diff --git a/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_005_T/array_index_no_solver_005_T.go b/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_005_T/array_index_no_solver_005_T.go index d2acfe5e..48ee4532 100644 --- a/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_005_T/array_index_no_solver_005_T.go +++ b/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_005_T/array_index_no_solver_005_T.go @@ -1,4 +1,3 @@ - // evaluation information start // real case = true // evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) @@ -7,8 +6,8 @@ // bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_005_T/array_index_no_solver_005_T // evaluation information end -// YASA中现在处理memberAccess时,以property的符号字面量作为key进行存取。导致精度损失。 package main + import "os/exec" func array_index_no_solver_005_T(__taint_src string) { @@ -23,8 +22,8 @@ func array_index_no_solver_005_T(__taint_src string) { func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } +} func main() { - __taint_src := "taint_src_value" - array_index_no_solver_005_T(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + array_index_no_solver_005_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/config.json b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/config.json index 99274d08..e74b9ab4 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/config.json +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/config.json @@ -25,6 +25,34 @@ { "compose": "(cross_directory_009_T/cross/cross_directory_009_T.go || cross_directory_009_T/cross/cross_init/cross_directory_init_009_T.go) && !(cross_directory_010_F/cross/cross_directory_010_F.go || cross_directory_010_F/cross/cross_init/cross_directory_init_010_F.go)", "scene": "跨package5" + }, + { + "compose": "(cross_directory_011_T/cross/cross_01/cross_directory_011_T_b.go || cross_directory_011_T/cross_directory_011_T_a/cross_directory_011_T_a.go) && !(cross_directory_012_F/cross/cross_01/cross_directory_012_F_b.go || cross_directory_012_F/cross_directory_012_F_a/cross_directory_012_F_a.go)", + "scene": "replace包层级调用链1" + }, + { + "compose": "(cross_directory_013_T/cross/other/cross_01/cross_directory_013_T_b.go || cross_directory_013_T/cross_directory_013_T_a/cross_directory_013_T_a.go) && !(cross_directory_014_F/cross/other/cross_01/cross_directory_014_F_b.go || cross_directory_014_F/cross_directory_014_F_a/cross_directory_014_F_a.go)", + "scene": "replace包层级调用链2" + }, + { + "compose": "(cross_directory_021_T/cross/cross_same_name_021_T.go || cross_directory_021_T/main_dir/cross_directory_021_T_a.go || cross_directory_021_T/main_dir/cross_directory_021_T_b.go || cross_directory_021_T/other/cross/cross_same_name_021_T.go) && !(cross_directory_022_F/cross/cross_same_name_022_F.go || cross_directory_022_F/main_dir/cross_directory_022_F_a.go || cross_directory_022_F/main_dir/cross_directory_022_F_b.go || cross_directory_022_F/other/cross/cross_same_name_022_F.go)", + "scene": "同名包导入区分" + }, + { + "compose": "(cross_directory_023_T/cross/cross_directory_023_T.go || cross_directory_023_T/cross/cross_01/cross_directory_023_T_a.go) && !(cross_directory_024_F/cross/cross_directory_024_F.go || cross_directory_024_F/cross/cross_01/cross_directory_024_F_a.go)", + "scene": "可见性校验" + }, + { + "compose": "(cross_directory_025_T/cross/cross_01/cross_directory_025_T_a.go || cross_directory_025_T/cross/cross_directory_025_T.go) && !(cross_directory_026_F/cross/cross_01/cross_directory_026_F_a.go || cross_directory_026_F/cross/cross_directory_026_F.go)", + "scene": "导入路径与包名解耦" + }, + { + "compose": "(cross_directory_027_T/cross_01/cross_same_name_027_T.go || cross_directory_027_T/cross_02/cross_same_name_027_T.go || cross_directory_027_T/cross_directory_027_T.go) && !(cross_directory_028_F/cross_01/cross_same_name_028_F.go || cross_directory_028_F/cross_02/cross_same_name_028_F.go || cross_directory_028_F/cross_directory_028_F.go)", + "scene": "同名包路径区分" + }, + { + "compose": "(cross_directory_029_T/cross/cross_01/cross_directory_029_T_a.go || cross_directory_029_T/cross/cross_directory_029_T.go) && !(cross_directory_030_F/cross/cross_01/cross_directory_030_F_a.go || cross_directory_030_F/cross/cross_directory_030_F.go)", + "scene": "识别导入根目录" } ] } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/cross_directory_011_T_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/cross_directory_011_T_b.go new file mode 100644 index 00000000..cf7daea6 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/cross_directory_011_T_b.go @@ -0,0 +1,18 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = replace包层级调用链 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/cross_directory_011_T_b +// evaluation information end + +package cross_directory_011_T_b +import "os/exec" + +func SayHello(taint_src string) { + __taint_sink(taint_src) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/go.mod new file mode 100644 index 00000000..2c7edc9e --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/go.mod @@ -0,0 +1,3 @@ +module cross/cross_01 + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross_directory_011_T_a/cross_directory_011_T_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross_directory_011_T_a/cross_directory_011_T_a.go new file mode 100644 index 00000000..b39f0ded --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross_directory_011_T_a/cross_directory_011_T_a.go @@ -0,0 +1,23 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = replace包层级调用链 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross_directory_011_T_a/cross_directory_011_T_a +// evaluation information end + +// 这里有两个go.mod文件 cross_directory_011_T文件夹下的go.mod文件是负责"指路"(replace指令),当看到 import "cross/cross_01" 时 +// 不要去其他地方寻找 应该去本地的 ./cross/cross_01 目录找,cross_01文件夹下的go.mod文件是"亮明身份",告诉go模块 我确实是你要找的文件。 +// 执行跨模块文件时需先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T +// 再执行go run cross_directory_011_T_a/cross_directory_011_T_a.go +package main +import "cross/cross_01" + +func cross_directory_011_T_a(__taint_src string) { + cross_directory_011_T_b.SayHello(__taint_src) +} + +func main() { + __taint_src := "taint_src_value" + cross_directory_011_T_a(__taint_src) +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/go.mod new file mode 100644 index 00000000..bb2fdd71 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/go.mod @@ -0,0 +1,7 @@ +module cross_directory_011_T + +go 1.20 + +replace cross/cross_01 => ./cross/cross_01 + +require cross/cross_01 v0.0.0-00010101000000-000000000000 // indirect diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/cross_directory_012_F_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/cross_directory_012_F_b.go new file mode 100644 index 00000000..4dfdba1c --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/cross_directory_012_F_b.go @@ -0,0 +1,18 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = replace包层级调用链 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/cross_directory_012_F_b +// evaluation information end + +package cross_directory_012_F_b +import "os/exec" + +func SayHello(taint_src string) { + __taint_sink("_") +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/go.mod new file mode 100644 index 00000000..2c7edc9e --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/go.mod @@ -0,0 +1,3 @@ +module cross/cross_01 + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross_directory_012_F_a/cross_directory_012_F_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross_directory_012_F_a/cross_directory_012_F_a.go new file mode 100644 index 00000000..c3e493ea --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross_directory_012_F_a/cross_directory_012_F_a.go @@ -0,0 +1,23 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = replace包层级调用链 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross_directory_012_F_a/cross_directory_012_F_a +// evaluation information end + +// 这里有两个go.mod文件 cross_directory_012_F文件夹下的go.mod文件是负责"指路"(replace指令),当看到 import "cross/cross_01" 时 +// 不要去其他地方寻找 应该去本地的 ./cross/cross_01 目录找,cross_01文件夹下的go.mod文件是"亮明身份",告诉go模块 我确实是你要找的文件。 +// 执行跨模块文件时需先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F +// 再执行go run cross_directory_012_F_a/cross_directory_012_F_a.go +package main +import "cross/cross_01" + +func cross_directory_012_F_a(__taint_src string) { + cross_directory_012_F_b.SayHello(__taint_src) +} + +func main() { + __taint_src := "taint_src_value" + cross_directory_012_F_a(__taint_src) +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/go.mod new file mode 100644 index 00000000..1158d2fa --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/go.mod @@ -0,0 +1,7 @@ +module cross_directory_012_F + +go 1.20 + +replace cross/cross_01 => ./cross/cross_01 + +require cross/cross_01 v0.0.0-00010101000000-000000000000 diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/cross_directory_013_T_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/cross_directory_013_T_b.go new file mode 100644 index 00000000..8e708924 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/cross_directory_013_T_b.go @@ -0,0 +1,18 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = replace包层级调用链 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/cross_directory_013_T_b +// evaluation information end + +package cross_directory_013_T_b +import "os/exec" + +func SayHello(taint_src string) { + __taint_sink(taint_src) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/go.mod new file mode 100644 index 00000000..35cbddd5 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/go.mod @@ -0,0 +1,3 @@ +module cross/other/cross_01 + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross_directory_013_T_a/cross_directory_013_T_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross_directory_013_T_a/cross_directory_013_T_a.go new file mode 100644 index 00000000..56b2b1d8 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross_directory_013_T_a/cross_directory_013_T_a.go @@ -0,0 +1,23 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = replace包层级调用链 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross_directory_013_T_a/cross_directory_013_T_a +// evaluation information end + +// 这里有两个go.mod文件 cross_directory_013_T文件夹下的go.mod文件是负责"指路"(replace指令),当看到 import "cross/other/cross_01" 时 +// 不要去其他地方寻找 应该去本地的 .cross/other/cross_01 目录找,cross_01文件夹下的go.mod文件是"亮明身份",告诉go模块 我确实是你要找的文件。 +// 执行跨模块文件时需先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T +// 再执行go run cross_directory_013_T_a/cross_directory_013_T_a.go +package main +import "cross/other/cross_01" + +func cross_directory_013_T_a(__taint_src string) { + cross_directory_013_T_b.SayHello(__taint_src) +} + +func main() { + __taint_src := "taint_src_value" + cross_directory_013_T_a(__taint_src) +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/go.mod new file mode 100644 index 00000000..80d03798 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/go.mod @@ -0,0 +1,7 @@ +module cross_directory_013_T + +go 1.20 + +replace cross/other/cross_01 => ./cross/other/cross_01 + +require cross/other/cross_01 v0.0.0-00010101000000-000000000000 // indirect diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/cross_directory_014_F_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/cross_directory_014_F_b.go new file mode 100644 index 00000000..f6820707 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/cross_directory_014_F_b.go @@ -0,0 +1,18 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = replace包层级调用链 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/cross_directory_014_F_b +// evaluation information end + +package cross_directory_014_F_b +import "os/exec" + +func SayHello(taint_src string) { + __taint_sink("_") +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/go.mod new file mode 100644 index 00000000..35cbddd5 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/go.mod @@ -0,0 +1,3 @@ +module cross/other/cross_01 + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross_directory_014_F_a/cross_directory_014_F_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross_directory_014_F_a/cross_directory_014_F_a.go new file mode 100644 index 00000000..bc2831d0 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross_directory_014_F_a/cross_directory_014_F_a.go @@ -0,0 +1,23 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = replace包层级调用链 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross_directory_014_F_a/cross_directory_014_F_a +// evaluation information end + +// 这里有两个go.mod文件 cross_directory_014_F文件夹下的go.mod文件是负责"指路"(replace指令),当看到 import "cross/other/cross_01" 时 +// 不要去其他地方寻找 应该去本地的 .cross/other/cross_01 目录找,cross_01文件夹下的go.mod文件是"亮明身份",告诉go模块 我确实是你要找的文件。 +// 执行跨模块文件时需先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F +// 再执行go run cross_directory_014_F_a/cross_directory_014_F_a.go +package main +import "cross/other/cross_01" + +func cross_directory_014_F_a(__taint_src string) { + cross_directory_014_F_b.SayHello(__taint_src) +} + +func main() { + __taint_src := "taint_src_value" + cross_directory_014_F_a(__taint_src) +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/go.mod new file mode 100644 index 00000000..6bb8be51 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/go.mod @@ -0,0 +1,7 @@ +module cross_directory_014_F + +go 1.20 + +replace cross/other/cross_01 => ./cross/other/cross_01 + +require cross/other/cross_01 v0.0.0-00010101000000-000000000000 // indirect diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_directory_015_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_directory_015_T.go new file mode 100644 index 00000000..23de2576 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_directory_015_T.go @@ -0,0 +1,31 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = init函数自动执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_directory_015_T +// evaluation information end + +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross +// 再执行go run cross_directory_015_T.go +package main +import ( + "cross_directory_015_T/cross/cross_init" + "os/exec" + "fmt" +) + +// Go语言支持包中定义init函数,在这个包被首次初始化(import)时,会自动触发这个包的init函数 +func cross_directory_015_T() { + // 看cross_init.Status是否被init处理过 + __taint_sink(cross_init.Status) +} + +func __taint_sink(o interface{}) { + fmt.Println("o 的值:", o) + _ = exec.Command("sh", "-c", o.(string)).Run() + } + +func main() { + cross_directory_015_T() +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_export_015_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_export_015_T.go new file mode 100644 index 00000000..3a1f8c66 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_export_015_T.go @@ -0,0 +1,11 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = init函数自动执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_export_015_T +// evaluation information end + +package cross_init + +var Taint_src = "taint_src_value" \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_init_015_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_init_015_T.go new file mode 100644 index 00000000..c3034416 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_init_015_T.go @@ -0,0 +1,14 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = init函数自动执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_init_015_T +// evaluation information end + +package cross_init + +var Status string +func init() { + Status = Taint_src +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/go.mod new file mode 100644 index 00000000..af303122 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/go.mod @@ -0,0 +1,3 @@ +module cross_directory_015_T + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_directory_016_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_directory_016_F.go new file mode 100644 index 00000000..320f9aa8 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_directory_016_F.go @@ -0,0 +1,23 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = init函数自动执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_directory_016_F +// evaluation information end +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross +// 再执行go run cross_directory_016_F.go +package main +import ( + "cross_directory_016_F/cross/cross_init" + "os/exec" +) +func cross_directory_016_F() { + __taint_sink(cross_init.Status) +} +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } +func main() { + cross_directory_016_F() +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_export_016_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_export_016_F.go new file mode 100644 index 00000000..efdc3922 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_export_016_F.go @@ -0,0 +1,11 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = init函数自动执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_export_016_F +// evaluation information end + +package cross_init + +var Taint_src = "taint_src_value" \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_init_016_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_init_016_F.go new file mode 100644 index 00000000..d3d82891 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_init_016_F.go @@ -0,0 +1,14 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = init函数自动执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_init_016_F +// evaluation information end +package cross_init + +var Status string +func init() { + Status = Taint_src + Status = "_" +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/go.mod new file mode 100644 index 00000000..021168fc --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/go.mod @@ -0,0 +1,3 @@ +module cross_directory_016_F + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_directory_017_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_directory_017_T.go new file mode 100644 index 00000000..23107ad2 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_directory_017_T.go @@ -0,0 +1,32 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_directory_017_T +// evaluation information end + +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross +// 再执行go run cross_directory_017_T.go + +package main +import ( + "cross_directory_017_T/cross/cross_init" + "os/exec" +) + +// Go语言支持同一个包中有多个init函数,这些init可以在同一个文件也可以在不同文件中。 +// init函数之间的执行是有顺序的,不同文件中则按文件排序顺序、同一文件则按init声明从上之下的顺序 +// init函数是先执行的,所有init函数执行完后才会执行自定义函数 +func cross_directory_017_T() { + // 若正确处理,Status的值应该是"taint_src_value234" + __taint_sink(cross_init.Status) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } + +func main() { + cross_directory_017_T() +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_export_017_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_export_017_T.go new file mode 100644 index 00000000..905898d5 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_export_017_T.go @@ -0,0 +1,11 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_export_017_T +// evaluation information end + +package cross_init + +var Taint_src = "taint_src_value" \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_a.go new file mode 100644 index 00000000..5ca360f3 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_a.go @@ -0,0 +1,17 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_a +// evaluation information end + +package cross_init + +func init() { + Status = Taint_src +} + +func init() { + Status += "2" +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_b.go new file mode 100644 index 00000000..77796bc2 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_b.go @@ -0,0 +1,19 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_b +// evaluation information end + +package cross_init + +var Status string + +func init() { + Status += "3" +} + +func init() { + Status += "4" +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/go.mod new file mode 100644 index 00000000..5242c6b6 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/go.mod @@ -0,0 +1,3 @@ +module cross_directory_017_T + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_directory_018_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_directory_018_F.go new file mode 100644 index 00000000..fdd680cf --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_directory_018_F.go @@ -0,0 +1,32 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_directory_018_F +// evaluation information end + +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross +// 再执行go run cross_directory_018_F.go + +package main +import ( + "cross_directory_018_F/cross/cross_init" + "os/exec" +) + +// Go语言支持同一个包中有多个init函数,这些init可以在同一个文件也可以在不同文件中。 +// init函数之间的执行是有顺序的,不同文件中则按文件排序顺序、同一文件则按init声明从上之下的顺序 +// init函数是先执行的,所有init函数执行完后才会执行自定义函数 +func cross_directory_018_F() { + // 若正确处理,Status的值应该是"_234" + __taint_sink(cross_init.Status) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } + +func main() { + cross_directory_018_F() +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_export_018_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_export_018_F.go new file mode 100644 index 00000000..62300bcd --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_export_018_F.go @@ -0,0 +1,11 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_export_018_F +// evaluation information end + +package cross_init + +var Taint_src = "taint_src_value" \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_a.go new file mode 100644 index 00000000..b0222b25 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_a.go @@ -0,0 +1,18 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_a +// evaluation information end + +package cross_init + +func init() { + Status = Taint_src + Status = "_" +} + +func init() { + Status += "2" +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_b.go new file mode 100644 index 00000000..81456e89 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_b.go @@ -0,0 +1,19 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_b +// evaluation information end + +package cross_init + +var Status string + +func init() { + Status += "3" +} + +func init() { + Status += "4" +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/go.mod new file mode 100644 index 00000000..894d75bf --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/go.mod @@ -0,0 +1,3 @@ +module cross_directory_018_F + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_directory_019_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_directory_019_T.go new file mode 100644 index 00000000..12b89b68 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_directory_019_T.go @@ -0,0 +1,31 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_directory_019_T +// evaluation information end +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross +// 再执行go run cross_directory_019_T.go + +package main +import ( + "cross_directory_019_T/cross/cross_init" + "os/exec" + "fmt" +) + +// Go语言支持同一个包中有多个init函数,这些init可以在同一个文件也可以在不同文件中。 +// 当这个包被import时,所有包中的init函数都会被执行 +func cross_directory_019_T() { + // 若正确处理,pkg.Status的值应该是20 + __taint_sink(cross_init.Status) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() + } + +func main() { + cross_directory_019_T() +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_export_019_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_export_019_T.go new file mode 100644 index 00000000..842bae46 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_export_019_T.go @@ -0,0 +1,11 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_export_019_T +// evaluation information end + +package cross_init + +var Taint_src = 10 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_a.go new file mode 100644 index 00000000..7d94ba88 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_a.go @@ -0,0 +1,17 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_a +// evaluation information end + +package cross_init + +func init() { + Status += Taint_src +} + +func init() { + Status += 2 +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_b.go new file mode 100644 index 00000000..a0cb564d --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_b.go @@ -0,0 +1,18 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_b +// evaluation information end + +package cross_init + +var Status int = 1 + +func init() { + Status += 3 +} +func init() { + Status += 4 +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/go.mod new file mode 100644 index 00000000..e6689719 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/go.mod @@ -0,0 +1,3 @@ +module cross_directory_019_T + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_directory_020_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_directory_020_F.go new file mode 100644 index 00000000..490498fc --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_directory_020_F.go @@ -0,0 +1,32 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_directory_020_F +// evaluation information end + +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross +// 再执行go run cross_directory_020_F.go + +package main +import ( + "cross_directory_020_F/cross/cross_init" + "os/exec" + "fmt" +) + +// Go语言支持同一个包中有多个init函数,这些init可以在同一个文件也可以在不同文件中。 +// 当这个包被import时,所有包中的init函数都会被执行 +func cross_directory_020_F() { + // 若正确处理,pkg.Status的值应该是0 + __taint_sink(cross_init.Status) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() + } + +func main() { + cross_directory_020_F() +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_export_020_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_export_020_F.go new file mode 100644 index 00000000..f9f1aa96 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_export_020_F.go @@ -0,0 +1,11 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_export_020_F +// evaluation information end + +package cross_init + +var Taint_src = 10 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_a.go new file mode 100644 index 00000000..c3cc9146 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_a.go @@ -0,0 +1,17 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_a +// evaluation information end + +package cross_init + +func init() { + Status += Taint_src +} + +func init() { + Status += 2 +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_b.go new file mode 100644 index 00000000..cfcac003 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_b.go @@ -0,0 +1,18 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_b +// evaluation information end + +package cross_init + +var Status int = 1 + +func init() { + Status += 3 +} +func init() { + Status = 0 +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/go.mod new file mode 100644 index 00000000..57f04550 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/go.mod @@ -0,0 +1,3 @@ +module cross_directory_020_F + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/cross/cross_same_name_021_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/cross/cross_same_name_021_T.go new file mode 100644 index 00000000..e85ff593 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/cross/cross_same_name_021_T.go @@ -0,0 +1,20 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包导入区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/cross/cross_same_name_021_T +// evaluation information end + +package cross_same_name_021_T +import "os/exec" + +func SayHello(taint_src string) { + __taint_sink(taint_src) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } + + \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/go.mod new file mode 100644 index 00000000..6e69eece --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/go.mod @@ -0,0 +1,3 @@ +module cross_directory_021_T + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_a.go new file mode 100644 index 00000000..00dbc022 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_a.go @@ -0,0 +1,24 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包导入区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_a +// evaluation information end + + +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T +// 再执行go run main_dir/cross_directory_021_T_a.go + +package main +import "cross_directory_021_T/cross" + +var __taint_src = "taint_src_value" + +func init() { + cross_same_name_021_T.SayHello(__taint_src) +} + +func main() { + return +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_b.go new file mode 100644 index 00000000..22301eb1 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_b.go @@ -0,0 +1,25 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包导入区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_b +// evaluation information end + + +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T +// 再执行go run main_dir/cross_directory_021_T_b.go + + +package main +import "cross_directory_021_T/other/cross" + +var __taint_src = "taint_src_value" + +func init() { + cross_same_name_021_T.SayHello(__taint_src) +} + +func main() { + return +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/other/cross/cross_same_name_021_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/other/cross/cross_same_name_021_T.go new file mode 100644 index 00000000..a861ccef --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/other/cross/cross_same_name_021_T.go @@ -0,0 +1,18 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包导入区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/other/cross/cross_same_name_021_T +// evaluation information end + + +package cross_same_name_021_T +import "os/exec" +func SayHello(taint_src string) { + __taint_sink(taint_src) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/cross/cross_same_name_022_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/cross/cross_same_name_022_F.go new file mode 100644 index 00000000..18c85d90 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/cross/cross_same_name_022_F.go @@ -0,0 +1,20 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包导入区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/cross/cross_same_name_022_F +// evaluation information end + +package cross_same_name_022_F +import "os/exec" + +func SayHello(taint_src string) { + __taint_sink(taint_src) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } + + \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/go.mod new file mode 100644 index 00000000..fadb9201 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/go.mod @@ -0,0 +1,3 @@ +module cross_directory_022_F + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_a.go new file mode 100644 index 00000000..b948b04a --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_a.go @@ -0,0 +1,24 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包导入区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_a +// evaluation information end + + +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F +// 再执行go run main_dir/cross_directory_022_F_a.go + +package main +import "cross_directory_022_F/cross" + +var __taint_src = "_" + +func init() { + cross_same_name_022_F.SayHello(__taint_src) +} + +func main() { + return +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_b.go new file mode 100644 index 00000000..bb0eecaf --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_b.go @@ -0,0 +1,25 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包导入区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_b +// evaluation information end + + +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F +// 再执行go run main_dir/cross_directory_022_F_b.go + + +package main +import "cross_directory_022_F/other/cross" + +var __taint_src = "abc" + +func init() { + cross_same_name_022_F.SayHello(__taint_src) +} + +func main() { + return +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/other/cross/cross_same_name_022_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/other/cross/cross_same_name_022_F.go new file mode 100644 index 00000000..79b1c443 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/other/cross/cross_same_name_022_F.go @@ -0,0 +1,19 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包导入区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/other/cross/cross_same_name_022_F +// evaluation information end + + +package cross_same_name_022_F +import "os/exec" + +func SayHello(taint_src string) { + __taint_sink(taint_src) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_01/cross_directory_023_T_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_01/cross_directory_023_T_a.go new file mode 100644 index 00000000..b90bb7da --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_01/cross_directory_023_T_a.go @@ -0,0 +1,14 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 可见性校验 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_01/cross_directory_023_T_a +// evaluation information end + + +package cross_01 + +var status string = "private" + +var Status string = "taint_src_value" diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_directory_023_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_directory_023_T.go new file mode 100644 index 00000000..7bea4cfa --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_directory_023_T.go @@ -0,0 +1,32 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 可见性校验 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_directory_023_T +// evaluation information end + +// 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T +// 再执行 go run cross/cross_directory_023_T.go +package main + +import ( + "cross_directory_023_T/cross/cross_01" + "fmt" + "os/exec" +) + +// Go语言中,一个包内只有大写开头的Symbol能够被导出(对外部可见) +// 考察特性:@@@@是否会错误地将小写的(非public的)Symbol错误的import过来 + +func cross_directory_023_T() { + __taint_sink(cross_01.Status) //Status大写 应该被正确import过来 +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + cross_directory_023_T() +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/go.mod new file mode 100644 index 00000000..d97f3000 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/go.mod @@ -0,0 +1,3 @@ +module cross_directory_023_T + +go 1.20 diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_01/cross_directory_024_F_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_01/cross_directory_024_F_a.go new file mode 100644 index 00000000..e0de314f --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_01/cross_directory_024_F_a.go @@ -0,0 +1,14 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 可见性校验 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_01/cross_directory_024_F_a +// evaluation information end + + +package cross_01 + +var status string = "private" + +var Status string = "taint_src_value" diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_directory_024_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_directory_024_F.go new file mode 100644 index 00000000..76c4b5d5 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_directory_024_F.go @@ -0,0 +1,32 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 可见性校验 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_directory_024_F +// evaluation information end + +// 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F +// 再执行 go run cross/cross_directory_024_F.go + +package main + +import ( + "fmt" + "os/exec" +) + +// Go语言中,一个包内只有大写开头的Symbol能够被导出(对外部可见) +// 考察特性:@@@@是否会错误地将小写的(非public的)Symbol错误的import过来 + +func cross_directory_024_F() { + __taint_sink(cross_01.status) //status小写 若正确处理,无法获取到cross_01.status +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + cross_directory_024_F() +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/go.mod new file mode 100644 index 00000000..501fc33c --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/go.mod @@ -0,0 +1,3 @@ +module cross_directory_024_F + +go 1.20 diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_01/cross_directory_025_T_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_01/cross_directory_025_T_a.go new file mode 100644 index 00000000..49240120 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_01/cross_directory_025_T_a.go @@ -0,0 +1,23 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 导入路径与包名解耦 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_01/cross_directory_025_T_a +// evaluation information end + + +package cross_directory_025_T_a + +var status string + +type Person struct { + Name string + Age int +} + +func (p Person) Swimming(taint_src string) string { + status = taint_src + return status +} + diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_directory_025_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_directory_025_T.go new file mode 100644 index 00000000..3d216b90 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_directory_025_T.go @@ -0,0 +1,32 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 导入路径与包名解耦 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_directory_025_T +// evaluation information end + +// 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T +// 再执行 go run cross/cross_directory_025_T.go +package main +import ( + "fmt" + "cross_directory_025_T/cross/cross_01" + "os/exec" +) + +// Go语言中,import路径从第二项开始的每项一定是目录名,包括最后一项(并非包名)。 +// 然而,导入后,使用的符号值是包名。比如这边,import cross_01,使用的却是cross_directory_025_T_a + +func cross_directory_025_T(__taint_src string) { + __taint_sink(cross_directory_025_T_a.Person{}.Swimming(__taint_src)) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() + } + +func main() { + __taint_src := "taint_src_value" + cross_directory_025_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/go.mod new file mode 100644 index 00000000..23b5d919 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/go.mod @@ -0,0 +1,3 @@ +module cross_directory_025_T + +go 1.20 diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_01/cross_directory_026_F_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_01/cross_directory_026_F_a.go new file mode 100644 index 00000000..6837a63a --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_01/cross_directory_026_F_a.go @@ -0,0 +1,23 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 导入路径与包名解耦 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_01/cross_directory_026_F_a +// evaluation information end + + +package cross_directory_026_F_a + +var status string + +type Person struct { + Name string + Age int +} + +func (p Person) Swimming(taint_src string) string { + status = taint_src + return status +} + diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_directory_026_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_directory_026_F.go new file mode 100644 index 00000000..203557cd --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_directory_026_F.go @@ -0,0 +1,32 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 导入路径与包名解耦 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_directory_026_F +// evaluation information end + +// 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F +// 再执行 go run cross/cross_directory_026_F.go +package main +import ( + "fmt" + "cross_directory_026_F/cross/cross_01" + "os/exec" +) + +// Go语言中,import路径从第二项开始的每项一定是目录名,包括最后一项(并非包名)。 +// 然而,导入后,使用的符号值是包名。比如这边,import cross_01,使用的却是pkg + +func cross_directory_026_F(__taint_src string) { + __taint_sink(cross_directory_026_F_a.Person{}.Swimming("_")) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() + } + +func main() { + __taint_src := "taint_src_value" + cross_directory_026_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/go.mod new file mode 100644 index 00000000..e34eb465 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/go.mod @@ -0,0 +1,3 @@ +module cross_directory_026_F + +go 1.20 diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_01/cross_same_name_027_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_01/cross_same_name_027_T.go new file mode 100644 index 00000000..c027d647 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_01/cross_same_name_027_T.go @@ -0,0 +1,23 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包路径区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_01/cross_same_name_027_T +// evaluation information end + + +package cross_same_name_027_T +import "os/exec" + +var dir string + +func Fun(__taint_src string) { + dir = __taint_src + __taint_sink(dir) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } + diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_02/cross_same_name_027_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_02/cross_same_name_027_T.go new file mode 100644 index 00000000..ec4aa3c7 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_02/cross_same_name_027_T.go @@ -0,0 +1,22 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包路径区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_02/cross_same_name_027_T +// evaluation information end + + +package cross_same_name_027_T +import "os/exec" + +var dir string + +func Fun(__taint_src string) { + dir = "abc" + __taint_sink(dir) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T.go new file mode 100644 index 00000000..10f8b3f9 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T.go @@ -0,0 +1,25 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包路径区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T +// evaluation information end + +// 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T +// 再执行 go run cross_directory_027_T.go + +package main + +// Go语言中,一个包以文件结构路径唯一标识。允许同名包。 +// 旧版@@@@以包名作为key来进行包管理,导致同名包丢失。 + +// 考察特性:@@@@-Go的**包管理逻辑**(this.packageManager),是否能够区分并保存同名包 +func cross_directory_027_T(__taint_src string) { + cross_same_name_027_T.Fun(__taint_src) +} + +func main() { + __taint_src := "taint_src_value" + cross_directory_027_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/go.mod new file mode 100644 index 00000000..40b6f045 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/go.mod @@ -0,0 +1,3 @@ +module cross_directory_027_T + +go 1.20 diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_01/cross_same_name_028_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_01/cross_same_name_028_F.go new file mode 100644 index 00000000..3b064e08 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_01/cross_same_name_028_F.go @@ -0,0 +1,23 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包路径区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_01/cross_same_name_028_F +// evaluation information end + + +package cross_same_name_028_F +import "os/exec" + +var dir string + +func Fun(__taint_src string) { + dir = __taint_src + __taint_sink(dir) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } + diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_02/cross_same_name_028_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_02/cross_same_name_028_F.go new file mode 100644 index 00000000..cf574b2d --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_02/cross_same_name_028_F.go @@ -0,0 +1,21 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包路径区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_02/cross_same_name_028_F +// evaluation information end + + +package cross_same_name_028_F +import "os/exec" +var dir string + +func Fun(__taint_src string) { + dir = "abc" + __taint_sink(dir) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F.go new file mode 100644 index 00000000..f3f38c67 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F.go @@ -0,0 +1,27 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包路径区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F +// evaluation information end + +// 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F +// 再执行 go run cross_directory_028_F.go + +package main + +import cross_same_name_028_F "cross_directory_028_F/cross_02" + +// Go语言中,一个包以文件结构路径唯一标识。允许同名包。 +// 旧版@@以包名作为key来进行包管理,导致同名包丢失。 + +// 考察特性:@@-Go的**包管理逻辑**(this.packageManager),是否能够区分并保存同名包 +func cross_directory_028_F(__taint_src string) { + cross_same_name_028_F.Fun(__taint_src) +} + +func main() { + __taint_src := "taint_src_value" + cross_directory_028_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/go.mod new file mode 100644 index 00000000..eafff194 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/go.mod @@ -0,0 +1,3 @@ +module cross_directory_028_F + +go 1.20 diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_01/cross_directory_029_T_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_01/cross_directory_029_T_a.go new file mode 100644 index 00000000..13aa02e0 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_01/cross_directory_029_T_a.go @@ -0,0 +1,18 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 识别导入根目录 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_01/cross_directory_029_T_a +// evaluation information end + +package cross_directory_029_T_a + +type Person struct { + Name string + Age int +} + +func (p Person) Skiing(__taint_src string) string{ + return __taint_src +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_directory_029_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_directory_029_T.go new file mode 100644 index 00000000..687bf49f --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_directory_029_T.go @@ -0,0 +1,36 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 识别导入根目录 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_directory_029_T +// evaluation information end + + +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross +// 再执行go run cross_directory_029_T.go + +package main + +import ( + "rainy/cross_01" + "os/exec" +) +// Go语言中的import: import 项目名(代表根目录)/目录名1/目录名2/目录名3 +// 所谓的根目录 指 go.mod所在的目录 +// 考察特性:是否支持识别go项目的根目录,从根目录开始解析并找到import语句 + + +func cross_directory_029_T(__taint_src string) { + value := cross_directory_029_T_a.Person{}.Skiing(__taint_src)// 看这些符号值能不能被解析出来 + __taint_sink(value) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } + +func main() { + __taint_src := "taint_src_value" + cross_directory_029_T(__taint_src) +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/go.mod new file mode 100644 index 00000000..c88bf90c --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/go.mod @@ -0,0 +1,3 @@ +module rainy + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_01/cross_directory_030_F_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_01/cross_directory_030_F_a.go new file mode 100644 index 00000000..13969309 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_01/cross_directory_030_F_a.go @@ -0,0 +1,18 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 识别导入根目录 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_01/cross_directory_030_F_a +// evaluation information end + +package cross_directory_030_F_a + +type Person struct { + Name string + Age int +} + +func (p Person) Skiing(__taint_src string) string{ + return __taint_src +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_directory_030_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_directory_030_F.go new file mode 100644 index 00000000..9a82e327 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_directory_030_F.go @@ -0,0 +1,36 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 识别导入根目录 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_directory_030_F +// evaluation information end + + +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross +// 再执行go run cross_directory_030_F.go + +package main + +import ( + "rainy/cross_01" + "os/exec" +) +// Go语言中的import: import 项目名(代表根目录)/目录名1/目录名2/目录名3 +// 所谓的根目录 指 go.mod所在的目录 +// 考察特性:是否支持识别go项目的根目录,从根目录开始解析并找到import语句 + + +func cross_directory_030_F(__taint_src string) { + value := cross_directory_030_F_a.Person{}.Skiing("_")// 看这些符号值能不能被解析出来 + __taint_sink(value) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } + +func main() { + __taint_src := "taint_src_value" + cross_directory_030_F(__taint_src) +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/go.mod new file mode 100644 index 00000000..c88bf90c --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/go.mod @@ -0,0 +1,3 @@ +module rainy + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/config.json b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/config.json index 95611ba3..65b4f607 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/config.json +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/config.json @@ -13,6 +13,10 @@ { "compose": "(cross_module_003_T/cross_module_003_T_a/cross_module_003_T_a.go || cross_module_003_T/cross_module_003_T_b/cross_module_003_T_b.go) && !(cross_module_004_F/cross_module_004_F_a/cross_module_004_F_a.go || cross_module_004_F/cross_module_004_F_b/cross_module_004_F_b.go)", "scene": "跨module-别名" + }, + { + "compose": "(cross_module_005_T/cross_module_005_T_a/cross_module_005_T.go || cross_module_005_T/cross_module_005_T_b/cross_module_005_T.go) && !(cross_module_006_F/cross_module_006_F_a/cross_module_006_F.go || cross_module_006_F/cross_module_006_F_b/cross_module_006_F.go)", + "scene": "多Main包模块化管理" } ] } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/cross_module_005_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/cross_module_005_T.go new file mode 100644 index 00000000..a74b8beb --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/cross_module_005_T.go @@ -0,0 +1,29 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 +// scene introduction = 多Main包模块化管理 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/cross_module_005_T +// evaluation information end + +// 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T +// 在执行 go run ./cross_module_005_T_a +package main + +import "os/exec" + +// Go语言中,允许多个main包和main函数(只要不在同一个目录) +// 考察特性:@@是否能否对多个main包和main函数的情况正确包管理和找到main函数 + +func cross_module_005_T_a(__taint_src string) { + __taint_sink(__taint_src) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := "taint_src_value_main1" + cross_module_005_T_a(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/cross_module_005_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/cross_module_005_T.go new file mode 100644 index 00000000..0b996094 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/cross_module_005_T.go @@ -0,0 +1,29 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 +// scene introduction = 多Main包模块化管理 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/cross_module_005_T +// evaluation information end + +// 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T +// 在执行 go run ./cross_module_005_T_b +package main + +import "os/exec" + +// Go语言中,允许多个main包和main函数(只要不在同一个目录) +// 考察特性:@@是否能否对多个main包和main函数的情况正确包管理和找到main函数 + +func cross_module_005_T_b(__taint_src string) { + __taint_sink(__taint_src) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := "taint_src_value_main2" + cross_module_005_T_b(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/go.mod new file mode 100644 index 00000000..7934c85a --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/go.mod @@ -0,0 +1,3 @@ +module cross_module_005_T + +go 1.14 diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/cross_module_006_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/cross_module_006_F.go new file mode 100644 index 00000000..a1d349cf --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/cross_module_006_F.go @@ -0,0 +1,29 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 +// scene introduction = 多Main包模块化管理 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/cross_module_006_F +// evaluation information end + +// 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F +// 在执行 go run ./cross_module_006_F_a +package main + +import "os/exec" + +// Go语言中,允许多个main包和main函数(只要不在同一个目录) +// 考察特性:@@是否能否对多个main包和main函数的情况正确包管理和找到main函数 + +func cross_module_006_F_a(__taint_src string) { + __taint_sink("this is main1") +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := "taint_src_value_main1" + cross_module_006_F_a(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/cross_module_006_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/cross_module_006_F.go new file mode 100644 index 00000000..b6f93e06 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/cross_module_006_F.go @@ -0,0 +1,29 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 +// scene introduction = 多Main包模块化管理 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/cross_module_006_F +// evaluation information end + +// 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F +// 在执行 go run ./cross_module_006_F_b +package main + +import "os/exec" + +// Go语言中,允许多个main包和main函数(只要不在同一个目录) +// 考察特性:@@是否能否对多个main包和main函数的情况正确包管理和找到main函数 + +func cross_module_006_F_b(__taint_src string) { + __taint_sink("this is main2") +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := "taint_src_value_main2" + cross_module_006_F_b(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/go.mod new file mode 100644 index 00000000..e21c91bd --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/go.mod @@ -0,0 +1,3 @@ +module cross_module_006_F + +go 1.14 diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_001_T/if_return_nil_001_T.go b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_001_T/if_return_nil_001_T.go index dd00b2a2..88d20fb6 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_001_T/if_return_nil_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_001_T/if_return_nil_001_T.go @@ -18,7 +18,7 @@ type S struct { id int } -func Func1(__taint_src string) (*S, string) { +func Func1(__taint_src string) (*S) { s1 := &S{ name: __taint_src, id: 98, @@ -26,14 +26,14 @@ func Func1(__taint_src string) (*S, string) { err := "nil" if err != "nil" { - return nil, err + return nil } - return s1, "abc" + return s1 } func if_return_nil_001_T(__taint_src string) { - res, _ := Func1(__taint_src) + res := Func1(__taint_src) __taint_sink(res) } diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_002_F/if_return_nil_002_F.go b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_002_F/if_return_nil_002_F.go index b6729530..31919a39 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_002_F/if_return_nil_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_002_F/if_return_nil_002_F.go @@ -12,28 +12,29 @@ import ( "os/exec" ) +// 旧版中,对nil没有进行处理限制,允许将nil值转换成返回值类型(S),且允许对nil进行memberAccess读取 type S struct { name string id int } -func Func1(__taint_src string) (*S, string) { +func Func1(__taint_src string) (*S) { s1 := &S{ name: __taint_src, id: 98, } - err := "abc" + err := "error" if err != "nil" { - return nil, err + return nil } - return s1, "abc" + return s1 } func if_return_nil_002_F(__taint_src string) { - res, _ := Func1(__taint_src) + res := Func1(__taint_src) __taint_sink(res) } diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_tuple_001_T/if_return_tuple_001_T.go b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_tuple_001_T/if_return_tuple_001_T.go index f7da7dd2..d1ef8431 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_tuple_001_T/if_return_tuple_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_tuple_001_T/if_return_tuple_001_T.go @@ -7,6 +7,7 @@ // evaluation information end package main + import "os/exec" func callee(taint string) (string, string) { @@ -17,16 +18,16 @@ func callee(taint string) (string, string) { } func if_return_tuple_001_T(__taint_src string) { - a,b := callee(__taint_src) + a, b := callee(__taint_src) _ = a __taint_sink(b) } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } +} func main() { - __taint_src := "taint_src_value" - if_return_tuple_001_T(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + if_return_tuple_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_001_F/multiple_return_struct_001_F.go b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_001_F/multiple_return_struct_001_F.go index 7e28d99d..1f5cbefa 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_001_F/multiple_return_struct_001_F.