diff --git a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_reference_005_F/argument_passing_reference_005_F.go b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_reference_005_F/argument_passing_reference_005_F.go index 94905a48..d2973818 100644 --- a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_reference_005_F/argument_passing_reference_005_F.go +++ b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_reference_005_F/argument_passing_reference_005_F.go @@ -2,7 +2,7 @@ // evaluation information start // real case = false // evaluation item = 准确度->上下文敏感分析->参数/返回值传递 -// scene introduction = 参数值传递->引用传递->map +// scene introduction = 参数值传递->引用传递->map2 // level = 2 // bind_url = accuracy/context_sensitive/argument_return_value_passing/argument_passing_reference_005_F/argument_passing_reference_005_F // evaluation information end diff --git a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_reference_006_T/argument_passing_reference_006_T.go b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_reference_006_T/argument_passing_reference_006_T.go index 2ca5304d..7d9d3bbe 100644 --- a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_reference_006_T/argument_passing_reference_006_T.go +++ b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_reference_006_T/argument_passing_reference_006_T.go @@ -2,7 +2,7 @@ // evaluation information start // real case = true // evaluation item = 准确度->上下文敏感分析->参数/返回值传递 -// scene introduction = 参数值传递->引用传递->map +// scene introduction = 参数值传递->引用传递->map2 // level = 2 // bind_url = accuracy/context_sensitive/argument_return_value_passing/argument_passing_reference_006_T/argument_passing_reference_006_T // evaluation information end diff --git a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_return_001_F/argument_passing_value_return_001_F.go b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_return_001_F/argument_passing_value_return_001_F.go index 83a1adbb..1b9f2398 100644 --- a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_return_001_F/argument_passing_value_return_001_F.go +++ b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_return_001_F/argument_passing_value_return_001_F.go @@ -1,7 +1,7 @@ // evaluation information start // real case = false // evaluation item = 准确度->上下文敏感分析->参数/返回值传递 -// scene introduction = +// scene introduction = 参数值传递->单个参数 // level = 2 // bind_url = accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_return_001_F/argument_passing_value_return_001_F // evaluation information end diff --git a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_return_002_T/argument_passing_value_return_002_T.go b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_return_002_T/argument_passing_value_return_002_T.go index b6fa2c25..2b9887ef 100644 --- a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_return_002_T/argument_passing_value_return_002_T.go +++ b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_return_002_T/argument_passing_value_return_002_T.go @@ -1,7 +1,7 @@ // evaluation information start // real case = true // evaluation item = 准确度->上下文敏感分析->参数/返回值传递 -// scene introduction = +// scene introduction = 参数值传递->单个参数 // level = 2 // bind_url = accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_return_002_T/argument_passing_value_return_002_T // evaluation information end diff --git a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_return_004_T/argument_passing_value_return_004_T.go b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_return_004_T/argument_passing_value_return_004_T.go index 2d614a74..9af45738 100644 --- a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_return_004_T/argument_passing_value_return_004_T.go +++ b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_return_004_T/argument_passing_value_return_004_T.go @@ -2,7 +2,7 @@ // real case = true // evaluation item = 准确度->上下文敏感分析->参数/返回值传递 // scene introduction = 参数值传递->多函数 -// level = 2 +// level = 2 // bind_url = accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_return_004_T/argument_passing_value_return_004_T // evaluation information end diff --git a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_return_005_F/argument_passing_value_return_005_F.go b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_return_005_F/argument_passing_value_return_005_F.go index 0ae0622e..57e16adf 100644 --- a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_return_005_F/argument_passing_value_return_005_F.go +++ b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_return_005_F/argument_passing_value_return_005_F.go @@ -2,7 +2,7 @@ // real case = false // evaluation item = 准确度->上下文敏感分析->参数/返回值传递 // scene introduction = 参数值传递->参数顺序 -// level = 2 +// level = 2 // bind_url = accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_return_005_F/argument_passing_value_return_005_F // evaluation information end diff --git a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_return_006_T/argument_passing_value_return_006_T.go b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_return_006_T/argument_passing_value_return_006_T.go index f6423ee2..a5b1adee 100644 --- a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_return_006_T/argument_passing_value_return_006_T.go +++ b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_return_006_T/argument_passing_value_return_006_T.go @@ -2,7 +2,7 @@ // real case = true // evaluation item = 准确度->上下文敏感分析->参数/返回值传递 // scene introduction = 参数值传递->参数顺序 -// level = 2 +// level = 2 // bind_url = accuracy/context_sensitive/argument_return_value_passing/argument_passing_value_return_006_T/argument_passing_value_return_006_T // evaluation information end diff --git a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/config.json b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/config.json index 5f073b8a..9bcd45d0 100644 --- a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/config.json +++ b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/config.json @@ -8,7 +8,7 @@ "scene_list": [ { "compose": "!argument_passing_value_return_001_F/argument_passing_value_return_001_F.go && argument_passing_value_return_002_T/argument_passing_value_return_002_T.go", - "scene": "1" + "scene": "参数值传递->单个参数" }, { "compose": "!argument_passing_value_return_003_F/argument_passing_value_return_003_F.go && argument_passing_value_return_004_T/argument_passing_value_return_004_T.go", @@ -48,7 +48,7 @@ }, { "compose": "!return_normal_value_passing_001_F/return_normal_value_passing_001_F.go && return_normal_value_passing_002_T/return_normal_value_passing_002_T.go", - "scene": "2" + "scene": "返回值传递->普通返回值" } ] } diff --git a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/named_return_value_passing_001_F/named_return_value_passing_001_F.go b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/named_return_value_passing_001_F/named_return_value_passing_001_F.go index 7c388c21..c3b2ca80 100644 --- a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/named_return_value_passing_001_F/named_return_value_passing_001_F.go +++ b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/named_return_value_passing_001_F/named_return_value_passing_001_F.go @@ -2,7 +2,7 @@ // real case = false // evaluation item = 准确度->上下文敏感分析->参数/返回值传递 // scene introduction = 返回值传递->具名返回值 -// level = 2 +// level = 2 // bind_url = accuracy/context_sensitive/argument_return_value_passing/named_return_value_passing_001_F/named_return_value_passing_001_F // evaluation information end diff --git a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/named_return_value_passing_002_T/named_return_value_passing_002_T.go b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/named_return_value_passing_002_T/named_return_value_passing_002_T.go index c3eace07..34c4df9b 100644 --- a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/named_return_value_passing_002_T/named_return_value_passing_002_T.go +++ b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/named_return_value_passing_002_T/named_return_value_passing_002_T.go @@ -2,7 +2,7 @@ // real case = true // evaluation item = 准确度->上下文敏感分析->参数/返回值传递 // scene introduction = 返回值传递->具名返回值 -// level = 2 +// level = 2 // bind_url = accuracy/context_sensitive/argument_return_value_passing/named_return_value_passing_002_T/named_return_value_passing_002_T // evaluation information end diff --git a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/return_normal_value_passing_001_F/return_normal_value_passing_001_F.go b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/return_normal_value_passing_001_F/return_normal_value_passing_001_F.go index 465da18d..c1b7d9f9 100644 --- a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/return_normal_value_passing_001_F/return_normal_value_passing_001_F.go +++ b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/return_normal_value_passing_001_F/return_normal_value_passing_001_F.go @@ -1,7 +1,7 @@ // evaluation information start // real case = false // evaluation item = 准确度->上下文敏感分析->参数/返回值传递 -// scene introduction = +// scene introduction = 返回值传递->普通返回值 // level = 2 // bind_url = accuracy/context_sensitive/argument_return_value_passing/return_normal_value_passing_001_F/return_normal_value_passing_001_F // evaluation information end diff --git a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/return_normal_value_passing_002_T/return_normal_value_passing_002_T.go b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/return_normal_value_passing_002_T/return_normal_value_passing_002_T.go index dd90a4e7..2fe35842 100644 --- a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/return_normal_value_passing_002_T/return_normal_value_passing_002_T.go +++ b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/return_normal_value_passing_002_T/return_normal_value_passing_002_T.go @@ -1,7 +1,7 @@ // evaluation information start // real case = true // evaluation item = 准确度->上下文敏感分析->参数/返回值传递 -// scene introduction = +// scene introduction = 返回值传递->普通返回值 // level = 2 // bind_url = accuracy/context_sensitive/argument_return_value_passing/return_normal_value_passing_002_T/return_normal_value_passing_002_T // evaluation information end diff --git a/sast-go/cases/accuracy/context_sensitive/multi_invoke/config.json b/sast-go/cases/accuracy/context_sensitive/multi_invoke/config.json index 212ffdeb..c9f75586 100644 --- a/sast-go/cases/accuracy/context_sensitive/multi_invoke/config.json +++ b/sast-go/cases/accuracy/context_sensitive/multi_invoke/config.json @@ -8,7 +8,7 @@ "scene_list": [ { "compose": "!multi_invoke_001_F/multi_invoke_001_F.go && multi_invoke_002_T/multi_invoke_002_T.go", - "scene": "1" + "scene": "多次调用" } ] } diff --git a/sast-go/cases/accuracy/context_sensitive/multi_invoke/multi_invoke_001_F/multi_invoke_001_F.go b/sast-go/cases/accuracy/context_sensitive/multi_invoke/multi_invoke_001_F/multi_invoke_001_F.go index 75d68faf..86b4e325 100644 --- a/sast-go/cases/accuracy/context_sensitive/multi_invoke/multi_invoke_001_F/multi_invoke_001_F.go +++ b/sast-go/cases/accuracy/context_sensitive/multi_invoke/multi_invoke_001_F/multi_invoke_001_F.go @@ -2,7 +2,7 @@ // evaluation information start // real case = false // evaluation item = 准确度->上下文敏感分析->多次调用 -// scene introduction = +// scene introduction = 多次调用 // level = 2 // bind_url = accuracy/context_sensitive/multi_invoke/multi_invoke_001_F/multi_invoke_001_F // evaluation information end diff --git a/sast-go/cases/accuracy/context_sensitive/multi_invoke/multi_invoke_002_T/multi_invoke_002_T.go b/sast-go/cases/accuracy/context_sensitive/multi_invoke/multi_invoke_002_T/multi_invoke_002_T.go index 1bfd85a5..43e37b63 100644 --- a/sast-go/cases/accuracy/context_sensitive/multi_invoke/multi_invoke_002_T/multi_invoke_002_T.go +++ b/sast-go/cases/accuracy/context_sensitive/multi_invoke/multi_invoke_002_T/multi_invoke_002_T.go @@ -2,7 +2,7 @@ // evaluation information start // real case = true // evaluation item = 准确度->上下文敏感分析->多次调用 -// scene introduction = +// scene introduction = 多次调用 // level = 2 // bind_url = accuracy/context_sensitive/multi_invoke/multi_invoke_002_T/multi_invoke_002_T // evaluation information end diff --git a/sast-go/cases/accuracy/context_sensitive/polymorphism/polymorphism_002_F/polymorphism_002_F.go b/sast-go/cases/accuracy/context_sensitive/polymorphism/polymorphism_002_F/polymorphism_002_F.go index 3b9fc478..c972a98a 100644 --- a/sast-go/cases/accuracy/context_sensitive/polymorphism/polymorphism_002_F/polymorphism_002_F.go +++ b/sast-go/cases/accuracy/context_sensitive/polymorphism/polymorphism_002_F/polymorphism_002_F.go @@ -3,7 +3,7 @@ // real case = false // evaluation item = 准确度->上下文敏感分析->多态 // scene introduction = 继承 -// level = 2 +// level = 2 // bind_url = accuracy/context_sensitive/polymorphism/polymorphism_002_F/polymorphism_002_F // evaluation information end diff --git a/sast-go/cases/accuracy/context_sensitive/polymorphism/polymorphism_004_F/polymorphism_004_F.go b/sast-go/cases/accuracy/context_sensitive/polymorphism/polymorphism_004_F/polymorphism_004_F.go index d16b8c28..0819628c 100644 --- a/sast-go/cases/accuracy/context_sensitive/polymorphism/polymorphism_004_F/polymorphism_004_F.go +++ b/sast-go/cases/accuracy/context_sensitive/polymorphism/polymorphism_004_F/polymorphism_004_F.go @@ -3,7 +3,7 @@ // real case = false // evaluation item = 准确度->上下文敏感分析->多态 // scene introduction = 接口指针 -// level = 2 +// level = 2 // bind_url = accuracy/context_sensitive/polymorphism/polymorphism_004_F/polymorphism_004_F // evaluation information end package main diff --git a/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_003_T/array_index_no_solver_003_T.go b/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_003_T/array_index_no_solver_003_T.go index 0a3a6cf1..a3a2ca39 100644 --- a/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_003_T/array_index_no_solver_003_T.go +++ b/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_003_T/array_index_no_solver_003_T.go @@ -2,7 +2,7 @@ // evaluation information start // real case = true // evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) -// scene introduction = 数组->数组索引 +// scene introduction = 数组->数组索引2 // level = 3 // bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_003_T/array_index_no_solver_003_T // evaluation information end diff --git a/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_004_F/array_index_no_solver_004_F.go b/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_004_F/array_index_no_solver_004_F.go index cba74414..d0f4481d 100644 --- a/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_004_F/array_index_no_solver_004_F.go +++ b/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_004_F/array_index_no_solver_004_F.go @@ -2,7 +2,7 @@ // evaluation information start // real case = false // evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) -// scene introduction = 数组->数组索引 +// scene introduction = 数组->数组索引2 // level = 3 // bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_004_F/array_index_no_solver_004_F // evaluation information end diff --git a/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/map_field_sensitive_003_F/map_field_sensitive_003_F.go b/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/map_field_sensitive_003_F/map_field_sensitive_003_F.go index 29e071d2..e56c54c4 100644 --- a/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/map_field_sensitive_003_F/map_field_sensitive_003_F.go +++ b/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/map_field_sensitive_003_F/map_field_sensitive_003_F.go @@ -2,7 +2,7 @@ // evaluation information start // real case = false // evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) -// scene introduction = map->字典/映射(Map)-域敏感 +// scene introduction = map->字典/映射(Map)-域敏感2 // level = 3 // bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/map_field_sensitive_003_F/map_field_sensitive_003_F // evaluation information end diff --git a/sast-go/cases/accuracy/field_sensitive/struct/field_len_003_T/field_len_003_T.go b/sast-go/cases/accuracy/field_sensitive/struct/field_len_003_T/field_len_003_T.go index 347542c0..3e812e06 100644 --- a/sast-go/cases/accuracy/field_sensitive/struct/field_len_003_T/field_len_003_T.go +++ b/sast-go/cases/accuracy/field_sensitive/struct/field_len_003_T/field_len_003_T.go @@ -2,7 +2,7 @@ // evaluation information start // real case = true // evaluation item = 准确度->对象敏感与域敏感分析->区分不同结构体的不同字段 -// scene introduction = 域敏感-路径长度 +// scene introduction = 域敏感-路径长度2 // level = 3 // bind_url = accuracy/field_sensitive/struct/field_len_003_T/field_len_003_T // evaluation information end diff --git a/sast-go/cases/accuracy/field_sensitive/struct/field_len_004_F/field_len_004_F.go b/sast-go/cases/accuracy/field_sensitive/struct/field_len_004_F/field_len_004_F.go index 1d18e871..428c41b9 100644 --- a/sast-go/cases/accuracy/field_sensitive/struct/field_len_004_F/field_len_004_F.go +++ b/sast-go/cases/accuracy/field_sensitive/struct/field_len_004_F/field_len_004_F.go @@ -2,7 +2,7 @@ // evaluation information start // real case = false // evaluation item = 准确度->对象敏感与域敏感分析->区分不同结构体的不同字段 -// scene introduction = 域敏感-路径长度 +// scene introduction = 域敏感-路径长度2 // level = 3 // bind_url = accuracy/field_sensitive/struct/field_len_004_F/field_len_004_F // evaluation information end diff --git a/sast-go/cases/accuracy/field_sensitive/struct/field_len_005_T/field_len_005_T.go b/sast-go/cases/accuracy/field_sensitive/struct/field_len_005_T/field_len_005_T.go index 94138a07..12945ad1 100644 --- a/sast-go/cases/accuracy/field_sensitive/struct/field_len_005_T/field_len_005_T.go +++ b/sast-go/cases/accuracy/field_sensitive/struct/field_len_005_T/field_len_005_T.go @@ -2,7 +2,7 @@ // evaluation information start // real case = true // evaluation item = 准确度->对象敏感与域敏感分析->区分不同结构体的不同字段 -// scene introduction = 域敏感-路径长度 +// scene introduction = 域敏感-路径长度3 // level = 3 // bind_url = accuracy/field_sensitive/struct/field_len_005_T/field_len_005_T // evaluation information end diff --git a/sast-go/cases/accuracy/field_sensitive/struct/field_len_006_F/field_len_006_F.go b/sast-go/cases/accuracy/field_sensitive/struct/field_len_006_F/field_len_006_F.go index f449a7c3..295a6e78 100644 --- a/sast-go/cases/accuracy/field_sensitive/struct/field_len_006_F/field_len_006_F.go +++ b/sast-go/cases/accuracy/field_sensitive/struct/field_len_006_F/field_len_006_F.go @@ -1,8 +1,8 @@ // evaluation information start -// real case = true +// real case = false // evaluation item = 准确度->对象敏感与域敏感分析->区分不同结构体的不同字段 -// scene introduction = 域敏感-路径长度 +// scene introduction = 域敏感-路径长度3 // level = 3 // bind_url = accuracy/field_sensitive/struct/field_len_006_F/field_len_006_F // evaluation information end diff --git a/sast-go/cases/accuracy/field_sensitive/struct/struct_field_003_T/struct_field_003_T.go b/sast-go/cases/accuracy/field_sensitive/struct/struct_field_003_T/struct_field_003_T.go index 13be937d..e17143db 100644 --- a/sast-go/cases/accuracy/field_sensitive/struct/struct_field_003_T/struct_field_003_T.go +++ b/sast-go/cases/accuracy/field_sensitive/struct/struct_field_003_T/struct_field_003_T.go @@ -2,7 +2,7 @@ // evaluation information start // real case = true // evaluation item = 准确度->对象敏感与域敏感分析->区分不同结构体的不同字段 -// scene introduction = 域敏感 +// scene introduction = 域敏感2 // level = 3 // bind_url = accuracy/field_sensitive/struct/struct_field_003_T/struct_field_003_T // evaluation information end diff --git a/sast-go/cases/accuracy/field_sensitive/struct/struct_field_004_F/struct_field_004_F.go b/sast-go/cases/accuracy/field_sensitive/struct/struct_field_004_F/struct_field_004_F.go index d31c0f3b..f19fde56 100644 --- a/sast-go/cases/accuracy/field_sensitive/struct/struct_field_004_F/struct_field_004_F.go +++ b/sast-go/cases/accuracy/field_sensitive/struct/struct_field_004_F/struct_field_004_F.go @@ -2,7 +2,7 @@ // evaluation information start // real case = false // evaluation item = 准确度->对象敏感与域敏感分析->区分不同结构体的不同字段 -// scene introduction = 域敏感 +// scene introduction = 域敏感2 // level = 3 // bind_url = accuracy/field_sensitive/struct/struct_field_004_F/struct_field_004_F // evaluation information end diff --git a/sast-go/cases/accuracy/flow_sensitive/asynchronous/asynchronous_execution_002_F/asynchronous_execution_002_F.go b/sast-go/cases/accuracy/flow_sensitive/asynchronous/asynchronous_execution_002_F/asynchronous_execution_002_F.go index e91e5c76..7e9ea7ff 100644 --- a/sast-go/cases/accuracy/flow_sensitive/asynchronous/asynchronous_execution_002_F/asynchronous_execution_002_F.go +++ b/sast-go/cases/accuracy/flow_sensitive/asynchronous/asynchronous_execution_002_F/asynchronous_execution_002_F.go @@ -1,6 +1,6 @@ // evaluation information start -// real case = true +// real case = false // evaluation item = 准确度->流敏感分析->异步执行 // scene introduction = 并发-Goroutine,Channel // level = 4 diff --git a/sast-go/cases/accuracy/flow_sensitive/normal_stmt/sequential_assign_001_T/sequential_assign_001_T.go b/sast-go/cases/accuracy/flow_sensitive/normal_stmt/sequential_assign_001_T/sequential_assign_001_T.go index 27cd03c2..78e11a75 100644 --- a/sast-go/cases/accuracy/flow_sensitive/normal_stmt/sequential_assign_001_T/sequential_assign_001_T.go +++ b/sast-go/cases/accuracy/flow_sensitive/normal_stmt/sequential_assign_001_T/sequential_assign_001_T.go @@ -14,7 +14,7 @@ import ( "os/exec" ) -func sequentialAssign_001_T(__taint_src string) { +func sequential_assign_001_T(__taint_src string) { // 场景特点:按顺序执行多个赋值语句 var a string var b string @@ -29,5 +29,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - sequentialAssign_001_T(__taint_src) + sequential_assign_001_T(__taint_src) } diff --git a/sast-go/cases/accuracy/flow_sensitive/normal_stmt/sequential_assign_002_F/sequential_assign_002_F.go b/sast-go/cases/accuracy/flow_sensitive/normal_stmt/sequential_assign_002_F/sequential_assign_002_F.go index cc3a58cf..bd0e7f98 100644 --- a/sast-go/cases/accuracy/flow_sensitive/normal_stmt/sequential_assign_002_F/sequential_assign_002_F.go +++ b/sast-go/cases/accuracy/flow_sensitive/normal_stmt/sequential_assign_002_F/sequential_assign_002_F.go @@ -14,7 +14,7 @@ import ( "os/exec" ) -func sequentialAssign_002_F(__taint_src string) { +func sequential_assign_002_F(__taint_src string) { // 场景特点:按顺序执行多个赋值语句,但污点数据未传播到最终变量 var a string var b string @@ -30,5 +30,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - sequentialAssign_002_F(__taint_src) + sequential_assign_002_F(__taint_src) } diff --git a/sast-go/cases/accuracy/object_sensitive/collection/array_obj_sensitive_003_T/array_obj_sensitive_003_T.go b/sast-go/cases/accuracy/object_sensitive/collection/array_obj_sensitive_003_T/array_obj_sensitive_003_T.go index ea79df6c..3d8304b4 100644 --- a/sast-go/cases/accuracy/object_sensitive/collection/array_obj_sensitive_003_T/array_obj_sensitive_003_T.go +++ b/sast-go/cases/accuracy/object_sensitive/collection/array_obj_sensitive_003_T/array_obj_sensitive_003_T.go @@ -2,7 +2,7 @@ // evaluation information start // real case = true // evaluation item = 准确度->对象敏感与域敏感分析->区分字典/列表/数组的不同元素 -// scene introduction = 数组->复合数据类型 +// scene introduction = 数组->复合数据类型2 // level = 2 // bind_url = accuracy/object_sensitive/collection/array_obj_sensitive_003_T/array_obj_sensitive_003_T // evaluation information end diff --git a/sast-go/cases/accuracy/object_sensitive/collection/array_obj_sensitive_004_F/array_obj_sensitive_004_F.go b/sast-go/cases/accuracy/object_sensitive/collection/array_obj_sensitive_004_F/array_obj_sensitive_004_F.go index 235fb5d2..26765cf7 100644 --- a/sast-go/cases/accuracy/object_sensitive/collection/array_obj_sensitive_004_F/array_obj_sensitive_004_F.go +++ b/sast-go/cases/accuracy/object_sensitive/collection/array_obj_sensitive_004_F/array_obj_sensitive_004_F.go @@ -2,7 +2,7 @@ // evaluation information start // real case = false // evaluation item = 准确度->对象敏感与域敏感分析->区分字典/列表/数组的不同元素 -// scene introduction = 数组->复合数据类型 +// scene introduction = 数组->复合数据类型2 // level = 2 // bind_url = accuracy/object_sensitive/collection/array_obj_sensitive_004_F/array_obj_sensitive_004_F // evaluation information end diff --git a/sast-go/cases/accuracy/object_sensitive/collection/array_obj_sensitive_005_T/array_obj_sensitive_005_T.go b/sast-go/cases/accuracy/object_sensitive/collection/array_obj_sensitive_005_T/array_obj_sensitive_005_T.go index 3c5834d4..c1a0a2e9 100644 --- a/sast-go/cases/accuracy/object_sensitive/collection/array_obj_sensitive_005_T/array_obj_sensitive_005_T.go +++ b/sast-go/cases/accuracy/object_sensitive/collection/array_obj_sensitive_005_T/array_obj_sensitive_005_T.go @@ -2,7 +2,7 @@ // evaluation information start // real case = true // evaluation item = 准确度->对象敏感与域敏感分析->区分字典/列表/数组的不同元素 -// scene introduction = 数组->复合数据类型 +// scene introduction = 数组->复合数据类型3 // level = 2 // bind_url = accuracy/object_sensitive/collection/array_obj_sensitive_005_T/array_obj_sensitive_005_T // evaluation information end diff --git a/sast-go/cases/accuracy/object_sensitive/collection/array_obj_sensitive_006_F/array_obj_sensitive_006_F.go b/sast-go/cases/accuracy/object_sensitive/collection/array_obj_sensitive_006_F/array_obj_sensitive_006_F.go index ad15b2aa..60e51970 100644 --- a/sast-go/cases/accuracy/object_sensitive/collection/array_obj_sensitive_006_F/array_obj_sensitive_006_F.go +++ b/sast-go/cases/accuracy/object_sensitive/collection/array_obj_sensitive_006_F/array_obj_sensitive_006_F.go @@ -2,7 +2,7 @@ // evaluation information start // real case = false // evaluation item = 准确度->对象敏感与域敏感分析->区分字典/列表/数组的不同元素 -// scene introduction = 数组->复合数据类型 +// scene introduction = 数组->复合数据类型3 // level = 2 // bind_url = accuracy/object_sensitive/collection/array_obj_sensitive_006_F/array_obj_sensitive_006_F // evaluation information end diff --git a/sast-go/cases/accuracy/object_sensitive/collection/map_obj_sensitive_002_T/map_obj_sensitive_002_T.go b/sast-go/cases/accuracy/object_sensitive/collection/map_obj_sensitive_002_T/map_obj_sensitive_002_T.go index 32927631..11f7fe7d 100644 --- a/sast-go/cases/accuracy/object_sensitive/collection/map_obj_sensitive_002_T/map_obj_sensitive_002_T.go +++ b/sast-go/cases/accuracy/object_sensitive/collection/map_obj_sensitive_002_T/map_obj_sensitive_002_T.go @@ -2,7 +2,7 @@ // evaluation information start // real case = true // evaluation item = 准确度->对象敏感与域敏感分析->区分字典/列表/数组的不同元素 -// scene introduction = map->对象敏感 +// scene introduction = map->对象敏感2 // level = 2 // bind_url = accuracy/object_sensitive/collection/map_obj_sensitive_002_T/map_obj_sensitive_002_T // evaluation information end diff --git a/sast-go/cases/accuracy/object_sensitive/interface_class/config.json b/sast-go/cases/accuracy/object_sensitive/interface_class/config.json index 5b76c925..06808880 100644 --- a/sast-go/cases/accuracy/object_sensitive/interface_class/config.json +++ b/sast-go/cases/accuracy/object_sensitive/interface_class/config.json @@ -8,11 +8,11 @@ "scene_list": [ { "compose": "!interface_class_001_F/interface_class_001_F.go && interface_class_002_T/interface_class_002_T.go", - "scene": "1" + "scene": "不同结构体" }, { "compose": "!interface_class_003_F/interface_class_003_F.go && interface_class_004_T/interface_class_004_T.go", - "scene": "2" + "scene": "不同接口" }, { "compose": "!interface_class_005_F/interface_class_005_F.go && interface_class_006_T/interface_class_006_T.go", diff --git a/sast-go/cases/accuracy/object_sensitive/interface_class/interface_class_001_F/interface_class_001_F.go b/sast-go/cases/accuracy/object_sensitive/interface_class/interface_class_001_F/interface_class_001_F.go index 4eb7d9c9..9d331706 100644 --- a/sast-go/cases/accuracy/object_sensitive/interface_class/interface_class_001_F/interface_class_001_F.go +++ b/sast-go/cases/accuracy/object_sensitive/interface_class/interface_class_001_F/interface_class_001_F.go @@ -1,8 +1,8 @@ // evaluation information start -// real case = true +// real case = false // evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象 -// scene introduction = +// scene introduction = 不同结构体 // level = 2 // bind_url = accuracy/object_sensitive/interface_class/interface_class_001_F/interface_class_001_F // evaluation information end diff --git a/sast-go/cases/accuracy/object_sensitive/interface_class/interface_class_002_T/interface_class_002_T.go b/sast-go/cases/accuracy/object_sensitive/interface_class/interface_class_002_T/interface_class_002_T.go index e7220d29..19964ede 100644 --- a/sast-go/cases/accuracy/object_sensitive/interface_class/interface_class_002_T/interface_class_002_T.go +++ b/sast-go/cases/accuracy/object_sensitive/interface_class/interface_class_002_T/interface_class_002_T.go @@ -2,7 +2,7 @@ // evaluation information start // real case = true // evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象 -// scene introduction = +// scene introduction = 不同结构体 // level = 2 // bind_url = accuracy/object_sensitive/interface_class/interface_class_002_T/interface_class_002_T // evaluation information end diff --git a/sast-go/cases/accuracy/object_sensitive/interface_class/interface_class_003_F/interface_class_003_F.go b/sast-go/cases/accuracy/object_sensitive/interface_class/interface_class_003_F/interface_class_003_F.go index dcd1ba40..87bd949b 100644 --- a/sast-go/cases/accuracy/object_sensitive/interface_class/interface_class_003_F/interface_class_003_F.go +++ b/sast-go/cases/accuracy/object_sensitive/interface_class/interface_class_003_F/interface_class_003_F.go @@ -1,8 +1,8 @@ // evaluation information start -// real case = true +// real case = false // evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象 -// scene introduction = +// scene introduction = 不同接口 // level = 2 // bind_url = accuracy/object_sensitive/interface_class/interface_class_003_F/interface_class_003_F // evaluation information end diff --git a/sast-go/cases/accuracy/object_sensitive/interface_class/interface_class_004_T/interface_class_004_T.go b/sast-go/cases/accuracy/object_sensitive/interface_class/interface_class_004_T/interface_class_004_T.go index e5c8e4c3..6b87124b 100644 --- a/sast-go/cases/accuracy/object_sensitive/interface_class/interface_class_004_T/interface_class_004_T.go +++ b/sast-go/cases/accuracy/object_sensitive/interface_class/interface_class_004_T/interface_class_004_T.go @@ -2,7 +2,7 @@ // evaluation information start // real case = true // evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象 -// scene introduction = +// scene introduction = 不同接口 // level = 2 // bind_url = accuracy/object_sensitive/interface_class/interface_class_004_T/interface_class_004_T // evaluation information end diff --git a/sast-go/cases/accuracy/object_sensitive/interface_class/interface_class_005_F/interface_class_005_F.go b/sast-go/cases/accuracy/object_sensitive/interface_class/interface_class_005_F/interface_class_005_F.go index 56e07734..7760b6f5 100644 --- a/sast-go/cases/accuracy/object_sensitive/interface_class/interface_class_005_F/interface_class_005_F.go +++ b/sast-go/cases/accuracy/object_sensitive/interface_class/interface_class_005_F/interface_class_005_F.go @@ -1,6 +1,6 @@ // evaluation information start -// real case = true +// real case = false // evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象 // scene introduction = 嵌入式结构体 // level = 2 diff --git a/sast-go/cases/accuracy/object_sensitive/interface_class/interface_class_007_F/interface_class_007_F.go b/sast-go/cases/accuracy/object_sensitive/interface_class/interface_class_007_F/interface_class_007_F.go index 751d247f..0dbe9d11 100644 --- a/sast-go/cases/accuracy/object_sensitive/interface_class/interface_class_007_F/interface_class_007_F.go +++ b/sast-go/cases/accuracy/object_sensitive/interface_class/interface_class_007_F/interface_class_007_F.go @@ -1,6 +1,6 @@ // evaluation information start -// real case = true +// real case = false // evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象 // scene introduction = 接口继承 // level = 2 diff --git a/sast-go/cases/accuracy/object_sensitive/interface_class/interface_class_009_F/interface_class_009_F.go b/sast-go/cases/accuracy/object_sensitive/interface_class/interface_class_009_F/interface_class_009_F.go index aff1bdfb..8172f169 100644 --- a/sast-go/cases/accuracy/object_sensitive/interface_class/interface_class_009_F/interface_class_009_F.go +++ b/sast-go/cases/accuracy/object_sensitive/interface_class/interface_class_009_F/interface_class_009_F.go @@ -1,6 +1,6 @@ // evaluation information start -// real case = true +// real case = false // evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象 // scene introduction = 子结构体重写父结构体方法 // level = 2 diff --git a/sast-go/cases/accuracy/object_sensitive/interface_class/interface_class_011_F/interface_class_011_F.go b/sast-go/cases/accuracy/object_sensitive/interface_class/interface_class_011_F/interface_class_011_F.go index 2bb2e80a..eb482939 100644 --- a/sast-go/cases/accuracy/object_sensitive/interface_class/interface_class_011_F/interface_class_011_F.go +++ b/sast-go/cases/accuracy/object_sensitive/interface_class/interface_class_011_F/interface_class_011_F.go @@ -1,6 +1,6 @@ // evaluation information start -// real case = true +// real case = false // evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象 // scene introduction = 接口作为参数的多态调用 // level = 2 diff --git a/sast-go/cases/accuracy/object_sensitive/struct/struct_deep10_002_F/struct_deep10_002_F.go b/sast-go/cases/accuracy/object_sensitive/struct/struct_deep10_002_F/struct_deep10_002_F.go index 127ba489..ed3b61ad 100644 --- a/sast-go/cases/accuracy/object_sensitive/struct/struct_deep10_002_F/struct_deep10_002_F.go +++ b/sast-go/cases/accuracy/object_sensitive/struct/struct_deep10_002_F/struct_deep10_002_F.go @@ -1,6 +1,6 @@ // evaluation information start -// real case = true +// real case = false // evaluation item = 准确度->对象敏感与域敏感分析->区分不同结构体 // scene introduction = 结构体对象->10层对象 // level = 2 diff --git a/sast-go/cases/accuracy/object_sensitive/struct/struct_deep3_002_F/struct_deep3_002_F.go b/sast-go/cases/accuracy/object_sensitive/struct/struct_deep3_002_F/struct_deep3_002_F.go index 81266fe4..5be0e187 100644 --- a/sast-go/cases/accuracy/object_sensitive/struct/struct_deep3_002_F/struct_deep3_002_F.go +++ b/sast-go/cases/accuracy/object_sensitive/struct/struct_deep3_002_F/struct_deep3_002_F.go @@ -1,6 +1,6 @@ // evaluation information start -// real case = true +// real case = false // evaluation item = 准确度->对象敏感与域敏感分析->区分不同结构体 // scene introduction = 结构体对象->3层对象 // level = 2 diff --git a/sast-go/cases/accuracy/object_sensitive/struct/struct_deep3_003_T/struct_deep3_003_T.go b/sast-go/cases/accuracy/object_sensitive/struct/struct_deep3_003_T/struct_deep3_003_T.go index 74eb91fe..5721717a 100644 --- a/sast-go/cases/accuracy/object_sensitive/struct/struct_deep3_003_T/struct_deep3_003_T.go +++ b/sast-go/cases/accuracy/object_sensitive/struct/struct_deep3_003_T/struct_deep3_003_T.go @@ -2,7 +2,7 @@ // evaluation information start // real case = true // evaluation item = 准确度->对象敏感与域敏感分析->区分不同结构体 -// scene introduction = 结构体对象->3层对象 +// scene introduction = 结构体对象->3层对象2 // level = 2 // bind_url = accuracy/object_sensitive/struct/struct_deep3_003_T/struct_deep3_003_T // evaluation information end diff --git a/sast-go/cases/accuracy/object_sensitive/struct/struct_deep3_004_F/struct_deep3_004_F.go b/sast-go/cases/accuracy/object_sensitive/struct/struct_deep3_004_F/struct_deep3_004_F.go index a9d27ee2..b9af58ba 100644 --- a/sast-go/cases/accuracy/object_sensitive/struct/struct_deep3_004_F/struct_deep3_004_F.go +++ b/sast-go/cases/accuracy/object_sensitive/struct/struct_deep3_004_F/struct_deep3_004_F.go @@ -1,8 +1,8 @@ // evaluation information start -// real case = true +// real case = false // evaluation item = 准确度->对象敏感与域敏感分析->区分不同结构体 -// scene introduction = 结构体对象->3层对象 +// scene introduction = 结构体对象->3层对象2 // level = 2 // bind_url = accuracy/object_sensitive/struct/struct_deep3_004_F/struct_deep3_004_F // evaluation information end diff --git a/sast-go/cases/accuracy/object_sensitive/struct/struct_deep5_002_F/struct_deep5_002_F.go b/sast-go/cases/accuracy/object_sensitive/struct/struct_deep5_002_F/struct_deep5_002_F.go index 403751d1..4013f585 100644 --- a/sast-go/cases/accuracy/object_sensitive/struct/struct_deep5_002_F/struct_deep5_002_F.go +++ b/sast-go/cases/accuracy/object_sensitive/struct/struct_deep5_002_F/struct_deep5_002_F.go @@ -1,6 +1,6 @@ // evaluation information start -// real case = true +// real case = false // evaluation item = 准确度->对象敏感与域敏感分析->区分不同结构体 // scene introduction = 结构体对象->5层对象 // level = 2 diff --git a/sast-go/cases/accuracy/object_sensitive/struct/struct_deep5_003_T/struct_deep5_003_T.go b/sast-go/cases/accuracy/object_sensitive/struct/struct_deep5_003_T/struct_deep5_003_T.go index 39c859ce..d8596e1c 100644 --- a/sast-go/cases/accuracy/object_sensitive/struct/struct_deep5_003_T/struct_deep5_003_T.go +++ b/sast-go/cases/accuracy/object_sensitive/struct/struct_deep5_003_T/struct_deep5_003_T.go @@ -2,7 +2,7 @@ // evaluation information start // real case = true // evaluation item = 准确度->对象敏感与域敏感分析->区分不同结构体 -// scene introduction = 结构体对象->5层对象 +// scene introduction = 结构体对象->5层对象2 // level = 2 // bind_url = accuracy/object_sensitive/struct/struct_deep5_003_T/struct_deep5_003_T // evaluation information end diff --git a/sast-go/cases/accuracy/object_sensitive/struct/struct_deep5_004_F/struct_deep5_004_F.go b/sast-go/cases/accuracy/object_sensitive/struct/struct_deep5_004_F/struct_deep5_004_F.go index 1cd0ad94..58cda951 100644 --- a/sast-go/cases/accuracy/object_sensitive/struct/struct_deep5_004_F/struct_deep5_004_F.go +++ b/sast-go/cases/accuracy/object_sensitive/struct/struct_deep5_004_F/struct_deep5_004_F.go @@ -1,8 +1,8 @@ // evaluation information start -// real case = true +// real case = false // evaluation item = 准确度->对象敏感与域敏感分析->区分不同结构体 -// scene introduction = 结构体对象->5层对象 +// scene introduction = 结构体对象->5层对象2 // level = 2 // bind_url = accuracy/object_sensitive/struct/struct_deep5_004_F/struct_deep5_004_F // evaluation information end diff --git a/sast-go/cases/accuracy/path_sensitive/exception_throw/exception_catch_001_T/exception_catch_001_T.go b/sast-go/cases/accuracy/path_sensitive/exception_throw/exception_catch_001_T/exception_catch_001_T.go index fd32d112..8d9b5db9 100644 --- a/sast-go/cases/accuracy/path_sensitive/exception_throw/exception_catch_001_T/exception_catch_001_T.go +++ b/sast-go/cases/accuracy/path_sensitive/exception_throw/exception_catch_001_T/exception_catch_001_T.go @@ -1,7 +1,7 @@ // evaluation information start // real case = true // evaluation item = 准确度->路径敏感分析->异常抛出和捕获 -// scene introduction = 异常抛出路径 +// scene introduction = 异常抛出和捕获->不可控错误处理 // level = 3 // bind_url = accuracy/path_sensitive/exception_throw/exception_catch_001_T/exception_catch_001_T // date = 2025-12-01 16:29:18 diff --git a/sast-go/cases/accuracy/path_sensitive/exception_throw/exception_catch_002_F/exception_catch_002_F.go b/sast-go/cases/accuracy/path_sensitive/exception_throw/exception_catch_002_F/exception_catch_002_F.go index b497256f..dab57cdf 100644 --- a/sast-go/cases/accuracy/path_sensitive/exception_throw/exception_catch_002_F/exception_catch_002_F.go +++ b/sast-go/cases/accuracy/path_sensitive/exception_throw/exception_catch_002_F/exception_catch_002_F.go @@ -1,7 +1,7 @@ // evaluation information start // real case = false // evaluation item = 准确度->路径敏感分析->异常抛出和捕获 -// scene introduction = 异常抛出路径 +// scene introduction = 异常抛出和捕获->不可控错误处理 // level = 3 // bind_url = accuracy/path_sensitive/exception_throw/exception_catch_002_F/exception_catch_002_F // date = 2025-12-01 16:29:18 diff --git a/sast-go/cases/accuracy/path_sensitive/exception_throw/exception_catch_003_T/exception_catch_003_T.go b/sast-go/cases/accuracy/path_sensitive/exception_throw/exception_catch_003_T/exception_catch_003_T.go index 41f2fb24..6abe28b0 100644 --- a/sast-go/cases/accuracy/path_sensitive/exception_throw/exception_catch_003_T/exception_catch_003_T.go +++ b/sast-go/cases/accuracy/path_sensitive/exception_throw/exception_catch_003_T/exception_catch_003_T.go @@ -1,7 +1,7 @@ // evaluation information start // real case = true // evaluation item = 准确度->路径敏感分析->异常抛出和捕获 -// scene introduction = 异常抛出路径 +// scene introduction = 异常抛出和捕获->可控错误处理 // level = 3 // bind_url = accuracy/path_sensitive/exception_throw/exception_catch_003_T/exception_catch_003_T // date = 2025-12-01 16:29:18 diff --git a/sast-go/cases/accuracy/path_sensitive/exception_throw/exception_catch_004_F/exception_catch_004_F.go b/sast-go/cases/accuracy/path_sensitive/exception_throw/exception_catch_004_F/exception_catch_004_F.go index 789dd163..ee69e0de 100644 --- a/sast-go/cases/accuracy/path_sensitive/exception_throw/exception_catch_004_F/exception_catch_004_F.go +++ b/sast-go/cases/accuracy/path_sensitive/exception_throw/exception_catch_004_F/exception_catch_004_F.go @@ -1,10 +1,10 @@ // evaluation information start // real case = false // evaluation item = 准确度->路径敏感分析->异常抛出和捕获 -// scene introduction = 异常抛出路径 +// scene introduction = 异常抛出和捕获->可控错误处理 // level = 3 // date = 2025-12-01 16:29:18 -// bind_url = accuracy/path_sensitive/exception_throw/exception_catch_004_F/exception_catch_004_T +// bind_url = accuracy/path_sensitive/exception_throw/exception_catch_004_F/exception_catch_004_F // evaluation information end package main @@ -15,7 +15,7 @@ import ( "os/exec" ) -func exception_catch_003_T(__taint_src string) { +func exception_catch_004_F(__taint_src string) { // 场景特点:在异常抛出路径中传播污点数据 errMsg := createThrow(__taint_src) __taint_sink(errMsg.Error()) @@ -31,5 +31,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - exception_catch_003_T(__taint_src) + exception_catch_004_F(__taint_src) } diff --git a/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_001_T/conditional_if_no_solver_001_T.go b/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_001_T/conditional_if_no_solver_001_T.go index fdb1fdde..cbb76e66 100644 --- a/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_001_T/conditional_if_no_solver_001_T.go +++ b/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_001_T/conditional_if_no_solver_001_T.go @@ -10,7 +10,7 @@ import "os/exec" // bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_001_T/conditional_if_no_solver_001_T // evaluation information end -func conditional_if_no_solver_001_F(__taint_src string) { +func conditional_if_no_solver_001_T(__taint_src string) { var res string if true { res = __taint_src @@ -25,5 +25,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - conditional_if_no_solver_001_F(__taint_src) + conditional_if_no_solver_001_T(__taint_src) } diff --git a/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_001_T/conditional_switch_no_solver_001_T.go b/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_001_T/conditional_switch_no_solver_001_T.go index 4a9a3ec9..df100fba 100644 --- a/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_001_T/conditional_switch_no_solver_001_T.go +++ b/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_001_T/conditional_switch_no_solver_001_T.go @@ -10,7 +10,7 @@ import "os/exec" // bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_001_T/conditional_switch_no_solver_001_T // evaluation information end -func conditional_switch_no_solver_001_F(__taint_src string) { +func conditional_switch_no_solver_001_T(__taint_src