_value" - array_index_010_F(__taint_src) + array_index_no_solver_006_F(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/config.json b/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/config.json index 64118db5..ac30063a 100644 --- a/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/config.json +++ b/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/config.json @@ -7,15 +7,15 @@ "level": "3", "scene_list": [ { - "compose": "array_index_001_T/array_index_001_T.go && !array_index_002_F/array_index_002_F.go", + "compose": "array_index_no_solver_001_T/array_index_no_solver_001_T.go && !array_index_no_solver_002_F/array_index_no_solver_002_F.go", "scene": "数组->数组索引" }, { - "compose": "array_index_003_T/array_index_003_T.go && !array_index_004_F/array_index_004_F.go", + "compose": "array_index_no_solver_003_T/array_index_no_solver_003_T.go && !array_index_no_solver_004_F/array_index_no_solver_004_F.go", "scene": "数组->数组索引2" }, { - "compose": "array_index_009_T/array_index_009_T.go && !array_index_010_F/array_index_010_F.go", + "compose": "array_index_no_solver_005_T/array_index_no_solver_005_T.go && !array_index_no_solver_006_F/array_index_no_solver_006_F.go", "scene": "数组->数组赋值" }, { @@ -35,7 +35,7 @@ "scene": "切片->切片索引" }, { - "compose": "slice_index_005_T/slice_index_005_T.go && !slice_index_006_F/slice_index_006_F.go", + "compose": "slice_index_003_T/slice_index_003_T.go && !slice_index_004_F/slice_index_004_F.go", "scene": "切片->切片截取" } ] diff --git a/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/slice_index_005_T/slice_index_005_T.go b/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/slice_index_003_T/slice_index_003_T.go similarity index 90% rename from sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/slice_index_005_T/slice_index_005_T.go rename to sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/slice_index_003_T/slice_index_003_T.go index 8c86a7a1..03b4cc74 100644 --- a/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/slice_index_005_T/slice_index_005_T.go +++ b/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/slice_index_003_T/slice_index_003_T.go @@ -10,7 +10,7 @@ package main import "os/exec" -func slice_index_005_T(__taint_src string) { +func slice_index_003_T(__taint_src string) { var arr [3]string = [3]string{__taint_src, "b", "c"} var s []string s = arr[:] @@ -23,5 +23,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - slice_index_005_T(__taint_src) + slice_index_003_T(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/slice_index_006_F/slice_index_006_F.go b/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/slice_index_004_F/slice_index_004_F.go similarity index 90% rename from sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/slice_index_006_F/slice_index_006_F.go rename to sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/slice_index_004_F/slice_index_004_F.go index f973140e..dd0f5c93 100644 --- a/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/slice_index_006_F/slice_index_006_F.go +++ b/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/slice_index_004_F/slice_index_004_F.go @@ -10,7 +10,7 @@ package main import "os/exec" -func slice_index_006_F(__taint_src string) { +func slice_index_004_F(__taint_src string) { var arr [3]string = [3]string{__taint_src, "b", "c"} var s []string s = arr[1:] @@ -23,5 +23,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - slice_index_006_F(__taint_src) + slice_index_004_F(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_index_007_T/array_index_007_T.go b/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_index_001_T/array_index_001_T.go similarity index 82% rename from sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_index_007_T/array_index_007_T.go rename to sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_index_001_T/array_index_001_T.go index 2b9137eb..268dbc7b 100644 --- a/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_index_007_T/array_index_007_T.go +++ b/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_index_001_T/array_index_001_T.go @@ -4,13 +4,13 @@ // evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值非数字的场景,能够区分不同索引上特定元素的状态(需要求解) // scene introduction = 数组->数组索引->需求解 // level = 4 -// bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_index_007_T/array_index_007_T +// bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_index_001_T/array_index_001_T // evaluation information end package main import "os/exec" -func array_index_007_T(__taint_src string) { +func array_index_001_T(__taint_src string) { var str = [3]string{"b", "c", __taint_src} __taint_sink(str[1+1]) } @@ -21,5 +21,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - array_index_007_T(__taint_src) + array_index_001_T(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_index_008_F/array_index_008_F.go b/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_index_002_F/array_index_002_F.go similarity index 82% rename from sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_index_008_F/array_index_008_F.go rename to sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_index_002_F/array_index_002_F.go index 265cd5e0..2f2790cb 100644 --- a/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_index_008_F/array_index_008_F.go +++ b/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_index_002_F/array_index_002_F.go @@ -4,13 +4,13 @@ // evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值非数字的场景,能够区分不同索引上特定元素的状态(需要求解) // scene introduction = 数组->数组索引->需求解 // level = 4 -// bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_index_008_F/array_index_008_F +// bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_index_002_F/array_index_002_F // evaluation information end package main import "os/exec" -func array_index_008_F(__taint_src string) { +func array_index_002_F(__taint_src string) { var str = [4]string{"b", __taint_src, "c", "d"} __taint_sink(str[1+2]) } @@ -21,5 +21,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - array_index_008_F(__taint_src) + array_index_002_F(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/config.json b/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/config.json index 25bebac7..9430eba5 100644 --- a/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/config.json +++ b/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/config.json @@ -7,7 +7,7 @@ "level": "4", "scene_list": [ { - "compose": "array_index_007_T/array_index_007_T.go && !array_index_008_F/array_index_008_F.go", + "compose": "array_index_001_T/array_index_001_T.go && !array_index_002_F/array_index_002_F.go", "scene": "数组->数组索引->需求解" } ] diff --git a/sast-go/cases/accuracy/object_sensitive/collection/array_obj_sensitive_007_T/array_obj_sensitive_007_T.go b/sast-go/cases/accuracy/object_sensitive/collection/array_obj_sensitive_005_T/array_obj_sensitive_005_T.go similarity index 81% rename from sast-go/cases/accuracy/object_sensitive/collection/array_obj_sensitive_007_T/array_obj_sensitive_007_T.go rename to sast-go/cases/accuracy/object_sensitive/collection/array_obj_sensitive_005_T/array_obj_sensitive_005_T.go index d778d753..7ada3a1c 100644 --- a/sast-go/cases/accuracy/object_sensitive/collection/array_obj_sensitive_007_T/array_obj_sensitive_007_T.go +++ b/sast-go/cases/accuracy/object_sensitive/collection/array_obj_sensitive_005_T/array_obj_sensitive_005_T.go @@ -4,13 +4,13 @@ // evaluation item = 准确度->对象敏感与域敏感分析->区分字典/列表/数组的不同元素 // scene introduction = 数组->复合数据类型 // level = 2 -// bind_url = accuracy/object_sensitive/collection/array_obj_sensitive_007_T/array_obj_sensitive_007_T +// bind_url = accuracy/object_sensitive/collection/array_obj_sensitive_005_T/array_obj_sensitive_005_T // evaluation information end package main import "os/exec" -func array_obj_sensitive_007_T(__taint_src string) { +func array_obj_sensitive_005_T(__taint_src string) { var str = [...]string{__taint_src, "b", "c"} var str2 = [...]string{"a", "b", "c"} _ = str2 @@ -23,5 +23,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - array_obj_sensitive_007_T(__taint_src) + array_obj_sensitive_005_T(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/object_sensitive/collection/array_obj_sensitive_008_F/array_obj_sensitive_008_F.go b/sast-go/cases/accuracy/object_sensitive/collection/array_obj_sensitive_006_F/array_obj_sensitive_006_F.go similarity index 81% rename from sast-go/cases/accuracy/object_sensitive/collection/array_obj_sensitive_008_F/array_obj_sensitive_008_F.go rename to sast-go/cases/accuracy/object_sensitive/collection/array_obj_sensitive_006_F/array_obj_sensitive_006_F.go index ee5960ad..5fe60c90 100644 --- a/sast-go/cases/accuracy/object_sensitive/collection/array_obj_sensitive_008_F/array_obj_sensitive_008_F.go +++ b/sast-go/cases/accuracy/object_sensitive/collection/array_obj_sensitive_006_F/array_obj_sensitive_006_F.go @@ -4,13 +4,13 @@ // evaluation item = 准确度->对象敏感与域敏感分析->区分字典/列表/数组的不同元素 // scene introduction = 数组->复合数据类型 // level = 2 -// bind_url = accuracy/object_sensitive/collection/array_obj_sensitive_008_F/array_obj_sensitive_008_F +// bind_url = accuracy/object_sensitive/collection/array_obj_sensitive_006_F/array_obj_sensitive_006_F // evaluation information end package main import "os/exec" -func array_obj_sensitive_008_F(__taint_src string) { +func array_obj_sensitive_006_F(__taint_src string) { var str = [...]string{__taint_src, "b", "c"} var str2 = [...]string{"a", "b", "c"} _ = str @@ -23,5 +23,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - array_obj_sensitive_008_F(__taint_src) + array_obj_sensitive_006_F(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/object_sensitive/collection/config.json b/sast-go/cases/accuracy/object_sensitive/collection/config.json index 33a2175d..b36f9ecd 100644 --- a/sast-go/cases/accuracy/object_sensitive/collection/config.json +++ b/sast-go/cases/accuracy/object_sensitive/collection/config.json @@ -15,7 +15,7 @@ "scene": "数组->复合数据类型2" }, { - "compose": "array_obj_sensitive_007_T/array_obj_sensitive_007_T.go && !array_obj_sensitive_008_F/array_obj_sensitive_008_F.go", + "compose": "array_obj_sensitive_005_T/array_obj_sensitive_005_T.go && !array_obj_sensitive_006_F/array_obj_sensitive_006_F.go", "scene": "数组->复合数据类型3" }, { diff --git a/sast-go/cases/accuracy/object_sensitive/struct/config.json b/sast-go/cases/accuracy/object_sensitive/struct/config.json index 1104a76b..fbf8c71d 100644 --- a/sast-go/cases/accuracy/object_sensitive/struct/config.json +++ b/sast-go/cases/accuracy/object_sensitive/struct/config.json @@ -7,7 +7,7 @@ "level": "2", "scene_list": [ { - "compose": "struct_007_T/struct_007_T.go && !struct_008_F/struct_008_F.go", + "compose": "struct_normal_001_T/struct_normal_001_T.go && !struct_normal_002_F/struct_normal_002_F.go", "scene": "结构体对象" }, { diff --git a/sast-go/cases/accuracy/object_sensitive/struct/struct_007_T/struct_007_T.go b/sast-go/cases/accuracy/object_sensitive/struct/struct_normal_001_T/struct_normal_001_T.go similarity index 74% rename from sast-go/cases/accuracy/object_sensitive/struct/struct_007_T/struct_007_T.go rename to sast-go/cases/accuracy/object_sensitive/struct/struct_normal_001_T/struct_normal_001_T.go index 7cdccca8..e50c93b1 100644 --- a/sast-go/cases/accuracy/object_sensitive/struct/struct_007_T/struct_007_T.go +++ b/sast-go/cases/accuracy/object_sensitive/struct/struct_normal_001_T/struct_normal_001_T.go @@ -4,7 +4,7 @@ // evaluation item = 准确度->对象敏感与域敏感分析->区分不同结构体 // scene introduction = 结构体对象 // level = 2 -// bind_url = accuracy/object_sensitive/struct/struct_007_T/struct_007_T +// bind_url = accuracy/object_sensitive/struct/struct_normal_001_T/struct_normal_001_T // evaluation information end package main @@ -14,7 +14,7 @@ type A struct { data string } -func struct_007_T(__taint_src string) { +func struct_normal_001_T(__taint_src string) { p := A{ data: __taint_src, } @@ -31,5 +31,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - struct_007_T(__taint_src) + struct_normal_001_T(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/object_sensitive/struct/struct_008_F/struct_008_F.go b/sast-go/cases/accuracy/object_sensitive/struct/struct_normal_002_F/struct_normal_002_F.go similarity index 75% rename from sast-go/cases/accuracy/object_sensitive/struct/struct_008_F/struct_008_F.go rename to sast-go/cases/accuracy/object_sensitive/struct/struct_normal_002_F/struct_normal_002_F.go index 12364caa..5068c847 100644 --- a/sast-go/cases/accuracy/object_sensitive/struct/struct_008_F/struct_008_F.go +++ b/sast-go/cases/accuracy/object_sensitive/struct/struct_normal_002_F/struct_normal_002_F.go @@ -4,7 +4,7 @@ // evaluation item = 准确度->对象敏感与域敏感分析->区分不同结构体 // scene introduction = 结构体对象 // level = 2 -// bind_url = accuracy/object_sensitive/struct/struct_008_F/struct_008_F +// bind_url = accuracy/object_sensitive/struct/struct_normal_002_F/struct_normal_002_F // evaluation information end package main @@ -14,7 +14,7 @@ type A struct { data string } -func struct_008_F(__taint_src string) { +func struct_normal_002_F(__taint_src string) { p := A{ data: __taint_src, } @@ -31,5 +31,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - struct_008_F(__taint_src) + struct_normal_002_F(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/break_003_T/break_003_T.go b/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/break_001_T/break_001_T.go similarity index 85% rename from sast-go/cases/accuracy/path_sensitive/explicit_jump_control/break_003_T/break_003_T.go rename to sast-go/cases/accuracy/path_sensitive/explicit_jump_control/break_001_T/break_001_T.go index 789022d0..b4f84cd7 100644 --- a/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/break_003_T/break_003_T.go +++ b/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/break_001_T/break_001_T.go @@ -7,10 +7,10 @@ import "os/exec" // evaluation item = 准确度->路径敏感分析->跳转语句 // scene introduction = break // level = 4+ -// bind_url = accuracy/path_sensitive/explicit_jump_control/break_003_T/break_003_T +// bind_url = accuracy/path_sensitive/explicit_jump_control/break_001_T/break_001_T // evaluation information end -func break_003_T(__taint_src string) { +func break_001_T(__taint_src string) { res := "" for i := 0; i < 10; i++ { if i == 3 { @@ -26,5 +26,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - break_003_T(__taint_src) + break_001_T(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/break_004_F/break_004_F.go b/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/break_002_F/break_002_F.go similarity index 85% rename from sast-go/cases/accuracy/path_sensitive/explicit_jump_control/break_004_F/break_004_F.go rename to sast-go/cases/accuracy/path_sensitive/explicit_jump_control/break_002_F/break_002_F.go index 8df21ca7..38c66f5c 100644 --- a/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/break_004_F/break_004_F.go +++ b/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/break_002_F/break_002_F.go @@ -7,10 +7,10 @@ import "os/exec" // evaluation item = 准确度->路径敏感分析->跳转语句 // scene introduction = break // level = 4+ -// bind_url = accuracy/path_sensitive/explicit_jump_control/break_004_F/break_004_F +// bind_url = accuracy/path_sensitive/explicit_jump_control/break_002_F/break_002_F // evaluation information end -func break_004_F(__taint_src string) { +func break_002_F(__taint_src string) { res := "" for i := 0; i < 10; i++ { if i == 3 { @@ -27,5 +27,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - break_004_F(__taint_src) + break_002_F(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/break_label_003_T/break_label_003_T.go b/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/break_label_001_T/break_label_001_T.go similarity index 82% rename from sast-go/cases/accuracy/path_sensitive/explicit_jump_control/break_label_003_T/break_label_003_T.go rename to sast-go/cases/accuracy/path_sensitive/explicit_jump_control/break_label_001_T/break_label_001_T.go index 8aa14305..9de202d6 100644 --- a/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/break_label_003_T/break_label_003_T.go +++ b/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/break_label_001_T/break_label_001_T.go @@ -7,10 +7,10 @@ import "os/exec" // evaluation item = 准确度->路径敏感分析->跳转语句 // scene introduction = break_label // level = 4+ -// bind_url = accuracy/path_sensitive/explicit_jump_control/break_label_003_T/break_label_003_T +// bind_url = accuracy/path_sensitive/explicit_jump_control/break_label_001_T/break_label_001_T // evaluation information end -func break_label_003_T(__taint_src string) { +func break_label_001_T(__taint_src string) { res := "" myLabel: @@ -28,5 +28,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - break_label_003_T(__taint_src) + break_label_001_T(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/break_label_004_F/break_label_004_F.go b/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/break_label_002_F/break_label_002_F.go similarity index 82% rename from sast-go/cases/accuracy/path_sensitive/explicit_jump_control/break_label_004_F/break_label_004_F.go rename to sast-go/cases/accuracy/path_sensitive/explicit_jump_control/break_label_002_F/break_label_002_F.go index 275add0f..6fff1224 100644 --- a/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/break_label_004_F/break_label_004_F.go +++ b/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/break_label_002_F/break_label_002_F.go @@ -7,10 +7,10 @@ import "os/exec" // evaluation item = 准确度->路径敏感分析->跳转语句 // scene introduction = break_label // level = 4+ -// bind_url = accuracy/path_sensitive/explicit_jump_control/break_label_004_F/break_label_004_F +// bind_url = accuracy/path_sensitive/explicit_jump_control/break_label_002_F/break_label_002_F // evaluation information end -func break_label_004_F(__taint_src string) { +func break_label_002_F(__taint_src string) { res := "" myLabel: @@ -28,5 +28,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - break_label_004_F(__taint_src) + break_label_002_F(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/config.json b/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/config.json index e4538f3f..605373f6 100644 --- a/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/config.json +++ b/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/config.json @@ -7,27 +7,27 @@ "level": "4+", "scene_list": [ { - "compose": "break_003_T/break_003_T.go && !break_004_F/break_004_F.go", + "compose": "break_001_T/break_001_T.go && !break_002_F/break_002_F.go", "scene": "break" }, { - "compose": "break_label_003_T/break_label_003_T.go && !break_label_004_F/break_label_004_F.go", + "compose": "break_label_001_T/break_label_001_T.go && !break_label_002_F/break_label_002_F.go", "scene": "break_label" }, { - "compose": "continue_003_T/continue_003_T.go && !continue_004_F/continue_004_F.go", + "compose": "continue_001_T/continue_001_T.go && !continue_002_F/continue_002_F.go", "scene": "continue" }, { - "compose": "fallthrough_003_T/fallthrough_003_T.go && !fallthrough_004_F/fallthrough_004_F.go", + "compose": "fallthrough_001_T/fallthrough_001_T.go && !fallthrough_002_F/fallthrough_002_F.go", "scene": "fallthrough" }, { - "compose": "goto_003_T/goto_003_T.go && !goto_004_F/goto_004_F.go", + "compose": "goto_001_T/goto_001_T.go && !goto_002_F/goto_002_F.go", "scene": "goto" }, { - "compose": "return_003_T/return_003_T.go && !return_004_F/return_004_F.go", + "compose": "return_001_T/return_001_T.go && !return_002_F/return_002_F.go", "scene": "return" } ] diff --git a/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/continue_003_T/continue_003_T.go b/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/continue_001_T/continue_001_T.go similarity index 84% rename from sast-go/cases/accuracy/path_sensitive/explicit_jump_control/continue_003_T/continue_003_T.go rename to sast-go/cases/accuracy/path_sensitive/explicit_jump_control/continue_001_T/continue_001_T.go index 26f9b086..52909117 100644 --- a/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/continue_003_T/continue_003_T.go +++ b/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/continue_001_T/continue_001_T.go @@ -7,10 +7,10 @@ import "os/exec" // evaluation item = 准确度->路径敏感分析->跳转语句 // scene introduction = continue // level = 4+ -// bind_url = accuracy/path_sensitive/explicit_jump_control/continue_003_T/continue_003_T +// bind_url = accuracy/path_sensitive/explicit_jump_control/continue_001_T/continue_001_T // evaluation information end -func continue_003_T(__taint_src string) { +func continue_001_T(__taint_src string) { res := "" for i := 0; i < 10; i++ { if i == 3 { @@ -27,5 +27,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - continue_003_T(__taint_src) + continue_001_T(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/continue_004_F/continue_004_F.go b/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/continue_002_F/continue_002_F.go similarity index 84% rename from sast-go/cases/accuracy/path_sensitive/explicit_jump_control/continue_004_F/continue_004_F.go rename to sast-go/cases/accuracy/path_sensitive/explicit_jump_control/continue_002_F/continue_002_F.go index 10a0be64..440483ea 100644 --- a/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/continue_004_F/continue_004_F.go +++ b/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/continue_002_F/continue_002_F.go @@ -7,10 +7,10 @@ import "os/exec" // evaluation item = 准确度->路径敏感分析->跳转语句 // scene introduction = continue // level = 4+ -// bind_url = accuracy/path_sensitive/explicit_jump_control/continue_004_F/continue_004_F +// bind_url = accuracy/path_sensitive/explicit_jump_control/continue_002_F/continue_002_F // evaluation information end -func continue_004_F(__taint_src string) { +func continue_002_F(__taint_src string) { res := "" for i := 0; i < 10; i++ { if i == 3 { @@ -27,5 +27,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - continue_004_F(__taint_src) + continue_002_F(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/fallthrough_003_T/fallthrough_003_T.go b/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/fallthrough_001_T/fallthrough_001_T.go similarity index 83% rename from sast-go/cases/accuracy/path_sensitive/explicit_jump_control/fallthrough_003_T/fallthrough_003_T.go rename to sast-go/cases/accuracy/path_sensitive/explicit_jump_control/fallthrough_001_T/fallthrough_001_T.go index fba16bdf..1ad95ac9 100644 --- a/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/fallthrough_003_T/fallthrough_003_T.go +++ b/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/fallthrough_001_T/fallthrough_001_T.go @@ -7,10 +7,10 @@ import "os/exec" // evaluation item = 准确度->路径敏感分析->跳转语句 // scene introduction = fallthrough // level = 4+ -// bind_url = accuracy/path_sensitive/explicit_jump_control/fallthrough_003_T/fallthrough_003_T +// bind_url = accuracy/path_sensitive/explicit_jump_control/fallthrough_001_T/fallthrough_001_T // evaluation information end -func fallthrough_003_T(__taint_src string) { +func fallthrough_001_T(__taint_src string) { res := "" switch 1 { case 1: @@ -30,5 +30,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - fallthrough_003_T(__taint_src) + fallthrough_001_T(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/fallthrough_004_F/fallthrough_004_F.go b/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/fallthrough_002_F/fallthrough_002_F.go similarity index 83% rename from sast-go/cases/accuracy/path_sensitive/explicit_jump_control/fallthrough_004_F/fallthrough_004_F.go rename to sast-go/cases/accuracy/path_sensitive/explicit_jump_control/fallthrough_002_F/fallthrough_002_F.go index e597ab74..d67c2c97 100644 --- a/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/fallthrough_004_F/fallthrough_004_F.go +++ b/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/fallthrough_002_F/fallthrough_002_F.go @@ -7,10 +7,10 @@ import "os/exec" // evaluation item = 准确度->路径敏感分析->跳转语句 // scene introduction = fallthrough // level = 4+ -// bind_url = accuracy/path_sensitive/explicit_jump_control/fallthrough_004_F/fallthrough_004_F +// bind_url = accuracy/path_sensitive/explicit_jump_control/fallthrough_002_F/fallthrough_002_F // evaluation information end -func fallthrough_004_F(__taint_src string) { +func fallthrough_002_F(__taint_src string) { res := "" switch 2 { case 1: @@ -31,5 +31,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - fallthrough_004_F(__taint_src) + fallthrough_002_F(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/goto_003_T/goto_003_T.go b/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/goto_001_T/goto_001_T.go similarity index 86% rename from sast-go/cases/accuracy/path_sensitive/explicit_jump_control/goto_003_T/goto_003_T.go rename to sast-go/cases/accuracy/path_sensitive/explicit_jump_control/goto_001_T/goto_001_T.go index 7e77c19d..e9d44da5 100644 --- a/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/goto_003_T/goto_003_T.go +++ b/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/goto_001_T/goto_001_T.go @@ -5,10 +5,10 @@ import "os/exec" // evaluation item =准确度->路径敏感分析->跳转语句 // scene introduction = goto // level = 4+ -// bind_url = accuracy/path_sensitive/explicit_jump_control/goto_003_T/goto_003_T +// bind_url = accuracy/path_sensitive/explicit_jump_control/goto_001_T/goto_001_T // evaluation information end -func goto_003_T(__taint_src string) { +func goto_001_T(__taint_src string) { res := __taint_src goto Sink @@ -30,5 +30,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - goto_003_T(__taint_src) + goto_001_T(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/goto_004_F/goto_004_F.go b/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/goto_002_F/goto_002_F.go similarity index 86% rename from sast-go/cases/accuracy/path_sensitive/explicit_jump_control/goto_004_F/goto_004_F.go rename to sast-go/cases/accuracy/path_sensitive/explicit_jump_control/goto_002_F/goto_002_F.go index 240d1acc..7620ee46 100644 --- a/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/goto_004_F/goto_004_F.go +++ b/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/goto_002_F/goto_002_F.go @@ -5,10 +5,10 @@ import "os/exec" // evaluation item =准确度->路径敏感分析->跳转语句 // scene introduction = goto // level = 4+ -// bind_url = accuracy/path_sensitive/explicit_jump_control/goto_004_F/goto_004_F +// bind_url = accuracy/path_sensitive/explicit_jump_control/goto_002_F/goto_002_F // evaluation information end -func goto_004_F(__taint_src string) { +func goto_002_F(__taint_src string) { res := __taint_src goto Sanitizer @@ -30,5 +30,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - goto_004_F(__taint_src) + goto_002_F(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/return_003_T/return_003_T.go b/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/return_001_T/return_001_T.go similarity index 82% rename from sast-go/cases/accuracy/path_sensitive/explicit_jump_control/return_003_T/return_003_T.go rename to sast-go/cases/accuracy/path_sensitive/explicit_jump_control/return_001_T/return_001_T.go index 9c643788..2fed5780 100644 --- a/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/return_003_T/return_003_T.go +++ b/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/return_001_T/return_001_T.go @@ -7,10 +7,10 @@ import "os/exec" // evaluation item = 准确度->路径敏感分析->跳转语句 // scene introduction = return // level = 4+ -// bind_url = accuracy/path_sensitive/explicit_jump_control/return/return_003_T/return_003_T +// bind_url = accuracy/path_sensitive/explicit_jump_control/return/return_001_T/return_001_T // evaluation information end -func return_003_T(__taint_src string) string { +func return_001_T(__taint_src string) string { if false { return __taint_src } @@ -24,5 +24,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - return_003_T(__taint_src) + return_001_T(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/return_004_F/return_004_F.go b/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/return_002_F/return_002_F.go similarity index 82% rename from sast-go/cases/accuracy/path_sensitive/explicit_jump_control/return_004_F/return_004_F.go rename to sast-go/cases/accuracy/path_sensitive/explicit_jump_control/return_002_F/return_002_F.go index 247ac1c7..fe89e048 100644 --- a/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/return_004_F/return_004_F.go +++ b/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/return_002_F/return_002_F.go @@ -7,10 +7,10 @@ import "os/exec" // evaluation item = 准确度->路径敏感分析->跳转语句 // scene introduction = return // level = 4+ -// bind_url = accuracy/path_sensitive/explicit_jump_control/return/return_004_F/return_004_F +// bind_url = accuracy/path_sensitive/explicit_jump_control/return/return_002_F/return_002_F // evaluation information end -func return_004_F(__taint_src string) string { +func return_002_F(__taint_src string) string { if true { return __taint_src } @@ -24,5 +24,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - return_004_F(__taint_src) + return_002_F(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_005_F/conditional_if_005_F.go b/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_001_F/conditional_if_no_solver_001_F.go similarity index 79% rename from sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_005_F/conditional_if_005_F.go rename to sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_001_F/conditional_if_no_solver_001_F.go index 2b814706..e4bd7966 100644 --- a/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_005_F/conditional_if_005_F.go +++ b/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_001_F/conditional_if_no_solver_001_F.go @@ -7,10 +7,10 @@ import "os/exec" // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 // scene introduction = if->区分if else扁平化与分支(不求解) // level = 3 -// bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_005_F/conditional_if_005_F +// bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_001_F/conditional_if_no_solver_001_F // evaluation information end -func conditional_if_005_F(__taint_src string) { +func conditional_if_no_solver_001_F(__taint_src string) { var res string if true { res = __taint_src @@ -25,5 +25,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - conditional_if_005_F(__taint_src) + conditional_if_no_solver_001_F(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_006_F/conditional_if_006_F.go b/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_002_F/conditional_if_no_solver_002_F.go similarity index 79% rename from sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_006_F/conditional_if_006_F.go rename to sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_002_F/conditional_if_no_solver_002_F.go index 2c113b15..7ca517eb 100644 --- a/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_006_F/conditional_if_006_F.go +++ b/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_002_F/conditional_if_no_solver_002_F.go @@ -7,10 +7,10 @@ import "os/exec" // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 // scene introduction = if->区分if else扁平化与分支(不求解) // level = 3 -// bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_006_F/conditional_if_006_F +// bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_002_F/conditional_if_no_solver_002_F // evaluation information end -func conditional_if_006_F(__taint_src string) { +func conditional_if_no_solver_002_F(__taint_src string) { res := "" if true { __taint_sink(res) @@ -25,5 +25,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - conditional_if_006_F(__taint_src) + conditional_if_no_solver_002_F(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_007_T/conditional_if_007_T.go b/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_003_T/conditional_if_no_solver_003_T.go similarity index 79% rename from sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_007_T/conditional_if_007_T.go rename to sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_003_T/conditional_if_no_solver_003_T.go index 82db85f2..0732d121 100644 --- a/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_007_T/conditional_if_007_T.go +++ b/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_003_T/conditional_if_no_solver_003_T.go @@ -7,10 +7,10 @@ import "os/exec" // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 // scene introduction = if->区分if else具体路径(不求解) // level = 3 -// bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_007_T/conditional_if_007_T +// bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_003_T/conditional_if_no_solver_003_T // evaluation information end -func conditional_if_007_T(__taint_src string) { +func conditional_if_no_solver_003_T(__taint_src string) { res := "" if true { res = __taint_src @@ -26,5 +26,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - conditional_if_007_T(__taint_src) + conditional_if_no_solver_003_T(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_008_F/conditional_if_008_F.go b/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_004_F/conditional_if_no_solver_004_F.go similarity index 79% rename from sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_008_F/conditional_if_008_F.go rename to sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_004_F/conditional_if_no_solver_004_F.go index bad08f3e..83827ad2 100644 --- a/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_008_F/conditional_if_008_F.go +++ b/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_004_F/conditional_if_no_solver_004_F.go @@ -7,10 +7,10 @@ import "os/exec" // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 // scene introduction = if->区分if else具体路径(不求解) // level = 3 -// bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_008_F/conditional_if_008_F +// bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_004_F/conditional_if_no_solver_004_F // evaluation information end -func conditional_if_008_F(__taint_src string) { +func conditional_if_no_solver_004_F(__taint_src string) { res := "" if true { res = "_" @@ -26,5 +26,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - conditional_if_008_F(__taint_src) + conditional_if_no_solver_004_F(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_stmt_003_F/conditional_switch_stmt_003_F.go b/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_001_F/conditional_switch_no_solver_001_F.go similarity index 78% rename from sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_stmt_003_F/conditional_switch_stmt_003_F.go rename to sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_001_F/conditional_switch_no_solver_001_F.go index 7b3a1074..a3f1d3a8 100644 --- a/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_stmt_003_F/conditional_switch_stmt_003_F.go +++ b/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_001_F/conditional_switch_no_solver_001_F.go @@ -7,10 +7,10 @@ import "os/exec" // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 // scene introduction = switch->区分switch平坦化与分支(不需求解) // level = 3 -// bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_stmt_003_F/conditional_switch_stmt_003_F +// bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_001_F/conditional_switch_no_solver_001_F // evaluation information end -func conditional_switch_stmt_003_F(__taint_src string) { +func conditional_switch_no_solver_001_F(__taint_src string) { res := "" switch 2 { case 1: @@ -27,5 +27,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - conditional_switch_stmt_003_F(__taint_src) + conditional_switch_no_solver_001_F(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_stmt_004_F/conditional_switch_stmt_004_F.go b/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_002_F/conditional_switch_no_solver_002_F.go similarity index 78% rename from sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_stmt_004_F/conditional_switch_stmt_004_F.go rename to sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_002_F/conditional_switch_no_solver_002_F.go index e83ef6b5..86d6c396 100644 --- a/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_stmt_004_F/conditional_switch_stmt_004_F.go +++ b/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_002_F/conditional_switch_no_solver_002_F.go @@ -7,10 +7,10 @@ import "os/exec" // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 // scene introduction = switch->区分switch平坦化与分支(不需求解) // level = 3 -// bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_stmt_004_F/conditional_switch_stmt_004_F +// bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_002_F/conditional_switch_no_solver_002_F // evaluation information end -func conditional_switch_stmt_004_F(__taint_src string) { +func conditional_switch_no_solver_002_F(__taint_src string) { res := "" switch 2 { case 1: @@ -27,5 +27,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - conditional_switch_stmt_004_F(__taint_src) + conditional_switch_no_solver_002_F(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_stmt_005_T/conditional_switch_stmt_005_T.go b/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_003_T/conditional_switch_no_solver_003_T.go similarity index 78% rename from sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_stmt_005_T/conditional_switch_stmt_005_T.go rename to sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_003_T/conditional_switch_no_solver_003_T.go index edeb2dbe..db4417da 100644 --- a/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_stmt_005_T/conditional_switch_stmt_005_T.go +++ b/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_003_T/conditional_switch_no_solver_003_T.go @@ -7,10 +7,10 @@ import "os/exec" // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 // scene introduction = switch->区分switch具体路径(不求解) // level = 3 -// bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_stmt_005_T/conditional_switch_stmt_005_T +// bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_003_T/conditional_switch_no_solver_003_T // evaluation information end -func conditional_switch_stmt_005_T(__taint_src string) { +func conditional_switch_no_solver_003_T(__taint_src string) { res := "" switch 2 { case 1: @@ -27,5 +27,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - conditional_switch_stmt_005_T(__taint_src) + conditional_switch_no_solver_003_T(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_stmt_006_F/conditional_switch_stmt_006_F.go b/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_004_F/conditional_switch_no_solver_004_F.go similarity index 78% rename from sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_stmt_006_F/conditional_switch_stmt_006_F.go rename to sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_004_F/conditional_switch_no_solver_004_F.go index 96b15ac8..a151c484 100644 --- a/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_stmt_006_F/conditional_switch_stmt_006_F.go +++ b/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_004_F/conditional_switch_no_solver_004_F.go @@ -7,10 +7,10 @@ import "os/exec" // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 // scene introduction = switch->区分switch具体路径(不求解) // level = 3 -// bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_stmt_006_F/conditional_switch_stmt_006_F +// bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_004_F/conditional_switch_no_solver_004_F // evaluation information end -func conditional_switch_stmt_006_F(__taint_src string) { +func conditional_switch_no_solver_004_F(__taint_src string) { res := "" switch 1 { case 1: @@ -27,5 +27,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - conditional_switch_stmt_006_F(__taint_src) + conditional_switch_no_solver_004_F(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/config.json b/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/config.json index fc1997a4..0634d1a0 100644 --- a/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/config.json +++ b/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/config.json @@ -7,19 +7,19 @@ "level": "3", "scene_list": [ { - "compose": "!conditional_if_005_F/conditional_if_005_F.go && !conditional_if_006_F/conditional_if_006_F.go", + "compose": "!conditional_if_no_solver_001_F/conditional_if_no_solver_001_F.go && !conditional_if_no_solver_002_F/conditional_if_no_solver_002_F.go", "scene": "if->区分if else扁平化与分支(不求解)" }, { - "compose": "conditional_if_007_T/conditional_if_007_T.go && !conditional_if_008_F/conditional_if_008_F.go", + "compose": "conditional_if_no_solver_003_T/conditional_if_no_solver_003_T.go && !conditional_if_no_solver_004_F/conditional_if_no_solver_004_F.go", "scene": "if->区分if else具体路径(不求解)" }, { - "compose": "!conditional_switch_stmt_003_F/conditional_switch_stmt_003_F.go && !conditional_switch_stmt_004_F/conditional_switch_stmt_004_F.go", + "compose": "!conditional_switch_no_solver_001_F/conditional_switch_no_solver_001_F.go && !conditional_switch_no_solver_002_F/conditional_switch_no_solver_002_F.go", "scene": "switch->区分switch平坦化与分支(不需求解)" }, { - "compose": "conditional_switch_stmt_005_T/conditional_switch_stmt_005_T.go && !conditional_switch_stmt_006_F/conditional_switch_stmt_006_F.go", + "compose": "conditional_switch_no_solver_003_T/conditional_switch_no_solver_003_T.go && !conditional_switch_no_solver_004_F/conditional_switch_no_solver_004_F.go", "scene": "switch->区分switch具体路径(不求解)" } ] diff --git a/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_009_T/conditional_if_009_T.go b/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_solver_001_T/conditional_if_solver_001_T.go similarity index 80% rename from sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_009_T/conditional_if_009_T.go rename to sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_solver_001_T/conditional_if_solver_001_T.go index c1c902cd..10a47872 100644 --- a/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_009_T/conditional_if_009_T.go +++ b/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_solver_001_T/conditional_if_solver_001_T.go @@ -7,10 +7,10 @@ import "os/exec" // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 // scene introduction = if->区分if else准入条件(需求解) // level = 4 -// bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_009_T/conditional_if_009_T +// bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_solver_001_T/conditional_if_solver_001_T // evaluation information end -func conditional_if_009_T(__taint_src string) { +func conditional_if_solver_001_T(__taint_src string) { res := "" if 1+1 == 2 { res = __taint_src @@ -26,5 +26,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - conditional_if_009_T(__taint_src) + conditional_if_solver_001_T(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_010_F/conditional_if_010_F.go b/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_solver_002_F/conditional_if_solver_002_F.go similarity index 80% rename from sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_010_F/conditional_if_010_F.go rename to sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_solver_002_F/conditional_if_solver_002_F.go index eaf72e57..35236443 100644 --- a/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_010_F/conditional_if_010_F.go +++ b/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_solver_002_F/conditional_if_solver_002_F.go @@ -7,10 +7,10 @@ import "os/exec" // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 // scene introduction = if->区分if else准入条件(需求解) // level = 4 -// bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_010_F/conditional_if_010_F +// bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_solver_002_F/conditional_if_solver_002_F // evaluation information end -func conditional_if_010_F(__taint_src string) { +func conditional_if_solver_002_F(__taint_src string) { res := "" if 1+1 == 2 { res = "_" @@ -26,5 +26,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - conditional_if_010_F(__taint_src) + conditional_if_solver_002_F(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_switch_stmt_007_T/conditional_switch_stmt_007_T.go b/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_switch_stmt_001_T/conditional_switch_stmt_001_T.go similarity index 80% rename from sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_switch_stmt_007_T/conditional_switch_stmt_007_T.go rename to sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_switch_stmt_001_T/conditional_switch_stmt_001_T.go index fef0e606..7dc45fdd 100644 --- a/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_switch_stmt_007_T/conditional_switch_stmt_007_T.go +++ b/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_switch_stmt_001_T/conditional_switch_stmt_001_T.go @@ -7,10 +7,10 @@ import "os/exec" // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 // scene introduction = switch->区分switch具体路径(求解) // level = 4 -// bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_switch_stmt_007_T/conditional_switch_stmt_007_T +// bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_switch_stmt_001_T/conditional_switch_stmt_001_T // evaluation information end -func conditional_switch_stmt_007_T(__taint_src string) { +func conditional_switch_stmt_001_T(__taint_src string) { res := "" switch 1 + 1 { case 2: @@ -27,5 +27,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - conditional_switch_stmt_007_T(__taint_src) + conditional_switch_stmt_001_T(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_switch_stmt_008_F/conditional_switch_stmt_008_F.go b/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_switch_stmt_002_F/conditional_switch_stmt_002_F.go similarity index 80% rename from sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_switch_stmt_008_F/conditional_switch_stmt_008_F.go rename to sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_switch_stmt_002_F/conditional_switch_stmt_002_F.go index 34e48b2d..037d0169 100644 --- a/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_switch_stmt_008_F/conditional_switch_stmt_008_F.go +++ b/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_switch_stmt_002_F/conditional_switch_stmt_002_F.go @@ -7,10 +7,10 @@ import "os/exec" // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 // scene introduction = switch->区分switch具体路径(求解) // level = 4 -// bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_switch_stmt_008_F/conditional_switch_stmt_008_F +// bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_switch_stmt_002_F/conditional_switch_stmt_002_F // evaluation information end -func conditional_switch_stmt_008_F(__taint_src string) { +func conditional_switch_stmt_002_F(__taint_src string) { res := "" switch 1 + 1 { case 2: @@ -27,5 +27,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - conditional_switch_stmt_008_F(__taint_src) + conditional_switch_stmt_002_F(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/solver/config.json b/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/solver/config.json index b144b1dc..b20f8050 100644 --- a/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/solver/config.json +++ b/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/solver/config.json @@ -7,15 +7,15 @@ "level": "4", "scene_list": [ { - "compose": "conditional_if_009_T/conditional_if_009_T.go && !conditional_if_010_F/conditional_if_010_F.go", + "compose": "conditional_if_solver_001_T/conditional_if_solver_001_T.go && !conditional_if_solver_002_F/conditional_if_solver_002_F.go", "scene": "if->区分if else准入条件(需求解)" }, { - "compose": "conditional_switch_stmt_007_T/conditional_switch_stmt_007_T.go && !conditional_switch_stmt_008_F/conditional_switch_stmt_008_F.go", + "compose": "conditional_switch_stmt_001_T/conditional_switch_stmt_001_T.go && !conditional_switch_stmt_002_F/conditional_switch_stmt_002_F.go", "scene": "switch->区分switch具体路径(求解)" }, { - "compose": "for_body_003_T/for_body_003_T.go && !for_body_004_F/for_body_004_F.go", + "compose": "for_body_solver_001_T/for_body_solver_001_T.go && !for_body_solver_002_F/for_body_solver_002_F.go", "scene": "for_body" } ] diff --git a/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_003_T/for_body_003_T.go b/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_solver_001_T/for_body_solver_001_T.go similarity index 82% rename from sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_003_T/for_body_003_T.go rename to sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_solver_001_T/for_body_solver_001_T.go index 7c0b57ea..b910b203 100644 --- a/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_003_T/for_body_003_T.go +++ b/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_solver_001_T/for_body_solver_001_T.go @@ -7,10 +7,10 @@ import "os/exec" // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 // scene introduction = for_body // level = 4 -// bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_003_T/for_body_003_T +// bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_solver_001_T/for_body_solver_001_T // evaluation information end -func for_body_003_T(__taint_src string) { +func for_body_solver_001_T(__taint_src string) { var res string for i := 0; i < 2; i++ { res = __taint_src @@ -24,5 +24,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - for_body_003_T(__taint_src) + for_body_solver_001_T(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_004_F/for_body_004_F.go b/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_solver_002_F/for_body_solver_002_F.go similarity index 82% rename from sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_004_F/for_body_004_F.go rename to sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_solver_002_F/for_body_solver_002_F.go index 7043eecd..76eb3a3a 100644 --- a/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_004_F/for_body_004_F.go +++ b/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_solver_002_F/for_body_solver_002_F.go @@ -6,10 +6,10 @@ import "os/exec" // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 // scene introduction = for_body // level = 4 -// bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_004_F/for_body_004_F +// bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_solver_002_F/for_body_solver_002_F // evaluation information end -func for_body_004_F(__taint_src string) { +func for_body_solver_002_F(__taint_src string) { var res string for i := 0; i < 0; i++ { res = __taint_src @@ -23,5 +23,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - for_body_004_F(__taint_src) + for_body_solver_002_F(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/config.json b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/config.json index 1eb09146..99274d08 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/config.json +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/config.json @@ -19,11 +19,11 @@ "scene": "跨package3" }, { - "compose": "cross_directory_007_T/cross/cross_directory_007_T.go && !cross_directory_008_F/cross/cross_directory_008_F.go", + "compose": "(cross_directory_007_T/cross/cross_directory_007_T.go || cross_directory_007_T/cross/cross_a/cross_directory_a_007_T.go || cross_directory_007_T/cross/cross_a_shadow/cross_directory_shadow_007_T.go) && !