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_001_F/multiple_return_struct_001_F.go @@ -1,13 +1,12 @@ - // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->返回值传递 -// scene introduction = 多返回值传递给结构体 +// scene introduction = 多返回值传递给结构体 // level = 2 // bind_url = completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_001_F/multiple_return_struct_001_F // evaluation information end - package main + import ( "fmt" "os/exec" @@ -33,9 +32,8 @@ func processData(s string, i interface{}) (string, interface{}) { func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%+v", o)).Run() - } - +} func main() { - __taint_src := "taint_src_value" - multiple_return_struct_001_F(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + multiple_return_struct_001_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_002_T/multiple_return_struct_002_T.go b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_002_T/multiple_return_struct_002_T.go index f49e93a3..6e731c40 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_002_T/multiple_return_struct_002_T.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_002_T/multiple_return_struct_002_T.go @@ -1,13 +1,12 @@ - // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->返回值传递 -// scene introduction = 多返回值传递给结构体 +// scene introduction = 多返回值传递给结构体 // level = 2 // bind_url = completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_002_T/multiple_return_struct_002_T // evaluation information end - package main + import ( "fmt" "os/exec" @@ -33,9 +32,9 @@ func processData(s string, i interface{}) (string, interface{}) { func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%+v", o)).Run() - } +} func main() { - __taint_src := "taint_src_value" - multiple_return_struct_002_T(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + multiple_return_struct_002_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_004_T/named_return_004_T.go b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_004_T/named_return_004_T.go index 7a7b8b93..56de69c5 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_004_T/named_return_004_T.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_004_T/named_return_004_T.go @@ -19,7 +19,7 @@ func named_return_004_T(__taint_src interface{}) { func processData(s interface{}, i interface{}) (ret interface{}) { ret = "_" - return s + return s // 主要区别位于这里,在具名返回值的情况下 裸返回return默认返回ret。但uast4Go在处理具名返回值时存在bug,导致此处的return s被覆盖成return ret } func __taint_sink(o interface{}) { diff --git a/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/config.json b/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/config.json index fc55d65f..a00c0a08 100644 --- a/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/config.json +++ b/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/config.json @@ -33,6 +33,14 @@ { "compose": "return_value_passing_003_T.py && !return_value_passing_004_F.py", "scene": "返回值传递->多层函数嵌套传递" + }, + { + "compose": "return_value_passing_005_T.py && !return_value_passing_006_F.py", + "scene": "返回值传递->迭代器" + }, + { + "compose": "return_value_passing_007_T.py && !return_value_passing_008_F.py", + "scene": "返回值传递->多返回值解包" } ] } diff --git a/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_005_T.py b/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_005_T.py new file mode 100644 index 00000000..e4d7aa9f --- /dev/null +++ b/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_005_T.py @@ -0,0 +1,25 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->上下文敏感分析->参数/返回值传递 +# scene introduction = 返回值传递->迭代器返回值传递 +# level = 2 +# bind_url = accuracy/context_sensitive/argument_return_value_passing/return_value_passing_005_T +# evaluation information end +import os + +def return_value_passing_005_T(taint_src): + def create_iterator(): + # 创建包含污染值的迭代器 + return iter([taint_src, 'safe_value', 'another_value']) + + iterator = create_iterator() # 返回迭代器对象 + first_item = next(iterator) # 获取迭代器的第一个元素 + taint_sink(first_item) # 传递污染值 + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + return_value_passing_005_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_006_F.py b/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_006_F.py new file mode 100644 index 00000000..a61de824 --- /dev/null +++ b/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_006_F.py @@ -0,0 +1,25 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->上下文敏感分析->参数/返回值传递 +# scene introduction = 返回值传递->迭代器返回值传递 +# level = 2 +# bind_url = accuracy/context_sensitive/argument_return_value_passing/return_value_passing_006_F +# evaluation information end +import os + +def return_value_passing_006_F(taint_src): + def create_iterator(): + # 创建只包含安全值的迭代器 + return iter(['safe_value', 'another_value', 'third_value']) + + iterator = create_iterator() # 返回迭代器对象 + first_item = next(iterator) # 获取迭代器的第一个元素 + taint_sink(first_item) # 传递安全值 + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + return_value_passing_006_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_007_T.py b/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_007_T.py new file mode 100644 index 00000000..3bb2e89f --- /dev/null +++ b/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_007_T.py @@ -0,0 +1,25 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->上下文敏感分析->参数/返回值传递 +# scene introduction = 返回值传递->多返回值解包传递 +# level = 2 +# bind_url = accuracy/context_sensitive/argument_return_value_passing/return_value_passing_007_T +# evaluation information end +import os + +def return_value_passing_007_T(taint_src): + def get_multiple_values(): + # 函数返回多个值,其中包含污点数据 + return taint_src, 'safe_value', 'another_safe' + + # 多返回值解包,第一个值是污点 + tainted_value, safe_value1, safe_value2 = get_multiple_values() + taint_sink(tainted_value) # 传递污点值 + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + return_value_passing_007_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_008_F.py b/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_008_F.py new file mode 100644 index 00000000..8cfb06a9 --- /dev/null +++ b/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_008_F.py @@ -0,0 +1,25 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->上下文敏感分析->参数/返回值传递 +# scene introduction = 返回值传递->多返回值解包传递 +# level = 2 +# bind_url = accuracy/context_sensitive/argument_return_value_passing/return_value_passing_008_F +# evaluation information end +import os + +def return_value_passing_008_F(taint_src): + def get_multiple_values(): + # 函数返回多个值,但都不包含污点数据 + return 'safe_value1', 'safe_value2', 'safe_value3' + + # 多返回值解包,所有值都是安全的 + safe_value1, safe_value2, safe_value3 = get_multiple_values() + taint_sink(safe_value1) # 传递安全值,不应检出漏洞 + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + return_value_passing_008_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/field_sensitive/class/config.json b/sast-python3/case/accuracy/field_sensitive/class/config.json index 5492944a..8c4d0787 100644 --- a/sast-python3/case/accuracy/field_sensitive/class/config.json +++ b/sast-python3/case/accuracy/field_sensitive/class/config.json @@ -25,6 +25,10 @@ { "compose": "inheritance_001_T.py && !inheritance_002_F.py", "scene": "继承覆盖父类字段" + }, + { + "compose": "dynamic_field_001_T.py && !dynamic_field_002_F.py", + "scene": "动态参数" } ] }, diff --git a/sast-python3/case/accuracy/field_sensitive/class/dynamic_field_001_T.py b/sast-python3/case/accuracy/field_sensitive/class/dynamic_field_001_T.py new file mode 100644 index 00000000..9da0c513 --- /dev/null +++ b/sast-python3/case/accuracy/field_sensitive/class/dynamic_field_001_T.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象的不同字段 +# scene introduction = 动态参数->动态字段名 +# level = 3 +# bind_url = accuracy/field_sensitive/class/dynamic_field_001_T +# evaluation information end +import os + +def dynamic_field_001_T(taint_src): + class DynamicClass: + def __init__(self, taint_src): + # 使用setattr动态设置字段 + setattr(self, 'dynamic_field', taint_src) + self.normal_field = '_' + + obj = DynamicClass(taint_src) + # 通过动态字段名访问 + taint_sink(obj.dynamic_field) + + +def taint_sink(o): + os.system(o) + + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + dynamic_field_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/field_sensitive/class/dynamic_field_002_F.py b/sast-python3/case/accuracy/field_sensitive/class/dynamic_field_002_F.py new file mode 100644 index 00000000..c9996c9a --- /dev/null +++ b/sast-python3/case/accuracy/field_sensitive/class/dynamic_field_002_F.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象的不同字段 +# scene introduction = 动态参数->动态字段名 +# level = 3 +# bind_url = accuracy/field_sensitive/class/dynamic_field_002_F +# evaluation information end +import os + +def dynamic_field_002_F(taint_src): + class DynamicClass: + def __init__(self, taint_src): + # 使用setattr动态设置字段为安全值 + setattr(self, 'dynamic_field', '_') + self.tainted_field = taint_src + + obj = DynamicClass(taint_src) + # 访问的是安全的动态字段,而非污染的字段 + taint_sink(obj.dynamic_field) # 传递安全值,不应检出漏洞 + + +def taint_sink(o): + os.system(o) + + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + dynamic_field_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/field_sensitive/class/field_len_006_F.py b/sast-python3/case/accuracy/field_sensitive/class/field_len_006_F.py index 2b6b8be2..3bdf56d8 100644 --- a/sast-python3/case/accuracy/field_sensitive/class/field_len_006_F.py +++ b/sast-python3/case/accuracy/field_sensitive/class/field_len_006_F.py @@ -4,7 +4,7 @@ # evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象的不同字段 # scene introduction = 路径长度 # level = 3+ -# bind_url = accuracy/field_sensitive/class/field_len_006_T +# bind_url = accuracy/field_sensitive/class/field_len_006_F # evaluation information end import os diff --git a/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/config.json b/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/config.json index be1d8beb..0046a8f2 100644 --- a/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/config.json +++ b/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/config.json @@ -17,6 +17,14 @@ { "compose": "map_mc_001_T.py && !map_mc_002_F.py", "scene": "字典键路径->嵌套" + }, + { + "compose": "list_slice_001_T.py && !list_slice_002_F.py", + "scene": "字典键路径->切片后访问" + }, + { + "compose": "map_mc_005_T.py && !map_mc_006_F.py", + "scene": "字典键路径->get方法链" } ] }, diff --git a/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/list_slice_001_T.py b/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/list_slice_001_T.py new file mode 100644 index 00000000..8a9029d2 --- /dev/null +++ b/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/list_slice_001_T.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->对象敏感与域敏感分析->区分多维字典/列表/数组的不同元素 +# scene introduction = 列表索引->切片后访问 +# level = 4 +# bind_url = accuracy/field_sensitive/multidimensional_collection/list_slice_001_T +# evaluation information end +import os + + +def list_slice_001_T(taint_src): + # 二维列表结构 + arr = [[taint_src, "safe"], ["safe", "safe"]] + # 使用切片后访问:先切片再索引访问 + result = arr[0:1][0][0] # 切片[0:1]得到[[taint_src, "safe"]],然后[0][0]访问taint_src + taint_sink(result) + + +def taint_sink(o): + os.system(o) + + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + list_slice_001_T(taint_src) diff --git a/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/list_slice_002_F.py b/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/list_slice_002_F.py new file mode 100644 index 00000000..0763c7ed --- /dev/null +++ b/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/list_slice_002_F.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->对象敏感与域敏感分析->区分多维字典/列表/数组的不同元素 +# scene introduction = 列表索引->切片后访问 +# level = 4 +# bind_url = accuracy/field_sensitive/multidimensional_collection/list_slice_002_F +# evaluation information end +import os + + +def list_slice_002_F(taint_src): + # 二维列表结构 + arr = [[taint_src, "safe"], ["safe", "safe"]] + # 使用切片后访问安全元素:不同切片位置的安全数据 + result = arr[1:2][0][0] # 切片[1:2]得到[["safe", "safe"]],然后[0][0]访问safe + taint_sink(result) + + +def taint_sink(o): + os.system(o) + + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + list_slice_002_F(taint_src) diff --git a/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/map_mc_005_T.py b/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/map_mc_005_T.py new file mode 100644 index 00000000..6ea92f47 --- /dev/null +++ b/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/map_mc_005_T.py @@ -0,0 +1,26 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->对象敏感与域敏感分析->区分多维字典/列表/数组的不同元素 +# scene introduction = 字典键路径->get方法链 +# level = 4 +# bind_url = accuracy/field_sensitive/multidimensional_collection/map_mc_005_T +# evaluation information end +import os + + +def map_mc_005_T(taint_src): + d = {"a": {"b": {"c": taint_src}}, "x": {"y": {"z": "safe"}}} + # 使用get方法链式访问嵌套字典 + result = d.get("a", {}).get("b", {}).get("c") + taint_sink(result) # 应该检测到污染 + + +def taint_sink(o): + os.system(o) + + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + map_mc_005_T(taint_src) diff --git a/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/map_mc_006_F.py b/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/map_mc_006_F.py new file mode 100644 index 00000000..a762f536 --- /dev/null +++ b/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/map_mc_006_F.py @@ -0,0 +1,26 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->对象敏感与域敏感分析->区分多维字典/列表/数组的不同元素 +# scene introduction = 字典键路径->get方法链 +# level = 4 +# bind_url = accuracy/field_sensitive/multidimensional_collection/map_mc_006_F +# evaluation information end +import os + + +def map_mc_006_F(taint_src): + d = {"a": {"b": {"c": taint_src}}, "x": {"y": {"z": "safe"}}} + # 使用get方法链式访问安全路径 + result = d.get("x", {}).get("y", {}).get("z") + taint_sink(result) # 不应该检测到污染 + + +def taint_sink(o): + os.system(o) + + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + map_mc_006_F(taint_src) diff --git a/sast-python3/case/accuracy/flow_sensitive/asynchronous/async_concurrent_001_T.py b/sast-python3/case/accuracy/flow_sensitive/asynchronous/async_concurrent_001_T.py new file mode 100644 index 00000000..f7fe0023 --- /dev/null +++ b/sast-python3/case/accuracy/flow_sensitive/asynchronous/async_concurrent_001_T.py @@ -0,0 +1,45 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->流敏感分析->异步执行 +# scene introduction = 异步执行->并发执行 +# level = 4 +# bind_url = accuracy/flow_sensitive/asynchronous/async_concurrent_001_T +# evaluation information end +import os +import asyncio + + +async def async_concurrent_001_T(taint_src): + # 使用asyncio.gather并发执行多个异步函数 + results = await asyncio.gather( + async_func1(taint_src), # 污染函数 - 直接返回污点数据 + async_func2("safe"), # 安全函数 + ) + + # 从并发结果中访问污染数据 + taint_sink(results[0]) # results[0] 包含污染数据 + + +async def async_func1(data): + await asyncio.sleep(0.01) + # 直接返回污点数据,确保污点传播清晰可见 + return data + + +async def async_func2(data): + await asyncio.sleep(0.01) + return data + + +def taint_sink(o): + os.system(o) + + +async def main(taint_src): + await async_concurrent_001_T(taint_src) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + asyncio.run(main(taint_src)) diff --git a/sast-python3/case/accuracy/flow_sensitive/asynchronous/async_concurrent_002_F.py b/sast-python3/case/accuracy/flow_sensitive/asynchronous/async_concurrent_002_F.py new file mode 100644 index 00000000..dc3d7a48 --- /dev/null +++ b/sast-python3/case/accuracy/flow_sensitive/asynchronous/async_concurrent_002_F.py @@ -0,0 +1,44 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->流敏感分析->异步执行 +# scene introduction = 异步执行->并发执行 +# level = 4 +# bind_url = accuracy/flow_sensitive/asynchronous/async_concurrent_002_F +# evaluation information end +import os +import asyncio + + +async def async_concurrent_002_F(taint_src): + # 使用asyncio.gather并发执行多个异步函数 + results = await asyncio.gather( + async_func1(taint_src), # 污染函数 + async_func2("safe"), # 安全函数 + ) + + # 从并发结果中访问安全数据 + taint_sink(results[1]) # results[1] 是安全数据,不应检测到污染 + + +async def async_func1(data): + await asyncio.sleep(0.01) + return data + + +async def async_func2(data): + await asyncio.sleep(0.01) + return data + + +def taint_sink(o): + os.system(o) + + +async def main(taint_src): + await async_concurrent_002_F(taint_src) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + asyncio.run(main(taint_src)) diff --git a/sast-python3/case/accuracy/flow_sensitive/asynchronous/async_generator_001_T.py b/sast-python3/case/accuracy/flow_sensitive/asynchronous/async_generator_001_T.py new file mode 100644 index 00000000..fcebb3b9 --- /dev/null +++ b/sast-python3/case/accuracy/flow_sensitive/asynchronous/async_generator_001_T.py @@ -0,0 +1,37 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->流敏感分析->异步执行 +# scene introduction = 异步执行->生成器 +# level = 4 +# bind_url = accuracy/flow_sensitive/asynchronous/async_generator_001_T +# evaluation information end +import os +import asyncio + + +async def async_generator_001_T(taint_src): + # 异步生成器函数 - 直接yield污染数据 + async def generate_data(): + yield taint_src # 直接yield污染数据 + return # 确保生成器结束,避免StopAsyncIteration + + # 获取异步生成器对象 + gen = generate_data() + + # 直接await获取第一个yield的值(最纯粹的异步生成器测试) + first_item = await gen.