string) { res := "" switch 2 { case 1: @@ -27,5 +27,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - conditional_switch_no_solver_001_F(__taint_src) + conditional_switch_no_solver_001_T(__taint_src) } diff --git a/sast-go/cases/completeness/dynamic_tracing/reflect_call/config.json b/sast-go/cases/completeness/dynamic_tracing/reflect_call/config.json index ca837f76..7427f5c0 100644 --- a/sast-go/cases/completeness/dynamic_tracing/reflect_call/config.json +++ b/sast-go/cases/completeness/dynamic_tracing/reflect_call/config.json @@ -8,7 +8,7 @@ "scene_list": [ { "compose": "reflect_call_001_T/reflect_call_001_T.go && !reflect_call_002_F/reflect_call_002_F.go", - "scene": "1" + "scene": "反射调用" } ] } diff --git a/sast-go/cases/completeness/dynamic_tracing/reflect_call/reflect_call_001_T/reflect_call_001_T.go b/sast-go/cases/completeness/dynamic_tracing/reflect_call/reflect_call_001_T/reflect_call_001_T.go index 2a9d7be4..53f4742c 100644 --- a/sast-go/cases/completeness/dynamic_tracing/reflect_call/reflect_call_001_T/reflect_call_001_T.go +++ b/sast-go/cases/completeness/dynamic_tracing/reflect_call/reflect_call_001_T/reflect_call_001_T.go @@ -2,7 +2,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->动态特性跟踪完整度->反射调用 -// scene introduction = +// scene introduction = 反射调用 // level = 3 // bind_url = completeness/dynamic_tracing/reflect_call/reflect_call_001_T/reflect_call_001_T // evaluation information end diff --git a/sast-go/cases/completeness/dynamic_tracing/reflect_call/reflect_call_002_F/reflect_call_002_F.go b/sast-go/cases/completeness/dynamic_tracing/reflect_call/reflect_call_002_F/reflect_call_002_F.go index 0ad654af..9fbef346 100644 --- a/sast-go/cases/completeness/dynamic_tracing/reflect_call/reflect_call_002_F/reflect_call_002_F.go +++ b/sast-go/cases/completeness/dynamic_tracing/reflect_call/reflect_call_002_F/reflect_call_002_F.go @@ -1,8 +1,8 @@ // evaluation information start -// real case = true +// real case = false // evaluation item = 完整度->动态特性跟踪完整度->反射调用 -// scene introduction = +// scene introduction = 反射调用 // level = 3 // bind_url = completeness/dynamic_tracing/reflect_call/reflect_call_002_F/reflect_call_002_F // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/alias/alias_001_F/alias_001_F.go b/sast-go/cases/completeness/single_app_tracing/alias/alias_001_F/alias_001_F.go index d6c7ffc6..c57d6705 100644 --- a/sast-go/cases/completeness/single_app_tracing/alias/alias_001_F/alias_001_F.go +++ b/sast-go/cases/completeness/single_app_tracing/alias/alias_001_F/alias_001_F.go @@ -2,7 +2,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->别名 -// scene introduction = +// scene introduction = 别名 // level = 2 // bind_url = completeness/single_app_tracing/alias/alias_001_F/alias_001_F // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/alias/alias_002_T/alias_002_T.go b/sast-go/cases/completeness/single_app_tracing/alias/alias_002_T/alias_002_T.go index 5a04eb98..2b093d0d 100644 --- a/sast-go/cases/completeness/single_app_tracing/alias/alias_002_T/alias_002_T.go +++ b/sast-go/cases/completeness/single_app_tracing/alias/alias_002_T/alias_002_T.go @@ -1,8 +1,8 @@ // evaluation information start -// real case = false +// real case = true // evaluation item = 完整度->单应用跟踪完整度->别名 -// scene introduction = +// scene introduction = 别名 // level = 2 // bind_url = completeness/single_app_tracing/alias/alias_002_T/alias_002_T // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/alias/config.json b/sast-go/cases/completeness/single_app_tracing/alias/config.json index 9df4b064..ca649665 100644 --- a/sast-go/cases/completeness/single_app_tracing/alias/config.json +++ b/sast-go/cases/completeness/single_app_tracing/alias/config.json @@ -8,7 +8,7 @@ "scene_list": [ { "compose": "!alias_001_F/alias_001_F.go && alias_002_T/alias_002_T.go", - "scene": "1" + "scene": "别名" } ] } diff --git a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/synchronization_primitive_003_T/synchronization_primitive_003_T.go b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/synchronization_primitive_003_T/synchronization_primitive_003_T.go index 31673c15..60a132c7 100644 --- a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/synchronization_primitive_003_T/synchronization_primitive_003_T.go +++ b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/synchronization_primitive_003_T/synchronization_primitive_003_T.go @@ -2,7 +2,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 -// scene introduction = 同步原语-'<-' +// scene introduction = 同步原语-'<-'2 // level = 2 // bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/synchronization_primitive_003_T/synchronization_primitive_003_T // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/synchronization_primitive_004_F/synchronization_primitive_004_F.go b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/synchronization_primitive_004_F/synchronization_primitive_004_F.go index dd67c5ae..ed582802 100644 --- a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/synchronization_primitive_004_F/synchronization_primitive_004_F.go +++ b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/synchronization_primitive_004_F/synchronization_primitive_004_F.go @@ -1,8 +1,8 @@ // evaluation information start -// real case = true +// real case = false // evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 -// scene introduction = 同步原语-'<-' +// scene introduction = 同步原语-'<-'2 // level = 2 // bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/synchronization_primitive_004_F/synchronization_primitive_004_F // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/control_flow/loop_stmt/for_range_001_T/for_range_001_T.go b/sast-go/cases/completeness/single_app_tracing/control_flow/loop_stmt/for_range_001_T/for_range_001_T.go index cf3bcd78..c36edc0a 100644 --- a/sast-go/cases/completeness/single_app_tracing/control_flow/loop_stmt/for_range_001_T/for_range_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/control_flow/loop_stmt/for_range_001_T/for_range_001_T.go @@ -3,7 +3,7 @@ import "os/exec" // evaluation information start -// real case = false +// real case = true // evaluation item = 完整度->单应用跟踪完整度->流程控制语句->循环结构 // scene introduction = for range // level = 2 diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_001_T/cross_directory_001_T_a/cross_directory_001_T_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_001_T/cross_directory_001_T_a/cross_directory_001_T_a.go index b685ad7f..933f19ca 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_001_T/cross_directory_001_T_a/cross_directory_001_T_a.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_001_T/cross_directory_001_T_a/cross_directory_001_T_a.go @@ -2,7 +2,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 跨package +// scene introduction = 跨package1 // level = 2 // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_001_T/cross_directory_001_T_a/cross_directory_001_T_a // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_001_T/cross_directory_001_T_b/cross_directory_001_T_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_001_T/cross_directory_001_T_b/cross_directory_001_T_b.go index 28f1ba31..adea0be9 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_001_T/cross_directory_001_T_b/cross_directory_001_T_b.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_001_T/cross_directory_001_T_b/cross_directory_001_T_b.go @@ -2,7 +2,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 跨package +// scene introduction = 跨package1 // level = 2 // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_001_T/cross_directory_001_T_b/cross_directory_001_T_b // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_002_F/cross_directory_002_F_a/cross_directory_002_F_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_002_F/cross_directory_002_F_a/cross_directory_002_F_a.go index f3cb78be..2a390321 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_002_F/cross_directory_002_F_a/cross_directory_002_F_a.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_002_F/cross_directory_002_F_a/cross_directory_002_F_a.go @@ -2,7 +2,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 跨package +// scene introduction = 跨package1 // level = 2 // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_002_F/cross_directory_002_F_a/cross_directory_002_F_a // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_002_F/cross_directory_002_F_b/cross_directory_002_F_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_002_F/cross_directory_002_F_b/cross_directory_002_F_b.go index 62c77819..ab523703 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_002_F/cross_directory_002_F_b/cross_directory_002_F_b.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_002_F/cross_directory_002_F_b/cross_directory_002_F_b.go @@ -2,7 +2,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 跨package +// scene introduction = 跨package1 // level = 2 // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_002_F/cross_directory_002_F_b/cross_directory_002_F_b // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_003_T/cross/cross_01/cross_02/cross_directory_003_T_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_003_T/cross/cross_01/cross_02/cross_directory_003_T_a.go index e8342f54..60a8d641 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_003_T/cross/cross_01/cross_02/cross_directory_003_T_a.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_003_T/cross/cross_01/cross_02/cross_directory_003_T_a.go @@ -1,7 +1,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 跨package +// scene introduction = 跨package2 // level = 2 // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_003_T/cross/cross_01/cross_02/cross_directory_003_T_a // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_003_T/cross/cross_directory_003_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_003_T/cross/cross_directory_003_T.go index 68c7e309..63c6a477 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_003_T/cross/cross_directory_003_T.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_003_T/cross/cross_directory_003_T.go @@ -6,7 +6,7 @@ import ( // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 跨package +// scene introduction = 跨package2 // level = 2 // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_003_T/cross/cross_directory_003_T // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_004_F/cross/cross_01/cross_02/cross_directory_004_F_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_004_F/cross/cross_01/cross_02/cross_directory_004_F_a.go index 52c2c1c0..5b32977c 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_004_F/cross/cross_01/cross_02/cross_directory_004_F_a.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_004_F/cross/cross_01/cross_02/cross_directory_004_F_a.go @@ -1,7 +1,7 @@ // evaluation information start -// real case = true +// real case = false // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 跨package +// scene introduction = 跨package2 // level = 2 // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_004_F/cross/cross_01/cross_02/cross_directory_004_F_a // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_004_F/cross/cross_directory_004_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_004_F/cross/cross_directory_004_F.go index a78c5009..c8a7c9c9 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_004_F/cross/cross_directory_004_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_004_F/cross/cross_directory_004_F.go @@ -3,9 +3,9 @@ package main import "cross_directory_004_F/cross_01/cross_02" // evaluation information start -// real case = true +// real case = false // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 跨package +// scene introduction = 跨package2 // level = 2 // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_004_F/cross/cross_directory_004_F // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_005_T/cross/cross_01/cross_02/cross_directory_005_T_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_005_T/cross/cross_01/cross_02/cross_directory_005_T_a.go index 6ee5cf72..f647d064 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_005_T/cross/cross_01/cross_02/cross_directory_005_T_a.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_005_T/cross/cross_01/cross_02/cross_directory_005_T_a.go @@ -1,7 +1,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 跨package +// scene introduction = 跨package3 // level = 2 // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_005_T/cross/cross_01/cross_02/cross_directory_005_T_a // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_005_T/cross/cross_directory_005_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_005_T/cross/cross_directory_005_T.go index de3f0e03..6c9327d2 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_005_T/cross/cross_directory_005_T.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_005_T/cross/cross_directory_005_T.go @@ -5,7 +5,7 @@ import "cross_directory_005_T/cross/cross_01/cross_02" // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 跨package +// scene introduction = 跨package3 // level = 2 // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_005_T/cross/cross_directory_005_T // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_006_F/cross/cross_01/cross_02/cross_directory_006_F_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_006_F/cross/cross_01/cross_02/cross_directory_006_F_a.go index 6de70f88..00a3380c 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_006_F/cross/cross_01/cross_02/cross_directory_006_F_a.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_006_F/cross/cross_01/cross_02/cross_directory_006_F_a.go @@ -1,7 +1,7 @@ // evaluation information start -// real case = true +// real case = false // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 跨package +// scene introduction = 跨package3 // level = 2 // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_006_F/cross/cross_01/cross_02/cross_directory_006_F_a // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_006_F/cross/cross_directory_006_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_006_F/cross/cross_directory_006_F.go index ffd05df7..3f0db0ea 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_006_F/cross/cross_directory_006_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_006_F/cross/cross_directory_006_F.go @@ -3,9 +3,9 @@ package main import "cross_directory_006_F/cross/cross_01/cross_02" // evaluation information start -// real case = true +// real case = false // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 跨package +// scene introduction = 跨package3 // level = 2 // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_006_F/cross/cross_directory_006_F // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_007_T/cross/cross_a/cross_directory_a_007_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_007_T/cross/cross_a/cross_directory_a_007_T.go index f0b4dc1a..eb00dbfd 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_007_T/cross/cross_a/cross_directory_a_007_T.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_007_T/cross/cross_a/cross_directory_a_007_T.go @@ -1,7 +1,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 跨package +// scene introduction = 跨package4 // level = 2 // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_007_T/cross/cross_a/cross_directory_a_007_T // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_007_T/cross/cross_a_shadow/cross_directory_shadow_007_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_007_T/cross/cross_a_shadow/cross_directory_shadow_007_T.go index b7c07dcb..2baed700 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_007_T/cross/cross_a_shadow/cross_directory_shadow_007_T.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_007_T/cross/cross_a_shadow/cross_directory_shadow_007_T.go @@ -1,7 +1,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 跨package +// scene introduction = 跨package4 // level = 2 // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_007_T/cross/cross_a_shadow/cross_directory_shadow_007_T // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_008_F/cross/cross_a/cross_directory_a_008_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_008_F/cross/cross_a/cross_directory_a_008_F.go index 328582d1..43b74170 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_008_F/cross/cross_a/cross_directory_a_008_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_008_F/cross/cross_a/cross_directory_a_008_F.go @@ -1,7 +1,7 @@ // evaluation information start -// real case = true +// real case = false // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 跨package +// scene introduction = 跨package4 // level = 2 // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_008_F/cross/cross_a/cross_directory_a_008_F // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_008_F/cross/cross_a_shadow/cross_directory_shadow_008_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_008_F/cross/cross_a_shadow/cross_directory_shadow_008_F.go index a02aa280..17b045fa 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_008_F/cross/cross_a_shadow/cross_directory_shadow_008_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_008_F/cross/cross_a_shadow/cross_directory_shadow_008_F.go @@ -1,7 +1,7 @@ // evaluation information start -// real case = true +// real case = false // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 跨package +// scene introduction = 跨package4 // level = 2 // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_008_F/cross/cross_a_shadow/cross_directory_shadow_008_F // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_008_F/cross/cross_directory_008_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_008_F/cross/cross_directory_008_F.go index aab7a444..63476c24 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_008_F/cross/cross_directory_008_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_008_F/cross/cross_directory_008_F.go @@ -6,7 +6,7 @@ import ( ) // evaluation information start -// real case = true +// real case = false // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 跨package4 // level = 2 diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_010_F/cross/cross_directory_010_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_010_F/cross/cross_directory_010_F.go index a7ff16fa..ab936ce2 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_010_F/cross/cross_directory_010_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_010_F/cross/cross_directory_010_F.go @@ -5,7 +5,7 @@ import ( ) // evaluation information start -// real case = true +// real case = false // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 跨package5 // level = 2 diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_010_F/cross/cross_init/cross_directory_init_010_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_010_F/cross/cross_init/cross_directory_init_010_F.go index edf5a283..26bdf063 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_010_F/cross/cross_init/cross_directory_init_010_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_010_F/cross/cross_init/cross_directory_init_010_F.go @@ -1,7 +1,7 @@ // evaluation information start -// real case = true +// real case = false // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 跨package +// scene introduction = 跨package5 // level = 2 // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_010_F/cross/cross_init/cross_directory_init_010_F // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/cross_directory_011_T_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/cross_directory_011_T_b.go index cf7daea6..5febcc0e 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/cross_directory_011_T_b.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/cross_directory_011_T_b.go @@ -1,7 +1,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = replace包层级调用链 +// scene introduction = replace包层级调用链1 // level = 2 // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/cross_directory_011_T_b // evaluation information end @@ -9,7 +9,7 @@ package cross_directory_011_T_b import "os/exec" -func SayHello(taint_src string) { +func Cross_directory_011_T_b(taint_src string) { __taint_sink(taint_src) } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross_directory_011_T_a/cross_directory_011_T_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross_directory_011_T_a/cross_directory_011_T_a.go index b39f0ded..0366790d 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross_directory_011_T_a/cross_directory_011_T_a.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross_directory_011_T_a/cross_directory_011_T_a.go @@ -1,7 +1,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = replace包层级调用链 +// scene introduction = replace包层级调用链1 // level = 2 // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross_directory_011_T_a/cross_directory_011_T_a // evaluation information end @@ -14,7 +14,7 @@ package main import "cross/cross_01" func cross_directory_011_T_a(__taint_src string) { - cross_directory_011_T_b.SayHello(__taint_src) + cross_directory_011_T_b.Cross_directory_011_T_b(__taint_src) } func main() { diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/cross_directory_012_F_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/cross_directory_012_F_b.go index 4dfdba1c..a2ed68b6 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/cross_directory_012_F_b.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/cross_directory_012_F_b.go @@ -1,7 +1,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = replace包层级调用链 +// scene introduction = replace包层级调用链1 // level = 2 // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/cross_directory_012_F_b // evaluation information end @@ -9,7 +9,7 @@ package cross_directory_012_F_b import "os/exec" -func SayHello(taint_src string) { +func Cross_directory_012_F_b(taint_src string) { __taint_sink("_") } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross_directory_012_F_a/cross_directory_012_F_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross_directory_012_F_a/cross_directory_012_F_a.go index c3e493ea..272565ac 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross_directory_012_F_a/cross_directory_012_F_a.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross_directory_012_F_a/cross_directory_012_F_a.go @@ -1,7 +1,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = replace包层级调用链 +// scene introduction = replace包层级调用链1 // level = 2 // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross_directory_012_F_a/cross_directory_012_F_a // evaluation information end @@ -14,7 +14,7 @@ package main import "cross/cross_01" func cross_directory_012_F_a(__taint_src string) { - cross_directory_012_F_b.SayHello(__taint_src) + cross_directory_012_F_b.Cross_directory_012_F_b(__taint_src) } func main() { diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/cross_directory_013_T_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/cross_directory_013_T_b.go index 8e708924..7ee10930 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/cross_directory_013_T_b.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/cross_directory_013_T_b.go @@ -1,7 +1,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = replace包层级调用链 +// scene introduction = replace包层级调用链2 // level = 2 // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/cross_directory_013_T_b // evaluation information end @@ -9,7 +9,7 @@ package cross_directory_013_T_b import "os/exec" -func SayHello(taint_src string) { +func Cross_directory_013_T_b(taint_src string) { __taint_sink(taint_src) } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross_directory_013_T_a/cross_directory_013_T_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross_directory_013_T_a/cross_directory_013_T_a.go index 56b2b1d8..5ffb7380 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross_directory_013_T_a/cross_directory_013_T_a.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross_directory_013_T_a/cross_directory_013_T_a.go @@ -1,7 +1,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = replace包层级调用链 +// scene introduction = replace包层级调用链2 // level = 2 // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross_directory_013_T_a/cross_directory_013_T_a // evaluation information end @@ -14,7 +14,7 @@ package main import "cross/other/cross_01" func cross_directory_013_T_a(__taint_src string) { - cross_directory_013_T_b.SayHello(__taint_src) + cross_directory_013_T_b.Cross_directory_013_T_b(__taint_src) } func main() { diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/cross_directory_014_F_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/cross_directory_014_F_b.go index f6820707..94993fe1 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/cross_directory_014_F_b.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/cross_directory_014_F_b.go @@ -1,7 +1,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = replace包层级调用链 +// scene introduction = replace包层级调用链2 // level = 2 // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/cross_directory_014_F_b // evaluation information end @@ -9,7 +9,7 @@ package cross_directory_014_F_b import "os/exec" -func SayHello(taint_src string) { +func Cross_directory_014_F_b(taint_src string) { __taint_sink("_") } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross_directory_014_F_a/cross_directory_014_F_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross_directory_014_F_a/cross_directory_014_F_a.go index bc2831d0..663ec5cb 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross_directory_014_F_a/cross_directory_014_F_a.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross_directory_014_F_a/cross_directory_014_F_a.go @@ -1,7 +1,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = replace包层级调用链 +// scene introduction = replace包层级调用链2 // level = 2 // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross_directory_014_F_a/cross_directory_014_F_a // evaluation information end @@ -14,7 +14,7 @@ package main import "cross/other/cross_01" func cross_directory_014_F_a(__taint_src string) { - cross_directory_014_F_b.SayHello(__taint_src) + cross_directory_014_F_b.Cross_directory_014_F_b(__taint_src) } func main() { diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/cross/cross_same_name_021_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/cross/cross_same_name_021_T.go index e85ff593..10a01a25 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/cross/cross_same_name_021_T.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/cross/cross_same_name_021_T.go @@ -9,7 +9,7 @@ package cross_same_name_021_T import "os/exec" -func SayHello(taint_src string) { +func Cross_same_name_021_T(taint_src string) { __taint_sink(taint_src) } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_a.go index 00dbc022..63d326c8 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_a.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_a.go @@ -16,7 +16,7 @@ import "cross_directory_021_T/cross" var __taint_src = "taint_src_value" func init() { - cross_same_name_021_T.SayHello(__taint_src) + cross_same_name_021_T.Cross_same_name_021_T(__taint_src) } func main() { diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_b.go index 22301eb1..f8622a19 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_b.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_b.go @@ -17,7 +17,7 @@ import "cross_directory_021_T/other/cross" var __taint_src = "taint_src_value" func init() { - cross_same_name_021_T.SayHello(__taint_src) + cross_same_name_021_T.Cross_same_name_021_T(__taint_src) } func main() { diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/other/cross/cross_same_name_021_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/other/cross/cross_same_name_021_T.go index a861ccef..d21f4fa9 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/other/cross/cross_same_name_021_T.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/other/cross/cross_same_name_021_T.go @@ -9,7 +9,7 @@ package cross_same_name_021_T import "os/exec" -func SayHello(taint_src string) { +func Cross_same_name_021_T(taint_src string) { __taint_sink(taint_src) } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/cross/cross_same_name_022_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/cross/cross_same_name_022_F.go index 18c85d90..c3e3ec87 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/cross/cross_same_name_022_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/cross/cross_same_name_022_F.go @@ -9,7 +9,7 @@ package cross_same_name_022_F import "os/exec" -func SayHello(taint_src string) { +func Cross_same_name_022_F(taint_src string) { __taint_sink(taint_src) } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_a.go index b948b04a..055422ef 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_a.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_a.go @@ -16,7 +16,7 @@ import "cross_directory_022_F/cross" var __taint_src = "_" func init() { - cross_same_name_022_F.SayHello(__taint_src) + cross_same_name_022_F.Cross_same_name_022_F(__taint_src) } func main() { diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_b.go index bb0eecaf..4ef47dd0 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_b.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_b.go @@ -17,7 +17,7 @@ import "cross_directory_022_F/other/cross" var __taint_src = "abc" func init() { - cross_same_name_022_F.SayHello(__taint_src) + cross_same_name_022_F.Cross_same_name_022_F(__taint_src) } func main() { diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/other/cross/cross_same_name_022_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/other/cross/cross_same_name_022_F.go index 79b1c443..4655347c 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/other/cross/cross_same_name_022_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/other/cross/cross_same_name_022_F.go @@ -10,7 +10,7 @@ package cross_same_name_022_F import "os/exec" -func SayHello(taint_src string) { +func Cross_same_name_022_F(taint_src string) { __taint_sink(taint_src) } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/config.json b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/config.json index 65b4f607..c2738d74 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/config.json +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/config.json @@ -15,7 +15,7 @@ "scene": "跨module-别名" }, { - "compose": "(cross_module_005_T/cross_module_005_T_a/cross_module_005_T.go || cross_module_005_T/cross_module_005_T_b/cross_module_005_T.go) && !(cross_module_006_F/cross_module_006_F_a/cross_module_006_F.go || cross_module_006_F/cross_module_006_F_b/cross_module_006_F.go)", + "compose": "(cross_module_005_T/cross_module_005_T_a/cross_module_005_T_a.go || cross_module_005_T/cross_module_005_T_b/cross_module_005_T_b.go) && !(cross_module_006_F/cross_module_006_F_a/cross_module_006_F_a.go || cross_module_006_F/cross_module_006_F_b/cross_module_006_F_b.go)", "scene": "多Main包模块化管理" } ] diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/cross_module_005_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/cross_module_005_T_a.go similarity index 94% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/cross_module_005_T.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/cross_module_005_T_a.go index a74b8beb..c8db3cc4 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/cross_module_005_T.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/cross_module_005_T_a.go @@ -3,7 +3,7 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 // scene introduction = 多Main包模块化管理 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/cross_module_005_T +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/cross_module_005_T_a // evaluation information end // 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T @@ -24,6 +24,6 @@ func __taint_sink(o interface{}) { } func main() { - __taint_src := "taint_src_value_main1" + __taint_src := "taint_src_value" cross_module_005_T_a(__taint_src) } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/cross_module_005_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/cross_module_005_T_b.go similarity index 94% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/cross_module_005_T.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/cross_module_005_T_b.go index 0b996094..71a04dfa 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/cross_module_005_T.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/cross_module_005_T_b.go @@ -3,7 +3,7 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 // scene introduction = 多Main包模块化管理 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/cross_module_005_T +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/cross_module_005_T_b // evaluation information end // 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T @@ -24,6 +24,6 @@ func __taint_sink(o interface{}) { } func main() { - __taint_src := "taint_src_value_main2" + __taint_src := "taint_src_value" cross_module_005_T_b(__taint_src) } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/cross_module_006_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/cross_module_006_F_a.go similarity index 94% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/cross_module_006_F.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/cross_module_006_F_a.go index a1d349cf..551b080c 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/cross_module_006_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/cross_module_006_F_a.go @@ -3,7 +3,7 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 // scene introduction = 多Main包模块化管理 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/cross_module_006_F +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/cross_module_006_F_a // evaluation information end // 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F @@ -24,6 +24,6 @@ func __taint_sink(o interface{}) { } func main() { - __taint_src := "taint_src_value_main1" + __taint_src := "taint_src_value" cross_module_006_F_a(__taint_src) } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/cross_module_006_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/cross_module_006_F_b.go similarity index 94% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/cross_module_006_F.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/cross_module_006_F_b.go index b6f93e06..7da33a39 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/cross_module_006_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/cross_module_006_F_b.go @@ -3,7 +3,7 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 // scene introduction = 多Main包模块化管理 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/cross_module_006_F +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/cross_module_006_F_b // evaluation information end // 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F @@ -24,6 +24,6 @@ func __taint_sink(o interface{}) { } func main() { - __taint_src := "taint_src_value_main2" + __taint_src := "taint_src_value" cross_module_006_F_b(__taint_src) } diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/array/array_001_T/array_001_T.go b/sast-go/cases/completeness/single_app_tracing/datatype/array/array_001_T/array_001_T.go index 40e45969..af85c5a1 100644 --- a/sast-go/cases/completeness/single_app_tracing/datatype/array/array_001_T/array_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/datatype/array/array_001_T/array_001_T.go @@ -2,7 +2,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->数组 -// scene introduction = +// scene introduction = 一维数组 // level = 2 // bind_url = completeness/single_app_tracing/datatype/array/array_001_T/array_001_T // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/array/array_002_F/array_002_F.go b/sast-go/cases/completeness/single_app_tracing/datatype/array/array_002_F/array_002_F.go index 72a5b1fa..ad459e1a 100644 --- a/sast-go/cases/completeness/single_app_tracing/datatype/array/array_002_F/array_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/datatype/array/array_002_F/array_002_F.go @@ -2,7 +2,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->数组 -// scene introduction = +// scene introduction = 一维数组 // level = 2 // bind_url = completeness/single_app_tracing/datatype/array/array_002_F/array_002_F // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/array/array_005_T/array_005_T.go b/sast-go/cases/completeness/single_app_tracing/datatype/array/array_005_T/array_005_T.go index 8104a023..f776e339 100644 --- a/sast-go/cases/completeness/single_app_tracing/datatype/array/array_005_T/array_005_T.go +++ b/sast-go/cases/completeness/single_app_tracing/datatype/array/array_005_T/array_005_T.go @@ -2,7 +2,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->数组 -// scene introduction = +// scene introduction = 数组参数 // level = 2 // bind_url = completeness/single_app_tracing/datatype/array/array_005_T/array_005_T // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/array/array_006_F/array_006_F.go b/sast-go/cases/completeness/single_app_tracing/datatype/array/array_006_F/array_006_F.go index d9c11de2..7aa5084b 100644 --- a/sast-go/cases/completeness/single_app_tracing/datatype/array/array_006_F/array_006_F.go +++ b/sast-go/cases/completeness/single_app_tracing/datatype/array/array_006_F/array_006_F.go @@ -2,7 +2,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->数组 -// scene introduction = +// scene introduction = 数组参数 // level = 2 // bind_url = completeness/single_app_tracing/datatype/array/array_006_F/array_006_F // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/array/array_007_T/array_007_T.go b/sast-go/cases/completeness/single_app_tracing/datatype/array/array_007_T/array_007_T.go index 3fd743ea..a11c579c 100644 --- a/sast-go/cases/completeness/single_app_tracing/datatype/array/array_007_T/array_007_T.go +++ b/sast-go/cases/completeness/single_app_tracing/datatype/array/array_007_T/array_007_T.go @@ -2,7 +2,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->数组 -// scene introduction = +// scene introduction = 不固定长度数组 // level = 2 // bind_url = completeness/single_app_tracing/datatype/array/array_007_T/array_007_T // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/array/array_008_F/array_008_F.go b/sast-go/cases/completeness/single_app_tracing/datatype/array/array_008_F/array_008_F.go index 33978daf..afd2e448 100644 --- a/sast-go/cases/completeness/single_app_tracing/datatype/array/array_008_F/array_008_F.go +++ b/sast-go/cases/completeness/single_app_tracing/datatype/array/array_008_F/array_008_F.go @@ -2,7 +2,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->数组 -// scene introduction = +// scene introduction = 不固定长度数组 // level = 2 // bind_url = completeness/single_app_tracing/datatype/array/array_008_F/array_008_F // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/array/config.json b/sast-go/cases/completeness/single_app_tracing/datatype/array/config.json index 62d1f875..3054c8c9 100644 --- a/sast-go/cases/completeness/single_app_tracing/datatype/array/config.json +++ b/sast-go/cases/completeness/single_app_tracing/datatype/array/config.json @@ -8,7 +8,7 @@ "scene_list": [ { "compose": "array_001_T/array_001_T.go && !array_002_F/array_002_F.go", - "scene": "1" + "scene": "一维数组" }, { "compose": "array_003_T/array_003_T.go && !array_004_F/array_004_F.go", @@ -16,11 +16,11 @@ }, { "compose": "array_005_T/array_005_T.go && !array_006_F/array_006_F.go", - "scene": "2" + "scene": "数组参数" }, { "compose": "array_007_T/array_007_T.go && !array_008_F/array_008_F.go", - "scene": "3" + "scene": "不固定长度数组" }, { "compose": "array_slice_001_T/array_slice_001_T.go && !array_slice_002_F/array_slice_002_F.go", diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/generics/config.json b/sast-go/cases/completeness/single_app_tracing/datatype/generics/config.json index 2eff75e5..c3388d36 100644 --- a/sast-go/cases/completeness/single_app_tracing/datatype/generics/config.json +++ b/sast-go/cases/completeness/single_app_tracing/datatype/generics/config.json @@ -8,7 +8,7 @@ "scene_list": [ { "compose": "generics_001_T/generics_001_T.go && !generics_002_F/generics_002_F.go", - "scene": "1" + "scene": "泛型" } ] } diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/generics/generics_001_T/generics_001_T.go b/sast-go/cases/completeness/single_app_tracing/datatype/generics/generics_001_T/generics_001_T.go index 80350c89..2a5539a0 100644 --- a/sast-go/cases/completeness/single_app_tracing/datatype/generics/generics_001_T/generics_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/datatype/generics/generics_001_T/generics_001_T.go @@ -2,7 +2,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->泛型 -// scene introduction = +// scene introduction = 泛型 // level = 2 // bind_url = completeness/single_app_tracing/datatype/generics/generics_001_T/generics_001_T // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/generics/generics_002_F/generics_002_F.go b/sast-go/cases/completeness/single_app_tracing/datatype/generics/generics_002_F/generics_002_F.go index 63d7bd9d..f73ed99e 100644 --- a/sast-go/cases/completeness/single_app_tracing/datatype/generics/generics_002_F/generics_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/datatype/generics/generics_002_F/generics_002_F.go @@ -2,7 +2,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->泛型 -// scene introduction = +// scene introduction = 泛型 // level = 2 // bind_url = completeness/single_app_tracing/datatype/generics/generics_002_F/generics_002_F // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/map/map_003_T/map_003_T.go b/sast-go/cases/completeness/single_app_tracing/datatype/map/map_003_T/map_003_T.go index dbdd3952..e69d6290 100644 --- a/sast-go/cases/completeness/single_app_tracing/datatype/map/map_003_T/map_003_T.go +++ b/sast-go/cases/completeness/single_app_tracing/datatype/map/map_003_T/map_003_T.go @@ -2,7 +2,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字典 -// scene introduction = 字典/映射(Map)对象 +// scene introduction = 字典/映射(Map)对象2 // level = 2 // bind_url = completeness/single_app_tracing/datatype/map/map_003_T/map_003_T // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/map/map_004_F/map_004_F.go b/sast-go/cases/completeness/single_app_tracing/datatype/map/map_004_F/map_004_F.go index e5f99aa3..15d3ab96 100644 --- a/sast-go/cases/completeness/single_app_tracing/datatype/map/map_004_F/map_004_F.go +++ b/sast-go/cases/completeness/single_app_tracing/datatype/map/map_004_F/map_004_F.go @@ -2,7 +2,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字典 -// scene introduction = 字典/映射(Map)对象 +// scene introduction = 字典/映射(Map)对象2 // level = 2 // bind_url = completeness/single_app_tracing/datatype/map/map_004_F/map_004_F // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/slice/config.json b/sast-go/cases/completeness/single_app_tracing/datatype/slice/config.json index e044acf1..502123c1 100644 --- a/sast-go/cases/completeness/single_app_tracing/datatype/slice/config.json +++ b/sast-go/cases/completeness/single_app_tracing/datatype/slice/config.json @@ -8,7 +8,7 @@ "scene_list": [ { "compose": "slice_001_T/slice_001_T.go && !slice_002_F/slice_002_F.go", - "scene": "1" + "scene": "字面量切片" }, { "compose": "slice_003_T/slice_003_T.go && !slice_004_F/slice_004_F.go", diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/slice/slice_001_T/slice_001_T.go