(cross_directory_008_F/cross/cross_directory_008_F.go || cross_directory_008_F/cross/cross_a/cross_directory_a_008_F.go || cross_directory_008_F/cross/cross_a_shadow/cross_directory_shadow_008_F.go)", "scene": "跨package4" }, { - "compose": "cross_directory_009_T/cross/cross_directory_009_T.go && !cross_directory_010_F/cross/cross_directory_010_F.go", + "compose": "(cross_directory_009_T/cross/cross_directory_009_T.go || cross_directory_009_T/cross/cross_init/cross_directory_init_009_T.go) && !(cross_directory_010_F/cross/cross_directory_010_F.go || cross_directory_010_F/cross/cross_init/cross_directory_init_010_F.go)", "scene": "跨package5" } ] diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_007_T/cross/cross_a/cross_directory_007_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_007_T/cross/cross_a/cross_directory_a_007_T.go similarity index 87% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_007_T/cross/cross_a/cross_directory_007_T.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_007_T/cross/cross_a/cross_directory_a_007_T.go index dd09ba7e..a4d55291 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_007_T/cross/cross_a/cross_directory_007_T.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_007_T/cross/cross_a/cross_directory_a_007_T.go @@ -3,13 +3,13 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 跨package // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_007_T/cross/cross_a/cross_directory_007_T +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_007_T/cross/cross_a/cross_directory_a_007_T // evaluation information end package pkg import "os/exec" -func Cross_directory_007_T(o interface{}) { +func cross_directory_a_007_T(o interface{}) { __taint_sink(o) } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_007_T/cross/cross_a_shadow/cross_directory_007_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_007_T/cross/cross_a_shadow/cross_directory_shadow_007_T.go similarity index 85% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_007_T/cross/cross_a_shadow/cross_directory_007_T.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_007_T/cross/cross_a_shadow/cross_directory_shadow_007_T.go index 9fa897c4..6a029853 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_007_T/cross/cross_a_shadow/cross_directory_007_T.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_007_T/cross/cross_a_shadow/cross_directory_shadow_007_T.go @@ -3,7 +3,7 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 跨package // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_007_T/cross/cross_a_shadow/cross_directory_007_T +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_007_T/cross/cross_a_shadow/cross_directory_shadow_007_T // evaluation information end package pkg @@ -11,7 +11,7 @@ package pkg import "os/exec" -func Cross_directory_007_T(o interface{}) { +func cross_directory_shadow_007_T(o interface{}) { __taint_sink("_") } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_008_F/cross/cross_a/cross_directory_008_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_008_F/cross/cross_a/cross_directory_a_008_F.go similarity index 87% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_008_F/cross/cross_a/cross_directory_008_F.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_008_F/cross/cross_a/cross_directory_a_008_F.go index af32dfc7..3f658228 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_008_F/cross/cross_a/cross_directory_008_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_008_F/cross/cross_a/cross_directory_a_008_F.go @@ -3,14 +3,14 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 跨package // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_008_F/cross/cross_a/cross_directory_008_F +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_008_F/cross/cross_a/cross_directory_a_008_F // evaluation information end package pkg import "os/exec" -func Cross_directory_008_F(o interface{}) { +func cross_directory_a_008_F(o interface{}) { __taint_sink("_") } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_008_F/cross/cross_a_shadow/cross_directory_008_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_008_F/cross/cross_a_shadow/cross_directory_shadow_008_F.go similarity index 85% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_008_F/cross/cross_a_shadow/cross_directory_008_F.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_008_F/cross/cross_a_shadow/cross_directory_shadow_008_F.go index 06dcbc8f..17b2801e 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_008_F/cross/cross_a_shadow/cross_directory_008_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_008_F/cross/cross_a_shadow/cross_directory_shadow_008_F.go @@ -3,14 +3,14 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 跨package // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_008_F/cross/cross_a_shadow/cross_directory_008_F +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_008_F/cross/cross_a_shadow/cross_directory_shadow_008_F // evaluation information end package pkg import "os/exec" -func Cross_directory_008_F(o interface{}) { +func cross_directory_shadow_008_F(o interface{}) { __taint_sink("_") } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_009_T/cross/cross_init/cross_directory_009_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_009_T/cross/cross_init/cross_directory_init_009_T.go similarity index 87% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_009_T/cross/cross_init/cross_directory_009_T.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_009_T/cross/cross_init/cross_directory_init_009_T.go index 2e06c99b..c73d47f5 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_009_T/cross/cross_init/cross_directory_009_T.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_009_T/cross/cross_init/cross_directory_init_009_T.go @@ -3,7 +3,7 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 跨package5 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_009_T/cross/ccross_init/cross_directory_009_T +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_009_T/cross/ccross_init/cross_directory_init_009_T // evaluation information end package pkg @@ -18,7 +18,7 @@ func init() { Arg = "_" } -func Cross_directory_009_T(o interface{}) { +func cross_directory_init_009_T(o interface{}) { __taint_sink(Arg) } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_010_F/cross/cross_init/cross_directory_010_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_010_F/cross/cross_init/cross_directory_init_010_F.go similarity index 87% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_010_F/cross/cross_init/cross_directory_010_F.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_010_F/cross/cross_init/cross_directory_init_010_F.go index b98e4f00..65af5a88 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_010_F/cross/cross_init/cross_directory_010_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_010_F/cross/cross_init/cross_directory_init_010_F.go @@ -3,7 +3,7 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 跨package // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_010_F/cross/cross_init/cross_directory_010_F +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_010_F/cross/cross_init/cross_directory_init_010_F // evaluation information end package pkg @@ -16,7 +16,7 @@ func init() { Arg = "_" } -func Cross_directory_010_F(o interface{}) { +func cross_directory_init_010_F(o interface{}) { __taint_sink(Arg) } diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_009_T/argument_passing_value_009_T.go b/sast-go/cases/completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_009_T/argument_passing_value_009_T.go index 3b0503c0..6fb38bae 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_009_T/argument_passing_value_009_T.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_009_T/argument_passing_value_009_T.go @@ -4,7 +4,7 @@ // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->参数传递 // scene introduction = this // level = 2 -// bind_url = completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_009_T +// bind_url = completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_009_T/argument_passing_value_009_T // evaluation information end package main diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/config.json b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/config.json index 965bad50..690bfe11 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/config.json +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/config.json @@ -7,15 +7,15 @@ "level": "2", "scene_list": [ { - "compose": "!multiple_return_005_F/multiple_return_005_F.go && multiple_return_006_T/multiple_return_006_T.go", + "compose": "!multiple_return_001_F/multiple_return_001_F.go && multiple_return_002_T/multiple_return_002_T.go", "scene": "多返回值传递" }, { - "compose": "!named_return_003_F/named_return_003_F.go && named_return_004_T/named_return_004_T.go", + "compose": "!named_return_001_F/named_return_001_F.go && named_return_002_T/named_return_002_T.go", "scene": "具名返回值" }, { - "compose": "!return_value_passing_003_F/return_value_passing_003_F.go && return_value_passing_004_T/return_value_passing_004_T.go", + "compose": "!return_value_passing_001_F/return_value_passing_001_F.go && return_value_passing_002_T/return_value_passing_002_T.go", "scene": "返回值传递" } ] diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_005_F/multiple_return_005_F.go b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_001_F/multiple_return_001_F.go similarity index 80% rename from sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_005_F/multiple_return_005_F.go rename to sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_001_F/multiple_return_001_F.go index 1d4ab2a5..3c6849f7 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_005_F/multiple_return_005_F.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_001_F/multiple_return_001_F.go @@ -4,13 +4,13 @@ // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->返回值传递 // scene introduction = 多返回值传递 // level = 2 -// bind_url = completeness/single_app_tracing/function_call/return_value_passing/multiple_return_005_F/multiple_return_005_F +// bind_url = completeness/single_app_tracing/function_call/return_value_passing/multiple_return_001_F/multiple_return_001_F // evaluation information end package main import "os/exec" -func multiple_return_005_F(__taint_src interface{}) { +func multiple_return_001_F(__taint_src interface{}) { a := "_" ret1, ret2 := processData(__taint_src, a) @@ -28,5 +28,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - multiple_return_005_F(__taint_src) + multiple_return_001_F(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_006_T/multiple_return_006_T.go b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_002_T/multiple_return_002_T.go similarity index 80% rename from sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_006_T/multiple_return_006_T.go rename to sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_002_T/multiple_return_002_T.go index 2b5e5c0f..3648e643 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_006_T/multiple_return_006_T.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_002_T/multiple_return_002_T.go @@ -4,13 +4,13 @@ // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->返回值传递 // scene introduction = 多返回值传递 // level = 2 -// bind_url = completeness/single_app_tracing/function_call/return_value_passing/multiple_return_006_T/multiple_return_006_T +// bind_url = completeness/single_app_tracing/function_call/return_value_passing/multiple_return_002_T/multiple_return_002_T // evaluation information end package main import "os/exec" -func multiple_return_006_T(__taint_src interface{}) { +func multiple_return_002_T(__taint_src interface{}) { a := "_" ret1, ret2 := processData(__taint_src, a) @@ -28,5 +28,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - multiple_return_006_T(__taint_src) + multiple_return_002_T(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_003_F/named_return_003_F.go b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_001_F/named_return_001_F.go similarity index 81% rename from sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_003_F/named_return_003_F.go rename to sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_001_F/named_return_001_F.go index 1ba875ec..c77ce02e 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_003_F/named_return_003_F.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_001_F/named_return_001_F.go @@ -4,13 +4,13 @@ // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->返回值传递 // scene introduction = 具名返回值 // level = 2 -// bind_url = completeness/single_app_tracing/function_call/return_value_passing/named_return_003_F/named_return_003_F +// bind_url = completeness/single_app_tracing/function_call/return_value_passing/named_return_001_F/named_return_001_F // evaluation information end package main import "os/exec" -func named_return_003_F(__taint_src interface{}) { +func named_return_001_F(__taint_src interface{}) { a := "_" ret := processData(__taint_src, a) @@ -28,5 +28,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - named_return_003_F(__taint_src) + named_return_001_F(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_004_T/named_return_004_T.go b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_002_T/named_return_002_T.go similarity index 81% rename from sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_004_T/named_return_004_T.go rename to sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_002_T/named_return_002_T.go index 59391c69..c7fc69ab 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_004_T/named_return_004_T.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_002_T/named_return_002_T.go @@ -4,13 +4,13 @@ // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->返回值传递 // scene introduction = 具名返回值 // level = 2 -// bind_url = completeness/single_app_tracing/function_call/return_value_passing/named_return_004_T/named_return_004_T +// bind_url = completeness/single_app_tracing/function_call/return_value_passing/named_return_002_T/named_return_002_T // evaluation information end package main import "os/exec" -func named_return_004_T(__taint_src interface{}) { +func named_return_002_T(__taint_src interface{}) { a := "_" ret := processData(__taint_src, a) @@ -28,5 +28,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - named_return_004_T(__taint_src) + named_return_002_T(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_003_F/return_value_passing_003_F.go b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_001_F/return_value_passing_001_F.go similarity index 78% rename from sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_003_F/return_value_passing_003_F.go rename to sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_001_F/return_value_passing_001_F.go index bdb2d816..bc68509e 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_003_F/return_value_passing_003_F.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_001_F/return_value_passing_001_F.go @@ -4,13 +4,13 @@ // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->返回值传递 // scene introduction = 返回值传递 // level = 2 -// bind_url = completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_003_F/return_value_passing_003_F +// bind_url = completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_001_F/return_value_passing_001_F // evaluation information end package main import "os/exec" -func return_value_passing_003_F(__taint_src string) { +func return_value_passing_001_F(__taint_src string) { data := process(__taint_src) __taint_sink(data) } @@ -27,5 +27,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - return_value_passing_003_F(__taint_src) + return_value_passing_001_F(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_004_T/return_value_passing_004_T.go b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_002_T/return_value_passing_002_T.go similarity index 77% rename from sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_004_T/return_value_passing_004_T.go rename to sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_002_T/return_value_passing_002_T.go index ce247620..e5352957 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_004_T/return_value_passing_004_T.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_002_T/return_value_passing_002_T.go @@ -4,13 +4,13 @@ // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->返回值传递 // scene introduction = 返回值传递 // level = 2 -// bind_url = completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_004_T/return_value_passing_004_T +// bind_url = completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_002_T/return_value_passing_002_T // evaluation information end package main import "os/exec" -func return_value_passing_004_T(__taint_src string) { +func return_value_passing_002_T(__taint_src string) { data := process(__taint_src) __taint_sink(data) } @@ -25,5 +25,5 @@ func process(__taint_src string) interface{} { func main() { __taint_src := "taint_src_value" - return_value_passing_004_T(__taint_src) + return_value_passing_002_T(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/config.json b/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/config.json index 58d09c7f..e69ba0d0 100644 --- a/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/config.json +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/config.json @@ -7,7 +7,7 @@ "level": "2", "scene_list": [ { - "compose": "interface_class_001_c_T/interface_class_001_c_T.go && !interface_class_002_c_F/interface_class_002_c_F.go", + "compose": "interface_class_001_T/interface_class_001_T.go && !interface_class_002_F/interface_class_002_F.go", "scene": "结构体注入接口" } ] diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/interface_class_001_T/interface_class_001_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/interface_class_001_T/interface_class_001_T.go new file mode 100644 index 00000000..2d6155b1 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/interface_class_001_T/interface_class_001_T.go @@ -0,0 +1,62 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->接口与类->简单对象 +// scene introduction = 结构体注入接口 +// level = 2 +// bind_url = completeness/single_app_tracing/interface_class/interface_implementation/interface_class_001_T/interface_class_001_T +// evaluation information end + +package main +import "os/exec" + +func interface_class_001_T(__taint_src string) { + // 创建 IctestImpl 实例 + testSvc := &IctestImpl{} + + // 将业务实现注入到 IctestAPI 中 + testAPI := NewIctestAPI(testSvc) + + // 调用接口方法,返回的数据即为污点源,直接传入 sink + result, _ := testAPI.GetTest(__taint_src) + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +// IIctest 定义了业务层接口,用于演示接口与实现的解耦 +type IIctest interface { + test(taint_src string) (interface{}, error) +} + +//IctestAPI 是业务门面,对外暴露统一 API,内部依赖 IIctest 实现 +type IctestAPI struct { + _test_svc IIctest +} + +// NewIctestAPI 构造器,注入 IIctest 实现 +func NewIctestAPI(testSvc IIctest) *IctestAPI { + return &IctestAPI{ + _test_svc: testSvc, + } +} + +// GetTest 通过接口调用底层实现,将输入原样返回(导致污点传播) +func (e *IctestAPI) GetTest(taint_src string) (interface{}, error) { + return e._test_svc.test(taint_src) +} + +// IctestImpl 是 IIctest 的默认实现 +type IctestImpl struct{} + +//test 实现 IIctest 接口,直接将 taint_src 返回,不做任何校验 +func (s *IctestImpl) test(taint_src string) (interface{}, error) { + // 污点数据未经处理直接返回 + return taint_src, nil +} + +func main() { + __taint_src := "taint_src_value" + interface_class_001_T(__taint_src) +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/interface_class_001_c_T/interface_class_001_c_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/interface_class_001_c_T/interface_class_001_c_T.go deleted file mode 100644 index 29be16c5..00000000 --- a/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/interface_class_001_c_T/interface_class_001_c_T.go +++ /dev/null @@ -1,95 +0,0 @@ -// evaluation information start -// real case = true -// evaluation item = 完整度->单应用跟踪完整度->接口与类->简单对象 -// scene introduction = 结构体注入接口 -// level = 2 -// bind_url = completeness/single_app_tracing/interface_class/interface_implementation/interface_class_001_c_T/interface_class_001_c_T -// evaluation information end - -package main - -import "os/exec" - -func interface_class_001_c_T(__taint_src string) { - // 创建接口的具体实现 - testSvc := &IctestImpl{} - - // 通过构造函数注入接口 - testAPI := NewIctestAPI(testSvc) - - // 调用接口方法 - result, _ := testAPI.GetTest(__taint_src) - __taint_sink(result) -} - -func __taint_sink(o interface{}) { - _ = exec.Command("sh", "-c", o.(string)).Run() -} - -// IHarborService 接口定义 GetImage 方法 -type IIctest interface { - test(taint_src string) (interface{}, error) -} - -// K8sAPI 结构体,依赖 IHarborService 接口 -type IctestAPI struct { - _test_svc IIctest -} - -// NewK8sAPI 构造函数,注入 IHarborService 接口 -func NewIctestAPI(testSvc IIctest) *IctestAPI { - return &IctestAPI{ - _ = exec.Command("sh", "-c", o.(string)).Run() - _test_svc: testSvc, - } -} - -// GetHarborImage 方法,调用接口的 GetImage 方法 -func (e *IctestAPI) GetTest(taint_src string) (interface{}, error) { - return e._test_svc.test(taint_src) -} - -// HarborServiceImpl 是 IHarborService 接口的具体实现 -type IctestImpl struct{} - -// 实现 GetImage 方法 -func (s *IctestImpl) test(taint_src string) (interface{}, error) { - // 模拟返回一个简单结果 - return taint_src, nil -} - -func main() { - __taint_src := "taint_src_value" - interface_class_001_c_T(__taint_src) -} - -// IHarborService 接口定义 GetImage 方法 -type IIctest interface { - test(taint_src string) (interface{}, error) -} - -// K8sAPI 结构体,依赖 IHarborService 接口 -type IctestAPI struct { - _test_svc IIctest -} - -// NewK8sAPI 构造函数,注入 IHarborService 接口 -func NewIctestAPI(testSvc IIctest) *IctestAPI { - return &IctestAPI{ - _test_svc: testSvc, - } -} - -// GetHarborImage 方法,调用接口的 GetImage 方法 -func (e *IctestAPI) GetTest(taint_src string) (interface{}, error) { - return e._test_svc.test(taint_src) -} - -// HarborServiceImpl 是 IHarborService 接口的具体实现 -type IctestImpl struct{} - -// 实现 GetImage 方法 -func (s *IctestImpl) test(taint_src string) (interface{}, error) { - // 模拟返回一个简单结果 - return taint_src, nil -} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/interface_class_002_c_F/interface_class_002_c_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/interface_class_002_F/interface_class_002_F.go similarity index 55% rename from sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/interface_class_002_c_F/interface_class_002_c_F.go rename to sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/interface_class_002_F/interface_class_002_F.go index f3826ab2..fae163ef 100644 --- a/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/interface_class_002_c_F/interface_class_002_c_F.go +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/interface_class_002_F/interface_class_002_F.go @@ -1,64 +1,62 @@ // evaluation information start -// real case = true +// real case = false // evaluation item = 完整度->单应用跟踪完整度->接口与类->简单对象 // scene introduction = 结构体注入接口 // level = 2 -// bind_url = completeness/single_app_tracing/interface_class/interface_implementation/interface_class_002_c_F/interface_class_002_c_F - +// bind_url = completeness/single_app_tracing/interface_class/interface_implementation/interface_class_002_F/interface_class_002_F // evaluation information end package main import "os/exec" -func interface_class_002_c_F(__taint_src string) { - // 创建接口的具体实现 +func interface_class_002_F(__taint_src string) { + //创建 IctestImpl 实例 testSvc := &IctestImpl{} - // 通过构造函数注入接口 + //将业务实现注入到 IctestAPI 中 testAPI := NewIctestAPI(testSvc) - // 调用接口方法 - result, _ := testAPI.GetTest("") + //调用接口方法,返回的数据和污点源没关系 + result, _ := testAPI.GetTest("aa") __taint_sink(result) } - + func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() } -// IHarborService 接口定义 GetImage 方法 +//IIctest 定义了业务层接口,用于演示接口与实现的解耦 type IIctest interface { test(taint_src string) (interface{}, error) } -// K8sAPI 结构体,依赖 IHarborService 接口 +//IctestAPI 是业务门面,对外暴露统一 API,内部依赖 IIctest 实现 type IctestAPI struct { _test_svc IIctest } -// NewK8sAPI 构造函数,注入 IHarborService 接口 +//NewIctestAPI 构造器,注入 IIctest 实现 func NewIctestAPI(testSvc IIctest) *IctestAPI { return &IctestAPI{ - _ = exec.Command("sh", "-c", o.(string)).Run() _test_svc: testSvc, } } -// GetHarborImage 方法,调用接口的 GetImage 方法 +//GetTest 通过接口调用底层实现,将输入原样返回 func (e *IctestAPI) GetTest(taint_src string) (interface{}, error) { return e._test_svc.test(taint_src) } -// HarborServiceImpl 是 IHarborService 接口的具体实现 +//IctestImpl 是 IIctest 的默认实现 type IctestImpl struct{} -// 实现 GetImage 方法 +//test 实现 IIctest 接口,直接将 传入的值 返回,不做任何校验 func (s *IctestImpl) test(taint_src string) (interface{}, error) { - // 模拟返回一个简单结果 + //污点数据未经处理直接返回 return taint_src, nil } func main() { __taint_src := "taint_src_value" - interface_class_002_c_F(__taint_src) + interface_class_002_F(__taint_src) } \ No newline at end of file diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/argument_return_value_passing/DifferentParamsPassing_005_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/argument_return_value_passing/DifferentParamsPassing_001_T.java similarity index 91% rename from sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/argument_return_value_passing/DifferentParamsPassing_005_T.java rename to sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/argument_return_value_passing/DifferentParamsPassing_001_T.java index 0308e000..e11e86d6 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/argument_return_value_passing/DifferentParamsPassing_005_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/argument_return_value_passing/DifferentParamsPassing_001_T.java @@ -13,12 +13,12 @@ // evaluation item = 准确度->上下文敏感分析->参数/返回值传递 // scene introduction = 参数值传递->VarargArrayAccess // level = 2 -// bind_url = accuracy/context_sensitive/argument_return_value_passing/DifferentParamsPassing_005_T +// bind_url = accuracy/context_sensitive/argument_return_value_passing/DifferentParamsPassing_001_T // evaluation information end @RestController() @RequestMapping("accuracy/context_sensitive/argument_return_value_passing") -public class DifferentParamsPassing_005_T { - @PostMapping("DifferentParamsPassing_005_T") +public class DifferentParamsPassing_001_T { + @PostMapping("DifferentParamsPassing_001_T") public Map testcase(@RequestParam String cmd) { Map modelMap = new HashMap<>(); @@ -37,4 +37,4 @@ private static String chooseOne(int i, String... params) { return params[i]; } } -} \ No newline at end of file +} diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/argument_return_value_passing/DifferentParamsPassing_006_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/argument_return_value_passing/DifferentParamsPassing_002_F.java similarity index 91% rename from sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/argument_return_value_passing/DifferentParamsPassing_006_F.java rename to sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/argument_return_value_passing/DifferentParamsPassing_002_F.java index e90612d8..f56b41f4 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/argument_return_value_passing/DifferentParamsPassing_006_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/argument_return_value_passing/DifferentParamsPassing_002_F.java @@ -13,13 +13,13 @@ // evaluation item = 准确度->上下文敏感分析->参数/返回值传递 // scene introduction = 参数值传递->VarargArrayAccess // level = 2 -// bind_url = accuracy/context_sensitive/argument_return_value_passing/DifferentParamsPassing_006_F +// bind_url = accuracy/context_sensitive/argument_return_value_passing/DifferentParamsPassing_002_F // evaluation information end @RestController() @RequestMapping("accuracy/context_sensitive/argument_return_value_passing") -public class DifferentParamsPassing_006_F { - @PostMapping("DifferentParamsPassing_006_F") +public class DifferentParamsPassing_002_F { + @PostMapping("DifferentParamsPassing_002_F") public Map testcase(@RequestParam String cmd) { Map modelMap = new HashMap<>(); @@ -38,4 +38,4 @@ private static String chooseOne(int i, String... params) { return params[i]; } } -} \ No newline at end of file +} diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/argument_return_value_passing/config.json b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/argument_return_value_passing/config.json index 431f6813..d88bffd7 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/argument_return_value_passing/config.json +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/argument_return_value_passing/config.json @@ -7,7 +7,7 @@ "level": "2", "scene_list": [ { - "compose": "DifferentParamsPassing_005_T.java && !DifferentParamsPassing_006_F.java", + "compose": "DifferentParamsPassing_001_T.java && !DifferentParamsPassing_002_F.java", "scene": "参数值传递->VarargArrayAccess" }, { diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/multi_invoke_need_solve/DifferentParamsForFunction_001_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/multi_invoke_need_solve/DifferentParamsForFunction_need_solve_001_T.java similarity index 88% rename from sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/multi_invoke_need_solve/DifferentParamsForFunction_001_T.java rename to sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/multi_invoke_need_solve/DifferentParamsForFunction_need_solve_001_T.java index 7579f67c..6d7e9949 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/multi_invoke_need_solve/DifferentParamsForFunction_001_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/multi_invoke_need_solve/DifferentParamsForFunction_need_solve_001_T.java @@ -14,13 +14,13 @@ // evaluation item = 准确度->上下文敏感分析->多次调用->可求解 // scene introduction = 相同函数调用不同参数-scene1 // level = 4 -// bind_url = accuracy/context_sensitive/multi_invoke/multi_invoke_need_solve/DifferentParamsForFunction_001_T +// bind_url = accuracy/context_sensitive/multi_invoke/multi_invoke_need_solve/DifferentParamsForFunction_need_solve_001_T // evaluation information end @RestController @RequestMapping("accuracy/context_sensitive/multi_invoke/multi_invoke_need_solve") -public class DifferentParamsForFunction_001_T { - @PostMapping(value = "DifferentParamsForFunction_001_T") +public class DifferentParamsForFunction_need_solve_001_T { + @PostMapping(value = "DifferentParamsForFunction_need_solve_001_T") public Map testcase(@RequestParam String cmd) { Map modelMap = new HashMap<>(); String exec1, exec2; diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/multi_invoke_need_solve/DifferentParamsForFunction_002_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/multi_invoke_need_solve/DifferentParamsForFunction_need_solve_002_F.java similarity index 88% rename from sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/multi_invoke_need_solve/DifferentParamsForFunction_002_F.java rename to sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/multi_invoke_need_solve/DifferentParamsForFunction_need_solve_002_F.java index 98ead136..e165e591 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/multi_invoke_need_solve/DifferentParamsForFunction_002_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/multi_invoke_need_solve/DifferentParamsForFunction_need_solve_002_F.java @@ -15,13 +15,13 @@ // evaluation item = 准确度->上下文敏感分析->多次调用->可求解 // scene introduction = 相同函数调用不同参数-scene1 // level = 4 -// bind_url = accuracy/context_sensitive/multi_invoke/multi_invoke_need_solve/DifferentParamsForFunction_002_F +// bind_url = accuracy/context_sensitive/multi_invoke/multi_invoke_need_solve/DifferentParamsForFunction_need_solve_002_F // evaluation information end @RestController @RequestMapping("accuracy/context_sensitive/multi_invoke/multi_invoke_need_solve") -public class DifferentParamsForFunction_002_F { - @PostMapping(value = "DifferentParamsForFunction_002_F") +public class DifferentParamsForFunction_need_solve_002_F { + @PostMapping(value = "DifferentParamsForFunction_need_solve_002_F") public Map testcase(@RequestParam String cmd) { Map modelMap = new HashMap<>(); String exec1, exec2; diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/multi_invoke_need_solve/config.json b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/multi_invoke_need_solve/config.json index 29106246..8d81e9f3 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/multi_invoke_need_solve/config.json +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/multi_invoke_need_solve/config.json @@ -7,7 +7,7 @@ "level": "4", "scene_list": [ { - "compose": "DifferentParamsForFunction_001_T.java && !DifferentParamsForFunction_002_F.java", + "compose": "DifferentParamsForFunction_need_solve_001_T.java && !DifferentParamsForFunction_need_solve_002_F.java", "scene": "相同函数调用不同参数-scene1-可求解" } ] diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/multi_invoke_without_solve/DifferentParamsForFunction_005_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/multi_invoke_without_solve/DifferentParamsForFunction_001_T.java similarity index 90% rename from sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/multi_invoke_without_solve/DifferentParamsForFunction_005_T.java rename to sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/multi_invoke_without_solve/DifferentParamsForFunction_001_T.java index 6859cfee..a8fbd537 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/multi_invoke_without_solve/DifferentParamsForFunction_005_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/multi_invoke_without_solve/DifferentParamsForFunction_001_T.java @@ -15,13 +15,13 @@ // evaluation item = 准确度->上下文敏感分析->多次调用->无需求解 // scene introduction = HeapAllocSite // level = 2 -// bind_url = accuracy/context_sensitive/multi_invoke/multi_invoke_without_solve/DifferentParamsForFunction_005_T +// bind_url = accuracy/context_sensitive/multi_invoke/multi_invoke_without_solve/DifferentParamsForFunction_001_T // evaluation information end @RestController @RequestMapping("accuracy/context_sensitive/multi_invoke/multi_invoke_without_solve") -public class DifferentParamsForFunction_005_T { - @PostMapping(value = "DifferentParamsForFunction_005_T") +public class DifferentParamsForFunction_001_T { + @PostMapping(value = "DifferentParamsForFunction_001_T") public Map testcase(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/multi_invoke_without_solve/DifferentParamsForFunction_006_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/multi_invoke_without_solve/DifferentParamsForFunction_002_F.java similarity index 90% rename from sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/multi_invoke_without_solve/DifferentParamsForFunction_006_F.java rename to sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/multi_invoke_without_solve/DifferentParamsForFunction_002_F.java index 955ca2e7..800fbc5e 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/multi_invoke_without_solve/DifferentParamsForFunction_006_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/multi_invoke_without_solve/DifferentParamsForFunction_002_F.java @@ -16,12 +16,12 @@ // evaluation item = 准确度->上下文敏感分析->多次调用->无需求解 // scene introduction = HeapAllocSite // level = 2 -// bind_url = accuracy/context_sensitive/multi_invoke/multi_invoke_without_solve/DifferentParamsForFunction_006_F +// bind_url = accuracy/context_sensitive/multi_invoke/multi_invoke_without_solve/DifferentParamsForFunction_002_F // evaluation information end @RestController @RequestMapping("accuracy/context_sensitive/multi_invoke/multi_invoke_without_solve") -public class DifferentParamsForFunction_006_F { - @PostMapping(value = "DifferentParamsForFunction_006_F") +public class DifferentParamsForFunction_002_F { + @PostMapping(value = "DifferentParamsForFunction_002_F") public Map testcase(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/multi_invoke_without_solve/config.json b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/multi_invoke_without_solve/config.json index 82a12426..fce54cb3 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/multi_invoke_without_solve/config.json +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/multi_invoke_without_solve/config.json @@ -7,11 +7,11 @@ "level": "2", "scene_list": [ { - "compose": "DifferentParamsForFunction_003_T.java && !DifferentParamsForFunction_004_F.java", + "compose": "DifferentParamsForFunction_001_T.java && !DifferentParamsForFunction_002_F.java", "scene": "相同函数调用不同参数-scene2" }, { - "compose": "DifferentParamsForFunction_005_T.java && !DifferentParamsForFunction_006_F.java", + "compose": "DifferentParamsForFunction_003_T.java && !DifferentParamsForFunction_004_F.java", "scene": "HeapAllocSite" }, { diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/flow_sensitive/loop_stmt/loop_stmt_init/Statement_ForStatement_005_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/flow_sensitive/loop_stmt/loop_stmt_init/Statement_ForStatement_init_001_T.java similarity index 89% rename from sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/flow_sensitive/loop_stmt/loop_stmt_init/Statement_ForStatement_005_T.java rename to sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/flow_sensitive/loop_stmt/loop_stmt_init/Statement_ForStatement_init_001_T.java index b8ce214e..b5a8c79f 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/flow_sensitive/loop_stmt/loop_stmt_init/Statement_ForStatement_005_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/flow_sensitive/loop_stmt/loop_stmt_init/Statement_ForStatement_init_001_T.java @@ -13,12 +13,12 @@ // evaluation item = 准确度->流敏感分析->循环顺序执行语句->for-init流敏感 // scene introduction = for-init流敏感 // level = 2 -// bind_url = accuracy/flow_sensitive/loop_stmt/loop_stmt_init/Statement_ForStatement_005_T/{cmd} +// bind_url = accuracy/flow_sensitive/loop_stmt/loop_stmt_init/Statement_ForStatement_init_001_T/{cmd} // evaluation information end @RestController() @RequestMapping("accuracy/flow_sensitive/loop_stmt/loop_stmt_init") -public class Statement_ForStatement_005_T { - @GetMapping("Statement_ForStatement_005_T/{cmd}") +public class Statement_ForStatement_init_001_T { + @GetMapping("Statement_ForStatement_init_001_T/{cmd}") public Map testcase(@PathVariable String cmd) { Map modelMap = new HashMap<>(); try { diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/flow_sensitive/loop_stmt/loop_stmt_init/Statement_ForStatement_006_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/flow_sensitive/loop_stmt/loop_stmt_init/Statement_ForStatement_init_002_F.java similarity index 89% rename from sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/flow_sensitive/loop_stmt/loop_stmt_init/Statement_ForStatement_006_F.java rename to sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/flow_sensitive/loop_stmt/loop_stmt_init/Statement_ForStatement_init_002_F.java index 1fc0b2d1..6a43a136 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/flow_sensitive/loop_stmt/loop_stmt_init/Statement_ForStatement_006_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/flow_sensitive/loop_stmt/loop_stmt_init/Statement_ForStatement_init_002_F.java @@ -13,12 +13,12 @@ // evaluation item = 准确度->流敏感分析->循环顺序执行语句->for-init流敏感 // scene introduction = for-init流敏感 // level = 2 -// bind_url = accuracy/flow_sensitive/loop_stmt/loop_stmt_init/Statement_ForStatement_006_F/{cmd} +// bind_url = accuracy/flow_sensitive/loop_stmt/loop_stmt_init/Statement_ForStatement_init_002_F/{cmd} // evaluation information end @RestController() @RequestMapping("accuracy/flow_sensitive/loop_stmt/loop_stmt_init") -public class Statement_ForStatement_006_F { - @GetMapping("Statement_ForStatement_006_F/{cmd}") +public class Statement_ForStatement_init_002_F { + @GetMapping("Statement_ForStatement_init_002_F/{cmd}") public Map testcase(@PathVariable String cmd) { Map modelMap = new HashMap<>(); try { diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/flow_sensitive/loop_stmt/loop_stmt_init/config.json b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/flow_sensitive/loop_stmt/loop_stmt_init/config.json index 15ff8103..6bbcf871 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/flow_sensitive/loop_stmt/loop_stmt_init/config.json +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/flow_sensitive/loop_stmt/loop_stmt_init/config.json @@ -7,7 +7,7 @@ "level": "2", "scene_list": [ { - "compose": "Statement_ForStatement_005_T.java && !Statement_ForStatement_006_F.java", + "compose": "Statement_ForStatement_init_001_T.java && !Statement_ForStatement_init_002_F.java", "scene": "for-init流敏感" } ] @@ -15,4 +15,4 @@ ] } ] -} +} \ No newline at end of file diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/flow_sensitive/loop_stmt/loop_stmt_update/Statement_ForStatement_007_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/flow_sensitive/loop_stmt/loop_stmt_update/Statement_ForStatement_update_001_T.java similarity index 89% rename from sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/flow_sensitive/loop_stmt/loop_stmt_update/Statement_ForStatement_007_T.java rename to sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/flow_sensitive/loop_stmt/loop_stmt_update/Statement_ForStatement_update_001_T.java index 194419bf..198ae2bd 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/flow_sensitive/loop_stmt/loop_stmt_update/Statement_ForStatement_007_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/flow_sensitive/loop_stmt/loop_stmt_update/Statement_ForStatement_update_001_T.java @@ -13,12 +13,12 @@ // evaluation item = 准确度->流敏感分析->循环顺序执行语句->for-update流敏感 // scene introduction = for-update流敏感 // level = 2 -// bind_url = accuracy/flow_sensitive/loop_stmt/loop_stmt_update/Statement_ForStatement_007_T/{cmd} +// bind_url = accuracy/flow_sensitive/loop_stmt/loop_stmt_update/Statement_ForStatement_update_001_T/{cmd} // evaluation information end @RestController() @RequestMapping("accuracy/flow_sensitive/loop_stmt/loop_stmt_update") -public class Statement_ForStatement_007_T { - @GetMapping("Statement_ForStatement_007_T/{cmd}") +public class Statement_ForStatement_update_001_T { + @GetMapping("Statement_ForStatement_update_001_T/{cmd}") public Map testcase(@PathVariable String cmd) { Map modelMap = new HashMap<>(); try { diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/flow_sensitive/loop_stmt/loop_stmt_update/Statement_ForStatement_008_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/flow_sensitive/loop_stmt/loop_stmt_update/Statement_ForStatement_update_002_F.java similarity index 89% rename from sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/flow_sensitive/loop_stmt/loop_stmt_update/Statement_ForStatement_008_F.java rename to sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/flow_sensitive/loop_stmt/loop_stmt_update/Statement_ForStatement_update_002_F.java index 9599e8cb..3f65fbb9 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/flow_sensitive/loop_stmt/loop_stmt_update/Statement_ForStatement_008_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/flow_sensitive/loop_stmt/loop_stmt_update/Statement_ForStatement_update_002_F.java @@ -13,12 +13,12 @@ // evaluation item = 准确度->流敏感分析->循环顺序执行语句->for-update流敏感 // scene introduction = for-update流敏感 // level = 2 -// bind_url = accuracy/flow_sensitive/loop_stmt/loop_stmt_update/Statement_ForStatement_008_F/{cmd} +// bind_url = accuracy/flow_sensitive/loop_stmt/loop_stmt_update/Statement_ForStatement_update_002_F/{cmd} // evaluation information end @RestController() @RequestMapping("accuracy/flow_sensitive/loop_stmt/loop_stmt_update") -public class Statement_ForStatement_008_F { - @GetMapping("Statement_ForStatement_008_F/{cmd}") +public class Statement_ForStatement_update_002_F { + @GetMapping("Statement_ForStatement_update_002_F/{cmd}") public Map testcase(@PathVariable String cmd) { Map modelMap = new HashMap<>(); try { diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/flow_sensitive/loop_stmt/loop_stmt_update/config.json b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/flow_sensitive/loop_stmt/loop_stmt_update/config.json index 8b1392e3..045df321 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/flow_sensitive/loop_stmt/loop_stmt_update/config.json +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/flow_sensitive/loop_stmt/loop_stmt_update/config.json @@ -7,7 +7,7 @@ "level": "2", "scene_list": [ { - "compose": "Statement_ForStatement_007_T.java && !Statement_ForStatement_008_F.java", + "compose": "Statement_ForStatement_update_001_T.java && !Statement_ForStatement_update_002_F.java", "scene": "for-update流敏感" } ] @@ -15,4 +15,4 @@ ] } ] -} +} \ No newline at end of file diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/object_field_sensitive/field_sensitive_muilt_collection/Array_index_003_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/object_field_sensitive/field_sensitive_muilt_collection/Array_index_muilt_collection_001_T.java similarity index 89% rename from sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/object_field_sensitive/field_sensitive_muilt_collection/Array_index_003_T.java rename to sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/object_field_sensitive/field_sensitive_muilt_collection/Array_index_muilt_collection_001_T.java index 957b5b63..72791e71 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/object_field_sensitive/field_sensitive_muilt_collection/Array_index_003_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/object_field_sensitive/field_sensitive_muilt_collection/Array_index_muilt_collection_001_T.java @@ -13,12 +13,12 @@ // evaluation item = 准确度->对象敏感与域敏感分析->区分多维字典/列表/数组的不同元素 // scene introduction = 数组索引-二维 // level = 4 -// bind_url = accuracy/object_field_sensitive/field_sensitive_muilt_collection/Array_index_003_T +// bind_url = accuracy/object_field_sensitive/field_sensitive_muilt_collection/Array_index_muilt_collection_001_T // evaluation information end @RestController() @RequestMapping("accuracy/object_field_sensitive/field_sensitive_muilt_collection") -public class Array_index_003_T { - @PostMapping("Array_index_003_T") +public class Array_index_muilt_collection_001_T { + @PostMapping("Array_index_muilt_collection_001_T") public Map testcase(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -30,4 +30,4 @@ public Map testcase(@RequestParam String cmd) { } return modelMap; } -} \ No newline at end of file +} diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/object_field_sensitive/field_sensitive_muilt_collection/Array_index_004_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/object_field_sensitive/field_sensitive_muilt_collection/Array_index_muilt_collection_002_F.java similarity index 89% rename from sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/object_field_sensitive/field_sensitive_muilt_collection/Array_index_004_F.java rename to sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/object_field_sensitive/field_sensitive_muilt_collection/Array_index_muilt_collection_002_F.java index a7a10b73..6d236a2c 