__anext__() + taint_sink(first_item) # 直接处理生成器yield的数据 + + +def taint_sink(o): + os.system(o) + + +async def main(taint_src): + await async_generator_001_T(taint_src) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + asyncio.run(main(taint_src)) diff --git a/sast-python3/case/accuracy/flow_sensitive/asynchronous/async_generator_002_F.py b/sast-python3/case/accuracy/flow_sensitive/asynchronous/async_generator_002_F.py new file mode 100644 index 00000000..e4d9a845 --- /dev/null +++ b/sast-python3/case/accuracy/flow_sensitive/asynchronous/async_generator_002_F.py @@ -0,0 +1,37 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->流敏感分析->异步执行 +# scene introduction = 异步执行->生成器 +# level = 4 +# bind_url = accuracy/flow_sensitive/asynchronous/async_generator_002_F +# evaluation information end +import os +import asyncio + + +async def async_generator_002_F(taint_src): + # 异步生成器函数 - 直接yield安全数据 + async def generate_data(): + yield "safe_data" # 直接yield安全数据 + return # 确保生成器结束,避免StopAsyncIteration + + # 获取异步生成器对象 + gen = generate_data() + + # 直接await获取第一个yield的值(最纯粹的异步生成器测试) + first_item = await gen.__anext__() + taint_sink(first_item) # 直接处理生成器yield的安全数据 + + +def taint_sink(o): + os.system(o) + + +async def main(taint_src): + await async_generator_002_F(taint_src) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + asyncio.run(main(taint_src)) diff --git a/sast-python3/case/accuracy/flow_sensitive/asynchronous/config.json b/sast-python3/case/accuracy/flow_sensitive/asynchronous/config.json index d6b49b53..9c6e3b81 100644 --- a/sast-python3/case/accuracy/flow_sensitive/asynchronous/config.json +++ b/sast-python3/case/accuracy/flow_sensitive/asynchronous/config.json @@ -13,6 +13,14 @@ { "compose": "asynchronous_chain_001_T.py && !asynchronous_chain_002_F.py", "scene": "异步函数链" + }, + { + "compose": "async_concurrent_001_T.py && !async_concurrent_002_F.py", + "scene": "异步执行->并发执行" + }, + { + "compose": "async_generator_001_T.py && !async_generator_002_F.py", + "scene": "异步执行->生成器" } ] } diff --git a/sast-python3/case/accuracy/flow_sensitive/loop_stmt/config.json b/sast-python3/case/accuracy/flow_sensitive/loop_stmt/config.json index 15b2e08b..432a2b11 100644 --- a/sast-python3/case/accuracy/flow_sensitive/loop_stmt/config.json +++ b/sast-python3/case/accuracy/flow_sensitive/loop_stmt/config.json @@ -13,6 +13,14 @@ { "compose": "for_zip_001_T.py && !for_zip_002_F.py", "scene": "for_zip" + }, + { + "compose": "nested_loop_for_in_001_T.py && !nested_loop_for_in_002_F.py", + "scene": " 循环语句->嵌套循环" + }, + { + "compose": "while_loop_001_T.py && !while_loop_002_F.py", + "scene": "循环语句->while循环" } ] } diff --git a/sast-python3/case/accuracy/flow_sensitive/loop_stmt/nested_loop_for_in_001_T.py b/sast-python3/case/accuracy/flow_sensitive/loop_stmt/nested_loop_for_in_001_T.py new file mode 100644 index 00000000..bb0663a5 --- /dev/null +++ b/sast-python3/case/accuracy/flow_sensitive/loop_stmt/nested_loop_for_in_001_T.py @@ -0,0 +1,25 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->流敏感分析->循环语句 +# scene introduction = 循环语句->嵌套循环 +# level = 2+ +# bind_url = accuracy/flow_sensitive/loop_stmt/nested_loop_for_in_001_T +# evaluation information end +import os + + +def nested_loop_for_in_001_T(taint_src): + # 嵌套循环中的污点传播 + for outer in [taint_src]: + for inner in ["safe"]: + taint_sink(outer) # 外层循环变量(污染数据) + + +def taint_sink(o): + os.system(o) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + nested_loop_for_in_001_T(taint_src) diff --git a/sast-python3/case/accuracy/flow_sensitive/loop_stmt/nested_loop_for_in_002_F.py b/sast-python3/case/accuracy/flow_sensitive/loop_stmt/nested_loop_for_in_002_F.py new file mode 100644 index 00000000..57891212 --- /dev/null +++ b/sast-python3/case/accuracy/flow_sensitive/loop_stmt/nested_loop_for_in_002_F.py @@ -0,0 +1,25 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->流敏感分析->循环语句 +# scene introduction = 循环语句->嵌套循环 +# level = 2+ +# bind_url = accuracy/flow_sensitive/loop_stmt/nested_loop_for_in_002_F +# evaluation information end +import os + + +def nested_loop_for_in_002_F(taint_src): + # 嵌套循环中的安全数据处理 + for outer in [taint_src]: + for inner in ["safe"]: + taint_sink(inner) # 内层循环变量(安全数据) + + +def taint_sink(o): + os.system(o) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + nested_loop_for_in_002_F(taint_src) diff --git a/sast-python3/case/accuracy/flow_sensitive/loop_stmt/while_loop_001_T.py b/sast-python3/case/accuracy/flow_sensitive/loop_stmt/while_loop_001_T.py new file mode 100644 index 00000000..c0819c36 --- /dev/null +++ b/sast-python3/case/accuracy/flow_sensitive/loop_stmt/while_loop_001_T.py @@ -0,0 +1,26 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->流敏感分析->循环语句 +# scene introduction = 循环语句->while循环 +# level = 2+ +# bind_url = accuracy/flow_sensitive/loop_stmt/while_loop_001_T +# evaluation information end +import os + + +def while_loop_001_T(taint_src): + # while循环中的污点传播 + i = 0 + while i < 1: + taint_sink(taint_src) # 循环体内的污点 + i += 1 + + +def taint_sink(o): + os.system(o) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + while_loop_001_T(taint_src) diff --git a/sast-python3/case/accuracy/flow_sensitive/loop_stmt/while_loop_002_F.py b/sast-python3/case/accuracy/flow_sensitive/loop_stmt/while_loop_002_F.py new file mode 100644 index 00000000..7c8fc682 --- /dev/null +++ b/sast-python3/case/accuracy/flow_sensitive/loop_stmt/while_loop_002_F.py @@ -0,0 +1,26 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->流敏感分析->循环语句 +# scene introduction = 循环语句->while循环 +# level = 2+ +# bind_url = accuracy/flow_sensitive/loop_stmt/while_loop_002_F +# evaluation information end +import os + + +def while_loop_002_F(taint_src): + # while循环中的安全数据处理 + i = 0 + while i < 1: + taint_sink("safe_data") # 循环体内的安全数据 + i += 1 + + +def taint_sink(o): + os.system(o) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + while_loop_002_F(taint_src) diff --git a/sast-python3/case/accuracy/object_sensitive/class/config.json b/sast-python3/case/accuracy/object_sensitive/class/config.json index ea509a89..edce7d08 100644 --- a/sast-python3/case/accuracy/object_sensitive/class/config.json +++ b/sast-python3/case/accuracy/object_sensitive/class/config.json @@ -13,10 +13,14 @@ { "compose": "constructor_object_sensitive_003_T.py && !constructor_object_sensitive_004_F.py", "scene": "接口/类->继承对象" + }, + { + "compose": "dynamic_attribute_object_sensitive_001_T.py && !dynamic_attribute_object_sensitive_002_F.py", + "scene": "接口/类->动态属性对象" } ] } ] } ] -} \ No newline at end of file +} diff --git a/sast-python3/case/accuracy/object_sensitive/class/constructor_object_sensitive_005_T.py b/sast-python3/case/accuracy/object_sensitive/class/constructor_object_sensitive_005_T.py new file mode 100644 index 00000000..302991cd --- /dev/null +++ b/sast-python3/case/accuracy/object_sensitive/class/constructor_object_sensitive_005_T.py @@ -0,0 +1,28 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象 +# scene introduction = 接口/类->类定义位置 +# level = 2 +# bind_url = accuracy/object_sensitive/class/constructor_object_sensitive_005_T +# evaluation information end +import os + +class A: + def __init__(self): + self.data = taint_src + +def constructor_object_sensitive_005_T(taint_src): + + obj = A() + taint_sink(obj.data) + + +def taint_sink(o): + os.system(o) + + +if __name__ == '__main__': + taint_src = "taint_src_value" + constructor_object_sensitive_005_T(taint_src) + diff --git a/sast-python3/case/accuracy/object_sensitive/class/constructor_object_sensitive_006_F.py b/sast-python3/case/accuracy/object_sensitive/class/constructor_object_sensitive_006_F.py new file mode 100644 index 00000000..3a005198 --- /dev/null +++ b/sast-python3/case/accuracy/object_sensitive/class/constructor_object_sensitive_006_F.py @@ -0,0 +1,28 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象 +# scene introduction = 接口/类->类定义位置 +# level = 2 +# bind_url = accuracy/object_sensitive/class/constructor_object_sensitive_006_F +# evaluation information end +import os + +class A: + def __init__(self): + self.data = '_' + +def constructor_object_sensitive_006_F(taint_src): + + obj = A() + taint_sink(obj.data) + + +def taint_sink(o): + os.system(o) + + +if __name__ == '__main__': + taint_src = "taint_src_value" + constructor_object_sensitive_006_F(taint_src) + diff --git a/sast-python3/case/accuracy/object_sensitive/class/dynamic_attribute_object_sensitive_001_T.py b/sast-python3/case/accuracy/object_sensitive/class/dynamic_attribute_object_sensitive_001_T.py new file mode 100644 index 00000000..9b2aa320 --- /dev/null +++ b/sast-python3/case/accuracy/object_sensitive/class/dynamic_attribute_object_sensitive_001_T.py @@ -0,0 +1,34 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象 +# scene introduction = 接口/类->动态属性对象 +# level = 2 +# bind_url = accuracy/object_sensitive/class/dynamic_attribute_object_sensitive_001_T +# evaluation information end +# 区分"动态属性对象",动态属性赋值 +import os + + +def dynamic_attribute_object_sensitive_001_T(taint_src): + class DynamicObject: + def __init__(self, name): + self.name = name # 只初始化基础属性 + + # 创建对象并动态添加污染属性 + obj = DynamicObject("test_obj") + obj.dynamic_data = taint_src # 动态添加污染属性 + + # 直接传递对象给sink + taint_sink(obj) + + +def taint_sink(o): + # 在sink函数内部访问动态属性 + os.system(o.dynamic_data) + + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + dynamic_attribute_object_sensitive_001_T(taint_src) diff --git a/sast-python3/case/accuracy/object_sensitive/class/dynamic_attribute_object_sensitive_002_F.py b/sast-python3/case/accuracy/object_sensitive/class/dynamic_attribute_object_sensitive_002_F.py new file mode 100644 index 00000000..c0e4c148 --- /dev/null +++ b/sast-python3/case/accuracy/object_sensitive/class/dynamic_attribute_object_sensitive_002_F.py @@ -0,0 +1,34 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象 +# scene introduction = 接口/类->动态属性对象 +# level = 2 +# bind_url = accuracy/object_sensitive/class/dynamic_attribute_object_sensitive_002_F +# evaluation information end +# 区分"动态属性对象",动态属性赋值 +import os + + +def dynamic_attribute_object_sensitive_002_F(taint_src): + class DynamicObject: + def __init__(self, name): + self.name = name # 只初始化基础属性 + + # 创建对象并动态添加安全属性 + obj = DynamicObject("test_obj") + obj.dynamic_data = "_" # 动态添加安全属性 + + # 直接传递对象给sink + taint_sink(obj) + + +def taint_sink(o): + # 在sink函数内部访问动态属性 + os.system(o.dynamic_data) + + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + dynamic_attribute_object_sensitive_002_F(taint_src) diff --git a/sast-python3/case/accuracy/path_sensitive/exception_throw/config.json b/sast-python3/case/accuracy/path_sensitive/exception_throw/config.json index 56cb8880..6e594420 100644 --- a/sast-python3/case/accuracy/path_sensitive/exception_throw/config.json +++ b/sast-python3/case/accuracy/path_sensitive/exception_throw/config.json @@ -9,6 +9,22 @@ { "compose": "exception_throw_001_T.py && !exception_throw_002_F.py && exception_throw_003_T.py", "scene": "1" + }, + { + "compose": "exception_finally_throw_001_T.py && !exception_finally_throw_002_F.py", + "scene": "异常抛出-finally块执行" + }, + { + "compose": "exception_multiple_except_001_T.py && !exception_multiple_except_002_F.py", + "scene": "异常抛出-多个except分支" + }, + { + "compose": "exception_else_001_T.py && !exception_else_002_F.py", + "scene": "异常抛出-else块执行" + }, + { + "compose": "exception_args_001_T.py && !exception_args_002_F.py", + "scene": "异常抛出-多参数异常对象" } ] } diff --git a/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_args_001_T.py b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_args_001_T.py new file mode 100644 index 00000000..62eeb4d3 --- /dev/null +++ b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_args_001_T.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->路径敏感分析->异常抛出和捕获 +# scene introduction = 异常抛出-多参数异常对象 +# level = 3 +# bind_url = accuracy/path_sensitive/exception_throw/exception_args_001_T +# evaluation information end +import os + +def exception_args_001_T(taint_src): + try: + # 创建多参数异常,第二个参数是污点 + raise Exception("Error message", taint_src, "_") + except Exception as e: + # 获取异常的所有参数 + args = e.args + # args[1] 是污点数据 + taint_sink(args[1]) # 应该检出 - 异常参数中的污点数据 + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + exception_args_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_args_002_F.py b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_args_002_F.py new file mode 100644 index 00000000..dd538e00 --- /dev/null +++ b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_args_002_F.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->路径敏感分析->异常抛出和捕获 +# scene introduction = 异常抛出-多参数异常对象 +# level = 3 +# bind_url = accuracy/path_sensitive/exception_throw/exception_args_002_F +# evaluation information end +import os + +def exception_args_002_F(taint_src): + try: + # 创建多参数异常,但污点数据不在被访问的位置 + raise Exception("Error message", "_", taint_src) + except Exception as e: + # 获取异常的所有参数 + args = e.args + # args[1] 是安全数据,args[2] 是污点但不被访问 + taint_sink(args[1]) # 不应检出 - 访问的是安全参数 + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + exception_args_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_else_001_T.py b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_else_001_T.py new file mode 100644 index 00000000..de50da55 --- /dev/null +++ b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_else_001_T.py @@ -0,0 +1,28 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->路径敏感分析->异常抛出和捕获 +# scene introduction = 异常抛出-else块执行 +# level = 3 +# bind_url = accuracy/path_sensitive/exception_throw/exception_else_001_T +# evaluation information end +import os + +def exception_else_001_T(taint_src): + try: + # 正常执行,不抛出异常 + normal_data = "_" + except Exception as e: + # 不会执行到except块 + pass + else: + # 无异常时执行else块 + taint_sink(taint_src) # 应该检出 - else块中的污点传递 + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + exception_else_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_else_002_F.py b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_else_002_F.py new file mode 100644 index 00000000..a3b4edea --- /dev/null +++ b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_else_002_F.py @@ -0,0 +1,29 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->路径敏感分析->异常抛出和捕获 +# scene introduction = 异常抛出-else块执行 +# level = 3 +# bind_url = accuracy/path_sensitive/exception_throw/exception_else_002_F +# evaluation information end +import os + +def exception_else_002_F(taint_src): + try: + # 正常执行,不抛出异常 + normal_data = "_" + except Exception as e: + # 不会执行到except块 + pass + else: + # 无异常时执行else块,但传递安全数据 + safe_data = "_" + taint_sink(safe_data) # 不应检出 - else块中传递安全数据 + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + exception_else_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_finally_throw_001_T.py b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_finally_throw_001_T.py new file mode 100644 index 00000000..56a28008 --- /dev/null +++ b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_finally_throw_001_T.py @@ -0,0 +1,28 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->路径敏感分析->异常抛出和捕获 +# scene introduction = 异常抛出-finally块执行 +# level = 3 +# bind_url = accuracy/path_sensitive/exception_throw/exception_finally_throw_001_T +# evaluation information end +import os + +def exception_finally_throw_001_T(taint_src): + try: + # try块正常执行,无异常抛出 + pass + except Exception as e: + # 不会执行到except块 + pass + finally: + # finally块总会执行,处理污点数据 + taint_sink(taint_src) # 应该检出 - finally块中的污点传递 + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + exception_finally_throw_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_finally_throw_002_F.py b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_finally_throw_002_F.py new file mode 100644 index 00000000..00913fc7 --- /dev/null +++ b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_finally_throw_002_F.py @@ -0,0 +1,29 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->路径敏感分析->异常抛出和捕获 +# scene introduction = 异常抛出-finally块执行 +# level = 3 +# bind_url = accuracy/path_sensitive/exception_throw/exception_finally_throw_002_F +# evaluation information end +import os + +def exception_finally_throw_002_F(taint_src): + try: + # try块正常执行,无异常抛出 + pass + except Exception as e: + # 不会执行到except块 + pass + finally: + # finally块总会执行,但传递安全数据 + safe_data = "_" + taint_sink(safe_data) # 不应检出 - finally块中传递安全数据 + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + exception_finally_throw_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_multiple_except_001_T.py b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_multiple_except_001_T.py new file mode 100644 index 00000000..d29158bb --- /dev/null +++ b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_multiple_except_001_T.py @@ -0,0 +1,31 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->路径敏感分析->异常抛出和捕获 +# scene introduction = 异常抛出-多个except分支 +# level = 3 +# bind_url = accuracy/path_sensitive/exception_throw/exception_multiple_except_001_T +# evaluation information end +import os + +def exception_multiple_except_001_T(taint_src): + try: + # 抛出ValueError异常 + raise ValueError(taint_src) + except ValueError as e: + # 匹配到ValueError,执行这个分支 + taint_sink(taint_src) # 应该检出 - 同一分支传递污点数据 + except TypeError as e: + # 不会执行到这个分支 + pass + except Exception as e: + # 不会执行到这个分支(ValueError已匹配) + pass + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + exception_multiple_except_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_multiple_except_002_F.py b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_multiple_except_002_F.py new file mode 100644 index 00000000..9435f323 --- /dev/null +++ b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_multiple_except_002_F.py @@ -0,0 +1,32 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->路径敏感分析->异常抛出和捕获 +# scene introduction = 异常抛出-多个except分支 +# level = 3 +# bind_url = accuracy/path_sensitive/exception_throw/exception_multiple_except_002_F +# evaluation information end +import os + +def exception_multiple_except_002_F(taint_src): + try: + # 抛出ValueError异常 + raise ValueError(taint_src) + except ValueError as e: + # 匹配到ValueError,执行这个分支(与正例相同路径) + safe_data = "_" + taint_sink(safe_data) # 不应检出 - 同一分支传递安全数据 + except TypeError as e: + # 不会执行到这个分支 + pass + except Exception as e: + # 不会执行到这个分支(ValueError已匹配) + pass + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + exception_multiple_except_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/break_004_F.py b/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/break_004_F.py index b0120aa3..36951e45 100644 --- a/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/break_004_F.py +++ b/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/break_004_F.py @@ -4,7 +4,7 @@ # evaluation item = 准确度->路径敏感分析->跳转语句 # scene introduction = break-嵌套循环 # level = 4+ -# bind_url = accuracy/path_sensitive/explicit_jump_control/break_003_F +# bind_url = accuracy/path_sensitive/explicit_jump_control/break_004_F # evaluation information end import os diff --git a/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/config.json b/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/config.json index 18fd4082..1bf785ad 100644 --- a/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/config.json +++ b/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/config.json @@ -18,6 +18,10 @@ "compose": "continue_001_T.py && !continue_002_F.py", "scene": "continue" }, + { + "compose": "continue_nested_001_T.py && !continue_nested_002_F.py", + "scene": "continue-嵌套循环" + }, { "compose": "return_001_T.py && !return_002_F.py", "scene": "return" diff --git a/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/continue_nested_001_T.py b/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/continue_nested_001_T.py new file mode 100644 index 00000000..5a2a0ef3 --- /dev/null +++ b/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/continue_nested_001_T.