b/sast-go/cases/completeness/single_app_tracing/datatype/slice/slice_001_T/slice_001_T.go index 78906da9..d6988d1f 100644 --- a/sast-go/cases/completeness/single_app_tracing/datatype/slice/slice_001_T/slice_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/datatype/slice/slice_001_T/slice_001_T.go @@ -2,7 +2,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->切片 -// scene introduction = +// scene introduction = 字面量切片 // level = 2 // bind_url = completeness/single_app_tracing/datatype/slice/slice_001_T/slice_001_T // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/slice/slice_002_F/slice_002_F.go b/sast-go/cases/completeness/single_app_tracing/datatype/slice/slice_002_F/slice_002_F.go index b1df04af..58038642 100644 --- a/sast-go/cases/completeness/single_app_tracing/datatype/slice/slice_002_F/slice_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/datatype/slice/slice_002_F/slice_002_F.go @@ -2,7 +2,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->切片 -// scene introduction = +// scene introduction = 字面量切片 // level = 2 // bind_url = completeness/single_app_tracing/datatype/slice/slice_002_F/slice_002_F // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/specialtype/channel_001_T/channel_001_T.go b/sast-go/cases/completeness/single_app_tracing/datatype/specialtype/channel_001_T/channel_001_T.go index 307c5985..aab32df3 100644 --- a/sast-go/cases/completeness/single_app_tracing/datatype/specialtype/channel_001_T/channel_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/datatype/specialtype/channel_001_T/channel_001_T.go @@ -2,7 +2,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->通道 -// scene introduction = +// scene introduction = 通道 // level = 2 // bind_url = completeness/single_app_tracing/datatype/specialtype/channel_001_T/channel_001_T // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/specialtype/channel_002_F/channel_002_F.go b/sast-go/cases/completeness/single_app_tracing/datatype/specialtype/channel_002_F/channel_002_F.go index c4f91476..b43f5f4b 100644 --- a/sast-go/cases/completeness/single_app_tracing/datatype/specialtype/channel_002_F/channel_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/datatype/specialtype/channel_002_F/channel_002_F.go @@ -2,7 +2,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->通道 -// scene introduction = +// scene introduction = 通道 // level = 2 // bind_url = completeness/single_app_tracing/datatype/specialtype/channel_002_F/channel_002_F // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/specialtype/config.json b/sast-go/cases/completeness/single_app_tracing/datatype/specialtype/config.json index 6743642c..9dc06a46 100644 --- a/sast-go/cases/completeness/single_app_tracing/datatype/specialtype/config.json +++ b/sast-go/cases/completeness/single_app_tracing/datatype/specialtype/config.json @@ -8,7 +8,7 @@ "scene_list": [ { "compose": "channel_001_T/channel_001_T.go && !channel_002_F/channel_002_F.go", - "scene": "1" + "scene": "通道" } ] } diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/string/string_slice_001_T/string_slice_001_T.go b/sast-go/cases/completeness/single_app_tracing/datatype/string/string_slice_001_T/string_slice_001_T.go index f9bffcd6..8c55ca6c 100644 --- a/sast-go/cases/completeness/single_app_tracing/datatype/string/string_slice_001_T/string_slice_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/datatype/string/string_slice_001_T/string_slice_001_T.go @@ -1,5 +1,5 @@ // evaluation information start -// real case = false +// real case = true // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字符串 // scene introduction = 字符串切片 // level = 2 diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/struct/complex_struct_002_F/complex_struct_002_F.go b/sast-go/cases/completeness/single_app_tracing/datatype/struct/complex_struct_002_F/complex_struct_002_F.go index ed00a455..7ebbe04a 100644 --- a/sast-go/cases/completeness/single_app_tracing/datatype/struct/complex_struct_002_F/complex_struct_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/datatype/struct/complex_struct_002_F/complex_struct_002_F.go @@ -1,5 +1,5 @@ // evaluation information start -// real case = true +// real case = false // evaluation item =完整度->单应用跟踪完整度->数据类型和结构->结构体 // scene introduction = 复杂结构体 // level = 2 diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/struct/struct_003_T/struct_003_T.go b/sast-go/cases/completeness/single_app_tracing/datatype/struct/struct_003_T/struct_003_T.go index 0eafc3f3..3fae3f1e 100644 --- a/sast-go/cases/completeness/single_app_tracing/datatype/struct/struct_003_T/struct_003_T.go +++ b/sast-go/cases/completeness/single_app_tracing/datatype/struct/struct_003_T/struct_003_T.go @@ -2,7 +2,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->结构体 -// scene introduction = 结构体 +// scene introduction = 结构体2 // level = 2 // bind_url = completeness/single_app_tracing/datatype/struct/struct_003_T/struct_003_T // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/struct/struct_004_F/struct_004_F.go b/sast-go/cases/completeness/single_app_tracing/datatype/struct/struct_004_F/struct_004_F.go index 0b1c1f8a..68e09081 100644 --- a/sast-go/cases/completeness/single_app_tracing/datatype/struct/struct_004_F/struct_004_F.go +++ b/sast-go/cases/completeness/single_app_tracing/datatype/struct/struct_004_F/struct_004_F.go @@ -2,7 +2,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->结构体 -// scene introduction = 结构体 +// scene introduction = 结构体2 // level = 2 // bind_url = completeness/single_app_tracing/datatype/struct/struct_004_F/struct_004_F // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/struct/struct_005_T/struct_005_T.go b/sast-go/cases/completeness/single_app_tracing/datatype/struct/struct_005_T/struct_005_T.go index badddd37..f9ab37a0 100644 --- a/sast-go/cases/completeness/single_app_tracing/datatype/struct/struct_005_T/struct_005_T.go +++ b/sast-go/cases/completeness/single_app_tracing/datatype/struct/struct_005_T/struct_005_T.go @@ -2,7 +2,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->结构体 -// scene introduction = 结构体 +// scene introduction = 结构体3 // level = 2 // bind_url = completeness/single_app_tracing/datatype/struct/struct_005_T/struct_005_T // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/struct/struct_006_F/struct_006_F.go b/sast-go/cases/completeness/single_app_tracing/datatype/struct/struct_006_F/struct_006_F.go index 22dad56d..2d53089c 100644 --- a/sast-go/cases/completeness/single_app_tracing/datatype/struct/struct_006_F/struct_006_F.go +++ b/sast-go/cases/completeness/single_app_tracing/datatype/struct/struct_006_F/struct_006_F.go @@ -2,7 +2,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->结构体 -// scene introduction = 结构体 +// scene introduction = 结构体3 // level = 2 // bind_url = completeness/single_app_tracing/datatype/struct/struct_006_F/struct_006_F // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/exception_error/exception_throw/exception_throw_004_F/exception_throw_004_F.go b/sast-go/cases/completeness/single_app_tracing/exception_error/exception_throw/exception_throw_004_F/exception_throw_004_F.go index 0507ebb8..186a3916 100644 --- a/sast-go/cases/completeness/single_app_tracing/exception_error/exception_throw/exception_throw_004_F/exception_throw_004_F.go +++ b/sast-go/cases/completeness/single_app_tracing/exception_error/exception_throw/exception_throw_004_F/exception_throw_004_F.go @@ -22,7 +22,7 @@ func (e *CustomError) Error() string { return e.message } -func exception_throw_004_T(__taint_src string) { +func exception_throw_004_F(__taint_src string) { defer func() { if r := recover(); r != nil { defer func() { @@ -48,5 +48,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - exception_throw_004_T(__taint_src) + exception_throw_004_F(__taint_src) } diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_009_T/binary_009_T.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_009_T/binary_009_T.go index 4c3ca0d9..c42d674d 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_009_T/binary_009_T.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_009_T/binary_009_T.go @@ -1,5 +1,5 @@ // evaluation information start -// real case = false +// real case = true // evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 // scene introduction = 二元运算->取模 // level = 2 diff --git a/sast-go/cases/completeness/single_app_tracing/expression/special_expression/spread_operator_001_T/spread_operator_001_T.go b/sast-go/cases/completeness/single_app_tracing/expression/special_expression/spread_operator_001_T/spread_operator_001_T.go index 9d6ad6fd..7d2deac1 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/special_expression/spread_operator_001_T/spread_operator_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/special_expression/spread_operator_001_T/spread_operator_001_T.go @@ -2,7 +2,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -// scene introduction = 扩展运算符 +// scene introduction = 扩展运算符2 // level = 2 // bind_url = completeness/single_app_tracing/expression/special_expression/spread_operator_001_T/spread_operator_001_T // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/expression/special_expression/spread_operator_002_F/spread_operator_002_F.go b/sast-go/cases/completeness/single_app_tracing/expression/special_expression/spread_operator_002_F/spread_operator_002_F.go index 2a4ab10b..63617851 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/special_expression/spread_operator_002_F/spread_operator_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/special_expression/spread_operator_002_F/spread_operator_002_F.go @@ -2,7 +2,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -// scene introduction = 扩展运算符 +// scene introduction = 扩展运算符2 // level = 2 // bind_url = completeness/single_app_tracing/expression/special_expression/spread_operator_002_F/spread_operator_002_F // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_007_T/type_cast_007_T.go b/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_007_T/type_cast_007_T.go index e385fa25..fe9409e3 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_007_T/type_cast_007_T.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_007_T/type_cast_007_T.go @@ -25,6 +25,6 @@ func __taint_sink(o interface{}) { } func main() { - __taint_src := "tainted_string" + __taint_src := "taint_src_value" type_cast_007_T(&__taint_src) } diff --git a/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_008_F/type_cast_008_F.go b/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_008_F/type_cast_008_F.go index 3754fcb1..fcbcab85 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_008_F/type_cast_008_F.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_008_F/type_cast_008_F.go @@ -26,6 +26,6 @@ func __taint_sink(o interface{}) { } func main() { - __taint_src := "tainted_string" + __taint_src := "taint_src_value" type_cast_008_F(&__taint_src) } diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_002_T/argument_passing_value_002_T.go b/sast-go/cases/completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_002_T/argument_passing_value_002_T.go index 97c7f3cb..bc82da16 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_002_T/argument_passing_value_002_T.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_002_T/argument_passing_value_002_T.go @@ -3,7 +3,7 @@ // real case = true // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->参数传递 // scene introduction = 普通 -// level = 2 +// level = 2 // bind_url = completeness/single_app_tracing/function_call/argument_passing/argument_passing_value_002_T/argument_passing_value_002_T // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_003_T/chained_call_003_T.go b/sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_003_T/chained_call_003_T.go index d5b950aa..524a9c3e 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_003_T/chained_call_003_T.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_003_T/chained_call_003_T.go @@ -1,7 +1,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->链式调用 -// scene introduction = 链式调用 +// scene introduction = 链式调用2 // level = 2 // bind_url = completeness/single_app_tracing/function_call/chained_call/chained_call_003_T/chained_call_003_T // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_004_F/chained_call_004_F.go b/sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_004_F/chained_call_004_F.go index f415ceb0..f535743d 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_004_F/chained_call_004_F.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_004_F/chained_call_004_F.go @@ -1,7 +1,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->链式调用 -// scene introduction = 链式调用 +// scene introduction = 链式调用2 // level = 2 // bind_url = completeness/single_app_tracing/function_call/chained_call/chained_call_004_F/chained_call_004_F // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/library_function/arg_arg_001_T/arg_arg_001_T.go b/sast-go/cases/completeness/single_app_tracing/function_call/library_function/arg_arg_001_T/arg_arg_001_T.go index cc649f35..64e4a689 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/library_function/arg_arg_001_T/arg_arg_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/library_function/arg_arg_001_T/arg_arg_001_T.go @@ -1,6 +1,5 @@ package main - // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->库函数调用 @@ -10,13 +9,13 @@ package main // evaluation information end import ( - "os/exec" "encoding/json" "fmt" + "os/exec" ) func arg_arg_001_T(__taint_src string) { - taintedData := __taint_src + taintedData := "{\"key\": \"" + __taint_src + "\"}" result, err := process(taintedData) _ = err __taint_sink(result) @@ -30,9 +29,9 @@ func process(arg string) (map[string]interface{}, error) { func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() - } +} func main() { - __taint_src := "taint_src_value" - arg_arg_001_T(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + arg_arg_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/library_function/arg_arg_002_F/arg_arg_002_F.go b/sast-go/cases/completeness/single_app_tracing/function_call/library_function/arg_arg_002_F/arg_arg_002_F.go index 87767049..9df40062 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/library_function/arg_arg_002_F/arg_arg_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/library_function/arg_arg_002_F/arg_arg_002_F.go @@ -1,6 +1,5 @@ package main - // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->库函数调用 @@ -10,13 +9,13 @@ package main // evaluation information end import ( - "os/exec" "encoding/json" "fmt" + "os/exec" ) func arg_arg_002_F(__taint_src string) { - taintedData := __taint_src + taintedData := "{\"key\": \"" + __taint_src + "\"}" result, err := process(taintedData) _ = result __taint_sink(err) @@ -31,9 +30,9 @@ func process(arg string) (map[string]interface{}, error) { func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() - } +} func main() { - __taint_src := "{\"key\": \"taint_src_value\"}" - arg_arg_002_F(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + arg_arg_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/library_function/arg_return_003_T/arg_return_003_T.go b/sast-go/cases/completeness/single_app_tracing/function_call/library_function/arg_return_003_T/arg_return_003_T.go index 6d10cc49..9d8104db 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/library_function/arg_return_003_T/arg_return_003_T.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/library_function/arg_return_003_T/arg_return_003_T.go @@ -7,7 +7,7 @@ import "strconv" // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->库函数调用 -// scene introduction = 从参数传播到返回值 +// scene introduction = 从参数传播到返回值2 // level = 2 // bind_url = completeness/single_app_tracing/function_call/library_function/arg_return_003_T/arg_return_003_T // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/library_function/arg_return_004_F/arg_return_004_F.go b/sast-go/cases/completeness/single_app_tracing/function_call/library_function/arg_return_004_F/arg_return_004_F.go index 3a35153b..c1086934 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/library_function/arg_return_004_F/arg_return_004_F.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/library_function/arg_return_004_F/arg_return_004_F.go @@ -7,7 +7,7 @@ import "strconv" // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->库函数调用 -// scene introduction = 从参数传播到返回值 +// scene introduction = 从参数传播到返回值2 // level = 2 // bind_url = completeness/single_app_tracing/function_call/library_function/arg_return_004_F/arg_return_004_F // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_001_T/if_return_nil_001_T.go b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_001_T/if_return_nil_001_T.go index 88d20fb6..1be40ec1 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_001_T/if_return_nil_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_001_T/if_return_nil_001_T.go @@ -1,7 +1,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->返回值传递 -// scene introduction = 条件返回nil +// scene introduction = 条件返回nil // level = 2 // bind_url = completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_001_T/if_return_nil_001_T // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_002_F/if_return_nil_002_F.go b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_002_F/if_return_nil_002_F.go index 31919a39..f169f5ee 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_002_F/if_return_nil_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_002_F/if_return_nil_002_F.go @@ -1,7 +1,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->返回值传递 -// scene introduction = 条件返回nil +// scene introduction = 条件返回nil // level = 2 // bind_url = completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_002_F/if_return_nil_002_F // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_001_F/multiple_return_001_F.go b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_001_F/multiple_return_001_F.go index 3c6849f7..0299f3eb 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_001_F/multiple_return_001_F.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_001_F/multiple_return_001_F.go @@ -2,7 +2,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->返回值传递 -// scene introduction = 多返回值传递 +// scene introduction = 多返回值传递 // level = 2 // bind_url = completeness/single_app_tracing/function_call/return_value_passing/multiple_return_001_F/multiple_return_001_F // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_002_T/multiple_return_002_T.go b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_002_T/multiple_return_002_T.go index 3648e643..962a2748 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_002_T/multiple_return_002_T.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_002_T/multiple_return_002_T.go @@ -2,7 +2,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->返回值传递 -// scene introduction = 多返回值传递 +// scene introduction = 多返回值传递 // level = 2 // bind_url = completeness/single_app_tracing/function_call/return_value_passing/multiple_return_002_T/multiple_return_002_T // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_003_F/named_return_003_F.go b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_003_F/named_return_003_F.go index 9ebf7529..94c80e59 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_003_F/named_return_003_F.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_003_F/named_return_003_F.go @@ -2,7 +2,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->返回值传递 -// scene introduction = 具名返回值 +// scene introduction = 具名返回值2 // level = 2 // bind_url = completeness/single_app_tracing/function_call/return_value_passing/named_return_003_F/named_return_003_F // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_004_T/named_return_004_T.go b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_004_T/named_return_004_T.go index 56de69c5..1966d286 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_004_T/named_return_004_T.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_004_T/named_return_004_T.go @@ -2,7 +2,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->返回值传递 -// scene introduction = 具名返回值 +// scene introduction = 具名返回值2 // level = 2 // bind_url = completeness/single_app_tracing/function_call/return_value_passing/named_return_004_T/named_return_004_T // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/call_anonymous_object_method_001_T/call_anonymous_object_method_001_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/call_anonymous_object_method_001_T/call_anonymous_object_method_001_T.go index d2a11838..31bdf69f 100644 --- a/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/call_anonymous_object_method_001_T/call_anonymous_object_method_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/call_anonymous_object_method_001_T/call_anonymous_object_method_001_T.go @@ -14,7 +14,7 @@ import ( "os/exec" ) -func call_anonymous_object_method_005_T(__taint_src string) { +func call_anonymous_object_method_001_T(__taint_src string) { // 场景特点:匿名对象定义方法并调用返回污染数据 obj := struct { getName func() string @@ -35,5 +35,5 @@ func taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - call_anonymous_object_method_005_T(__taint_src) + call_anonymous_object_method_001_T(__taint_src) } diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/call_anonymous_object_method_002_F/call_anonymous_object_method_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/call_anonymous_object_method_002_F/call_anonymous_object_method_002_F.go index adc76a0b..f3ddffd8 100644 --- a/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/call_anonymous_object_method_002_F/call_anonymous_object_method_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/call_anonymous_object_method_002_F/call_anonymous_object_method_002_F.go @@ -14,7 +14,7 @@ import ( "os/exec" ) -func call_anonymous_object_method_006_F(__taint_src string) { +func call_anonymous_object_method_002_F(__taint_src string) { // 场景特点:匿名对象定义方法并调用返回安全数据 obj := struct { getName func() string @@ -35,5 +35,5 @@ func taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - call_anonymous_object_method_006_F(__taint_src) + call_anonymous_object_method_002_F(__taint_src) } diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/write_anonymous_object_field_001_T/write_anonymous_object_field_001_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/write_anonymous_object_field_001_T/write_anonymous_object_field_001_T.go index 63b5688c..100b2c47 100644 --- a/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/write_anonymous_object_field_001_T/write_anonymous_object_field_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/write_anonymous_object_field_001_T/write_anonymous_object_field_001_T.go @@ -14,7 +14,7 @@ import ( "os/exec" ) -func write_anonymous_object_field_003_T(__taint_src string) { +func write_anonymous_object_field_001_T(__taint_src string) { // 场景特点:向匿名对象的字段写入污染数据 person := struct { name string @@ -33,5 +33,5 @@ func taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - write_anonymous_object_field_003_T(__taint_src) + write_anonymous_object_field_001_T(__taint_src) } diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/write_anonymous_object_field_002_F/write_anonymous_object_field_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/write_anonymous_object_field_002_F/write_anonymous_object_field_002_F.go index 7fa11388..9a77c628 100644 --- a/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/write_anonymous_object_field_002_F/write_anonymous_object_field_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/write_anonymous_object_field_002_F/write_anonymous_object_field_002_F.go @@ -14,7 +14,7 @@ import ( "os/exec" ) -func write_anonymous_object_field_004_F(__taint_src string) { +func write_anonymous_object_field_002_F(__taint_src string) { // 场景特点:向匿名对象的字段写入安全数据 person := struct { name string @@ -33,5 +33,5 @@ func taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - write_anonymous_object_field_004_F(__taint_src) + write_anonymous_object_field_002_F(__taint_src) } diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/direct_assignment_001_T/direct_assignment_002_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/direct_assignment_001_T/direct_assignment_002_T.go index e8fc870d..b44fdb55 100644 --- a/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/direct_assignment_001_T/direct_assignment_002_T.go +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/direct_assignment_001_T/direct_assignment_002_T.go @@ -10,7 +10,7 @@ package main import "os/exec" -func interface_direct_assignment_003_T(__taint_src string) { +func direct_assignment_002_T(__taint_src string) { // 场景特点:接口类型变量直接赋值为实现类实例 var testInterface IIctest testImpl := &IctestImpl{} @@ -40,5 +40,5 @@ func (s *IctestImpl) test(taint_src string) (interface{}, error) { func main() { __taint_src := "taint_src_value" - interface_direct_assignment_003_T(__taint_src) + direct_assignment_002_T(__taint_src) } diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/direct_assignment_002_F/direct_assignment_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/direct_assignment_002_F/direct_assignment_002_F.go index 4a73bae7..9e6e25b5 100644 --- a/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/direct_assignment_002_F/direct_assignment_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/direct_assignment_002_F/direct_assignment_002_F.go @@ -10,7 +10,7 @@ package main import "os/exec" -func interface_direct_assignment_004_F(__taint_src string) { +func direct_assignment_002_F(__taint_src string) { // 场景特点:接口类型变量直接赋值为实现类实例 var testInterface IIctest testImpl := &IctestImpl{} @@ -40,5 +40,5 @@ func (s *IctestImpl) test(taint_src string) (interface{}, error) { func main() { __taint_src := "taint_src_value" - interface_direct_assignment_004_F(__taint_src) + direct_assignment_002_F(__taint_src) } diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/field_assignment_001_T/field_assignment_001_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/field_assignment_001_T/field_assignment_001_T.go index d837ff8a..67b68c83 100644 --- a/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/field_assignment_001_T/field_assignment_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/field_assignment_001_T/field_assignment_001_T.go @@ -10,7 +10,7 @@ package main import "os/exec" -func interface_field_assignment_011_T(__taint_src string) { +func field_assignment_001_T(__taint_src string) { // 场景特点:将接口类型字段赋值为实现类实例 container := &Container{} testImpl := &IctestImpl{} @@ -45,5 +45,5 @@ type Container struct { func main() { __taint_src := "taint_src_value" - interface_field_assignment_011_T(__taint_src) + field_assignment_001_T(__taint_src) } diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/field_assignment_002_F/field_assignment_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/field_assignment_002_F/field_assignment_002_F.go index 1ab9a845..4ec0b35e 100644 --- a/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/field_assignment_002_F/field_assignment_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/field_assignment_002_F/field_assignment_002_F.go @@ -10,7 +10,7 @@ package main import "os/exec" -func interface_field_assignment_012_F(__taint_src string) { +func field_assignment_002_F(__taint_src string) { // 场景特点:将接口类型字段赋值为实现类实例 container := &Container{} testImpl := &IctestImpl{} @@ -45,5 +45,5 @@ type Container struct { func main() { __taint_src := "taint_src_value" - interface_field_assignment_012_F(__taint_src) + field_assignment_002_F(__taint_src) } diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/field_write_001_T/field_write_001_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/field_write_001_T/field_write_001_T.go index 06f5ac00..2f5b0371 100644 --- a/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/field_write_001_T/field_write_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/field_write_001_T/field_write_001_T.go @@ -23,7 +23,7 @@ type SubClass struct { Base } -func subclass_field_write_005_T(__taint_src string) { +func field_write_001_T(__taint_src string) { // 场景特点:给子类结构体字段直接赋值 var s SubClass s.id = 1 @@ -37,5 +37,5 @@ func taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - subclass_field_write_005_T(__taint_src) + field_write_001_T(__taint_src) } diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/field_write_002_F/field_write_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/field_write_002_F/field_write_002_F.go index c4237940..8bdc2cbf 100644 --- a/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/field_write_002_F/field_write_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/field_write_002_F/field_write_002_F.go @@ -23,7 +23,7 @@ type SubClass struct { Base } -func subclass_field_write_006_F(__taint_src string) { +func field_write_002_F(__taint_src string) { // 场景特点:给子类结构体字段直接赋值但使用安全值 var s SubClass s.id = 1 @@ -37,5 +37,5 @@ func taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - subclass_field_write_006_F(__taint_src) + field_write_002_F(__taint_src) } diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/method_call_001_T/method_call_001_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/method_call_001_T/method_call_001_T.go index 64f5618f..e2d389b0 100644 --- a/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/method_call_001_T/method_call_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/method_call_001_T/method_call_001_T.go @@ -31,7 +31,7 @@ func (s SubClass) GetName() string { return s.name } -func subclass_method_call_007_T(__taint_src string) { +func method_call_001_T(__taint_src string) { // 场景特点:调用子类的实例方法获取字段值 s := SubClass{ Base: Base{id: 1}, @@ -46,5 +46,5 @@ func taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - subclass_method_call_007_T(__taint_src) + method_call_001_T(__taint_src) } diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/method_call_002_F/method_call_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/method_call_002_F/method_call_002_F.go index 1b56ee59..c404d787 100644 --- a/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/method_call_002_F/method_call_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/method_call_002_F/method_call_002_F.go @@ -31,7 +31,7 @@ func (s SubClass) GetName() string { return s.name } -func subclass_method_call_008_F(__taint_src string) { +func method_call_002_F(__taint_src string) { // 场景特点:调用子类的实例方法获取字段值但使用安全值 s := SubClass{ Base: Base{id: 1}, @@ -46,5 +46,5 @@ func taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - subclass_method_call_008_F(__taint_src) + method_call_002_F(__taint_src) } diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/object_creation_002_F/object_creation_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/object_creation_002_F/object_creation_002_F.go index 567d9e82..7ffcf914 100644 --- a/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/object_creation_002_F/object_creation_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/object_creation_002_F/object_creation_002_F.go @@ -23,7 +23,7 @@ type SubClass struct { Base } -func subclass_object_creation_002_F(__taint_src string) { +func object_creation_002_F(__taint_src string) { // 场景特点:使用字面值初始化子类结构体但使用安全值 s := SubClass{ Base: Base{id: 1}, @@ -38,5 +38,5 @@ func taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - subclass_object_creation_002_F(__taint_src) + object_creation_002_F(__taint_src) } diff --git a/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_assign_001_T/public_var_assign_001_T.go b/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_assign_001_T/public_var_assign_001_T.go index 4218279f..18c31ba4 100644 --- a/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_assign_001_T/public_var_assign_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_assign_001_T/public_var_assign_001_T.go @@ -17,7 +17,7 @@ import ( // Public变量(首字母大写) var PublicVar string -func publicVarAssign_001_T(__taint_src string) { +func public_var_assign_001_T(__taint_src string) { // 场景特点:为public变量赋值 PublicVar = __taint_src __taint_sink(PublicVar) @@ -29,5 +29,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - publicVarAssign_001_T(__taint_src) + public_var_assign_001_T(__taint_src) } diff --git a/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_assign_002_F/public_var_assign_002_F.go b/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_assign_002_F/public_var_assign_002_F.go index 80103897..485a2394 100644 --- a/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_assign_002_F/public_var_assign_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_assign_002_F/public_var_assign_002_F.go @@ -17,7 +17,7 @@ import ( // Public变量(首字母大写) var PublicVar string -func publicVarAssign_002_F(__taint_src string) { +func public_var_assign_002_F(__taint_src string) { // 场景特点:为public变量赋值,但不是污点数据 PublicVar = "_" __taint_sink(PublicVar) @@ -29,5 +29,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - publicVarAssign_002_F(__taint_src) + public_var_assign_002_F(__taint_src) } diff --git a/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_cross_package_001_T/public_var_cross_package_001_T.go b/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_cross_package_001_T/public_var_cross_package_001_T.go index 0052c090..bf18415f 100644 --- a/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_cross_package_001_T/public_var_cross_package_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_cross_package_001_T/public_var_cross_package_001_T.go @@ -15,14 +15,18 @@ import ( "os/exec" ) +func public_var_cross_package_001_T() { + // 场景特点:在不同包中为public变量赋值 + mypackage.SetPublicVar(__taint_src) + // 场景特点:在主包中访问不同包的public变量 + __taint_sink(mypackage.PublicVar) +} + func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() } func main() { __taint_src := "taint_src_value" - // 场景特点:在不同包中为public变量赋值 - mypackage.SetPublicVar(__taint_src) - // 场景特点:在主包中访问不同包的public变量 - __taint_sink(mypackage.PublicVar) + public_var_cross_package_001_T(__taint_src) } diff --git a/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_cross_package_002_F/public_var_cross_package_002_F.go b/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_cross_package_002_F/public_var_cross_package_002_F.go index f5f2af1f..927accf8 100644 --- a/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_cross_package_002_F/public_var_cross_package_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_cross_package_002_F/public_var_cross_package_002_F.go @@ -15,14 +15,18 @@ import ( "os/exec" ) +func public_var_cross_package_002_F(__taint_src) { + // 场景特点:在不同包中为public变量赋值 + mypackage.SetPublicVar(__taint_src) + // 场景特点:在主包中访问不同包的public变量,但污点数据未传播到该变量 + __taint_sink(mypackage.PublicVar) +} + func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() } func main() { __taint_src := "taint_src_value" - // 场景特点:在不同包中为public变量赋值 - mypackage.SetPublicVar(__taint_src) - // 场景特点:在主包中访问不同包的public变量,但污点数据未传播到该变量 - __taint_sink(mypackage.PublicVar) + public_var_cross_package_002_F(__taint_src) } diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/DifferentParamsForFunction_001_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/DifferentParamsForFunction_001_T.java index cd47b097..53cff2bc 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/DifferentParamsForFunction_001_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/DifferentParamsForFunction_001_T.java @@ -13,7 +13,7 @@ // evaluation information start // real case = true // evaluation item = 准确度->上下文敏感分析->多次调用 -// scene introduction = HeapAllocSite +// scene introduction = 相同函数调用不同参数-scene2 // level = 2 // bind_url = accuracy/context_sensitive/multi_invoke/DifferentParamsForFunction_001_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/DifferentParamsForFunction_002_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/DifferentParamsForFunction_002_F.java index c341fe67..2d590dd2 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/DifferentParamsForFunction_002_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/DifferentParamsForFunction_002_F.java @@ -14,7 +14,7 @@ // evaluation information start // real case = false // evaluation item = 准确度->上下文敏感分析->多次调用 -// scene introduction = HeapAllocSite +// scene introduction = 相同函数调用不同参数-scene2 // level = 2 // bind_url = accuracy/context_sensitive/multi_invoke/DifferentParamsForFunction_002_F // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/DifferentParamsForFunction_003_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/DifferentParamsForFunction_003_T.java index 4bf5abf7..2b45dade 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/DifferentParamsForFunction_003_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/DifferentParamsForFunction_003_T.java @@ -12,7 +12,7 @@ // evaluation information start // real case = true // evaluation item = 准确度->上下文敏感分析->多次调用 -// scene introduction = 相同函数调用不同参数-scene2 +// scene introduction = HeapAllocSite // level = 2 // bind_url = accuracy/context_sensitive/multi_invoke/DifferentParamsForFunction_003_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/DifferentParamsForFunction_004_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/DifferentParamsForFunction_004_F.java index 9f60f04a..332d62b2 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/DifferentParamsForFunction_004_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/DifferentParamsForFunction_004_F.java @@ -12,7 +12,7 @@ // evaluation information start // real case = false // evaluation item = 准确度->上下文敏感分析->多次调用 -// scene introduction = 相同函数调用不同参数-scene2 +// scene introduction = HeapAllocSite // level = 2 // bind_url = accuracy/context_sensitive/multi_invoke/DifferentParamsForFunction_004_F // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/DifferentParamsForFunction_need_solve_001_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/DifferentParamsForFunction_need_solve_001_T.java index 7790168f..1203cc23 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/DifferentParamsForFunction_need_solve_001_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/DifferentParamsForFunction_need_solve_001_T.java @@ -12,7 +12,7 @@ // evaluation information start // real case = true // evaluation item = 准确度->上下文敏感分析->多次调用 -// scene introduction = 相同函数调用不同参数-scene1 +// scene introduction = 相同函数调用不同参数-scene1-可求解 // level = 2 // bind_url = accuracy/context_sensitive/multi_invoke/DifferentParamsForFunction_need_solve_001_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/DifferentParamsForFunction_need_solve_002_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/DifferentParamsForFunction_need_solve_002_F.java index 232f9e25..ebfb4281 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/DifferentParamsForFunction_need_solve_002_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/multi_invoke/DifferentParamsForFunction_need_solve_002_F.java @@ -13,7 +13,7 @@ // evaluation information start // real case = false // evaluation item = 准确度->上下文敏感分析->多次调用 -// scene introduction = 相同函数调用不同参数-scene1 +// scene introduction = 相同函数调用不同参数-scene1-可求解 // level = 2 // bind_url = accuracy/context_sensitive/multi_invoke/DifferentParamsForFunction_need_solve_002_F // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/polymorphism/Expression_Polymorphism_001_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/polymorphism/Expression_Polymorphism_001_T.java index 7670b090..2c4e3274 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/polymorphism/Expression_Polymorphism_001_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/polymorphism/Expression_Polymorphism_001_T.java @@ -12,7 +12,7 @@ // evaluation information start // real case = true // evaluation item = 准确度->上下文敏感分析->多态 -// scene introduction = +// scene introduction = 子类重写父类方法 // level = 2 // bind_url = accuracy/context_sensitive/polymorphism/Expression_Polymorphism_001_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/polymorphism/Expression_Polymorphism_002_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/polymorphism/Expression_Polymorphism_002_F.java index c0a689cd..b922d649 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/polymorphism/Expression_Polymorphism_002_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/context_sensitive/polymorphism/Expression_Polymorphism_002_F.java @@ -12,7 +12,7 @@ // evaluation information start // real case = false // evaluation item = 准确度->上下文敏感分析->多态 -// scene introduction = +// scene introduction = 子类重写父类方法 // level = 2 // bind_url = accuracy/context_sensitive/polymorphism/Expression_Polymorphism_002_F // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/object_field_sensitive/field_sensitive_muilt_collection/MapPutGet_muilt_collection_001_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/object_field_sensitive/field_sensitive_muilt_collection/MapPutGet_muilt_collection_001_T.java index 562d60dc..7e7a6a70 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/object_field_sensitive/field_sensitive_muilt_collection/MapPutGet_muilt_collection_001_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/object_field_sensitive/field_sensitive_muilt_collection/MapPutGet_muilt_collection_001_T.java @@ -13,7 +13,7 @@ // evaluation information start // real case = true // evaluation item = 准确度->对象敏感与域敏感分析->区分多维字典/列表/数组的不同元素 -// scene introduction = MapPutGet-scene2 +// scene introduction = MapPutGet // level = 4 // bind_url = accuracy/object_field_sensitive/field_sensitive_muilt_collection/MapPutGet_muilt_collection_001_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/object_field_sensitive/field_sensitive_muilt_collection/MapPutGet_muilt_collection_002_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/object_field_sensitive/field_sensitive_muilt_collection/MapPutGet_muilt_collection_002_F.java index a515f8c9..1e8e4987 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/object_field_sensitive/field_sensitive_muilt_collection/MapPutGet_muilt_collection_002_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/object_field_sensitive/field_sensitive_muilt_collection/MapPutGet_muilt_collection_002_F.java @@ -13,7 +13,7 @@ // evaluation information start // real case = false // evaluation item = 准确度->对象敏感与域敏感分析->区分多维字典/列表/数组的不同元素 -// scene introduction = MapPutGet-scene2 +// scene introduction = MapPutGet // level = 4 // bind_url = accuracy/object_field_sensitive/field_sensitive_muilt_collection/MapPutGet_muilt_collection_002_F // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/object_field_sensitive/object_sensitive/Set_obj_sensitive_005_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/object_field_sensitive/object_sensitive/Set_obj_sensitive_005_T.java index 288c3681..df8a6691 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/object_field_sensitive/object_sensitive/Set_obj_sensitive_005_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/object_field_sensitive/object_sensitive/Set_obj_sensitive_005_T.java @@ -11,7 +11,7 @@ // evaluation information start // real case = true // evaluation item = 准确度->对象敏感与域敏感分析->区分不同的类对象、结构体/联合体和字典/列表/数组 -// scene introduction = Set-remove +// scene introduction = Set-clear // level = 2 // bind_url = accuracy/object_field_sensitive/object_sensitive/Set_obj_sensitive_005_T // date = 2025-12-10 