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/object_field_sensitive/field_sensitive_muilt_collection/Array_index_004_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/object_field_sensitive/field_sensitive_muilt_collection/Array_index_muilt_collection_002_F.java @@ -13,12 +13,12 @@ // evaluation item = 准确度->对象敏感与域敏感分析->区分多维字典/列表/数组的不同元素 // scene introduction = 数组索引-二维 // level = 4 -// bind_url = accuracy/object_field_sensitive/field_sensitive_muilt_collection/Array_index_004_F +// bind_url = accuracy/object_field_sensitive/field_sensitive_muilt_collection/Array_index_muilt_collection_002_F // evaluation information end @RestController() @RequestMapping("accuracy/object_field_sensitive/field_sensitive_muilt_collection") -public class Array_index_004_F { - @PostMapping("Array_index_004_F") +public class Array_index_muilt_collection_002_F { + @PostMapping("Array_index_muilt_collection_002_F") public Map testcase(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { @@ -30,4 +30,4 @@ public Map testcase(@RequestParam String cmd) { } return modelMap; } -} \ No newline at end of file +} diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/object_field_sensitive/field_sensitive_muilt_collection/MapPutGet_003_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/object_field_sensitive/field_sensitive_muilt_collection/MapPutGet_muilt_collection_001_T.java similarity index 90% rename from sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/object_field_sensitive/field_sensitive_muilt_collection/MapPutGet_003_T.java rename to sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/object_field_sensitive/field_sensitive_muilt_collection/MapPutGet_muilt_collection_001_T.java index 2e1ecec8..562d60dc 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/object_field_sensitive/field_sensitive_muilt_collection/MapPutGet_003_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/object_field_sensitive/field_sensitive_muilt_collection/MapPutGet_muilt_collection_001_T.java @@ -15,13 +15,13 @@ // evaluation item = 准确度->对象敏感与域敏感分析->区分多维字典/列表/数组的不同元素 // scene introduction = MapPutGet-scene2 // level = 4 -// bind_url = accuracy/object_field_sensitive/field_sensitive_muilt_collection/MapPutGet_003_T +// bind_url = accuracy/object_field_sensitive/field_sensitive_muilt_collection/MapPutGet_muilt_collection_001_T // evaluation information end @RestController() @RequestMapping("accuracy/object_field_sensitive/field_sensitive/map") -public class MapPutGet_003_T { - @PostMapping(value = "MapPutGet_003_T") +public class MapPutGet_muilt_collection_001_T { + @PostMapping(value = "MapPutGet_muilt_collection_001_T") public Map testcase(@RequestParam String url) { Map modelMap = new HashMap<>(); diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/object_field_sensitive/field_sensitive_muilt_collection/MapPutGet_004_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/object_field_sensitive/field_sensitive_muilt_collection/MapPutGet_muilt_collection_002_F.java similarity index 91% rename from sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/object_field_sensitive/field_sensitive_muilt_collection/MapPutGet_004_F.java rename to sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/object_field_sensitive/field_sensitive_muilt_collection/MapPutGet_muilt_collection_002_F.java index 38454b58..a515f8c9 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/object_field_sensitive/field_sensitive_muilt_collection/MapPutGet_004_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/object_field_sensitive/field_sensitive_muilt_collection/MapPutGet_muilt_collection_002_F.java @@ -15,13 +15,13 @@ // evaluation item = 准确度->对象敏感与域敏感分析->区分多维字典/列表/数组的不同元素 // scene introduction = MapPutGet-scene2 // level = 4 -// bind_url = accuracy/object_field_sensitive/field_sensitive_muilt_collection/MapPutGet_004_F +// bind_url = accuracy/object_field_sensitive/field_sensitive_muilt_collection/MapPutGet_muilt_collection_002_F // evaluation information end @RestController() @RequestMapping("accuracy/object_field_sensitive/field_sensitive/map") -public class MapPutGet_004_F { - @PostMapping(value = "MapPutGet_004_F") +public class MapPutGet_muilt_collection_002_F { + @PostMapping(value = "MapPutGet_muilt_collection_002_F") public Map testcase(@RequestParam String url) { Map modelMap = new HashMap<>(); try { diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/object_field_sensitive/field_sensitive_muilt_collection/config.json b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/object_field_sensitive/field_sensitive_muilt_collection/config.json index 054ed936..664b45e2 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/object_field_sensitive/field_sensitive_muilt_collection/config.json +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/object_field_sensitive/field_sensitive_muilt_collection/config.json @@ -7,11 +7,11 @@ "level": "4", "scene_list": [ { - "compose": "Array_index_003_T.java && !Array_index_004_F.java", + "compose": "Array_index_muilt_collection_001_T.java && !Array_index_muilt_collection_002_F.java", "scene": "数组索引-二维" }, { - "compose": "MapPutGet_003_T.java && !MapPutGet_004_F.java", + "compose": "MapPutGet_muilt_collection_001_T.java && !MapPutGet_muilt_collection_002_F.java", "scene": "MapPutGet" } ] diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/no_solver/Statement_ForStatement_003_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/no_solver/Statement_ForStatement_no_solver_001_T.java similarity index 88% rename from sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/no_solver/Statement_ForStatement_003_T.java rename to sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/no_solver/Statement_ForStatement_no_solver_001_T.java index 6eac0fb8..9df5f9ed 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/no_solver/Statement_ForStatement_003_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/no_solver/Statement_ForStatement_no_solver_001_T.java @@ -13,12 +13,12 @@ // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 // scene introduction = 循环语句->for // level = 3 -// bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/Statement_ForStatement_003_T/{cmd} +// bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/Statement_ForStatement_no_solver_001_T/{cmd} // evaluation information end @RestController() @RequestMapping("accuracy/path_sensitive/loop_conditional_stmt/no_solver") -public class Statement_ForStatement_003_T { - @GetMapping("Statement_ForStatement_003_T/{cmd}") +public class Statement_ForStatement_no_solver_001_T { + @GetMapping("Statement_ForStatement_no_solver_001_T/{cmd}") public Map testcase(@PathVariable String cmd) { Map modelMap = new HashMap<>(); try { diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/no_solver/Statement_ForStatement_004_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/no_solver/Statement_ForStatement_no_solver_002_F.java similarity index 88% rename from sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/no_solver/Statement_ForStatement_004_F.java rename to sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/no_solver/Statement_ForStatement_no_solver_002_F.java index 39811909..6d32115c 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/no_solver/Statement_ForStatement_004_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/no_solver/Statement_ForStatement_no_solver_002_F.java @@ -13,12 +13,12 @@ // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 // scene introduction = 循环语句->for // level = 3 -// bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/Statement_ForStatement_004_F/{cmd} +// bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/Statement_ForStatement_no_solver_002_F/{cmd} // evaluation information end @RestController() @RequestMapping("accuracy/path_sensitive/loop_conditional_stmt/no_solver") -public class Statement_ForStatement_004_F { - @GetMapping("Statement_ForStatement_004_F/{cmd}") +public class Statement_ForStatement_no_solver_002_F { + @GetMapping("Statement_ForStatement_no_solver_002_F/{cmd}") public Map testcase(@PathVariable String cmd) { Map modelMap = new HashMap<>(); try { diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/no_solver/config.json b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/no_solver/config.json index eb8e2692..bff38d32 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/no_solver/config.json +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/no_solver/config.json @@ -11,7 +11,7 @@ "scene": "常量分支条件" }, { - "compose": "Statement_ForStatement_003_T.java && !Statement_ForStatement_004_F.java", + "compose": "Statement_ForStatement_no_solver_001_T.java && !Statement_ForStatement_no_solver_002_F.java", "scene": "循环结构->for" } ] diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_005_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_solver_001_T.java similarity index 88% rename from sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_005_T.java rename to sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_solver_001_T.java index 3809caf0..6d6eda05 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_005_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_solver_001_T.java @@ -13,12 +13,12 @@ // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 // scene introduction = instanceof表达式-Object // level = 4 -// bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_005_T/{cmd} +// bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_solver_001_T/{cmd} // evaluation information end @RestController() @RequestMapping("accuracy/path_sensitive/loop_conditional_stmt/solver") -public class Expression_InstanceofExpression_005_T { - @GetMapping("Expression_InstanceofExpression_005_T/{cmd}") +public class Expression_InstanceofExpression_solver_001_T { + @GetMapping("Expression_InstanceofExpression_solver_001_T/{cmd}") public Map testcase(@PathVariable String cmd) { Map modelMap = new HashMap<>(); try { diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_006_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_solver_002_F.java similarity index 88% rename from sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_006_F.java rename to sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_solver_002_F.java index 68da9fff..faf26d7b 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_006_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_solver_002_F.java @@ -13,12 +13,12 @@ // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 // scene introduction = instanceof表达式-Object // level = 4 -// bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_006_F/{cmd} +// bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_solver_002_F/{cmd} // evaluation information end @RestController() @RequestMapping("accuracy/path_sensitive/loop_conditional_stmt/solver") -public class Expression_InstanceofExpression_006_F { - @GetMapping("Expression_InstanceofExpression_006_F/{cmd}") +public class Expression_InstanceofExpression_solver_002_F { + @GetMapping("Expression_InstanceofExpression_solver_002_F/{cmd}") public Map testcase(@PathVariable String cmd) { Map modelMap = new HashMap<>(); try { diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_003_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_solver_003_T.java similarity index 88% rename from sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_003_T.java rename to sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_solver_003_T.java index fb5db041..93287a72 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_003_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_solver_003_T.java @@ -13,12 +13,12 @@ // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 // scene introduction = instanceof表达式-null // level = 4 -// bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_003_T/{cmd} +// bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_solver_003_T/{cmd} // evaluation information end @RestController() @RequestMapping("accuracy/path_sensitive/loop_conditional_stmt/solver") -public class Expression_InstanceofExpression_003_T { - @GetMapping("Expression_InstanceofExpression_003_T/{cmd}") +public class Expression_InstanceofExpression_solver_003_T { + @GetMapping("Expression_InstanceofExpression_solver_003_T/{cmd}") public Map testcase(@PathVariable String cmd) { Map modelMap = new HashMap<>(); try { diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_004_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_solver_004_F.java similarity index 88% rename from sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_004_F.java rename to sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_solver_004_F.java index 58773fed..8323c373 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_004_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_solver_004_F.java @@ -13,12 +13,12 @@ // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 // scene introduction = instanceof表达式-null // level = 4 -// bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_004_F/{cmd} +// bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_solver_004_F/{cmd} // evaluation information end @RestController() @RequestMapping("accuracy/path_sensitive/loop_conditional_stmt/solver") -public class Expression_InstanceofExpression_004_F { - @GetMapping("Expression_InstanceofExpression_004_F/{cmd}") +public class Expression_InstanceofExpression_solver_004_F { + @GetMapping("Expression_InstanceofExpression_solver_004_F/{cmd}") public Map testcase(@PathVariable String cmd) { Map modelMap = new HashMap<>(); try { diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_AssertStatement_006_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_AssertStatement_solver_001_T.java similarity index 88% rename from sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_AssertStatement_006_F.java rename to sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_AssertStatement_solver_001_T.java index 4c38c680..7b08ca66 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_AssertStatement_006_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_AssertStatement_solver_001_T.java @@ -13,12 +13,12 @@ // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 // scene introduction = assert语句-条件成立 // level = 4 -// bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_AssertStatement_006_F/{cmd} +// bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_AssertStatement_solver_001_T/{cmd} // evaluation information end @RestController() @RequestMapping("accuracy/path_sensitive/loop_conditional_stmt/solver") -public class Statement_AssertStatement_006_F { - @GetMapping("Statement_AssertStatement_006_F/{cmd}") +public class Statement_AssertStatement_solver_001_T { + @GetMapping("Statement_AssertStatement_solver_001_T/{cmd}") public Map testcase(@PathVariable String cmd) { Map modelMap = new HashMap<>(); try { diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_AssertStatement_005_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_AssertStatement_solver_002_F.java similarity index 88% rename from sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_AssertStatement_005_T.java rename to sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_AssertStatement_solver_002_F.java index f21922ca..66ece75e 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_AssertStatement_005_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_AssertStatement_solver_002_F.java @@ -13,12 +13,12 @@ // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 // scene introduction = assert语句-条件成立 // level = 4 -// bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_AssertStatement_005_T/{cmd} +// bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_AssertStatement_solver_002_F/{cmd} // evaluation information end @RestController() @RequestMapping("accuracy/path_sensitive/loop_conditional_stmt/solver") -public class Statement_AssertStatement_005_T { - @GetMapping("Statement_AssertStatement_005_T/{cmd}") +public class Statement_AssertStatement_solver_002_F { + @GetMapping("Statement_AssertStatement_solver_002_F/{cmd}") public Map testcase(@PathVariable String cmd) { Map modelMap = new HashMap<>(); try { diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_AssertStatement_003_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_AssertStatement_solver_003_T.java similarity index 88% rename from sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_AssertStatement_003_T.java rename to sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_AssertStatement_solver_003_T.java index 0fbaa81a..a8d0e17a 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_AssertStatement_003_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_AssertStatement_solver_003_T.java @@ -13,12 +13,12 @@ // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 // scene introduction = assert语句-条件不成立 // level = 4 -// bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_AssertStatement_003_T/{cmd} +// bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_AssertStatement_solver_003_T/{cmd} // evaluation information end @RestController() @RequestMapping("accuracy/path_sensitive/loop_conditional_stmt/solver") -public class Statement_AssertStatement_003_T { - @GetMapping("Statement_AssertStatement_003_T/{cmd}") +public class Statement_AssertStatement_solver_003_T { + @GetMapping("Statement_AssertStatement_solver_003_T/{cmd}") public Map testcase(@PathVariable String cmd) { Map modelMap = new HashMap<>(); try { diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_AssertStatement_004_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_AssertStatement_solver_004_F.java similarity index 88% rename from sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_AssertStatement_004_F.java rename to sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_AssertStatement_solver_004_F.java index 9748714e..8dda85ba 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_AssertStatement_004_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_AssertStatement_solver_004_F.java @@ -13,12 +13,12 @@ // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 // scene introduction = assert语句-条件不成立 // level = 4 -// bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_AssertStatement_004_F/{cmd} +// bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_AssertStatement_solver_004_F/{cmd} // evaluation information end @RestController() @RequestMapping("accuracy/path_sensitive/loop_conditional_stmt/solver") -public class Statement_AssertStatement_004_F { - @GetMapping("Statement_AssertStatement_004_F/{cmd}") +public class Statement_AssertStatement_solver_004_F { + @GetMapping("Statement_AssertStatement_solver_004_F/{cmd}") public Map testcase(@PathVariable String cmd) { Map modelMap = new HashMap<>(); try { diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_WhileStatement_003_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_WhileStatement_solver_001_T.java similarity index 88% rename from sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_WhileStatement_003_T.java rename to sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_WhileStatement_solver_001_T.java index f40701cb..5e97257b 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_WhileStatement_003_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_WhileStatement_solver_001_T.java @@ -14,12 +14,12 @@ // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 // scene introduction = 循环语句->while // level = 4 -// bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_WhileStatement_003_T/{type}/{cmd} +// bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_WhileStatement_solver_001_T/{type}/{cmd} // evaluation information end @RestController() @RequestMapping("accuracy/path_sensitive/loop_conditional_stmt/solver") -public class Statement_WhileStatement_003_T { - @GetMapping("Statement_WhileStatement_003_T/{type}/{cmd}") +public class Statement_WhileStatement_solver_001_T { + @GetMapping("Statement_WhileStatement_solver_001_T/{type}/{cmd}") public Map testcase(@PathVariable String cmd) { Map modelMap = new HashMap<>(); try {String a = "mkdir"; diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_WhileStatement_004_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_WhileStatement_solver_002_F.java similarity index 88% rename from sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_WhileStatement_004_F.java rename to sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_WhileStatement_solver_002_F.java index 6adb1150..462b3a3b 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_WhileStatement_004_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_WhileStatement_solver_002_F.java @@ -14,12 +14,12 @@ // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 // scene introduction = 循环语句->while // level = 4 -// bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_WhileStatement_004_F/{type}/{cmd} +// bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_WhileStatement_solver_002_F/{type}/{cmd} // evaluation information end @RestController() @RequestMapping("accuracy/path_sensitive/loop_conditional_stmt/solver") -public class Statement_WhileStatement_004_F { - @GetMapping("Statement_WhileStatement_004_F/{type}/{cmd}") +public class Statement_WhileStatement_solver_002_F { + @GetMapping("Statement_WhileStatement_solver_002_F/{type}/{cmd}") public Map testcase(@PathVariable String cmd) { Map modelMap = new HashMap<>(); try { diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/config.json b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/config.json index cde55f35..063bca00 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/config.json +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/config.json @@ -11,23 +11,23 @@ "scene": "数组长度计算" }, { - "compose": "Statement_WhileStatement_003_T.java && !Statement_WhileStatement_004_F.java", + "compose": "Statement_WhileStatement_solver_001_T.java && !Statement_WhileStatement_solver_002_F.java", "scene": "循环结构->while" }, { - "compose": "Statement_AssertStatement_003_T.java && !Statement_AssertStatement_004_F.java", + "compose": "Statement_AssertStatement_solver_001_T.java && !Statement_AssertStatement_solver_002_F.java", "scene": "assert语句-条件不成立" }, { - "compose": "Statement_AssertStatement_005_T.java && !Statement_AssertStatement_006_F.java", + "compose": "Statement_AssertStatement_solver_003_T.java && !Statement_AssertStatement_solver_004_F.java", "scene": "assert语句-条件不成立" }, { - "compose": "Expression_InstanceofExpression_003_T.java && !Expression_InstanceofExpression_004_F.java", + "compose": "Expression_InstanceofExpression_solver_001_T.java && !Expression_InstanceofExpression_solver_002_F.java", "scene": "instanceof表达式-null" }, { - "compose": "Expression_InstanceofExpression_005_T.java && !Expression_InstanceofExpression_006_F.java", + "compose": "Expression_InstanceofExpression_solver_003_T.java && !Expression_InstanceofExpression_solver_004_F.java", "scene": "instanceof表达式-Object" } ] @@ -35,4 +35,4 @@ ] } ] -} +} \ No newline at end of file diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/generics/CallExpression_CustomCode_Class_009_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/generics/CallExpression_CustomCode_Class_generics_001_T.java similarity index 86% rename from sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/generics/CallExpression_CustomCode_Class_009_T.java rename to sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/generics/CallExpression_CustomCode_Class_generics_001_T.java index c138c864..7a31e54f 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/generics/CallExpression_CustomCode_Class_009_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/generics/CallExpression_CustomCode_Class_generics_001_T.java @@ -14,13 +14,13 @@ // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->指针 // scene introduction = 泛型类-类型参数 // level = 2 -// bind_url = completeness/single_app_tracing/datatype/generics/CallExpression_CustomCode_Class_009_T +// bind_url = completeness/single_app_tracing/datatype/generics/CallExpression_CustomCode_Class_generics_001_T // evaluation information end @RestController() @RequestMapping("completeness/single_app_tracing/datatype/generics") -public class CallExpression_CustomCode_Class_009_T { - @PostMapping(value = "CallExpression_CustomCode_Class_009_T") +public class CallExpression_CustomCode_Class_generics_001_T { + @PostMapping(value = "CallExpression_CustomCode_Class_generics_001_T") public Map testcase(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/generics/CallExpression_CustomCode_Class_010_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/generics/CallExpression_CustomCode_Class_generics_002_F.java similarity index 86% rename from sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/generics/CallExpression_CustomCode_Class_010_F.java rename to sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/generics/CallExpression_CustomCode_Class_generics_002_F.java index dbf18ed8..6905fbb3 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/generics/CallExpression_CustomCode_Class_010_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/generics/CallExpression_CustomCode_Class_generics_002_F.java @@ -14,13 +14,13 @@ // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->指针 // scene introduction = 泛型类-类型参数 // level = 2 -// bind_url = completeness/single_app_tracing/datatype/generics/CallExpression_CustomCode_Class_010_F +// bind_url = completeness/single_app_tracing/datatype/generics/CallExpression_CustomCode_Class_generics_002_F // evaluation information end @RestController() @RequestMapping("completeness/single_app_tracing/datatype/generics") -public class CallExpression_CustomCode_Class_010_F { - @PostMapping(value = "CallExpression_CustomCode_Class_010_F") +public class CallExpression_CustomCode_Class_generics_002_F { + @PostMapping(value = "CallExpression_CustomCode_Class_generics_002_F") public Map testcase(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/generics/CallExpression_CustomCode_Class_011_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/generics/CallExpression_CustomCode_Class_generics_003_T.java similarity index 86% rename from sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/generics/CallExpression_CustomCode_Class_011_T.java rename to sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/generics/CallExpression_CustomCode_Class_generics_003_T.java index 398dd2a5..61f9b7de 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/generics/CallExpression_CustomCode_Class_011_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/generics/CallExpression_CustomCode_Class_generics_003_T.java @@ -14,13 +14,13 @@ // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->指针 // scene introduction = 泛型类-wildcard // level = 2 -// bind_url = completeness/single_app_tracing/datatype/generics/CallExpression_CustomCode_Class_011_T +// bind_url = completeness/single_app_tracing/datatype/generics/CallExpression_CustomCode_Class_generics_003_T // evaluation information end @RestController() @RequestMapping("completeness/single_app_tracing/datatype/generics") -public class CallExpression_CustomCode_Class_011_T { - @PostMapping(value = "CallExpression_CustomCode_Class_011_T") +public class CallExpression_CustomCode_Class_generics_003_T { + @PostMapping(value = "CallExpression_CustomCode_Class_generics_003_T") public Map testcase(@RequestParam String cmd) { Map modelMap = new HashMap<>(); G a = new G<>(cmd); diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/generics/CallExpression_CustomCode_Class_012_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/generics/CallExpression_CustomCode_Class_generics_004_F.java similarity index 86% rename from sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/generics/CallExpression_CustomCode_Class_012_F.java rename to sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/generics/CallExpression_CustomCode_Class_generics_004_F.java index fc5f930e..74801916 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/generics/CallExpression_CustomCode_Class_012_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/generics/CallExpression_CustomCode_Class_generics_004_F.java @@ -14,13 +14,13 @@ // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->指针 // scene introduction = 泛型类-wildcard // level = 2 -// bind_url = completeness/single_app_tracing/datatype/generics/CallExpression_CustomCode_Class_012_F +// bind_url = completeness/single_app_tracing/datatype/generics/CallExpression_CustomCode_Class_generics_004_F // evaluation information end @RestController() @RequestMapping("completeness/single_app_tracing/datatype/generics") -public class CallExpression_CustomCode_Class_012_F { - @PostMapping(value = "CallExpression_CustomCode_Class_012_F") +public class CallExpression_CustomCode_Class_generics_004_F { + @PostMapping(value = "CallExpression_CustomCode_Class_generics_004_F") public Map testcase(@RequestParam String cmd) { Map modelMap = new HashMap<>(); G a = new G<>("ls"); diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/generics/config.json b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/generics/config.json index 88e353c7..83cd57ea 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/generics/config.json +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/generics/config.json @@ -7,11 +7,11 @@ "level": "2", "scene_list": [ { - "compose": "CallExpression_CustomCode_Class_009_T.java && !CallExpression_CustomCode_Class_010_F.java", + "compose": "CallExpression_CustomCode_Class_generics_001_T.java && !CallExpression_CustomCode_Class_generics_002_F.java", "scene": "泛型类-类型参数" }, { - "compose": "CallExpression_CustomCode_Class_011_T.java && !CallExpression_CustomCode_Class_012_F.java", + "compose": "CallExpression_CustomCode_Class_generics_003_T.java && !CallExpression_CustomCode_Class_generics_004_F.java", "scene": "泛型类-wildcard" } ] diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/function_call/library_function/CallExpression_CustomCode_Interface_001_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/function_call/library_function/CallExpression_CustomCode_Interface_function_001_T.java similarity index 90% rename from sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/function_call/library_function/CallExpression_CustomCode_Interface_001_T.java rename to sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/function_call/library_function/CallExpression_CustomCode_Interface_function_001_T.java index 40fa9b47..48e6360f 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/function_call/library_function/CallExpression_CustomCode_Interface_001_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/function_call/library_function/CallExpression_CustomCode_Interface_function_001_T.java @@ -19,12 +19,12 @@ // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->库函数调用 // scene introduction = Serializable接口 // level = 2+ -// bind_url = completeness/single_app_tracing/function_call/library_function/CallExpression_CustomCode_Interface_001_T +// bind_url = completeness/single_app_tracing/function_call/library_function/CallExpression_CustomCode_Interface_function_001_T // evaluation information end @RestController() @RequestMapping("completeness/single_app_tracing/function_call/library_function") -public class CallExpression_CustomCode_Interface_001_T { - @PostMapping(value = "CallExpression_CustomCode_Interface_001_T") +public class CallExpression_CustomCode_Interface_function_001_T { + @PostMapping(value = "CallExpression_CustomCode_Interface_function_001_T") public Map testcase(@PathVariable String cmd) { Map modelMap = new HashMap<>(); S s1 = new S(cmd); diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/function_call/library_function/CallExpression_CustomCode_Interface_002_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/function_call/library_function/CallExpression_CustomCode_Interface_function_002_F.java similarity index 90% rename from sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/function_call/library_function/CallExpression_CustomCode_Interface_002_F.java rename to sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/function_call/library_function/CallExpression_CustomCode_Interface_function_002_F.java index 717d0289..8c3f956a 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/function_call/library_function/CallExpression_CustomCode_Interface_002_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/function_call/library_function/CallExpression_CustomCode_Interface_function_002_F.java @@ -19,12 +19,12 @@ // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->库函数调用 // scene introduction = Serializable接口 // level = 2+ -// bind_url = completeness/single_app_tracing/function_call/library_function/CallExpression_CustomCode_Interface_002_F +// bind_url = completeness/single_app_tracing/function_call/library_function/CallExpression_CustomCode_Interface_function_002_F // evaluation information end @RestController() @RequestMapping("completeness/single_app_tracing/function_call/library_function") -public class CallExpression_CustomCode_Interface_002_F { - @PostMapping(value = "CallExpression_CustomCode_Interface_002_F") +public class CallExpression_CustomCode_Interface_function_002_F { + @PostMapping(value = "CallExpression_CustomCode_Interface_function_002_F") public Map testcase(@PathVariable String cmd) { Map modelMap = new HashMap<>(); S s1 = new S(cmd); diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/function_call/library_function/config.json b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/function_call/library_function/config.json index 7fee7fab..43e718b7 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/function_call/library_function/config.json +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/function_call/library_function/config.json @@ -7,7 +7,7 @@ "level": "2+", "scene_list": [ { - "compose": "CallExpression_CustomCode_Interface_001_T.java && !CallExpression_CustomCode_Interface_002_F.java", + "compose": "CallExpression_CustomCode_Interface_function_001_T.java && !CallExpression_CustomCode_Interface_function_002_F.java", "scene": "Serializable接口" }, { @@ -35,4 +35,4 @@ ] } ] -} +} \ No newline at end of file diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/interface_class/abstract_class/CallExpression_CustomCode_Class_005_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/interface_class/abstract_class/CallExpression_CustomCode_abstract_class_001_T.java similarity index 87% rename from sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/interface_class/abstract_class/CallExpression_CustomCode_Class_005_T.java rename to sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/interface_class/abstract_class/CallExpression_CustomCode_abstract_class_001_T.java index 84b6445d..d4dfa6dc 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/interface_class/abstract_class/CallExpression_CustomCode_Class_005_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/interface_class/abstract_class/CallExpression_CustomCode_abstract_class_001_T.java @@ -17,12 +17,12 @@ // evaluation item = 完整度->单应用跟踪完整度->接口与类->抽象类的实现类 // scene introduction = 抽象类 // level = 2 -// bind_url = completeness/single_app_tracing/interface_class/abstract_class/CallExpression_CustomCode_Class_005_T +// bind_url = completeness/single_app_tracing/interface_class/abstract_class/CallExpression_CustomCode_abstract_class_001_T // evaluation information end @RestController() @RequestMapping("completeness/single_app_tracing/interface_class/abstract_class") -public class CallExpression_CustomCode_Class_005_T { - @GetMapping("CallExpression_CustomCode_Class_005_T") +public class CallExpression_CustomCode_abstract_class_001_T { + @GetMapping("CallExpression_CustomCode_abstract_class_001_T") public Map testcase(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/interface_class/abstract_class/CallExpression_CustomCode_Class_006_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/interface_class/abstract_class/CallExpression_CustomCode_abstract_class_002_F.java similarity index 87% rename from sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/interface_class/abstract_class/CallExpression_CustomCode_Class_006_F.java rename to sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/interface_class/abstract_class/CallExpression_CustomCode_abstract_class_002_F.java index 11f6a0c4..1ab34977 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/interface_class/abstract_class/CallExpression_CustomCode_Class_006_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/interface_class/abstract_class/CallExpression_CustomCode_abstract_class_002_F.java @@ -17,12 +17,12 @@ // evaluation item = 完整度->单应用跟踪完整度->接口与类->抽象类的实现类 // scene introduction = 抽象类 // level = 2 -// bind_url = completeness/single_app_tracing/interface_class/abstract_class/CallExpression_CustomCode_Class_006_F +// bind_url = completeness/single_app_tracing/interface_class/abstract_class/CallExpression_CustomCode_abstract_class_002_F // evaluation information end @RestController() @RequestMapping("completeness/single_app_tracing/interface_class/abstract_class") -public class CallExpression_CustomCode_Class_006_F { - @GetMapping("CallExpression_CustomCode_Class_006_F") +public class CallExpression_CustomCode_abstract_class_002_F { + @GetMapping("CallExpression_CustomCode_abstract_class_002_F") public Map testcase(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/interface_class/abstract_class/config.json b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/interface_class/abstract_class/config.json index 9dfd32bd..5bdf8644 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/interface_class/abstract_class/config.json +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/interface_class/abstract_class/config.json @@ -7,7 +7,7 @@ "level": "2", "scene_list": [ { - "compose": "CallExpression_CustomCode_Class_005_T.java && !CallExpression_CustomCode_Class_006_F.java", + "compose": "CallExpression_CustomCode_abstract_class_001_T.java && !CallExpression_CustomCode_abstract_class_002_F.java", "scene": "抽象类" } ] @@ -15,4 +15,4 @@ ] } ] -} +} \ No newline at end of file diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/interface_class/anonymous_object/CallExpression_CustomCode_Class_007_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/interface_class/anonymous_object/CallExpression_CustomCode_anonymous_object_001_T.java similarity index 87% rename from sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/interface_class/anonymous_object/CallExpression_CustomCode_Class_007_T.java rename to sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/interface_class/anonymous_object/CallExpression_CustomCode_anonymous_object_001_T.java index d6fcf7d7..2c00a794 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/interface_class/anonymous_object/CallExpression_CustomCode_Class_007_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/interface_class/anonymous_object/CallExpression_CustomCode_anonymous_object_001_T.java @@ -16,12 +16,12 @@ // evaluation item = 完整度->单应用跟踪完整度->接口与类->匿名对象 // scene introduction = 匿名类 // level = 2 -// bind_url = completeness/single_app_tracing/interface_class/anonymous_object/CallExpression_CustomCode_Class_007_T +// bind_url = completeness/single_app_tracing/interface_class/anonymous_object/CallExpression_CustomCode_anonymous_object_001_T // evaluation information end @RestController() @RequestMapping("completeness/single_app_tracing/interface_class/anonymous_object") -public class CallExpression_CustomCode_Class_007_T { - @GetMapping("CallExpression_CustomCode_Class_007_T") +public class CallExpression_CustomCode_anonymous_object_001_T { + @GetMapping("CallExpression_CustomCode_anonymous_object_001_T") public Map testcase(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/interface_class/anonymous_object/CallExpression_CustomCode_Class_008_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/interface_class/anonymous_object/CallExpression_CustomCode_anonymous_object_002_F.java similarity index 87% rename from sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/interface_class/anonymous_object/CallExpression_CustomCode_Class_008_F.java rename to sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/interface_class/anonymous_object/CallExpression_CustomCode_anonymous_object_002_F.java index 18e28a16..f032a4c1 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/interface_class/anonymous_object/CallExpression_CustomCode_Class_008_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/interface_class/anonymous_object/CallExpression_CustomCode_anonymous_object_002_F.java @@ -16,12 +16,12 @@ // evaluation item = 完整度->单应用跟踪完整度->接口与类->匿名对象 // scene introduction = 匿名类 // level = 2 -// bind_url = completeness/single_app_tracing/interface_class/anonymous_object/CallExpression_CustomCode_Class_008_F +// bind_url = completeness/single_app_tracing/interface_class/anonymous_object/CallExpression_CustomCode_anonymous_object_002_F // evaluation information end @RestController() @RequestMapping("completeness/single_app_tracing/interface_class/anonymous_object") -public class CallExpression_CustomCode_Class_008_F { - @GetMapping("CallExpression_CustomCode_Class_008_F") +public class CallExpression_CustomCode_anonymous_object_002_F { + @GetMapping("CallExpression_CustomCode_anonymous_object_002_F") public Map testcase(@RequestParam String cmd) { Map modelMap = new HashMap<>(); try { diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/interface_class/anonymous_object/config.json b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/interface_class/anonymous_object/config.json index 62a51a74..9005ed3c 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/interface_class/anonymous_object/config.json +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/interface_class/anonymous_object/config.json @@ -7,7 +7,7 @@ "level": "2", "scene_list": [ { - "compose": "CallExpression_CustomCode_Class_007_T.java && !CallExpression_CustomCode_Class_008_F.java", + "compose": "CallExpression_CustomCode_anonymous_object_001_T.java && !CallExpression_CustomCode_anonymous_object_002_F.java", "scene": "匿名类" } ] @@ -15,4 +15,4 @@ ] } ] -} +} \ No newline at end of file diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/interface_class/complex_object/CallExpression_CustomCode_Interface_003_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/interface_class/complex_object/CallExpression_CustomCode_Interface_001_T.java similarity index 92% rename from sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/interface_class/complex_object/CallExpression_CustomCode_Interface_003_T.java rename to sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/interface_class/complex_object/CallExpression_CustomCode_Interface_001_T.java index 7fa0f42b..4bb5fa87 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/interface_class/complex_object/CallExpression_CustomCode_Interface_003_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/interface_class/complex_object/CallExpression_CustomCode_Interface_001_T.java @@ -15,12 +15,12 @@ // evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 // scene introduction = 多重接口类型 // level = 2 -// bind_url = completeness/single_app_tracing/interface_class/complex_object/CallExpression_CustomCode_Interface_003_T +// bind_url = completeness/single_app_tracing/interface_class/complex_object/CallExpression_CustomCode_Interface_001_T // evaluation information end @RestController() @RequestMapping("completeness/single_app_tracing/interface_class/complex_object") -public class CallExpression_CustomCode_Interface_003_T { - @PostMapping(value = "CallExpression_CustomCode_Interface_003_T") +public class CallExpression_CustomCode_Interface_001_T { + @PostMapping(value = "CallExpression_CustomCode_Interface_001_T") public Map testcase(@PathVariable String cmd) { Map modelMap = new HashMap<>(); try { @@ -37,4 +37,4 @@ private interface Inter { String getCmd(String cmd, String cmd2); } } - \ No newline at end of file + diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/interface_class/complex_object/CallExpression_CustomCode_Interface_004_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/interface_class/complex_object/CallExpression_CustomCode_Interface_002_F.java similarity index 92% rename from sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/interface_class/complex_object/CallExpression_CustomCode_Interface_004_F.java rename to sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/interface_class/complex_object/CallExpression_CustomCode_Interface_002_F.java index 7d81af2e..4764f6d0 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/interface_class/complex_object/CallExpression_CustomCode_Interface_004_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/interface_class/complex_object/CallExpression_CustomCode_Interface_002_F.java @@ -15,12 +15,12 @@ // evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 // scene introduction = 多重接口类型 // level = 2 -// bind_url = completeness/single_app_tracing/interface_class/complex_object/CallExpression_CustomCode_Interface_004_F +// bind_url = completeness/single_app_tracing/interface_class/complex_object/CallExpression_CustomCode_Interface_002_F // evaluation information end @RestController() @RequestMapping("completeness/single_app_tracing/interface_class/complex_object") -public class CallExpression_CustomCode_Interface_004_F { - @PostMapping(value = "CallExpression_CustomCode_Interface_004_F") +public class CallExpression_CustomCode_Interface_002_F { + @PostMapping(value = "CallExpression_CustomCode_Interface_002_F") public Map testcase(@PathVariable String cmd) { Map modelMap = new HashMap<>(); try { @@ -37,4 +37,4 @@ private interface Inter { String getCmd(String cmd, String cmd2); } } - \ No newline at end of file + diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/interface_class/complex_object/config.json b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/interface_class/complex_object/config.json index 6b6bc27d..2d18b659 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/interface_class/complex_object/config.json +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/interface_class/complex_object/config.json @@ -15,7 +15,7 @@ "scene": "局部类" }, { - "compose": "CallExpression_CustomCode_Interface_003_T.java && !CallExpression_CustomCode_Interface_004_F.java", + "compose": "CallExpression_CustomCode_Interface_001_T.java && !CallExpression_CustomCode_Interface_002_F.java", "scene": "多重接口类型" } ] diff --git a/sast-js/case/accuracy/context_sensitive/multi_invoke/multi_invoke_001_T.js b/sast-js/case/accuracy/context_sensitive/multi_invoke/multi_invoke_001_T.js index 83cc3154..a8632423 100644 --- a/sast-js/case/accuracy/context_sensitive/multi_invoke/multi_invoke_001_T.js +++ b/sast-js/case/accuracy/context_sensitive/multi_invoke/multi_invoke_001_T.js @@ -7,7 +7,7 @@ // evaluation information end const { execSync } = require('child_process'); -function argument_passing_value_001_T(__taint_src) { +function multi_invoke_001_T(__taint_src) { let a = process(__taint_src); let b = process("_"); __taint_sink(a); @@ -17,8 +17,8 @@ function argument_passing_value_001_T(__taint_src) { } } -function __taint_sink(o) { - execSync(o); +function __taint_sink(o) { + execSync(o); } const taint_src = "taint_src_value"; diff --git a/sast-js/case/accuracy/context_sensitive/multi_invoke/multi_invoke_002_F.js b/sast-js/case/accuracy/context_sensitive/multi_invoke/multi_invoke_002_F.js index 833c93cd..4cf549fe 100644 --- a/sast-js/case/accuracy/context_sensitive/multi_invoke/multi_invoke_002_F.js +++ b/sast-js/case/accuracy/context_sensitive/multi_invoke/multi_invoke_002_F.js @@ -7,7 +7,7 @@ // evaluation information end const { execSync } = require('child_process'); -function argument_passing_value_001_T(__taint_src) { +function multi_invoke_002_F(__taint_src) { let a = process(__taint_src); let b = process("_"); __taint_sink(b); @@ -17,8 +17,8 @@ function argument_passing_value_001_T(__taint_src) { } } -function __taint_sink(o) { - execSync(o); +function __taint_sink(o) { + execSync(o); } const taint_src = "taint_src_value"; diff --git a/sast-js/case/accuracy/context_sensitive/polymorphism/no_solver/config.json b/sast-js/case/accuracy/context_sensitive/polymorphism/no_solver/config.json index e7fe530f..a3f9fa69 100644 --- a/sast-js/case/accuracy/context_sensitive/polymorphism/no_solver/config.json +++ b/sast-js/case/accuracy/context_sensitive/polymorphism/no_solver/config.json @@ -7,7 +7,7 @@ "level": "2", "scene_list": [ { - "compose": "polymorphism_001_T.js && !polymorphism_002_F.js", + "compose": "polymorphism_no_solver_001_T.js && !polymorphism_no_solver_002_F.js", "scene": "1" } ] diff --git a/sast-js/case/accuracy/context_sensitive/polymorphism/no_solver/polymorphism_001_T.js