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->路径敏感分析->跳转语句 +# scene introduction = continue-嵌套循环 +# level = 4+ +# bind_url = accuracy/path_sensitive/explicit_jump_control/continue_nested_001_T +# evaluation information end +import os + +def continue_nested_001_T(taint_src): + res = "" + for i in range(3): + for j in range(3): + if i == 1 and j == 0: + res = taint_src + continue # 跳过内层循环本次迭代,但内层循环继续 + # continue跳过后,i=1, j>0时执行这里 + taint_sink(res) # 应该检出 - i=1, j>0时res有污点 + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + continue_nested_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/continue_nested_002_F.py b/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/continue_nested_002_F.py new file mode 100644 index 00000000..5f99d2e9 --- /dev/null +++ b/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/continue_nested_002_F.py @@ -0,0 +1,28 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->路径敏感分析->跳转语句 +# scene introduction = continue-嵌套循环 +# level = 4+ +# bind_url = accuracy/path_sensitive/explicit_jump_control/continue_nested_002_F +# evaluation information end +import os + +def continue_nested_002_F(taint_src): + res = "" + for i in range(3): + for j in range(3): + if i == 1 and j == 0: + res = taint_src # 设置污点数据 + continue # 跳过内层循环本次迭代 + # continue跳过后执行这里,但传递安全数据 + safe_data = "safe_value" + taint_sink(safe_data) # 不应检出 - 传递安全数据 + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + continue_nested_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/other/ellipsis/ellipsis_002_F.py b/sast-python3/case/completeness/other/ellipsis/ellipsis_002_F.py index 44b50a8b..c7348e42 100644 --- a/sast-python3/case/completeness/other/ellipsis/ellipsis_002_F.py +++ b/sast-python3/case/completeness/other/ellipsis/ellipsis_002_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->其他->ellipsis # scene introduction = 占位符 # level = 2+ diff --git a/sast-python3/case/completeness/other/ellipsis/ellipsis_004_F.py b/sast-python3/case/completeness/other/ellipsis/ellipsis_004_F.py index f8266341..806b1236 100644 --- a/sast-python3/case/completeness/other/ellipsis/ellipsis_004_F.py +++ b/sast-python3/case/completeness/other/ellipsis/ellipsis_004_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->其他->ellipsis # scene introduction = 切片占位 # level = 2+ diff --git a/sast-python3/case/completeness/single_app_tracing/alias/alias_001_T.py b/sast-python3/case/completeness/single_app_tracing/alias/alias_001_T.py index 980808e2..722bc6c7 100644 --- a/sast-python3/case/completeness/single_app_tracing/alias/alias_001_T.py +++ b/sast-python3/case/completeness/single_app_tracing/alias/alias_001_T.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = false +# real case = true # evaluation item = 完整度->单应用跟踪完整度->别名 # scene introduction = 别名问题 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/alias/alias_006_F.py b/sast-python3/case/completeness/single_app_tracing/alias/alias_006_F.py index 5c303f7f..d5dd07e8 100644 --- a/sast-python3/case/completeness/single_app_tracing/alias/alias_006_F.py +++ b/sast-python3/case/completeness/single_app_tracing/alias/alias_006_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->别名 # scene introduction = 列表元素别名 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/class/complex_object/config.json b/sast-python3/case/completeness/single_app_tracing/class/complex_object/config.json index 9a023627..e840f3cd 100644 --- a/sast-python3/case/completeness/single_app_tracing/class/complex_object/config.json +++ b/sast-python3/case/completeness/single_app_tracing/class/complex_object/config.json @@ -34,6 +34,18 @@ { "compose": "inject_data_new_005_T.py && !inject_data_new_006_F.py", "scene": "运行时动态创建实例" + }, + { + "compose": "multi_level_inheritance_001_T.py && !multi_level_inheritance_002_F.py", + "scene": "多级继承" + }, + { + "compose": "multiple_inheritance_001_T.py && !multiple_inheritance_002_F.py", + "scene": "多重继承" + }, + { + "compose": "no_init_child_class_001_T.py && !no_init_child_class_002_F.py", + "scene": "父类init函数自动调用" } ] } diff --git a/sast-python3/case/completeness/single_app_tracing/class/complex_object/multi_level_inheritance_001_T.py b/sast-python3/case/completeness/single_app_tracing/class/complex_object/multi_level_inheritance_001_T.py new file mode 100644 index 00000000..3b2019c9 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/class/complex_object/multi_level_inheritance_001_T.py @@ -0,0 +1,39 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +# scene introduction = 多级继承 +# level = 2+ +# bind_url = completeness/single_app_tracing/class/complex_object/multi_level_inheritance_001_T +# evaluation information end + +import os + +def multi_level_inheritance_001_T(taint_src): + class C: + def __init__(self, data): + self.data_c = data # 最底层存储数据 + + class B(C): + def __init__(self, data): + super().__init__(data) # 调用C的构造函数 + self.data_b = "_B" # 添加B自己的数据 + + class A(B): + def __init__(self, data): + super().__init__(data) # 调用B的构造函数 → 调用C的构造函数 + self.data_a = "_A" # 添加A自己的数据 + + def get_combined_data(self): + return self.data_c + self.data_b + self.data_a + + obj = A(taint_src) # 污染数据进入继承链 + taint_sink(obj.get_combined_data()) + + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + multi_level_inheritance_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/class/complex_object/multi_level_inheritance_002_F.py b/sast-python3/case/completeness/single_app_tracing/class/complex_object/multi_level_inheritance_002_F.py new file mode 100644 index 00000000..959c4bf8 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/class/complex_object/multi_level_inheritance_002_F.py @@ -0,0 +1,39 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +# scene introduction = 多级继承 +# level = 2+ +# bind_url = completeness/single_app_tracing/class/complex_object/multi_level_inheritance_002_F +# evaluation information end + +import os + +def multi_level_inheritance_002_F(taint_src): + class C: + def __init__(self, data): + self.data_c = data # 最底层存储数据 + + class B(C): + def __init__(self, data): + super().__init__(data) # 调用C的构造函数 + self.data_b = "_B" # 添加B自己的数据 + + class A(B): + def __init__(self, data): + super().__init__(data) # 调用B的构造函数 → 调用C的构造函数 + self.data_a = "_A" # 添加A自己的数据 + + def get_combined_data(self): + return self.data_c + self.data_b + self.data_a + + obj = A("_") + taint_sink(obj.get_combined_data()) + + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + multi_level_inheritance_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/class/complex_object/multiple_inheritance_001_T.py b/sast-python3/case/completeness/single_app_tracing/class/complex_object/multiple_inheritance_001_T.py new file mode 100644 index 00000000..d148b44b --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/class/complex_object/multiple_inheritance_001_T.py @@ -0,0 +1,38 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +# scene introduction = 多重继承 +# level = 2+ +# bind_url = completeness/single_app_tracing/class/complex_object/multiple_inheritance_001_T +# evaluation information end + +import os + +def multiple_inheritance_001_T(taint_src): + class A: + def __init__(self, data): + self.data_a = data + + class B: + def __init__(self, data): + self.data_b = data + + class C(A, B): + def __init__(self, data): + A.__init__(self, data) + B.__init__(self, data) + + def get_result(self): + return self.data_a + self.data_b + + obj = C(taint_src) + taint_sink(obj.get_result()) + + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + multiple_inheritance_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/class/complex_object/multiple_inheritance_002_F.py b/sast-python3/case/completeness/single_app_tracing/class/complex_object/multiple_inheritance_002_F.py new file mode 100644 index 00000000..f89688d8 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/class/complex_object/multiple_inheritance_002_F.py @@ -0,0 +1,38 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +# scene introduction = 多重继承 +# level = 2+ +# bind_url = completeness/single_app_tracing/class/complex_object/multiple_inheritance_002_F +# evaluation information end + +import os + +def multiple_inheritance_002_F(taint_src): + class A: + def __init__(self, data): + self.data_a = data + + class B: + def __init__(self, data): + self.data_b = data + + class C(A, B): + def __init__(self, data): + A.__init__(self, data) + B.__init__(self, data) + + def get_result(self): + return self.data_a + self.data_b + + obj = C("_") + taint_sink(obj.get_result()) + + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + multiple_inheritance_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/class/complex_object/no_init_child_class_001_T.py b/sast-python3/case/completeness/single_app_tracing/class/complex_object/no_init_child_class_001_T.py new file mode 100644 index 00000000..08c5a190 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/class/complex_object/no_init_child_class_001_T.py @@ -0,0 +1,35 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +# scene introduction = 父类init函数自动调用 +# level = 2+ +# bind_url = completeness/single_app_tracing/class/complex_object/no_init_child_class_001_T +# evaluation information end + +import os + +def no_init_child_class_001_T(taint_src): + class Parent: + def __init__(self, data): + # 父类构造函数直接接收外部数据 + self.data = data + + class Child(Parent): + # 子类没有定义__init__方法,会自动调用父类的__init__ + def process_data(self): + # 子类方法处理从父类继承的污染数据 + return self.data + + # 创建子类实例时,自动调用Parent.__init__(taint_src) + obj = Child(taint_src) + + # 通过子类方法访问继承的污染属性 + taint_sink(obj.process_data()) + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + no_init_child_class_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/class/complex_object/no_init_child_class_002_F.py b/sast-python3/case/completeness/single_app_tracing/class/complex_object/no_init_child_class_002_F.py new file mode 100644 index 00000000..8e044ce5 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/class/complex_object/no_init_child_class_002_F.py @@ -0,0 +1,35 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +# scene introduction = 父类init函数自动调用 +# level = 2+ +# bind_url = completeness/single_app_tracing/class/complex_object/no_init_child_class_002_F +# evaluation information end + +import os + +def no_init_child_class_002_F(taint_src): + class Parent: + def __init__(self, data): + # 父类构造函数直接接收外部数据 + self.data = data + + class Child(Parent): + # 子类没有定义__init__方法,会自动调用父类的__init__ + def process_data(self): + # 子类方法处理从父类继承的污染数据 + return self.data + + # 创建子类实例时,自动调用Parent.__init__(taint_src) + obj = Child("_") + + # 通过子类方法访问继承的污染属性 + taint_sink(obj.process_data()) + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + no_init_child_class_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/control_flow/assert/assert_002_F.py b/sast-python3/case/completeness/single_app_tracing/control_flow/assert/assert_002_F.py index cbc5312e..49f0d25f 100644 --- a/sast-python3/case/completeness/single_app_tracing/control_flow/assert/assert_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/control_flow/assert/assert_002_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->流程控制语句->断言 # scene introduction = 验证输入值 # level = 2+ diff --git a/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_matchStar_004_F.py b/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_matchStar_004_F.py index 54a2ead6..6280e33f 100644 --- a/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_matchStar_004_F.py +++ b/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_matchStar_004_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->流程控制语句->条件语句 # scene introduction = 星号匹配->字典嵌套 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_004_F.py b/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_004_F.py index d5abbb6c..9a3dfc4a 100644 --- a/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_004_F.py +++ b/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_004_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->流程控制语句->条件语句 # scene introduction = match_or # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/control_flow/loop_stmt/while_else_002_F.py b/sast-python3/case/completeness/single_app_tracing/control_flow/loop_stmt/while_else_002_F.py index 22e68435..1c9c7447 100644 --- a/sast-python3/case/completeness/single_app_tracing/control_flow/loop_stmt/while_else_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/control_flow/loop_stmt/while_else_002_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->流程控制语句->循环结构 # scene introduction = while_else # level = 4 diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/config.json b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/config.json index 0a31dc30..91732d2b 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/config.json +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/config.json @@ -25,6 +25,10 @@ { "compose": "(cross_file_009_T/cross_file_009_T_a.py || cross_file_009_T/cross_file_009_T_b.py) && !(cross_file_010_F/cross_file_010_F_a.py || cross_file_010_F/cross_file_010_F_b.py)", "scene": "同级目录相对导入" + }, + { + "compose": "(dynamic_import_001_T/dynamic_import_001_T_a.py || dynamic_import_001_T/dynamic_import_001_T_b.py) && !(dynamic_import_002_F/dynamic_import_002_F_a.py || dynamic_import_002_F/dynamic_import_002_F_b.py)", + "scene": "动态导入" } ] } diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_001_T/dynamic_import_001_T_a.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_001_T/dynamic_import_001_T_a.py new file mode 100644 index 00000000..294c933c --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_001_T/dynamic_import_001_T_a.py @@ -0,0 +1,11 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨文件 +# scene introduction = 动态导入-函数调用 +# level = 2 +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_001_T/dynamic_import_001_T_a +# evaluation information end + +def get_taint_data(taint_src): + return f"dynamic_{taint_src}" \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_001_T/dynamic_import_001_T_b.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_001_T/dynamic_import_001_T_b.py new file mode 100644 index 00000000..b66e850a --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_001_T/dynamic_import_001_T_b.py @@ -0,0 +1,29 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨文件 +# scene introduction = 动态导入-函数调用 +# level = 2 +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_001_T/dynamic_import_001_T_b +# evaluation information end + +import os + +def dynamic_import_001_T_b(taint_src): + # 动态导入模块 + module_name = "dynamic_import_001_T_a" + imported_module = __import__(module_name) + + # 调用动态导入模块中的函数 + result = imported_module.get_taint_data(taint_src) + + # 验证动态导入后的数据传递 + taint_sink(result) + +def taint_sink(o): + os.system(str(o)) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + dynamic_import_001_T_b(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_002_F/dynamic_import_002_F_a.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_002_F/dynamic_import_002_F_a.py new file mode 100644 index 00000000..d4126f82 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_002_F/dynamic_import_002_F_a.py @@ -0,0 +1,11 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨文件 +# scene introduction = 动态导入-安全数据调用 +# level = 2 +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_002_F/dynamic_import_002_F_a +# evaluation information end + +def get_safe_data(taint_src): + return "safe_data" # 返回安全数据,不是污点数据 \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_002_F/dynamic_import_002_F_b.