18:25:00 diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/object_field_sensitive/object_sensitive/Set_obj_sensitive_006_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/object_field_sensitive/object_sensitive/Set_obj_sensitive_006_F.java index 1bc9ffb0..ef5ecf0e 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/object_field_sensitive/object_sensitive/Set_obj_sensitive_006_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/object_field_sensitive/object_sensitive/Set_obj_sensitive_006_F.java @@ -11,7 +11,7 @@ // evaluation information start // real case = false // evaluation item = 准确度->对象敏感与域敏感分析->区分不同的类对象、结构体/联合体和字典/列表/数组 -// scene introduction = Set-remove +// scene introduction = Set-clear // level = 2 // bind_url = accuracy/object_field_sensitive/object_sensitive/Set_obj_sensitive_006_F // date = 2025-12-10 18:25:00 diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/explicit_jump_control/Interrupt_Statement_009_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/explicit_jump_control/Interrupt_Statement_009_T.java index 05cd941a..480d8d9e 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/explicit_jump_control/Interrupt_Statement_009_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/explicit_jump_control/Interrupt_Statement_009_T.java @@ -11,7 +11,7 @@ // evaluation information start // real case = true // evaluation item = 准确度->路径敏感分析->跳转语句 -// scene introduction = 跳转语句->return +// scene introduction = 中断语句->return // level = 4 // bind_url = accuracy/path_sensitive/explicit_jump_control/Interrupt_Statement_009_T // date = 2025-12-11 11:37:30 diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/explicit_jump_control/Interrupt_Statement_010_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/explicit_jump_control/Interrupt_Statement_010_F.java index 387adc10..d0a22fad 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/explicit_jump_control/Interrupt_Statement_010_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/explicit_jump_control/Interrupt_Statement_010_F.java @@ -11,7 +11,7 @@ // evaluation information start // real case = false // evaluation item = 准确度->路径敏感分析->跳转语句 -// scene introduction = 跳转语句->return +// scene introduction = 中断语句->return // level = 4 // bind_url = accuracy/path_sensitive/explicit_jump_control/Interrupt_Statement_010_F // date = 2025-12-11 11:37:30 diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/no_solver/Do_While_001_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/no_solver/Do_While_001_T.java index 071b776b..7ea4985e 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/no_solver/Do_While_001_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/no_solver/Do_While_001_T.java @@ -11,7 +11,7 @@ // evaluation information start // real case = true // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 -// scene introduction = 循环结构->do-while +// scene introduction = do-while // level = 3 // bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/Do_While_001_T // date = 2025-12-11 11:02:45 diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/no_solver/Do_While_002_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/no_solver/Do_While_002_F.java index c239d588..50762be2 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/no_solver/Do_While_002_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/no_solver/Do_While_002_F.java @@ -11,7 +11,7 @@ // evaluation information start // real case = false // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 -// scene introduction = 循环结构->do-while +// scene introduction = do-while // level = 3 // bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/Do_While_002_F // date = 2025-12-11 11:02:45 diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/no_solver/For_Statement_No_Solver_001_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/no_solver/For_Statement_No_Solver_001_T.java index 0c14b775..b695f893 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/no_solver/For_Statement_No_Solver_001_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/no_solver/For_Statement_No_Solver_001_T.java @@ -11,7 +11,7 @@ // evaluation information start // real case = true // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 -// scene introduction = 循环语句->for +// scene introduction = for // level = 3 // bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/For_Statement_No_Solver_001_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/no_solver/For_Statement_No_Solver_002_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/no_solver/For_Statement_No_Solver_002_F.java index 53c1267e..5375b361 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/no_solver/For_Statement_No_Solver_002_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/no_solver/For_Statement_No_Solver_002_F.java @@ -11,7 +11,7 @@ // evaluation information start // real case = false // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 -// scene introduction = 循环语句->for +// scene introduction = for // level = 3 // bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/For_Statement_No_Solver_002_F // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/no_solver/While_No_Solver_001_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/no_solver/While_No_Solver_001_T.java index e2bc3c88..de52167e 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/no_solver/While_No_Solver_001_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/no_solver/While_No_Solver_001_T.java @@ -11,7 +11,7 @@ // evaluation information start // real case = true // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 -// scene introduction = 循环结构->while +// scene introduction = while // level = 3 // bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/While_No_Solver_001_T // date = 2025-12-11 11:02:30 diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/no_solver/While_No_Solver_002_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/no_solver/While_No_Solver_002_F.java index 3cdbd1f8..5c43b687 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/no_solver/While_No_Solver_002_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/no_solver/While_No_Solver_002_F.java @@ -11,7 +11,7 @@ // evaluation information start // real case = false // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 -// scene introduction = 循环结构->while +// scene introduction = while // level = 3 // bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/While_No_Solver_002_F // date = 2025-12-11 11:02:30 diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_solver_001_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_solver_001_T.java index 92aa81dc..2162ad05 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_solver_001_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_solver_001_T.java @@ -11,7 +11,7 @@ // evaluation information start // real case = true // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 -// scene introduction = instanceof表达式-Object +// scene introduction = instanceof表达式-null // level = 4 // bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_solver_001_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_solver_002_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_solver_002_F.java index 10f9ea90..71e021cb 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_solver_002_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_solver_002_F.java @@ -11,7 +11,7 @@ // evaluation information start // real case = false // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 -// scene introduction = instanceof表达式-Object +// scene introduction = instanceof表达式-null // level = 4 // bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_solver_002_F // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_solver_003_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_solver_003_T.java index 24625e62..78b13a45 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_solver_003_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_solver_003_T.java @@ -11,7 +11,7 @@ // evaluation information start // real case = true // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 -// scene introduction = instanceof表达式-null +// scene introduction = instanceof表达式-Object // level = 4 // bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_solver_003_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_solver_004_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_solver_004_F.java index ce2745a1..c321cc93 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_solver_004_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_solver_004_F.java @@ -11,7 +11,7 @@ // evaluation information start // real case = false // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 -// scene introduction = instanceof表达式-null +// scene introduction = instanceof表达式-Object // level = 4 // bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/Expression_InstanceofExpression_solver_004_F // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_AssertStatement_solver_001_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_AssertStatement_solver_001_T.java index b56daa4a..8d4b1a55 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_AssertStatement_solver_001_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_AssertStatement_solver_001_T.java @@ -11,7 +11,7 @@ // evaluation information start // real case = true // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 -// scene introduction = assert语句-条件成立 +// scene introduction = assert语句-条件不成立 // level = 4 // bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_AssertStatement_solver_001_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_AssertStatement_solver_002_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_AssertStatement_solver_002_F.java index b585e7e5..702a4413 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_AssertStatement_solver_002_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_AssertStatement_solver_002_F.java @@ -11,7 +11,7 @@ // evaluation information start // real case = false // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 -// scene introduction = assert语句-条件成立 +// scene introduction = assert语句-条件不成立 // level = 4 // bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_AssertStatement_solver_002_F // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_WhileStatement_solver_001_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_WhileStatement_solver_001_T.java index c31e2cbc..241a1476 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_WhileStatement_solver_001_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_WhileStatement_solver_001_T.java @@ -12,7 +12,7 @@ // evaluation information start // real case = true // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 -// scene introduction = 循环语句->while +// scene introduction = 循环结构->while // level = 4 // bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_WhileStatement_solver_001_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_WhileStatement_solver_002_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_WhileStatement_solver_002_F.java index b05a0fae..0427e443 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_WhileStatement_solver_002_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_WhileStatement_solver_002_F.java @@ -12,7 +12,7 @@ // evaluation information start // real case = false // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 -// scene introduction = 循环语句->while +// scene introduction = 循环结构->while // level = 4 // bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/Statement_WhileStatement_solver_002_F // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/alias/FieldUnAlias_001_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/alias/FieldUnAlias_001_F.java index f64d70cc..4b159188 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/alias/FieldUnAlias_001_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/alias/FieldUnAlias_001_F.java @@ -13,7 +13,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->别名 -// scene introduction = FieldUnAlias-scene1 +// scene introduction = FieldUnAlias FlowSensitive-scene1 // level = 2 // bind_url = completeness/single_app_tracing/alias/FieldUnAlias_001_F // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/alias/FieldUnAlias_002_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/alias/FieldUnAlias_002_T.java index ec5ee98f..7f264593 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/alias/FieldUnAlias_002_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/alias/FieldUnAlias_002_T.java @@ -13,7 +13,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->别名 -// scene introduction = FieldUnAlias-scene1 +// scene introduction = FieldUnAlias FlowSensitive-scene1 // level = 2 // bind_url = completeness/single_app_tracing/alias/FieldUnAlias_002_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/alias/FieldUnAlias_003_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/alias/FieldUnAlias_003_T.java index d16802bb..84fa6567 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/alias/FieldUnAlias_003_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/alias/FieldUnAlias_003_T.java @@ -15,7 +15,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->别名 -// scene introduction = FieldUnAlias scene2 +// scene introduction = FieldUnAlias ContextSensitive-scene2 // level = 2 // bind_url = completeness/single_app_tracing/alias/FieldUnAlias_003_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/alias/FieldUnAlias_004_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/alias/FieldUnAlias_004_F.java index 2c268f90..a918221b 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/alias/FieldUnAlias_004_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/alias/FieldUnAlias_004_F.java @@ -15,7 +15,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->别名 -// scene introduction = FieldUnAlias scene2 +// scene introduction = FieldUnAlias ContextSensitive-scene2 // level = 2 // bind_url = completeness/single_app_tracing/alias/FieldUnAlias_004_F // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/alias/HeapOverwriteAlias_003_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/alias/HeapOverwriteAlias_003_T.java index db59a339..7b384c7c 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/alias/HeapOverwriteAlias_003_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/alias/HeapOverwriteAlias_003_T.java @@ -13,7 +13,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->别名 -// scene introduction = HeapOverwriteAlias-scene2 +// scene introduction = HeapOverwriteAlias FlowSensitive-scene2 // level = 2 // bind_url = completeness/single_app_tracing/alias/HeapOverwriteAlias_003_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/alias/HeapOverwriteAlias_004_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/alias/HeapOverwriteAlias_004_F.java index ceb9b786..45c6cc95 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/alias/HeapOverwriteAlias_004_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/alias/HeapOverwriteAlias_004_F.java @@ -13,7 +13,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->别名 -// scene introduction = HeapOverwriteAlias-scene2 +// scene introduction = HeapOverwriteAlias FlowSensitive-scene2 // level = 2 // bind_url = completeness/single_app_tracing/alias/HeapOverwriteAlias_004_F // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/alias/StaticFieldAlias_001_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/alias/StaticFieldAlias_001_T.java index e1eeacf5..083d167b 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/alias/StaticFieldAlias_001_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/alias/StaticFieldAlias_001_T.java @@ -14,7 +14,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->别名 -// scene introduction = FieldAlias FlowSensitive +// scene introduction = StaticFieldAlias FlowSensitive // level = 2 // bind_url = completeness/single_app_tracing/alias/StaticFieldAlias_001_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/CompletableFuture_001_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/CompletableFuture_001_T.java index eaa6c8c5..83834273 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/CompletableFuture_001_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/CompletableFuture_001_T.java @@ -13,7 +13,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 -// scene introduction = CompletableFuture +// scene introduction = CompletableFuture1 // level = 2 // bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/CompletableFuture_001_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/CompletableFuture_002_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/CompletableFuture_002_F.java index 1976c993..f4cc19af 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/CompletableFuture_002_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/CompletableFuture_002_F.java @@ -13,7 +13,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 -// scene introduction = CompletableFuture +// scene introduction = CompletableFuture1 // level = 2 // bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/CompletableFuture_002_F // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/CompletableFuture_003_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/CompletableFuture_003_T.java index d8d55f09..f67eacc9 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/CompletableFuture_003_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/CompletableFuture_003_T.java @@ -15,7 +15,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 -// scene introduction = CompletableFuture +// scene introduction = CompletableFuture2 // level = 2 // bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/CompletableFuture_003_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/CompletableFuture_004_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/CompletableFuture_004_F.java index 03f95c20..37e62d0f 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/CompletableFuture_004_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/CompletableFuture_004_F.java @@ -15,7 +15,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 -// scene introduction = CompletableFuture +// scene introduction = CompletableFuture2 // level = 2 // bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/CompletableFuture_004_F // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/cross_file_package_namespace/cross_file/config.json b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/cross_file_package_namespace/cross_file/config.json index 95e44e61..0b0683d8 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/cross_file_package_namespace/cross_file/config.json +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/cross_file_package_namespace/cross_file/config.json @@ -8,7 +8,7 @@ "scene_list": [ { "compose": "(cross_file_001_T_a.java || cross_file_001_T_b.java) && !(cross_file_002_F_a.java || cross_file_002_F_b.java)", - "scene": "1" + "scene": "跨文件" } ] } diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_001_T/cross_file_001_T_a.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_001_T/cross_file_001_T_a.java index e7aee52e..e60aa298 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_001_T/cross_file_001_T_a.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_001_T/cross_file_001_T_a.java @@ -10,7 +10,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨文件 -// scene introduction = +// scene introduction = 跨文件 // level = 2 // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_001_T/cross_file_001_T_a // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_001_T/cross_file_001_T_b.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_001_T/cross_file_001_T_b.java index 50fa7d0d..cd31690b 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_001_T/cross_file_001_T_b.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_001_T/cross_file_001_T_b.java @@ -9,7 +9,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨文件 -// scene introduction = +// scene introduction = 跨文件 // level = 2 // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_001_T/cross_file_001_T_b // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_002_F/cross_file_002_F_a.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_002_F/cross_file_002_F_a.java index 4da3aeaa..72d994c8 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_002_F/cross_file_002_F_a.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_002_F/cross_file_002_F_a.java @@ -10,7 +10,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨文件 -// scene introduction = +// scene introduction = 跨文件 // level = 2 // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_002_F/cross_file_002_F_a // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_002_F/cross_file_002_F_b.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_002_F/cross_file_002_F_b.java index 6851b377..0475fa40 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_002_F/cross_file_002_F_b.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_002_F/cross_file_002_F_b.java @@ -9,7 +9,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨文件 -// scene introduction = +// scene introduction = 跨文件 // level = 2 // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_002_F/cross_file_002_F_b // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/collections/Base_List_001_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/collections/Base_List_001_T.java index a62901e6..3acd99a6 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/collections/Base_List_001_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/collections/Base_List_001_T.java @@ -14,7 +14,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->集合 -// scene introduction = List +// scene introduction = List1 // level = 2 // bind_url = completeness/single_app_tracing/datatype/collections/Base_List_001_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/collections/Base_List_002_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/collections/Base_List_002_F.java index 0b2acda0..a1ddb3ca 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/collections/Base_List_002_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/collections/Base_List_002_F.java @@ -14,7 +14,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->集合 -// scene introduction = List +// scene introduction = List1 // level = 2 // bind_url = completeness/single_app_tracing/datatype/collections/Base_List_002_F // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/collections/Base_List_003_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/collections/Base_List_003_T.java index f8c4125d..c42e475c 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/collections/Base_List_003_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/collections/Base_List_003_T.java @@ -16,7 +16,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->集合 -// scene introduction = List +// scene introduction = List2 // level = 2 // bind_url = completeness/single_app_tracing/datatype/collections/Base_List_003_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/collections/Base_List_004_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/collections/Base_List_004_F.java index 5071db26..51c242de 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/collections/Base_List_004_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/collections/Base_List_004_F.java @@ -12,7 +12,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->集合 -// scene introduction = List +// scene introduction = List2 // level = 2 // bind_url = completeness/single_app_tracing/datatype/collections/Base_List_004_F // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/collections/Base_Queue_001_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/collections/Base_Queue_001_T.java index deddac55..234618c3 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/collections/Base_Queue_001_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/collections/Base_Queue_001_T.java @@ -20,7 +20,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->集合 -// scene introduction = Queue +// scene introduction = Queue1 // level = 2 // bind_url = completeness/single_app_tracing/datatype/collections/Base_Queue_001_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/collections/Base_Queue_002_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/collections/Base_Queue_002_F.java index 4eeb2fd1..b182e2eb 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/collections/Base_Queue_002_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/collections/Base_Queue_002_F.java @@ -20,7 +20,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->集合 -// scene introduction = Queue +// scene introduction = Queue1 // level = 2 // bind_url = completeness/single_app_tracing/datatype/collections/Base_Queue_002_F // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/collections/Base_Queue_003_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/collections/Base_Queue_003_T.java index bb281b5f..b0c2bda8 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/collections/Base_Queue_003_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/collections/Base_Queue_003_T.java @@ -16,7 +16,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->集合 -// scene introduction = Queue +// scene introduction = Queue1 // level = 2 // bind_url = completeness/single_app_tracing/datatype/collections/Base_Queue_003_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/collections/Base_Queue_004_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/collections/Base_Queue_004_F.java index 20370087..5654f204 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/collections/Base_Queue_004_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/collections/Base_Queue_004_F.java @@ -16,7 +16,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->集合 -// scene introduction = Queue +// scene introduction = Queue1 // level = 2 // bind_url = completeness/single_app_tracing/datatype/collections/Base_Queue_004_F // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/collections/Base_Set_001_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/collections/Base_Set_001_T.java index af97531d..111d1948 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/collections/Base_Set_001_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/collections/Base_Set_001_T.java @@ -20,7 +20,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->集合 -// scene introduction = Set +// scene introduction = Set1 // level = 2 // bind_url = completeness/single_app_tracing/datatype/collections/Base_Set_001_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/collections/Base_Set_002_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/collections/Base_Set_002_F.java index fa32b6c1..60c6e957 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/collections/Base_Set_002_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/collections/Base_Set_002_F.java @@ -20,7 +20,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->集合 -// scene introduction = Set +// scene introduction = Set1 // level = 2 // bind_url = completeness/single_app_tracing/datatype/collections/Base_Set_002_F // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/collections/Base_Set_003_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/collections/Base_Set_003_T.java index c1d6e323..fa58fa8b 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/collections/Base_Set_003_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/collections/Base_Set_003_T.java @@ -16,7 +16,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->集合 -// scene introduction = Set +// scene introduction = Set2 // level = 2 // bind_url = completeness/single_app_tracing/datatype/collections/Base_Set_003_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/collections/Base_Set_004_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/collections/Base_Set_004_F.java index 9ddf51af..156b27fa 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/collections/Base_Set_004_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/collections/Base_Set_004_F.java @@ -16,7 +16,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->集合 -// scene introduction = Set +// scene introduction = Set2 // level = 2 // bind_url = completeness/single_app_tracing/datatype/collections/Base_Set_004_F // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_ByteArray_001_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_ByteArray_001_T.java index ed1be7e1..f2281902 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_ByteArray_001_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_ByteArray_001_T.java @@ -17,7 +17,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -// scene introduction = Byte[] +// scene introduction = Byte[]1 // level = 2 // bind_url = completeness/single_app_tracing/datatype/primitives/Base_ByteArray_001_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_ByteArray_002_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_ByteArray_002_F.java index b7601b3b..d7893766 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_ByteArray_002_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_ByteArray_002_F.java @@ -17,7 +17,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -// scene introduction = Byte[] +// scene introduction = Byte[]1 // level = 2 // bind_url = completeness/single_app_tracing/datatype/primitives/Base_ByteArray_002_F // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_ByteArray_003_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_ByteArray_003_T.java index a868a735..164d517c 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_ByteArray_003_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_ByteArray_003_T.java @@ -12,7 +12,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -// scene introduction = Byte[] +// scene introduction = Byte[]1 // level = 2 // bind_url = completeness/single_app_tracing/datatype/primitives/Base_ByteArray_003_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_ByteArray_004_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_ByteArray_004_F.java index 9f4f89ec..92206d0e 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_ByteArray_004_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_ByteArray_004_F.java @@ -12,7 +12,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -// scene introduction = Byte[] +// scene introduction = Byte[]1 // level = 2 // bind_url = completeness/single_app_tracing/datatype/primitives/Base_ByteArray_004_F // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Byte_001_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Byte_001_T.java index 7280166b..c5eb1f38 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Byte_001_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Byte_001_T.java @@ -16,7 +16,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -// scene introduction = byte +// scene introduction = byte1 // level = 2 // bind_url = completeness/single_app_tracing/datatype/primitives/Base_Byte_001_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Byte_002_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Byte_002_F.java index 5534ef6c..e9548a3e 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Byte_002_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Byte_002_F.java @@ -16,7 +16,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -// scene introduction = byte +// scene introduction = byte1 // level = 2 // bind_url = completeness/single_app_tracing/datatype/primitives/Base_Byte_002_F // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Byte_003_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Byte_003_T.java index b58a293a..84e54fc6 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Byte_003_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Byte_003_T.java @@ -16,7 +16,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -// scene introduction = byte +// scene introduction = Byte2 // level = 2 // bind_url = completeness/single_app_tracing/datatype/primitives/Base_Byte_003_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Byte_004_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Byte_004_F.java index d05cd590..15f8faf6 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Byte_004_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Byte_004_F.java @@ -16,7 +16,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -// scene introduction = byte +// scene introduction = Byte2 // level = 2 // bind_url = completeness/single_app_tracing/datatype/primitives/Base_Byte_004_F // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Byte_005_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Byte_005_T.java index 8580bd01..72447736 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Byte_005_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Byte_005_T.java @@ -12,7 +12,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -// scene introduction = byte +// scene introduction = byte1 // level = 2 // bind_url = completeness/single_app_tracing/datatype/primitives/Base_Byte_005_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Byte_006_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Byte_006_F.java index 6ccfc203..88a8f4f5 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Byte_006_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Byte_006_F.java @@ -12,7 +12,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -// scene introduction = byte +// scene introduction = byte1 // level = 2 // bind_url = completeness/single_app_tracing/datatype/primitives/Base_Byte_006_F // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Byte_007_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Byte_007_T.java index 49d303e6..638e893f 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Byte_007_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Byte_007_T.java @@ -12,7 +12,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -// scene introduction = byte +// scene introduction = Byte2 // level = 2 // bind_url = completeness/single_app_tracing/datatype/primitives/Base_Byte_007_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Byte_008_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Byte_008_F.java index 6c224fd1..77d8c793 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Byte_008_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Byte_008_F.java @@ -12,7 +12,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -// scene introduction = byte +// scene introduction = Byte2 // level = 2 // bind_url = completeness/single_app_tracing/datatype/primitives/Base_Byte_008_F // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_CharArray_001_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_CharArray_001_T.java index 68baee86..a317020d 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_CharArray_001_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_CharArray_001_T.java @@ -17,7 +17,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -// scene introduction = char[] +// scene introduction = char[]1 // level = 2 // bind_url = completeness/single_app_tracing/datatype/primitives/Base_CharArray_001_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_CharArray_002_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_CharArray_002_F.java index 8188c4b7..9283e950 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_CharArray_002_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_CharArray_002_F.java @@ -17,7 +17,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -// scene introduction = char[] +// scene introduction = char[]1 // level = 2 // bind_url = completeness/single_app_tracing/datatype/primitives/Base_CharArray_002_F // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_CharArray_003_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_CharArray_003_T.java index b0209dd2..70d1948f 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_CharArray_003_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_CharArray_003_T.java @@ -12,7 +12,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -// scene introduction = char[] +// scene introduction = char[]1 // level = 2 // bind_url = completeness/single_app_tracing/datatype/primitives/Base_CharArray_003_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_CharArray_004_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_CharArray_004_F.java index 3cb9acee..8bbd2c55 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_CharArray_004_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_CharArray_004_F.java @@ -12,7 +12,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -// scene introduction = char[] +// scene introduction = char[]1 // level = 2 // bind_url = completeness/single_app_tracing/datatype/primitives/Base_CharArray_004_F // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Char_001_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Char_001_T.java index aa9aeb97..d691a18e 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Char_001_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Char_001_T.java @@ -16,7 +16,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -// scene introduction = char +// scene introduction = char1 // level = 2 // bind_url = completeness/single_app_tracing/datatype/primitives/Base_Char_001_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Char_002_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Char_002_F.java index f971e0e7..78d6913a 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Char_002_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Char_002_F.java @@ -16,7 +16,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -// scene introduction = char +// scene introduction = char1 // level = 2 // bind_url = completeness/single_app_tracing/datatype/primitives/Base_Char_002_F // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Char_003_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Char_003_T.java index 2c76a91a..02124cdb 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Char_003_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Char_003_T.java @@ -16,7 +16,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -// scene introduction = Char +// scene introduction = Char2 // level = 2 // bind_url = completeness/single_app_tracing/datatype/primitives/Base_Char_003_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Char_004_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Char_004_F.java index d95a2793..1ae065fb 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Char_004_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Char_004_F.java @@ -16,7 +16,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -// scene introduction = Char +// scene introduction = Char2 // level = 2 // bind_url = completeness/single_app_tracing/datatype/primitives/Base_Char_004_F // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Char_005_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Char_005_T.java index 98c7b039..bc874c2a 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Char_005_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Char_005_T.java @@ -11,7 +11,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -// scene introduction = char +// scene introduction = char1 // level = 2 // bind_url = completeness/single_app_tracing/datatype/primitives/Base_Char_005_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Char_006_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Char_006_F.java index baf731d2..2d4a9081 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Char_006_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Char_006_F.java @@ -11,7 +11,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -// scene introduction = char +// scene introduction = char1 // level = 2 // bind_url = completeness/single_app_tracing/datatype/primitives/Base_Char_006_F // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Char_007_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Char_007_T.java index a306ded2..2aa5232f 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Char_007_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Char_007_T.java @@ -12,7 +12,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -// scene introduction = Character +// scene introduction = Char2 // level = 2 // bind_url = completeness/single_app_tracing/datatype/primitives/Base_Char_007_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Char_008_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Char_008_F.java index 8a786dab..a3dbb986 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Char_008_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Char_008_F.java @@ -12,7 +12,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -// scene introduction = Character +// scene introduction = Char2 // level = 2 // bind_url = completeness/single_app_tracing/datatype/primitives/Base_Char_008_F // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Double_001_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Double_001_T.java index 50219763..eaeb9384 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Double_001_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Double_001_T.java @@ -16,7 +16,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -// scene introduction = double +// scene introduction = double1 // level = 2 // bind_url = completeness/single_app_tracing/datatype/primitives/Base_Double_001_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Double_002_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Double_002_F.java index 87e089eb..f7932259 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Double_002_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Double_002_F.java @@ -16,7 +16,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -// scene introduction = double +// scene introduction = double1 // level = 2 // bind_url = completeness/single_app_tracing/datatype/primitives/Base_Double_002_F // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Double_003_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Double_003_T.java index 787f98fd..7f32f256 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Double_003_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Double_003_T.java @@ -15,7 +15,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -// scene introduction = double +// scene introduction = double1 // level = 2 // bind_url = completeness/single_app_tracing/datatype/primitives/Base_Double_003_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Double_004_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Double_004_F.java index 9df521fd..5404718c 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Double_004_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Double_004_F.java @@ -15,7 +15,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -// scene introduction = double +// scene introduction = double1 // level = 2 // bind_url = completeness/single_app_tracing/datatype/primitives/Base_Double_004_F // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Float_001_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Float_001_T.java index 92c2a5c9..bda1e3ef 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Float_001_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Float_001_T.java @@ -16,7 +16,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -// scene introduction = float +// scene introduction = float1 // level = 2 // bind_url = completeness/single_app_tracing/datatype/primitives/Base_Float_001_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Float_002_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Float_002_F.java index 9942c82e..2967b5c2 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Float_002_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Float_002_F.java @@ -16,7 +16,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -// scene introduction = float +// scene introduction = float1 // level = 2 // bind_url = completeness/single_app_tracing/datatype/primitives/Base_Float_002_F // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Float_003_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Float_003_T.java index 32d1e5ab..1e1aa05f 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Float_003_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Float_003_T.java @@ -15,7 +15,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -// scene introduction = float +// scene introduction = float1 // level = 2 // bind_url = completeness/single_app_tracing/datatype/primitives/Base_Float_003_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Float_004_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Float_004_F.java index a832aba2..ab3aed7f 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Float_004_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Float_004_F.java @@ -15,7 +15,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -// scene introduction = float +// scene introduction = float1 // level = 2 // bind_url = completeness/single_app_tracing/datatype/primitives/Base_Float_004_F // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Integer_001_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Integer_001_T.java index 1949f650..38e98385 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Integer_001_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Integer_001_T.java @@ -16,7 +16,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -// scene introduction = Integer +// scene introduction = Integer1 // level = 2 // bind_url = completeness/single_app_tracing/datatype/primitives/Base_Integer_001_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Integer_002_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Integer_002_F.java index f8b1d5b4..ce523267 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Integer_002_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Integer_002_F.java @@ -16,7 +16,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -// scene introduction = Integer +// scene introduction = Integer1 // level = 2 // bind_url = completeness/single_app_tracing/datatype/primitives/Base_Integer_002_F // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Integer_003_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Integer_003_T.java index c28ccdfe..208ebec9 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Integer_003_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Integer_003_T.java @@ -12,7 +12,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -// scene introduction = Integer +// scene introduction = Integer1 // level = 2 // bind_url = completeness/single_app_tracing/datatype/primitives/Base_Integer_003_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Integer_004_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Integer_004_F.java index ee2cd092..0714bb8f 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Integer_004_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Integer_004_F.java @@ -12,7 +12,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -// scene introduction = Integer +// scene introduction = Integer1 // level = 2 // bind_url = completeness/single_app_tracing/datatype/primitives/Base_Integer_004_F // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Integer_005_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Integer_005_T.java index 2dd66eb9..09772f2a 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Integer_005_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Integer_005_T.java @@ -13,7 +13,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -// scene introduction = int +// scene introduction = int1 // level = 2 // bind_url = completeness/single_app_tracing/datatype/primitives/Base_Integer_005_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Integer_006_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Integer_006_F.java index ecdfbdfb..36ba1f0d 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Integer_006_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Integer_006_F.java @@ -13,7 +13,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -// scene introduction = int +// scene introduction = int1 // level = 2 // bind_url = completeness/single_app_tracing/datatype/primitives/Base_Integer_006_F // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Integer_007_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Integer_007_T.java index 36915524..fb004ef0 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Integer_007_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Integer_007_T.java @@ -11,7 +11,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -// scene introduction = int +// scene introduction = int1 // level = 2 // bind_url = completeness/single_app_tracing/datatype/primitives/Base_Integer_007_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Integer_008_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Integer_008_F.java index 597a0978..7f73ed10 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Integer_008_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Integer_008_F.java @@ -11,7 +11,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -// scene introduction = int +// scene introduction = int1 // level = 2 // bind_url = completeness/single_app_tracing/datatype/primitives/Base_Integer_008_F // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Long_001_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Long_001_T.java index f1621eaa..81e282eb 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Long_001_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Long_001_T.java @@ -16,7 +16,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -// scene introduction = long +// scene introduction = long1 // level = 2 // bind_url = completeness/single_app_tracing/datatype/primitives/Base_Long_001_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Long_002_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Long_002_F.java index 90e9ace3..1d5dccc6 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Long_002_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Long_002_F.java @@ -16,7 +16,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -// scene introduction = long +// scene introduction = long1 // level = 2 // bind_url = completeness/single_app_tracing/datatype/primitives/Base_Long_002_F // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Long_003_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Long_003_T.java index 3783c2c3..e720194f 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Long_003_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Long_003_T.java @@ -16,7 +16,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -// scene introduction = long +// scene introduction = Long2 // level = 2 // bind_url = completeness/single_app_tracing/datatype/primitives/Base_Long_003_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Long_004_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Long_004_F.java index 5bf588e9..9a71e2c2 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Long_004_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Long_004_F.java @@ -16,7 +16,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -// scene introduction = long +// scene introduction = Long2 // level = 2 // bind_url = completeness/single_app_tracing/datatype/primitives/Base_Long_004_F // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Long_005_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Long_005_T.java index 4f3be89b..1fc7f0d2 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Long_005_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Long_005_T.java @@ -12,7 +12,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -// scene introduction = long +// scene introduction = long1 // level = 2 // bind_url = completeness/single_app_tracing/datatype/primitives/Base_Long_005_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Long_006_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Long_006_F.java index a435a319..0b7a91ab 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Long_006_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Long_006_F.java @@ -12,7 +12,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -// scene introduction = long +// scene introduction = long1 // level = 2 // bind_url = completeness/single_app_tracing/datatype/primitives/Base_Long_006_F // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Long_007_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Long_007_T.java index b15e2a83..5de7ea40 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Long_007_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Long_007_T.java @@ -12,7 +12,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -// scene introduction = long +// scene introduction = Long2 // level = 2 // bind_url = completeness/single_app_tracing/datatype/primitives/Base_Long_007_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Long_008_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Long_008_F.java index 87416025..c92d99e0 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Long_008_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/datatype/primitives/Base_Long_008_F.java @@ -12,7 +12,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -// scene introduction = long +// scene introduction = Long2 // level = 2 // bind_url = completeness/single_app_tracing/datatype/primitives/Base_Long_008_F // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/expression/lambda_expression/Expression_LambdaExpression_001_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/expression/lambda_expression/Expression_LambdaExpression_001_T.java index 7d788610..cd1a9ff6 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/expression/lambda_expression/Expression_LambdaExpression_001_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/expression/lambda_expression/Expression_LambdaExpression_001_T.java @@ -13,7 +13,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->表达式->Lambda表达式 -// scene introduction = +// scene introduction = Lambda表达式 // level = 2 // bind_url = completeness/single_app_tracing/expression/lambda_expression/Expression_LambdaExpression_001_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/expression/lambda_expression/Expression_LambdaExpression_002_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/expression/lambda_expression/Expression_LambdaExpression_002_F.java index 4671a318..34bc153e 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/expression/lambda_expression/Expression_LambdaExpression_002_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/expression/lambda_expression/Expression_LambdaExpression_002_F.java @@ -12,7 +12,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->表达式->Lambda表达式 -// scene introduction = +// scene introduction = Lambda表达式 // level = 2 // bind_url = completeness/single_app_tracing/expression/lambda_expression/Expression_LambdaExpression_002_F // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/expression/lambda_expression/config.json b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/expression/lambda_expression/config.json index 0b94e32b..9183508a 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/expression/lambda_expression/config.json +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/expression/lambda_expression/config.json @@ -8,7 +8,7 @@ "scene_list": [ { "compose": "Expression_LambdaExpression_001_T.java && !Expression_LambdaExpression_002_F.java", - "scene": "1" + "scene": "Lambda表达式" } ] } diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/expression/this_expression/Expression_ThisExpression_001_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/expression/this_expression/Expression_ThisExpression_001_T.java index 6c6eabd8..542ac88b 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/expression/this_expression/Expression_ThisExpression_001_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/expression/this_expression/Expression_ThisExpression_001_T.java @@ -13,7 +13,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->表达式->this表达式 -// scene introduction = +// scene introduction = this表达式+函数调用 // level = 2 // bind_url = completeness/single_app_tracing/expression/this_expression/Expression_ThisExpression_001_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/expression/this_expression/Expression_ThisExpression_002_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/expression/this_expression/Expression_ThisExpression_002_F.java index 1e7afb7d..0a89bfbb 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/expression/this_expression/Expression_ThisExpression_002_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/expression/this_expression/Expression_ThisExpression_002_F.java @@ -13,7 +13,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->表达式->this表达式 -// scene introduction = +// scene introduction = this表达式+函数调用 // level = 2 // bind_url = completeness/single_app_tracing/expression/this_expression/Expression_ThisExpression_002_F // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/expression/this_expression/config.json b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/expression/this_expression/config.json index 3deaca3a..fd2e2025 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/expression/this_expression/config.json +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/expression/this_expression/config.json @@ -8,7 +8,7 @@ "scene_list": [ { "compose": "Expression_ThisExpression_001_T.java && !Expression_ThisExpression_002_F.java", - "scene": "1" + "scene": "this表达式+函数调用" }, { "compose": "Expression_ThisExpression_Anonymous_001_T.java && !Expression_ThisExpression_Anonymous_002_F.java", diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/function_call/higher_order_function/Higher_Order_Function_003_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/function_call/higher_order_function/Higher_Order_Function_003_T.java index 2e5d07fb..2668d3b4 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/function_call/higher_order_function/Higher_Order_Function_003_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/function_call/higher_order_function/Higher_Order_Function_003_T.java @@ -12,7 +12,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->高阶函数 -// scene introduction = 高阶函数 +// scene introduction = 自定义高阶函数 // level = 2 // bind_url = completeness/single_app_tracing/function_call/higher_order_function/Higher_Order_Function_003_T // date = 2025-12-09 14:12:00 diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/function_call/higher_order_function/Higher_Order_Function_004_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/function_call/higher_order_function/Higher_Order_Function_004_F.java index 96ef1ea9..549d88b3 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/function_call/higher_order_function/Higher_Order_Function_004_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/function_call/higher_order_function/Higher_Order_Function_004_F.java @@ -11,7 +11,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->高阶函数 -// scene introduction = 高阶函数 +// scene introduction = 自定义高阶函数 // level = 2 // bind_url = completeness/single_app_tracing/function_call/higher_order_function/Higher_Order_Function_004_F // date = 2025-12-09 14:12:00 diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/function_call/higher_order_function/config.json b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/function_call/higher_order_function/config.json index f4a199f8..7a156560 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/function_call/higher_order_function/config.json +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/function_call/higher_order_function/config.json @@ -8,11 +8,11 @@ "scene_list": [ { "compose": "higher_order_function_001_T.java && !higher_order_function_002_F.java", - "scene": "1" + "scene": "高阶函数" }, { "compose": "Higher_Order_Function_003_T.java && !Higher_Order_Function_004_F.java", - "scene": "高阶函数" + "scene": "自定义高阶函数" } ] } diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/function_call/higher_order_function/higher_order_function_001_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/function_call/higher_order_function/higher_order_function_001_T.java index ea7f36dd..a4d3c38e 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/function_call/higher_order_function/higher_order_function_001_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/function_call/higher_order_function/higher_order_function_001_T.java @@ -12,7 +12,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->高阶函数 -// scene introduction = +// scene introduction = 高阶函数 // level = 2 // bind_url = completeness/single_app_tracing/function_call/higher_order_function/higher_order_function_001_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/function_call/higher_order_function/higher_order_function_002_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/function_call/higher_order_function/higher_order_function_002_F.java index da7356ea..433a4ca8 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/function_call/higher_order_function/higher_order_function_002_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/function_call/higher_order_function/higher_order_function_002_F.java @@ -12,7 +12,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->高阶函数 -// scene introduction = +// scene introduction = 高阶函数 // level = 2 // bind_url = completeness/single_app_tracing/function_call/higher_order_function/higher_order_function_002_F // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/variable_scope/private_variable/Private_Variable_001_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/variable_scope/private_variable/Private_Variable_001_T.java index 53ca4851..4b4a07ae 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/variable_scope/private_variable/Private_Variable_001_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/variable_scope/private_variable/Private_Variable_001_T.java @@ -9,8 +9,8 @@ // evaluation information start // real case = true -// evaluation item = 完整度->单应用跟踪完整度->变量作用域->静态变量 -// scene introduction = +// evaluation item = 完整度->单应用跟踪完整度->变量作用域->private变量 +// scene introduction = private变量 // level = 2 // bind_url = completeness/single_app_tracing/variable_scope/private_variable/Private_Variable_001_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/variable_scope/private_variable/Private_Variable_002_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/variable_scope/private_variable/Private_Variable_002_F.java index 6970849c..f15cf894 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/variable_scope/private_variable/Private_Variable_002_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/variable_scope/private_variable/Private_Variable_002_F.java @@ -9,8 +9,8 @@ // evaluation information start // real case = false -// evaluation item = 完整度->单应用跟踪完整度->变量作用域->静态变量 -// scene introduction = +// evaluation item = 完整度->单应用跟踪完整度->变量作用域->private变量 +// scene introduction = private变量 // level = 2 // bind_url = completeness/single_app_tracing/variable_scope/private_variable/Private_Variable_002_F // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/variable_scope/static_variable/config.json b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/variable_scope/static_variable/config.json index 3615aa87..8013e35a 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/variable_scope/static_variable/config.json +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/variable_scope/static_variable/config.json @@ -8,7 +8,7 @@ "scene_list": [ { "compose": "static_variable_001_T.java && !static_variable_002_F.java", - "scene": "1" + "scene": "静态变量" } ] } diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/variable_scope/static_variable/static_variable_001_T.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/variable_scope/static_variable/static_variable_001_T.java index 173a54fa..01c9de94 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/variable_scope/static_variable/static_variable_001_T.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/variable_scope/static_variable/static_variable_001_T.java @@ -14,7 +14,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->变量作用域->静态变量 -// scene introduction = +// scene introduction = 静态变量 // level = 2 // bind_url = completeness/single_app_tracing/variable_scope/static_variable/static_variable_001_T // evaluation information end diff --git a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/variable_scope/static_variable/static_variable_002_F.java b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/variable_scope/static_variable/static_variable_002_F.java index cc51610b..236d230e 100644 --- a/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/variable_scope/static_variable/static_variable_002_F.java +++ b/sast-java/src/main/java/com/sast/astbenchmark/case_language_maturity/completeness/single_app_tracing/variable_scope/static_variable/static_variable_002_F.java @@ -14,7 +14,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->变量作用域->静态变量 -// scene introduction = +// scene introduction = 静态变量 // level = 2 // bind_url = completeness/single_app_tracing/variable_scope/static_variable/static_variable_002_F // evaluation information end diff --git a/sast-js/case/accuracy/context_sensitive/polymorphism/config.json b/sast-js/case/accuracy/context_sensitive/polymorphism/config.json index da54ffd5..46f36193 100644 --- a/sast-js/case/accuracy/context_sensitive/polymorphism/config.json +++ b/sast-js/case/accuracy/context_sensitive/polymorphism/config.json @@ -12,7 +12,7 @@ }, { "compose": "polymorphism_003_T.js && !polymorphism_004_F.js", - "scene": "1" + "scene": "子类继承父类" } ] } diff --git a/sast-js/case/accuracy/context_sensitive/polymorphism/polymorphism_001_T.js b/sast-js/case/accuracy/context_sensitive/polymorphism/polymorphism_001_T.js index 482ab53f..2986fc85 100644 --- a/sast-js/case/accuracy/context_sensitive/polymorphism/polymorphism_001_T.js +++ b/sast-js/case/accuracy/context_sensitive/polymorphism/polymorphism_001_T.js @@ -1,7 +1,7 @@ // evaluation information start // real case = true // evaluation item = 准确度->上下文敏感分析->多态 -// scene introduction = 条件表达式 +// scene introduction = 条件表达式(需求解) // level = 4 // bind_url = accuracy/context_sensitive/polymorphism/polymorphism_001_T // evaluation information end diff --git a/sast-js/case/accuracy/context_sensitive/polymorphism/polymorphism_002_F.js b/sast-js/case/accuracy/context_sensitive/polymorphism/polymorphism_002_F.js index 5f57136d..0e4174c5 100644 --- a/sast-js/case/accuracy/context_sensitive/polymorphism/polymorphism_002_F.js +++ b/sast-js/case/accuracy/context_sensitive/polymorphism/polymorphism_002_F.js @@ -1,7 +1,7 @@ // evaluation information start // real case = false // evaluation item = 准确度->上下文敏感分析->多态 -// scene introduction = 条件表达式 +// scene introduction = 条件表达式(需求解) // level = 4 // bind_url = accuracy/context_sensitive/polymorphism/polymorphism_002_F // evaluation information end diff --git a/sast-js/case/accuracy/context_sensitive/polymorphism/polymorphism_003_T.js b/sast-js/case/accuracy/context_sensitive/polymorphism/polymorphism_003_T.js index 17c87be9..01d4e264 100644 --- a/sast-js/case/accuracy/context_sensitive/polymorphism/polymorphism_003_T.js +++ b/sast-js/case/accuracy/context_sensitive/polymorphism/polymorphism_003_T.js @@ -1,7 +1,7 @@ // evaluation information start // real case = true // evaluation item = 准确度->上下文敏感分析->多态 -// scene introduction = +// scene introduction = 子类继承父类 // level = 4 // bind_url = accuracy/context_sensitive/polymorphism/polymorphism_003_T // evaluation information end diff --git a/sast-js/case/accuracy/context_sensitive/polymorphism/polymorphism_004_F.js b/sast-js/case/accuracy/context_sensitive/polymorphism/polymorphism_004_F.js index 90f29fcd..4b52b116 100644 --- a/sast-js/case/accuracy/context_sensitive/polymorphism/polymorphism_004_F.js +++ b/sast-js/case/accuracy/context_sensitive/polymorphism/polymorphism_004_F.js @@ -1,7 +1,7 @@ // evaluation information start // real case = false // evaluation item = 准确度->上下文敏感分析->多态 -// scene introduction = +// scene introduction = 子类继承父类 // level = 4 // bind_url = accuracy/context_sensitive/polymorphism/polymorphism_004_F // evaluation information end diff --git a/sast-js/case/accuracy/object_field_sensitive/field_sensitive_interface_class/field_len_003_T.js b/sast-js/case/accuracy/object_field_sensitive/field_sensitive_interface_class/field_len_003_T.js index c5e6366d..6d240ee3 100644 --- a/sast-js/case/accuracy/object_field_sensitive/field_sensitive_interface_class/field_len_003_T.js +++ b/sast-js/case/accuracy/object_field_sensitive/field_sensitive_interface_class/field_len_003_T.js @@ -1,7 +1,7 @@ // evaluation information start // real case = true // evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象的不同字段 -// scene introduction = 路径长度 +// scene introduction = 路径长度2 // level = 3 // bind_url = accuracy/object_field_sensitive/field_sensitive_interface_class/field_len_003_T // evaluation information end diff --git a/sast-js/case/accuracy/object_field_sensitive/field_sensitive_interface_class/field_len_004_F.js b/sast-js/case/accuracy/object_field_sensitive/field_sensitive_interface_class/field_len_004_F.js index 773cd73e..6b04aba6 100644 --- a/sast-js/case/accuracy/object_field_sensitive/field_sensitive_interface_class/field_len_004_F.js +++ b/sast-js/case/accuracy/object_field_sensitive/field_sensitive_interface_class/field_len_004_F.js @@ -1,7 +1,7 @@ // evaluation information start // real case = false // evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象的不同字段 -// scene introduction = 路径长度 +// scene introduction = 路径长度2 // level = 3 // bind_url = accuracy/object_field_sensitive/field_sensitive_interface_class/field_len_004_F // evaluation information end diff --git a/sast-js/case/accuracy/object_field_sensitive/field_sensitive_interface_class/field_len_005_T.js b/sast-js/case/accuracy/object_field_sensitive/field_sensitive_interface_class/field_len_005_T.js index f6ad3e42..1c751e16 100644 --- a/sast-js/case/accuracy/object_field_sensitive/field_sensitive_interface_class/field_len_005_T.js +++ b/sast-js/case/accuracy/object_field_sensitive/field_sensitive_interface_class/field_len_005_T.js @@ -1,7 +1,7 @@ // evaluation information start // real case = true // evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象的不同字段 -// scene introduction = 路径长度 +// scene introduction = 路径长度3 // level = 3 // bind_url = accuracy/object_field_sensitive/field_sensitive_interface_class/field_len_005_T // evaluation information end diff --git a/sast-js/case/accuracy/object_field_sensitive/field_sensitive_interface_class/field_len_006_F.js b/sast-js/case/accuracy/object_field_sensitive/field_sensitive_interface_class/field_len_006_F.js index d8f7a855..4e6160ea 100644 --- a/sast-js/case/accuracy/object_field_sensitive/field_sensitive_interface_class/field_len_006_F.js +++ b/sast-js/case/accuracy/object_field_sensitive/field_sensitive_interface_class/field_len_006_F.js @@ -1,7 +1,7 @@ // evaluation information start // real case = false // evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象的不同字段 -// scene introduction = 路径长度 +// scene introduction = 路径长度3 // level = 3 // bind_url = accuracy/object_field_sensitive/field_sensitive_interface_class/field_len_006_F // evaluation information end diff --git a/sast-js/case/accuracy/object_field_sensitive/field_sensitive_one_collection/numeric_index_state_no_solver/array_no_solver_003_T.js b/sast-js/case/accuracy/object_field_sensitive/field_sensitive_one_collection/numeric_index_state_no_solver/array_no_solver_003_T.js index 8890cb34..e72bdc8b 100644 --- a/sast-js/case/accuracy/object_field_sensitive/field_sensitive_one_collection/numeric_index_state_no_solver/array_no_solver_003_T.js +++ b/sast-js/case/accuracy/object_field_sensitive/field_sensitive_one_collection/numeric_index_state_no_solver/array_no_solver_003_T.js @@ -1,7 +1,7 @@ // evaluation information start // real case = true // evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) -// scene introduction = 数组索引 +// scene introduction = 数组索引2 // level = 3 // bind_url = accuracy/object_field_sensitive/field_sensitive_one_collection/numeric_index_state_no_solver/array_no_solver_003_T // evaluation information end diff --git a/sast-js/case/accuracy/object_field_sensitive/field_sensitive_one_collection/numeric_index_state_no_solver/array_no_solver_004_F.js b/sast-js/case/accuracy/object_field_sensitive/field_sensitive_one_collection/numeric_index_state_no_solver/array_no_solver_004_F.js index e56162dc..9dbcc250 100644 --- a/sast-js/case/accuracy/object_field_sensitive/field_sensitive_one_collection/numeric_index_state_no_solver/array_no_solver_004_F.js +++ b/sast-js/case/accuracy/object_field_sensitive/field_sensitive_one_collection/numeric_index_state_no_solver/array_no_solver_004_F.js @@ -1,7 +1,7 @@ // evaluation information start // real case = false // evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) -// scene introduction = 数组索引 +// scene introduction = 数组索引2 // level = 3 // bind_url = accuracy/object_field_sensitive/field_sensitive_one_collection/numeric_index_state_no_solver/array_no_solver_004_F // evaluation information end diff --git a/sast-js/case/accuracy/object_field_sensitive/field_sensitive_one_collection/numeric_index_state_no_solver/spread_operator_no_solver_003_T.js b/sast-js/case/accuracy/object_field_sensitive/field_sensitive_one_collection/numeric_index_state_no_solver/spread_operator_no_solver_003_T.js index 0d60822d..1a6d005b 100644 --- a/sast-js/case/accuracy/object_field_sensitive/field_sensitive_one_collection/numeric_index_state_no_solver/spread_operator_no_solver_003_T.js +++ b/sast-js/case/accuracy/object_field_sensitive/field_sensitive_one_collection/numeric_index_state_no_solver/spread_operator_no_solver_003_T.js @@ -1,7 +1,7 @@ // evaluation information start // real case = true // evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) -// scene introduction = 数组索引->扩展运算符 +// scene introduction = 数组索引->扩展运算符2 // level = 3 // bind_url = accuracy/object_field_sensitive/field_sensitive_one_collection/numeric_index_state_no_solver/spread_operator_no_solver_003_T // evaluation information end diff --git a/sast-js/case/accuracy/object_field_sensitive/field_sensitive_one_collection/numeric_index_state_no_solver/spread_operator_no_solver_004_F.js b/sast-js/case/accuracy/object_field_sensitive/field_sensitive_one_collection/numeric_index_state_no_solver/spread_operator_no_solver_004_F.js index b1981cd4..284b7565 100644 --- a/sast-js/case/accuracy/object_field_sensitive/field_sensitive_one_collection/numeric_index_state_no_solver/spread_operator_no_solver_004_F.js +++ b/sast-js/case/accuracy/object_field_sensitive/field_sensitive_one_collection/numeric_index_state_no_solver/spread_operator_no_solver_004_F.js @@ -1,7 +1,7 @@ // evaluation information start // real case = false // evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) -// scene introduction = 数组索引->扩展运算符 +// scene introduction = 数组索引->扩展运算符2 // level = 3 // bind_url = accuracy/object_field_sensitive/field_sensitive_one_collection/numeric_index_state_no_solver/spread_operator_no_solver_004_F // evaluation information end diff --git a/sast-js/case/accuracy/object_field_sensitive/object_sensitive/array_object_sensitive_003_T.js b/sast-js/case/accuracy/object_field_sensitive/object_sensitive/array_object_sensitive_003_T.js index bfdae5a8..40f5d4ca 100644 --- a/sast-js/case/accuracy/object_field_sensitive/object_sensitive/array_object_sensitive_003_T.js +++ b/sast-js/case/accuracy/object_field_sensitive/object_sensitive/array_object_sensitive_003_T.js @@ -1,7 +1,7 @@ // evaluation information start // real case = true // evaluation item = 准确度->对象敏感与域敏感分析->区分不同的类对象、结构体/联合体和字典/列表/数组 -// scene introduction = 数组/集合->数组对象 +// scene introduction = 数组/集合->数组对象2 // level = 2 // bind_url = accuracy/object_field_sensitive/object_sensitive/array_object_sensitive_003_T // evaluation information end diff --git a/sast-js/case/accuracy/object_field_sensitive/object_sensitive/array_object_sensitive_004_F.js b/sast-js/case/accuracy/object_field_sensitive/object_sensitive/array_object_sensitive_004_F.js index 5e669a0f..82fe0b4e 100644 --- a/sast-js/case/accuracy/object_field_sensitive/object_sensitive/array_object_sensitive_004_F.js +++ b/sast-js/case/accuracy/object_field_sensitive/object_sensitive/array_object_sensitive_004_F.js @@ -1,7 +1,7 @@ // evaluation information start // real case = false // evaluation item = 准确度->对象敏感与域敏感分析->区分不同的类对象、结构体/联合体和字典/列表/数组 -// scene introduction = 数组/集合->数组对象 +// scene introduction = 数组/集合->数组对象2 // level = 2 // bind_url = accuracy/object_field_sensitive/object_sensitive/array_object_sensitive_004_F // evaluation information end diff --git a/sast-js/case/accuracy/object_field_sensitive/object_sensitive/map_object_sensitive_003_T.js b/sast-js/case/accuracy/object_field_sensitive/object_sensitive/map_object_sensitive_003_T.js index 2bae1650..a997cba2 100644 --- a/sast-js/case/accuracy/object_field_sensitive/object_sensitive/map_object_sensitive_003_T.js +++ b/sast-js/case/accuracy/object_field_sensitive/object_sensitive/map_object_sensitive_003_T.js @@ -1,7 +1,7 @@ // evaluation information start // real case = true // evaluation item = 准确度->对象敏感与域敏感分析->区分不同的类对象、结构体/联合体和字典/列表/数组 -// scene introduction = 字典->字典对象 +// scene introduction = 字典->字典对象2 // level = 2 // bind_url = accuracy/object_field_sensitive/object_sensitive/map_object_sensitive_003_T // evaluation information end diff --git a/sast-js/case/accuracy/object_field_sensitive/object_sensitive/map_object_sensitive_004_F.js b/sast-js/case/accuracy/object_field_sensitive/object_sensitive/map_object_sensitive_004_F.js index d0914c74..446771c4 100644 --- a/sast-js/case/accuracy/object_field_sensitive/object_sensitive/map_object_sensitive_004_F.js +++ b/sast-js/case/accuracy/object_field_sensitive/object_sensitive/map_object_sensitive_004_F.js @@ -1,7 +1,7 @@ // evaluation information start // real case = false // evaluation item = 准确度->对象敏感与域敏感分析->区分不同的类对象、结构体/联合体和字典/列表/数组 -// scene introduction = 字典->字典对象 +// scene introduction = 字典->字典对象2 // level = 2 // bind_url = accuracy/object_field_sensitive/object_sensitive/map_object_sensitive_004_F // evaluation information end diff --git a/sast-js/case/accuracy/object_field_sensitive/object_sensitive/map_object_sensitive_005_T.js b/sast-js/case/accuracy/object_field_sensitive/object_sensitive/map_object_sensitive_005_T.js index 0920ab84..0c995fab 100644 --- a/sast-js/case/accuracy/object_field_sensitive/object_sensitive/map_object_sensitive_005_T.js +++ b/sast-js/case/accuracy/object_field_sensitive/object_sensitive/map_object_sensitive_005_T.js @@ -1,7 +1,7 @@ // evaluation information start // real case = true // evaluation item = 准确度->对象敏感与域敏感分析->区分不同的类对象、结构体/联合体和字典/列表/数组 -// scene introduction = 字典->字典对象 +// scene introduction = 字典->字典对象3 // level = 2 // bind_url = accuracy/object_field_sensitive/object_sensitive/map_object_sensitive_005_T // evaluation information end diff --git a/sast-js/case/accuracy/object_field_sensitive/object_sensitive/map_object_sensitive_006_F.js b/sast-js/case/accuracy/object_field_sensitive/object_sensitive/map_object_sensitive_006_F.js index c0383db7..743edd5b 100644 --- a/sast-js/case/accuracy/object_field_sensitive/object_sensitive/map_object_sensitive_006_F.js +++ b/sast-js/case/accuracy/object_field_sensitive/object_sensitive/map_object_sensitive_006_F.js @@ -1,7 +1,7 @@ // evaluation information start // real case = false // evaluation item = 准确度->对象敏感与域敏感分析->区分不同的类对象、结构体/联合体和字典/列表/数组 -// scene introduction = 字典->字典对象 +// scene introduction = 字典->字典对象3 // level = 2 // bind_url = accuracy/object_field_sensitive/object_sensitive/map_object_sensitive_006_F // evaluation information end diff --git a/sast-js/case/accuracy/path_sensitive/exception_throw/exception_throw_001_T.js b/sast-js/case/accuracy/path_sensitive/exception_throw/exception_throw_001_T.js index d7a486e2..e244a25c 100644 --- a/sast-js/case/accuracy/path_sensitive/exception_throw/exception_throw_001_T.js +++ b/sast-js/case/accuracy/path_sensitive/exception_throw/exception_throw_001_T.js @@ -1,7 +1,7 @@ // evaluation information start // real case = true // evaluation item = 准确度->路径敏感分析->异常抛出和捕获 -// scene introduction = 异常抛出-try块 +// scene introduction = 抛出 // level = 3 // bind_url = accuracy/path_sensitive/exception_throw/exception_throw_001_T // evaluation information end diff --git a/sast-js/case/accuracy/path_sensitive/exception_throw/exception_throw_002_F.js b/sast-js/case/accuracy/path_sensitive/exception_throw/exception_throw_002_F.js index 4d8b3b71..0eb2167a 100644 --- a/sast-js/case/accuracy/path_sensitive/exception_throw/exception_throw_002_F.js +++ b/sast-js/case/accuracy/path_sensitive/exception_throw/exception_throw_002_F.js @@ -1,7 +1,7 @@ // evaluation information start // real case = false // evaluation item = 准确度->路径敏感分析->异常抛出和捕获 -// scene introduction = 异常抛出-try块 +// scene introduction = 抛出 // level = 3 // bind_url = accuracy/path_sensitive/exception_throw/exception_throw_002_F // evaluation information end diff --git a/sast-js/case/accuracy/path_sensitive/exception_throw/exception_throw_003_T.js b/sast-js/case/accuracy/path_sensitive/exception_throw/exception_throw_003_T.js index 0308dbf8..0c91fce1 100644 --- a/sast-js/case/accuracy/path_sensitive/exception_throw/exception_throw_003_T.js +++ b/sast-js/case/accuracy/path_sensitive/exception_throw/exception_throw_003_T.js @@ -1,7 +1,7 @@ // evaluation information start // real case = true // evaluation item = 准确度->路径敏感分析->异常抛出和捕获 -// scene introduction = 异常抛出- catch块 +// scene introduction = 捕获 // level = 3 // bind_url = accuracy/path_sensitive/exception_throw/exception_throw_003_T // evaluation information end diff --git a/sast-js/case/accuracy/path_sensitive/exception_throw/exception_throw_004_F.js b/sast-js/case/accuracy/path_sensitive/exception_throw/exception_throw_004_F.js index 088f8cb6..40831a3c 100644 --- a/sast-js/case/accuracy/path_sensitive/exception_throw/exception_throw_004_F.js +++ b/sast-js/case/accuracy/path_sensitive/exception_throw/exception_throw_004_F.js @@ -1,7 +1,7 @@ // evaluation information start // real case = false // evaluation item = 准确度->路径敏感分析->异常抛出和捕获 -// scene introduction = 异常抛出- catch块 +// scene introduction = 捕获 // level = 3 // bind_url = accuracy/path_sensitive/exception_throw/exception_throw_004_F // evaluation information end diff --git a/sast-js/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_003_T.js b/sast-js/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_003_T.js index dbdcdd1a..cda69257 100644 --- a/sast-js/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_003_T.js +++ b/sast-js/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_003_T.js @@ -1,7 +1,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->动态特性跟踪完整度->反射调用 -// scene introduction = 反射 +// scene introduction = 反射2 // level = 3 // bind_url = completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_003_T // evaluation information end diff --git a/sast-js/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_004_F.js b/sast-js/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_004_F.js index 7251a1a6..a6037f06 100644 --- a/sast-js/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_004_F.js +++ b/sast-js/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_004_F.js @@ -1,7 +1,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->动态特性跟踪完整度->反射调用 -// scene introduction = 反射 +// scene introduction = 反射2 // level = 3 // bind_url = completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_004_F // evaluation information end diff --git a/sast-js/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_005_T.js b/sast-js/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_005_T.js index 4a47fb5c..a6aab1bb 100644 --- a/sast-js/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_005_T.js +++ b/sast-js/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_005_T.js @@ -1,7 +1,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->动态特性跟踪完整度->反射调用 -// scene introduction = 反射 +// scene introduction = 反射3 // level = 3 // bind_url = completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_005_T // evaluation information end diff --git a/sast-js/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_006_F.js b/sast-js/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_006_F.js index 72edfe5d..de5bc3cb 100644 --- a/sast-js/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_006_F.js +++ b/sast-js/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_006_F.js @@ -1,7 +1,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->动态特性跟踪完整度->反射调用 -// scene introduction = 反射 +// scene introduction = 反射3 // level = 3 // bind_url = completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_006_F // evaluation information end diff --git a/sast-js/case/completeness/single_app_tracing/alias/alias_004_F.js b/sast-js/case/completeness/single_app_tracing/alias/alias_004_F.js index 7b008c30..37b55857 100644 --- a/sast-js/case/completeness/single_app_tracing/alias/alias_004_F.js +++ b/sast-js/case/completeness/single_app_tracing/alias/alias_004_F.js @@ -1,7 +1,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->别名 -// scene introduction = 解构参数 +// scene introduction = 数组别名 // level = 2 // bind_url = completeness/single_app_tracing/alias/alias_004_F // date = 2025-12-18 06:34:45 diff --git a/sast-js/case/completeness/single_app_tracing/alias/alias_005_T.js b/sast-js/case/completeness/single_app_tracing/alias/alias_005_T.js index 34f57b53..d5f9eec4 100644 --- a/sast-js/case/completeness/single_app_tracing/alias/alias_005_T.js +++ b/sast-js/case/completeness/single_app_tracing/alias/alias_005_T.js @@ -1,7 +1,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->别名 -// scene introduction = 解构参数 +// scene introduction = 数组别名 // level = 2 // bind_url = completeness/single_app_tracing/alias/alias_005_T // date = 2025-12-18 06:34:45 diff --git a/sast-js/case/completeness/single_app_tracing/alias/alias_006_F.js b/sast-js/case/completeness/single_app_tracing/alias/alias_006_F.js index 4008c217..010e425c 100644 --- a/sast-js/case/completeness/single_app_tracing/alias/alias_006_F.js +++ b/sast-js/case/completeness/single_app_tracing/alias/alias_006_F.js @@ -1,7 +1,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->别名 -// scene introduction = 解构参数 +// scene introduction = 对象别名 // level = 2 // bind_url = completeness/single_app_tracing/alias/alias_006_F // date = 2025-12-18 06:34:45 diff --git a/sast-js/case/completeness/single_app_tracing/alias/alias_007_T.js b/sast-js/case/completeness/single_app_tracing/alias/alias_007_T.js