b/sast-js/case/accuracy/context_sensitive/polymorphism/no_solver/polymorphism_no_solver_001_T.js similarity index 82% rename from sast-js/case/accuracy/context_sensitive/polymorphism/no_solver/polymorphism_001_T.js rename to sast-js/case/accuracy/context_sensitive/polymorphism/no_solver/polymorphism_no_solver_001_T.js index e268f6a7..6ca0db26 100644 --- a/sast-js/case/accuracy/context_sensitive/polymorphism/no_solver/polymorphism_001_T.js +++ b/sast-js/case/accuracy/context_sensitive/polymorphism/no_solver/polymorphism_no_solver_001_T.js @@ -3,11 +3,11 @@ // evaluation item = 准确度->上下文敏感分析->多态->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 // scene introduction = // level = 2 -// bind_url = accuracy/context_sensitive/polymorphism/polymorphism_001_T +// bind_url = accuracy/context_sensitive/polymorphism/polymorphism_no_solver_001_T // evaluation information end const { execSync } = require('child_process'); -function polymorphism_001_T(__taint_src) { +function polymorphism_no_solver_001_T(__taint_src) { class Base { } class Sub1 extends Base { @@ -32,4 +32,4 @@ function __taint_sink(o) { const taint_src = "taint_src_value"; -polymorphism_001_T(taint_src); +polymorphism_no_solver_001_T(taint_src); diff --git a/sast-js/case/accuracy/context_sensitive/polymorphism/no_solver/polymorphism_002_F.js b/sast-js/case/accuracy/context_sensitive/polymorphism/no_solver/polymorphism_no_solver_002_F.js similarity index 82% rename from sast-js/case/accuracy/context_sensitive/polymorphism/no_solver/polymorphism_002_F.js rename to sast-js/case/accuracy/context_sensitive/polymorphism/no_solver/polymorphism_no_solver_002_F.js index d67bf634..6d4b0cd2 100644 --- a/sast-js/case/accuracy/context_sensitive/polymorphism/no_solver/polymorphism_002_F.js +++ b/sast-js/case/accuracy/context_sensitive/polymorphism/no_solver/polymorphism_no_solver_002_F.js @@ -3,11 +3,11 @@ // evaluation item = 准确度->上下文敏感分析->多态->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 // scene introduction = // level = 2 -// bind_url = accuracy/context_sensitive/polymorphism/polymorphism_002_F +// bind_url = accuracy/context_sensitive/polymorphism/polymorphism_no_solver_002_F // evaluation information end const { execSync } = require('child_process'); -function polymorphism_002_F(__taint_src) { +function polymorphism_no_solver_002_F(__taint_src) { class Base { } class Sub1 extends Base { @@ -32,4 +32,4 @@ function __taint_sink(o) { const taint_src = "taint_src_value"; -polymorphism_002_F(taint_src); +polymorphism_no_solver_002_F(taint_src); diff --git a/sast-js/case/accuracy/context_sensitive/polymorphism/solver/config.json b/sast-js/case/accuracy/context_sensitive/polymorphism/solver/config.json index 8d5a256a..042f1b27 100644 --- a/sast-js/case/accuracy/context_sensitive/polymorphism/solver/config.json +++ b/sast-js/case/accuracy/context_sensitive/polymorphism/solver/config.json @@ -1,18 +1,18 @@ -{ - "solver": [ - { - "evaluation_item": "准确度->上下文敏感分析->多态->能够对上下文条件进行求解,以区分不同执行路径的状态", - "scene_levels": [ - { - "level": "4", - "scene_list": [ - { - "compose": "polymorphism_003_T.js && !polymorphism_004_F.js", - "scene": "条件表达式(需求解)" - } - ] - } - ] - } - ] +{ + "solver": [ + { + "evaluation_item": "准确度->上下文敏感分析->多态->能够对上下文条件进行求解,以区分不同执行路径的状态", + "scene_levels": [ + { + "level": "4", + "scene_list": [ + { + "compose": "polymorphism_001_T.js && !polymorphism_002_F.js", + "scene": "条件表达式(需求解)" + } + ] + } + ] + } + ] } \ No newline at end of file diff --git a/sast-js/case/accuracy/context_sensitive/polymorphism/solver/polymorphism_003_T.js b/sast-js/case/accuracy/context_sensitive/polymorphism/solver/polymorphism_001_T.js similarity index 88% rename from sast-js/case/accuracy/context_sensitive/polymorphism/solver/polymorphism_003_T.js rename to sast-js/case/accuracy/context_sensitive/polymorphism/solver/polymorphism_001_T.js index e0d03627..b979e9a8 100644 --- a/sast-js/case/accuracy/context_sensitive/polymorphism/solver/polymorphism_003_T.js +++ b/sast-js/case/accuracy/context_sensitive/polymorphism/solver/polymorphism_001_T.js @@ -3,11 +3,11 @@ // evaluation item = 准确度->上下文敏感分析->多态->能够对上下文条件进行求解,以区分不同执行路径的状态 // scene introduction = 条件表达式(需求解) // level = 4 -// bind_url = accuracy/context_sensitive/polymorphism/polymorphism_003_T +// bind_url = accuracy/context_sensitive/polymorphism/polymorphism_001_T // evaluation information end const { execSync } = require('child_process'); -function polymorphism_003_T(__taint_src) { +function polymorphism_001_T(__taint_src) { class BaseClass1 { constructor() { this.data = __taint_src; @@ -49,4 +49,4 @@ function __taint_sink(o) { const taint_src = "taint_src_value"; -polymorphism_003_T(taint_src); +polymorphism_001_T(taint_src); diff --git a/sast-js/case/accuracy/context_sensitive/polymorphism/solver/polymorphism_004_F.js b/sast-js/case/accuracy/context_sensitive/polymorphism/solver/polymorphism_002_F.js similarity index 88% rename from sast-js/case/accuracy/context_sensitive/polymorphism/solver/polymorphism_004_F.js rename to sast-js/case/accuracy/context_sensitive/polymorphism/solver/polymorphism_002_F.js index 319e2379..dfc0e0aa 100644 --- a/sast-js/case/accuracy/context_sensitive/polymorphism/solver/polymorphism_004_F.js +++ b/sast-js/case/accuracy/context_sensitive/polymorphism/solver/polymorphism_002_F.js @@ -3,11 +3,11 @@ // evaluation item = 准确度->上下文敏感分析->多态->能够对上下文条件进行求解,以区分不同执行路径的状态 // scene introduction = 条件表达式(需求解) // level = 4 -// bind_url = accuracy/context_sensitive/polymorphism/polymorphism_004_F +// bind_url = accuracy/context_sensitive/polymorphism/polymorphism_002_F // evaluation information end const { execSync } = require('child_process'); -function polymorphism_004_F(__taint_src) { +function polymorphism_002_F(__taint_src) { class BaseClass1 { constructor() { this.data = __taint_src; @@ -49,4 +49,4 @@ function __taint_sink(o) { const taint_src = "taint_src_value"; -polymorphism_004_F(taint_src); +polymorphism_002_F(taint_src); diff --git a/sast-js/case/accuracy/field_sensitive/class/field_len_006_F.js b/sast-js/case/accuracy/field_sensitive/class/field_len_006_F.js index e102a9bc..331862e7 100644 --- a/sast-js/case/accuracy/field_sensitive/class/field_len_006_F.js +++ b/sast-js/case/accuracy/field_sensitive/class/field_len_006_F.js @@ -8,7 +8,7 @@ const { execSync } = require('child_process'); -function field_len_006_T(__taint_src) { +function field_len_006_F(__taint_src) { class A { constructor() { this.b = new B(); @@ -86,8 +86,8 @@ function field_len_006_T(__taint_src) { __taint_sink(a.b.c.d.e.f.g.h.i.j.k.l.sani); } -function __taint_sink(o) { - execSync(o); +function __taint_sink(o) { + execSync(o); } const taint_src = "taint_src_value"; diff --git a/sast-js/case/accuracy/field_sensitive/multidimensional_collection/array_011_T.js b/sast-js/case/accuracy/field_sensitive/multidimensional_collection/array_multidimensional_collection_001_T.js similarity index 74% rename from sast-js/case/accuracy/field_sensitive/multidimensional_collection/array_011_T.js rename to sast-js/case/accuracy/field_sensitive/multidimensional_collection/array_multidimensional_collection_001_T.js index df7d0918..efa057f7 100644 --- a/sast-js/case/accuracy/field_sensitive/multidimensional_collection/array_011_T.js +++ b/sast-js/case/accuracy/field_sensitive/multidimensional_collection/array_multidimensional_collection_001_T.js @@ -3,12 +3,12 @@ // evaluation item = 准确度->对象敏感与域敏感分析->区分多维字典/列表/数组的不同元素 // scene introduction = 数组索引->二维 // level = 4 -// bind_url = accuracy/field_sensitive/multidimensional_collection/array_011_T +// bind_url = accuracy/field_sensitive/multidimensional_collection/array_multidimensional_collection_001_T // evaluation information end const { execSync } = require('child_process'); -function array_011_T(__taint_src) { +function array_multidimensional_collection_001_T(__taint_src) { let s = [[__taint_src], ["b"], "c"]; __taint_sink(s[0][0]); } @@ -19,4 +19,4 @@ function __taint_sink(o) { const taint_src = "taint_src_value"; -array_011_T(taint_src); +array_multidimensional_collection_001_T(taint_src); diff --git a/sast-js/case/accuracy/field_sensitive/multidimensional_collection/array_012_F.js b/sast-js/case/accuracy/field_sensitive/multidimensional_collection/array_multidimensional_collection_002_F.js similarity index 74% rename from sast-js/case/accuracy/field_sensitive/multidimensional_collection/array_012_F.js rename to sast-js/case/accuracy/field_sensitive/multidimensional_collection/array_multidimensional_collection_002_F.js index e07ad003..4852778f 100644 --- a/sast-js/case/accuracy/field_sensitive/multidimensional_collection/array_012_F.js +++ b/sast-js/case/accuracy/field_sensitive/multidimensional_collection/array_multidimensional_collection_002_F.js @@ -3,12 +3,12 @@ // evaluation item = 准确度->对象敏感与域敏感分析->区分多维字典/列表/数组的不同元素 // scene introduction = 数组索引->二维 // level = 4 -// bind_url = accuracy/field_sensitive/multidimensional_collection/array_012_F +// bind_url = accuracy/field_sensitive/multidimensional_collection/array_multidimensional_collection_002_F // evaluation information end const { execSync } = require('child_process'); -function array_012_F(__taint_src) { +function array_multidimensional_collection_002_F(__taint_src) { let s = [[__taint_src], ["b"], "c"]; __taint_sink(s[1]); } @@ -19,4 +19,4 @@ function __taint_sink(o) { const taint_src = "taint_src_value"; -array_012_F(taint_src); +array_multidimensional_collection_002_F(taint_src); diff --git a/sast-js/case/accuracy/field_sensitive/multidimensional_collection/config.json b/sast-js/case/accuracy/field_sensitive/multidimensional_collection/config.json index a01cc822..a63d7e7a 100644 --- a/sast-js/case/accuracy/field_sensitive/multidimensional_collection/config.json +++ b/sast-js/case/accuracy/field_sensitive/multidimensional_collection/config.json @@ -1,18 +1,18 @@ -{ - "multidimensional_collection": [ - { - "evaluation_item": "准确度->对象敏感与域敏感分析->区分多维字典/列表/数组的不同元素", - "scene_levels": [ - { - "level": "4", - "scene_list": [ - { - "compose": "array_011_T.js && !array_012_F.js", - "scene": "数组索引->二维" - } - ] - } - ] - } - ] +{ + "multidimensional_collection": [ + { + "evaluation_item": "准确度->对象敏感与域敏感分析->区分多维字典/列表/数组的不同元素", + "scene_levels": [ + { + "level": "4", + "scene_list": [ + { + "compose": "array_multidimensional_collection_001_T.js && !array_multidimensional_collection_002_F.js", + "scene": "数组索引->二维" + } + ] + } + ] + } + ] } \ No newline at end of file diff --git a/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_007_T.js b/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_no_solver_001_T.js similarity index 79% rename from sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_007_T.js rename to sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_no_solver_001_T.js index 9a832c8e..1685fb80 100644 --- a/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_007_T.js +++ b/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_no_solver_001_T.js @@ -3,12 +3,12 @@ // evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) // scene introduction = 数组索引 // level = 3 -// bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_007_T +// bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_no_solver_001_T // evaluation information end const { execSync } = require('child_process'); -function array_007_T(__taint_src) { +function array_no_solver_001_T(__taint_src) { let s = [__taint_src, "b", "c"]; __taint_sink(s[0]); } @@ -19,4 +19,4 @@ function __taint_sink(o) { const taint_src = "taint_src_value"; -array_007_T(taint_src); +array_no_solver_001_T(taint_src); diff --git a/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_008_F.js b/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_no_solver_002_F.js similarity index 79% rename from sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_008_F.js rename to sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_no_solver_002_F.js index b0aabd3f..6348557b 100644 --- a/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_008_F.js +++ b/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_no_solver_002_F.js @@ -3,12 +3,12 @@ // evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) // scene introduction = 数组索引 // level = 3 -// bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_008_F +// bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_no_solver_002_F // evaluation information end const { execSync } = require('child_process'); -function array_008_F(__taint_src) { +function array_no_solver_002_F(__taint_src) { let s = [__taint_src, "b", "c"]; __taint_sink(s[1]); } @@ -19,4 +19,4 @@ function __taint_sink(o) { const taint_src = "taint_src_value"; -array_008_F(taint_src); +array_no_solver_002_F(taint_src); diff --git a/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_009_T.js b/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_no_solver_003_T.js similarity index 79% rename from sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_009_T.js rename to sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_no_solver_003_T.js index 4350c583..e0a5013b 100644 --- a/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_009_T.js +++ b/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_no_solver_003_T.js @@ -3,12 +3,12 @@ // evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) // scene introduction = 数组索引 // level = 3 -// bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_009_T +// bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_no_solver_003_T // evaluation information end const { execSync } = require('child_process'); -function array_009_T(__taint_src) { +function array_no_solver_003_T(__taint_src) { let s = [__taint_src, "b", "c"]; s[1] = "_"; __taint_sink(s); @@ -20,4 +20,4 @@ function __taint_sink(o) { const taint_src = "taint_src_value"; -array_009_T(taint_src); +array_no_solver_003_T(taint_src); diff --git a/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_010_F.js b/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_no_solver_004_F.js similarity index 79% rename from sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_010_F.js rename to sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_no_solver_004_F.js index 86e73798..20bb6467 100644 --- a/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_010_F.js +++ b/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_no_solver_004_F.js @@ -3,12 +3,12 @@ // evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) // scene introduction = 数组索引 // level = 3 -// bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_010_F +// bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_no_solver_004_F // evaluation information end const { execSync } = require('child_process'); -function array_010_F(__taint_src) { +function array_no_solver_004_F(__taint_src) { let s = [__taint_src, "b", "c"]; s[0] = "_"; __taint_sink(s); @@ -20,4 +20,4 @@ function __taint_sink(o) { const taint_src = "taint_src_value"; -array_010_F(taint_src); +array_no_solver_004_F(taint_src); diff --git a/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/config.json b/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/config.json index b2530eb7..3e534369 100644 --- a/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/config.json +++ b/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/config.json @@ -1,50 +1,50 @@ -{ - "numeric_index_state_no_solver": [ - { - "evaluation_item": "准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解)", - "scene_levels": [ - { - "level": "3", - "scene_list": [ - { - "compose": "array_007_T.js && !array_008_F.js", - "scene": "数组索引" - }, - { - "compose": "array_009_T.js && !array_010_F.js", - "scene": "数组索引2" - }, - { - "compose": "map_field_sensitive_001_T.js && !map_field_sensitive_002_F.js && !map_field_sensitive_003_F.js", - "scene": "字典/映射(Map)-对象敏感与域敏感分析" - }, - { - "compose": "map_field_sensitive_004_T.js && !map_field_sensitive_005_F.js", - "scene": "delete函数" - }, - { - "compose": "map_field_sensitive_006_T.js && !map_field_sensitive_007_F.js", - "scene": "map类库函数values()" - }, - { - "compose": "map_field_sensitive_008_T.js && !map_field_sensitive_009_F.js", - "scene": "map类库函数keys()" - }, - { - "compose": "spread_operator_007_T.js && !spread_operator_008_F.js", - "scene": "数组索引->扩展运算符" - }, - { - "compose": "spread_operator_009_T.js && !spread_operator_010_F.js", - "scene": "数组索引->扩展运算符2" - }, - { - "compose": "rest_parameter_007_T.js && !rest_parameter_008_F.js", - "scene": "数组索引->剩余参数" - } - ] - } - ] - } - ] +{ + "numeric_index_state_no_solver": [ + { + "evaluation_item": "准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解)", + "scene_levels": [ + { + "level": "3", + "scene_list": [ + { + "compose": "array_no_solver_001_T.js && !array_no_solver_002_F.js", + "scene": "数组索引" + }, + { + "compose": "array_no_solver_003_T.js && !array_no_solver_004_F.js", + "scene": "数组索引2" + }, + { + "compose": "map_field_sensitive_001_T.js && !map_field_sensitive_002_F.js && !map_field_sensitive_003_F.js", + "scene": "字典/映射(Map)-对象敏感与域敏感分析" + }, + { + "compose": "map_field_sensitive_004_T.js && !map_field_sensitive_005_F.js", + "scene": "delete函数" + }, + { + "compose": "map_field_sensitive_006_T.js && !map_field_sensitive_007_F.js", + "scene": "map类库函数values()" + }, + { + "compose": "map_field_sensitive_008_T.js && !map_field_sensitive_009_F.js", + "scene": "map类库函数keys()" + }, + { + "compose": "spread_operator_no_solver_001_T.js && !spread_operator_no_solver_002_F.js", + "scene": "数组索引->扩展运算符" + }, + { + "compose": "spread_operator_no_solver_003_T.js && !spread_operator_no_solver_004_F.js", + "scene": "数组索引->扩展运算符2" + }, + { + "compose": "rest_parameter_no_solver_001_T.js && !rest_parameter_no_solver_002_F.js", + "scene": "数组索引->剩余参数" + } + ] + } + ] + } + ] } \ No newline at end of file diff --git a/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/rest_parameter_007_T.js b/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/rest_parameter_no_solver_001_T.js similarity index 78% rename from sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/rest_parameter_007_T.js rename to sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/rest_parameter_no_solver_001_T.js index e76ad201..79032c30 100644 --- a/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/rest_parameter_007_T.js +++ b/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/rest_parameter_no_solver_001_T.js @@ -3,12 +3,12 @@ // evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) // scene introduction = 数组索引->剩余参数 // level = 3 -// bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/rest_parameter_007_T +// bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/rest_parameter_no_solver_001_T // evaluation information end const { execSync } = require('child_process'); -function rest_parameter_007_T(__taint_src) { +function rest_parameter_no_solver_001_T(__taint_src) { collectArgs("prefix", __taint_src, "suffix"); } @@ -22,4 +22,4 @@ function __taint_sink(o) { const taint_src = "taint_src_value"; -rest_parameter_007_T(taint_src); +rest_parameter_no_solver_001_T(taint_src); diff --git a/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/rest_parameter_008_F.js b/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/rest_parameter_no_solver_002_F.js similarity index 78% rename from sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/rest_parameter_008_F.js rename to sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/rest_parameter_no_solver_002_F.js index 05c1d3d4..946b9fa3 100644 --- a/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/rest_parameter_008_F.js +++ b/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/rest_parameter_no_solver_002_F.js @@ -3,12 +3,12 @@ // evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) // scene introduction = 数组索引->剩余参数 // level = 3 -// bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/rest_parameter_008_F +// bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/rest_parameter_no_solver_002_F // evaluation information end const { execSync } = require('child_process'); -function rest_parameter_008_F(__taint_src) { +function rest_parameter_no_solver_002_F(__taint_src) { collectArgs("prefix", __taint_src, "suffix"); } @@ -22,4 +22,4 @@ function __taint_sink(o) { const taint_src = "taint_src_value"; -rest_parameter_008_F(taint_src); +rest_parameter_no_solver_002_F(taint_src); diff --git a/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_007_T.js b/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_001_T.js similarity index 78% rename from sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_007_T.js rename to sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_001_T.js index 81915817..5a7c1f31 100644 --- a/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_007_T.js +++ b/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_001_T.js @@ -3,12 +3,12 @@ // evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) // scene introduction = 数组索引->扩展运算符 // level = 3 -// bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_007_T +// bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_001_T // evaluation information end const { execSync } = require('child_process'); -function spread_operator_007_T(__taint_src) { +function spread_operator_no_solver_001_T(__taint_src) { const foo = __taint_src; const bar = "hello world"; const [r1, r2, ...rest] = [123, 456, foo, bar]; @@ -21,4 +21,4 @@ function __taint_sink(o) { const taint_src = "taint_src_value"; -spread_operator_007_T(taint_src); +spread_operator_no_solver_001_T(taint_src); diff --git a/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_008_F.js b/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_002_F.js similarity index 85% rename from sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_008_F.js rename to sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_002_F.js index e5bec06f..b14a9b36 100644 --- a/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_008_F.js +++ b/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_002_F.js @@ -8,7 +8,7 @@ const { execSync } = require('child_process'); -function spread_operator_008_F(__taint_src) { +function spread_operator_no_solver_002_F(__taint_src) { const foo = __taint_src; const bar = "hello world"; const [r1, r2, ...rest] = [123, 456, foo, bar]; @@ -21,4 +21,4 @@ function __taint_sink(o) { const taint_src = "taint_src_value"; -spread_operator_008_F(taint_src); +spread_operator_no_solver_002_F(taint_src); diff --git a/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_009_T.js b/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_003_T.js similarity index 77% rename from sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_009_T.js rename to sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_003_T.js index 93bb4d0c..9de1b79c 100644 --- a/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_009_T.js +++ b/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_003_T.js @@ -3,12 +3,12 @@ // evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) // scene introduction = 数组索引->扩展运算符 // level = 3 -// bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_009_T +// bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_003_T // evaluation information end const { execSync } = require('child_process'); -function spread_operator_009_T(__taint_src) { +function spread_operator_no_solver_003_T(__taint_src) { let array1 = ["a", "b", __taint_src]; let array = ["c", ...array1]; __taint_sink(array[3]); @@ -20,4 +20,4 @@ function __taint_sink(o) { const taint_src = "taint_src_value"; -spread_operator_009_T(taint_src); +spread_operator_no_solver_003_T(taint_src); diff --git a/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_010_F.js b/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_004_F.js similarity index 77% rename from sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_010_F.js rename to sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_004_F.js index 9154bf03..0e680c92 100644 --- a/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_010_F.js +++ b/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_004_F.js @@ -3,12 +3,12 @@ // evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) // scene introduction = 数组索引->扩展运算符 // level = 3 -// bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_010_F +// bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_004_F // evaluation information end const { execSync } = require('child_process'); -function spread_operator_010_F(__taint_src) { +function spread_operator_no_solver_004_F(__taint_src) { let array1 = ["a", "b", __taint_src]; let array = ["c", ...array1]; __taint_sink(array[0]); @@ -20,4 +20,4 @@ function __taint_sink(o) { const taint_src = "taint_src_value"; -spread_operator_010_F(taint_src); +spread_operator_no_solver_004_F(taint_src); diff --git a/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_013_T.js b/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_001_T.js similarity index 81% rename from sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_013_T.js rename to sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_001_T.js index d5a06f4d..abb72b7f 100644 --- a/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_013_T.js +++ b/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_001_T.js @@ -3,20 +3,20 @@ // evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值非数字的场景,能够区分不同索引上特定元素的状态(需要求解) // scene introduction = 数组索引->需求解 // level = 4 -// bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_013_T +// bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_001_T // evaluation information end const { execSync } = require('child_process'); -function array_013_T(__taint_src) { +function array_solver_001_T(__taint_src) { let s = ["a", "b", __taint_src, "c", "d"]; __taint_sink(s[1 + 1]); } -function __taint_sink(o) { - execSync(o); +function __taint_sink(o) { + execSync(o); } const taint_src = "taint_src_value"; -array_013_T(taint_src); +array_solver_001_T(taint_src); diff --git a/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_014_F.js b/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_002_F.js similarity index 81% rename from sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_014_F.js rename to sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_002_F.js index 09038262..01ea228a 100644 --- a/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_014_F.js +++ b/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_002_F.js @@ -3,20 +3,20 @@ // evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值非数字的场景,能够区分不同索引上特定元素的状态(需要求解) // scene introduction = 数组索引->需求解 // level = 4 -// bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_014_F +// bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_002_F // evaluation information end const { execSync } = require('child_process'); -function array_014_F(__taint_src) { +function array_solver_002_F(__taint_src) { let s = ["a", "b", __taint_src, "c", "d"]; __taint_sink(s[1 + 2]); } -function __taint_sink(o) { - execSync(o); +function __taint_sink(o) { + execSync(o); } const taint_src = "taint_src_value"; -array_014_F(taint_src); +array_solver_002_F(taint_src); diff --git a/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/config.json b/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/config.json index a56a94ce..abf7e8cc 100644 --- a/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/config.json +++ b/sast-js/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/config.json @@ -1,18 +1,18 @@ -{ - "numeric_index_state_solver": [ - { - "evaluation_item": "准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值非数字的场景,能够区分不同索引上特定元素的状态(需要求解)", - "scene_levels": [ - { - "level": "4", - "scene_list": [ - { - "compose": "array_013_T.js && !array_014_F.js", - "scene": "数组索引->需求解" - } - ] - } - ] - } - ] +{ + "numeric_index_state_solver": [ + { + "evaluation_item": "准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值非数字的场景,能够区分不同索引上特定元素的状态(需要求解)", + "scene_levels": [ + { + "level": "4", + "scene_list": [ + { + "compose": "array_solver_001_T.js && !array_solver_002_F.js", + "scene": "数组索引->需求解" + } + ] + } + ] + } + ] } \ No newline at end of file diff --git a/sast-js/case/accuracy/flow_sensitive/loop_stmt/config.json b/sast-js/case/accuracy/flow_sensitive/loop_stmt/config.json index 2337f19a..3f51de11 100644 --- a/sast-js/case/accuracy/flow_sensitive/loop_stmt/config.json +++ b/sast-js/case/accuracy/flow_sensitive/loop_stmt/config.json @@ -1,26 +1,26 @@ -{ - "loop_stmt": [ - { - "evaluation_item": "准确度->流敏感分析->循环顺序执行语句", - "scene_levels": [ - { - "level": "2", - "scene_list": [ - { - "compose": "for_003_T.js && !for_004_F.js", - "scene": "for->init流敏感" - }, - { - "compose": "for_001_T.js && !for_002_F.js", - "scene": "for->body流敏感" - }, - { - "compose": "dowhile_body_003_T.js && !dowhile_body_004_F.js", - "scene": "dowhile" - } - ] - } - ] - } - ] +{ + "loop_stmt": [ + { + "evaluation_item": "准确度->流敏感分析->循环顺序执行语句", + "scene_levels": [ + { + "level": "2", + "scene_list": [ + { + "compose": "for_003_T.js && !for_004_F.js", + "scene": "for->init流敏感" + }, + { + "compose": "for_001_T.js && !for_002_F.js", + "scene": "for->body流敏感" + }, + { + "compose": "dowhile_body_loop_stmt_001_T.js && !dowhile_body_loop_stmt_002_F.js", + "scene": "dowhile" + } + ] + } + ] + } + ] } \ No newline at end of file diff --git a/sast-js/case/accuracy/flow_sensitive/loop_stmt/dowhile_body_003_T.js b/sast-js/case/accuracy/flow_sensitive/loop_stmt/dowhile_body_loop_stmt_001_T.js similarity index 69% rename from sast-js/case/accuracy/flow_sensitive/loop_stmt/dowhile_body_003_T.js rename to sast-js/case/accuracy/flow_sensitive/loop_stmt/dowhile_body_loop_stmt_001_T.js index 33ee1161..9ef43b22 100644 --- a/sast-js/case/accuracy/flow_sensitive/loop_stmt/dowhile_body_003_T.js +++ b/sast-js/case/accuracy/flow_sensitive/loop_stmt/dowhile_body_loop_stmt_001_T.js @@ -3,12 +3,12 @@ // evaluation item = 准确度->流敏感分析->循环顺序执行语句 // scene introduction = dowhile // level = 2 -// bind_url = accuracy/flow_sensitive/loop_stmt/dowhile_body_003_T +// bind_url = accuracy/flow_sensitive/loop_stmt/dowhile_body_loop_stmt_001_T // evaluation information end const { execSync } = require('child_process'); -function dowhile_body_003_T(__taint_src) { +function dowhile_body_loop_stmt_001_T(__taint_src) { let res = ""; do { res = __taint_src; @@ -22,4 +22,4 @@ function __taint_sink(o) { const taint_src = "taint_src_value"; -dowhile_body_003_T(taint_src); +dowhile_body_loop_stmt_001_T(taint_src); diff --git a/sast-js/case/accuracy/flow_sensitive/loop_stmt/dowhile_body_004_F.js b/sast-js/case/accuracy/flow_sensitive/loop_stmt/dowhile_body_loop_stmt_002_F.js similarity index 69% rename from sast-js/case/accuracy/flow_sensitive/loop_stmt/dowhile_body_004_F.js rename to sast-js/case/accuracy/flow_sensitive/loop_stmt/dowhile_body_loop_stmt_002_F.js index 56bdcf1b..1a4e9f3d 100644 --- a/sast-js/case/accuracy/flow_sensitive/loop_stmt/dowhile_body_004_F.js +++ b/sast-js/case/accuracy/flow_sensitive/loop_stmt/dowhile_body_loop_stmt_002_F.js @@ -3,12 +3,12 @@ // evaluation item = 准确度->流敏感分析->循环顺序执行语句 // scene introduction = dowhile // level = 2 -// bind_url = accuracy/flow_sensitive/loop_stmt/dowhile_body_004_F +// bind_url = accuracy/flow_sensitive/loop_stmt/dowhile_body_loop_stmt_002_F // evaluation information end const { execSync } = require('child_process'); -function dowhile_body_004_F(__taint_src) { +function dowhile_body_loop_stmt_002_F(__taint_src) { let res = ""; do { __taint_sink(res); @@ -22,4 +22,4 @@ function __taint_sink(o) { const taint_src = "taint_src_value"; -dowhile_body_004_F(taint_src); +dowhile_body_loop_stmt_002_F(taint_src); diff --git a/sast-js/case/accuracy/object_sensitive/collection/array_object_sensitive_002_F.js b/sast-js/case/accuracy/object_sensitive/collection/array_object_sensitive_002_F.js index 3a8f2dcd..582d80fc 100644 --- a/sast-js/case/accuracy/object_sensitive/collection/array_object_sensitive_002_F.js +++ b/sast-js/case/accuracy/object_sensitive/collection/array_object_sensitive_002_F.js @@ -14,8 +14,8 @@ function array_object_sensitive_002_F(__taint_src) { __taint_sink(s2); } -function __taint_sink(o) { - execSync(o); +function __taint_sink(o) { + execSync(o); } const taint_src = "taint_src_value"; diff --git a/sast-js/case/accuracy/object_sensitive/collection/array_object_sensitive_006_F.js b/sast-js/case/accuracy/object_sensitive/collection/array_object_sensitive_006_F.js index b22b2fb1..1cd28bf1 100644 --- a/sast-js/case/accuracy/object_sensitive/collection/array_object_sensitive_006_F.js +++ b/sast-js/case/accuracy/object_sensitive/collection/array_object_sensitive_006_F.js @@ -16,6 +16,11 @@ function array_object_sensitive_006_F(__taint_src) { __taint_sink(s2); } +function __taint_sink(o) { + execSync(o); +} + + const taint_src = "taint_src_value"; array_object_sensitive_006_F(taint_src); diff --git a/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_007_F.js b/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_001_F.js similarity index 80% rename from sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_007_F.js rename to sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_001_F.js index b6031f75..a67232a5 100644 --- a/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_007_F.js +++ b/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_001_F.js @@ -3,12 +3,12 @@ // evaluation item =准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 // scene introduction = 区分if else准入条件(不需求解)->if->区分分支 // level = 3 -// bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_007_F +// bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_001_F // evaluation information end const { execSync } = require('child_process'); -function conditional_if_007_F(__taint_src) { +function conditional_if_no_solver_001_F(__taint_src) { if (true) { res = __taint_src; } else { @@ -16,10 +16,10 @@ function conditional_if_007_F(__taint_src) { } } -function __taint_sink(o) { - execSync(o); +function __taint_sink(o) { + execSync(o); } const taint_src = "taint_src_value"; -conditional_if_007_F(taint_src); +conditional_if_no_solver_001_F(taint_src); diff --git a/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_008_F.js b/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_002_F.js similarity index 80% rename from sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_008_F.js rename to sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_002_F.js index 4755d690..7693f4b7 100644 --- a/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_008_F.js +++ b/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_002_F.js @@ -3,12 +3,12 @@ // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 // scene introduction = 区分if else准入条件(不需求解)->if->区分分支 // level = 3 -// bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_008_F +// bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_002_F // evaluation information end const { execSync } = require('child_process'); -function conditional_if_008_F(__taint_src) { +function conditional_if_no_solver_002_F(__taint_src) { let res = ""; if (true) { __taint_sink(res); @@ -23,4 +23,4 @@ function __taint_sink(o) { const taint_src = "taint_src_value"; -conditional_if_008_F(taint_src); +conditional_if_no_solver_002_F(taint_src); diff --git a/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_009_T.js b/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_003_T.js similarity index 81% rename from sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_009_T.js rename to sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_003_T.js index 869ac40f..5f565cc4 100644 --- a/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_009_T.js +++ b/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_003_T.js @@ -3,12 +3,12 @@ // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 // scene introduction = 区分if else分支+准入条件(不需求解)->if->区分具体执行路径->不求解 // level = 3 -// bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_009_T +// bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_003_T // evaluation information end const { execSync } = require('child_process'); -function conditional_if_009_T(__taint_src) { +function conditional_if_no_solver_003_T(__taint_src) { let res = ""; if (false) { res = "_"; @@ -24,4 +24,4 @@ function __taint_sink(o) { const taint_src = "taint_src_value"; -conditional_if_009_T(taint_src); +conditional_if_no_solver_003_T(taint_src); diff --git a/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_010_F.js b/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_004_F.js similarity index 81% rename from sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_010_F.js rename to sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_004_F.js index c355e982..765f853a 100644 --- a/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_010_F.js +++ b/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_004_F.js @@ -3,12 +3,12 @@ // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 // scene introduction = 区分if else分支+准入条件(不需求解)->if->区分具体执行路径->不求解 // level = 3 -// bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_010_F +// bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_004_F // evaluation information end const { execSync } = require('child_process'); -function conditional_if_010_F(__taint_src) { +function conditional_if_no_solver_004_F(__taint_src) { let res = ""; if (true) { res = "_"; @@ -24,4 +24,4 @@ function __taint_sink(o) { const taint_src = "taint_src_value"; -conditional_if_010_F(taint_src); +conditional_if_no_solver_004_F(taint_src); diff --git a/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_004_F.js b/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_001_F.js similarity index 80% rename from sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_004_F.js rename to sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_001_F.js index 8b9b26ec..47ae4ad3 100644 --- a/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_004_F.js +++ b/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_001_F.js @@ -3,19 +3,19 @@ // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 // scene introduction = 区分switch准入条件(不需求解)->switch->区分分支 // level = 3 -// bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_004_F +// bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_001_F // evaluation information end const { execSync } = require('child_process'); -function conditional_switch_004_F(__taint_src) { +function conditional_switch_no_solver_001_F(__taint_src) { let data = ""; switch (2) { case 1: - __taint_sink(data); + data = __taint_src; break; default: - data = __taint_src; + __taint_sink(data); } } @@ -25,4 +25,4 @@ function __taint_sink(o) { const taint_src = "taint_src_value"; -conditional_switch_004_F(taint_src); +conditional_switch_no_solver_001_F(taint_src); diff --git a/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_003_F.js b/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_002_F.js similarity index 80% rename from sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_003_F.js rename to sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_002_F.js index ab9b7b32..2e842cff 100644 --- a/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_003_F.js +++ b/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_002_F.js @@ -3,19 +3,19 @@ // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 // scene introduction = 区分switch准入条件(不需求解)->switch->区分分支 // level = 3 -// bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_003_F +// bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_002_F // evaluation information end const { execSync } = require('child_process'); -function conditional_switch_003_F(__taint_src) { +function conditional_switch_no_solver_002_F(__taint_src) { let data = ""; switch (2) { case 1: - data = __taint_src; + __taint_sink(data); break; default: - __taint_sink(data); + data = __taint_src; } } @@ -25,4 +25,4 @@ function __taint_sink(o) { const taint_src = "taint_src_value"; -conditional_switch_003_F(taint_src); +conditional_switch_no_solver_002_F(taint_src); diff --git a/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_005_F.js b/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_003_F.js similarity index 80% rename from sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_005_F.js rename to sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_003_F.js index bb7c88c7..0814313e 100644 --- a/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_005_F.js +++ b/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_003_F.js @@ -3,12 +3,12 @@ // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 // scene introduction = 区分switch准入条件(不需求解)>switch->区分具体执行路径->不求解 // level = 3 -// bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_005_F +// bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_003_F // evaluation information end const { execSync } = require('child_process'); -function conditional_switch_005_F(__taint_src) { +function conditional_switch_no_solver_003_F(__taint_src) { let data = ""; switch (2) { case 1: @@ -18,10 +18,10 @@ function conditional_switch_005_F(__taint_src) { __taint_sink(data); } -function __taint_sink(o) { - execSync(o); +function __taint_sink(o) { + execSync(o); } const taint_src = "taint_src_value"; -conditional_switch_005_F(taint_src); +conditional_switch_no_solver_003_F(taint_src); diff --git a/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_006_T.js b/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_004_T.js similarity index 80% rename from sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_006_T.js rename to sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_004_T.js index 84111e01..54bebb94 100644 --- a/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_006_T.js +++ b/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_004_T.js @@ -3,12 +3,12 @@ // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 // scene introduction = 区分switch准入条件(不需求解)>switch->区分具体执行路径->不求解 // level = 3 -// bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_006_T +// bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_004_T // evaluation information end const { execSync } = require('child_process'); -function conditional_switch_006_T(__taint_src) { +function conditional_switch_no_solver_004_T(__taint_src) { let data = ""; switch (2) { case 2: @@ -18,10 +18,10 @@ function conditional_switch_006_T(__taint_src) { __taint_sink(data); } -function __taint_sink(o) { - execSync(o); +function __taint_sink(o) { + execSync(o); } const taint_src = "taint_src_value"; -conditional_switch_006_T(taint_src); +conditional_switch_no_solver_004_T(taint_src); diff --git a/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/config.json b/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/config.json index 3f140f3c..754aebb3 100644 --- a/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/config.json +++ b/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/config.json @@ -1,30 +1,30 @@ -{ - "no_solver": [ - { - "evaluation_item": "准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态", - "scene_levels": [ - { - "level": "3", - "scene_list": [ - { - "compose": "!conditional_if_007_F.js && !conditional_if_008_F.js", - "scene": "区分if else准入条件(不需求解)->if->区分分支" - }, - { - "compose": "conditional_if_009_T.js && !conditional_if_010_F.js", - "scene": "区分if else分支+准入条件(不需求解)->if->区分具体执行路径->不求解" - }, - { - "compose": "!conditional_switch_003_F.js && !conditional_switch_004_F.js", - "scene": "区分switch准入条件(不需求解)->switch->区分分支" - }, - { - "compose": "!conditional_switch_005_F.js && conditional_switch_006_T.js", - "scene": "区分switch准入条件(不需求解)>switch->区分具体执行路径->不求解" - } - ] - } - ] - } - ] +{ + "no_solver": [ + { + "evaluation_item": "准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态", + "scene_levels": [ + { + "level": "3", + "scene_list": [ + { + "compose": "!conditional_if_no_solver_001_F.js && !conditional_if_no_solver_002_F.js", + "scene": "区分if else准入条件(不需求解)->if->区分分支" + }, + { + "compose": "conditional_if_no_solver_003_T.js && !conditional_if_no_solver_004_F.js", + "scene": "区分if else分支+准入条件(不需求解)->if->区分具体执行路径->不求解" + }, + { + "compose": "!conditional_switch_no_solver_001_F.js && !conditional_switch_no_solver_002_F.js", + "scene": "区分switch准入条件(不需求解)->switch->区分分支" + }, + { + "compose": "!conditional_switch_no_solver_003_F.js && conditional_switch_no_solver_004_T.js", + "scene": "区分switch准入条件(不需求解)>switch->区分具体执行路径->不求解" + } + ] + } + ] + } + ] } \ No newline at end of file diff --git a/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_011_T.js b/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_solver_001_T.js similarity index 82% rename from sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_011_T.js rename to sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_solver_001_T.js index 198d977f..86d6bea6 100644 --- a/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_011_T.js +++ b/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_solver_001_T.js @@ -3,12 +3,12 @@ // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 // scene introduction = 区分if else分支+准入条件(需要求解)->if->区分具体执行路径->求解 // level = 4 -// bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_011_T +// bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_solver_001_T // evaluation information end const { execSync } = require('child_process'); -function conditional_if_011_T(__taint_src) { +function conditional_if_solver_001_T(__taint_src) { let res = ""; if (1 + 1 === 2) { res = __taint_src; @@ -24,4 +24,4 @@ function __taint_sink(o) { const taint_src = "taint_src_value"; -conditional_if_011_T(taint_src); +conditional_if_solver_001_T(taint_src); diff --git a/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_012_F.js b/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_solver_002_F.js similarity index 82% rename from sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_012_F.js rename to sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_solver_002_F.js index c3cbda12..717c2585 100644 --- a/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_012_F.js +++ b/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_solver_002_F.js @@ -3,12 +3,12 @@ // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 // scene introduction = 区分if else分支+准入条件(需要求解)->if->区分具体执行路径->求解 // level = 4 -// bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_012_F +// bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_solver_002_F // evaluation information end const { execSync } = require('child_process'); -function conditional_if_012_F(__taint_src) { +function conditional_if_solver_002_F(__taint_src) { let res = ""; if (1 + 1 === 3) { res = __taint_src; @@ -24,4 +24,4 @@ function __taint_sink(o) { const taint_src = "taint_src_value"; -conditional_if_012_F(taint_src); +conditional_if_solver_002_F(taint_src); diff --git a/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_switch_007_F.js b/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_switch_solver_001_F.js similarity index 81% rename from sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_switch_007_F.js rename to sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_switch_solver_001_F.js index b5c8b9b0..368285e3 100644 --- a/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_switch_007_F.js +++ b/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_switch_solver_001_F.js @@ -3,12 +3,12 @@ // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 // scene introduction = 区分switch准入条件(需要求解)->switch->区分具体执行路径->求解 // level = 4 -// bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_switch_007_F +// bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_switch_solver_001_F // evaluation information end const { execSync } = require('child_process'); -function conditional_switch_007_F(__taint_src) { +function conditional_switch_solver_001_F(__taint_src) { let data = ""; switch (1 + 1) { case 1: @@ -18,10 +18,10 @@ function conditional_switch_007_F(__taint_src) { __taint_sink(data); } -function __taint_sink(o) { - execSync(o); +function __taint_sink(o) { + execSync(o); } const taint_src = "taint_src_value"; -conditional_switch_007_F(taint_src); +conditional_switch_solver_001_F(taint_src); diff --git a/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_switch_008_T.js b/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_switch_solver_002_T.js similarity index 81% rename from sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_switch_008_T.js rename to sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_switch_solver_002_T.js index 2bc6328a..b9bc4273 100644 --- a/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_switch_008_T.js +++ b/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_switch_solver_002_T.js @@ -3,12 +3,12 @@ // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 // scene introduction = 区分switch准入条件(需要求解)->switch->区分具体执行路径->求解 // level = 4 -// bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_switch_008_T +// bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_switch_solver_002_T // evaluation information end const { execSync } = require('child_process'); -function conditional_switch_008_T(__taint_src) { +function conditional_switch_solver_002_T(__taint_src) { let data = ""; switch (1 + 1) { case 2: @@ -18,10 +18,10 @@ function conditional_switch_008_T(__taint_src) { __taint_sink(data); } -function __taint_sink(o) { - execSync(o); +function __taint_sink(o) { + execSync(o); } const taint_src = "taint_src_value"; -conditional_switch_008_T(taint_src); +conditional_switch_solver_002_T(taint_src); diff --git a/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/config.json b/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/config.json index 16d8dd6e..101d1704 100644 --- a/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/config.json +++ b/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/config.json @@ -1,30 +1,30 @@ -{ - "solver": [ - { - "evaluation_item": "准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态", - "scene_levels": [ - { - "level": "4", - "scene_list": [ - { - "compose": "conditional_if_011_T.js && !conditional_if_012_F.js", - "scene": "区分if else分支+准入条件(需要求解)->if->区分具体执行路径->求解" - }, - { - "compose": "!conditional_switch_007_F.js && conditional_switch_008_T.js", - "scene": "区分switch准入条件(需要求解)->switch->区分具体执行路径->求解" - }, - { - "compose": "for_body_004_T.js && !for_body_005_F.js", - "scene": "循环结构->for_body" - }, - { - "compose": "!while_body_003_F.js && while_body_004_T.js", - "scene": "循环结构->while" - } - ] - } - ] - } - ] +{ + "solver": [ + { + "evaluation_item": "准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态", + "scene_levels": [ + { + "level": "4", + "scene_list": [ + { + "compose": "conditional_if_solver_001_T.js && !conditional_if_solver_002_F.js", + "scene": "区分if else分支+准入条件(需要求解)->if->区分具体执行路径->求解" + }, + { + "compose": "!conditional_switch_solver_001_F.js && conditional_switch_solver_002_T.js", + "scene": "区分switch准入条件(需要求解)->switch->区分具体执行路径->求解" + }, + { + "compose": "for_body_solver_001_T.js && !for_body_solver_002_F.js", + "scene": "循环结构->for_body" + }, + { + "compose": "!while_body_solver_001_F.js && while_body_solver_002_T.js", + "scene": "循环结构->while" + } + ] + } + ] + } + ] } \ No newline at end of file diff --git a/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_004_T.js b/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_solver_001_T.js similarity index 82% rename from sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_004_T.js rename to sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_solver_001_T.js index 2c412cbf..45744e6e 100644 --- a/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_004_T.js +++ b/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_solver_001_T.js @@ -3,12 +3,12 @@ // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 // scene introduction = 循环结构->for_body // level = 4 -// bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_004_T +// bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_solver_001_T // evaluation information end const { execSync } = require('child_process'); -function for_body_004_T(__taint_src) { +function for_body_solver_001_T(__taint_src) { for (let i = 0; i < 2; i++) { res = __taint_src; } @@ -21,4 +21,4 @@ function __taint_sink(o) { const taint_src = "taint_src_value"; -for_body_004_T(taint_src); +for_body_solver_001_T(taint_src); diff --git a/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_005_F.js b/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_solver_002_F.js similarity index 79% rename from sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_005_F.js rename to sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_solver_002_F.js index 255c254c..b679eff3 100644 --- a/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_005_F.js +++ b/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_solver_002_F.js @@ -3,22 +3,23 @@ // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 // scene introduction = 循环结构->for_body // level = 4 -// bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_005_F +// bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_solver_002_F // evaluation information end const { execSync } = require('child_process'); -function for_body_005_F(__taint_src) { +function for_body_solver_002_F(__taint_src) { +let res = undefined; for (let i = 0; i < 0; i++) { res = __taint_src; } __taint_sink(res); } -function __taint_sink(o) { - execSync(o); +function __taint_sink(o) { + execSync(o); } const taint_src = "taint_src_value"; -for_body_005_F(taint_src); +for_body_solver_002_F(taint_src); diff --git a/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_003_F.js b/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_solver_001_F.js similarity index 79% rename from sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_003_F.js rename to sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_solver_001_F.js index cb5ff617..76ebd188 100644 --- a/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_003_F.js +++ b/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_solver_001_F.js @@ -3,12 +3,13 @@ // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 // scene introduction = 循环结构->while // level = 4 -// bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_003_F +// bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_solver_001_F // evaluation information end const { execSync } = require('child_process'); -function while_body_003_F(__taint_src) { +function while_body_solver_001_F(__taint_src) { +let res = undefined; let i = 0; while (i < 0) { res = __taint_src; @@ -17,10 +18,10 @@ function while_body_003_F(__taint_src) { __taint_sink(res); } -function __taint_sink(o) { - execSync(o); +function __taint_sink(o) { + execSync(o); } const taint_src = "taint_src_value"; -while_body_003_F(taint_src); +while_body_solver_001_F(taint_src); diff --git a/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_004_T.js b/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_solver_002_T.js similarity index 81% rename from sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_004_T.js rename to sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_solver_002_T.js index 91f7d332..5d05c168 100644 --- a/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_004_T.js +++ b/sast-js/case/accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_solver_002_T.js @@ -3,12 +3,12 @@ // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 // scene introduction = 循环结构->while // level = 4 -// bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_004_T +// bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_solver_002_T // evaluation information end const { execSync } = require('child_process'); -function while_body_004_T(__taint_src) { +function while_body_solver_002_T(__taint_src) { let i = 0; while (i < 2) { res = __taint_src; @@ -17,10 +17,10 @@ function while_body_004_T(__taint_src) { __taint_sink(res); } -function __taint_sink(o) { - execSync(o); +function __taint_sink(o) { + execSync(o); } const taint_src = "taint_src_value"; -while_body_004_T(taint_src); +while_body_solver_002_T(taint_src); diff --git a/sast-js/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/asynchronous_promisify_002_F.js b/sast-js/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/asynchronous_promisify_002_F.js index 96c54459..857a64c7 100644 --- a/sast-js/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/asynchronous_promisify_002_F.js +++ b/sast-js/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/asynchronous_promisify_002_F.js @@ -6,8 +6,7 @@ // bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/promisify_002_F // evaluation information end const { execSync } = require('child_process'); - -const { util } = import("util"); +const { promisify } = require('util'); function customReadFile(filePath, callback) { setTimeout(() => { @@ -20,7 +19,7 @@ function customReadFile(filePath, callback) { } async function asynchronous_promisify_002_F(__taint_src) { - const readFileAsync = util.promisify(customReadFile); + const readFileAsync = promisify(customReadFile); // 直接使用解构的promisify try { let data = await readFileAsync("aa"); __taint_sink(data); diff --git a/sast-js/case/completeness/single_app_tracing/class/complex_object/cross_class_001_T.js b/sast-js/case/completeness/single_app_tracing/class/complex_object/cross_class_001_T.js index 259269b3..8a9f18a2 100644 --- a/sast-js/case/completeness/single_app_tracing/class/complex_object/cross_class_001_T.js +++ b/sast-js/case/completeness/single_app_tracing/class/complex_object/cross_class_001_T.js @@ -29,8 +29,8 @@ function cross_class_001_T(__taint_src) { __taint_sink(obj); } -function __taint_sink(o) { - execSync(o); +function __taint_sink(o) { + execSync(JSON.stringify(o)); } const taint_src = "taint_src_value"; diff --git a/sast-js/case/completeness/single_app_tracing/class/complex_object/cross_class_002_F.js b/sast-js/case/completeness/single_app_tracing/class/complex_object/cross_class_002_F.js index 514c4638..65b88924 100644 --- a/sast-js/case/completeness/single_app_tracing/class/complex_object/cross_class_002_F.js +++ b/sast-js/case/completeness/single_app_tracing/class/complex_object/cross_class_002_F.js @@ -29,8 +29,8 @@ function cross_class_002_F(__taint_src) { __taint_sink(obj); } -function __taint_sink(o) { - execSync(o); +function __taint_sink(o) { + execSync(JSON.stringify(o)); } const taint_src = "taint_src_value"; diff --git a/sast-js/case/completeness/single_app_tracing/class/complex_object/cross_class_003_T.js b/sast-js/case/completeness/single_app_tracing/class/complex_object/cross_class_003_T.js index aa68d981..2eac49ca 100644 --- a/sast-js/case/completeness/single_app_tracing/class/complex_object/cross_class_003_T.js +++ b/sast-js/case/completeness/single_app_tracing/class/complex_object/cross_class_003_T.js @@ -36,7 +36,9 @@ function cross_class_003_T(__taint_src) { __taint_sink(a); } -function __taint_sink(data) {} +function __taint_sink(data) { + execSync(JSON.stringify(data)); +} const taint_src = "taint_src_value"; diff --git a/sast-js/case/completeness/single_app_tracing/class/complex_object/cross_class_004_F.js b/sast-js/case/completeness/single_app_tracing/class/complex_object/cross_class_004_F.js index cdf4ebd7..4ad4559f 100644 --- a/sast-js/case/completeness/single_app_tracing/class/complex_object/cross_class_004_F.js +++ b/sast-js/case/completeness/single_app_tracing/class/complex_object/cross_class_004_F.js @@ -36,7 +36,9 @@ function cross_class_004_F(__taint_src) { __taint_sink(a); } -function __taint_sink(data) {} +function __taint_sink(data) { + execSync(JSON.stringify(data)); +} const taint_src = "taint_src_value"; diff --git a/sast-js/case/completeness/single_app_tracing/exception_error/exception_throw/exception_finally_002_F.js b/sast-js/case/completeness/single_app_tracing/exception_error/exception_throw/exception_finally_002_F.js index d48af79f..738ca3ee 100644 --- a/sast-js/case/completeness/single_app_tracing/exception_error/exception_throw/exception_finally_002_F.js +++ b/sast-js/case/completeness/single_app_tracing/exception_error/exception_throw/exception_finally_002_F.js @@ -8,7 +8,7 @@ const { execSync } = require('child_process'); -function exception_finally_001_T(__taint_src) { +function exception_finally_002_F(__taint_src) { let res = ""; try { throw __taint_src; @@ -18,8 +18,8 @@ function exception_finally_001_T(__taint_src) { } } -function __taint_sink(o) { - execSync(o); +function __taint_sink(o) { + execSync(o); } const taint_src = "taint_src_value"; diff --git a/sast-js/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_add_assignment_002_F.js b/sast-js/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_add_assignment_002_F.js index 2aba83de..c4b6e800 100644 --- a/sast-js/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_add_assignment_002_F.js +++ b/sast-js/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_add_assignment_002_F.js @@ -8,14 +8,14 @@ const { execSync } = require('child_process'); -function binary_expression_add_assignment_001_T(__taint_src) { +function binary_expression_add_assignment_002_F(__taint_src) { let result = "_"; - result += aa; + result += "aa"; __taint_sink(result); } -function __taint_sink(o) { - execSync(o); +function __taint_sink(o) { + execSync(o); } const taint_src = "taint_src_value"; diff --git a/sast-js/case/completeness/single_app_tracing/expression/special_expression/nullish_coalescing_operator_001_T.js b/sast-js/case/completeness/single_app_tracing/expression/special_expression/nullish_coalescing_operator_001_T.js index dec998d3..f1e821f1 100644 --- a/sast-js/case/completeness/single_app_tracing/expression/special_expression/nullish_coalescing_operator_001_T.js +++ b/sast-js/case/completeness/single_app_tracing/expression/special_expression/nullish_coalescing_operator_001_T.js @@ -8,13 +8,13 @@ const { execSync } = require('child_process'); -function nullish_coalescing_001_T(__taint_src) { +function nullish_coalescing_operator_001_T(__taint_src) { let result = null ?? __taint_src; __taint_sink(result); } -function __taint_sink(o) { - execSync(o); +function __taint_sink(o) { + execSync(o); } const taint_src = "taint_src_value"; diff --git a/sast-js/case/completeness/single_app_tracing/expression/special_expression/nullish_coalescing_operator_002_F.js b/sast-js/case/completeness/single_app_tracing/expression/special_expression/nullish_coalescing_operator_002_F.js index 9d7e71bc..bf8a691e 100644 --- a/sast-js/case/completeness/single_app_tracing/expression/special_expression/nullish_coalescing_operator_002_F.js +++ b/sast-js/case/completeness/single_app_tracing/expression/special_expression/nullish_coalescing_operator_002_F.js @@ -8,13 +8,13 @@ const { execSync } = require('child_process'); -function nullish_coalescing_002_F(__taint_src) { +function nullish_coalescing_operator_002_F(__taint_src) { let result = null ?? "aa"; __taint_sink(result); } -function __taint_sink(o) { - execSync(o); +function __taint_sink(o) { + execSync(o); } const taint_src = "taint_src_value"; diff --git a/sast-js/case/completeness/single_app_tracing/expression/special_expression/spread_operator_006_F.js b/sast-js/case/completeness/single_app_tracing/expression/special_expression/spread_operator_006_F.js index f455fee5..3734293b 100644 --- a/sast-js/case/completeness/single_app_tracing/expression/special_expression/spread_operator_006_F.js +++ b/sast-js/case/completeness/single_app_tracing/expression/special_expression/spread_operator_006_F.js @@ -8,15 +8,15 @@ const { execSync } = require('child_process'); -function spread_operator_006_T(__taint_src) { +function spread_operator_006_F(__taint_src) { const foo = __taint_src; const bar = "hello world"; const [r1, r2, ...rest] = [123, 456, foo, bar]; __taint_sink(r1); } -function __taint_sink(o) { - execSync(o); +function __taint_sink(o) { + execSync(o); } const taint_src = "taint_src_value"; diff --git a/sast-js/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_001_F.js b/sast-js/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_normal_value_001_F.js similarity index 73% rename from sast-js/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_001_F.js rename to sast-js/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_normal_value_001_F.js index c7b1ab3c..3b05bb1b 100644 --- a/sast-js/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_001_F.js +++ b/sast-js/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_normal_value_001_F.js @@ -3,12 +3,12 @@ // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->参数传递 // scene introduction = 值传递 // level = 2 -// bind_url = completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_001_F +// bind_url = completeness/single_app_tracing/function_call/argument_passing/argument_passing_normal_value_001_F // evaluation information end const { execSync } = require('child_process'); -function argument_passing_value_001_F(__taint_src) { +function argument_passing_normal_value_001_F(__taint_src) { process("_"); function process(arg) { @@ -16,10 +16,10 @@ function argument_passing_value_001_F(__taint_src) { } } -function __taint_sink(o) { - execSync(o); +function __taint_sink(o) { + execSync(o); } const taint_src = "taint_src_value"; -argument_passing_value_001_F(taint_src); +argument_passing_normal_value_001_F(taint_src); diff --git a/sast-js/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_002_T.js b/sast-js/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_normal_value_002_T.js similarity index 73% rename from sast-js/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_002_T.js rename to sast-js/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_normal_value_002_T.js index dc43d081..84248276 100644 --- a/sast-js/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_002_T.js +++ b/sast-js/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_normal_value_002_T.js @@ -3,12 +3,12 @@ // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->参数传递 // scene introduction = 值传递 // level = 2 -// bind_url = completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_002_T +// bind_url = completeness/single_app_tracing/function_call/argument_passing/argument_passing_normal_value_002_T // evaluation information end const { execSync } = require('child_process'); -function argument_passing_value_002_T(__taint_src) { +function argument_passing_normal_value_002_T(__taint_src) { process(__taint_src); function process(arg) { @@ -16,10 +16,10 @@ function argument_passing_value_002_T(__taint_src) { } } -function __taint_sink(o) { - execSync(o); +function __taint_sink(o) { + execSync(o); } const taint_src = "taint_src_value"; -argument_passing_value_002_T(taint_src); +argument_passing_normal_value_002_T(taint_src); diff --git a/sast-js/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_003_F.js b/sast-js/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_normal_value_003_F.js similarity index 74% rename from sast-js/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_003_F.js rename to sast-js/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_normal_value_003_F.js index 56f72333..18d2025f 100644 --- a/sast-js/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_003_F.js +++ b/sast-js/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_normal_value_003_F.js @@ -3,12 +3,12 @@ // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->参数传递 // scene introduction = 值传递上下文敏感 // level = 2 -// bind_url = completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_003_F +// bind_url = completeness/single_app_tracing/function_call/argument_passing/argument_passing_normal_value_003_F // evaluation information end const { execSync } = require('child_process'); -function argument_passing_value_003_F(__taint_src) { +function argument_passing_normal_value_003_F(__taint_src) { process(__taint_src, "_"); function process(arg1, arg2) { @@ -16,10 +16,10 @@ function argument_passing_value_003_F(__taint_src) { } } -function __taint_sink(o) { - execSync(o); +function __taint_sink(o) { + execSync(o); } const taint_src = "taint_src_value"; -argument_passing_value_003_F(taint_src); +argument_passing_normal_value_003_F(taint_src); diff --git a/sast-js/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_004_T.js b/sast-js/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_normal_value_004_T.js similarity index 74% rename from sast-js/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_004_T.js rename to sast-js/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_normal_value_004_T.js index d0bd32bd..b7f9e932 100644 --- a/sast-js/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_004_T.js +++ b/sast-js/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_normal_value_004_T.js @@ -3,12 +3,12 @@ // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->参数传递 // scene introduction = 值传递上下文敏感 // level = 2 -// bind_url = completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_004_T +// bind_url = completeness/single_app_tracing/function_call/argument_passing/argument_passing_normal_value_004_T // evaluation information end const { execSync } = require('child_process'); -function argument_passing_value_004_T(__taint_src) { +function argument_passing_normal_value_004_T(__taint_src) { process(__taint_src, "_"); function process(arg1, arg2) { @@ -16,10 +16,10 @@ function argument_passing_value_004_T(__taint_src) { } } -function __taint_sink(o) { - execSync(o); +function __taint_sink(o) { + execSync(o); } const taint_src = "taint_src_value"; -argument_passing_value_004_T(taint_src); +argument_passing_normal_value_004_T(taint_src); diff --git a/sast-js/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_005_F.js b/sast-js/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_normal_value_005_F.js similarity index 75% rename from sast-js/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_005_F.js rename to sast-js/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_normal_value_005_F.js index ad3df6b0..33c898ef 100644 --- a/sast-js/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_005_F.js +++ b/sast-js/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_normal_value_005_F.js @@ -3,12 +3,12 @@ // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->参数传递 // scene introduction = 值传递嵌套函数 // level = 2+ -// bind_url = completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_005_F +// bind_url = completeness/single_app_tracing/function_call/argument_passing/argument_passing_normal_value_005_F // evaluation information end const { execSync } = require('child_process'); -function argument_passing_value_005_F(__taint_src) { +function argument_passing_normal_value_005_F(__taint_src) { function outer(input) { function inner(innerInput) { __taint_sink(innerInput); @@ -20,10 +20,10 @@ function argument_passing_value_005_F(__taint_src) { outer("_"); } -function __taint_sink(o) { - execSync(o); +function __taint_sink(o) { + execSync(o); } const taint_src = "taint_src_value"; -argument_passing_value_005_F(taint_src); +argument_passing_normal_value_005_F(taint_src); diff --git a/sast-js/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_006_T.js b/sast-js/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_normal_value_006_T.js similarity index 75% rename from sast-js/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_006_T.js rename to sast-js/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_normal_value_006_T.js index 6e4fb225..6c10bdaa 100644 --- a/sast-js/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_006_T.js +++ b/sast-js/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_normal_value_006_T.js @@ -3,11 +3,11 @@ // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->参数传递 // scene introduction = 值传递嵌套函数 // level = 2+ -// bind_url = completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_006_T +// bind_url = completeness/single_app_tracing/function_call/argument_passing/argument_passing_normal_value_006_T // evaluation information end const { execSync } = require('child_process'); -function argument_passing_value_006_T(__taint_src) { +function argument_passing_normal_value_006_T(__taint_src) { function outer(input) { function inner(innerInput) { __taint_sink(innerInput); @@ -19,10 +19,10 @@ function argument_passing_value_006_T(__taint_src) { outer(__taint_src); } -function __taint_sink(o) { - execSync(o); +function __taint_sink(o) { + execSync(o); } const taint_src = "taint_src_value"; -argument_passing_value_006_T(taint_src); +argument_passing_normal_value_006_T(taint_src); diff --git a/sast-js/case/completeness/single_app_tracing/function_call/argument_passing/config.json b/sast-js/case/completeness/single_app_tracing/function_call/argument_passing/config.json index 9436b165..fc47e894 100644 --- a/sast-js/case/completeness/single_app_tracing/function_call/argument_passing/config.json +++ b/sast-js/case/completeness/single_app_tracing/function_call/argument_passing/config.json @@ -11,11 +11,11 @@ "scene": "默认值传递" }, { - "compose": "!argument_passing_value_001_F.js && argument_passing_value_002_T.js", + "compose": "!argument_passing_normal_value_001_F.js && argument_passing_normal_value_002_T.js", "scene": "值传递" }, { - "compose": "!argument_passing_value_003_F.js && argument_passing_value_004_T.js", + "compose": "!argument_passing_normal_value_003_F.js && argument_passing_normal_value_004_T.js", "scene": "值传递上下文敏感" } ] @@ -36,7 +36,7 @@ "scene": "引用传递map" }, { - "compose": "!argument_passing_value_005_F.js && argument_passing_value_006_T.js", + "compose": "!argument_passing_normal_value_005_F.js && argument_passing_normal_value_006_T.js", "scene": "值传递嵌套函数" } ] diff --git a/sast-js/case/completeness/single_app_tracing/function_call/library_function/json_001_T.js b/sast-js/case/completeness/single_app_tracing/function_call/library_function/json_001_T.js index 6c9da8b9..04c34064 100644 --- a/sast-js/case/completeness/single_app_tracing/function_call/library_function/json_001_T.js +++ b/sast-js/case/completeness/single_app_tracing/function_call/library_function/json_001_T.js @@ -8,7 +8,7 @@ const { execSync } = require('child_process'); function json_001_T(__taint_src) { - process(__taint_src); + process(JSON.stringify(__taint_src)); function process(arg) { let obj = JSON.parse(arg); @@ -16,8 +16,8 @@ function json_001_T(__taint_src) { } } -function __taint_sink(o) { - execSync(o); +function __taint_sink(o) { + execSync(o); } const taint_src = "taint_src_value"; diff --git a/sast-js/case/completeness/single_app_tracing/function_call/library_function/json_002_F.js b/sast-js/case/completeness/single_app_tracing/function_call/library_function/json_002_F.js index bd6f94c2..f09859a4 100644 --- a/sast-js/case/completeness/single_app_tracing/function_call/library_function/json_002_F.js +++ b/sast-js/case/completeness/single_app_tracing/function_call/library_function/json_002_F.js @@ -8,7 +8,7 @@ const { execSync } = require('child_process'); function json_002_F(__taint_src) { - process("aa"); + process(JSON.stringify("aa")); function process(arg) { let obj = JSON.parse(arg); @@ -16,8 +16,8 @@ function json_002_F(__taint_src) { } } -function __taint_sink(o) { - execSync(o); +function __taint_sink(o) { + execSync(o); } const taint_src = "taint_src_value"; diff --git a/sast-js/case/completeness/single_app_tracing/function_call/return_value_passing/config.json b/sast-js/case/completeness/single_app_tracing/function_call/return_value_passing/config.json index 7075f526..64a27391 100644 --- a/sast-js/case/completeness/single_app_tracing/function_call/return_value_passing/config.json +++ b/sast-js/case/completeness/single_app_tracing/function_call/return_value_passing/config.json @@ -7,7 +7,7 @@ "level": "2", "scene_list": [ { - "compose": "!return_value_passing_001_F.js && return_value_passing_002_T.js", + "compose": "!return_normal_value_passing_001_F.js && return_normal_value_passing_002_T.js", "scene": "普通" } ] diff --git a/sast-js/case/completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_001_F.js b/sast-js/case/completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_001_F.js similarity index 73% rename from sast-js/case/completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_001_F.js rename to sast-js/case/completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_001_F.js index 0188048f..03fb6f06 100644 --- a/sast-js/case/completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_001_F.js +++ b/sast-js/case/completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_001_F.js @@ -3,12 +3,12 @@ // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->返回值传递 // scene introduction = 普通 // level = 2 -// bind_url = completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_001_F +// bind_url = completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_001_F // evaluation information end const { execSync } = require('child_process'); -function return_value_passing_001_F(__taint_src) { +function return_normal_value_passing_001_F(__taint_src) { let data = process(); __taint_sink(data); @@ -17,10 +17,10 @@ function return_value_passing_001_F(__taint_src) { } } -function __taint_sink(o) { - execSync(o); +function __taint_sink(o) { + execSync(o); } const taint_src = "taint_src_value"; -return_value_passing_001_F(taint_src); +return_normal_value_passing_001_F(taint_src); diff --git a/sast-js/case/completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_002_T.js b/sast-js/case/completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_002_T.js similarity index 74% rename from sast-js/case/completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_002_T.js rename to sast-js/case/completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_002_T.js index 1e65ae29..88eb8274 100644 --- a/sast-js/case/completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_002_T.js +++ b/sast-js/case/completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_002_T.js @@ -3,12 +3,12 @@ // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->返回值传递 // scene introduction = 普通 // level = 2 -// bind_url = completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_002_T +// bind_url = completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_002_T // evaluation information end const { execSync } = require('child_process'); -function return_value_passing_002_T(__taint_src) { +function return_normal_value_passing_002_T(__taint_src) { let data = process(); __taint_sink(data); @@ -17,10 +17,10 @@ function return_value_passing_002_T(__taint_src) { } } -function __taint_sink(o) { - execSync(o); +function __taint_sink(o) { + execSync(o); } const taint_src = "taint_src_value"; -return_value_passing_002_T(taint_src); +return_normal_value_passing_002_T(taint_src); diff --git a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/config.json b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/config.json index d7078d70..5ded2dcf 100644 --- a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/config.json +++ b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/config.json @@ -7,19 +7,19 @@ "level": "3", "scene_list": [ { - "compose": "list_no_solver_007_T.py && !list_no_solver_008_F.py", + "compose": "list_no_solver_001_T.py && !list_no_solver_002_F.py", "scene": "列表->列表索引1" }, { - "compose": "list_no_solver_009_T.py && !list_no_solver_010_F.py", + "compose": "list_no_solver_003_T.py && !list_no_solver_004_F.py", "scene": "列表->列表索引2" }, { - "compose": "rest_parameter_007_T.py && !rest_parameter_008_F.py", + "compose": "rest_parameter_001_T.py && !rest_parameter_002_F.py", "scene": "列表->列表索引->剩余参数" }, { - "compose": "spread_operator_no_solver_007_T.py && !spread_operator_no_solver_008_F.py", + "compose": "spread_operator_no_solver_001_T.py && !spread_operator_no_solver_002_F.py", "scene": "列表->列表索引->扩展运算+切片" }, { diff --git a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_007_T.py b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_001_T.py similarity index 80% rename from sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_007_T.py rename to sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_001_T.py index 9a021cc4..cbbec944 100644 --- a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_007_T.py +++ b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_001_T.py @@ -4,11 +4,11 @@ # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) # scene introduction = 列表->列表索引 # level = 3 -# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_007_T +# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_001_T # evaluation information end import os -def list_no_solver_007_T(taint_src): +def list_no_solver_001_T(taint_src): s = [taint_src, u"b", u"c"] taint_sink(s[0]) @@ -20,5 +20,5 @@ def taint_sink(o): # 示例调用 if __name__ == u"__main__": taint_src = u"taint_src_value" - list_no_solver_007_T(taint_src) + list_no_solver_001_T(taint_src) diff --git a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_008_F.py b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_002_F.py similarity index 80% rename from sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_008_F.py rename to sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_002_F.py index 001d1382..8c254e0d 100644 --- a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_008_F.py +++ b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_002_F.py @@ -4,11 +4,11 @@ # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) # scene introduction = 列表->列表索引 # level = 3 -# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_008_F +# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_002_F # evaluation information end import os -def list_no_solver_008_F(taint_src): +def list_no_solver_002_F(taint_src): s = [taint_src, u"b", u"c"] taint_sink(s[1]) @@ -19,5 +19,5 @@ def taint_sink(o): # 示例调用 if __name__ == u"__main__": taint_src = u"taint_src_value" - list_no_solver_008_F(taint_src) + list_no_solver_002_F(taint_src) diff --git a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_009_T.py b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_003_T.py similarity index 80% rename from sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_009_T.py rename to sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_003_T.py index cc150fdd..2a002b9b 100644 --- a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_009_T.py +++ b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_003_T.py @@ -4,12 +4,12 @@ # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) # scene introduction = 列表->列表索引 # level = 3 -# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_009_T +# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_003_T # evaluation information end import os -def list_no_solver_009_T(taint_src): +def list_no_solver_003_T(taint_src): s = [taint_src, u"b", u"c"] s[1] = u"_" taint_sink(s) @@ -21,5 +21,5 @@ def taint_sink(o): # 示例调用 if __name__ == u"__main__": taint_src = u"taint_src_value" - list_no_solver_009_T(taint_src) + list_no_solver_003_T(taint_src) diff --git a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_010_F.py b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_004_F.py similarity index 80% rename from sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_010_F.py rename to sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_004_F.py index 1cafaac7..012cd66c 100644 --- a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_010_F.py +++ b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_004_F.py @@ -4,12 +4,12 @@ # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) # scene introduction = 列表->列表索引 # level = 3 -# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_010_F +# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_004_F # evaluation information end import os -def list_no_solver_010_F(taint_src): +def list_no_solver_004_F(taint_src): s = [taint_src, u"b", u"c"] s[0] = u"_" taint_sink(s) @@ -22,5 +22,5 @@ def taint_sink(o): # 示例调用 if __name__ == u"__main__": taint_src = u"taint_src_value" - list_no_solver_010_F(taint_src) + list_no_solver_004_F(taint_src) diff --git a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/rest_parameter_007_T.py b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/rest_parameter_001_T.py similarity index 81% rename from sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/rest_parameter_007_T.py rename to sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/rest_parameter_001_T.py index 67cbfb3e..e9c91e0d 100644 --- a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/rest_parameter_007_T.py +++ b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/rest_parameter_001_T.py @@ -4,12 +4,12 @@ # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) # scene introduction = 列表->列表索引->剩余参数 # level = 3 -# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/rest_parameter_007_T +# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/rest_parameter_001_T # evaluation information end import os -def rest_parameter_007_T(taint_src): +def rest_parameter_001_T(taint_src): collectArgs(u"prefix", taint_src, u"suffix") @@ -23,5 +23,5 @@ def taint_sink(o): # 示例调用 if __name__ == u"__main__": taint_src = u"taint_src_value" - rest_parameter_007_T(taint_src) + rest_parameter_001_T(taint_src) diff --git a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/rest_parameter_008_F.py b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/rest_parameter_002_F.py similarity index 81% rename from sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/rest_parameter_008_F.py rename to sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/rest_parameter_002_F.py index d406c2ac..8b803de3 100644 --- a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/rest_parameter_008_F.py +++ b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/rest_parameter_002_F.py @@ -4,11 +4,11 @@ # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) # scene introduction = 列表->列表索引->剩余参数 # level = 3 -# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/rest_parameter_008_F +# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/rest_parameter_002_F # evaluation information end import os -def rest_parameter_008_F(taint_src): +def rest_parameter_002_F(taint_src): collectArgs(u"prefix", taint_src, u"suffix") @@ -21,5 +21,5 @@ def taint_sink(o): # 示例调用 if __name__ == u"__main__": taint_src = u"taint_src_value" - rest_parameter_008_F(taint_src) + rest_parameter_002_F(taint_src) diff --git a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_007_T.py b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_001_T.py similarity index 79% rename from sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_007_T.py rename to sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_001_T.py index 425d4693..d918124f 100644 --- a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_007_T.py +++ b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_001_T.py @@ -4,12 +4,12 @@ # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) # scene introduction = 列表->列表索引->扩展运算+切片 # level = 3 -# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_007_T +# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_001_T # evaluation information end import os -def spread_operator_no_solver_007_T(taint_src): +def spread_operator_no_solver_001_T(taint_src): foo = taint_src bar = u"hello world" new_list = list([123, 456, foo, bar]) @@ -24,5 +24,5 @@ def taint_sink(o): # 示例调用 if __name__ == u"__main__": taint_src = u"taint_src_value" - spread_operator_no_solver_007_T(taint_src) + spread_operator_no_solver_001_T(taint_src) diff --git a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_008_F.py b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_002_F.py similarity index 79% rename from sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_008_F.py rename to sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_002_F.py index e92627a1..946c972c 100644 --- a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_008_F.py +++ b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_002_F.py @@ -4,11 +4,11 @@ # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) # scene introduction = 列表->列表索引->扩展运算+切片 # level = 3 -# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_008_F +# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_002_F # evaluation information end import os -def spread_operator_no_solver_008_F(taint_src): +def spread_operator_no_solver_002_F(taint_src): foo = taint_src bar = u"_" new_list = list([123, 456, foo, bar]) @@ -24,5 +24,5 @@ def taint_sink(o): # 示例调用 if __name__ == u"__main__": taint_src = u"taint_src_value" - spread_operator_no_solver_008_F(taint_src) + spread_operator_no_solver_002_F(taint_src) diff --git a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_005_T.py b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_001_T.py similarity index 84% rename from sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_005_T.py rename to sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_001_T.py index c06c8cb0..5e7237ca 100644 --- a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_005_T.py +++ b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_001_T.py @@ -4,12 +4,12 @@ # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值非数字的场景,能够区分不同索引上特定元素的状态(需要求解) # scene introduction = 数组->数组索引->需求解 # level = 4+ -# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_005_T +# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_001_T # evaluation information end import os import array -def array_solver_005_T(taint_src): +def array_solver_001_T(taint_src): # 将字符串拆分为单个字符存储(无法完整保留原始字符串为一个元素) char_array = array.array(u'u', taint_src) # 每个字符作为独立元素 # 创建包含其他元素的数组(需统一为字符类型) @@ -21,5 +21,5 @@ def taint_sink(o): if __name__ == u"__main__": taint_src = u"taint_src_value" - array_solver_005_T(taint_src) # 输出:_(仅第一个字符) + array_solver_001_T(taint_src) # 输出:_(仅第一个字符) diff --git a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_006_F.py b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_002_F.py similarity index 84% rename from sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_006_F.py rename to sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_002_F.py index eeda368a..cb9246e4 100644 --- a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_006_F.py +++ b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_002_F.py @@ -4,12 +4,12 @@ # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值非数字的场景,能够区分不同索引上特定元素的状态(需要求解) # scene introduction = 数组->数组索引->需求解 # level = 4+ -# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_006_F +# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_002_F # evaluation information end import os import array -def array_solver_006_F(taint_src): +def array_solver_002_F(taint_src): # 将字符串拆分为单个字符存储(无法完整保留原始字符串为一个元素) char_array = array.array(u'u', taint_src) # 每个字符作为独立元素 # 创建包含其他元素的数组(需统一为字符类型) @@ -21,5 +21,5 @@ def taint_sink(o): if __name__ == u"__main__": taint_src = u"taint_src_value" - array_solver_006_F(taint_src) # 输出:_(仅第一个字符) + array_solver_002_F(taint_src) # 输出:_(仅第一个字符) diff --git a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_007_T.py b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_003_T.py similarity index 84% rename from sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_007_T.py rename to sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_003_T.py index aeb4d6ea..7a0b4454 100644 --- a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_007_T.py +++ b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_003_T.py @@ -4,12 +4,12 @@ # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值非数字的场景,能够区分不同索引上特定元素的状态(需要求解) # scene introduction = 数组->数组索引->需求解 # level = 4+ -# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_007_T +# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_003_T # evaluation information end import os import array -def array_solver_007_T(taint_src): +def array_solver_003_T(taint_src): # 将字符串拆分为单个字符存储(无法完整保留原始字符串为一个元素) char_array = array.array(u'u', taint_src) # 每个字符作为独立元素 # 创建包含其他元素的数组(需统一为字符类型) @@ -24,5 +24,5 @@ def taint_sink(o): if __name__ == u"__main__": taint_src = u"taint_src_value" - array_solver_007_T(taint_src) # 输出:_(仅第一个字符) + array_solver_003_T(taint_src) # 输出:_(仅第一个字符) diff --git a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_008_F.py b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_004_F.py similarity index 84% rename from sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_008_F.py rename to sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_004_F.py index 1b3f7eea..9f769231 100644 --- a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_008_F.py +++ b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_004_F.py @@ -4,12 +4,12 @@ # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值非数字的场景,能够区分不同索引上特定元素的状态(需要求解) # scene introduction = 数组->数组索引->需求解 # level = 4+ -# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_008_F +# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_004_F # evaluation information end import os import array -def array_solver_008_F(taint_src): +def array_solver_004_F(taint_src): # 将字符串拆分为单个字符存储(无法完整保留原始字符串为一个元素) char_array = array.array(u'u', taint_src) # 每个字符作为独立元素 # 创建包含其他元素的数组(需统一为字符类型) @@ -24,5 +24,5 @@ def taint_sink(o): if __name__ == u"__main__": taint_src = u"taint_src_value" - array_solver_008_F(taint_src) # 输出:_(仅第一个字符) + array_solver_004_F(taint_src) # 输出:_(仅第一个字符) diff --git a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/config.json b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/config.json index ee64d884..0dc0cddc 100644 --- a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/config.json +++ b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/config.json @@ -7,19 +7,19 @@ "level": "4", "scene_list": [ { - "compose": "list_solver_013_T.py && !list_solver_014_F.py", + "compose": "list_solver_001_T.py && !list_solver_002_F.py", "scene": "列表->列表索引->需求解1" }, { - "compose": "list_solver_015_T.py && !list_solver_016_F.py", + "compose": "list_solver_003_T.py && !list_solver_004_F.py", "scene": "列表->列表索引->需求解2" }, { - "compose": "map_solver_005_T.py && !map_solver_006_F.py", + "compose": "map_solver_001_T.py && !map_solver_002_F.py", "scene": "字典->字典索引->需求解1" }, { - "compose": "map_solver_007_T.py && !map_solver_008_F.py", + "compose": "map_solver_003_T.py && !map_solver_004_F.py", "scene": "字典->字典索引->需求解2" } ] @@ -28,11 +28,11 @@ "level": "4+", "scene_list": [ { - "compose": "array_solver_005_T.py && !array_solver_006_F.py", + "compose": "array_solver_001_T.py && !array_solver_002_F.py", "scene": "数组->数组索引->需求解1" }, { - "compose": "array_solver_007_T.py && !array_solver_008_F.py", + "compose": "array_solver_003_T.py && !array_solver_004_F.py", "scene": "数组->数组索引->需求解2" } ] diff --git a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_013_T.py b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_001_T.py similarity index 82% rename from sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_013_T.py rename to sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_001_T.py index 4addd750..e13d0e0e 100644 --- a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_013_T.py +++ b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_001_T.py @@ -4,12 +4,12 @@ # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值非数字的场景,能够区分不同索引上特定元素的状态(需要求解) # scene introduction = 列表->列表索引->需求解 # level = 4 -# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_013_T +# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_001_T # evaluation information end import os -def list_solver_013_T(taint_src): +def list_solver_001_T(taint_src): s = [u"a", u"b", taint_src, u"c", u"d"] taint_sink(s[1 + 1]) @@ -20,5 +20,5 @@ def taint_sink(o): # 示例调用 if __name__ == u"__main__": taint_src = u"taint_src_value" - list_solver_013_T(taint_src) + list_solver_001_T(taint_src) diff --git a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_014_F.py b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_002_F.py similarity index 82% rename from sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_014_F.py rename to sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_002_F.py index 97ccb0e3..13fbed6c 100644 --- a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_014_F.py +++ b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_002_F.py @@ -4,12 +4,12 @@ # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值非数字的场景,能够区分不同索引上特定元素的状态(需要求解) # scene introduction = 列表->列表索引->需求解 # level = 4 -# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_014_F +# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_002_F # evaluation information end import os -def list_solver_014_F(taint_src): +def list_solver_002_F(taint_src): s = [u"a", u"b", taint_src, u"c", u"d"] taint_sink(s[1 + 2]) @@ -21,5 +21,5 @@ def taint_sink(o): # 示例调用 if __name__ == u"__main__": taint_src = u"taint_src_value" - list_solver_014_F(taint_src) + list_solver_002_F(taint_src) diff --git a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_015_T.py b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_003_T.py similarity index 80% rename from sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_015_T.py rename to sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_003_T.py index 3f97d0bf..815293e3 100644 --- a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_015_T.py +++ b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_003_T.py @@ -4,12 +4,12 @@ # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值非数字的场景,能够区分不同索引上特定元素的状态(需要求解) # scene introduction = 列表->列表索引->需求解 # level = 4 -# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_015_T +# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_003_T # evaluation information end import os -def list_solver_015_T(taint_src): +def list_solver_003_T(taint_src): s = [u"a", u"b", taint_src, u"c", u"d"] length = len(s) taint_sink(s[length - 3]) # 等价于索引2(污染) @@ -20,5 +20,5 @@ def taint_sink(o): if __name__ == u"__main__": taint_src = u"taint_src_value" - list_solver_015_T(taint_src) # 输出:taint_src_value + list_solver_003_T(taint_src) # 输出:taint_src_value diff --git a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_016_F.py b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_004_F.py similarity index 80% rename from sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_016_F.py rename to sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_004_F.py index 45c6b41c..aa8d32b3 100644 --- a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_016_F.py +++ b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_004_F.py @@ -4,12 +4,12 @@ # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值非数字的场景,能够区分不同索引上特定元素的状态(需要求解) # scene introduction = 列表->列表索引->需求解 # level = 4 -# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_016_F +# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_004_F # evaluation information end import os -def list_solver_016_F(taint_src): +def list_solver_004_F(taint_src): s = [u"a", u"b", taint_src, u"c", u"d"] length = len(s) taint_sink(s[length - 2]) # 等价于索引3(未污染) @@ -20,5 +20,5 @@ def taint_sink(o): if __name__ == u"__main__": taint_src = u"taint_src_value" - list_solver_016_F(taint_src) # 输出:taint_src_value + list_solver_004_F(taint_src) # 输出:taint_src_value diff --git a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_005_T.py b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_001_T.py similarity index 81% rename from sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_005_T.py rename to sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_001_T.py index 718fee3b..1bb5bf47 100644 --- a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_005_T.py +++ b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_001_T.py @@ -4,13 +4,13 @@ # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值非数字的场景,能够区分不同索引上特定元素的状态(需要求解) # scene introduction = 字典->字典索引->需求解 # level = 4 -# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_005_T +# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_001_T # evaluation information end import os -def map_solver_005_T(taint_src): +def map_solver_001_T(taint_src): d = { 0: u"a", 1: u"b", @@ -27,5 +27,5 @@ def taint_sink(o): if __name__ == u"__main__": taint_src = u"taint_src_value" - map_solver_005_T(taint_src) # 调用函数并传入字符串作为污染源 + map_solver_001_T(taint_src) # 调用函数并传入字符串作为污染源 diff --git a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_006_F.py b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_002_F.py similarity index 81% rename from sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_006_F.py rename to sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_002_F.py index 85e8e58e..8fbdf42a 100644 --- a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_006_F.py +++ b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_002_F.py @@ -4,13 +4,13 @@ # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值非数字的场景,能够区分不同索引上特定元素的状态(需要求解) # scene introduction = 字典->字典索引->需求解 # level = 4 -# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_006_F +# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_002_F # evaluation information end import os -def map_solver_006_F(taint_src): +def map_solver_002_F(taint_src): d = { 0: u"a", 1: u"b", @@ -26,6 +26,6 @@ def taint_sink(o): if __name__ == u"__main__": taint_src = u"taint_src_value" - map_solver_006_F(taint_src) # 调用函数并传入字符串作为污染源 + map_solver_002_F(taint_src) # 调用函数并传入字符串作为污染源 diff --git a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_007_T.py b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_003_T.py similarity index 82% rename from sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_007_T.py rename to sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_003_T.py index a2d58b6f..ec8f8678 100644 --- a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_007_T.py +++ b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_003_T.py @@ -4,13 +4,13 @@ # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值非数字的场景,能够区分不同索引上特定元素的状态(需要求解) # scene introduction = 字典->字典索引->需求解 # level = 4 -# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_007_T +# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_003_T # evaluation information end import os -def map_solver_007_T(taint_src): +def map_solver_003_T(taint_src): d = { 0: u"a", 1: u"b", @@ -24,5 +24,5 @@ def taint_sink(o): if __name__ == u"__main__": taint_src = u"taint_src_value" - map_solver_007_T(taint_src) # 调用函数并传入字符串作为污染源 + map_solver_003_T(taint_src) # 调用函数并传入字符串作为污染源 diff --git a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_008_F.py b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_004_F.py similarity index 82% rename from sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_008_F.py rename to sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_004_F.py index 38c7d607..4d193c6b 100644 --- a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_008_F.py +++ b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_004_F.py @@ -4,13 +4,13 @@ # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值非数字的场景,能够区分不同索引上特定元素的状态(需要求解) # scene introduction = 字典->字典索引->需求解 # level = 4 -# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_008_F +# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_004_F # evaluation information end import os -def map_solver_008_F(taint_src): +def map_solver_004_F(taint_src): d = { 0: u"a", 1: u"b", @@ -26,5 +26,5 @@ def taint_sink(o): if __name__ == u"__main__": taint_src = u"taint_src_value" - map_solver_008_F(taint_src) # 调用函数并传入字符串作为污染源 + map_solver_004_F(taint_src) # 调用函数并传入字符串作为污染源 diff --git a/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_007_F.py b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_001_F.py similarity index 80% rename from sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_007_F.py rename to sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_001_F.py index 9b7b2d25..9f5c8635 100644 --- a/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_007_F.py +++ b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_001_F.py @@ -4,12 +4,12 @@ # evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 # scene introduction = 区分if else准入条件(不需求解)->if->区分分支 # level = 3 -# bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_007_F +# bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_001_F # evaluation information end import os -def conditional_if_007_F(taint_src): +def conditional_if_no_solver_001_F(taint_src): if True: res = taint_src else: @@ -24,5 +24,5 @@ def taint_sink(o): # 示例调用 if __name__ == u"__main__": taint_src = u"taint_src_value" - conditional_if_007_F(taint_src) + conditional_if_no_solver_001_F(taint_src) diff --git a/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_008_F.py b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_002_F.py similarity index 80% rename from sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_008_F.py rename to sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_002_F.py index 132d3fef..efa7f8c4 100644 --- a/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_008_F.py +++ b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_002_F.py @@ -4,12 +4,12 @@ # evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 # scene introduction = 区分if else准入条件(不需求解)->if->区分分支 # level = 3 -# bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_008_F +# bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_002_F # evaluation information end import os -def conditional_if_008_F(taint_src): +def conditional_if_no_solver_002_F(taint_src): res = u"" if True: taint_sink(res) @@ -25,5 +25,5 @@ def taint_sink(o): # 示例调用 if __name__ == u"__main__": taint_src = u"taint_src_value" - conditional_if_008_F(taint_src) + conditional_if_no_solver_002_F(taint_src) diff --git a/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_009_T.py b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_003_T.py similarity index 81% rename from sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_009_T.py rename to sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_003_T.py index 106cb992..45c7941f 100644 --- a/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_009_T.py +++ b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_003_T.py @@ -4,12 +4,12 @@ # evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 # scene introduction = 区分if else分支+准入条件(不需求解)->if->区分具体执行路径->不求解 # level = 3 -# bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_009_T +# bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_003_T # evaluation information end import os -def conditional_if_009_T(taint_src): +def conditional_if_no_solver_003_T(taint_src): res = u"" if False: res = u"_" @@ -26,5 +26,5 @@ def taint_sink(o): # 示例调用 if __name__ == u"__main__": taint_src = u"taint_src_value" - conditional_if_009_T(taint_src) + conditional_if_no_solver_003_T(taint_src) diff --git a/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_010_F.py b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_004_F.py similarity index 81% rename from sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_010_F.py rename to sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_004_F.py index ca53b284..f2b427c9 100644 --- a/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_010_F.py +++ b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_004_F.py @@ -4,12 +4,12 @@ # evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 # scene introduction = 区分if else分支+准入条件(不需求解)->if->区分具体执行路径->不求解 # level = 3 -# bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_010_F +# bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_004_F # evaluation information end import os -def conditional_if_010_F(taint_src): +def conditional_if_no_solver_004_F(taint_src): res = u"" if True: res = u"_" @@ -26,5 +26,5 @@ def taint_sink(o): # 示例调用 if __name__ == u"__main__": taint_src = u"taint_src_value" - conditional_if_010_F(taint_src) + conditional_if_no_solver_004_F(taint_src) diff --git a/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/config.json b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/config.json index 1c449d3c..923c781f 100644 --- a/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/config.json +++ b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/config.json @@ -7,11 +7,11 @@ "level": "3", "scene_list": [ { - "compose": "!conditional_if_007_F.py && !conditional_if_008_F.py", + "compose": "!conditional_if_no_solver_001_F.py && !conditional_if_no_solver_002_F.py", "scene": "区分if else准入条件(不需求解)->if->区分分支" }, { - "compose": "conditional_if_009_T.py && !conditional_if_010_F.py", + "compose": "conditional_if_no_solver_003_T.py && !conditional_if_no_solver_004_F.py", "scene": "区分if else分支+准入条件(不需求解)->if->区分具体执行路径->不求解" } ] diff --git a/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_011_T.py b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_solver_001_T.py similarity index 82% rename from sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_011_T.py rename to sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_solver_001_T.py index 40dd3ef7..c7decddb 100644 --- a/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_011_T.py +++ b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_solver_001_T.py @@ -4,12 +4,12 @@ # evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 # scene introduction = 区分if else分支+准入条件(需要求解)->if->区分具体执行路径->求解 # level = 4 -# bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_011_T +# bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_solver_001_T # evaluation information end import os -def conditional_if_011_T(taint_src): +def conditional_if_solver_001_T(taint_src): res = u"" if 1 + 1 == 2: res = taint_src @@ -27,5 +27,5 @@ def taint_sink(o): # 示例调用 if __name__ == u"__main__": taint_src = u"taint_src_value" - conditional_if_011_T(taint_src) + conditional_if_solver_001_T(taint_src) diff --git a/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_012_F.py b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_solver_002_F.py similarity index 82% rename from sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_012_F.py rename to sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_solver_002_F.py index 304bb8e1..53eb7a8b 100644 --- a/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_012_F.py +++ b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_solver_002_F.py @@ -4,12 +4,12 @@ # evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 # scene introduction = 区分if else分支+准入条件(需要求解)->if->区分具体执行路径->求解 # level = 4 -# bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_012_F +# bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_solver_002_F # evaluation information end import os -def conditional_if_012_F(taint_src): +def conditional_if_solver_002_F(taint_src): res = u"" if 1 + 1 == 3: res = taint_src @@ -26,5 +26,5 @@ def taint_sink(o): # 示例调用 if __name__ == u"__main__": taint_src = u"taint_src_value" - conditional_if_012_F(taint_src) + conditional_if_solver_002_F(taint_src) diff --git a/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/config.json b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/config.json index 3bd31eb8..ba78ff03 100644 --- a/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/config.json +++ b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/config.json @@ -7,15 +7,15 @@ "level": "4", "scene_list": [ { - "compose": "conditional_if_011_T.py && !conditional_if_012_F.py", + "compose": "conditional_if_solver_001_T.py && !conditional_if_solver_002_F.py", "scene": "区分if else分支+准入条件(需要求解)->if->区分具体执行路径->求解" }, { - "compose": "for_body_004_T.py && !for_body_005_F.py", + "compose": "for_body_solver_001_T.py && !for_body_solver_002_F.py", "scene": "循环结构->for_body" }, { - "compose": "!while_body_005_F.py && while_body_006_T.py", + "compose": "!while_body_solver_001_F.py && while_body_solver_002_T.py", "scene": "循环结构->whileElse" } ] diff --git a/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_004_T.py b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_solver_001_T.py similarity index 83% rename from sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_004_T.py rename to sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_solver_001_T.py index e7916d77..00b21b41 100644 --- a/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_004_T.py +++ b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_solver_001_T.py @@ -4,12 +4,12 @@ # evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 # scene introduction = 循环结构->for_body # level = 4 -# bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_004_T +# bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_solver_001_T # evaluation information end import os -def for_body_004_T(taint_src): +def for_body_solver_001_T(taint_src): res = None for i in xrange(2): res = taint_src @@ -22,5 +22,5 @@ def taint_sink(o): # 示例调用 if __name__ == u"__main__": taint_src = u"taint_src_value" - for_body_004_T(taint_src) + for_body_solver_001_T(taint_src) diff --git a/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_005_F.py b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_solver_002_F.py similarity index 86% rename from sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_005_F.py rename to sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_solver_002_F.py index ecc74b47..eb0ef22c 100644 --- a/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_005_F.py +++ b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_solver_002_F.py @@ -4,12 +4,12 @@ # evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 # scene introduction = 循环结构->for_body # level = 4 -# bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_005_F +# bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_solver_002_F # evaluation information end import os -def for_body_005_F(taint_src): +def for_body_solver_002_F(taint_src): res = None # 初始化变量(避免未定义错误) for i in xrange(0): # 循环条件不满足,循环体不会执行 res = taint_src # 这一行永远不会执行 @@ -24,5 +24,5 @@ def taint_sink(o): # 示例调用 if __name__ == u"__main__": taint_src = u"taint_src_value" - for_body_005_F(taint_src) + for_body_solver_002_F(taint_src) diff --git a/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_005_F.py b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_solver_001_F.py similarity index 83% rename from sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_005_F.py rename to sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_solver_001_F.py index 465a0b09..1c7373cc 100644 --- a/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_005_F.py +++ b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_solver_001_F.py @@ -4,13 +4,13 @@ # evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 # scene introduction = 循环结构->whileElse # level = 4 -# bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_005_F +# bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_solver_001_F # evaluation information end import os -def while_body_005_F(taint_src): +def while_body_solver_001_F(taint_src): i = 7 res = u"_" while i < 3: @@ -27,4 +27,4 @@ def taint_sink(o): if __name__ == u"__main__": taint_src = u"taint_src_value" - while_body_005_F(taint_src) + while_body_solver_001_F(taint_src) diff --git a/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_006_T.py b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_solver_002_T.py similarity index 83% rename from sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_006_T.py rename to sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_solver_002_T.py index f5dc1967..1394fb00 100644 --- a/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_006_T.py +++ b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_solver_002_T.py @@ -4,13 +4,13 @@ # evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 # scene introduction = 循环结构->whileElse # level = 4 -# bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_006_T +# bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_solver_002_T # evaluation information end import os -def while_body_006_T(taint_src): +def while_body_solver_002_T(taint_src): i = 7 res = taint_src while i < 3: @@ -27,4 +27,4 @@ def taint_sink(o): if __name__ == u"__main__": taint_src = u"taint_src_value" - while_body_006_T(taint_src) + while_body_solver_002_T(taint_src) diff --git a/sast-python2/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_005_T.py b/sast-python2/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_005_T.py index 469cb992..f3b976b6 100644 --- a/sast-python2/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_005_T.py +++ b/sast-python2/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_005_T.py @@ -10,16 +10,15 @@ def dynamic_call_reflect_005_T(taint_src): - class Obj(object): - def __init__(self, data): - self.data = data - self.data1 = u'aaa' + class Obj: + def __init__(self): + self.data = u'aaa' - obj = Obj(taint_src) + obj = Obj() - del obj.data1 - - taint_sink(obj.data) + delattr(obj, u'data') + setattr(obj, u'data', taint_src) + taint_sink(getattr(obj, u'data')) def taint_sink(o): diff --git a/sast-python2/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_006_F.py b/sast-python2/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_006_F.py index d3e52f3e..7bd41eaf 100644 --- a/sast-python2/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_006_F.py +++ b/sast-python2/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_006_F.py @@ -10,16 +10,15 @@ def dynamic_call_reflect_006_F(taint_src): - class Obj(object): - def __init__(self, data): - self.data = data - self.data1 = u'aaa' + class Obj: + def __init__(self,value): + self.data = value obj = Obj(taint_src) - del obj.data - - taint_sink(obj.data1) + delattr(obj, u'data') + setattr(obj, u'data', u"aa") + taint_sink(getattr(obj, u'data')) def taint_sink(o): diff --git a/sast-python2/case/completeness/single_app_tracing/expression/conditional_expression/logical_and_001_T.py b/sast-python2/case/completeness/single_app_tracing/expression/conditional_expression/logical_and_001_T.py index 81128892..e844ce20 100644 --- a/sast-python2/case/completeness/single_app_tracing/expression/conditional_expression/logical_and_001_T.py +++ b/sast-python2/case/completeness/single_app_tracing/expression/conditional_expression/logical_and_001_T.py @@ -10,7 +10,7 @@ # ? def logical_and_001_T(taint_src): - result = taint_src.startswith(u"t") and taint_src.endswith(u"e") # 污点通过AND条件传递 + result = taint_src.startswith(u"t") and taint_src # 污点通过AND条件传递 taint_sink(result) def taint_sink(o): diff --git a/sast-python2/case/completeness/single_app_tracing/expression/conditional_expression/logical_and_002_F.py b/sast-python2/case/completeness/single_app_tracing/expression/conditional_expression/logical_and_002_F.py index 94409191..b72ce9cb 100644 --- a/sast-python2/case/completeness/single_app_tracing/expression/conditional_expression/logical_and_002_F.py +++ b/sast-python2/case/completeness/single_app_tracing/expression/conditional_expression/logical_and_002_F.py @@ -10,7 +10,7 @@ def logical_and_002_F(taint_src): - result = taint_src.startswith(u"t") and taint_src.endswith(u"t") # 污点通过AND条件传递 + result = taint_src.startswith(u"t") and "aa" # 污点通过AND条件传递 taint_sink(result) def taint_sink(o): diff --git a/sast-python2/case/completeness/single_app_tracing/expression/conditional_expression/logical_or_001_T.py b/sast-python2/case/completeness/single_app_tracing/expression/conditional_expression/logical_or_001_T.py index bdbd5869..425028a4 100644 --- a/sast-python2/case/completeness/single_app_tracing/expression/conditional_expression/logical_or_001_T.py +++ b/sast-python2/case/completeness/single_app_tracing/expression/conditional_expression/logical_or_001_T.py @@ -10,7 +10,7 @@ # ? def logical_or_001_T(taint_src): - result = taint_src == u"taint_src_value" or taint_src.endswith(u"_") # 污点通过OR条件传递 + result = taint_src != u"taint_src_value" or taint_src # 污点通过OR条件传递 taint_sink(result) def taint_sink(o): diff --git a/sast-python2/case/completeness/single_app_tracing/expression/conditional_expression/logical_or_002_F.py b/sast-python2/case/completeness/single_app_tracing/expression/conditional_expression/logical_or_002_F.py index 6577d7eb..69473d29 100644 --- a/sast-python2/case/completeness/single_app_tracing/expression/conditional_expression/logical_or_002_F.py +++ b/sast-python2/case/completeness/single_app_tracing/expression/conditional_expression/logical_or_002_F.py @@ -10,7 +10,7 @@ def logical_or_002_F(taint_src): - result = taint_src == u"taint_src" or taint_src.endswith(u"_") # 污点通过OR条件传递 + result = taint_src != u"taint_src_value" or "aa" # 污点通过OR条件传递 taint_sink(result) def taint_sink(o): diff --git a/sast-python2/case/completeness/single_app_tracing/expression/lambda_expression/config.json b/sast-python2/case/completeness/single_app_tracing/expression/lambda_expression/config.json index f8035940..19664255 100644 --- a/sast-python2/case/completeness/single_app_tracing/expression/lambda_expression/config.json +++ b/sast-python2/case/completeness/single_app_tracing/expression/lambda_expression/config.json @@ -8,10 +8,6 @@ "scene_list": [ { "compose": "lambda_expression_001_T.py && !lambda_expression_002_F.py", - "scene": "1" - }, - { - "compose": "lambda_expression_003_T.py && !lambda_expression_004_F.py", "scene": "lambda关键字" } ] diff --git a/sast-python2/case/completeness/single_app_tracing/expression/lambda_expression/lambda_expression_001_T.py b/sast-python2/case/completeness/single_app_tracing/expression/lambda_expression/lambda_expression_001_T.py index b23c204c..5937523a 100644 --- a/sast-python2/case/completeness/single_app_tracing/expression/lambda_expression/lambda_expression_001_T.py +++ b/sast-python2/case/completeness/single_app_tracing/expression/lambda_expression/lambda_expression_001_T.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 完整度->单应用跟踪完整度->表达式->Lambda表达式 -# scene introduction = +# scene introduction = lambda关键字 # level = 2 # bind_url = completeness/single_app_tracing/expression/lambda_expression/lambda_expression_001_T # evaluation information end @@ -10,17 +10,22 @@ def lambda_expression_001_T(taint_src): + # 初始化结果变量 result = u'' - def lambda_func(a): return a + + # 使用 lambda 创建一个匿名函数,该函数接收一个参数并返回相同的参数 + lambda_func = lambda a: a + + # 调用 lambda 函数并将结果赋值给 result 变量 result = lambda_func(taint_src) + + # 将结果传递给污染接收函数 taint_sink(result) - def taint_sink(o): - os.system(o) - + os.system(o) -if __name__ == u'__main__': +if __name__ == u"__main__": taint_src = u"taint_src_value" - lambda_expression_001_T(taint_src) + lambda_expression_001_T(taint_src) # 调用函数,传入污染源值 taint_src diff --git a/sast-python2/case/completeness/single_app_tracing/expression/lambda_expression/lambda_expression_002_F.py b/sast-python2/case/completeness/single_app_tracing/expression/lambda_expression/lambda_expression_002_F.py index 19f34ff2..d4188f3f 100644 --- a/sast-python2/case/completeness/single_app_tracing/expression/lambda_expression/lambda_expression_002_F.py +++ b/sast-python2/case/completeness/single_app_tracing/expression/lambda_expression/lambda_expression_002_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->Lambda表达式 -# scene introduction = +# scene introduction = lambda关键字 # level = 2 # bind_url = completeness/single_app_tracing/expression/lambda_expression/lambda_expression_002_F # evaluation information end @@ -10,17 +10,22 @@ def lambda_expression_002_F(taint_src): + # 初始化结果变量 result = u'' - def lambda_func(a): return u'_' + + # 使用 lambda 创建一个匿名函数,该函数接收一个参数并返回相同的参数 + lambda_func = lambda a: u"_" + + # 调用 lambda 函数并将结果赋值给 result 变量 result = lambda_func(taint_src) + + # 将结果传递给污染接收函数 taint_sink(result) - def taint_sink(o): - os.system(o) - + os.system(o) -if __name__ == u'__main__': +if __name__ == u"__main__": taint_src = u"taint_src_value" - lambda_expression_002_F(taint_src) + lambda_expression_002_F(taint_src) # 调用函数,传入污染源值 taint_src diff --git a/sast-python2/case/completeness/single_app_tracing/expression/lambda_expression/lambda_expression_003_T.py b/sast-python2/case/completeness/single_app_tracing/expression/lambda_expression/lambda_expression_003_T.py deleted file mode 100644 index adca956a..00000000 --- a/sast-python2/case/completeness/single_app_tracing/expression/lambda_expression/lambda_expression_003_T.py +++ /dev/null @@ -1,31 +0,0 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->表达式->Lambda表达式 -# scene introduction = lambda关键字 -# level = 2 -# bind_url = completeness/single_app_tracing/expression/lambda_expression/lambda_expression_003_T -# evaluation information end -import os - - -def lambda_expression_003_T(taint_src): - # 初始化结果变量 - result = u'' - - # 使用 lambda 创建一个匿名函数,该函数接收一个参数并返回相同的参数 - lambda_func = lambda a: a - - # 调用 lambda 函数并将结果赋值给 result 变量 - result = lambda_func(taint_src) - - # 将结果传递给污染接收函数 - taint_sink(result) - -def taint_sink(o): - os.system(o) - -if __name__ == u"__main__": - taint_src = u"taint_src_value" - lambda_expression_003_T(taint_src) # 调用函数,传入污染源值 taint_src - diff --git a/sast-python2/case/completeness/single_app_tracing/expression/lambda_expression/lambda_expression_004_F.py b/sast-python2/case/completeness/single_app_tracing/expression/lambda_expression/lambda_expression_004_F.py deleted file mode 100644 index f9ee5bb1..00000000 --- a/sast-python2/case/completeness/single_app_tracing/expression/lambda_expression/lambda_expression_004_F.py +++ /dev/null @@ -1,31 +0,0 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 完整度->单应用跟踪完整度->表达式->Lambda表达式 -# scene introduction = lambda关键字 -# level = 2 -# bind_url = completeness/single_app_tracing/expression/lambda_expression/lambda_expression_004_F -# evaluation information end -import os - - -def lambda_expression_004_F(taint_src): - # 初始化结果变量 - result = u'' - - # 使用 lambda 创建一个匿名函数,该函数接收一个参数并返回相同的参数 - lambda_func = lambda a: u"_" - - # 调用 lambda 函数并将结果赋值给 result 变量 - result = lambda_func(taint_src) - - # 将结果传递给污染接收函数 - taint_sink(result) - -def taint_sink(o): - os.system(o) - -if __name__ == u"__main__": - taint_src = u"taint_src_value" - lambda_expression_004_F(taint_src) # 调用函数,传入污染源值 taint_src - diff --git a/sast-python2/case/completeness/single_app_tracing/expression/special_expression/config.json b/sast-python2/case/completeness/single_app_tracing/expression/special_expression/config.json index 5da48a94..08f7c8ac 100644 --- a/sast-python2/case/completeness/single_app_tracing/expression/special_expression/config.json +++ b/sast-python2/case/completeness/single_app_tracing/expression/special_expression/config.json @@ -6,7 +6,6 @@ { "level": "2+", "scene_list": [ - { "compose": "destructuring_assignment_001_T.py && !destructuring_assignment_002_F.py", "scene": "解构赋值表达式->数组解构赋值" @@ -41,14 +40,6 @@ }, { "compose": "del_expression_007_T.py && !del_expression_008_F.py", - "scene": "del运算符->单个变量" - }, - { - "compose": "del_expression_009_T.py && !del_expression_010_F.py", - "scene": "del运算符->多个变量" - }, - { - "compose": "del_expression_011_T.py && !del_expression_012_F.py", "scene": "del运算符->切片" }, { @@ -61,7 +52,7 @@ } ] }, - { + { "level": "2", "scene_list": [ { @@ -77,11 +68,11 @@ "scene": "模板字面量3" }, { - "compose": "spread_operator_005_T.py && !spread_operator_006_F.py", + "compose": "spread_operator_001_T.py && !spread_operator_002_F.py", "scene": "扩展运算符1" }, { - "compose": "spread_operator_007_T.py && !spread_operator_008_F.py", + "compose": "spread_operator_003_T.py && !spread_operator_004_F.py", "scene": "扩展运算符2" }, { @@ -90,7 +81,7 @@ } ] }, - { + { "level": "3", "scene_list": [ { diff --git a/sast-python2/case/completeness/single_app_tracing/expression/special_expression/del_expression_007_T.py b/sast-python2/case/completeness/single_app_tracing/expression/special_expression/del_expression_007_T.py index 6f9ee4fb..842a3ae6 100644 --- a/sast-python2/case/completeness/single_app_tracing/expression/special_expression/del_expression_007_T.py +++ b/sast-python2/case/completeness/single_app_tracing/expression/special_expression/del_expression_007_T.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -# scene introduction = del运算符->单个变量 +# scene introduction = del运算符->切片 # level = 2+ # bind_url = completeness/single_app_tracing/expression/special_expression/del_expression_007_T # evaluation information end @@ -11,10 +11,9 @@ def del_expression_007_T(taint_src): - a = taint_src # 将 taint_src 的值赋给变量 a - b = u"bbb" - del b # 删除变量 a - taint_sink(a) # 尝试访问已删除的变量 a + lst = [taint_src, u"b", u"c", u"d"] # 初始化列表,包含 __taint_src 的值 + del lst[1:3] # 删除列表的切片 + taint_sink(lst) # 将修改后的列表传递给 sink 点 def taint_sink(o): diff --git a/sast-python2/case/completeness/single_app_tracing/expression/special_expression/del_expression_008_F.py b/sast-python2/case/completeness/single_app_tracing/expression/special_expression/del_expression_008_F.py index a407fa22..6fce08a8 100644 --- a/sast-python2/case/completeness/single_app_tracing/expression/special_expression/del_expression_008_F.py +++ b/sast-python2/case/completeness/single_app_tracing/expression/special_expression/del_expression_008_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -# scene introduction = del运算符->单个变量 +# scene introduction = del运算符->切片 # level = 2+ # bind_url = completeness/single_app_tracing/expression/special_expression/del_expression_008_F # evaluation information end @@ -11,10 +11,9 @@ def del_expression_008_F(taint_src): - a = taint_src # 将 taint_src 的值赋给变量 a - b = u"bbb" - del a # 删除变量 a - taint_sink(b) # 尝试访问已删除的变量 a + lst = [taint_src, u"b", u"c", u"d"] # 初始化列表,包含 __taint_src 的值 + del lst[0:1] # 删除列表的切片 + taint_sink(lst) # 将修改后的列表传递给 sink 点 def taint_sink(o): diff --git a/sast-python2/case/completeness/single_app_tracing/expression/special_expression/del_expression_009_T.py b/sast-python2/case/completeness/single_app_tracing/expression/special_expression/del_expression_009_T.py deleted file mode 100644 index 36565e08..00000000 --- a/sast-python2/case/completeness/single_app_tracing/expression/special_expression/del_expression_009_T.py +++ /dev/null @@ -1,27 +0,0 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -# scene introduction = del运算符->多个变量 -# level = 2+ -# bind_url = completeness/single_app_tracing/expression/special_expression/del_expression_009_T -# evaluation information end -import os - - - -def del_expression_009_T(taint_src): - a = taint_src # 将taint_src 的值赋给变量 a - b = u"bbb" - c = u"ccc" - del b, c # 删除变量 a 和 b - taint_sink(a) # 尝试访问已删除的变量 a - - -def taint_sink(o): - os.system(unicode(o)) - - -if __name__ == u'__main__': - taint_src = u"taint_src_value" - del_expression_009_T(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/expression/special_expression/del_expression_010_F.py b/sast-python2/case/completeness/single_app_tracing/expression/special_expression/del_expression_010_F.py deleted file mode 100644 index f8a7b1cf..00000000 --- a/sast-python2/case/completeness/single_app_tracing/expression/special_expression/del_expression_010_F.py +++ /dev/null @@ -1,27 +0,0 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -# scene introduction = del运算符->多个变量 -# level = 2+ -# bind_url = completeness/single_app_tracing/expression/special_expression/del_expression_010_F -# evaluation information end -import os - - - -def del_expression_010_F(taint_src): - a = taint_src # 将taint_src 的值赋给变量 a - b = u"bbb" - c = u"ccc" - del a, c # 删除变量 a 和 b - taint_sink(b) # 尝试访问已删除的变量 a - - -def taint_sink(o): - os.system(unicode(o)) - - -if __name__ == u'__main__': - taint_src = u"taint_src_value" - del_expression_010_F(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/expression/special_expression/del_expression_011_T.py b/sast-python2/case/completeness/single_app_tracing/expression/special_expression/del_expression_011_T.py deleted file mode 100644 index 15c49de7..00000000 --- a/sast-python2/case/completeness/single_app_tracing/expression/special_expression/del_expression_011_T.py +++ /dev/null @@ -1,25 +0,0 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -# scene introduction = del运算符->切片 -# level = 2+ -# bind_url = completeness/single_app_tracing/expression/special_expression/del_expression_011_T -# evaluation information end -import os - - - -def del_expression_011_T(taint_src): - lst = [taint_src, u"b", u"c", u"d"] # 初始化列表,包含 __taint_src 的值 - del lst[1:3] # 删除列表的切片 - taint_sink(lst) # 将修改后的列表传递给 sink 点 - - -def taint_sink(o): - os.system(unicode(o)) - - -if __name__ == u'__main__': - taint_src = u"taint_src_value" - del_expression_011_T(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/expression/special_expression/del_expression_012_F.py b/sast-python2/case/completeness/single_app_tracing/expression/special_expression/del_expression_012_F.py deleted file mode 100644 index 2629c5a6..00000000 --- a/sast-python2/case/completeness/single_app_tracing/expression/special_expression/del_expression_012_F.py +++ /dev/null @@ -1,25 +0,0 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -# scene introduction = del运算符->切片 -# level = 2+ -# bind_url = completeness/single_app_tracing/expression/special_expression/del_expression_012_F -# evaluation information end -import os - - - -def del_expression_012_F(taint_src): - lst = [taint_src, u"b", u"c", u"d"] # 初始化列表,包含 __taint_src 的值 - del lst[0:1] # 删除列表的切片 - taint_sink(lst) # 将修改后的列表传递给 sink 点 - - -def taint_sink(o): - os.system(unicode(o)) - - -if __name__ == u'__main__': - taint_src = u"taint_src_value" - del_expression_012_F(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/expression/special_expression/spread_operator_005_T.py b/sast-python2/case/completeness/single_app_tracing/expression/special_expression/spread_operator_001_T.py similarity index 79% rename from sast-python2/case/completeness/single_app_tracing/expression/special_expression/spread_operator_005_T.py rename to sast-python2/case/completeness/single_app_tracing/expression/special_expression/spread_operator_001_T.py index eefcdbfb..bbe512fe 100644 --- a/sast-python2/case/completeness/single_app_tracing/expression/special_expression/spread_operator_005_T.py +++ b/sast-python2/case/completeness/single_app_tracing/expression/special_expression/spread_operator_001_T.py @@ -4,12 +4,12 @@ # evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 # scene introduction = 扩展运算符 # level = 2 -# bind_url = completeness/single_app_tracing/expression/special_expression/spread_operator_005_T +# bind_url = completeness/single_app_tracing/expression/special_expression/spread_operator_001_T # evaluation information end import os -def spread_operator_005_T(taint_src): +def spread_operator_001_T(taint_src): collectArgs(taint_src,u'prefix', u'suffix') @@ -23,5 +23,5 @@ def taint_sink(o): if __name__ == u'__main__': taint_src = u"taint_src_value" - spread_operator_005_T(taint_src) + spread_operator_001_T(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/expression/special_expression/spread_operator_006_F.py b/sast-python2/case/completeness/single_app_tracing/expression/special_expression/spread_operator_002_F.py similarity index 79% rename from sast-python2/case/completeness/single_app_tracing/expression/special_expression/spread_operator_006_F.py rename to sast-python2/case/completeness/single_app_tracing/expression/special_expression/spread_operator_002_F.py index 9dd8b9ee..59b48bc5 100644 --- a/sast-python2/case/completeness/single_app_tracing/expression/special_expression/spread_operator_006_F.py +++ b/sast-python2/case/completeness/single_app_tracing/expression/special_expression/spread_operator_002_F.py @@ -4,12 +4,12 @@ # evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 # scene introduction = 扩展运算符 # level = 2 -# bind_url = completeness/single_app_tracing/expression/special_expression/spread_operator_006_F +# bind_url = completeness/single_app_tracing/expression/special_expression/spread_operator_002_F # evaluation information end import os -def spread_operator_006_F(taint_src): +def spread_operator_002_F(taint_src): collectArgs(taint_src,u'prefix', u'suffix') @@ -23,5 +23,5 @@ def taint_sink(o): if __name__ == u'__main__': taint_src = u"taint_src_value" - spread_operator_006_F(taint_src) + spread_operator_002_F(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/expression/special_expression/spread_operator_007_T.py b/sast-python2/case/completeness/single_app_tracing/expression/special_expression/spread_operator_003_T.py similarity index 79% rename from sast-python2/case/completeness/single_app_tracing/expression/special_expression/spread_operator_007_T.py rename to sast-python2/case/completeness/single_app_tracing/expression/special_expression/spread_operator_003_T.py index e81354ca..bf32671b 100644 --- a/sast-python2/case/completeness/single_app_tracing/expression/special_expression/spread_operator_007_T.py +++ b/sast-python2/case/completeness/single_app_tracing/expression/special_expression/spread_operator_003_T.py @@ -4,12 +4,12 @@ # evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 # scene introduction = 扩展运算符 # level = 2 -# bind_url = completeness/single_app_tracing/expression/special_expression/spread_operator_007_T +# bind_url = completeness/single_app_tracing/expression/special_expression/spread_operator_003_T # evaluation information end import os -def spread_operator_007_T(taint_src): +def spread_operator_003_T(taint_src): collectArgs([u'prefix', taint_src, u'suffix']) @@ -23,5 +23,5 @@ def taint_sink(o): if __name__ == u'__main__': taint_src = u"taint_src_value" - spread_operator_007_T(taint_src) + spread_operator_003_T(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/expression/special_expression/spread_operator_008_F.py b/sast-python2/case/completeness/single_app_tracing/expression/special_expression/spread_operator_004_F.py similarity index 79% rename from sast-python2/case/completeness/single_app_tracing/expression/special_expression/spread_operator_008_F.py rename to sast-python2/case/completeness/single_app_tracing/expression/special_expression/spread_operator_004_F.py index 9d68c741..37fe04ef 100644 --- a/sast-python2/case/completeness/single_app_tracing/expression/special_expression/spread_operator_008_F.py +++ b/sast-python2/case/completeness/single_app_tracing/expression/special_expression/spread_operator_004_F.py @@ -4,12 +4,12 @@ # evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 # scene introduction = 扩展运算符 # level = 2 -# bind_url = completeness/single_app_tracing/expression/special_expression/spread_operator_008_F +# bind_url = completeness/single_app_tracing/expression/special_expression/spread_operator_004_F # evaluation information end import os -def spread_operator_008_F(taint_src): +def spread_operator_004_F(taint_src): collectArgs([u'prefix', taint_src, u'suffix']) @@ -23,5 +23,5 @@ def taint_sink(o): if __name__ == u'__main__': taint_src = u"taint_src_value" - spread_operator_008_F(taint_src) + spread_operator_004_F(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_011_F.py b/sast-python2/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_normal_value_001_F.py similarity index 75% rename from sast-python2/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_011_F.py rename to sast-python2/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_normal_value_001_F.py index c253ac61..7fc4aeb5 100644 --- a/sast-python2/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_011_F.py +++ b/sast-python2/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_normal_value_001_F.py @@ -4,12 +4,12 @@ # evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->参数传递 # scene introduction = 值传递嵌套函数 # level = 2 -# bind_url = completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_011_F +# bind_url = completeness/single_app_tracing/function_call/argument_passing/argument_passing_normal_value_001_F # evaluation information end import os -def argument_passing_value_011_F(taint_src): +def argument_passing_normal_value_001_F(taint_src): def outer(input): def inner(inner_input): taint_sink(inner_input) @@ -25,5 +25,5 @@ def taint_sink(o): if __name__ == u'__main__': taint_src = u"taint_src_value" - argument_passing_value_011_F(taint_src) + argument_passing_normal_value_001_F(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_012_T.py b/sast-python2/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_normal_value_002_T.py similarity index 75% rename from sast-python2/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_012_T.py rename to sast-python2/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_normal_value_002_T.py index 4aca86d1..ac2effec 100644 --- a/sast-python2/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_012_T.py +++ b/sast-python2/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_normal_value_002_T.py @@ -4,12 +4,12 @@ # evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->参数传递 # scene introduction = 值传递嵌套函数 # level = 2 -# bind_url = completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_012_T +# bind_url = completeness/single_app_tracing/function_call/argument_passing/argument_passing_normal_value_002_T # evaluation information end import os -def argument_passing_value_012_T(taint_src): +def argument_passing_normal_value_002_T(taint_src): def outer(input): def inner(inner_input): taint_sink(inner_input) @@ -25,5 +25,5 @@ def taint_sink(o): if __name__ == u'__main__': taint_src = u"taint_src_value" - argument_passing_value_012_T(taint_src) + argument_passing_normal_value_002_T(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/function_call/argument_passing/config.json b/sast-python2/case/completeness/single_app_tracing/function_call/argument_passing/config.json index 23293063..9746379a 100644 --- a/sast-python2/case/completeness/single_app_tracing/function_call/argument_passing/config.json +++ b/sast-python2/case/completeness/single_app_tracing/function_call/argument_passing/config.json @@ -23,7 +23,7 @@ "scene": "引用传递map" }, { - "compose": "!argument_passing_value_011_F.py && argument_passing_value_012_T.py", + "compose": "!argument_passing_normal_value_001_F.py && argument_passing_normal_value_002_T.py", "scene": "值传递嵌套函数" }, { diff --git a/sast-python2/case/completeness/single_app_tracing/function_call/return_value_passing/config.json b/sast-python2/case/completeness/single_app_tracing/function_call/return_value_passing/config.json index cf6fc71a..e7fb21c7 100644 --- a/sast-python2/case/completeness/single_app_tracing/function_call/return_value_passing/config.json +++ b/sast-python2/case/completeness/single_app_tracing/function_call/return_value_passing/config.json @@ -7,11 +7,11 @@ "level": "2", "scene_list": [ { - "compose": "!return_value_passing_001_F.py && return_value_passing_002_T.py", + "compose": "!return_normal_value_passing_001_F.py && return_normal_value_passing_002_T.py", "scene": "普通" }, { - "compose": "!return_value_passing_003_F.py && return_value_passing_004_T.py", + "compose": "!return_normal_value_passing_003_F.py && return_normal_value_passing_004_T.py", "scene": "多层函数嵌套传递" } ] diff --git a/sast-python2/case/completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_001_F.py b/sast-python2/case/completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_001_F.py similarity index 75% rename from sast-python2/case/completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_001_F.py rename to sast-python2/case/completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_001_F.py index 1b704ebc..d10a2fd2 100644 --- a/sast-python2/case/completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_001_F.py +++ b/sast-python2/case/completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_001_F.py @@ -4,12 +4,12 @@ # evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->返回值传递 # scene introduction = 普通 # level = 2 -# bind_url = completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_001_F +# bind_url = completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_001_F # evaluation information end import os -def return_value_passing_001_f(taint_src): +def return_normal_value_passing_001_f(taint_src): def process(src): return u'_' # 直接返回传入的参数 @@ -23,5 +23,5 @@ def taint_sink(o): if __name__ == u'__main__': taint_src = u"taint_src_value" - return_value_passing_001_f(taint_src) + return_normal_value_passing_001_f(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_002_T.py b/sast-python2/case/completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_002_T.py similarity index 74% rename from sast-python2/case/completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_002_T.py rename to sast-python2/case/completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_002_T.py index 9b560c7a..564d5c91 100644 --- a/sast-python2/case/completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_002_T.py +++ b/sast-python2/case/completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_002_T.py @@ -4,12 +4,12 @@ # evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->返回值传递 # scene introduction = 普通 # level = 2 -# bind_url = completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_002_T +# bind_url = completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_002_T # evaluation information end import os -def return_value_passing_002_T(taint_src): +def return_normal_value_passing_002_T(taint_src): data = process(taint_src) taint_sink(data) @@ -24,5 +24,5 @@ def taint_sink(o): if __name__ == u'__main__': taint_src = u"taint_src_value" - return_value_passing_002_T(taint_src) + return_normal_value_passing_002_T(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_003_F.py b/sast-python2/case/completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_003_F.py similarity index 76% rename from sast-python2/case/completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_003_F.py rename to sast-python2/case/completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_003_F.py index 58b5be5c..2750a594 100644 --- a/sast-python2/case/completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_003_F.py +++ b/sast-python2/case/completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_003_F.py @@ -4,11 +4,11 @@ # evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->返回值传递 # scene introduction = 多层函数嵌套传递 # level = 2 -# bind_url = completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_003_F +# bind_url = completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_003_F # evaluation information end import os -def return_value_passing_003_F(taint_src): +def return_normal_value_passing_003_F(taint_src): def inner1(b): return u'_' @@ -23,5 +23,5 @@ def taint_sink(o): if __name__ == u"__main__": taint_src = u"taint_src_value" - return_value_passing_003_F(taint_src) + return_normal_value_passing_003_F(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_004_T.py