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_002_F/dynamic_import_002_F_b.py new file mode 100644 index 00000000..5b68b94c --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_002_F/dynamic_import_002_F_b.py @@ -0,0 +1,29 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨文件 +# scene introduction = 动态导入-安全数据调用 +# level = 2 +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_002_F/dynamic_import_002_F_b +# evaluation information end + +import os + +def dynamic_import_002_F_b(taint_src): + # 动态导入模块(与正例相同的路径) + module_name = "dynamic_import_002_F_a" + imported_module = __import__(module_name) + + # 调用动态导入模块中的函数,但获取安全数据 + result = imported_module.get_safe_data(taint_src) + + # 验证动态导入后的安全数据传递 + taint_sink(result) # 不应检出 - 传递的是安全数据 + +def taint_sink(o): + os.system(str(o)) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + dynamic_import_002_F_b(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/array/array_extend_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/array/array_extend_001_T.py new file mode 100644 index 00000000..1d724c2f --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/array/array_extend_001_T.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->数组 +# scene introduction = extend操作 +# level = 2+ +# bind_url = completeness/single_app_tracing/datatype/array/array_extend_001_T +# evaluation information end + +import os +import array + +def array_extend_001_T(taint_src): + # 创建初始数组 + arr = array.array('u', ['a', 'b']) + + tainted_arr = array.array('u', [taint_src[0]]) + + # 执行extend操作 + arr.extend(tainted_arr) + + # 传递给sink + taint_sink(arr) + +def taint_sink(o): + os.system(''.join(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + array_extend_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/array/array_extend_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/array/array_extend_002_F.py new file mode 100644 index 00000000..db1f941e --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/array/array_extend_002_F.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->数组 +# scene introduction = extend操作 +# level = 2+ +# bind_url = completeness/single_app_tracing/datatype/array/array_extend_002_F +# evaluation information end + +import os +import array + +def array_extend_002_F(taint_src): + # 创建初始数组 + arr = array.array('u', ['a', 'b']) + + clean_arr = array.array('u', ['x']) + + # 执行extend操作 + arr.extend(clean_arr) + + # 传递给sink + taint_sink(arr) + +def taint_sink(o): + os.system(''.join(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + array_extend_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/array/config.json b/sast-python3/case/completeness/single_app_tracing/datatype/array/config.json index b0980d40..de7db0ac 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/array/config.json +++ b/sast-python3/case/completeness/single_app_tracing/datatype/array/config.json @@ -23,6 +23,10 @@ "compose": "array_003_T.py && !array_004_F.py", "scene": "append操作" }, + { + "compose": "array_extend_001_T.py && !array_extend_002_F.py", + "scene": "extend操作" + }, { "compose": "extslice_001_T.py && !extslice_002_F.py", "scene": "多维切片" diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_extend_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_extend_001_T.py new file mode 100644 index 00000000..1723eeaf --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_extend_001_T.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->可变字节序列 +# scene introduction = bytearray扩展操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/bytearray/bytearray_extend_001_T +# evaluation information end + +import os + +def bytearray_extend_001_T(taint_src): + # 创建初始的干净bytearray + ba = bytearray("clean_data", 'utf-8') + + # 创建包含污点数据的bytes + tainted_bytes = bytearray(taint_src, 'utf-8') + + # 使用extend操作扩展污点数据 + ba.extend(tainted_bytes) + + # 将扩展后的bytearray传递给sink,期望引擎识别出污点数据 + taint_sink(ba) + +def taint_sink(o): + os.system(bytes(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + bytearray_extend_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_extend_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_extend_002_F.py new file mode 100644 index 00000000..0795b803 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_extend_002_F.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->可变字节序列 +# scene introduction = bytearray扩展操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/bytearray/bytearray_extend_002_F +# evaluation information end + +import os + +def bytearray_extend_002_F(taint_src): + # 创建初始的干净bytearray + ba = bytearray("clean_data", 'utf-8') + + # 创建干净的bytes数据 + clean_bytes = bytearray("more_clean_data", 'utf-8') + + # 使用extend操作扩展干净数据 + ba.extend(clean_bytes) + + # 将扩展后的bytearray传递给sink,期望引擎不识别为污点数据 + taint_sink(ba) + +def taint_sink(o): + os.system(bytes(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + bytearray_extend_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_slice_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_slice_001_T.py new file mode 100644 index 00000000..97e22b2d --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_slice_001_T.py @@ -0,0 +1,28 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->可变字节序列 +# scene introduction = bytearray切片操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/bytearray/bytearray_slice_001_T +# evaluation information end + +import os + +def bytearray_slice_001_T(taint_src): + # 创建包含污点数据的bytearray + clean_part = "clean_data_" + ba = bytearray(clean_part + taint_src, 'utf-8') + + # 通过切片操作提取包含污点数据的部分 + tainted_slice = ba[len(clean_part):len(clean_part) + len(taint_src)] + + # 将切片结果传递给sink,期望引擎识别出污点数据 + taint_sink(tainted_slice) + +def taint_sink(o): + os.system(bytes(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + bytearray_slice_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_slice_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_slice_002_F.py new file mode 100644 index 00000000..d1da54b8 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_slice_002_F.py @@ -0,0 +1,28 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->可变字节序列 +# scene introduction = bytearray切片操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/bytearray/bytearray_slice_002_F +# evaluation information end + +import os + +def bytearray_slice_002_F(taint_src): + # 创建只包含干净数据的bytearray + clean_data = "clean_data_only" + ba = bytearray(clean_data, 'utf-8') + + # 通过切片操作提取部分数据 + clean_slice = ba[0:5] # 提取"clean" + + # 将切片结果传递给sink,期望引擎不识别为污点数据 + taint_sink(clean_slice) + +def taint_sink(o): + os.system(bytes(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + bytearray_slice_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/config.json b/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/config.json index 8ef1d3f0..55de22a5 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/config.json +++ b/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/config.json @@ -9,6 +9,14 @@ { "compose": "bytearray_001_T.py && !bytearray_002_F.py", "scene": "构造函数形式" + }, + { + "compose": "bytearray_slice_001_T.py && !bytearray_slice_002_F.py", + "scene": "切片操作" + }, + { + "compose": "bytearray_extend_001_T.py && !bytearray_extend_002_F.py", + "scene": "扩展操作" } ] } diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/collections/config.json b/sast-python3/case/completeness/single_app_tracing/datatype/collections/config.json index 10037be8..19166444 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/collections/config.json +++ b/sast-python3/case/completeness/single_app_tracing/datatype/collections/config.json @@ -26,6 +26,10 @@ { "compose": "set_007_T.py && !set_008_F.py", "scene": "差集操作" + }, + { + "compose": "set_remove_001_T.py && !set_remove_002_F.py", + "scene": "set元素删除操作" } ] } diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/collections/set_006_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/collections/set_006_F.py index c370ab3c..2e2f4df6 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/collections/set_006_F.py +++ b/sast-python3/case/completeness/single_app_tracing/datatype/collections/set_006_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->集合 # scene introduction = 交集-并集 # level = 2+ diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/collections/set_remove_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/collections/set_remove_001_T.py new file mode 100644 index 00000000..ae6ef758 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/collections/set_remove_001_T.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->集合 +# scene introduction = set元素删除操作 +# level = 2+ +# bind_url = completeness/single_app_tracing/datatype/collections/set_remove_001_T +# evaluation information end + +import os + +def set_remove_001_T(taint_src): + # 创建包含污点数据的set + s = {taint_src, 'clean1', 'clean2'} + + # 从set中删除污点元素 + s.remove('clean1') + + # 将删除后的set传递给sink + taint_sink(s) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + set_remove_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/collections/set_remove_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/collections/set_remove_002_F.py new file mode 100644 index 00000000..5526a7c3 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/collections/set_remove_002_F.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->集合 +# scene introduction = set元素删除操作 +# level = 2+ +# bind_url = completeness/single_app_tracing/datatype/collections/set_remove_002_F +# evaluation information end + +import os + +def set_remove_002_F(taint_src): + # 创建只包含干净数据的set + s = {taint_src, 'clean2', 'clean3'} + + # 从set中删除干净元素 + s.remove(taint_src) + + # 将删除后的set传递给sink + taint_sink(s) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + set_remove_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/config.json b/sast-python3/case/completeness/single_app_tracing/datatype/list/config.json index 9595fa87..1607d8cd 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/list/config.json +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/config.json @@ -18,6 +18,26 @@ "compose": "list_005_T.py && !list_006_F.py", "scene": "append操作" }, + { + "compose": "list_extend_001_T.py && !list_extend_002_F.py", + "scene": "extend操作" + }, + { + "compose": "list_insert_001_T.py && !list_insert_002_F.py", + "scene": "insert操作" + }, + { + "compose": "list_remove_001_T.py && !list_remove_002_F.py", + "scene": "remove操作" + }, + { + "compose": "list_pop_001_T.py && !list_pop_002_F.py", + "scene": "pop操作" + }, + { + "compose": "list_concat_001_T.py && !list_concat_002_F.py", + "scene": "连接操作" + }, { "compose": "list_007_T.py && !list_008_F.py", "scene": "泛型容器类型" diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_concat_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_concat_001_T.py new file mode 100644 index 00000000..cd4ae1d8 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_concat_001_T.py @@ -0,0 +1,31 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->列表 +# scene introduction = 连接操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/list/list_concat_001_T +# evaluation information end + +import os + +def list_concat_001_T(taint_src): + + # 创建包含污点数据的列表 + lst2 = [taint_src, 'clean3'] + + # 创建初始列表 + lst1 = ['clean1', 'clean2'] + + # 执行连接操作(+运算符) + result = lst2 + lst1 + + # 传递给sink + taint_sink(result) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + list_concat_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_concat_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_concat_002_F.py new file mode 100644 index 00000000..962e2bcb --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_concat_002_F.py @@ -0,0 +1,29 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->列表 +# scene introduction = 连接操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/list/list_concat_002_F +# evaluation information end + +import os + +def list_concat_002_F(taint_src): + # 创建初始列表 + lst1 = ['clean1', 'clean2'] + + lst2 = ['clean3', 'clean4'] + + # 执行连接操作(+运算符) + result = lst1 + lst2 + + # 传递给sink + taint_sink(result) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + list_concat_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_extend_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_extend_001_T.py new file mode 100644 index 00000000..2d5fc1de --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_extend_001_T.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->列表 +# scene introduction = extend操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/list/list_extend_001_T +# evaluation information end + +import os + +def list_extend_001_T(taint_src): + # 创建初始列表 + tainted_list = [taint_src] + + # 创建初始列表 + lst = ['clean1', 'clean2'] + + # 执行extend操作,将污点数据扩展到干净列表 + tainted_list.extend(lst) + + # 传递给sink + taint_sink(tainted_list) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + list_extend_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_extend_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_extend_002_F.py new file mode 100644 index 00000000..bcdf9616 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_extend_002_F.py @@ -0,0 +1,29 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->列表 +# scene introduction = extend操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/list/list_extend_002_F +# evaluation information end + +import os + +def list_extend_002_F(taint_src): + # 创建初始列表 + lst = ['clean1', 'clean2'] + + tainted_list = ['clean3'] + + # 执行extend操作 + tainted_list.extend(lst) + + # 传递给sink + taint_sink(tainted_list) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + list_extend_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_insert_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_insert_001_T.py new file mode 100644 index 00000000..3c98cdc5 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_insert_001_T.py @@ -0,0 +1,28 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->列表 +# scene introduction = insert操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/list/list_insert_001_T +# evaluation information end + +import os + +def list_insert_001_T(taint_src): + + # 创建初始列表 + lst = ['clean1', 'clean2'] + + # 在指定位置插入数据 + lst.insert(0, taint_src) + + # 传递给sink + taint_sink(lst) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + list_insert_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_insert_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_insert_002_F.py new file mode 100644 index 00000000..7dcbb275 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_insert_002_F.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->列表 +# scene introduction = insert操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/list/list_insert_002_F +# evaluation information end + +import os + +def list_insert_002_F(taint_src): + # 创建初始列表 + lst = ['clean1', 'clean2'] + + # 在指定位置插入干净数据 + lst.insert(0, 'clean3') + + # 传递给sink + taint_sink(lst) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + list_insert_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_pop_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_pop_001_T.py new file mode 100644 index 00000000..c704f15b --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_pop_001_T.py @@ -0,0 +1,28 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->列表 +# scene introduction = pop操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/list/list_pop_001_T +# evaluation information end + +import os + +def list_pop_001_T(taint_src): + + # 创建包含污点数据的列表,污点元素在首位 + lst = [taint_src, 'clean1', 'clean2'] + + # 弹出指定位置的元素(污点元素) + popped = lst.pop(0) + + # 将弹出的元素传递给sink + taint_sink(popped) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + list_pop_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_pop_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_pop_002_F.py new file mode 100644 index 00000000..a26784ab --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_pop_002_F.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->列表 +# scene introduction = pop操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/list/list_pop_002_F +# evaluation information end + +import os + +def list_pop_002_F(taint_src): + # 创建包含干净数据的列表 + lst = ['clean1', taint_src, 'clean3'] + + # 弹出指定位置的元素(干净元素) + popped = lst.pop(0) + + # 将弹出的元素传递给sink + taint_sink(popped) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + list_pop_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_remove_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_remove_001_T.py new file mode 100644 index 00000000..afb527e2 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_remove_001_T.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->列表 +# scene introduction = remove操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/list/list_remove_001_T +# evaluation information end + +import os + +def list_remove_001_T(taint_src): + # 创建包含污点数据的列表 + lst = ['clean1', taint_src, 'clean3'] + + # 删除污点元素 + lst.remove('clean1') + + # 传递给sink + taint_sink(lst) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + list_remove_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_remove_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_remove_002_F.py new file mode 100644 index 00000000..ae3e1d75 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_remove_002_F.