index de8539aa..ff8954fa 100644 --- a/sast-js/case/completeness/single_app_tracing/alias/alias_007_T.js +++ b/sast-js/case/completeness/single_app_tracing/alias/alias_007_T.js @@ -1,7 +1,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->别名 -// scene introduction = 解构参数 +// scene introduction = 对象别名 // level = 2 // bind_url = completeness/single_app_tracing/alias/alias_007_T // date = 2025-12-18 06:34:45 diff --git a/sast-js/case/completeness/single_app_tracing/asynchronous_tracing/delayed_execution_async/asynchronous_promisify_001_T.js b/sast-js/case/completeness/single_app_tracing/asynchronous_tracing/delayed_execution_async/asynchronous_promisify_001_T.js index c9b0b412..fd5633fb 100644 --- a/sast-js/case/completeness/single_app_tracing/asynchronous_tracing/delayed_execution_async/asynchronous_promisify_001_T.js +++ b/sast-js/case/completeness/single_app_tracing/asynchronous_tracing/delayed_execution_async/asynchronous_promisify_001_T.js @@ -1,6 +1,6 @@ // evaluation information start // real case = true -// evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 +// evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->延迟执行异步 // scene introduction = promisify异步分析 // level = 2 // bind_url = completeness/single_app_tracing/asynchronous_tracing/delayed_execution_async/asynchronous_promisify_001_T diff --git a/sast-js/case/completeness/single_app_tracing/asynchronous_tracing/delayed_execution_async/asynchronous_promisify_002_F.js b/sast-js/case/completeness/single_app_tracing/asynchronous_tracing/delayed_execution_async/asynchronous_promisify_002_F.js index 6f8e1b8a..b23b6250 100644 --- a/sast-js/case/completeness/single_app_tracing/asynchronous_tracing/delayed_execution_async/asynchronous_promisify_002_F.js +++ b/sast-js/case/completeness/single_app_tracing/asynchronous_tracing/delayed_execution_async/asynchronous_promisify_002_F.js @@ -1,6 +1,6 @@ // evaluation information start // real case = false -// evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 +// evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->延迟执行异步 // scene introduction = promisify异步分析 // level = 2 // bind_url = completeness/single_app_tracing/asynchronous_tracing/delayed_execution_async/asynchronous_promisify_002_F diff --git a/sast-js/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/asynchronous_promise_003_T.js b/sast-js/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/asynchronous_promise_003_T.js index e1113596..a3a8d958 100644 --- a/sast-js/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/asynchronous_promise_003_T.js +++ b/sast-js/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/asynchronous_promise_003_T.js @@ -1,7 +1,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 -// scene introduction = Promise +// scene introduction = Promise3 // level = 2 // bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/asynchronous_promise_003_T // evaluation information end diff --git a/sast-js/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/asynchronous_promise_004_F.js b/sast-js/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/asynchronous_promise_004_F.js index ddefa712..66c0e2e1 100644 --- a/sast-js/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/asynchronous_promise_004_F.js +++ b/sast-js/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/asynchronous_promise_004_F.js @@ -1,7 +1,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 -// scene introduction = Promise +// scene introduction = Promise3 // level = 2 // bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/asynchronous_promise_004_F // evaluation information end diff --git a/sast-js/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/asynchronous_promise_005_T.js b/sast-js/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/asynchronous_promise_005_T.js index d9c14659..7a9b2f52 100644 --- a/sast-js/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/asynchronous_promise_005_T.js +++ b/sast-js/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/asynchronous_promise_005_T.js @@ -1,7 +1,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 -// scene introduction = Promise +// scene introduction = Promise2 // level = 2 // bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/asynchronous_promise_005_T // evaluation information end diff --git a/sast-js/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/asynchronous_promise_006_F.js b/sast-js/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/asynchronous_promise_006_F.js index 79ded4e7..f3a8ca4d 100644 --- a/sast-js/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/asynchronous_promise_006_F.js +++ b/sast-js/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/asynchronous_promise_006_F.js @@ -1,7 +1,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 -// scene introduction = Promise +// scene introduction = Promise2 // level = 2 // bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/asynchronous_promise_006_F // evaluation information end diff --git a/sast-js/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/asynchronous_promise_007_T.js b/sast-js/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/asynchronous_promise_007_T.js index 18058eaf..81186ec9 100644 --- a/sast-js/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/asynchronous_promise_007_T.js +++ b/sast-js/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/asynchronous_promise_007_T.js @@ -1,7 +1,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 -// scene introduction = Promise +// scene introduction = Promise4 // level = 2 // bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/asynchronous_promise_007_T // evaluation information end diff --git a/sast-js/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/asynchronous_promise_008_F.js b/sast-js/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/asynchronous_promise_008_F.js index e32418d1..9a033bf4 100644 --- a/sast-js/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/asynchronous_promise_008_F.js +++ b/sast-js/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/asynchronous_promise_008_F.js @@ -1,7 +1,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 -// scene introduction = Promise +// scene introduction = Promise4 // level = 2 // bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/asynchronous_promise_008_F // evaluation information end diff --git a/sast-js/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/asynchronous_promise_009_T.js b/sast-js/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/asynchronous_promise_009_T.js index e8719b86..43b3fc28 100644 --- a/sast-js/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/asynchronous_promise_009_T.js +++ b/sast-js/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/asynchronous_promise_009_T.js @@ -1,7 +1,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 -// scene introduction = Promise +// scene introduction = Promise5 // level = 2 // bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/asynchronous_promise_009_T // evaluation information end diff --git a/sast-js/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/asynchronous_promise_010_F.js b/sast-js/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/asynchronous_promise_010_F.js index 43a6d1ad..ddc8ed75 100644 --- a/sast-js/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/asynchronous_promise_010_F.js +++ b/sast-js/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/asynchronous_promise_010_F.js @@ -1,7 +1,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 -// scene introduction = Promise +// scene introduction = Promise5 // level = 2 // bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/asynchronous_promise_010_F // evaluation information end diff --git a/sast-js/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_003_T/A/cross_module_003_T_a.js b/sast-js/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_003_T/A/cross_module_003_T_a.js index ec9881b6..4a155a6e 100644 --- a/sast-js/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_003_T/A/cross_module_003_T_a.js +++ b/sast-js/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_003_T/A/cross_module_003_T_a.js @@ -7,7 +7,7 @@ // evaluation information end -export default function defaultExport(__taint_src) { +export default function cross_module_003_T_a(__taint_src) { return __taint_src + "_default"; } diff --git a/sast-js/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_003_T/B/cross_module_003_T_b.js b/sast-js/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_003_T/B/cross_module_003_T_b.js index 0009165a..9bd85ced 100644 --- a/sast-js/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_003_T/B/cross_module_003_T_b.js +++ b/sast-js/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_003_T/B/cross_module_003_T_b.js @@ -6,10 +6,10 @@ // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_003_T/B/cross_module_003_T_b // evaluation information end import { execSync } from 'child_process'; -import defaultExport from "../A/cross_module_003_T_a.js"; +import cross_module_003_T_a from "../A/cross_module_003_T_a.js"; function cross_module_003_T_b(taint_src) { - let result = defaultExport(taint_src); + let result = cross_module_003_T_a(taint_src); __taint_sink(result); } diff --git a/sast-js/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_004_F/A/cross_module_004_F_a.js b/sast-js/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_004_F/A/cross_module_004_F_a.js index d746fde6..86b61e18 100644 --- a/sast-js/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_004_F/A/cross_module_004_F_a.js +++ b/sast-js/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_004_F/A/cross_module_004_F_a.js @@ -7,7 +7,7 @@ // evaluation information end -export default function defaultExport() { +export default function cross_module_004_F_a() { return "_default"; } diff --git a/sast-js/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_004_F/B/cross_module_004_F_b.js b/sast-js/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_004_F/B/cross_module_004_F_b.js index 86b57eeb..0527005f 100644 --- a/sast-js/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_004_F/B/cross_module_004_F_b.js +++ b/sast-js/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_004_F/B/cross_module_004_F_b.js @@ -6,10 +6,10 @@ // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_004_F/B/cross_module_004_F_b // evaluation information end import { execSync } from 'child_process'; -import defaultExport from "../A/cross_module_004_F_a.js"; +import cross_module_004_F_a from "../A/cross_module_004_F_a.js"; function cross_module_004_F_b() { - let result = defaultExport(); + let result = cross_module_004_F_a(); __taint_sink(result); } diff --git a/sast-js/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/A/cross_module_005_T_a.js b/sast-js/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/A/cross_module_005_T_a.js index e6ec0394..bc112a23 100644 --- a/sast-js/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/A/cross_module_005_T_a.js +++ b/sast-js/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/A/cross_module_005_T_a.js @@ -7,12 +7,12 @@ // evaluation information end -function exportString(__taint_src) { +function cross_module_005_T_a(__taint_src) { return __taint_src; } export { - exportString, + cross_module_005_T_a, }; diff --git a/sast-js/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/B/cross_module_005_T_b.js b/sast-js/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/B/cross_module_005_T_b.js index b42dae30..6757e120 100644 --- a/sast-js/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/B/cross_module_005_T_b.js +++ b/sast-js/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/B/cross_module_005_T_b.js @@ -6,10 +6,10 @@ // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/B/cross_module_005_T_b // evaluation information end import { execSync } from 'child_process'; -import { exportString } from "../A/cross_module_005_T_a.js"; +import { cross_module_005_T_a } from "../A/cross_module_005_T_a.js"; function cross_module_005_T_b(taint_src) { - let result = exportString(taint_src); + let result = cross_module_005_T_a(taint_src); __taint_sink(result); } diff --git a/sast-js/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/A/cross_module_006_F_a.js b/sast-js/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/A/cross_module_006_F_a.js index 43e8538c..39f25eeb 100644 --- a/sast-js/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/A/cross_module_006_F_a.js +++ b/sast-js/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/A/cross_module_006_F_a.js @@ -7,12 +7,12 @@ // evaluation information end -function exportString() { +function cross_module_006_F_a() { return "_"; } export { - exportString, + cross_module_006_F_a, }; diff --git a/sast-js/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/B/cross_module_006_F_b.js b/sast-js/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/B/cross_module_006_F_b.js index 8720991b..6f14ff8d 100644 --- a/sast-js/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/B/cross_module_006_F_b.js +++ b/sast-js/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/B/cross_module_006_F_b.js @@ -6,10 +6,10 @@ // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/B/cross_module_006_F_b // evaluation information end import { execSync } from 'child_process'; -import { exportString } from "../A/cross_module_006_F_a.js"; +import { cross_module_006_F_a } from "../A/cross_module_006_F_a.js"; function cross_module_006_F_b() { - let result = exportString(); + let result = cross_module_006_F_a(); __taint_sink(result); } diff --git a/sast-js/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_009_T/A/cross_module_009_T_a.js b/sast-js/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_009_T/A/cross_module_009_T_a.js index a1c0c36f..65c40a75 100644 --- a/sast-js/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_009_T/A/cross_module_009_T_a.js +++ b/sast-js/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_009_T/A/cross_module_009_T_a.js @@ -7,7 +7,7 @@ // evaluation information end -export function exportString(__taint_src) { +export function cross_module_009_T_a(__taint_src) { return __taint_src; } diff --git a/sast-js/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_009_T/B/cross_module_009_T_b.js b/sast-js/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_009_T/B/cross_module_009_T_b.js index a1ac03c1..53f0e8c8 100644 --- a/sast-js/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_009_T/B/cross_module_009_T_b.js +++ b/sast-js/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_009_T/B/cross_module_009_T_b.js @@ -8,10 +8,10 @@ import { execSync } from 'child_process'; -import { exportString } from "#root/cross_module_009_T_a.js"; +import { cross_module_009_T_a } from "#root/cross_module_009_T_a.js"; function cross_module_009_T_b(taint_src) { - let result = exportString(taint_src); + let result = cross_module_009_T_a(taint_src); __taint_sink(result); } diff --git a/sast-js/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_010_F/A/cross_module_010_F_a.js b/sast-js/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_010_F/A/cross_module_010_F_a.js index ff22b819..802783b2 100644 --- a/sast-js/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_010_F/A/cross_module_010_F_a.js +++ b/sast-js/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_010_F/A/cross_module_010_F_a.js @@ -7,7 +7,7 @@ // evaluation information end -export function exportString() { +export function cross_module_010_F_a() { return "_"; } diff --git a/sast-js/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_010_F/B/cross_module_010_F_b.js b/sast-js/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_010_F/B/cross_module_010_F_b.js index 819df862..9e4d2235 100644 --- a/sast-js/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_010_F/B/cross_module_010_F_b.js +++ b/sast-js/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_010_F/B/cross_module_010_F_b.js @@ -8,10 +8,10 @@ import { execSync } from 'child_process'; -import { exportString } from "#root/cross_module_010_F_a.js"; +import { cross_module_010_F_a } from "#root/cross_module_010_F_a.js"; function cross_module_010_F_b() { - let result = exportString(); + let result = cross_module_010_F_a(); __taint_sink(result); } diff --git a/sast-js/case/completeness/single_app_tracing/exception_error/exception_throw/exception_catch_003_T.js b/sast-js/case/completeness/single_app_tracing/exception_error/exception_throw/exception_catch_003_T.js index 8202024a..2fe701a0 100644 --- a/sast-js/case/completeness/single_app_tracing/exception_error/exception_throw/exception_catch_003_T.js +++ b/sast-js/case/completeness/single_app_tracing/exception_error/exception_throw/exception_catch_003_T.js @@ -1,7 +1,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->异常与错误处理->异常抛出与捕获 -// scene introduction = exception_catch +// scene introduction = exception_catch2 // level = 2 // bind_url = completeness/single_app_tracing/exception_error/exception_throw/exception_catch_003_T // evaluation information end diff --git a/sast-js/case/completeness/single_app_tracing/exception_error/exception_throw/exception_catch_004_F.js b/sast-js/case/completeness/single_app_tracing/exception_error/exception_throw/exception_catch_004_F.js index e11f2ac8..0ec9b150 100644 --- a/sast-js/case/completeness/single_app_tracing/exception_error/exception_throw/exception_catch_004_F.js +++ b/sast-js/case/completeness/single_app_tracing/exception_error/exception_throw/exception_catch_004_F.js @@ -1,7 +1,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->异常与错误处理->异常抛出与捕获 -// scene introduction = exception_catch +// scene introduction = exception_catch2 // level = 2 // bind_url = completeness/single_app_tracing/exception_error/exception_throw/exception_catch_004_F // evaluation information end diff --git a/sast-js/case/completeness/single_app_tracing/expression/special_expression/rest_parameter_001_T.js b/sast-js/case/completeness/single_app_tracing/expression/special_expression/rest_parameter_001_T.js index f3d8300d..7dbe86ff 100644 --- a/sast-js/case/completeness/single_app_tracing/expression/special_expression/rest_parameter_001_T.js +++ b/sast-js/case/completeness/single_app_tracing/expression/special_expression/rest_parameter_001_T.js @@ -1,7 +1,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -// scene introduction = 扩展运算符 +// scene introduction = 扩展运算符3 // level = 2 // bind_url = completeness/single_app_tracing/expression/special_expression/rest_parameter_001_T // evaluation information end diff --git a/sast-js/case/completeness/single_app_tracing/expression/special_expression/rest_parameter_002_F.js b/sast-js/case/completeness/single_app_tracing/expression/special_expression/rest_parameter_002_F.js index 5e0c2219..6b58ce81 100644 --- a/sast-js/case/completeness/single_app_tracing/expression/special_expression/rest_parameter_002_F.js +++ b/sast-js/case/completeness/single_app_tracing/expression/special_expression/rest_parameter_002_F.js @@ -1,7 +1,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -// scene introduction = 扩展运算符 +// scene introduction = 扩展运算符3 // level = 2 // bind_url = completeness/single_app_tracing/expression/special_expression/rest_parameter_002_F // evaluation information end diff --git a/sast-js/case/completeness/single_app_tracing/expression/special_expression/rest_parameter_003_T.js b/sast-js/case/completeness/single_app_tracing/expression/special_expression/rest_parameter_003_T.js index f65327ca..96657e43 100644 --- a/sast-js/case/completeness/single_app_tracing/expression/special_expression/rest_parameter_003_T.js +++ b/sast-js/case/completeness/single_app_tracing/expression/special_expression/rest_parameter_003_T.js @@ -1,7 +1,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -// scene introduction = 扩展运算符 +// scene introduction = 扩展运算符4 // level = 2 // bind_url = completeness/single_app_tracing/expression/special_expression/rest_parameter_003_T // evaluation information end diff --git a/sast-js/case/completeness/single_app_tracing/expression/special_expression/rest_parameter_004_F.js b/sast-js/case/completeness/single_app_tracing/expression/special_expression/rest_parameter_004_F.js index 90505679..e5a0134b 100644 --- a/sast-js/case/completeness/single_app_tracing/expression/special_expression/rest_parameter_004_F.js +++ b/sast-js/case/completeness/single_app_tracing/expression/special_expression/rest_parameter_004_F.js @@ -1,7 +1,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -// scene introduction = 扩展运算符 +// scene introduction = 扩展运算符4 // level = 2 // bind_url = completeness/single_app_tracing/expression/special_expression/rest_parameter_004_F // evaluation information end diff --git a/sast-js/case/completeness/single_app_tracing/expression/special_expression/rest_parameter_005_T.js b/sast-js/case/completeness/single_app_tracing/expression/special_expression/rest_parameter_005_T.js index 3c16609d..c1a13720 100644 --- a/sast-js/case/completeness/single_app_tracing/expression/special_expression/rest_parameter_005_T.js +++ b/sast-js/case/completeness/single_app_tracing/expression/special_expression/rest_parameter_005_T.js @@ -1,7 +1,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -// scene introduction = 扩展运算符 +// scene introduction = 扩展运算符5 // level = 2 // bind_url = completeness/single_app_tracing/expression/special_expression/rest_parameter_005_T // evaluation information end diff --git a/sast-js/case/completeness/single_app_tracing/expression/special_expression/rest_parameter_006_F.js b/sast-js/case/completeness/single_app_tracing/expression/special_expression/rest_parameter_006_F.js index b15e37f2..eab7c579 100644 --- a/sast-js/case/completeness/single_app_tracing/expression/special_expression/rest_parameter_006_F.js +++ b/sast-js/case/completeness/single_app_tracing/expression/special_expression/rest_parameter_006_F.js @@ -1,7 +1,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -// scene introduction = 扩展运算符 +// scene introduction = 扩展运算符5 // level = 2 // bind_url = completeness/single_app_tracing/expression/special_expression/rest_parameter_006_F // evaluation information end diff --git a/sast-js/case/completeness/single_app_tracing/expression/special_expression/spread_operator_003_T.js b/sast-js/case/completeness/single_app_tracing/expression/special_expression/spread_operator_003_T.js index 574fea1d..66661bfd 100644 --- a/sast-js/case/completeness/single_app_tracing/expression/special_expression/spread_operator_003_T.js +++ b/sast-js/case/completeness/single_app_tracing/expression/special_expression/spread_operator_003_T.js @@ -1,7 +1,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -// scene introduction = 扩展运算符 +// scene introduction = 扩展运算符6 // level = 2 // bind_url = completeness/single_app_tracing/expression/special_expression/spread_operator_003_T // evaluation information end diff --git a/sast-js/case/completeness/single_app_tracing/expression/special_expression/spread_operator_004_F.js b/sast-js/case/completeness/single_app_tracing/expression/special_expression/spread_operator_004_F.js index 6babd931..1d89d96c 100644 --- a/sast-js/case/completeness/single_app_tracing/expression/special_expression/spread_operator_004_F.js +++ b/sast-js/case/completeness/single_app_tracing/expression/special_expression/spread_operator_004_F.js @@ -1,7 +1,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -// scene introduction = 扩展运算符 +// scene introduction = 扩展运算符6 // level = 2 // bind_url = completeness/single_app_tracing/expression/special_expression/spread_operator_004_F // evaluation information end diff --git a/sast-js/case/completeness/single_app_tracing/expression/special_expression/spread_operator_005_T.js b/sast-js/case/completeness/single_app_tracing/expression/special_expression/spread_operator_005_T.js index 8308a19d..b5bea12a 100644 --- a/sast-js/case/completeness/single_app_tracing/expression/special_expression/spread_operator_005_T.js +++ b/sast-js/case/completeness/single_app_tracing/expression/special_expression/spread_operator_005_T.js @@ -1,7 +1,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -// scene introduction = 扩展运算符 +// scene introduction = 扩展运算符2 // level = 2 // bind_url = completeness/single_app_tracing/expression/special_expression/spread_operator_005_T // evaluation information end diff --git a/sast-js/case/completeness/single_app_tracing/expression/special_expression/spread_operator_006_F.js b/sast-js/case/completeness/single_app_tracing/expression/special_expression/spread_operator_006_F.js index f9d954ca..a4a0626f 100644 --- a/sast-js/case/completeness/single_app_tracing/expression/special_expression/spread_operator_006_F.js +++ b/sast-js/case/completeness/single_app_tracing/expression/special_expression/spread_operator_006_F.js @@ -1,7 +1,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -// scene introduction = 扩展运算符 +// scene introduction = 扩展运算符2 // level = 2 // bind_url = completeness/single_app_tracing/expression/special_expression/spread_operator_006_F // evaluation information end diff --git a/sast-js/case/completeness/single_app_tracing/expression/special_expression/template_literal_003_T.js b/sast-js/case/completeness/single_app_tracing/expression/special_expression/template_literal_003_T.js index 8529d8bf..57af1145 100644 --- a/sast-js/case/completeness/single_app_tracing/expression/special_expression/template_literal_003_T.js +++ b/sast-js/case/completeness/single_app_tracing/expression/special_expression/template_literal_003_T.js @@ -1,7 +1,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -// scene introduction = 模板字面量 +// scene introduction = 模板字面量2 // level = 2 // bind_url = completeness/single_app_tracing/expression/special_expression/template_literal_003_T // evaluation information end diff --git a/sast-js/case/completeness/single_app_tracing/expression/special_expression/template_literal_004_F.js b/sast-js/case/completeness/single_app_tracing/expression/special_expression/template_literal_004_F.js index 91f73608..fe0025cc 100644 --- a/sast-js/case/completeness/single_app_tracing/expression/special_expression/template_literal_004_F.js +++ b/sast-js/case/completeness/single_app_tracing/expression/special_expression/template_literal_004_F.js @@ -1,7 +1,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -// scene introduction = 模板字面量 +// scene introduction = 模板字面量2 // level = 2 // bind_url = completeness/single_app_tracing/expression/special_expression/template_literal_004_F // evaluation information end diff --git a/sast-js/case/completeness/single_app_tracing/expression/special_expression/template_literal_005_T.js b/sast-js/case/completeness/single_app_tracing/expression/special_expression/template_literal_005_T.js index 829eca24..109799e0 100644 --- a/sast-js/case/completeness/single_app_tracing/expression/special_expression/template_literal_005_T.js +++ b/sast-js/case/completeness/single_app_tracing/expression/special_expression/template_literal_005_T.js @@ -1,7 +1,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -// scene introduction = 模板字面量 +// scene introduction = 模板字面量3 // level = 2 // bind_url = completeness/single_app_tracing/expression/special_expression/template_literal_005_T // evaluation information end diff --git a/sast-js/case/completeness/single_app_tracing/expression/special_expression/template_literal_006_F.js b/sast-js/case/completeness/single_app_tracing/expression/special_expression/template_literal_006_F.js index 1feea726..0f93c487 100644 --- a/sast-js/case/completeness/single_app_tracing/expression/special_expression/template_literal_006_F.js +++ b/sast-js/case/completeness/single_app_tracing/expression/special_expression/template_literal_006_F.js @@ -1,7 +1,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -// scene introduction = 模板字面量 +// scene introduction = 模板字面量3 // level = 2 // bind_url = completeness/single_app_tracing/expression/special_expression/template_literal_006_F // evaluation information end diff --git a/sast-js/case/completeness/single_app_tracing/expression/this_expression/this_expression_003_T.js b/sast-js/case/completeness/single_app_tracing/expression/this_expression/this_expression_003_T.js index 28b44b01..39b48013 100644 --- a/sast-js/case/completeness/single_app_tracing/expression/this_expression/this_expression_003_T.js +++ b/sast-js/case/completeness/single_app_tracing/expression/this_expression/this_expression_003_T.js @@ -1,7 +1,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->表达式->this表达式 -// scene introduction = this表达式 +// scene introduction = this表达式2 // level = 2 // bind_url = completeness/single_app_tracing/expression/this_expression/this_expression_003_T // evaluation information end diff --git a/sast-js/case/completeness/single_app_tracing/expression/this_expression/this_expression_004_F.js b/sast-js/case/completeness/single_app_tracing/expression/this_expression/this_expression_004_F.js index 3495b4ea..9f38112e 100644 --- a/sast-js/case/completeness/single_app_tracing/expression/this_expression/this_expression_004_F.js +++ b/sast-js/case/completeness/single_app_tracing/expression/this_expression/this_expression_004_F.js @@ -1,7 +1,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->表达式->this表达式 -// scene introduction = this表达式 +// scene introduction = this表达式2 // level = 2 // bind_url = completeness/single_app_tracing/expression/this_expression/this_expression_004_F // evaluation information end diff --git a/sast-js/case/completeness/single_app_tracing/function_call/chained_call/chained_call_001_F.js b/sast-js/case/completeness/single_app_tracing/function_call/chained_call/chained_call_001_F.js index bdde1a55..e088e3e6 100644 --- a/sast-js/case/completeness/single_app_tracing/function_call/chained_call/chained_call_001_F.js +++ b/sast-js/case/completeness/single_app_tracing/function_call/chained_call/chained_call_001_F.js @@ -1,7 +1,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->链式调用 -// scene introduction = +// scene introduction = 类方法链式调用 // level = 2 // bind_url = completeness/single_app_tracing/function_call/chained_call/chained_call_001_F // evaluation information end diff --git a/sast-js/case/completeness/single_app_tracing/function_call/chained_call/chained_call_002_T.js b/sast-js/case/completeness/single_app_tracing/function_call/chained_call/chained_call_002_T.js index 348dfaf1..516ec17d 100644 --- a/sast-js/case/completeness/single_app_tracing/function_call/chained_call/chained_call_002_T.js +++ b/sast-js/case/completeness/single_app_tracing/function_call/chained_call/chained_call_002_T.js @@ -1,7 +1,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->链式调用 -// scene introduction = +// scene introduction = 类方法链式调用 // level = 2 // bind_url = completeness/single_app_tracing/function_call/chained_call/chained_call_002_T // evaluation information end diff --git a/sast-js/case/completeness/single_app_tracing/function_call/chained_call/config.json b/sast-js/case/completeness/single_app_tracing/function_call/chained_call/config.json index 32c639c4..f6590148 100644 --- a/sast-js/case/completeness/single_app_tracing/function_call/chained_call/config.json +++ b/sast-js/case/completeness/single_app_tracing/function_call/chained_call/config.json @@ -8,7 +8,7 @@ "scene_list": [ { "compose": "!chained_call_001_F.js && chained_call_002_T.js", - "scene": "1" + "scene": "类方法链式调用" } ] } diff --git a/sast-js/case/completeness/single_app_tracing/function_call/decorator_function/function_decorator_003_F.js b/sast-js/case/completeness/single_app_tracing/function_call/decorator_function/function_decorator_003_F.js index a79087f6..ed8c3b7d 100644 --- a/sast-js/case/completeness/single_app_tracing/function_call/decorator_function/function_decorator_003_F.js +++ b/sast-js/case/completeness/single_app_tracing/function_call/decorator_function/function_decorator_003_F.js @@ -1,7 +1,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->装饰器函数 -// scene introduction = 函数装饰器 +// scene introduction = 函数装饰器2 // level = 2 // bind_url = completeness/single_app_tracing/function_call/decorator_function/function_decorator_003_F // evaluation information end diff --git a/sast-js/case/completeness/single_app_tracing/function_call/decorator_function/function_decorator_004_T.js b/sast-js/case/completeness/single_app_tracing/function_call/decorator_function/function_decorator_004_T.js index 7511ef68..df7a3008 100644 --- a/sast-js/case/completeness/single_app_tracing/function_call/decorator_function/function_decorator_004_T.js +++ b/sast-js/case/completeness/single_app_tracing/function_call/decorator_function/function_decorator_004_T.js @@ -1,7 +1,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->装饰器函数 -// scene introduction = 函数装饰器 +// scene introduction = 函数装饰器2 // level = 2 // bind_url = completeness/single_app_tracing/function_call/decorator_function/function_decorator_004_T // evaluation information end diff --git a/sast-js/case/completeness/single_app_tracing/function_call/override/constructor_extends_003_T.js b/sast-js/case/completeness/single_app_tracing/function_call/override/constructor_extends_003_T.js index 7d12a054..bc03d4e7 100644 --- a/sast-js/case/completeness/single_app_tracing/function_call/override/constructor_extends_003_T.js +++ b/sast-js/case/completeness/single_app_tracing/function_call/override/constructor_extends_003_T.js @@ -1,7 +1,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->方法重写 -// scene introduction = 构造函数 +// scene introduction = 构造函数2 // level = 2 // bind_url = completeness/single_app_tracing/function_call/override/constructor_extends_003_T // evaluation information end diff --git a/sast-js/case/completeness/single_app_tracing/function_call/override/constructor_extends_004_F.js b/sast-js/case/completeness/single_app_tracing/function_call/override/constructor_extends_004_F.js index 741c5b7f..070f9f7f 100644 --- a/sast-js/case/completeness/single_app_tracing/function_call/override/constructor_extends_004_F.js +++ b/sast-js/case/completeness/single_app_tracing/function_call/override/constructor_extends_004_F.js @@ -1,7 +1,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->方法重写 -// scene introduction = 构造函数 +// scene introduction = 构造函数2 // level = 2 // bind_url = completeness/single_app_tracing/function_call/override/constructor_extends_004_F // evaluation information end diff --git a/sast-js/case/completeness/single_app_tracing/function_call/return_value_passing/config.json b/sast-js/case/completeness/single_app_tracing/function_call/return_value_passing/config.json index 0777566a..f645081c 100644 --- a/sast-js/case/completeness/single_app_tracing/function_call/return_value_passing/config.json +++ b/sast-js/case/completeness/single_app_tracing/function_call/return_value_passing/config.json @@ -17,12 +17,7 @@ { "compose": "!return_destruct_001_F.js && return_destruct_002_T.js", "scene": "解构返回" - } - ] - }, - { - "level": "2+", - "scene_list": [ + }, { "compose": "!return_array_method_001_F.js && return_array_method_002_T.js", "scene": "数组返回" diff --git a/sast-js/case/completeness/single_app_tracing/function_call/tagged_template_literals/config.json b/sast-js/case/completeness/single_app_tracing/function_call/tagged_template_literals/config.json index 70738abe..53247dfa 100644 --- a/sast-js/case/completeness/single_app_tracing/function_call/tagged_template_literals/config.json +++ b/sast-js/case/completeness/single_app_tracing/function_call/tagged_template_literals/config.json @@ -8,7 +8,7 @@ "scene_list": [ { "compose": "!tagged_template_literal_001_F.js && tagged_template_literal_002_T.js", - "scene": "1" + "scene": "标签函数" } ] } diff --git a/sast-js/case/completeness/single_app_tracing/function_call/tagged_template_literals/tagged_template_literal_001_F.js b/sast-js/case/completeness/single_app_tracing/function_call/tagged_template_literals/tagged_template_literal_001_F.js index 06f65c0d..0d8a6324 100644 --- a/sast-js/case/completeness/single_app_tracing/function_call/tagged_template_literals/tagged_template_literal_001_F.js +++ b/sast-js/case/completeness/single_app_tracing/function_call/tagged_template_literals/tagged_template_literal_001_F.js @@ -1,7 +1,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->标签函数 -// scene introduction = +// scene introduction = 标签函数 // level = 4 // bind_url = completeness/single_app_tracing/function_call/tagged_template_literals/tagged_template_literal_001_F // evaluation information end diff --git a/sast-js/case/completeness/single_app_tracing/function_call/tagged_template_literals/tagged_template_literal_002_T.js b/sast-js/case/completeness/single_app_tracing/function_call/tagged_template_literals/tagged_template_literal_002_T.js index cec1ae05..52d346ba 100644 --- a/sast-js/case/completeness/single_app_tracing/function_call/tagged_template_literals/tagged_template_literal_002_T.js +++ b/sast-js/case/completeness/single_app_tracing/function_call/tagged_template_literals/tagged_template_literal_002_T.js @@ -1,7 +1,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->标签函数 -// scene introduction = +// scene introduction = 标签函数 // level = 4 // bind_url = completeness/single_app_tracing/function_call/tagged_template_literals/tagged_template_literal_002_T // evaluation information end diff --git a/sast-js/case/completeness/single_app_tracing/interface_class/anonymous_object/anonymous_object_001_T.js b/sast-js/case/completeness/single_app_tracing/interface_class/anonymous_object/anonymous_object_001_T.js index 498bd77c..e503d61c 100644 --- a/sast-js/case/completeness/single_app_tracing/interface_class/anonymous_object/anonymous_object_001_T.js +++ b/sast-js/case/completeness/single_app_tracing/interface_class/anonymous_object/anonymous_object_001_T.js @@ -1,7 +1,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->接口与类->匿名对象 -// scene introduction = 构造函数 +// scene introduction = 对象字面量 // level = 2 // bind_url = completeness/single_app_tracing/interface_class/anonymous_object/anonymous_object_001_T // date = 2025-12-17 09:15:43 diff --git a/sast-js/case/completeness/single_app_tracing/interface_class/anonymous_object/anonymous_object_002_F.js b/sast-js/case/completeness/single_app_tracing/interface_class/anonymous_object/anonymous_object_002_F.js index 353a60b5..b3c865f4 100644 --- a/sast-js/case/completeness/single_app_tracing/interface_class/anonymous_object/anonymous_object_002_F.js +++ b/sast-js/case/completeness/single_app_tracing/interface_class/anonymous_object/anonymous_object_002_F.js @@ -1,7 +1,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->接口与类->匿名对象 -// scene introduction = 构造函数 +// scene introduction = 对象字面量 // level = 2 // bind_url = completeness/single_app_tracing/interface_class/anonymous_object/anonymous_object_002_F // date = 2025-12-17 09:15:43 diff --git a/sast-js/case/completeness/single_app_tracing/interface_class/anonymous_object/anonymous_object_003_T.js b/sast-js/case/completeness/single_app_tracing/interface_class/anonymous_object/anonymous_object_003_T.js index 5c7da3b3..0f56ddf8 100644 --- a/sast-js/case/completeness/single_app_tracing/interface_class/anonymous_object/anonymous_object_003_T.js +++ b/sast-js/case/completeness/single_app_tracing/interface_class/anonymous_object/anonymous_object_003_T.js @@ -1,7 +1,7 @@ // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->接口与类->匿名对象 -// scene introduction = 对象字面量 +// scene introduction = 构造函数 // level = 2 // bind_url = completeness/single_app_tracing/interface_class/anonymous_object/anonymous_object_003_T // date = 2025-12-17 09:15:43 diff --git a/sast-js/case/completeness/single_app_tracing/interface_class/anonymous_object/anonymous_object_004_F.js b/sast-js/case/completeness/single_app_tracing/interface_class/anonymous_object/anonymous_object_004_F.js index abce8402..e4fece16 100644 --- a/sast-js/case/completeness/single_app_tracing/interface_class/anonymous_object/anonymous_object_004_F.js +++ b/sast-js/case/completeness/single_app_tracing/interface_class/anonymous_object/anonymous_object_004_F.js @@ -1,7 +1,7 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->接口与类->匿名对象 -// scene introduction = 对象字面量 +// scene introduction = 构造函数 // level = 2 // bind_url = completeness/single_app_tracing/interface_class/anonymous_object/anonymous_object_004_F // date = 2025-12-17 09:15:43 diff --git a/sast-python2/case/accuracy/context_sensitive/multi_invoke/config.json b/sast-python2/case/accuracy/context_sensitive/multi_invoke/config.json index 35710375..f3ca8ee7 100644 --- a/sast-python2/case/accuracy/context_sensitive/multi_invoke/config.json +++ b/sast-python2/case/accuracy/context_sensitive/multi_invoke/config.json @@ -13,10 +13,14 @@ { "compose": "multi_invoke_003_T.py && !multi_invoke_004_F.py", "scene": "嵌套函数调用" + }, + { + "compose": "multi_invoke_005_T.py && !multi_invoke_006_F.py", + "scene": "类方法调用" } ] } ] } ] -} \ No newline at end of file +} diff --git a/sast-python2/case/accuracy/context_sensitive/multi_invoke/multi_invoke_001_T.py b/sast-python2/case/accuracy/context_sensitive/multi_invoke/multi_invoke_001_T.py index 7af8eb4d..cef6d472 100644 --- a/sast-python2/case/accuracy/context_sensitive/multi_invoke/multi_invoke_001_T.py +++ b/sast-python2/case/accuracy/context_sensitive/multi_invoke/multi_invoke_001_T.py @@ -1,26 +1,26 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 准确度->上下文敏感分析->多次调用 -# scene introduction = 两次调用传入不同参数 -# level = 2 -# bind_url = accuracy/context_sensitive/multi_invoke/multi_invoke_001_T -# evaluation information end -import os - -def multi_invoke_001_T(taint_src): - def process(arg): - return arg - - a = process(taint_src) - b = process(u'_') - taint_sink(a) - -def taint_sink(o): - os.system(o) - -# 示例调用 -if __name__ == u"__main__": - taint_src = u"taint_src_value" - multi_invoke_001_T(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->上下文敏感分析->多次调用 +# scene introduction = 两次调用传入不同参数 +# level = 2 +# bind_url = accuracy/context_sensitive/multi_invoke/multi_invoke_001_T +# evaluation information end +import os + +def multi_invoke_001_T(taint_src): + def process(arg): + return arg + + a = process(taint_src) + b = process(u'_') + taint_sink(a) + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == u"__main__": + taint_src = u"taint_src_value" + multi_invoke_001_T(taint_src) + diff --git a/sast-python2/case/accuracy/context_sensitive/multi_invoke/multi_invoke_005_T.py b/sast-python2/case/accuracy/context_sensitive/multi_invoke/multi_invoke_005_T.py new file mode 100644 index 00000000..cada8632 --- /dev/null +++ b/sast-python2/case/accuracy/context_sensitive/multi_invoke/multi_invoke_005_T.py @@ -0,0 +1,29 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->上下文敏感分析->多次调用 +# scene introduction = 类方法调用 +# level = 2 +# bind_url = accuracy/context_sensitive/multi_invoke/multi_invoke_005_T +# date = 2026-01-07 06:02:28 +# evaluation information end +import os +import threading +import time + +def multi_invoke_005_T(taint_src): + class Base(object): + def setValue(self, data): + self.data = data + return self + + base = Base() + base.setValue("safe_value").setValue(taint_src) + taint_sink(base.data) + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + multi_invoke_005_T(taint_src) \ No newline at end of file diff --git a/sast-python2/case/accuracy/context_sensitive/multi_invoke/multi_invoke_006_F.py b/sast-python2/case/accuracy/context_sensitive/multi_invoke/multi_invoke_006_F.py new file mode 100644 index 00000000..38f0456c --- /dev/null +++ b/sast-python2/case/accuracy/context_sensitive/multi_invoke/multi_invoke_006_F.