b/sast-python2/case/completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_004_T.py similarity index 76% rename from sast-python2/case/completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_004_T.py rename to sast-python2/case/completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_004_T.py index 0736c784..1731721b 100644 --- a/sast-python2/case/completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_004_T.py +++ b/sast-python2/case/completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_004_T.py @@ -4,11 +4,11 @@ # evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->返回值传递 # scene introduction = 多层函数嵌套传递 # level = 2 -# bind_url = completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_004_T +# bind_url = completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_004_T # evaluation information end import os -def return_value_passing_004_T(taint_src): +def return_normal_value_passing_004_T(taint_src): def inner1(b): return b @@ -23,5 +23,5 @@ def taint_sink(o): if __name__ == u"__main__": taint_src = u"taint_src_value" - return_value_passing_004_T(taint_src) + return_normal_value_passing_004_T(taint_src) diff --git a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/config.json b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/config.json index 15296e67..d0607fcc 100644 --- a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/config.json +++ b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/config.json @@ -7,23 +7,23 @@ "level": "3", "scene_list": [ { - "compose": "list_no_solver_007_T.py && !list_no_solver_008_F.py", + "compose": "list_no_solver_001_T.py && !list_no_solver_002_F.py", "scene": "列表->列表索引1" }, { - "compose": "list_no_solver_009_T.py && !list_no_solver_010_F.py", + "compose": "list_no_solver_003_T.py && !list_no_solver_004_F.py", "scene": "列表->列表索引2" }, { - "compose": "rest_parameter_007_T.py && !rest_parameter_008_F.py", + "compose": "rest_parameter_no_solver_001_T.py && !rest_parameter_no_solver_002_F.py", "scene": "列表->列表索引->剩余参数" }, { - "compose": "spread_operator_no_solver_005_T.py && !spread_operator_no_solver_006_F.py", + "compose": "spread_operator_no_solver_001_T.py && !spread_operator_no_solver_002_F.py", "scene": "列表->列表索引->扩展运算符1" }, { - "compose": "spread_operator_no_solver_007_T.py && !spread_operator_no_solver_008_F.py", + "compose": "spread_operator_no_solver_003_T.py && !spread_operator_no_solver_004_F.py", "scene": "列表->列表索引->扩展运算符2" }, { diff --git a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_007_T.py b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_001_T.py similarity index 82% rename from sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_007_T.py rename to sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_001_T.py index 04d69c4f..34d9b4e9 100644 --- a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_007_T.py +++ b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_001_T.py @@ -4,11 +4,11 @@ # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) # scene introduction = 列表->列表索引 # level = 3 -# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_007_T +# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_001_T # evaluation information end import os -def list_no_solver_007_T(taint_src): +def list_no_solver_001_T(taint_src): s = [taint_src, "b", "c"] taint_sink(s[0]) @@ -20,5 +20,5 @@ def taint_sink(o): # 示例调用 if __name__ == "__main__": taint_src = "taint_src_value" - list_no_solver_007_T(taint_src) + list_no_solver_001_T(taint_src) diff --git a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_008_F.py b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_002_F.py similarity index 82% rename from sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_008_F.py rename to sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_002_F.py index e65705a7..842b8520 100644 --- a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_008_F.py +++ b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_002_F.py @@ -4,11 +4,11 @@ # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) # scene introduction = 列表->列表索引 # level = 3 -# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_008_F +# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_002_F # evaluation information end import os -def list_no_solver_008_F(taint_src): +def list_no_solver_002_F(taint_src): s = [taint_src, "b", "c"] taint_sink(s[1]) @@ -19,5 +19,5 @@ def taint_sink(o): # 示例调用 if __name__ == "__main__": taint_src = "taint_src_value" - list_no_solver_008_F(taint_src) + list_no_solver_002_F(taint_src) diff --git a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_009_T.py b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_003_T.py similarity index 83% rename from sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_009_T.py rename to sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_003_T.py index 6fb2d66c..cbb997ff 100644 --- a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_009_T.py +++ b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_003_T.py @@ -4,12 +4,12 @@ # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) # scene introduction = 列表->列表索引 # level = 3 -# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_009_T +# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_003_T # evaluation information end import os -def list_no_solver_009_T(taint_src): +def list_no_solver_003_T(taint_src): s = [taint_src, "b", "c"] s[1] = "_" taint_sink(s) @@ -21,5 +21,5 @@ def taint_sink(o): # 示例调用 if __name__ == "__main__": taint_src = "taint_src_value" - list_no_solver_009_T(taint_src) + list_no_solver_003_T(taint_src) diff --git a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_010_F.py b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_004_F.py similarity index 83% rename from sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_010_F.py rename to sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_004_F.py index daaa0f31..aa7b69e1 100644 --- a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_010_F.py +++ b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_004_F.py @@ -4,12 +4,12 @@ # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) # scene introduction = 列表->列表索引 # level = 3 -# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_mc_010_T +# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_004_F # evaluation information end import os -def list_mc_010_T(taint_src): +def list_no_solver_004_F(taint_src): s = [taint_src, "b", "c"] s[0] = "_" taint_sink(s) @@ -22,5 +22,5 @@ def taint_sink(o): # 示例调用 if __name__ == "__main__": taint_src = "taint_src_value" - list_mc_010_T(taint_src) + list_no_solver_004_F(taint_src) diff --git a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/rest_parameter_007_T.py b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/rest_parameter_no_solver_001_T.py similarity index 81% rename from sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/rest_parameter_007_T.py rename to sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/rest_parameter_no_solver_001_T.py index 196f029c..22fa6967 100644 --- a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/rest_parameter_007_T.py +++ b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/rest_parameter_no_solver_001_T.py @@ -4,12 +4,12 @@ # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) # scene introduction = 列表->列表索引->剩余参数 # level = 3 -# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/rest_parameter_007_T +# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/rest_parameter_no_solver_001_T # evaluation information end import os -def rest_parameter_007_T(taint_src): +def rest_parameter_no_solver_001_T(taint_src): collectArgs("prefix", taint_src, "suffix") @@ -23,5 +23,5 @@ def taint_sink(o): # 示例调用 if __name__ == "__main__": taint_src = "taint_src_value" - rest_parameter_007_T(taint_src) + rest_parameter_no_solver_001_T(taint_src) diff --git a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/rest_parameter_008_F.py b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/rest_parameter_no_solver_002_F.py similarity index 81% rename from sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/rest_parameter_008_F.py rename to sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/rest_parameter_no_solver_002_F.py index fc5824b0..de3d1ed5 100644 --- a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/rest_parameter_008_F.py +++ b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/rest_parameter_no_solver_002_F.py @@ -4,11 +4,11 @@ # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) # scene introduction = 列表->列表索引->剩余参数 # level = 3 -# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/rest_parameter_008_F +# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/rest_parameter_no_solver_002_F # evaluation information end import os -def rest_parameter_008_F(taint_src): +def rest_parameter_no_solver_002_F(taint_src): collectArgs("prefix", taint_src, "suffix") @@ -21,5 +21,5 @@ def taint_sink(o): # 示例调用 if __name__ == "__main__": taint_src = "taint_src_value" - rest_parameter_008_F(taint_src) + rest_parameter_no_solver_002_F(taint_src) diff --git a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_005_T.py b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_001_T.py similarity index 80% rename from sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_005_T.py rename to sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_001_T.py index 66491852..2c852614 100644 --- a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_005_T.py +++ b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_001_T.py @@ -4,11 +4,11 @@ # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) # scene introduction = 列表->列表索引->扩展运算符 # level = 3 -# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_005_T +# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_001_T # evaluation information end import os -def spread_operator_no_solver_005_T(taint_src): +def spread_operator_no_solver_001_T(taint_src): array1 = ["a", "b", taint_src] array = ["c", *array1] taint_sink(array[3]) @@ -21,5 +21,5 @@ def taint_sink(o): # 示例调用 if __name__ == "__main__": taint_src = "taint_src_value" - spread_operator_no_solver_005_T(taint_src) + spread_operator_no_solver_001_T(taint_src) diff --git a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_006_F.py b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_002_F.py similarity index 80% rename from sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_006_F.py rename to sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_002_F.py index 04618cfe..e473c7a3 100644 --- a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_006_F.py +++ b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_002_F.py @@ -4,11 +4,11 @@ # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) # scene introduction = 列表->列表索引->扩展运算符 # level = 3 -# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_006_F +# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_002_F # evaluation information end import os -def spread_operator_no_solver_006_F(taint_src): +def spread_operator_no_solver_002_F(taint_src): array1 = ["a", "b", taint_src] array = ["c", *array1] taint_sink(array[0]) @@ -21,5 +21,5 @@ def taint_sink(o): # 示例调用 if __name__ == "__main__": taint_src = "taint_src_value" - spread_operator_no_solver_006_F(taint_src) + spread_operator_no_solver_002_F(taint_src) diff --git a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_007_T.py b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_003_T.py similarity index 81% rename from sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_007_T.py rename to sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_003_T.py index 077b5dbf..bd114276 100644 --- a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_007_T.py +++ b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_003_T.py @@ -4,12 +4,12 @@ # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) # scene introduction = 列表->列表索引->扩展运算符 # level = 3 -# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_007_T +# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_003_T # evaluation information end import os -def spread_operator_no_solver_007_T(taint_src): +def spread_operator_no_solver_003_T(taint_src): foo = taint_src bar = "hello world" r1, r2, *rest = [123, 456, foo, bar] @@ -23,5 +23,5 @@ def taint_sink(o): # 示例调用 if __name__ == "__main__": taint_src = "taint_src_value" - spread_operator_no_solver_007_T(taint_src) + spread_operator_no_solver_003_T(taint_src) diff --git a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_008_F.py b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_004_F.py similarity index 81% rename from sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_008_F.py rename to sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_004_F.py index c00832e3..653c6af5 100644 --- a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_008_F.py +++ b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_004_F.py @@ -4,11 +4,11 @@ # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) # scene introduction = 列表->列表索引->扩展运算符 # level = 3 -# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_008_F +# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_004_F # evaluation information end import os -def spread_operator_no_solver_008_F(taint_src): +def spread_operator_no_solver_004_F(taint_src): foo = taint_src bar = "_" r1, r2, *rest = [123, 456, foo, bar] @@ -23,5 +23,5 @@ def taint_sink(o): # 示例调用 if __name__ == "__main__": taint_src = "taint_src_value" - spread_operator_no_solver_008_F(taint_src) + spread_operator_no_solver_004_F(taint_src) diff --git a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_005_T.py b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_001_T.py similarity index 86% rename from sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_005_T.py rename to sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_001_T.py index b14dfcbb..ca0a7480 100644 --- a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_005_T.py +++ b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_001_T.py @@ -4,14 +4,14 @@ # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值非数字的场景,能够区分不同索引上特定元素的状态(需要求解) # scene introduction = 数组->数组索引->需求解 # level = 4+ -# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_005_T +# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_001_T # evaluation information end import os import array -def array_solver_005_T(taint_src): +def array_solver_001_T(taint_src): # 将字符串拆分为单个字符存储(无法完整保留原始字符串为一个元素) char_array = array.array('u', taint_src) # 每个字符作为独立元素 # 创建包含其他元素的数组(需统一为字符类型) @@ -23,5 +23,5 @@ def taint_sink(o): if __name__ == "__main__": taint_src = "taint_src_value" - array_solver_005_T(taint_src) # 输出:_(仅第一个字符) + array_solver_001_T(taint_src) # 输出:_(仅第一个字符) diff --git a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_006_F.py b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_002_F.py similarity index 86% rename from sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_006_F.py rename to sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_002_F.py index fb60d863..aefdf2f9 100644 --- a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_006_F.py +++ b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_002_F.py @@ -4,14 +4,14 @@ # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值非数字的场景,能够区分不同索引上特定元素的状态(需要求解) # scene introduction = 数组->数组索引->需求解 # level = 4+ -# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_006_F +# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_002_F # evaluation information end import os import array -def array_solver_006_F(taint_src): +def array_solver_002_F(taint_src): # 将字符串拆分为单个字符存储(无法完整保留原始字符串为一个元素) char_array = array.array('u', taint_src) # 每个字符作为独立元素 # 创建包含其他元素的数组(需统一为字符类型) @@ -23,5 +23,5 @@ def taint_sink(o): if __name__ == "__main__": taint_src = "taint_src_value" - array_solver_006_F(taint_src) # 输出:_(仅第一个字符) + array_solver_002_F(taint_src) # 输出:_(仅第一个字符) diff --git a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_007_T.py b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_003_T.py similarity index 86% rename from sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_007_T.py rename to sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_003_T.py index 1565c164..685b4454 100644 --- a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_007_T.py +++ b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_003_T.py @@ -4,14 +4,14 @@ # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值非数字的场景,能够区分不同索引上特定元素的状态(需要求解) # scene introduction = 数组->数组索引->需求解 # level = 4+ -# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_007_T +# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_003_T # evaluation information end import os import array -def array_solver_007_T(taint_src): +def array_solver_003_T(taint_src): # 将字符串拆分为单个字符存储(无法完整保留原始字符串为一个元素) char_array = array.array('u', taint_src) # 每个字符作为独立元素 # 创建包含其他元素的数组(需统一为字符类型) @@ -26,5 +26,5 @@ def taint_sink(o): if __name__ == "__main__": taint_src = "taint_src_value" - array_solver_007_T(taint_src) # 输出:_(仅第一个字符) + array_solver_003_T(taint_src) # 输出:_(仅第一个字符) diff --git a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_008_F.py b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_004_F.py similarity index 86% rename from sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_008_F.py rename to sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_004_F.py index 556e9f89..e2ba1a18 100644 --- a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_008_F.py +++ b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_004_F.py @@ -4,14 +4,14 @@ # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值非数字的场景,能够区分不同索引上特定元素的状态(需要求解) # scene introduction = 数组->数组索引->需求解 # level = 4+ -# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_008_F +# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_004_F # evaluation information end import os import array -def array_solver_008_F(taint_src): +def array_solver_004_F(taint_src): # 将字符串拆分为单个字符存储(无法完整保留原始字符串为一个元素) char_array = array.array('u', taint_src) # 每个字符作为独立元素 # 创建包含其他元素的数组(需统一为字符类型) @@ -26,5 +26,5 @@ def taint_sink(o): if __name__ == "__main__": taint_src = "taint_src_value" - array_solver_008_F(taint_src) # 输出:_(仅第一个字符) + array_solver_004_F(taint_src) # 输出:_(仅第一个字符) diff --git a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/config.json b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/config.json index 3eaafc66..964172c2 100644 --- a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/config.json +++ b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/config.json @@ -7,19 +7,19 @@ "level": "4", "scene_list": [ { - "compose": "list_solver_013_T.py && !list_solver_014_F.py", + "compose": "list_solver_001_T.py && !list_solver_002_F.py", "scene": "列表->列表索引->需求解1" }, { - "compose": "list_solver_015_T.py && !list_solver_016_F.py", + "compose": "list_solver_003_T.py && !list_solver_004_F.py", "scene": "列表->列表索引->需求解2" }, { - "compose": "map_solver_005_T.py && !map_solver_006_F.py", + "compose": "map_solver_001_T.py && !map_solver_002_F.py", "scene": "字典->字典索引->需求解1" }, { - "compose": "map_solver_007_T.py && !map_solver_008_F.py", + "compose": "map_solver_003_T.py && !map_solver_004_F.py", "scene": "字典->字典索引->需求解2" } ] @@ -28,11 +28,11 @@ "level": "4+", "scene_list": [ { - "compose": "array_solver_005_T.py && !array_solver_006_F.py", + "compose": "array_solver_001_T.py && !array_solver_002_F.py", "scene": "数组->数组索引->需求解1" }, { - "compose": "array_solver_007_T.py && !array_solver_008_F.py", + "compose": "array_solver_003_T.py && !array_solver_004_F.py", "scene": "数组->数组索引->需求解2" } ] diff --git a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_013_T.py b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_001_T.py similarity index 84% rename from sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_013_T.py rename to sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_001_T.py index 36dcda64..de723cd4 100644 --- a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_013_T.py +++ b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_001_T.py @@ -4,12 +4,12 @@ # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值非数字的场景,能够区分不同索引上特定元素的状态(需要求解) # scene introduction = 列表->列表索引->需求解 # level = 4 -# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_013_T +# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_001_T # evaluation information end import os -def list_solver_013_T(taint_src): +def list_solver_001_T(taint_src): s = ["a", "b", taint_src, "c", "d"] taint_sink(s[1 + 1]) @@ -20,5 +20,5 @@ def taint_sink(o): # 示例调用 if __name__ == "__main__": taint_src = "taint_src_value" - list_solver_013_T(taint_src) + list_solver_001_T(taint_src) diff --git a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_014_F.py b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_002_F.py similarity index 84% rename from sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_014_F.py rename to sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_002_F.py index aaf47c0d..6bf2c6f5 100644 --- a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_014_F.py +++ b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_002_F.py @@ -4,12 +4,12 @@ # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值非数字的场景,能够区分不同索引上特定元素的状态(需要求解) # scene introduction = 列表->列表索引->需求解 # level = 4 -# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_014_F +# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_002_F # evaluation information end import os -def list_solver_014_F(taint_src): +def list_solver_002_F(taint_src): s = ["a", "b", taint_src, "c", "d"] taint_sink(s[1 + 2]) @@ -21,5 +21,5 @@ def taint_sink(o): # 示例调用 if __name__ == "__main__": taint_src = "taint_src_value" - list_solver_014_F(taint_src) + list_solver_002_F(taint_src) diff --git a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_015_T.py b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_003_T.py similarity index 82% rename from sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_015_T.py rename to sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_003_T.py index ea139c1d..d5d5481d 100644 --- a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_015_T.py +++ b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_003_T.py @@ -4,12 +4,12 @@ # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值非数字的场景,能够区分不同索引上特定元素的状态(需要求解) # scene introduction = 列表->列表索引->需求解 # level = 4 -# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_015_T +# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_003_T # evaluation information end import os -def list_solver_015_T(taint_src): +def list_solver_003_T(taint_src): s = ["a", "b", taint_src, "c", "d"] length = len(s) taint_sink(s[length - 3]) # 等价于索引2(污染) @@ -20,5 +20,5 @@ def taint_sink(o): if __name__ == "__main__": taint_src = "taint_src_value" - list_solver_015_T(taint_src) # 输出:taint_src_value + list_solver_003_T(taint_src) # 输出:taint_src_value diff --git a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_016_F.py b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_004_F.py similarity index 82% rename from sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_016_F.py rename to sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_004_F.py index 548844e0..f4e374c5 100644 --- a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_016_F.py +++ b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_004_F.py @@ -4,12 +4,12 @@ # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值非数字的场景,能够区分不同索引上特定元素的状态(需要求解) # scene introduction = 列表->列表索引->需求解 # level = 4 -# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_016_F +# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_004_F # evaluation information end import os -def list_solver_016_F(taint_src): +def list_solver_004_F(taint_src): s = ["a", "b", taint_src, "c", "d"] length = len(s) taint_sink(s[length - 2]) # 等价于索引3(未污染) @@ -20,5 +20,5 @@ def taint_sink(o): if __name__ == "__main__": taint_src = "taint_src_value" - list_solver_016_F(taint_src) # 输出:taint_src_value + list_solver_004_F(taint_src) # 输出:taint_src_value diff --git a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_005_T.py b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_001_T.py similarity index 84% rename from sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_005_T.py rename to sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_001_T.py index cba20c3c..3c4311ba 100644 --- a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_005_T.py +++ b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_001_T.py @@ -4,13 +4,13 @@ # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值非数字的场景,能够区分不同索引上特定元素的状态(需要求解) # scene introduction = 字典->字典索引->需求解 # level = 4 -# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_005_T +# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_001_T # evaluation information end import os -def map_solver_005_T(taint_src): +def map_solver_001_T(taint_src): d = { 0: "a", 1: "b", @@ -27,5 +27,5 @@ def taint_sink(o): if __name__ == "__main__": taint_src = "taint_src_value" - map_solver_005_T(taint_src) # 调用函数并传入字符串作为污染源 + map_solver_001_T(taint_src) # 调用函数并传入字符串作为污染源 diff --git a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_006_F.py b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_002_F.py similarity index 84% rename from sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_006_F.py rename to sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_002_F.py index 2034123a..b9b6fa2b 100644 --- a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_006_F.py +++ b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_002_F.py @@ -4,13 +4,13 @@ # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值非数字的场景,能够区分不同索引上特定元素的状态(需要求解) # scene introduction = 字典->字典索引->需求解 # level = 4 -# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_006_F +# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_002_F # evaluation information end import os -def map_solver_006_F(taint_src): +def map_solver_002_F(taint_src): d = { 0: "a", 1: "b", @@ -26,6 +26,6 @@ def taint_sink(o): if __name__ == "__main__": taint_src = "taint_src_value" - map_solver_006_F(taint_src) # 调用函数并传入字符串作为污染源 + map_solver_002_F(taint_src) # 调用函数并传入字符串作为污染源 diff --git a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_007_T.py b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_003_T.py similarity index 84% rename from sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_007_T.py rename to sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_003_T.py index c6d6f86f..9fb3bd8f 100644 --- a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_007_T.py +++ b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_003_T.py @@ -4,13 +4,13 @@ # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值非数字的场景,能够区分不同索引上特定元素的状态(需要求解) # scene introduction = 字典->字典索引->需求解 # level = 4 -# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_007_T +# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_003_T # evaluation information end import os -def map_solver_007_T(taint_src): +def map_solver_003_T(taint_src): d = { 0: "a", 1: "b", @@ -24,5 +24,5 @@ def taint_sink(o): if __name__ == "__main__": taint_src = "taint_src_value" - map_solver_007_T(taint_src) # 调用函数并传入字符串作为污染源 + map_solver_003_T(taint_src) # 调用函数并传入字符串作为污染源 diff --git a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_008_F.py b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_004_F.py similarity index 84% rename from sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_008_F.py rename to sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_004_F.py index 1440c6a2..3a053d05 100644 --- a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_008_F.py +++ b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_004_F.py @@ -4,13 +4,13 @@ # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值非数字的场景,能够区分不同索引上特定元素的状态(需要求解) # scene introduction = 字典->字典索引->需求解 # level = 4 -# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_008_F +# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_004_F # evaluation information end import os -def map_solver_008_F(taint_src): +def map_solver_004_F(taint_src): d = { 0: "a", 1: "b", @@ -26,5 +26,5 @@ def taint_sink(o): if __name__ == "__main__": taint_src = "taint_src_value" - map_solver_008_F(taint_src) # 调用函数并传入字符串作为污染源 + map_solver_004_F(taint_src) # 调用函数并传入字符串作为污染源 diff --git a/sast-python3/case/accuracy/flow_sensitive/asynchronous/asynchronous_chain_003_T.py b/sast-python3/case/accuracy/flow_sensitive/asynchronous/asynchronous_chain_001_T.py similarity index 88% rename from sast-python3/case/accuracy/flow_sensitive/asynchronous/asynchronous_chain_003_T.py rename to sast-python3/case/accuracy/flow_sensitive/asynchronous/asynchronous_chain_001_T.py index 95aec47c..9b7f33d5 100644 --- a/sast-python3/case/accuracy/flow_sensitive/asynchronous/asynchronous_chain_003_T.py +++ b/sast-python3/case/accuracy/flow_sensitive/asynchronous/asynchronous_chain_001_T.py @@ -4,12 +4,12 @@ # evaluation item = 准确度->流敏感分析->异步执行 # scene introduction = 异步函数链 # level = 4 -# bind_url = accuracy/flow_sensitive/asynchronous/asynchronous_chain_003_T +# bind_url = accuracy/flow_sensitive/asynchronous/asynchronous_chain_001_T # evaluation information end import os import asyncio -async def asynchronous_chain_003_T(taint_src): +async def asynchronous_chain_001_T(taint_src): data1 = await async_chain_step1(taint_src) data2 = await async_chain_step2(data1) taint_sink(data2) # 通过分支保留污点 @@ -28,7 +28,7 @@ def taint_sink(o): os.system(o) async def main(taint_src): - await asynchronous_chain_003_T(taint_src) + await asynchronous_chain_001_T(taint_src) if __name__ == "__main__": taint_src = "taint_src_value" diff --git a/sast-python3/case/accuracy/flow_sensitive/asynchronous/asynchronous_chain_004_F.py b/sast-python3/case/accuracy/flow_sensitive/asynchronous/asynchronous_chain_002_F.py similarity index 88% rename from sast-python3/case/accuracy/flow_sensitive/asynchronous/asynchronous_chain_004_F.py rename to sast-python3/case/accuracy/flow_sensitive/asynchronous/asynchronous_chain_002_F.py index e69dc993..00ee0144 100644 --- a/sast-python3/case/accuracy/flow_sensitive/asynchronous/asynchronous_chain_004_F.py +++ b/sast-python3/case/accuracy/flow_sensitive/asynchronous/asynchronous_chain_002_F.py @@ -4,12 +4,12 @@ # evaluation item = 准确度->流敏感分析->异步执行 # scene introduction = 异步函数链 # level = 4 -# bind_url = accuracy/flow_sensitive/asynchronous/asynchronous_chain_004_F +# bind_url = accuracy/flow_sensitive/asynchronous/asynchronous_chain_002_F # evaluation information end import os import asyncio -async def asynchronous_chain_004_F(taint_src): +async def asynchronous_chain_002_F(taint_src): data1 = await async_chain_step1(taint_src) data2 = await async_chain_step2(data1) # 所有分支均返回安全值 taint_sink(data2) # 未接收污点 @@ -28,7 +28,7 @@ def taint_sink(o): async def main(taint_src): - await asynchronous_chain_004_F(taint_src) + await asynchronous_chain_002_F(taint_src) if __name__ == "__main__": taint_src = "taint_src_value" diff --git a/sast-python3/case/accuracy/flow_sensitive/asynchronous/config.json b/sast-python3/case/accuracy/flow_sensitive/asynchronous/config.json index 56140a0e..d6b49b53 100644 --- a/sast-python3/case/accuracy/flow_sensitive/asynchronous/config.json +++ b/sast-python3/case/accuracy/flow_sensitive/asynchronous/config.json @@ -11,7 +11,7 @@ "scene": "异步执行-await" }, { - "compose": "asynchronous_chain_003_T.py && !asynchronous_chain_004_F.py", + "compose": "asynchronous_chain_001_T.py && !asynchronous_chain_002_F.py", "scene": "异步函数链" } ] diff --git a/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_007_F.py b/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_001_F.py similarity index 83% rename from sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_007_F.py rename to sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_001_F.py index d473e8ea..857b10e6 100644 --- a/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_007_F.py +++ b/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_001_F.py @@ -4,12 +4,12 @@ # evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 # scene introduction = 区分if else准入条件(不需求解)->if->区分分支 # level = 3 -# bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_007_F +# bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_001_F # evaluation information end import os -def conditional_if_007_F(taint_src): +def conditional_if_no_solver_001_F(taint_src): if True: res = taint_src else: @@ -24,5 +24,5 @@ def taint_sink(o): # 示例调用 if __name__ == "__main__": taint_src = "taint_src_value" - conditional_if_007_F(taint_src) + conditional_if_no_solver_001_F(taint_src) diff --git a/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_008_F.py b/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_002_F.py similarity index 83% rename from sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_008_F.py rename to sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_002_F.py index 329d5d49..4b4b5bc4 100644 --- a/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_008_F.py +++ b/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_002_F.py @@ -4,12 +4,12 @@ # evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 # scene introduction = 区分if else准入条件(不需求解)->if->区分分支 # level = 3 -# bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_008_F +# bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_002_F # evaluation information end import os -def conditional_if_008_F(taint_src): +def conditional_if_no_solver_002_F(taint_src): res = "" if True: taint_sink(res) @@ -25,5 +25,5 @@ def taint_sink(o): # 示例调用 if __name__ == "__main__": taint_src = "taint_src_value" - conditional_if_008_F(taint_src) + conditional_if_no_solver_002_F(taint_src) diff --git a/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_009_T.py b/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_003_T.py similarity index 84% rename from sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_009_T.py rename to sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_003_T.py index 97811c72..90aaa659 100644 --- a/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_009_T.py +++ b/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_003_T.py @@ -4,12 +4,12 @@ # evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 # scene introduction = 区分if else分支+准入条件(不需求解)->if->区分具体执行路径->不求解 # level = 3 -# bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_009_T +# bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_003_T # evaluation information end import os -def conditional_if_009_T(taint_src): +def conditional_if_no_solver_003_T(taint_src): res = "" if False: res = "_" @@ -26,5 +26,5 @@ def taint_sink(o): # 示例调用 if __name__ == "__main__": taint_src = "taint_src_value" - conditional_if_009_T(taint_src) + conditional_if_no_solver_003_T(taint_src) diff --git a/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_010_F.py b/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_004_F.py similarity index 84% rename from sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_010_F.py rename to sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_004_F.py index b3844801..9d115da5 100644 --- a/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_010_F.py +++ b/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_004_F.py @@ -4,12 +4,12 @@ # evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 # scene introduction = 区分if else分支+准入条件(不需求解)->if->区分具体执行路径->不求解 # level = 3 -# bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_010_F +# bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_004_F # evaluation information end import os -def conditional_if_010_F(taint_src): +def conditional_if_no_solver_004_F(taint_src): res = "" if True: res = "_" @@ -26,5 +26,5 @@ def taint_sink(o): # 示例调用 if __name__ == "__main__": taint_src = "taint_src_value" - conditional_if_010_F(taint_src) + conditional_if_no_solver_004_F(taint_src) diff --git a/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_match_003_F.py b/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_match_no_solver_001_F.py similarity index 84% rename from sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_match_003_F.py rename to sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_match_no_solver_001_F.py index 118dcbc1..fdde078f 100644 --- a/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_match_003_F.py +++ b/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_match_no_solver_001_F.py @@ -4,11 +4,11 @@ # evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 # scene introduction = 区分match准入条件(不需求解)->match->区分分支 # level = 3 -# bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_match_003_F +# bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_match_no_solver_001_F # evaluation information end import os -def conditional_match_003_F(taint_src): +def conditional_match_no_solver_001_F(taint_src): data = '' match 2: # 表达式固定为 2 case 1: # 不匹配 @@ -24,5 +24,5 @@ def taint_sink(o): # 示例调用 if __name__ == "__main__": taint_src = "taint_src_value" - conditional_match_003_F(taint_src) + conditional_match_no_solver_001_F(taint_src) diff --git a/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_match_004_F.py b/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_match_no_solver_002_F.py similarity index 85% rename from sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_match_004_F.py rename to sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_match_no_solver_002_F.py index 15a2096e..46bd2278 100644 --- a/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_match_004_F.py +++ b/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_match_no_solver_002_F.py @@ -4,12 +4,12 @@ # evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 # scene introduction = 区分match准入条件(不需求解)->match->区分分支 # level = 3 -# bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_match_004_F +# bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_match_no_solver_002_F # evaluation information end import os -def conditional_match_004_F(taint_src): +def conditional_match_no_solver_002_F(taint_src): data = '' match 2: # 表达式固定为 2 case 1: # 不匹配,不会执行 @@ -26,5 +26,5 @@ def taint_sink(o): # 示例调用 if __name__ == "__main__": taint_src = "taint_src_value" - conditional_match_004_F(taint_src) + conditional_match_no_solver_002_F(taint_src) diff --git a/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_match_005_F.py b/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_match_no_solver_003_F.py similarity index 86% rename from sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_match_005_F.py rename to sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_match_no_solver_003_F.py index bd2f0f1a..a23c7d00 100644 --- a/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_match_005_F.py +++ b/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_match_no_solver_003_F.py @@ -4,12 +4,12 @@ # evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 # scene introduction = 区分match准入条件(不需求解)>match->区分具体执行路径->不求解 # level = 3 -# bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_match_005_F +# bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_match_no_solver_003_F # evaluation information end import os -def conditional_match_005_F(taint_src): +def conditional_match_no_solver_003_F(taint_src): data = '' match 2: # 表达式固定为 2 case 1: # 不匹配,不会执行 @@ -26,5 +26,5 @@ def taint_sink(o): # 示例调用 if __name__ == "__main__": taint_src = "taint_src_value" - conditional_match_005_F(taint_src) + conditional_match_no_solver_003_F(taint_src) diff --git a/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_match_006_T.py b/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_match_no_solver_004_T.py similarity index 87% rename from sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_match_006_T.py rename to sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_match_no_solver_004_T.py index 5049c94f..970cc9fc 100644 --- a/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_match_006_T.py +++ b/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_match_no_solver_004_T.py @@ -4,12 +4,12 @@ # evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 # scene introduction = 区分match准入条件(不需求解)>match->区分具体执行路径->不求解 # level = 3 -# bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_match_006_T +# bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_match_no_solver_004_T # evaluation information end import os -def conditional_match_006_T(taint_src): +def conditional_match_no_solver_004_T(taint_src): data = '' match 2: # 表达式固定为 2 case 2: # 匹配,执行此分支 @@ -25,5 +25,5 @@ def taint_sink(o): # 示例调用 if __name__ == "__main__": taint_src = "taint_src_value" - conditional_match_006_T(taint_src) + conditional_match_no_solver_004_T(taint_src) diff --git a/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/config.json b/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/config.json index 816b84a8..8ec79b12 100644 --- a/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/config.json +++ b/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/config.json @@ -7,19 +7,19 @@ "level": "3", "scene_list": [ { - "compose": "!conditional_if_007_F.py && !conditional_if_008_F.py", + "compose": "!conditional_if_no_solver_001_F.py && !conditional_if_no_solver_002_F.py", "scene": "区分if else准入条件(不需求解)->if->区分分支" }, { - "compose": "conditional_if_009_T.py && !conditional_if_010_F.py", + "compose": "conditional_if_no_solver_003_T.py && !conditional_if_no_solver_004_F.py", "scene": "区分if else分支+准入条件(不需求解)->if->区分具体执行路径->不求解" }, { - "compose": "!conditional_match_003_F.py && !conditional_match_004_F.py", + "compose": "!conditional_match_no_solver_001_F.py && !conditional_match_no_solver_002_F.py", "scene": "区分match准入条件(不需求解)->match->区分分支" }, { - "compose": "!conditional_match_005_F.py && conditional_match_006_T.py", + "compose": "!conditional_match_no_solver_003_F.py && conditional_match_no_solver_004_T.py", "scene": "区分match准入条件(不需求解)>match->区分具体执行路径->不求解" } ] diff --git a/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_011_T.py b/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_solver_001_T.py similarity index 85% rename from sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_011_T.py rename to sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_solver_001_T.py index b919611b..2ed8d8ea 100644 --- a/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_011_T.py +++ b/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_solver_001_T.py @@ -4,12 +4,12 @@ # evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 # scene introduction = 区分if else分支+准入条件(需要求解)->if->区分具体执行路径->求解 # level = 4 -# bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_011_T +# bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_solver_001_T # evaluation information end import os -def conditional_if_011_T(taint_src): +def conditional_if_solver_001_T(taint_src): res = "" if 1 + 1 == 2: res = taint_src @@ -27,5 +27,5 @@ def taint_sink(o): # 示例调用 if __name__ == "__main__": taint_src = "taint_src_value" - conditional_if_011_T(taint_src) + conditional_if_solver_001_T(taint_src) diff --git a/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_012_F.py b/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_solver_002_F.py similarity index 85% rename from sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_012_F.py rename to sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_solver_002_F.py index b2805351..ef54b126 100644 --- a/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_012_F.py +++ b/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_solver_002_F.py @@ -4,12 +4,12 @@ # evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 # scene introduction = 区分if else分支+准入条件(需要求解)->if->区分具体执行路径->求解 # level = 4 -# bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_012_F +# bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_if_solver_002_F # evaluation information end import os -def conditional_if_012_F(taint_src): +def conditional_if_solver_002_F(taint_src): res = "" if 1 + 1 == 3: res = taint_src @@ -26,5 +26,5 @@ def taint_sink(o): # 示例调用 if __name__ == "__main__": taint_src = "taint_src_value" - conditional_if_012_F(taint_src) + conditional_if_solver_002_F(taint_src) diff --git a/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_match_007_F.py b/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_match_solver_001_F.py similarity index 86% rename from sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_match_007_F.py rename to sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_match_solver_001_F.py index 66f9c979..c46d5f44 100644 --- a/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_match_007_F.py +++ b/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_match_solver_001_F.py @@ -4,12 +4,12 @@ # evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 # scene introduction = 区分match准入条件(需要求解)->match->区分具体执行路径->求解 # level = 4 -# bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_match_007_F +# bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_match_solver_001_F # evaluation information end import os -def conditional_match_007_F(taint_src): +def conditional_match_solver_001_F(taint_src): data = '' match 1 + 1: # 计算表达式值为 2 case 1: # 与 2 不匹配,此分支不执行 @@ -26,5 +26,5 @@ def taint_sink(o): # 示例调用 if __name__ == "__main__": taint_src = "taint_src_value" - conditional_match_007_F(taint_src) + conditional_match_solver_001_F(taint_src) diff --git a/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_match_008_T.py b/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_match_solver_002_T.py similarity index 86% rename from sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_match_008_T.py rename to sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_match_solver_002_T.py index 59ac3c4d..96c366a7 100644 --- a/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_match_008_T.py +++ b/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_match_solver_002_T.py @@ -4,12 +4,12 @@ # evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 # scene introduction = 区分match准入条件(需要求解)->match->区分具体执行路径->求解 # level = 4 -# bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_match_008_T +# bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_match_solver_002_T # evaluation information end import os -def conditional_match_008_T(taint_src): +def conditional_match_solver_002_T(taint_src): data = '' match 1 + 1: # 表达式计算为 2 case 2: # 匹配成功,执行分支 @@ -24,5 +24,5 @@ def taint_sink(o): # 示例调用 if __name__ == "__main__": taint_src = "taint_src_value" - conditional_match_008_T(taint_src) + conditional_match_solver_002_T(taint_src) diff --git a/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/config.json b/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/config.json index bec96a59..0bc73b46 100644 --- a/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/config.json +++ b/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/config.json @@ -7,19 +7,19 @@ "level": "4", "scene_list": [ { - "compose": "conditional_if_011_T.py && !conditional_if_012_F.py", + "compose": "conditional_if_solver_001_T.py && !conditional_if_solver_002_F.py", "scene": "区分if else分支+准入条件(需要求解)->if->区分具体执行路径->求解" }, { - "compose": "!conditional_match_007_F.py && conditional_match_008_T.py", + "compose": "!conditional_match_solver_001_F.py && conditional_match_solver_002_T.py", "scene": "区分match准入条件(需要求解)->match->区分具体执行路径->求解" }, { - "compose": "for_body_004_T.py && !for_body_005_F.py", + "compose": "for_body_solver_001_T.py && !for_body_solver_002_F.py", "scene": "循环结构->for_body" }, { - "compose": "!while_body_005_F.py && while_body_006_T.py", + "compose": "!while_body_solver_001_F.py && while_body_solver_002_T.py", "scene": "循环结构->whileElse" } ] diff --git a/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_004_T.py b/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_solver_001_T.py similarity index 86% rename from sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_004_T.py rename to sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_solver_001_T.py index 7cdb8546..81068778 100644 --- a/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_004_T.py +++ b/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_solver_001_T.py @@ -4,12 +4,12 @@ # evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 # scene introduction = 循环结构->for_body # level = 4 -# bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_004_T +# bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_solver_001_T # evaluation information end import os -def for_body_004_T(taint_src): +def for_body_solver_001_T(taint_src): res = None for i in range(2): res = taint_src @@ -22,5 +22,5 @@ def