Skip to content

Commit ecb46a8

Browse files
alipaydeshuialipaydeshui
committed
性能靶场调整
1 parent 74510de commit ecb46a8

File tree

9 files changed

+2264
-801
lines changed

9 files changed

+2264
-801
lines changed

src/main/java/com/iast/astbenchmark/cases/AstPerfCase001.java

Lines changed: 36 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -4,14 +4,15 @@
44
import com.iast.astbenchmark.cases.bean.big.BigParamBean;
55
import com.iast.astbenchmark.cases.bean.big.BigSizeBean;
66
import com.iast.astbenchmark.common.CommonConsts;
7+
import com.iast.astbenchmark.common.longd.LongChainUtil;
78
import com.iast.astbenchmark.common.utils.MyCommonTestUtil;
9+
import com.iast.astbenchmark.common.utils.MyCommonTestUtil2;
810
import org.springframework.web.bind.annotation.PostMapping;
911
import org.springframework.web.bind.annotation.RequestBody;
1012
import org.springframework.web.bind.annotation.RequestParam;
1113
import org.springframework.web.bind.annotation.RestController;
1214

1315
import java.io.IOException;
14-
import java.lang.reflect.Method;
1516
import java.util.HashMap;
1617
import java.util.Map;
1718

@@ -29,7 +30,8 @@ public class AstPerfCase001 {
2930
@PostMapping("case99001")
3031
public Map<String,String> aTaintCase99001(@RequestParam String cmd) {
3132
Map res = Maps.newHashMap();
32-
res.put(cmd,cmd);
33+
new MyCommonTestUtil2().traceDeepth(cmd,10);
34+
res.put("status", CommonConsts.SUCCESS_STR);
3335
return res;
3436
}
3537

@@ -44,8 +46,7 @@ public Map<String,String> aTaintCase99002(@RequestParam String cmd) {
4446
return modelMap;
4547
}
4648
try {
47-
/** 递归10次*/
48-
cmd = MyCommonTestUtil.traceDeepth(cmd, 0, 10);
49+
new MyCommonTestUtil2().traceDeepth(cmd,10);
4950
Runtime.getRuntime().exec(cmd);
5051
modelMap.put("status", CommonConsts.SUCCESS_STR);
5152
} catch (IOException e) {
@@ -55,7 +56,7 @@ public Map<String,String> aTaintCase99002(@RequestParam String cmd) {
5556
}
5657

5758
/**
58-
* 超长调用链路(污点链路长度200)有漏洞场景
59+
* 超长调用链路(污点调用链路长度50)有漏洞场景 递归
5960
*/
6061
@PostMapping("case99003")
6162
public Map<String,String> aTaintCase99003(@RequestParam String cmd) {
@@ -65,8 +66,27 @@ public Map<String,String> aTaintCase99003(@RequestParam String cmd) {
6566
return modelMap;
6667
}
6768
try {
68-
/** 递归1000次*/
69-
cmd = MyCommonTestUtil.traceDeepth(cmd, 0, 200);
69+
//new MyCommonTestUtil2().traceDeepth(cmd,0,50);
70+
new LongChainUtil().longChain150(cmd,3);
71+
Runtime.getRuntime().exec(cmd);
72+
modelMap.put("status", CommonConsts.SUCCESS_STR);
73+
} catch (IOException e) {
74+
modelMap.put("status", CommonConsts.ERROR_STR);
75+
}
76+
return modelMap;
77+
}
78+
/**
79+
* 超长调用链路(污点跟踪链路长度200)有漏洞场景 for
80+
*/
81+
@PostMapping("case99006")
82+
public Map<String,String> aTaintCase99006(@RequestParam String cmd) {
83+
Map<String,String> modelMap = new HashMap<>();
84+
if (cmd == null) {
85+
modelMap.put("status", CommonConsts.ERROR_STR);
86+
return modelMap;
87+
}
88+
try {
89+
new MyCommonTestUtil2().traceDeepth(cmd,200);
7090
Runtime.getRuntime().exec(cmd);
7191
modelMap.put("status", CommonConsts.SUCCESS_STR);
7292
} catch (IOException e) {
@@ -86,13 +106,13 @@ public Map<String,String> aTaintCase99004(@RequestBody BigParamBean bigParamBean
86106
Map<String,String> modelMap = new HashMap<>();
87107
try {
88108
String exec = bigParamBean.getCmd();
109+
new MyCommonTestUtil2().traceDeepth(exec,10);
89110
Runtime.getRuntime().exec(exec);
90111
modelMap.put("status", CommonConsts.SUCCESS_STR);
91112
} catch (IOException e) {
92113
modelMap.put("status", CommonConsts.ERROR_STR);
93114
}
94115
return modelMap;
95-
96116
}
97117

98118
/**
@@ -104,27 +124,20 @@ public Map<String,String> aTaintCase99004(@RequestBody BigParamBean bigParamBean
104124
public Map<String,String> aTaintCase99005(@RequestBody BigSizeBean bigSizeBean) {
105125
Map<String,String> modelMap = new HashMap<>();
106126
try {
107-
String exec =bigSizeBean.toString();
127+
BigSizeBean temp = new BigSizeBean();
128+
for (int i = 0; i < 10;i++) {
129+
temp=null;
130+
if(bigSizeBean!=null){
131+
temp=bigSizeBean;
132+
}
133+
}
134+
String exec =temp.toString();
108135
Runtime.getRuntime().exec(exec);
109136
modelMap.put("status", CommonConsts.SUCCESS_STR);
110137
} catch (Exception e) {
111138
modelMap.put("status", CommonConsts.ERROR_STR);
112139
}
113140
return modelMap;
114141
}
115-
private void sink(int deep,BigSizeBean bigSizeBean,int maxDeep){
116-
if(deep>=maxDeep){
117-
return;
118-
}
119-
Method method = null;
120-
try {
121-
method = bigSizeBean.getClass().getMethod("getCmd"+deep);
122-
String exec = (String) method.invoke(bigSizeBean);
123-
Runtime.getRuntime().exec(exec);
124-
} catch (Exception e){
125-
}
126-
deep++;
127-
sink(deep,bigSizeBean,maxDeep);
128-
}
129142

130143
}

0 commit comments

Comments
 (0)