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->上下文敏感分析->多次调用 +# scene introduction = 类方法调用 +# level = 2 +# bind_url = accuracy/context_sensitive/multi_invoke/multi_invoke_006_F +# date = 2026-01-07 06:02:28 +# evaluation information end +import os +import threading +import time + +def multi_invoke_006_F(taint_src): + class Base(object): + def setValue(self, data): + self.data = data + return self + + base = Base() + base.setValue(taint_src).setValue("safe_value") + # 场景特点:安全值到达sink,污染源未传递 + taint_sink(base.data) + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + multi_invoke_006_F(taint_src) \ No newline at end of file diff --git a/sast-python2/case/accuracy/field_sensitive/class/field_len_001_T.py b/sast-python2/case/accuracy/field_sensitive/class/field_len_001_T.py index 6d59f185..b5d99eb2 100644 --- a/sast-python2/case/accuracy/field_sensitive/class/field_len_001_T.py +++ b/sast-python2/case/accuracy/field_sensitive/class/field_len_001_T.py @@ -1,38 +1,38 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象的不同字段 -# scene introduction = 路径长度 -# level = 3 -# bind_url = accuracy/field_sensitive/class/field_len_001_T -# evaluation information end -import os - -def field_len_001_T(taint_src): - class A(object): - def __init__(self, taint_src): - self.b = B(taint_src) # 将参数传递给下一层类 - - class B(object): - def __init__(self, taint_src): - self.c = C(taint_src) # 继续传递参数到 C - - class C(object): - def __init__(self, taint_src): - self.data = taint_src # 使用参数赋值给 data - self.sani = u'_' - - # 创建实例时传入 taint_src - a = A(taint_src) - taint_sink(a.b.c.data) # 通过路径访问 data 属性 - - -def taint_sink(o): - os.system(o) - - -# 示例调用 -if __name__ == u"__main__": - taint_src = u"taint_src_value" - field_len_001_T(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象的不同字段 +# scene introduction = 路径长度1 +# level = 3 +# bind_url = accuracy/field_sensitive/class/field_len_001_T +# evaluation information end +import os + +def field_len_001_T(taint_src): + class A(object): + def __init__(self, taint_src): + self.b = B(taint_src) # 将参数传递给下一层类 + + class B(object): + def __init__(self, taint_src): + self.c = C(taint_src) # 继续传递参数到 C + + class C(object): + def __init__(self, taint_src): + self.data = taint_src # 使用参数赋值给 data + self.sani = u'_' + + # 创建实例时传入 taint_src + a = A(taint_src) + taint_sink(a.b.c.data) # 通过路径访问 data 属性 + + +def taint_sink(o): + os.system(o) + + +# 示例调用 +if __name__ == u"__main__": + taint_src = u"taint_src_value" + field_len_001_T(taint_src) + diff --git a/sast-python2/case/accuracy/field_sensitive/class/field_len_002_F.py b/sast-python2/case/accuracy/field_sensitive/class/field_len_002_F.py index 6a5710e1..6189c60d 100644 --- a/sast-python2/case/accuracy/field_sensitive/class/field_len_002_F.py +++ b/sast-python2/case/accuracy/field_sensitive/class/field_len_002_F.py @@ -1,38 +1,38 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象的不同字段 -# scene introduction = 路径长度 -# level = 3 -# bind_url = accuracy/field_sensitive/class/field_len_002_F -# evaluation information end -import os - -def field_len_002_F(taint_src): - class A(object): - def __init__(self, taint_src): - self.b = B(taint_src) # 将参数传递给下一层类 - - class B(object): - def __init__(self, taint_src): - self.c = C(taint_src) # 继续传递参数到 C - - class C(object): - def __init__(self, taint_src): - self.data = taint_src # 使用参数赋值给 data - self.sani = u'_' # 固定值 '_' - - # 创建实例时传入 taint_src - a = A(taint_src) - taint_sink(a.b.c.sani) # 传递固定值 '_' 给 sink - - -def taint_sink(o): - os.system(o) - - -# 示例调用 -if __name__ == u"__main__": - taint_src = u"taint_src_value" - field_len_002_F(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象的不同字段 +# scene introduction = 路径长度1 +# level = 3 +# bind_url = accuracy/field_sensitive/class/field_len_002_F +# evaluation information end +import os + +def field_len_002_F(taint_src): + class A(object): + def __init__(self, taint_src): + self.b = B(taint_src) # 将参数传递给下一层类 + + class B(object): + def __init__(self, taint_src): + self.c = C(taint_src) # 继续传递参数到 C + + class C(object): + def __init__(self, taint_src): + self.data = taint_src # 使用参数赋值给 data + self.sani = u'_' # 固定值 '_' + + # 创建实例时传入 taint_src + a = A(taint_src) + taint_sink(a.b.c.sani) # 传递固定值 '_' 给 sink + + +def taint_sink(o): + os.system(o) + + +# 示例调用 +if __name__ == u"__main__": + taint_src = u"taint_src_value" + field_len_002_F(taint_src) + diff --git a/sast-python2/case/accuracy/field_sensitive/class/field_len_003_T.py b/sast-python2/case/accuracy/field_sensitive/class/field_len_003_T.py index 09c43c6f..20298cc4 100644 --- a/sast-python2/case/accuracy/field_sensitive/class/field_len_003_T.py +++ b/sast-python2/case/accuracy/field_sensitive/class/field_len_003_T.py @@ -1,51 +1,51 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象的不同字段 -# scene introduction = 路径长度 -# level = 3 -# bind_url = accuracy/field_sensitive/class/field_len_003_T -# evaluation information end -import os - -def field_len_003_T(taint_src): - class A(object): - def __init__(self, taint_src): - self.b = B(taint_src) # 传递参数到 B - - class B(object): - def __init__(self, taint_src): - self.c = C(taint_src) # 传递参数到 C - - class C(object): - def __init__(self, taint_src): - self.d = D(taint_src) # 传递参数到 D - - class D(object): - def __init__(self, taint_src): - self.e = E(taint_src) # 传递参数到 E - - class E(object): - def __init__(self, taint_src): - self.f = F(taint_src) # 传递参数到 F - - class F(object): - def __init__(self, taint_src): - self.data = taint_src # 污染数据 - self.sani = u'_' # 固定值 '_' - - # 创建实例链 - a = A(taint_src) - s = a.b.c # 中间变量 - s1 = s.d.e.f.data # 完整路径访问 a.b.c.d.e.f.data - taint_sink(s1) # 传递污染数据 - - -def taint_sink(o): - os.system(o) - -# 示例调用 -if __name__ == u"__main__": - taint_src = u"taint_src_value" - field_len_003_T(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象的不同字段 +# scene introduction = 路径长度2 +# level = 3 +# bind_url = accuracy/field_sensitive/class/field_len_003_T +# evaluation information end +import os + +def field_len_003_T(taint_src): + class A(object): + def __init__(self, taint_src): + self.b = B(taint_src) # 传递参数到 B + + class B(object): + def __init__(self, taint_src): + self.c = C(taint_src) # 传递参数到 C + + class C(object): + def __init__(self, taint_src): + self.d = D(taint_src) # 传递参数到 D + + class D(object): + def __init__(self, taint_src): + self.e = E(taint_src) # 传递参数到 E + + class E(object): + def __init__(self, taint_src): + self.f = F(taint_src) # 传递参数到 F + + class F(object): + def __init__(self, taint_src): + self.data = taint_src # 污染数据 + self.sani = u'_' # 固定值 '_' + + # 创建实例链 + a = A(taint_src) + s = a.b.c # 中间变量 + s1 = s.d.e.f.data # 完整路径访问 a.b.c.d.e.f.data + taint_sink(s1) # 传递污染数据 + + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == u"__main__": + taint_src = u"taint_src_value" + field_len_003_T(taint_src) + diff --git a/sast-python2/case/accuracy/field_sensitive/class/field_len_004_F.py b/sast-python2/case/accuracy/field_sensitive/class/field_len_004_F.py index 8411b919..5be858fb 100644 --- a/sast-python2/case/accuracy/field_sensitive/class/field_len_004_F.py +++ b/sast-python2/case/accuracy/field_sensitive/class/field_len_004_F.py @@ -1,52 +1,52 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象的不同字段 -# scene introduction = 路径长度 -# level = 3 -# bind_url = accuracy/field_sensitive/class/field_len_004_F -# evaluation information end -import os - -def field_len_004_F(taint_src): - class A(object): - def __init__(self, taint_src): - self.b = B(taint_src) # 传递参数到 B - - class B(object): - def __init__(self, taint_src): - self.c = C(taint_src) # 传递参数到 C - - class C(object): - def __init__(self, taint_src): - self.d = D(taint_src) # 传递参数到 D - - class D(object): - def __init__(self, taint_src): - self.e = E(taint_src) # 传递参数到 E - - class E(object): - def __init__(self, taint_src): - self.f = F(taint_src) # 传递参数到 F - - class F(object): - def __init__(self, taint_src): - self.data = taint_src # 污染数据 - self.sani = u'_' # 固定值 '_' - - # 创建实例链 - a = A(taint_src) - s = a.b.c # 中间变量 - s1 = s.d.e.f.sani # 完整路径访问 a.b.c.d.e.f.sani - taint_sink(s1) # 传递固定值 '_' 给 sink - - -def taint_sink(o): - os.system(o) - - -# 示例调用 -if __name__ == u"__main__": - taint_src = u"taint_src_value" - field_len_004_F(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象的不同字段 +# scene introduction = 路径长度2 +# level = 3 +# bind_url = accuracy/field_sensitive/class/field_len_004_F +# evaluation information end +import os + +def field_len_004_F(taint_src): + class A(object): + def __init__(self, taint_src): + self.b = B(taint_src) # 传递参数到 B + + class B(object): + def __init__(self, taint_src): + self.c = C(taint_src) # 传递参数到 C + + class C(object): + def __init__(self, taint_src): + self.d = D(taint_src) # 传递参数到 D + + class D(object): + def __init__(self, taint_src): + self.e = E(taint_src) # 传递参数到 E + + class E(object): + def __init__(self, taint_src): + self.f = F(taint_src) # 传递参数到 F + + class F(object): + def __init__(self, taint_src): + self.data = taint_src # 污染数据 + self.sani = u'_' # 固定值 '_' + + # 创建实例链 + a = A(taint_src) + s = a.b.c # 中间变量 + s1 = s.d.e.f.sani # 完整路径访问 a.b.c.d.e.f.sani + taint_sink(s1) # 传递固定值 '_' 给 sink + + +def taint_sink(o): + os.system(o) + + +# 示例调用 +if __name__ == u"__main__": + taint_src = u"taint_src_value" + field_len_004_F(taint_src) + diff --git a/sast-python2/case/accuracy/field_sensitive/class/field_len_005_T.py b/sast-python2/case/accuracy/field_sensitive/class/field_len_005_T.py index 3b23aa6c..49c4c919 100644 --- a/sast-python2/case/accuracy/field_sensitive/class/field_len_005_T.py +++ b/sast-python2/case/accuracy/field_sensitive/class/field_len_005_T.py @@ -1,75 +1,75 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象的不同字段 -# scene introduction = 路径长度 -# level = 3 -# bind_url = accuracy/field_sensitive/class/field_len_005_T -# evaluation information end -import os - -def field_len_005_T(taint_src): - class A(object): - def __init__(self, taint_src): - self.b = B(taint_src) # 传递参数到 B - - class B(object): - def __init__(self, taint_src): - self.c = C(taint_src) # 传递参数到 C - - class C(object): - def __init__(self, taint_src): - self.d = D(taint_src) # 传递参数到 D - - class D(object): - def __init__(self, taint_src): - self.e = E(taint_src) # 传递参数到 E - - class E(object): - def __init__(self, taint_src): - self.f = F(taint_src) # 传递参数到 F - - class F(object): - def __init__(self, taint_src): - self.g = G(taint_src) # 传递参数到 G - - class G(object): - def __init__(self, taint_src): - self.h = H(taint_src) # 传递参数到 H - - class H(object): - def __init__(self, taint_src): - self.i = I(taint_src) # 传递参数到 I - - class I(object): - def __init__(self, taint_src): - self.j = J(taint_src) # 传递参数到 J - - class J(object): - def __init__(self, taint_src): - self.k = K(taint_src) # 传递参数到 K - - class K(object): - def __init__(self, taint_src): - self.l = L(taint_src) # 传递参数到 L - - class L(object): - def __init__(self, taint_src): - self.data = taint_src # 污染数据 - self.sani = u'_' # 固定值 '_' - - # 创建实例链 - a = A(taint_src) - taint_sink(a.b.c.d.e.f.g.h.i.j.k.l.data) # 完整路径访问 a.b.c.d.e.f.g.h.i.j.k.l.data - - - -def taint_sink(o): - os.system(o) - - -# 示例调用 -if __name__ == u"__main__": - taint_src = u"taint_src_value" - field_len_005_T(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象的不同字段 +# scene introduction = 路径长度3 +# level = 3 +# bind_url = accuracy/field_sensitive/class/field_len_005_T +# evaluation information end +import os + +def field_len_005_T(taint_src): + class A(object): + def __init__(self, taint_src): + self.b = B(taint_src) # 传递参数到 B + + class B(object): + def __init__(self, taint_src): + self.c = C(taint_src) # 传递参数到 C + + class C(object): + def __init__(self, taint_src): + self.d = D(taint_src) # 传递参数到 D + + class D(object): + def __init__(self, taint_src): + self.e = E(taint_src) # 传递参数到 E + + class E(object): + def __init__(self, taint_src): + self.f = F(taint_src) # 传递参数到 F + + class F(object): + def __init__(self, taint_src): + self.g = G(taint_src) # 传递参数到 G + + class G(object): + def __init__(self, taint_src): + self.h = H(taint_src) # 传递参数到 H + + class H(object): + def __init__(self, taint_src): + self.i = I(taint_src) # 传递参数到 I + + class I(object): + def __init__(self, taint_src): + self.j = J(taint_src) # 传递参数到 J + + class J(object): + def __init__(self, taint_src): + self.k = K(taint_src) # 传递参数到 K + + class K(object): + def __init__(self, taint_src): + self.l = L(taint_src) # 传递参数到 L + + class L(object): + def __init__(self, taint_src): + self.data = taint_src # 污染数据 + self.sani = u'_' # 固定值 '_' + + # 创建实例链 + a = A(taint_src) + taint_sink(a.b.c.d.e.f.g.h.i.j.k.l.data) # 完整路径访问 a.b.c.d.e.f.g.h.i.j.k.l.data + + + +def taint_sink(o): + os.system(o) + + +# 示例调用 +if __name__ == u"__main__": + taint_src = u"taint_src_value" + field_len_005_T(taint_src) + diff --git a/sast-python2/case/accuracy/field_sensitive/class/field_len_006_F.py b/sast-python2/case/accuracy/field_sensitive/class/field_len_006_F.py index 1b3b2c3b..fa4b31b5 100644 --- a/sast-python2/case/accuracy/field_sensitive/class/field_len_006_F.py +++ b/sast-python2/case/accuracy/field_sensitive/class/field_len_006_F.py @@ -1,73 +1,73 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象的不同字段 -# scene introduction = 路径长度 -# level = 3 -# bind_url = accuracy/field_sensitive/class/field_len_006_T -# evaluation information end -import os - -def field_len_006_T(taint_src): - class A(object): - def __init__(self, taint_src): - self.b = B(taint_src) # 传递参数到 B - - class B(object): - def __init__(self, taint_src): - self.c = C(taint_src) # 传递参数到 C - - class C(object): - def __init__(self, taint_src): - self.d = D(taint_src) # 传递参数到 D - - class D(object): - def __init__(self, taint_src): - self.e = E(taint_src) # 传递参数到 E - - class E(object): - def __init__(self, taint_src): - self.f = F(taint_src) # 传递参数到 F - - class F(object): - def __init__(self, taint_src): - self.g = G(taint_src) # 传递参数到 G - - class G(object): - def __init__(self, taint_src): - self.h = H(taint_src) # 传递参数到 H - - class H(object): - def __init__(self, taint_src): - self.i = I(taint_src) # 传递参数到 I - - class I(object): - def __init__(self, taint_src): - self.j = J(taint_src) # 传递参数到 J - - class J(object): - def __init__(self, taint_src): - self.k = K(taint_src) # 传递参数到 K - - class K(object): - def __init__(self, taint_src): - self.l = L(taint_src) # 传递参数到 L - - class L(object): - def __init__(self, taint_src): - self.data = taint_src # 污染数据 - self.sani = u'_' # 固定值 '_' - - # 创建实例链 - a = A(taint_src) - taint_sink(a.b.c.d.e.f.g.h.i.j.k.l.sani) # 完整路径访问 a.b.c.d.e.f.g.h.i.j.k.l.sani - - -def taint_sink(o): - os.system(o) - -# 示例调用 -if __name__ == u"__main__": - taint_src = u"taint_src_value" - field_len_006_T(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象的不同字段 +# scene introduction = 路径长度3 +# level = 3 +# bind_url = accuracy/field_sensitive/class/field_len_006_F +# evaluation information end +import os + +def field_len_006_F(taint_src): + class A(object): + def __init__(self, taint_src): + self.b = B(taint_src) # 传递参数到 B + + class B(object): + def __init__(self, taint_src): + self.c = C(taint_src) # 传递参数到 C + + class C(object): + def __init__(self, taint_src): + self.d = D(taint_src) # 传递参数到 D + + class D(object): + def __init__(self, taint_src): + self.e = E(taint_src) # 传递参数到 E + + class E(object): + def __init__(self, taint_src): + self.f = F(taint_src) # 传递参数到 F + + class F(object): + def __init__(self, taint_src): + self.g = G(taint_src) # 传递参数到 G + + class G(object): + def __init__(self, taint_src): + self.h = H(taint_src) # 传递参数到 H + + class H(object): + def __init__(self, taint_src): + self.i = I(taint_src) # 传递参数到 I + + class I(object): + def __init__(self, taint_src): + self.j = J(taint_src) # 传递参数到 J + + class J(object): + def __init__(self, taint_src): + self.k = K(taint_src) # 传递参数到 K + + class K(object): + def __init__(self, taint_src): + self.l = L(taint_src) # 传递参数到 L + + class L(object): + def __init__(self, taint_src): + self.data = taint_src # 污染数据 + self.sani = u'_' # 固定值 '_' + + # 创建实例链 + a = A(taint_src) + taint_sink(a.b.c.d.e.f.g.h.i.j.k.l.sani) # 完整路径访问 a.b.c.d.e.f.g.h.i.j.k.l.sani + + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == u"__main__": + taint_src = u"taint_src_value" + field_len_006_F(taint_src) + diff --git a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_001_T.py b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_001_T.py index cbbec944..851a4145 100644 --- a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_001_T.py +++ b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_001_T.py @@ -1,24 +1,24 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) -# scene introduction = 列表->列表索引 -# level = 3 -# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_001_T -# evaluation information end -import os - -def list_no_solver_001_T(taint_src): - s = [taint_src, u"b", u"c"] - taint_sink(s[0]) - - -def taint_sink(o): - os.system(o) - - -# 示例调用 -if __name__ == u"__main__": - taint_src = u"taint_src_value" - list_no_solver_001_T(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) +# scene introduction = 列表->列表索引1 +# level = 3 +# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_001_T +# evaluation information end +import os + +def list_no_solver_001_T(taint_src): + s = [taint_src, u"b", u"c"] + taint_sink(s[0]) + + +def taint_sink(o): + os.system(o) + + +# 示例调用 +if __name__ == u"__main__": + taint_src = u"taint_src_value" + list_no_solver_001_T(taint_src) + diff --git a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_002_F.py b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_002_F.py index 8c254e0d..ca975566 100644 --- a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_002_F.py +++ b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_002_F.py @@ -1,23 +1,23 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) -# scene introduction = 列表->列表索引 -# level = 3 -# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_002_F -# evaluation information end -import os - -def list_no_solver_002_F(taint_src): - s = [taint_src, u"b", u"c"] - taint_sink(s[1]) - - -def taint_sink(o): - os.system(o) - -# 示例调用 -if __name__ == u"__main__": - taint_src = u"taint_src_value" - list_no_solver_002_F(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) +# scene introduction = 列表->列表索引1 +# level = 3 +# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_002_F +# evaluation information end +import os + +def list_no_solver_002_F(taint_src): + s = [taint_src, u"b", u"c"] + taint_sink(s[1]) + + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == u"__main__": + taint_src = u"taint_src_value" + list_no_solver_002_F(taint_src) + diff --git a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_003_T.py b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_003_T.py index 2a002b9b..334dcaa5 100644 --- a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_003_T.py +++ b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_003_T.py @@ -1,25 +1,25 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) -# scene introduction = 列表->列表索引 -# level = 3 -# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_003_T -# evaluation information end -import os - - -def list_no_solver_003_T(taint_src): - s = [taint_src, u"b", u"c"] - s[1] = u"_" - taint_sink(s) - - -def taint_sink(o): - os.system(unicode(o)) - -# 示例调用 -if __name__ == u"__main__": - taint_src = u"taint_src_value" - list_no_solver_003_T(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) +# scene introduction = 列表->列表索引2 +# level = 3 +# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_003_T +# evaluation information end +import os + + +def list_no_solver_003_T(taint_src): + s = [taint_src, u"b", u"c"] + s[1] = u"_" + taint_sink(s) + + +def taint_sink(o): + os.system(unicode(o)) + +# 示例调用 +if __name__ == u"__main__": + taint_src = u"taint_src_value" + list_no_solver_003_T(taint_src) + diff --git a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_004_F.py b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_004_F.py index 012cd66c..85f87ea6 100644 --- a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_004_F.py +++ b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_004_F.py @@ -1,26 +1,26 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) -# scene introduction = 列表->列表索引 -# level = 3 -# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_004_F -# evaluation information end -import os - - -def list_no_solver_004_F(taint_src): - s = [taint_src, u"b", u"c"] - s[0] = u"_" - taint_sink(s) - - -def taint_sink(o): - os.system(unicode(o)) - - -# 示例调用 -if __name__ == u"__main__": - taint_src = u"taint_src_value" - list_no_solver_004_F(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) +# scene introduction = 列表->列表索引2 +# level = 3 +# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_004_F +# evaluation information end +import os + + +def list_no_solver_004_F(taint_src): + s = [taint_src, u"b", u"c"] + s[0] = u"_" + taint_sink(s) + + +def taint_sink(o): + os.system(unicode(o)) + + +# 示例调用 +if __name__ == u"__main__": + taint_src = u"taint_src_value" + list_no_solver_004_F(taint_src) + diff --git a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/map_field_sensitive_005_F.py b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/map_field_sensitive_005_F.py index c20363d6..b7a74948 100644 --- a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/map_field_sensitive_005_F.py +++ b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/map_field_sensitive_005_F.py @@ -1,29 +1,29 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) -# scene introduction = 映射->域敏感->delete函数 -# level = 3 -# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/map_field_sensitive_005_F -# evaluation information end -import os - - -def map_field_sensitive_005_F(taint_src): - my_map = {} - my_map[u'key1'] = taint_src # 污染源绑定到 'key1' - my_map[u'key2'] = u'value' # 初始设置 'key2' 为干净值 - my_map[u'key2'] = taint_src # 覆盖 'key2' 为污染源 - del my_map[u'key1'] # 删除 'key1' 键值对 - taint_sink(my_map.get(u'key1')) # 通过 'key1' 获取值(已删除,返回 None) - - - -def taint_sink(o): - os.system(unicode(o)) - -# 示例调用 -if __name__ == u"__main__": - taint_src = u"taint_src_value" - map_field_sensitive_005_F(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) +# scene introduction = 字典->域敏感->delete函数 +# level = 3 +# bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/map_field_sensitive_005_F +# evaluation information end +import os + + +def map_field_sensitive_005_F(taint_src): + my_map = {} + my_map[u'key1'] = taint_src # 污染源绑定到 'key1' + my_map[u'key2'] = u'value' # 初始设置 'key2' 为干净值 + my_map[u'key2'] = taint_src # 覆盖 'key2' 为污染源 + del my_map[u'key1'] # 删除 'key1' 键值对 + taint_sink(my_map.get(u'key1')) # 通过 'key1' 获取值(已删除,返回 None) + + + +def taint_sink(o): + os.system(unicode(o)) + +# 示例调用 +if __name__ == u"__main__": + taint_src = u"taint_src_value" + map_field_sensitive_005_F(taint_src) + diff --git a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/map_field_sensitive_008_T.py b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/map_field_sensitive_008_T.py index 4f62be97..d00efcaf 100644 --- a/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/map_field_sensitive_008_T.py +++ b/sast-python2/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/map_field_sensitive_008_T.py @@ -9,7 +9,7 @@ import os -def map_object_sensitive_008_T(taint_src): +def map_field_sensitive_008_T(taint_src): my_map = {} my_map[taint_src] = u'value1' # 污染源作为键,值为干净的 'value1' my_map[u'key2'] = u'value2' # 设置另一个键值对(非污染键) @@ -22,5 +22,5 @@ def taint_sink(o): # 示例调用 if __name__ == u"__main__": taint_src = u"taint_src_value" - map_object_sensitive_008_T(taint_src) + map_field_sensitive_008_T(taint_src) diff --git a/sast-python2/case/accuracy/flow_sensitive/asynchronous/asynchronous_001_T.py b/sast-python2/case/accuracy/flow_sensitive/asynchronous/asynchronous_001_T.py new file mode 100644 index 00000000..9eac5f53 --- /dev/null +++ b/sast-python2/case/accuracy/flow_sensitive/asynchronous/asynchronous_001_T.py @@ -0,0 +1,32 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->流敏感分析->异步执行 +# scene introduction = asynchronous +# level = 4 +# bind_url = accuracy/flow_sensitive/asynchronous/asynchronous_001_T +# date = 2026-01-07 06:02:28 +# evaluation information end +import os +import threading +import time + +def asynchronous_001_T(taint_src): + result = taint_src + + def worker(): + global result + time.sleep(0.1) + result = "safe_value" + + thread = threading.Thread(target=worker) + thread.start() + + taint_sink(result) + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + asynchronous_001_T(taint_src) \ No newline at end of file diff --git a/sast-python2/case/accuracy/flow_sensitive/asynchronous/asynchronous_002_F.py b/sast-python2/case/accuracy/flow_sensitive/asynchronous/asynchronous_002_F.py new file mode 100644 index 00000000..17b5a213 --- /dev/null +++ b/sast-python2/case/accuracy/flow_sensitive/asynchronous/asynchronous_002_F.py @@ -0,0 +1,32 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->流敏感分析->异步执行 +# scene introduction = asynchronous +# level = 4 +# bind_url = accuracy/flow_sensitive/asynchronous/asynchronous_002_F +# date = 2026-01-07 06:02:28 +# evaluation information end +import os +import threading +import time + +def asynchronous_002_F(taint_src): + result = "safe_value" + + def worker(): + global result + time.sleep(0.1) + result = taint_src + + thread = threading.Thread(target=worker) + thread.start() + + taint_sink(result) + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + asynchronous_002_F(taint_src) \ No newline at end of file diff --git a/sast-python2/case/accuracy/flow_sensitive/asynchronous/config.json b/sast-python2/case/accuracy/flow_sensitive/asynchronous/config.json new file mode 100644 index 00000000..bf1a22a2 --- /dev/null +++ b/sast-python2/case/accuracy/flow_sensitive/asynchronous/config.json @@ -0,0 +1,18 @@ +{ + "asynchronous": [ + { + "evaluation_item": "准确度->流敏感分析->异步执行", + "scene_levels": [ + { + "level": "4", + "scene_list": [ + { + "compose": "asynchronous_001_T.py && !asynchronous_002_F.py", + "scene": "asynchronous" + } + ] + } + ] + } + ] +} \ No newline at end of file diff --git a/sast-python2/case/accuracy/flow_sensitive/loop_stmt/config.json b/sast-python2/case/accuracy/flow_sensitive/loop_stmt/config.json index 2b9e5354..bb76766e 100644 --- a/sast-python2/case/accuracy/flow_sensitive/loop_stmt/config.json +++ b/sast-python2/case/accuracy/flow_sensitive/loop_stmt/config.json @@ -13,10 +13,14 @@ { "compose": "for_zip_001_T.py && !for_zip_002_F.py", "scene": "for_zip" + }, + { + "compose": "while_001_T.py && !while_002_F.py", + "scene": "while" } ] } ] } ] -} \ No newline at end of file +} diff --git a/sast-python2/case/accuracy/flow_sensitive/loop_stmt/while_001_T.py b/sast-python2/case/accuracy/flow_sensitive/loop_stmt/while_001_T.py new file mode 100644 index 00000000..b06e8302 --- /dev/null +++ b/sast-python2/case/accuracy/flow_sensitive/loop_stmt/while_001_T.py @@ -0,0 +1,23 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->流敏感分析->循环顺序执行语句 +# scene introduction = while +# level = 2 +# bind_url = accuracy/flow_sensitive/loop_stmt/while_001_T +# date = 2026-01-08 02:38:35 +# evaluation information end +import os + +def while_001_T(taint_src): + i = 3 + while i > 0: + taint_sink(taint_src) + i = i - 1 + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + while_001_T(taint_src) \ No newline at end of file diff --git a/sast-python2/case/accuracy/flow_sensitive/loop_stmt/while_002_F.py b/sast-python2/case/accuracy/flow_sensitive/loop_stmt/while_002_F.py new file mode 100644 index 00000000..32bf1c15 --- /dev/null +++ b/sast-python2/case/accuracy/flow_sensitive/loop_stmt/while_002_F.py @@ -0,0 +1,25 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->流敏感分析->循环顺序执行语句 +# scene introduction = while +# level = 2 +# bind_url = accuracy/flow_sensitive/loop_stmt/while_002_F +# date = 2026-01-08 02:38:35 +# evaluation information end +import os +import time +import threading + +def while_002_F(taint_src): + i = 3 + while i > 0: + taint_sink("safe_value") + i = i - 1 + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + while_002_F(taint_src) \ No newline at end of file diff --git a/sast-python2/case/accuracy/object_sensitive/collection/array_object_sensitive_001_T.py b/sast-python2/case/accuracy/object_sensitive/collection/array_object_sensitive_001_T.py index fc98514f..13e9ea7c 100644 --- a/sast-python2/case/accuracy/object_sensitive/collection/array_object_sensitive_001_T.py +++ b/sast-python2/case/accuracy/object_sensitive/collection/array_object_sensitive_001_T.py @@ -1,26 +1,26 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 准确度->对象敏感与域敏感分析->区分字典/列表/数组的不同元素 -# scene introduction = 数组/集合->数组对象 -# level = 2 -# bind_url = accuracy/object_sensitive/collection/array_object_sensitive_001_T -# evaluation information end - - -import os -import array - -def array_object_sensitive_001_T(taint_src): - char_array = array.array(u'u', taint_src) # 每个字符作为独立元素 - s = array.array(u'u', [u'c', u'b', char_array[0]]) - s2 = array.array(u'u', [u'a', u'b', u'c']) - taint_sink(s) - -def taint_sink(o): - os.system(u''.join(o)) - -if __name__ == u"__main__": - taint_src = u"taint_src_value" - array_object_sensitive_001_T(taint_src) # 输出:_(仅第一个字符) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->对象敏感与域敏感分析->区分字典/列表/数组的不同元素 +# scene introduction = 数组/集合->数组对象1 +# level = 2 +# bind_url = accuracy/object_sensitive/collection/array_object_sensitive_001_T +# evaluation information end + + +import os +import array + +def array_object_sensitive_001_T(taint_src): + char_array = array.array(u'u', taint_src) # 每个字符作为独立元素 + s = array.array(u'u', [u'c', u'b', char_array[0]]) + s2 = array.array(u'u', [u'a', u'b', u'c']) + taint_sink(s) + +def taint_sink(o): + os.system(u''.join(o)) + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + array_object_sensitive_001_T(taint_src) # 输出:_(仅第一个字符) + diff --git a/sast-python2/case/accuracy/object_sensitive/collection/array_object_sensitive_002_F.py b/sast-python2/case/accuracy/object_sensitive/collection/array_object_sensitive_002_F.py index a1f72a24..40d435e0 100644 --- a/sast-python2/case/accuracy/object_sensitive/collection/array_object_sensitive_002_F.py +++ b/sast-python2/case/accuracy/object_sensitive/collection/array_object_sensitive_002_F.py @@ -1,26 +1,26 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 准确度->对象敏感与域敏感分析->区分字典/列表/数组的不同元素 -# scene introduction = 数组/集合->数组对象 -# level = 2 -# bind_url = accuracy/object_sensitive/collection/array_object_sensitive_002_F -# evaluation information end - - -import os -import array - -def array_object_sensitive_002_F(taint_src): - char_array = array.array(u'u', taint_src) # 每个字符作为独立元素 - s = array.array(u'u', [u'c', u'b', char_array[0]]) - s2 = array.array(u'u', [u'a', u'b', u'c']) - taint_sink(s2) - -def taint_sink(o): - os.system(u''.join(o)) - -if __name__ == u"__main__": - taint_src = u"taint_src_value" - array_object_sensitive_002_F(taint_src) # 输出:_(仅第一个字符) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->对象敏感与域敏感分析->区分字典/列表/数组的不同元素 +# scene introduction = 数组/集合->数组对象1 +# level = 2 +# bind_url = accuracy/object_sensitive/collection/array_object_sensitive_002_F +# evaluation information end + + +import os +import array + +def array_object_sensitive_002_F(taint_src): + char_array = array.array(u'u', taint_src) # 每个字符作为独立元素 + s = array.array(u'u', [u'c', u'b', char_array[0]]) + s2 = array.array(u'u', [u'a', u'b', u'c']) + taint_sink(s2) + +def taint_sink(o): + os.system(u''.join(o)) + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + array_object_sensitive_002_F(taint_src) # 输出:_(仅第一个字符) + diff --git a/sast-python2/case/accuracy/object_sensitive/collection/array_object_sensitive_003_T.py b/sast-python2/case/accuracy/object_sensitive/collection/array_object_sensitive_003_T.py index 832a1917..9a3fe84e 100644 --- a/sast-python2/case/accuracy/object_sensitive/collection/array_object_sensitive_003_T.py +++ b/sast-python2/case/accuracy/object_sensitive/collection/array_object_sensitive_003_T.py @@ -1,30 +1,30 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 准确度->对象敏感与域敏感分析->区分字典/列表/数组的不同元素 -# scene introduction = 数组/集合->数组对象 -# level = 2 -# bind_url = accuracy/object_sensitive/collection/array_object_sensitive_003_T -# evaluation information end - - -import os -import array - -def array_object_sensitive_003_T(taint_src): - s = array.array(u'u') - char_array = array.array(u'u', taint_src) # 每个字符作为独立元素 - s.append(char_array[0]) # 使用 append 方法代替 push - - s2 = array.array(u'u') - s2.append(u'a') - - taint_sink(s) - -def taint_sink(o): - os.system(u''.join(o)) - -if __name__ == u"__main__": - taint_src = u"taint_src_value" - array_object_sensitive_003_T(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->对象敏感与域敏感分析->区分字典/列表/数组的不同元素 +# scene introduction = 数组/集合->数组对象2 +# level = 2 +# bind_url = accuracy/object_sensitive/collection/array_object_sensitive_003_T +# evaluation information end + + +import os +import array + +def array_object_sensitive_003_T(taint_src): + s = array.array(u'u') + char_array = array.array(u'u', taint_src) # 每个字符作为独立元素 + s.append(char_array[0]) # 使用 append 方法代替 push + + s2 = array.array(u'u') + s2.append(u'a') + + taint_sink(s) + +def taint_sink(o): + os.system(u''.join(o)) + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + array_object_sensitive_003_T(taint_src) + diff --git a/sast-python2/case/accuracy/object_sensitive/collection/array_object_sensitive_004_F.py b/sast-python2/case/accuracy/object_sensitive/collection/array_object_sensitive_004_F.py index 87044348..aaef123f 100644 --- a/sast-python2/case/accuracy/object_sensitive/collection/array_object_sensitive_004_F.py +++ b/sast-python2/case/accuracy/object_sensitive/collection/array_object_sensitive_004_F.py @@ -1,32 +1,32 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 准确度->对象敏感与域敏感分析->区分字典/列表/数组的不同元素 -# scene introduction = 数组/集合->数组对象 -# level = 2 -# bind_url = accuracy/object_sensitive/collection/array_object_sensitive_004_F -# evaluation information end - - -import os -import array - -def array_object_sensitive_004_F(taint_src): - s = array.array(u'u') - char_array = array.array(u'u', taint_src) # 每个字符作为独立元素 - s.append(char_array[0]) # 使用 append 方法代替 push - - s2 = array.array(u'u') - s2.append(u'a') - - taint_sink(s2) - - -def taint_sink(o): - os.system(u''.join(o)) - - -if __name__ == u"__main__": - taint_src = u"taint_src_value" - array_object_sensitive_004_F(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->对象敏感与域敏感分析->区分字典/列表/数组的不同元素 +# scene introduction = 数组/集合->数组对象2 +# level = 2 +# bind_url = accuracy/object_sensitive/collection/array_object_sensitive_004_F +# evaluation information end + + +import os +import array + +def array_object_sensitive_004_F(taint_src): + s = array.array(u'u') + char_array = array.array(u'u', taint_src) # 每个字符作为独立元素 + s.append(char_array[0]) # 使用 append 方法代替 push + + s2 = array.array(u'u') + s2.append(u'a') + + taint_sink(s2) + + +def taint_sink(o): + os.system(u''.join(o)) + + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + array_object_sensitive_004_F(taint_src) + diff --git a/sast-python2/case/accuracy/object_sensitive/collection/list_object_sensitive_007_T.py b/sast-python2/case/accuracy/object_sensitive/collection/list_object_sensitive_007_T.py index 34089c78..fa26e536 100644 --- a/sast-python2/case/accuracy/object_sensitive/collection/list_object_sensitive_007_T.py +++ b/sast-python2/case/accuracy/object_sensitive/collection/list_object_sensitive_007_T.py @@ -1,26 +1,26 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 准确度->对象敏感与域敏感分析->区分字典/列表/数组的不同元素 -# scene introduction = 列表->del-extend函数 -# level = 2 -# bind_url = accuracy/object_sensitive/collection/list_object_sensitive_007_T -# evaluation information end -import os - -def list_object_sensitive_007_T(taint_src): - s = [u"a", u"b"] - # 扩展污染列表 - s.extend([taint_src, u"d"]) - - taint_sink(s) # 传递污染后的列表 - - -def taint_sink(o): - os.system(unicode(o)) - - -if __name__ == u"__main__": - taint_src = u"taint_src_value" - list_object_sensitive_007_T(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->对象敏感与域敏感分析->区分字典/列表/数组的不同元素 +# scene introduction = 列表->clear-extend函数 +# level = 2 +# bind_url = accuracy/object_sensitive/collection/list_object_sensitive_007_T +# evaluation information end +import os + +def list_object_sensitive_007_T(taint_src): + s = [u"a", u"b"] + # 扩展污染列表 + s.extend([taint_src, u"d"]) + + taint_sink(s) # 传递污染后的列表 + + +def taint_sink(o): + os.system(unicode(o)) + + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + list_object_sensitive_007_T(taint_src) + diff --git a/sast-python2/case/accuracy/object_sensitive/collection/list_object_sensitive_008_F.py b/sast-python2/case/accuracy/object_sensitive/collection/list_object_sensitive_008_F.py index 57a630f1..a6cca8eb 100644 --- a/sast-python2/case/accuracy/object_sensitive/collection/list_object_sensitive_008_F.py +++ b/sast-python2/case/accuracy/object_sensitive/collection/list_object_sensitive_008_F.py @@ -1,28 +1,28 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 准确度->对象敏感与域敏感分析->区分字典/列表/数组的不同元素 -# scene introduction = 列表->del-extend函数 -# level = 2 -# bind_url = accuracy/object_sensitive/collection/list_object_sensitive_008_F -# evaluation information end -import os - - -def list_object_sensitive_008_F(taint_src): - s = [taint_src, u"b"] - # 扩展干净列表 - del s[:] # 使用 Python2 支持的方式清空列表 - s.extend([u"_", u"d"]) - - taint_sink(s) # 传递被覆盖后的列表 - - -def taint_sink(o): - os.system(unicode(o)) - - -if __name__ == u"__main__": - taint_src = u"taint_src_value" - list_object_sensitive_008_F(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->对象敏感与域敏感分析->区分字典/列表/数组的不同元素 +# scene introduction = 列表->clear-extend函数 +# level = 2 +# bind_url = accuracy/object_sensitive/collection/list_object_sensitive_008_F +# evaluation information end +import os + + +def list_object_sensitive_008_F(taint_src): + s = [taint_src, u"b"] + # 扩展干净列表 + del s[:] # 使用 Python2 支持的方式清空列表 + s.extend([u"_", u"d"]) + + taint_sink(s) # 传递被覆盖后的列表 + + +def taint_sink(o): + os.system(unicode(o)) + + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + list_object_sensitive_008_F(taint_src) + diff --git a/sast-python2/case/accuracy/path_sensitive/exception_throw/config.json b/sast-python2/case/accuracy/path_sensitive/exception_throw/config.json index ff17dcbc..b4afd086 100644 --- a/sast-python2/case/accuracy/path_sensitive/exception_throw/config.json +++ b/sast-python2/case/accuracy/path_sensitive/exception_throw/config.json @@ -7,16 +7,24 @@ "level": "3", "scene_list": [ { - "compose": "exception_throw_001_T.py && !exception_throw_002_F.py && exception_throw_003_T.py", - "scene": "1" + "compose": "exception_throw_001_T.py && !exception_throw_002_F.py", + "scene": "try块" }, { - "compose": "exception_throw_004_T.py && !exception_throw_005_F.py", - "scene": "finally块执行路径" + "compose": "exception_throw_003_T.py && !exception_throw_004_F.py", + "scene": "except块" + }, + { + "compose": "exception_throw_005_T.py && !exception_throw_006_F.py", + "scene": "finally块" + }, + { + "compose": "exception_throw_007_T.py && !exception_throw_008_F.py", + "scene": "else块" } ] } ] } ] -} \ No newline at end of file +} diff --git a/sast-python2/case/accuracy/path_sensitive/exception_throw/exception_throw_001_T.py b/sast-python2/case/accuracy/path_sensitive/exception_throw/exception_throw_001_T.py index 2fd34747..1cae7ad7 100644 --- a/sast-python2/case/accuracy/path_sensitive/exception_throw/exception_throw_001_T.py +++ b/sast-python2/case/accuracy/path_sensitive/exception_throw/exception_throw_001_T.py @@ -1,28 +1,28 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 准确度->路径敏感分析->异常抛出和捕获 -# scene introduction = 异常抛出-try块 -# level = 3 -# bind_url = accuracy/path_sensitive/exception_throw/exception_throw_001_T -# evaluation information end -import os - - -def exception_throw_001_T(taint_src): - try: - taint_sink(taint_src) - raise Exception(u"_") - except Exception, e: - pass - - -def taint_sink(o): - os.system(o) - - -# 示例调用 -if __name__ == u"__main__": - taint_src = u"taint_src_value" - exception_throw_001_T(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->路径敏感分析->异常抛出和捕获 +# scene introduction = try块 +# level = 3 +# bind_url = accuracy/path_sensitive/exception_throw/exception_throw_001_T +# evaluation information end +import os + + +def exception_throw_001_T(taint_src): + try: + taint_sink(taint_src) + raise Exception(u"_") + except Exception, e: + pass + + +def taint_sink(o): + os.system(o) + + +# 示例调用 +if __name__ == u"__main__": + taint_src = u"taint_src_value" + exception_throw_001_T(taint_src) + diff --git a/sast-python2/case/accuracy/path_sensitive/exception_throw/exception_throw_002_F.py b/sast-python2/case/accuracy/path_sensitive/exception_throw/exception_throw_002_F.py index 181a60a6..96ebb466 100644 --- a/sast-python2/case/accuracy/path_sensitive/exception_throw/exception_throw_002_F.py +++ b/sast-python2/case/accuracy/path_sensitive/exception_throw/exception_throw_002_F.py @@ -1,26 +1,26 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 准确度->路径敏感分析->异常抛出和捕获 -# scene introduction = 异常抛出-try块 -# level = 3 -# bind_url = accuracy/path_sensitive/exception_throw/exception_throw_002_F -# evaluation information end -import os - -def exception_throw_002_F(taint_src): - try: - raise Exception(u"_") - taint_sink(taint_src) - except Exception, e: - pass - - -def taint_sink(o): - os.system(o) - -# 示例调用 -if __name__ == u"__main__": - taint_src = u"taint_src_value" - exception_throw_002_F(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->路径敏感分析->异常抛出和捕获 +# scene introduction = try块 +# level = 3 +# bind_url = accuracy/path_sensitive/exception_throw/exception_throw_002_F +# evaluation information end +import os + +def exception_throw_002_F(taint_src): + try: + taint_sink("safe_value") + raise Exception(u"_") + except Exception, e: + pass + + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == u"__main__": + taint_src = u"taint_src_value" + exception_throw_002_F(taint_src) + diff --git a/sast-python2/case/accuracy/path_sensitive/exception_throw/exception_throw_003_T.py b/sast-python2/case/accuracy/path_sensitive/exception_throw/exception_throw_003_T.py index b7418025..598138a5 100644 --- a/sast-python2/case/accuracy/path_sensitive/exception_throw/exception_throw_003_T.py +++ b/sast-python2/case/accuracy/path_sensitive/exception_throw/exception_throw_003_T.py @@ -1,27 +1,26 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 准确度->路径敏感分析->异常抛出和捕获 -# scene introduction = 异常抛出-except块 -# level = 3 -# bind_url = accuracy/path_sensitive/exception_throw/exception_throw_003_T -# evaluation information end -import os - - -def exception_throw_003_T(taint_src): - try: - raise Exception(taint_src) - except Exception, e: - taint_sink(e) - - - -def taint_sink(o): - os.system(unicode(o)) - -# 示例调用 -if __name__ == u"__main__": - taint_src = u"taint_src_value" - exception_throw_003_T(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->路径敏感分析->异常抛出和捕获 +# scene introduction = except块 +# level = 3 +# bind_url = accuracy/path_sensitive/exception_throw/exception_throw_003_T +# evaluation information end +import os + + +def exception_throw_003_T(taint_src): + try: + raise Exception(taint_src) + except Exception, e: + taint_sink(e) + + +def taint_sink(o): + os.system(unicode(o)) + + +# 示例调用 +if __name__ == u"__main__": + taint_src = u"taint_src_value" + exception_throw_003_T(taint_src) diff --git a/sast-python2/case/accuracy/path_sensitive/exception_throw/exception_throw_004_F.py b/sast-python2/case/accuracy/path_sensitive/exception_throw/exception_throw_004_F.py new file mode 100644 index 00000000..0228c814 --- /dev/null +++ b/sast-python2/case/accuracy/path_sensitive/exception_throw/exception_throw_004_F.py @@ -0,0 +1,26 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->路径敏感分析->异常抛出和捕获 +# scene introduction = except块 +# level = 3 +# bind_url = accuracy/path_sensitive/exception_throw/exception_throw_004_F +# evaluation information end +import os + + +def exception_throw_004_F(taint_src): + try: + raise Exception(taint_src) + except Exception, e: + taint_sink("safe_value") + + +def taint_sink(o): + os.system(unicode(o)) + + +# 示例调用 +if __name__ == u"__main__": + taint_src = u"taint_src_value" + exception_throw_004_F(taint_src) diff --git a/sast-python2/case/accuracy/path_sensitive/exception_throw/exception_throw_004_T.py b/sast-python2/case/accuracy/path_sensitive/exception_throw/exception_throw_005_T.py similarity index 77% rename from sast-python2/case/accuracy/path_sensitive/exception_throw/exception_throw_004_T.py rename to sast-python2/case/accuracy/path_sensitive/exception_throw/exception_throw_005_T.py index 8ae655f3..6864351f 100644 --- a/sast-python2/case/accuracy/path_sensitive/exception_throw/exception_throw_004_T.py +++ b/sast-python2/case/accuracy/path_sensitive/exception_throw/exception_throw_005_T.py @@ -1,28 +1,28 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 准确度->路径敏感分析->异常抛出和捕获 -# scene introduction = finally块执行路径 -# level = 3 -# bind_url = accuracy/path_sensitive/exception_throw/exception_throw_004_T -# evaluation information end -import os - -def exception_throw_004_T(taint_src): - try: - a = taint_src - raise Exception(a) # 抛出污染异常 - except: - pass - finally: - taint_sink(a) # finally中仍可能污染 - - -def taint_sink(o): - os.system(o) - - -if __name__ == u"__main__": - taint_src = u"taint_src_value" - exception_throw_004_T(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->路径敏感分析->异常抛出和捕获 +# scene introduction = finally块 +# level = 3 +# bind_url = accuracy/path_sensitive/exception_throw/exception_throw_005_T +# evaluation information end +import os + + +def exception_throw_005_T(taint_src): + try: + a = taint_src + raise Exception(a) # 抛出污染异常 + except: + pass + finally: + taint_sink(a) # finally中仍可能污染 + + +def taint_sink(o): + os.system(o) + + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + exception_throw_005_T(taint_src) diff --git a/sast-python2/case/accuracy/path_sensitive/exception_throw/exception_throw_005_F.py b/sast-python2/case/accuracy/path_sensitive/exception_throw/exception_throw_006_F.py similarity index 69% rename from sast-python2/case/accuracy/path_sensitive/exception_throw/exception_throw_005_F.py rename to sast-python2/case/accuracy/path_sensitive/exception_throw/exception_throw_006_F.py index 6410a3f6..f451029e 100644 --- a/sast-python2/case/accuracy/path_sensitive/exception_throw/exception_throw_005_F.py +++ b/sast-python2/case/accuracy/path_sensitive/exception_throw/exception_throw_006_F.py @@ -1,27 +1,28 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 准确度->路径敏感分析->异常抛出和捕获 -# scene introduction = finally块执行路径 -# level = 3 -# bind_url = accuracy/path_sensitive/exception_throw/exception_throw_005_F -# evaluation information end -import os - -# 改 -def exception_throw_005_F(taint_src): - try: - raise Exception(taint_src) # 抛出干净异常 - except: - pass - finally: - taint_sink(u"_") # finally中未污染 - - -def taint_sink(o): - os.system(o) - -if __name__ == u"__main__": - taint_src = u"taint_src_value" - exception_throw_005_F(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->路径敏感分析->异常抛出和捕获 +# scene introduction = finally块 +# level = 3 +# bind_url = accuracy/path_sensitive/exception_throw/exception_throw_006_F +# evaluation information end +import os + + +# 改 +def exception_throw_006_F(taint_src): + try: + raise Exception(taint_src) # 抛出干净异常 + except: + pass + finally: + taint_sink(u"safe_value") # finally中未污染 + + +def taint_sink(o): + os.system(o) + + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + exception_throw_006_F(taint_src) diff --git a/sast-python2/case/accuracy/path_sensitive/exception_throw/exception_throw_007_T.py b/sast-python2/case/accuracy/path_sensitive/exception_throw/exception_throw_007_T.py new file mode 100644 index 00000000..d7b4a823 --- /dev/null +++ b/sast-python2/case/accuracy/path_sensitive/exception_throw/exception_throw_007_T.