taint_sink(o): # 示例调用 if __name__ == "__main__": taint_src = "taint_src_value" - for_body_004_T(taint_src) + for_body_solver_001_T(taint_src) diff --git a/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_005_F.py b/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_solver_002_F.py similarity index 89% rename from sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_005_F.py rename to sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_solver_002_F.py index cde58983..3a02edd3 100644 --- a/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_005_F.py +++ b/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_solver_002_F.py @@ -4,12 +4,12 @@ # evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 # scene introduction = 循环结构->for_body # level = 4 -# bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_005_F +# bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/for_body_solver_002_F # evaluation information end import os -def for_body_005_F(taint_src): +def for_body_solver_002_F(taint_src): res = None # 初始化变量(避免未定义错误) for i in range(0): # 循环条件不满足,循环体不会执行 res = taint_src # 这一行永远不会执行 @@ -24,5 +24,5 @@ def taint_sink(o): # 示例调用 if __name__ == "__main__": taint_src = "taint_src_value" - for_body_005_F(taint_src) + for_body_solver_002_F(taint_src) diff --git a/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_005_F.py b/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_solver_001_F.py similarity index 86% rename from sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_005_F.py rename to sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_solver_001_F.py index 9b829485..9b8d9b87 100644 --- a/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_005_F.py +++ b/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_solver_001_F.py @@ -4,13 +4,13 @@ # evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 # scene introduction = 循环结构->whileElse # level = 4 -# bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_005_F +# bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_solver_001_F # evaluation information end import os -def while_body_005_F(taint_src): +def while_body_solver_001_F(taint_src): i = 7 res = "_" while i < 3: @@ -27,4 +27,4 @@ def taint_sink(o): if __name__ == "__main__": taint_src = "taint_src_value" - while_body_005_F(taint_src) + while_body_solver_001_F(taint_src) diff --git a/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_006_T.py b/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_solver_002_T.py similarity index 86% rename from sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_006_T.py rename to sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_solver_002_T.py index 4e735419..89112424 100644 --- a/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_006_T.py +++ b/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_solver_002_T.py @@ -4,13 +4,13 @@ # evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 # scene introduction = 循环结构->whileElse # level = 4 -# bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_006_T +# bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_solver_002_T # evaluation information end import os -def while_body_006_T(taint_src): +def while_body_solver_002_T(taint_src): i = 7 res = taint_src while i < 3: @@ -27,4 +27,4 @@ def taint_sink(o): if __name__ == "__main__": taint_src = "taint_src_value" - while_body_006_T(taint_src) + while_body_solver_002_T(taint_src) diff --git a/sast-python3/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_005_T.py b/sast-python3/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_005_T.py index 8326c1d6..2f402683 100644 --- a/sast-python3/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_005_T.py +++ b/sast-python3/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_005_T.py @@ -11,15 +11,14 @@ def dynamic_call_reflect_005_T(taint_src): class Obj: - def __init__(self, data): - self.data = data - self.data1 = 'aaa' + def __init__(self): + self.data = 'aaa' - obj = Obj(taint_src) + obj = Obj() - del obj.data1 - - taint_sink(obj.data) + delattr(obj, 'data') + setattr(obj, 'data', taint_src) + taint_sink(getattr(obj, 'data')) def taint_sink(o): diff --git a/sast-python3/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_006_F.py b/sast-python3/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_006_F.py index 8b958920..034c6b8d 100644 --- a/sast-python3/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_006_F.py +++ b/sast-python3/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_006_F.py @@ -11,15 +11,14 @@ def dynamic_call_reflect_006_F(taint_src): class Obj: - def __init__(self, data): - self.data = data - self.data1 = 'aaa' + def __init__(self,value): + self.data = value obj = Obj(taint_src) - del obj.data - - taint_sink(obj.data1) + delattr(obj, 'data') + setattr(obj, 'data', "aa") + taint_sink(getattr(obj, 'data')) def taint_sink(o): diff --git a/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_005_T.py b/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_005_T.py index b8521496..e52bab66 100644 --- a/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_005_T.py +++ b/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_005_T.py @@ -13,16 +13,16 @@ def conditional_match_005_T(taint_src): value = taint_src match value: - case [x, y] as pair: + case str() as pair: taint_sink(pair) case _ as default: taint_sink(default) def taint_sink(o): - os.system(str(o)) + os.system(o) if __name__ == "__main__": - taint_src = ["__taint_src_value1", "__taint_src_value2"] # 示例输入,可以是列表、字典或任何其他类型 + taint_src = "taint_src_value" # 示例输入,可以是列表、字典或任何其他类型 conditional_match_005_T(taint_src) diff --git a/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_006_F.py b/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_006_F.py index b9d04820..5d7cc90b 100644 --- a/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_006_F.py +++ b/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_006_F.py @@ -11,18 +11,18 @@ def conditional_match_006_F(taint_src): - value = ["1", "2"] + value = "aa" match value: - case [x, y] as pair: + case str() as pair: taint_sink(pair) case _ as default: taint_sink(default) def taint_sink(o): - os.system(str(o)) + os.system(o) if __name__ == "__main__": - taint_src = ["__taint_src_value1", "__taint_src_value2"] # 示例输入,可以是列表、字典或任何其他类型 + taint_src = "taint_src_value" # 示例输入,可以是列表、字典或任何其他类型 conditional_match_006_F(taint_src) diff --git a/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_007_T.py b/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_007_T.py index 960cba8d..5c3abd65 100644 --- a/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_007_T.py +++ b/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_007_T.py @@ -2,27 +2,26 @@ # evaluation information start # real case = true # evaluation item = 完整度->单应用跟踪完整度->流程控制语句->条件语句 -# scene introduction = match_sequence +# scene introduction = match # level = 2 # bind_url = completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_007_T # evaluation information end - import os - def conditional_match_007_T(taint_src): - value = taint_src - match value: - case (a, b, *rest) as full_tuple: - taint_sink(full_tuple) - case _ as default: - taint_sink(default) - + x = True # 定义一个布尔值 + match x: + case True: # 匹配 True + taint_sink(taint_src) + case False: # 匹配 False + taint_sink(taint_src) + case None: # 匹配 None + taint_sink("_") def taint_sink(o): - os.system(str(o)) - + os.system(o) if __name__ == "__main__": - taint_src = (1, 2, 3, 4) # 示例输入,可以是一个元组 + taint_src = "taint_src_value" conditional_match_007_T(taint_src) + diff --git a/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_008_F.py b/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_008_F.py index 59744953..9bdf3c2d 100644 --- a/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_008_F.py +++ b/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_008_F.py @@ -2,27 +2,26 @@ # evaluation information start # real case = false # evaluation item = 完整度->单应用跟踪完整度->流程控制语句->条件语句 -# scene introduction = match_sequence +# scene introduction = match # level = 2 # bind_url = completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_008_F # evaluation information end - import os - def conditional_match_008_F(taint_src): - value = (5, 6, 7, 8) - match value: - case (a, b, *rest) as full_tuple: - taint_sink(full_tuple) - case _ as default: - taint_sink(default) - + x = None # 定义一个布尔值 + match x: + case True: # 匹配 True + taint_sink(taint_src) + case False: # 匹配 False + taint_sink(taint_src) + case None: # 匹配 None + taint_sink("_") def taint_sink(o): - os.system(str(o)) - + os.system(o) if __name__ == "__main__": - taint_src = (1, 2, 3, 4) # 示例输入,可以是一个元组 + taint_src = "taint_src_value" conditional_match_008_F(taint_src) + diff --git a/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_009_T.py b/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_009_T.py deleted file mode 100644 index b24b9440..00000000 --- a/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_009_T.py +++ /dev/null @@ -1,27 +0,0 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->流程控制语句->条件语句 -# scene introduction = match -# level = 2 -# bind_url = completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_009_T -# evaluation information end -import os - -def conditional_match_009_T(taint_src): - x = True # 定义一个布尔值 - match x: - case True: # 匹配 True - taint_sink(taint_src) - case False: # 匹配 False - taint_sink(taint_src) - case None: # 匹配 None - taint_sink("_") - -def taint_sink(o): - os.system(o) - -if __name__ == "__main__": - taint_src = "taint_src_value" - conditional_match_009_T(taint_src) - diff --git a/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_010_F.py b/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_010_F.py deleted file mode 100644 index c9a3e013..00000000 --- a/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_010_F.py +++ /dev/null @@ -1,27 +0,0 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->流程控制语句->条件语句 -# scene introduction = match -# level = 2 -# bind_url = completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_010_F -# evaluation information end -import os - -def conditional_match_010_F(taint_src): - x = None # 定义一个布尔值 - match x: - case True: # 匹配 True - taint_sink(taint_src) - case False: # 匹配 False - taint_sink(taint_src) - case None: # 匹配 None - taint_sink("_") - -def taint_sink(o): - os.system(o) - -if __name__ == "__main__": - taint_src = "taint_src_value" - conditional_match_010_F(taint_src) - diff --git a/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/config.json b/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/config.json index 2cfd992b..62733bbf 100644 --- a/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/config.json +++ b/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/config.json @@ -28,10 +28,6 @@ }, { "compose": "conditional_match_007_T.py && !conditional_match_008_F.py", - "scene": "match_sequence" - }, - { - "compose": "conditional_match_009_T.py && !conditional_match_010_F.py", "scene": "match2" }, { diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/config.json b/sast-python3/case/completeness/single_app_tracing/datatype/list/config.json index 6d9aa56d..9595fa87 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/list/config.json +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/config.json @@ -19,11 +19,11 @@ "scene": "append操作" }, { - "compose": "list_009_T.py && !list_010_F.py", + "compose": "list_007_T.py && !list_008_F.py", "scene": "泛型容器类型" }, { - "compose": "list_011_T.py && !list_012_F.py", + "compose": "list_009_T.py && !list_010_F.py", "scene": "泛型序列" } ] diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_011_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_007_T.py similarity index 51% rename from sast-python3/case/completeness/single_app_tracing/datatype/list/list_011_T.py rename to sast-python3/case/completeness/single_app_tracing/datatype/list/list_007_T.py index b3cb7d1e..904f1d30 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_011_T.py +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_007_T.py @@ -2,26 +2,23 @@ # evaluation information start # real case = true # evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->列表 -# scene introduction = 泛型序列 +# scene introduction = 泛型容器类型 # level = 2 -# bind_url = completeness/single_app_tracing/datatype/list/list_011_T +# bind_url = completeness/single_app_tracing/datatype/list/list_007_T # evaluation information end import os -from typing import Sequence - -def list_011_T(taint_src): - # 使用 Sequence 注解 - def process_items(items: Sequence[str]) -> None: - taint_sink(items[0]) - - fruits = [taint_src, "banana", "cherry"] - process_items(fruits) +from typing import List +#泛型类型是一种特殊的类型注解,它允许你在定义容器时指定容器内元素的类型。 +def list_007_T(taint_src): + # 泛型类型注解,list容器中定义的内容必须是str + l: List[str] = [taint_src,"_"] + taint_sink(l[0]) def taint_sink(o): os.system(o) if __name__ == "__main__": taint_src = "taint_src_value" - list_011_T(taint_src) + list_007_T(taint_src) diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_012_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_008_F.py similarity index 51% rename from sast-python3/case/completeness/single_app_tracing/datatype/list/list_012_F.py rename to sast-python3/case/completeness/single_app_tracing/datatype/list/list_008_F.py index 953791f6..f8830d58 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_012_F.py +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_008_F.py @@ -2,26 +2,23 @@ # evaluation information start # real case = false # evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->列表 -# scene introduction = 泛型序列 +# scene introduction = 泛型容器类型 # level = 2 -# bind_url = completeness/single_app_tracing/datatype/list/list_012_F +# bind_url = completeness/single_app_tracing/datatype/list/list_008_F # evaluation information end import os -from typing import Sequence - -def list_012_F(taint_src): - # 使用 Sequence 注解 - def process_items(items: Sequence[str]) -> None: - taint_sink(items[1]) - - fruits = [taint_src, "banana", "cherry"] - process_items(fruits) +from typing import List +#泛型类型是一种特殊的类型注解,它允许你在定义容器时指定容器内元素的类型。 +def list_008_F(taint_src): + # 泛型类型注解,list容器中定义的内容必须是str + l: List[str] = [taint_src,"_"] + taint_sink(l[1]) def taint_sink(o): os.system(o) if __name__ == "__main__": taint_src = "taint_src_value" - list_012_F(taint_src) + list_008_F(taint_src) diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_009_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_009_T.py index 9eee76b9..3943015f 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_009_T.py +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_009_T.py @@ -2,19 +2,22 @@ # evaluation information start # real case = true # evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->列表 -# scene introduction = 泛型容器类型 +# scene introduction = 泛型序列 # level = 2 # bind_url = completeness/single_app_tracing/datatype/list/list_009_T # evaluation information end import os -from typing import List -#泛型类型是一种特殊的类型注解,它允许你在定义容器时指定容器内元素的类型。 +from typing import Sequence def list_009_T(taint_src): - # 泛型类型注解,list容器中定义的内容必须是str - l: List[str] = [taint_src,"_"] - taint_sink(l[0]) + # 使用 Sequence 注解 + def process_items(items: Sequence[str]) -> None: + taint_sink(items[0]) + + fruits = [taint_src, "banana", "cherry"] + process_items(fruits) + def taint_sink(o): os.system(o) diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_010_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_010_F.py index 618bf6b6..8bd95b7e 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_010_F.py +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_010_F.py @@ -2,19 +2,22 @@ # evaluation information start # real case = false # evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->列表 -# scene introduction = 泛型容器类型 +# scene introduction = 泛型序列 # level = 2 # bind_url = completeness/single_app_tracing/datatype/list/list_010_F # evaluation information end import os -from typing import List -#泛型类型是一种特殊的类型注解,它允许你在定义容器时指定容器内元素的类型。 +from typing import Sequence def list_010_F(taint_src): - # 泛型类型注解,list容器中定义的内容必须是str - l: List[str] = [taint_src,"_"] - taint_sink(l[1]) + # 使用 Sequence 注解 + def process_items(items: Sequence[str]) -> None: + taint_sink(items[1]) + + fruits = [taint_src, "banana", "cherry"] + process_items(fruits) + def taint_sink(o): os.system(o) diff --git a/sast-python3/case/completeness/single_app_tracing/expression/conditional_expression/logical_and_001_T.py b/sast-python3/case/completeness/single_app_tracing/expression/conditional_expression/logical_and_001_T.py index f01078c9..d506120b 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/conditional_expression/logical_and_001_T.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/conditional_expression/logical_and_001_T.py @@ -10,11 +10,11 @@ # ? def logical_and_001_T(taint_src): - result = taint_src.startswith("t") and taint_src.endswith("e") # 污点通过AND条件传递 + result = taint_src.startswith("t") and taint_src # 污点通过AND条件传递 taint_sink(result) def taint_sink(o): - os.system(str(o)) + os.system(o) if __name__ == "__main__": diff --git a/sast-python3/case/completeness/single_app_tracing/expression/conditional_expression/logical_and_002_F.py b/sast-python3/case/completeness/single_app_tracing/expression/conditional_expression/logical_and_002_F.py index a41e36bf..ce9f922a 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/conditional_expression/logical_and_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/conditional_expression/logical_and_002_F.py @@ -10,11 +10,11 @@ def logical_and_002_F(taint_src): - result = taint_src.startswith("t") and taint_src.endswith("t") # 污点通过AND条件传递 + result = taint_src.startswith("t") and "aa" # 污点通过AND条件传递 taint_sink(result) def taint_sink(o): - os.system(str(o)) + os.system(o) if __name__ == "__main__": diff --git a/sast-python3/case/completeness/single_app_tracing/expression/conditional_expression/logical_or_001_T.py b/sast-python3/case/completeness/single_app_tracing/expression/conditional_expression/logical_or_001_T.py index b589e6b1..cedfd70d 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/conditional_expression/logical_or_001_T.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/conditional_expression/logical_or_001_T.py @@ -10,11 +10,11 @@ # ? def logical_or_001_T(taint_src): - result = taint_src == "taint_src_value" or taint_src.endswith("_") # 污点通过OR条件传递 + result = taint_src != "taint_src_value" or taint_src # 污点通过OR条件传递 taint_sink(result) def taint_sink(o): - os.system(str(o)) + os.system(o) if __name__ == "__main__": diff --git a/sast-python3/case/completeness/single_app_tracing/expression/conditional_expression/logical_or_002_F.py b/sast-python3/case/completeness/single_app_tracing/expression/conditional_expression/logical_or_002_F.py index 7750e450..9843bf64 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/conditional_expression/logical_or_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/conditional_expression/logical_or_002_F.py @@ -10,11 +10,11 @@ def logical_or_002_F(taint_src): - result = taint_src == "taint_src" or taint_src.endswith("_") # 污点通过OR条件传递 + result = taint_src != "taint_src_value" or "aa" # 污点通过OR条件传递 taint_sink(result) def taint_sink(o): - os.system(str(o)) + os.system(o) if __name__ == "__main__": diff --git a/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/config.json b/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/config.json index f21d3081..79def60c 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/config.json +++ b/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/config.json @@ -8,10 +8,6 @@ "scene_list": [ { "compose": "lambda_expression_001_T.py && !lambda_expression_002_F.py", - "scene": "1" - }, - { - "compose": "lambda_expression_003_T.py && !lambda_expression_004_F.py", "scene": "lambda关键字" } ] diff --git a/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/lambda_expression_001_T.py b/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/lambda_expression_001_T.py index f3cdf9ae..81e940be 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/lambda_expression_001_T.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/lambda_expression_001_T.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 完整度->单应用跟踪完整度->表达式->Lambda表达式 -# scene introduction = +# scene introduction = lambda关键字 # level = 2 # bind_url = completeness/single_app_tracing/expression/lambda_expression/lambda_expression_001_T # evaluation information end @@ -10,17 +10,22 @@ def lambda_expression_001_T(taint_src): + # 初始化结果变量 result = '' - def lambda_func(a): return a + + # 使用 lambda 创建一个匿名函数,该函数接收一个参数并返回相同的参数 + lambda_func = lambda a: a + + # 调用 lambda 函数并将结果赋值给 result 变量 result = lambda_func(taint_src) + + # 将结果传递给污染接收函数 taint_sink(result) - def taint_sink(o): - os.system(o) - + os.system(o) -if __name__ == '__main__': +if __name__ == "__main__": taint_src = "taint_src_value" - lambda_expression_001_T(taint_src) + lambda_expression_001_T(taint_src) # 调用函数,传入污染源值 taint_src diff --git a/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/lambda_expression_002_F.py b/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/lambda_expression_002_F.py index 2ea25a0d..0126f319 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/lambda_expression_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/lambda_expression_002_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->Lambda表达式 -# scene introduction = +# scene introduction = lambda关键字 # level = 2 # bind_url = completeness/single_app_tracing/expression/lambda_expression/lambda_expression_002_F # evaluation information end @@ -10,17 +10,22 @@ def lambda_expression_002_F(taint_src): + # 初始化结果变量 result = '' - def lambda_func(a): return '_' + + # 使用 lambda 创建一个匿名函数,该函数接收一个参数并返回相同的参数 + lambda_func = lambda a: "_" + + # 调用 lambda 函数并将结果赋值给 result 变量 result = lambda_func(taint_src) + + # 将结果传递给污染接收函数 taint_sink(result) - def taint_sink(o): - os.system(o) - + os.system(o) -if __name__ == '__main__': +if __name__ == "__main__": taint_src = "taint_src_value" - lambda_expression_002_F(taint_src) + lambda_expression_002_F(taint_src) # 调用函数,传入污染源值 taint_src diff --git a/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/lambda_expression_003_T.py b/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/lambda_expression_003_T.py deleted file mode 100644 index b5a81de1..00000000 --- a/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/lambda_expression_003_T.py +++ /dev/null @@ -1,31 +0,0 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->表达式->Lambda表达式 -# scene introduction = lambda关键字 -# level = 2 -# bind_url = completeness/single_app_tracing/expression/lambda_expression/lambda_expression_003_T -# evaluation information end -import os - - -def lambda_expression_003_T(taint_src): - # 初始化结果变量 - result = '' - - # 使用 lambda 创建一个匿名函数,该函数接收一个参数并返回相同的参数 - lambda_func = lambda a: a - - # 调用 lambda 函数并将结果赋值给 result 变量 - result = lambda_func(taint_src) - - # 将结果传递给污染接收函数 - taint_sink(result) - -def taint_sink(o): - os.system(o) - -if __name__ == "__main__": - taint_src = "taint_src_value" - lambda_expression_003_T(taint_src) # 调用函数,传入污染源值 taint_src - diff --git a/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/lambda_expression_004_F.py b/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/lambda_expression_004_F.py deleted file mode 100644 index 124bb7a3..00000000 --- a/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/lambda_expression_004_F.py +++ /dev/null @@ -1,31 +0,0 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 完整度->单应用跟踪完整度->表达式->Lambda表达式 -# scene introduction = lambda关键字 -# level = 2 -# bind_url = completeness/single_app_tracing/expression/lambda_expression/lambda_expression_004_F -# evaluation information end -import os - - -def lambda_expression_004_F(taint_src): - # 初始化结果变量 - result = '' - - # 使用 lambda 创建一个匿名函数,该函数接收一个参数并返回相同的参数 - lambda_func = lambda a: "_" - - # 调用 lambda 函数并将结果赋值给 result 变量 - result = lambda_func(taint_src) - - # 将结果传递给污染接收函数 - taint_sink(result) - -def taint_sink(o): - os.system(o) - -if __name__ == "__main__": - taint_src = "taint_src_value" - lambda_expression_004_F(taint_src) # 调用函数,传入污染源值 taint_src - diff --git a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/config.json b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/config.json index 7f20e447..0472b23a 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/config.json +++ b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/config.json @@ -28,14 +28,6 @@ }, { "compose": "del_expression_007_T.py && !del_expression_008_F.py", - "scene": "del运算符->单个变量" - }, - { - "compose": "del_expression_009_T.py && !del_expression_010_F.py", - "scene": "del运算符->多个变量" - }, - { - "compose": "del_expression_011_T.py && !del_expression_012_F.py", "scene": "del运算符->切片" }, { diff --git a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_007_T.py b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_007_T.py index ff5f3107..f847fdfe 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_007_T.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_007_T.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -# scene introduction = del运算符->单个变量 +# scene introduction = del运算符->切片 # level = 2+ # bind_url = completeness/single_app_tracing/expression/special_expression/del_expression_007_T # evaluation information end @@ -11,10 +11,9 @@ def del_expression_007_T(taint_src): - a = taint_src # 将 taint_src 的值赋给变量 a - b = "bbb" - del b # 删除变量 a - taint_sink(a) # 尝试访问已删除的变量 a + lst = [taint_src, "b", "c", "d"] # 初始化列表,包含 __taint_src 的值 + del lst[1:3] # 删除列表的切片 + taint_sink(lst) # 将修改后的列表传递给 sink 点 def taint_sink(o): diff --git a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_008_F.py b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_008_F.py index a7597783..6f389dad 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_008_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_008_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -# scene introduction = del运算符->单个变量 +# scene introduction = del运算符->切片 # level = 2+ # bind_url = completeness/single_app_tracing/expression/special_expression/del_expression_008_F # evaluation information end @@ -11,10 +11,9 @@ def del_expression_008_F(taint_src): - a = taint_src # 将 taint_src 的值赋给变量 a - b = "bbb" - del a # 删除变量 a - taint_sink(b) # 尝试访问已删除的变量 a + lst = [taint_src, "b", "c", "d"] # 初始化列表,包含 __taint_src 的值 + del lst[0:1] # 删除列表的切片 + taint_sink(lst) # 将修改后的列表传递给 sink 点 def taint_sink(o): diff --git a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_009_T.py b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_009_T.py deleted file mode 100644 index e47c1044..00000000 --- a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_009_T.py +++ /dev/null @@ -1,27 +0,0 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -# scene introduction = del运算符->多个变量 -# level = 2+ -# bind_url = completeness/single_app_tracing/expression/special_expression/del_expression_009_T -# evaluation information end -import os - - - -def del_expression_009_T(taint_src): - a = taint_src # 将taint_src 的值赋给变量 a - b = "bbb" - c = "ccc" - del b, c # 删除变量 a 和 b - taint_sink(a) # 尝试访问已删除的变量 a - - -def taint_sink(o): - os.system(str(o)) - - -if __name__ == '__main__': - taint_src = "taint_src_value" - del_expression_009_T(taint_src) diff --git a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_010_F.py b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_010_F.py deleted file mode 100644 index 38e30685..00000000 --- a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_010_F.py +++ /dev/null @@ -1,27 +0,0 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -# scene introduction = del运算符->多个变量 -# level = 2+ -# bind_url = completeness/single_app_tracing/expression/special_expression/del_expression_010_F -# evaluation information end -import os - - - -def del_expression_010_F(taint_src): - a = taint_src # 将taint_src 的值赋给变量 a - b = "bbb" - c = "ccc" - del a, c # 删除变量 a 和 b - taint_sink(b) # 尝试访问已删除的变量 a - - -def taint_sink(o): - os.system(str(o)) - - -if __name__ == '__main__': - taint_src = "taint_src_value" - del_expression_010_F(taint_src) diff --git a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_011_T.py b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_011_T.py deleted file mode 100644 index 2e348c94..00000000 --- a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_011_T.py +++ /dev/null @@ -1,25 +0,0 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -# scene introduction = del运算符->切片 -# level = 2+ -# bind_url = completeness/single_app_tracing/expression/special_expression/del_expression_011_T -# evaluation information end -import os - - - -def del_expression_011_T(taint_src): - lst = [taint_src, "b", "c", "d"] # 初始化列表,包含 __taint_src 的值 - del lst[1:3] # 删除列表的切片 - taint_sink(lst) # 将修改后的列表传递给 sink 点 - - -def taint_sink(o): - os.system(str(o)) - - -if __name__ == '__main__': - taint_src = "taint_src_value" - del_expression_011_T(taint_src) diff --git a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_012_F.py b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_012_F.py deleted file mode 100644 index c1b1dfe2..00000000 --- a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_012_F.py +++ /dev/null @@ -1,25 +0,0 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -# scene introduction = del运算符->切片 -# level = 2+ -# bind_url = completeness/single_app_tracing/expression/special_expression/del_expression_012_F -# evaluation information end -import os - - - -def del_expression_012_F(taint_src): - lst = [taint_src, "b", "c", "d"] # 初始化列表,包含 __taint_src 的值 - del lst[0:1] # 删除列表的切片 - taint_sink(lst) # 将修改后的列表传递给 sink 点 - - -def taint_sink(o): - os.system(str(o)) - - -if __name__ == '__main__': - taint_src = "taint_src_value" - del_expression_012_F(taint_src) diff --git a/sast-python3/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_011_F.py b/sast-python3/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_normal_value_001_F.py similarity index 78% rename from sast-python3/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_011_F.py rename to sast-python3/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_normal_value_001_F.py index 65880267..b0b18cc7 100644 --- a/sast-python3/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_011_F.py +++ b/sast-python3/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_normal_value_001_F.py @@ -4,12 +4,12 @@ # evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->参数传递 # scene introduction = 值传递嵌套函数 # level = 2 -# bind_url = completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_011_F +# bind_url = completeness/single_app_tracing/function_call/argument_passing/argument_passing_normal_value_001_F # evaluation information end import os -def argument_passing_value_011_F(taint_src): +def argument_passing_normal_value_001_F(taint_src): def outer(input): def inner(inner_input): taint_sink(inner_input) @@ -25,5 +25,5 @@ def taint_sink(o): if __name__ == '__main__': taint_src = "taint_src_value" - argument_passing_value_011_F(taint_src) + argument_passing_normal_value_001_F(taint_src) diff --git a/sast-python3/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_012_T.py b/sast-python3/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_normal_value_002_T.py similarity index 78% rename from sast-python3/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_012_T.py rename to sast-python3/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_normal_value_002_T.py index ab0ac884..d71da1af 100644 --- a/sast-python3/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_012_T.py +++ b/sast-python3/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_normal_value_002_T.py @@ -4,12 +4,12 @@ # evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->参数传递 # scene introduction = 值传递嵌套函数 # level = 2 -# bind_url = completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_012_T +# bind_url = completeness/single_app_tracing/function_call/argument_passing/argument_passing_normal_value_002_T # evaluation information end import os -def argument_passing_value_012_T(taint_src): +def argument_passing_normal_value_002_T(taint_src): def outer(input): def inner(inner_input): taint_sink(inner_input) @@ -25,5 +25,5 @@ def taint_sink(o): if __name__ == '__main__': taint_src = "taint_src_value" - argument_passing_value_012_T(taint_src) + argument_passing_normal_value_002_T(taint_src) diff --git a/sast-python3/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_013_T.py b/sast-python3/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_normal_value_003_T.py similarity index 76% rename from sast-python3/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_013_T.py rename to sast-python3/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_normal_value_003_T.py index 7c5f9333..40fb9f3b 100644 --- a/sast-python3/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_013_T.py +++ b/sast-python3/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_normal_value_003_T.py @@ -4,12 +4,12 @@ # evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->参数传递 # scene introduction = 类型注解 # level = 2 -# bind_url = completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_013_T +# bind_url = completeness/single_app_tracing/function_call/argument_passing/argument_passing_normal_value_003_T # evaluation information end import os -def argument_passing_value_013_T(taint_src: str): +def argument_passing_normal_value_003_T(taint_src: str): def process(arg1: str,arg2: str): taint_sink(arg1) @@ -22,4 +22,4 @@ def taint_sink(o: str): if __name__ == "__main__": taint_src = "taint_src_value" - argument_passing_value_013_T(taint_src) + argument_passing_normal_value_003_T(taint_src) diff --git a/sast-python3/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_014_F.py b/sast-python3/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_normal_value_004_F.py similarity index 76% rename from sast-python3/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_014_F.py rename to sast-python3/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_normal_value_004_F.py index 73c1f5fd..4423729f 100644 --- a/sast-python3/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_014_F.py +++ b/sast-python3/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_normal_value_004_F.py @@ -4,12 +4,12 @@ # evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->参数传递 # scene introduction = 类型注解 # level = 2 -# bind_url = completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_014_F +# bind_url = completeness/single_app_tracing/function_call/argument_passing/argument_passing_normal_value_004_F # evaluation information end import os -def argument_passing_value_014_F(taint_src: str): +def argument_passing_normal_value_004_F(taint_src: str): def process(arg1: str,arg2: str): taint_sink(arg2) @@ -22,4 +22,4 @@ def taint_sink(o: str): if __name__ == "__main__": taint_src = "taint_src_value" - argument_passing_value_014_F(taint_src) + argument_passing_normal_value_004_F(taint_src) diff --git a/sast-python3/case/completeness/single_app_tracing/function_call/argument_passing/config.json b/sast-python3/case/completeness/single_app_tracing/function_call/argument_passing/config.json index b3194491..e860980a 100644 --- a/sast-python3/case/completeness/single_app_tracing/function_call/argument_passing/config.json +++ b/sast-python3/case/completeness/single_app_tracing/function_call/argument_passing/config.json @@ -19,11 +19,11 @@ "scene": "引用传递map" }, { - "compose": "!argument_passing_value_011_F.py && argument_passing_value_012_T.py", + "compose": "!argument_passing_normal_value_001_F.py && argument_passing_normal_value_002_T.py", "scene": "值传递嵌套函数" }, { - "compose": "argument_passing_value_013_T.py && !argument_passing_value_014_F.py", + "compose": "argument_passing_normal_value_003_T.py && !argument_passing_normal_value_004_F.py", "scene": "类型注解" }, { diff --git a/sast-python3/case/completeness/single_app_tracing/function_call/return_value_passing/config.json b/sast-python3/case/completeness/single_app_tracing/function_call/return_value_passing/config.json index 9bc2408d..40c94574 100644 --- a/sast-python3/case/completeness/single_app_tracing/function_call/return_value_passing/config.json +++ b/sast-python3/case/completeness/single_app_tracing/function_call/return_value_passing/config.json @@ -7,15 +7,15 @@ "level": "2", "scene_list": [ { - "compose": "!return_value_passing_001_F.py && return_value_passing_002_T.py", + "compose": "!return_normal_value_passing_001_F.py && return_normal_value_passing_002_T.py", "scene": "普通" }, { - "compose": "!return_value_passing_003_F.py && return_value_passing_004_T.py", + "compose": "!return_normal_value_passing_003_F.py && return_normal_value_passing_004_T.py", "scene": "多层函数嵌套传递" }, { - "compose": "return_value_passing_005_T.py && !return_value_passing_006_F.py", + "compose": "return_normal_value_passing_005_T.py && !return_normal_value_passing_006_F.py", "scene": "类型注解" } ] diff --git a/sast-python3/case/completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_001_F.py b/sast-python3/case/completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_001_F.py similarity index 78% rename from sast-python3/case/completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_001_F.py rename to sast-python3/case/completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_001_F.py index 62fc8040..ed47f72d 100644 --- a/sast-python3/case/completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_001_F.py +++ b/sast-python3/case/completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_001_F.py @@ -4,12 +4,12 @@ # evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->返回值传递 # scene introduction = 普通 # level = 2 -# bind_url = completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_001_F +# bind_url = completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_001_F # evaluation information end import os -def return_value_passing_001_f(taint_src): +def return_normal_value_passing_001_f(taint_src): def process(src): return '_' # 直接返回传入的参数 @@ -23,5 +23,5 @@ def taint_sink(o): if __name__ == '__main__': taint_src = "taint_src_value" - return_value_passing_001_f(taint_src) + return_normal_value_passing_001_f(taint_src) diff --git a/sast-python3/case/completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_002_T.py b/sast-python3/case/completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_002_T.py similarity index 77% rename from sast-python3/case/completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_002_T.py rename to sast-python3/case/completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_002_T.py index 84408f43..92b083b3 100644 --- a/sast-python3/case/completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_002_T.py +++ b/sast-python3/case/completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_002_T.py @@ -4,12 +4,12 @@ # evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->返回值传递 # scene introduction = 普通 # level = 2 -# bind_url = completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_002_T +# bind_url = completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_002_T # evaluation information end import os -def return_value_passing_002_T(taint_src): +def return_normal_value_passing_002_T(taint_src): data = process(taint_src) taint_sink(data) @@ -24,5 +24,5 @@ def taint_sink(o): if __name__ == '__main__': taint_src = "taint_src_value" - return_value_passing_002_T(taint_src) + return_normal_value_passing_002_T(taint_src) diff --git a/sast-python3/case/completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_003_F.py b/sast-python3/case/completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_003_F.py similarity index 79% rename from sast-python3/case/completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_003_F.py rename to sast-python3/case/completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_003_F.py index 80ff9498..6e87c69f 100644 --- a/sast-python3/case/completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_003_F.py +++ b/sast-python3/case/completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_003_F.py @@ -4,11 +4,11 @@ # evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->返回值传递 # scene introduction = 多层函数嵌套传递 # level = 2 -# bind_url = completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_003_F +# bind_url = completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_003_F # evaluation information end import os -def return_value_passing_003_F(taint_src): +def return_normal_value_passing_003_F(taint_src): def inner1(b): return '_' @@ -23,5 +23,5 @@ def taint_sink(o): if __name__ == "__main__": taint_src = "taint_src_value" - return_value_passing_003_F(taint_src) + return_normal_value_passing_003_F(taint_src) diff --git a/sast-python3/case/completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_004_T.py b/sast-python3/case/completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_004_T.py similarity index 79% rename from sast-python3/case/completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_004_T.py rename to sast-python3/case/completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_004_T.py index f035a0e4..c10d1317 100644 --- a/sast-python3/case/completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_004_T.py +++ b/sast-python3/case/completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_004_T.py @@ -4,11 +4,11 @@ # evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->返回值传递 # scene introduction = 多层函数嵌套传递 # level = 2 -# bind_url = completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_004_T +# bind_url = completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_004_T # evaluation information end import os -def return_value_passing_004_T(taint_src): +def return_normal_value_passing_004_T(taint_src): def inner1(b): return b @@ -23,5 +23,5 @@ def taint_sink(o): if __name__ == "__main__": taint_src = "taint_src_value" - return_value_passing_004_T(taint_src) + return_normal_value_passing_004_T(taint_src) diff --git a/sast-python3/case/completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_005_T.py b/sast-python3/case/completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_005_T.py similarity index 81% rename from sast-python3/case/completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_005_T.py rename to sast-python3/case/completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_005_T.py index 5f6d6cae..0623560e 100644 --- a/sast-python3/case/completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_005_T.py +++ b/sast-python3/case/completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_005_T.py @@ -4,12 +4,12 @@ # evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->返回值传递 # scene introduction = 类型注解 # level = 2 -# bind_url = completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_005_T +# bind_url = completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_005_T # evaluation information end import os -def return_value_passing_005_T(taint_src): +def return_normal_value_passing_005_T(taint_src): #name形参规定必须接收一个字符串 函数返回值规定必须是一个字符串 def greeting(name: str) -> str: return 'Hello' + name @@ -24,4 +24,4 @@ def taint_sink(o): if __name__ == "__main__": taint_src = "taint_src_value" - return_value_passing_005_T(taint_src) + return_normal_value_passing_005_T(taint_src) diff --git a/sast-python3/case/completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_006_F.py b/sast-python3/case/completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_006_F.py similarity index 81% rename from sast-python3/case/completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_006_F.py rename to sast-python3/case/completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_006_F.py index 8178b1f0..7cced506 100644 --- a/sast-python3/case/completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_006_F.py +++ b/sast-python3/case/completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_006_F.py @@ -4,12 +4,12 @@ # evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->返回值传递 # scene introduction = 类型注解 # level = 2 -# bind_url = completeness/single_app_tracing/function_call/return_value_passing/return_value_passing_006_F +# bind_url = completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_006_F # evaluation information end import os -def return_value_passing_006_F(taint_src): +def return_normal_value_passing_006_F(taint_src): #name形参规定必须接收一个字符串 函数返回值规定必须是一个字符串 def greeting(name: str) -> str: return 'Hello' + "_" @@ -24,4 +24,4 @@ def taint_sink(o): if __name__ == "__main__": taint_src = "taint_src_value" - return_value_passing_006_F(taint_src) + return_normal_value_passing_006_F(taint_src) diff --git a/sast-python3/case/completeness/single_app_tracing/variable_scope/static_variable/config.json b/sast-python3/case/completeness/single_app_tracing/variable_scope/static_variable/config.json index 2389db0f..8292f8dc 100644 --- a/sast-python3/case/completeness/single_app_tracing/variable_scope/static_variable/config.json +++ b/sast-python3/case/completeness/single_app_tracing/variable_scope/static_variable/config.json @@ -7,7 +7,7 @@ "level": "2", "scene_list": [ { - "compose": "static_variable_005_T.py && !static_variable_006_F.py", + "compose": "static_variable_003_T.py && !static_variable_004_F.py", "scene": "继承覆盖" } ] diff --git a/sast-python3/case/completeness/single_app_tracing/variable_scope/static_variable/static_variable_005_T.py b/sast-python3/case/completeness/single_app_tracing/variable_scope/static_variable/static_variable_003_T.py similarity index 84% rename from sast-python3/case/completeness/single_app_tracing/variable_scope/static_variable/static_variable_005_T.py rename to sast-python3/case/completeness/single_app_tracing/variable_scope/static_variable/static_variable_003_T.py index 87301750..0ddcdecf 100644 --- a/sast-python3/case/completeness/single_app_tracing/variable_scope/static_variable/static_variable_005_T.py +++ b/sast-python3/case/completeness/single_app_tracing/variable_scope/static_variable/static_variable_003_T.py @@ -4,12 +4,12 @@ # evaluation item = 完整度->单应用跟踪完整度->变量作用域->静态变量 # scene introduction = 继承覆盖 # level = 2 -# bind_url = completeness/single_app_tracing/variable_scope/static_variable/static_variable_005_T +# bind_url = completeness/single_app_tracing/variable_scope/static_variable/static_variable_003_T # evaluation information end import os -def static_variable_005_T(taint_src): +def static_variable_003_T(taint_src): class Parent: static_data = "_" @@ -24,5 +24,5 @@ def taint_sink(o): if __name__ == "__main__": taint_src = "taint_src_value" - static_variable_005_T(taint_src) + static_variable_003_T(taint_src) diff --git a/sast-python3/case/completeness/single_app_tracing/variable_scope/static_variable/static_variable_006_F.py b/sast-python3/case/completeness/single_app_tracing/variable_scope/static_variable/static_variable_004_F.py similarity index 84% rename from sast-python3/case/completeness/single_app_tracing/variable_scope/static_variable/static_variable_006_F.py rename to sast-python3/case/completeness/single_app_tracing/variable_scope/static_variable/static_variable_004_F.py index 4fb341a3..42fff80f 100644 --- a/sast-python3/case/completeness/single_app_tracing/variable_scope/static_variable/static_variable_006_F.py +++ b/sast-python3/case/completeness/single_app_tracing/variable_scope/static_variable/static_variable_004_F.py @@ -4,12 +4,12 @@ # evaluation item = 完整度->单应用跟踪完整度->变量作用域->静态变量 # scene introduction = 继承覆盖 # level = 2 -# bind_url = completeness/single_app_tracing/variable_scope/static_variable/static_variable_006_F +# bind_url = completeness/single_app_tracing/variable_scope/static_variable/static_variable_004_F # evaluation information end import os -def static_variable_006_F(taint_src): +def static_variable_004_F(taint_src): class Parent: static_data = taint_src @@ -24,5 +24,5 @@ def taint_sink(o): if __name__ == "__main__": taint_src = "taint_src_value" - static_variable_006_F(taint_src) + static_variable_004_F(taint_src) diff --git a/tools/plugin/src/main/java/com/alipay/xast/score/BenchmarkScore.java b/tools/plugin/src/main/java/com/alipay/xast/score/BenchmarkScore.java index 9885564e..898274ae 100644 --- a/tools/plugin/src/main/java/com/alipay/xast/score/BenchmarkScore.java +++ b/tools/plugin/src/main/java/com/alipay/xast/score/BenchmarkScore.java @@ -1110,7 +1110,7 @@ private static Map> readExpectedResultsNew(String d (path, attr) -> attr.isRegularFile() //&& path.toString().contains("cases"), - && path.toString().contains("case") + && path.toString().contains("case") && !path.toString().contains("target") && containsToolPath(path.toString(),result), FileVisitOption.FOLLOW_LINKS)) { // 收集所有文件路径到一个 List 中