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->列表 +# scene introduction = remove操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/list/list_remove_002_F +# evaluation information end + +import os + +def list_remove_002_F(taint_src): + # 创建包含干净数据的列表 + lst = ['clean1', taint_src, 'clean3'] + + # 删除干净元素 + lst.remove(taint_src) + + # 传递给sink + taint_sink(lst) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + list_remove_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/map/config.json b/sast-python3/case/completeness/single_app_tracing/datatype/map/config.json index 14e75f4c..adf9ce94 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/map/config.json +++ b/sast-python3/case/completeness/single_app_tracing/datatype/map/config.json @@ -14,6 +14,10 @@ "compose": "map_003_T.py && !map_004_F.py", "scene": "字典/映射(Map)对象2" }, + { + "compose": "map_pop_001_T.py && !map_pop_002_F.py", + "scene": "pop操作" + }, { "compose": "map_009_T.py && !map_010_F.py", "scene": "泛型映射" diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/map/map_pop_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/map/map_pop_001_T.py new file mode 100644 index 00000000..9a7b70db --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/map/map_pop_001_T.py @@ -0,0 +1,26 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字典 +# scene introduction = pop操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/map/map_pop_001_T +# evaluation information end + +import os + +def map_pop_001_T(taint_src): + # 创建包含污点数据的字典 + m = {"key1": taint_src, "key2": "clean"} + + # 弹出指定键的值(污点值) + popped_value = m.pop("key1") + # 将弹出的值传递给sink + taint_sink(popped_value) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + map_pop_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/map/map_pop_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/map/map_pop_002_F.py new file mode 100644 index 00000000..39f081f4 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/map/map_pop_002_F.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字典 +# scene introduction = pop操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/map/map_pop_002_F +# evaluation information end + +import os + +def map_pop_002_F(taint_src): + # 创建包含干净数据的字典 + m = {"key1": "clean1", "key2": taint_src} + + # 弹出指定键的值(干净值) + popped_value = m.pop("key1") + + # 将弹出的值传递给sink + taint_sink(popped_value) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + map_pop_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/primitives/bool_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/primitives/bool_002_F.py index 2a745afc..60730f1b 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/primitives/bool_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/datatype/primitives/bool_002_F.py @@ -9,11 +9,12 @@ import os def bool_002_F(taint_src): - taint_sink(taint_src) + tainted_bool = False + taint_sink(tainted_bool) def taint_sink(o): os.system(str(o)) if __name__ == "__main__": - taint_src = False + taint_src = True bool_002_F(taint_src) diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/config.json b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/config.json index 2da4fcba..55aa7b93 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/config.json +++ b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/config.json @@ -18,6 +18,22 @@ { "compose": "tuple_003_T.py && !tuple_004_F.py", "scene": "解包操作" + }, + { + "compose": "tuple_index_001_T.py && !tuple_index_002_F.py", + "scene": "元组索引访问" + }, + { + "compose": "tuple_slice_001_T.py && !tuple_slice_002_F.py", + "scene": "元组切片操作" + }, + { + "compose": "tuple_concat_001_T.py && !tuple_concat_002_F.py", + "scene": "元组连接操作" + }, + { + "compose": "tuple_repeat_001_T.py && !tuple_repeat_002_F.py", + "scene": "元组重复操作" } ] } diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_002_F.py index c68c8549..71285384 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_002_F.py @@ -1,5 +1,5 @@ # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->元组 # scene introduction = 元组字面量 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_004_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_004_F.py index 9bb62c89..70b06d89 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_004_F.py +++ b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_004_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->元组 # scene introduction = 解包操作 # level = 2+ diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_concat_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_concat_001_T.py new file mode 100644 index 00000000..ed29c9b8 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_concat_001_T.py @@ -0,0 +1,33 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->元组 +# scene introduction = 元组连接操作 +# level = 2+ +# bind_url = completeness/single_app_tracing/datatype/tuple/tuple_concat_001_T +# evaluation information end + +import os + +def tuple_concat_001_T(taint_src): + # 直接使用污点数据 + tainted_data = taint_src + + # 创建包含污点数据的元组 + t1 = (tainted_data,) + + # 创建干净的元组 + t2 = ("clean1", "clean2") + + # 执行连接操作 + result = t1 + t2 + + # 传递给sink + taint_sink(result) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + tuple_concat_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_concat_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_concat_002_F.py new file mode 100644 index 00000000..b498d758 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_concat_002_F.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->元组 +# scene introduction = 元组连接操作 +# level = 2+ +# bind_url = completeness/single_app_tracing/datatype/tuple/tuple_concat_002_F +# evaluation information end + +import os + +def tuple_concat_002_F(taint_src): + # 创建干净的元组 + t1 = ("clean1",) + + # 创建干净的元组 + t2 = ("clean2", "clean3") + + # 执行连接操作 + result = t1 + t2 + + # 传递给sink + taint_sink(result) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + tuple_concat_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_index_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_index_001_T.py new file mode 100644 index 00000000..7e7af560 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_index_001_T.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->元组 +# scene introduction = 元组索引访问 +# level = 2+ +# bind_url = completeness/single_app_tracing/datatype/tuple/tuple_index_001_T +# evaluation information end + +import os + +def tuple_index_001_T(taint_src): + # 直接使用污点数据 + tainted_data = taint_src + + # 创建包含污点数据的元组 + t = (tainted_data, "clean1", "clean2") + + # 访问第一个元素 + first_item = t[0] + + # 传递给sink + taint_sink(first_item) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + tuple_index_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_index_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_index_002_F.py new file mode 100644 index 00000000..94cca3c8 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_index_002_F.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->元组 +# scene introduction = 元组索引访问 +# level = 2+ +# bind_url = completeness/single_app_tracing/datatype/tuple/tuple_index_002_F +# evaluation information end + +import os + +def tuple_index_002_F(taint_src): + # 创建包含干净数据的元组 + t = ("clean1", taint_src, "clean3") + + # 访问第一个元素 + first_item = t[0] + + # 传递给sink + taint_sink(first_item) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + tuple_index_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_repeat_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_repeat_001_T.py new file mode 100644 index 00000000..b6b9ea45 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_repeat_001_T.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->元组 +# scene introduction = 元组重复操作 +# level = 2+ +# bind_url = completeness/single_app_tracing/datatype/tuple/tuple_repeat_001_T +# evaluation information end + +import os + +def tuple_repeat_001_T(taint_src): + # 直接使用污点数据 + tainted_data = taint_src + + # 创建包含污点数据的元组 + t = (tainted_data,) + + # 执行重复操作 + result = t * 3 + + # 传递给sink + taint_sink(result) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + tuple_repeat_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_repeat_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_repeat_002_F.py new file mode 100644 index 00000000..0725a43a --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_repeat_002_F.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->元组 +# scene introduction = 元组重复操作 +# level = 2+ +# bind_url = completeness/single_app_tracing/datatype/tuple/tuple_repeat_002_F +# evaluation information end + +import os + +def tuple_repeat_002_F(taint_src): + # 创建干净的元组 + t = ("clean1",) + + # 执行重复操作 + result = t * 3 + + # 传递给sink + taint_sink(result) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + tuple_repeat_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_slice_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_slice_001_T.py new file mode 100644 index 00000000..c77d5fc5 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_slice_001_T.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->元组 +# scene introduction = 元组切片操作 +# level = 2+ +# bind_url = completeness/single_app_tracing/datatype/tuple/tuple_slice_001_T +# evaluation information end + +import os + +def tuple_slice_001_T(taint_src): + # 直接使用污点数据 + tainted_data = taint_src + + # 创建包含污点数据的元组 + t = ("clean1", tainted_data, "clean2") + + # 执行切片操作,获取包含污点的部分 + slice_result = t[1:2] + + # 传递给sink + taint_sink(slice_result) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + tuple_slice_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_slice_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_slice_002_F.py new file mode 100644 index 00000000..0e5a8db7 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_slice_002_F.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->元组 +# scene introduction = 元组切片操作 +# level = 2+ +# bind_url = completeness/single_app_tracing/datatype/tuple/tuple_slice_002_F +# evaluation information end + +import os + +def tuple_slice_002_F(taint_src): + # 创建包含干净数据的元组 + t = (taint_src, "clean2", "clean3") + + # 执行切片操作 + slice_result = t[1:2] + + # 传递给sink + taint_sink(slice_result) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + tuple_slice_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_catch_001_T.py b/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_catch_001_T.py index 6d365d92..b2de8416 100644 --- a/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_catch_001_T.py +++ b/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_catch_001_T.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = false +# real case = true # evaluation item = 完整度->单应用跟踪完整度->异常与错误处理->异常抛出与捕获 # scene introduction = exception_catch # level = 2+ diff --git a/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_mult_002_F.py b/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_mult_002_F.py index 325f5b9b..1e9661ec 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_mult_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_mult_002_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 # scene introduction = 二元运算->乘 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_sub_002_F.py b/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_sub_002_F.py index e6b60637..47f380fc 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_sub_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_sub_002_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 # scene introduction = 二元运算->减 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/expression/conditional_expression/logical_or_002_F.py b/sast-python3/case/completeness/single_app_tracing/expression/conditional_expression/logical_or_002_F.py index 9843bf64..df509edb 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/conditional_expression/logical_or_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/conditional_expression/logical_or_002_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->条件表达式 # scene introduction = 逻辑或 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/config.json b/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/config.json index 79def60c..a4c2401f 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/config.json +++ b/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/config.json @@ -9,6 +9,10 @@ { "compose": "lambda_expression_001_T.py && !lambda_expression_002_F.py", "scene": "lambda关键字" + }, + { + "compose": "lambda_multi_params_001_T.py && !lambda_multi_params_002_F.py", + "scene": "多参数lambda表达式" } ] } diff --git a/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/lambda_multi_params_001_T.py b/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/lambda_multi_params_001_T.py new file mode 100644 index 00000000..36483aa5 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/lambda_multi_params_001_T.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->表达式->Lambda表达式 +# scene introduction = 多参数lambda表达式 +# level = 2 +# bind_url = completeness/single_app_tracing/expression/lambda_expression/lambda_multi_params_001_T +# evaluation information end + +import os + +def lambda_multi_params_001_T(taint_src): + # 直接使用污点数据 + tainted_data = taint_src + + # 创建多参数lambda函数 + lambda_func = lambda x, y, z: x + y + z + + # 调用lambda函数,第一个参数是污点数据 + result = lambda_func(tainted_data, "_clean", "_clean") + + # 传递给sink + taint_sink(result) + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + lambda_multi_params_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/lambda_multi_params_002_F.py b/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/lambda_multi_params_002_F.py new file mode 100644 index 00000000..5269bb5f --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/lambda_multi_params_002_F.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->表达式->Lambda表达式 +# scene introduction = 多参数lambda表达式 +# level = 2 +# bind_url = completeness/single_app_tracing/expression/lambda_expression/lambda_multi_params_002_F +# evaluation information end + +import os + +def lambda_multi_params_002_F(taint_src): + # 创建多参数lambda函数 + lambda_func = lambda x, y, z: x + y + z + + # 调用lambda函数,两个参数都是干净数据 + result = lambda_func("clean1", "clean2", "clean3") + + # 传递给sink函数,一个参数是污点数据 + taint_sink(result) + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + lambda_multi_params_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_006_F.py b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_006_F.py index 2bfe9d32..3fc521d2 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_006_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_006_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 # scene introduction = del运算符->字典键值对 # level = 2+ diff --git a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_008_F.py b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_008_F.py index 6f389dad..5a3ed68e 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_008_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_008_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 # scene introduction = del运算符->切片 # level = 2+ diff --git a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/list_comprehension_002_F.py b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/list_comprehension_002_F.py index 915ab6d2..7683fdd8 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/list_comprehension_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/list_comprehension_002_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 # scene introduction = 列表推导式 # level = 3 diff --git a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/map_comprehension_002_F.py b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/map_comprehension_002_F.py index f5457289..b53c3e6c 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/map_comprehension_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/map_comprehension_002_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 # scene introduction = 字典推导式 # level = 3 diff --git a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/set_comprehension_001_T.py b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/set_comprehension_001_T.py index a14703bc..fce29dd4 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/set_comprehension_001_T.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/set_comprehension_001_T.py @@ -10,8 +10,8 @@ import os # 调整内容 def set_comprehension_001_T(taint_src): - # 使用集合推导式生成一个包含偶数的集合 - s = {x for x in range(5) if x % taint_src == 0} # 只保留偶数 + # 使用集合推导式,将污点源 taint_src 直接作为集合中的元素(突出集合推导式直接包含污点源) + s = {taint_src for _ in range(1)} # 集合推导式中直接将污点源作为元素输出 taint_sink(s) def taint_sink(o): diff --git a/sast-python3/case/completeness/single_app_tracing/expression/type_cast/bool_conversion_002_F.py b/sast-python3/case/completeness/single_app_tracing/expression/type_cast/bool_conversion_002_F.py index 7ed8477c..704ee846 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/type_cast/bool_conversion_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/type_cast/bool_conversion_002_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->类型转换 # scene introduction = 布尔转换 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/expression/type_cast/type_cast_002_F.py b/sast-python3/case/completeness/single_app_tracing/expression/type_cast/type_cast_002_F.py index a67d8524..ece12278 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/type_cast/type_cast_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/type_cast/type_cast_002_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->类型转换 # scene introduction = 隐式类型转换 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/function_call/generator_function/yieldFrom_001_T.py b/sast-python3/case/completeness/single_app_tracing/function_call/generator_function/yieldFrom_001_T.py index a06a687e..041c1456 100644 --- a/sast-python3/case/completeness/single_app_tracing/function_call/generator_function/yieldFrom_001_T.py +++ b/sast-python3/case/completeness/single_app_tracing/function_call/generator_function/yieldFrom_001_T.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = false +# real case = true # evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->生成器函数 # scene introduction = yield_from # level = 2+ diff --git a/sast-python3/case/completeness/single_app_tracing/function_call/generator_function/yieldFrom_003_T.py b/sast-python3/case/completeness/single_app_tracing/function_call/generator_function/yieldFrom_003_T.py index 4c5e9377..e6ed90da 100644 --- a/sast-python3/case/completeness/single_app_tracing/function_call/generator_function/yieldFrom_003_T.py +++ b/sast-python3/case/completeness/single_app_tracing/function_call/generator_function/yieldFrom_003_T.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = false +# real case = true # evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->生成器函数 # scene introduction = yield_from # level = 2+