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->路径敏感分析->异常抛出和捕获 +# scene introduction = else块 +# level = 3 +# bind_url = accuracy/path_sensitive/exception_throw/exception_throw_007_T +# evaluation information end +import os + + +def exception_throw_007_T(taint_src): + try: + pass + except: + pass + else: + taint_sink(taint_src) + + +def taint_sink(o): + os.system(o) + + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + exception_throw_007_T(taint_src) diff --git a/sast-python2/case/accuracy/path_sensitive/exception_throw/exception_throw_008_F.py b/sast-python2/case/accuracy/path_sensitive/exception_throw/exception_throw_008_F.py new file mode 100644 index 00000000..affd5c71 --- /dev/null +++ b/sast-python2/case/accuracy/path_sensitive/exception_throw/exception_throw_008_F.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->路径敏感分析->异常抛出和捕获 +# scene introduction = else块 +# level = 3 +# bind_url = accuracy/path_sensitive/exception_throw/exception_throw_008_F +# evaluation information end +import os + + +def exception_throw_008_F(taint_src): + try: + pass + except: + pass + else: + taint_sink("safe_value") + + +def taint_sink(o): + os.system(o) + + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + exception_throw_008_F(taint_src) diff --git a/sast-python2/case/accuracy/path_sensitive/explicit_jump_control/break_004_F.py b/sast-python2/case/accuracy/path_sensitive/explicit_jump_control/break_004_F.py index 813e7075..28b93731 100644 --- a/sast-python2/case/accuracy/path_sensitive/explicit_jump_control/break_004_F.py +++ b/sast-python2/case/accuracy/path_sensitive/explicit_jump_control/break_004_F.py @@ -4,12 +4,12 @@ # evaluation item = 准确度->路径敏感分析->跳转语句 # scene introduction = break-嵌套循环 # level = 4 -# bind_url = accuracy/path_sensitive/explicit_jump_control/break_003_F +# bind_url = accuracy/path_sensitive/explicit_jump_control/break_004_F # evaluation information end import os -def break_003_F(taint_src): +def break_004_F(taint_src): res = u"" for i in xrange(2): for j in xrange(2): @@ -24,5 +24,5 @@ def taint_sink(o): if __name__ == u"__main__": taint_src = u"taint_src_value" - break_003_F(taint_src) + break_004_F(taint_src) diff --git a/sast-python2/case/accuracy/path_sensitive/explicit_jump_control/continue_001_T.py b/sast-python2/case/accuracy/path_sensitive/explicit_jump_control/continue_001_T.py index ddc77ef9..2d44be5f 100644 --- a/sast-python2/case/accuracy/path_sensitive/explicit_jump_control/continue_001_T.py +++ b/sast-python2/case/accuracy/path_sensitive/explicit_jump_control/continue_001_T.py @@ -1,29 +1,29 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 准确度->路径敏感分析->跳转语句 -# scene introduction = continue -# level = 4 -# bind_url = accuracy/path_sensitive/explicit_jump_control/continue_001_T -# evaluation information end -import os - - -def continue_001_T(taint_src): - res = u'' - for i in xrange(10): - if i == 3: - res = taint_src - continue - taint_sink(res) - - - -def taint_sink(o): - os.system(o) - -# 示例调用 -if __name__ == u"__main__": - taint_src = u"taint_src_value" - continue_001_T(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->路径敏感分析->跳转语句 +# scene introduction = continue +# level = 4 +# bind_url = accuracy/path_sensitive/explicit_jump_control/continue_001_T +# evaluation information end +import os + + +def continue_001_T(taint_src): + res = 'safe_value' + for i in range(10): + res = taint_src + continue + + taint_sink(res) + + + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == u"__main__": + taint_src = u"taint_src_value" + continue_001_T(taint_src) + diff --git a/sast-python2/case/accuracy/path_sensitive/explicit_jump_control/continue_002_F.py b/sast-python2/case/accuracy/path_sensitive/explicit_jump_control/continue_002_F.py index ed6ec42b..2dde8663 100644 --- a/sast-python2/case/accuracy/path_sensitive/explicit_jump_control/continue_002_F.py +++ b/sast-python2/case/accuracy/path_sensitive/explicit_jump_control/continue_002_F.py @@ -1,28 +1,29 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 准确度->路径敏感分析->跳转语句 -# scene introduction = continue -# level = 4 -# bind_url = accuracy/path_sensitive/explicit_jump_control/continue_002_F -# evaluation information end -import os - - -def continue_002_F(taint_src): - res = u'' - for i in xrange(10): - if i == 3: - res = taint_src - continue - taint_sink(res) - -def taint_sink(o): - os.system(o) - - -# 示例调用 -if __name__ == u"__main__": - taint_src = u"taint_src_value" - continue_002_F(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->路径敏感分析->跳转语句 +# scene introduction = continue +# level = 4 +# bind_url = accuracy/path_sensitive/explicit_jump_control/continue_002_F +# evaluation information end +import os + + +def continue_002_F(taint_src): + res = 'safe_value' + for i in range(10): + if i < 10: + continue + res = taint_src + + taint_sink(res) + +def taint_sink(o): + os.system(o) + + +# 示例调用 +if __name__ == u"__main__": + taint_src = u"taint_src_value" + continue_002_F(taint_src) + diff --git a/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_expression_no_solver_001_T.py b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_expression_no_solver_001_T.py new file mode 100644 index 00000000..2a932d1c --- /dev/null +++ b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_expression_no_solver_001_T.py @@ -0,0 +1,25 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 +# scene introduction = 条件表达式 +# level = 3 +# bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_expression_no_solver_001_T +# evaluation information end +import os + + +def conditional_expression_no_solver_001_T(taint_src): + result = taint_src if 2 > 1 else "safe_value" + + taint_sink(result) + + +def taint_sink(o): + os.system(o) + + +# 示例调用 +if __name__ == u"__main__": + taint_src = u"taint_src_value" + conditional_expression_no_solver_001_T(taint_src) diff --git a/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_expression_no_solver_002_F.py b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_expression_no_solver_002_F.py new file mode 100644 index 00000000..cd5b5738 --- /dev/null +++ b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_expression_no_solver_002_F.py @@ -0,0 +1,25 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 +# scene introduction = 条件表达式 +# level = 3 +# bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_expression_no_solver_002_F +# evaluation information end +import os + + +def conditional_expression_no_solver_002_F(taint_src): + result = taint_src if 2 < 1 else "safe_value" + + taint_sink(result) + + +def taint_sink(o): + os.system(o) + + +# 示例调用 +if __name__ == u"__main__": + taint_src = u"taint_src_value" + conditional_expression_no_solver_002_F(taint_src) diff --git a/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_001_F.py b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_001_T.py similarity index 70% rename from sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_001_F.py rename to sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_001_T.py index 9f5c8635..7bd4b1bc 100644 --- a/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_001_F.py +++ b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_001_T.py @@ -1,28 +1,29 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 -# scene introduction = 区分if else准入条件(不需求解)->if->区分分支 -# level = 3 -# bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_001_F -# evaluation information end -import os - - -def conditional_if_no_solver_001_F(taint_src): - if True: - res = taint_src - else: - taint_sink(res) - - - -def taint_sink(o): - os.system(o) - - -# 示例调用 -if __name__ == u"__main__": - taint_src = u"taint_src_value" - conditional_if_no_solver_001_F(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 +# scene introduction = 区分if else准入条件(不需求解)->if->区分分支 +# level = 3 +# bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_001_T +# evaluation information end +import os + + +def conditional_if_no_solver_001_T(taint_src): + result = "" + if True: + result = taint_src + else: + res = "safe_value" + + taint_sink(result) + + +def taint_sink(o): + os.system(o) + + +# 示例调用 +if __name__ == u"__main__": + taint_src = u"taint_src_value" + conditional_if_no_solver_001_T(taint_src) diff --git a/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_002_F.py b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_002_F.py index efa7f8c4..5ffbf837 100644 --- a/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_002_F.py +++ b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_002_F.py @@ -1,29 +1,29 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 -# scene introduction = 区分if else准入条件(不需求解)->if->区分分支 -# level = 3 -# bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_002_F -# evaluation information end -import os - - -def conditional_if_no_solver_002_F(taint_src): - res = u"" - if True: - taint_sink(res) - else: - res = taint_src - - - -def taint_sink(o): - os.system(o) - - -# 示例调用 -if __name__ == u"__main__": - taint_src = u"taint_src_value" - conditional_if_no_solver_002_F(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 +# scene introduction = 区分if else准入条件(不需求解)->if->区分分支 +# level = 3 +# bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_002_F +# evaluation information end +import os + + +def conditional_if_no_solver_002_F(taint_src): + result = "" + if True: + result = "safe_value" + else: + result = taint_src + + taint_sink(result) + + +def taint_sink(o): + os.system(o) + + +# 示例调用 +if __name__ == u"__main__": + taint_src = u"taint_src_value" + conditional_if_no_solver_002_F(taint_src) diff --git a/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_003_T.py b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_003_T.py index 45c7941f..137b1095 100644 --- a/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_003_T.py +++ b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_003_T.py @@ -1,30 +1,30 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 -# scene introduction = 区分if else分支+准入条件(不需求解)->if->区分具体执行路径->不求解 -# level = 3 -# bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_003_T -# evaluation information end -import os - - -def conditional_if_no_solver_003_T(taint_src): - res = u"" - if False: - res = u"_" - else: - res = taint_src - - taint_sink(res) - - - -def taint_sink(o): - os.system(o) - -# 示例调用 -if __name__ == u"__main__": - taint_src = u"taint_src_value" - conditional_if_no_solver_003_T(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 +# scene introduction = 区分if else分支+准入条件(不需求解)->if->区分具体执行路径->不求解 +# level = 3 +# bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_003_T +# evaluation information end +import os + + +def conditional_if_no_solver_003_T(taint_src): + result = "" + if False: + result = "safe_value" + else: + result = taint_src + + taint_sink(result) + + + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == u"__main__": + taint_src = u"taint_src_value" + conditional_if_no_solver_003_T(taint_src) + diff --git a/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_004_F.py b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_004_F.py index f2b427c9..669a3908 100644 --- a/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_004_F.py +++ b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_004_F.py @@ -1,30 +1,30 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 -# scene introduction = 区分if else分支+准入条件(不需求解)->if->区分具体执行路径->不求解 -# level = 3 -# bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_004_F -# evaluation information end -import os - - -def conditional_if_no_solver_004_F(taint_src): - res = u"" - if True: - res = u"_" - else: - res = taint_src - - taint_sink(res) - - - -def taint_sink(o): - os.system(o) - -# 示例调用 -if __name__ == u"__main__": - taint_src = u"taint_src_value" - conditional_if_no_solver_004_F(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 +# scene introduction = 区分if else分支+准入条件(不需求解)->if->区分具体执行路径->不求解 +# level = 3 +# bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_004_F +# evaluation information end +import os + + +def conditional_if_no_solver_004_F(taint_src): + result = "" + if False: + result = taint_src + else: + result = "safe_value" + + taint_sink(result) + + + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == u"__main__": + taint_src = u"taint_src_value" + conditional_if_no_solver_004_F(taint_src) + diff --git a/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_005_T.py b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_005_T.py new file mode 100644 index 00000000..f6924c52 --- /dev/null +++ b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_005_T.py @@ -0,0 +1,29 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 +# scene introduction = 区分变量声明位置 +# level = 3 +# bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_005_T +# evaluation information end +import os + + +def conditional_if_no_solver_005_T(taint_src): + if True: + res = taint_src + else: + res = "safe_value" + + taint_sink(res) + + + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + conditional_if_no_solver_005_T(taint_src) + diff --git a/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_006_F.py b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_006_F.py new file mode 100644 index 00000000..d4636177 --- /dev/null +++ b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_006_F.py @@ -0,0 +1,29 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 +# scene introduction = 区分变量声明位置 +# level = 3 +# bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_006_F +# evaluation information end +import os + + +def conditional_if_no_solver_006_F(taint_src): + if False: + res = taint_src + else: + res = "safe_value" + + taint_sink(res) + + + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + conditional_if_no_solver_006_F(taint_src) + diff --git a/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/config.json b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/config.json index 923c781f..4355dcc3 100644 --- a/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/config.json +++ b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/config.json @@ -7,16 +7,32 @@ "level": "3", "scene_list": [ { - "compose": "!conditional_if_no_solver_001_F.py && !conditional_if_no_solver_002_F.py", + "compose": "conditional_if_no_solver_001_T.py && !conditional_if_no_solver_002_F.py", "scene": "区分if else准入条件(不需求解)->if->区分分支" }, { "compose": "conditional_if_no_solver_003_T.py && !conditional_if_no_solver_004_F.py", "scene": "区分if else分支+准入条件(不需求解)->if->区分具体执行路径->不求解" + }, + { + "compose": "conditional_if_no_solver_005_T.py && !conditional_if_no_solver_006_F.py", + "scene": "区分变量声明位置" + }, + { + "compose": "conditional_expression_no_solver_001_T.py && !conditional_expression_no_solver_002_F.py", + "scene": "条件表达式" + }, + { + "compose": "loop_while_no_solver_001_T.py && !loop_while_no_solver_002_F.py", + "scene": "while循环" + }, + { + "compose": "loop_for_no_solver_001_T.py && !loop_for_no_solver_002_F.py", + "scene": "for循环" } ] } ] } ] -} \ No newline at end of file +} diff --git a/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/loop_for_no_solver_001_T.py b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/loop_for_no_solver_001_T.py new file mode 100644 index 00000000..b6ba8324 --- /dev/null +++ b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/loop_for_no_solver_001_T.py @@ -0,0 +1,25 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 +# scene introduction = for循环 +# level = 3 +# bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/loop_for_no_solver_001_T +# evaluation information end +import os + + +def loop_for_no_solver_001_T(taint_src): + list = [taint_src] + for i in list: + taint_sink(i) + + +def taint_sink(o): + os.system(o) + + +# 示例调用 +if __name__ == u"__main__": + taint_src = u"taint_src_value" + loop_for_no_solver_001_T(taint_src) diff --git a/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/loop_for_no_solver_002_F.py b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/loop_for_no_solver_002_F.py new file mode 100644 index 00000000..75747bec --- /dev/null +++ b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/loop_for_no_solver_002_F.py @@ -0,0 +1,25 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 +# scene introduction = for循环 +# level = 3 +# bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/loop_for_no_solver_002_F +# evaluation information end +import os + + +def loop_for_no_solver_002_F(taint_src): + list = ["safe_value"] + for i in list: + taint_sink(i) + + +def taint_sink(o): + os.system(o) + + +# 示例调用 +if __name__ == u"__main__": + taint_src = u"taint_src_value" + loop_for_no_solver_002_F(taint_src) diff --git a/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/loop_while_no_solver_001_T.py b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/loop_while_no_solver_001_T.py new file mode 100644 index 00000000..33009a2d --- /dev/null +++ b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/loop_while_no_solver_001_T.py @@ -0,0 +1,26 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 +# scene introduction = while循环 +# level = 3 +# bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/loop_while_no_solver_001_T +# evaluation information end +import os + + +def loop_while_no_solver_001_T(taint_src): + i = 0 + while i < 3: + taint_sink(taint_src) + i = i + 1 + + +def taint_sink(o): + os.system(o) + + +# 示例调用 +if __name__ == u"__main__": + taint_src = u"taint_src_value" + loop_while_no_solver_001_T(taint_src) diff --git a/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/loop_while_no_solver_002_F.py b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/loop_while_no_solver_002_F.py new file mode 100644 index 00000000..be25981a --- /dev/null +++ b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/loop_while_no_solver_002_F.py @@ -0,0 +1,26 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 +# scene introduction = while循环 +# level = 3 +# bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/loop_while_no_solver_002_F +# evaluation information end +import os + + +def loop_while_no_solver_002_F(taint_src): + i = 0 + while i < 3: + taint_sink("safe_value") + i = i + 1 + + +def taint_sink(o): + os.system(o) + + +# 示例调用 +if __name__ == u"__main__": + taint_src = u"taint_src_value" + loop_while_no_solver_002_F(taint_src) diff --git a/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_expression_solver_001_T.py b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_expression_solver_001_T.py new file mode 100644 index 00000000..16ae6a60 --- /dev/null +++ b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_expression_solver_001_T.py @@ -0,0 +1,25 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 +# scene introduction = 条件表达式 +# level = 4 +# bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_expression_solver_001_T +# evaluation information end +import os + + +def conditional_expression_solver_001_T(taint_src): + result = taint_src if 1 + 1 > 1 else "safe_value" + + taint_sink(result) + + +def taint_sink(o): + os.system(o) + + +# 示例调用 +if __name__ == u"__main__": + taint_src = u"taint_src_value" + conditional_expression_solver_001_T(taint_src) diff --git a/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_expression_solver_002_F.py b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_expression_solver_002_F.py new file mode 100644 index 00000000..9c554fc8 --- /dev/null +++ b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_expression_solver_002_F.py @@ -0,0 +1,25 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 +# scene introduction = 条件表达式 +# level = 4 +# bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/conditional_expression_solver_002_F +# evaluation information end +import os + + +def conditional_expression_solver_002_F(taint_src): + result = taint_src if 1 + 1 < 1 else "safe_value" + + taint_sink(result) + + +def taint_sink(o): + os.system(o) + + +# 示例调用 +if __name__ == u"__main__": + taint_src = u"taint_src_value" + conditional_expression_solver_002_F(taint_src) diff --git a/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/config.json b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/config.json index ba78ff03..5f22443b 100644 --- a/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/config.json +++ b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/config.json @@ -17,10 +17,14 @@ { "compose": "!while_body_solver_001_F.py && while_body_solver_002_T.py", "scene": "循环结构->whileElse" + }, + { + "compose": "conditional_expression_solver_001_T.py && !conditional_expression_solver_002_F.py", + "scene": "条件表达式" } ] } ] } ] -} \ No newline at end of file +} diff --git a/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_solver_001_F.py b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_solver_001_F.py index 1c7373cc..648d1b00 100644 --- a/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_solver_001_F.py +++ b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_solver_001_F.py @@ -1,30 +1,29 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 -# scene introduction = 循环结构->whileElse -# level = 4 -# bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_solver_001_F -# evaluation information end - -import os - - -def while_body_solver_001_F(taint_src): - i = 7 - res = u"_" - while i < 3: - res = taint_src - break - else: - # 当while循环条件不满足时执行 - taint_sink(res) - - -def taint_sink(o): - os.system(o) - - -if __name__ == u"__main__": - taint_src = u"taint_src_value" - while_body_solver_001_F(taint_src) +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 +# scene introduction = 循环结构->whileElse +# level = 4 +# bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_solver_001_F +# evaluation information end + +import os + + +def while_body_solver_001_F(taint_src): + i = 7 + res = u"safe_value" + while i < 3: + res = taint_src + else: + # 当while循环条件不满足时执行 + taint_sink(res) + + +def taint_sink(o): + os.system(o) + + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + while_body_solver_001_F(taint_src) diff --git a/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_solver_002_T.py b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_solver_002_T.py index 1394fb00..329bc897 100644 --- a/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_solver_002_T.py +++ b/sast-python2/case/accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_solver_002_T.py @@ -1,30 +1,30 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 -# scene introduction = 循环结构->whileElse -# level = 4 -# bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_solver_002_T -# evaluation information end - -import os - - -def while_body_solver_002_T(taint_src): - i = 7 - res = taint_src - while i < 3: - res = u"" - break - else: - # 当while循环条件不满足时执行 - taint_sink(res) - - -def taint_sink(o): - os.system(o) - - -if __name__ == u"__main__": - taint_src = u"taint_src_value" - while_body_solver_002_T(taint_src) +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->能够对上下文条件进行求解,以区分不同执行路径的状态 +# scene introduction = 循环结构->whileElse +# level = 4 +# bind_url = accuracy/path_sensitive/loop_conditional_stmt/solver/while_body_solver_002_T +# evaluation information end + +import os + + +def while_body_solver_002_T(taint_src): + i = 0 + res = "safe_value" + while i < 3: + res = taint_src + i = i + 1 + else: + # 当while循环条件不满足时执行 + taint_sink(res) + + +def taint_sink(o): + os.system(o) + + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + while_body_solver_002_T(taint_src) diff --git a/sast-python2/case/completeness/dynamic_tracing/dynamic_call/config.json b/sast-python2/case/completeness/dynamic_tracing/dynamic_call/config.json index 87b2f7a0..6f309e1f 100644 --- a/sast-python2/case/completeness/dynamic_tracing/dynamic_call/config.json +++ b/sast-python2/case/completeness/dynamic_tracing/dynamic_call/config.json @@ -17,10 +17,18 @@ { "compose": "dynamic_call_reflect_005_T.py && !dynamic_call_reflect_006_F.py", "scene": "字符串常量->反射3" + }, + { + "compose": "dynamic_call_reflect_007_T.py && !dynamic_call_reflect_008_F.py", + "scene": "动态创建类" + }, + { + "compose": "dynamic_call_reflect_009_T.py && !dynamic_call_reflect_010_F.py", + "scene": "动态导入" } ] } ] } ] -} \ No newline at end of file +} diff --git a/sast-python2/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_001_F.py b/sast-python2/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_001_F.py index 8a0d390e..c7cb5b61 100644 --- a/sast-python2/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_001_F.py +++ b/sast-python2/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_001_F.py @@ -1,29 +1,29 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 完整度->动态特性跟踪完整度->反射调用 -# scene introduction = 字符串常量->反射 -# level = 3 -# bind_url = completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_001_F -# evaluation information end -import os - - -def dynamic_call_reflect_001_F(taint_src): - class Obj(object): - def __init__(self): - self.name = u'_' - - obj = Obj() - - def taint_sink(o): - os.system(o) - - taint_sink(getattr(obj, u'name')) - - -# 示例调用 -if __name__ == u'__main__': - taint_src = u"taint_src_value" - dynamic_call_reflect_001_F(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->动态特性跟踪完整度->反射调用 +# scene introduction = 字符串常量->反射1 +# level = 3 +# bind_url = completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_001_F +# evaluation information end +import os + + +def dynamic_call_reflect_001_F(taint_src): + class Obj(object): + def __init__(self): + self.name = u'_' + + obj = Obj() + + taint_sink(getattr(obj, u'name')) + +def taint_sink(o): + os.system(o) + + +# 示例调用 +if __name__ == u'__main__': + taint_src = u"taint_src_value" + dynamic_call_reflect_001_F(taint_src) + diff --git a/sast-python2/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_002_T.py b/sast-python2/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_002_T.py index d9f08591..dbced626 100644 --- a/sast-python2/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_002_T.py +++ b/sast-python2/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_002_T.py @@ -1,29 +1,29 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->动态特性跟踪完整度->反射调用 -# scene introduction = 字符串常量->反射 -# level = 3 -# bind_url = completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_002_T -# evaluation information end -import os - - -def dynamic_call_reflect_002_T(taint_src): - class Obj(object): - def __init__(self, name): - self.name = name - - obj = Obj(taint_src) - - def taint_sink(o): - os.system(o) - - taint_sink(getattr(obj, u'name')) - - -# 示例调用 -if __name__ == u'__main__': - taint_src = u"taint_src_value" - dynamic_call_reflect_002_T(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->动态特性跟踪完整度->反射调用 +# scene introduction = 字符串常量->反射1 +# level = 3 +# bind_url = completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_002_T +# evaluation information end +import os + + +def dynamic_call_reflect_002_T(taint_src): + class Obj(object): + def __init__(self, name): + self.name = name + + obj = Obj(taint_src) + + taint_sink(getattr(obj, u'name')) + +def taint_sink(o): + os.system(o) + + +# 示例调用 +if __name__ == u'__main__': + taint_src = u"taint_src_value" + dynamic_call_reflect_002_T(taint_src) + diff --git a/sast-python2/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_003_T.py b/sast-python2/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_003_T.py index 029d8810..d0c478ff 100644 --- a/sast-python2/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_003_T.py +++ b/sast-python2/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_003_T.py @@ -1,30 +1,30 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->动态特性跟踪完整度->反射调用 -# scene introduction = 字符串常量->反射 -# level = 3 -# bind_url = completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_003_T -# evaluation information end -import os - - -def dynamic_call_reflect_003_T(taint_src): - class Obj(object): - def __init__(self): - self.data = u'_' - - obj = Obj() - setattr(obj, u'foo', taint_src) - taint_sink(getattr(obj, u'foo')) - - -def taint_sink(o): - os.system(o) - - -# 示例调用 -if __name__ == u'__main__': - taint_src = u"taint_src_value" - dynamic_call_reflect_003_T(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->动态特性跟踪完整度->反射调用 +# scene introduction = 字符串常量->反射2 +# level = 3 +# bind_url = completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_003_T +# evaluation information end +import os + + +def dynamic_call_reflect_003_T(taint_src): + class Obj(object): + def __init__(self): + self.data = u'_' + + obj = Obj() + setattr(obj, u'foo', taint_src) + taint_sink(getattr(obj, u'foo')) + + +def taint_sink(o): + os.system(o) + + +# 示例调用 +if __name__ == u'__main__': + taint_src = u"taint_src_value" + dynamic_call_reflect_003_T(taint_src) + diff --git a/sast-python2/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_004_F.py b/sast-python2/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_004_F.py index 9167fa8a..6de408ec 100644 --- a/sast-python2/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_004_F.py +++ b/sast-python2/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_004_F.py @@ -1,32 +1,32 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 完整度->动态特性跟踪完整度->反射调用 -# scene introduction = 字符串常量->反射 -# level = 3 -# bind_url = completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_004_F -# evaluation information end -import os - - -def dynamic_call_reflect_004_F(taint_src): - class Obj(object): - def __init__(self, data): - self.data = data - - obj = Obj(taint_src) - - setattr(obj, u'foo', u'_') - - taint_sink(getattr(obj, u'foo')) - - -def taint_sink(o): - os.system(o) - - -# 示例调用 -if __name__ == u'__main__': - taint_src = u"taint_src_value" - dynamic_call_reflect_004_F(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->动态特性跟踪完整度->反射调用 +# scene introduction = 字符串常量->反射2 +# level = 3 +# bind_url = completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_004_F +# evaluation information end +import os + + +def dynamic_call_reflect_004_F(taint_src): + class Obj(object): + def __init__(self, data): + self.data = data + + obj = Obj(taint_src) + + setattr(obj, u'foo', u'_') + + taint_sink(getattr(obj, u'foo')) + + +def taint_sink(o): + os.system(o) + + +# 示例调用 +if __name__ == u'__main__': + taint_src = u"taint_src_value" + dynamic_call_reflect_004_F(taint_src) + diff --git a/sast-python2/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_005_T.py b/sast-python2/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_005_T.py index f3b976b6..3e909d91 100644 --- a/sast-python2/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_005_T.py +++ b/sast-python2/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_005_T.py @@ -1,30 +1,30 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->动态特性跟踪完整度->反射调用 -# scene introduction = 字符串常量->反射 -# level = 3 -# bind_url = completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_005_T -# evaluation information end -import os - - -def dynamic_call_reflect_005_T(taint_src): - class Obj: - def __init__(self): - self.data = u'aaa' - - obj = Obj() - - delattr(obj, u'data') - setattr(obj, u'data', taint_src) - taint_sink(getattr(obj, u'data')) - - -def taint_sink(o): - os.system(o) - -if __name__ == u'__main__': - taint_src = u"taint_src_value" - dynamic_call_reflect_005_T(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->动态特性跟踪完整度->反射调用 +# scene introduction = 字符串常量->反射3 +# level = 3 +# bind_url = completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_005_T +# evaluation information end +import os + + +def dynamic_call_reflect_005_T(taint_src): + class Obj: + def __init__(self): + self.data = u'aaa' + + obj = Obj() + + delattr(obj, u'data') + setattr(obj, u'data', taint_src) + taint_sink(getattr(obj, u'data')) + + +def taint_sink(o): + os.system(o) + +if __name__ == u'__main__': + taint_src = u"taint_src_value" + dynamic_call_reflect_005_T(taint_src) + diff --git a/sast-python2/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_006_F.py b/sast-python2/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_006_F.py index 7bd41eaf..b820f8b7 100644 --- a/sast-python2/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_006_F.py +++ b/sast-python2/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_006_F.py @@ -1,30 +1,30 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 完整度->动态特性跟踪完整度->反射调用 -# scene introduction = 字符串常量->反射 -# level = 3 -# bind_url = completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_006_F -# evaluation information end -import os - - -def dynamic_call_reflect_006_F(taint_src): - class Obj: - def __init__(self,value): - self.data = value - - obj = Obj(taint_src) - - delattr(obj, u'data') - setattr(obj, u'data', u"aa") - taint_sink(getattr(obj, u'data')) - - -def taint_sink(o): - os.system(o) - -if __name__ == u'__main__': - taint_src = u"taint_src_value" - dynamic_call_reflect_006_F(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->动态特性跟踪完整度->反射调用 +# scene introduction = 字符串常量->反射3 +# level = 3 +# bind_url = completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_006_F +# evaluation information end +import os + + +def dynamic_call_reflect_006_F(taint_src): + class Obj: + def __init__(self,value): + self.data = value + + obj = Obj(taint_src) + + delattr(obj, u'data') + setattr(obj, u'data', u"aa") + taint_sink(getattr(obj, u'data')) + + +def taint_sink(o): + os.system(o) + +if __name__ == u'__main__': + taint_src = u"taint_src_value" + dynamic_call_reflect_006_F(taint_src) + diff --git a/sast-python2/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_007_T.py b/sast-python2/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_007_T.py new file mode 100644 index 00000000..ac14fcb3 --- /dev/null +++ b/sast-python2/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_007_T.py @@ -0,0 +1,33 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->动态特性跟踪完整度->反射调用 +# scene introduction = 动态创建类 +# level = 3 +# bind_url = completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_007_T +# date = 2026-01-08 02:38:35 +# evaluation information end +import os + + +def dynamic_call_reflect_007_T(taint_src): + Base = type('Base', (object,), { + '__init__': init + }) + + base = Base(taint_src) + + taint_sink(base.data) + + +def init(self, data): + self.data = data + + +def taint_sink(o): + os.system(o) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + dynamic_call_reflect_007_T(taint_src) diff --git a/sast-python2/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_008_F.py b/sast-python2/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_008_F.py new file mode 100644 index 00000000..f1799fb9 --- /dev/null +++ b/sast-python2/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_008_F.py @@ -0,0 +1,33 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->动态特性跟踪完整度->反射调用 +# scene introduction = 动态创建类 +# level = 3 +# bind_url = completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_008_F +# date = 2026-01-08 02:38:35 +# evaluation information end +import os + + +def dynamic_call_reflect_008_F(taint_src): + Base = type('Base', (object,), { + '__init__': init + }) + + base = Base(taint_src) + + taint_sink(base.data) + + +def init(self, data): + self.data = "safe_value" + + +def taint_sink(o): + os.system(o) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + dynamic_call_reflect_008_F(taint_src) diff --git a/sast-python2/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_009_T.py b/sast-python2/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_009_T.py new file mode 100644 index 00000000..27a81aaa --- /dev/null +++ b/sast-python2/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_009_T.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->动态特性跟踪完整度->反射调用 +# scene introduction = 动态导入 +# level = 3 +# bind_url = completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_009_T +# date = 2026-01-08 02:38:35 +# evaluation information end +import os + + +def dynamic_call_reflect_009_T(taint_src): + json_module = __import__("json") + + result = json_module.dumps(taint_src) + + taint_sink(result) + + +def taint_sink(o): + os.system(o) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + dynamic_call_reflect_009_T(taint_src) diff --git a/sast-python2/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_010_F.py b/sast-python2/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_010_F.py new file mode 100644 index 00000000..502d4d9c --- /dev/null +++ b/sast-python2/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_010_F.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->动态特性跟踪完整度->反射调用 +# scene introduction = 动态导入 +# level = 3 +# bind_url = completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_010_F +# date = 2026-01-08 02:38:35 +# evaluation information end +import os + + +def dynamic_call_reflect_010_F(taint_src): + json_module = __import__("json") + + result = json_module.dumps("safe_value") + + taint_sink(result) + + +def taint_sink(o): + os.system(o) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + dynamic_call_reflect_010_F(taint_src) diff --git a/sast-python2/case/completeness/other/ellipsis/ellipsis_002_F.py b/sast-python2/case/completeness/other/ellipsis/ellipsis_002_F.py index e0583628..03a47f07 100644 --- a/sast-python2/case/completeness/other/ellipsis/ellipsis_002_F.py +++ b/sast-python2/case/completeness/other/ellipsis/ellipsis_002_F.py @@ -1,30 +1,30 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->其他->ellipsis -# scene introduction = 切片占位 -# level = 2 -# bind_url = completeness/other/ellipsis/ellipsis_002_F -# evaluation information end - - -import os -import numpy as np - -def ellipsis_002_F(taint_src): - arr = np.random.randint(0, 10, (3, 3, 3)) # 创建一个 3x3x3 的随机数组 - - # 使用 Ellipsis 进行切片操作 - sliced = arr[..., 0] # 等价于 arr[:, :, 0] - taint_sink(sliced) - - -def taint_sink(o): - os.system(unicode(o)) - - -# 示例调用 -if __name__ == u"__main__": - taint_src = u"taint_src_value" - ellipsis_002_F(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->其他->ellipsis +# scene introduction = 切片占位 +# level = 2 +# bind_url = completeness/other/ellipsis/ellipsis_002_F +# evaluation information end + + +import os +import numpy as np + +def ellipsis_002_F(taint_src): + arr = np.random.randint(0, 10, (3, 3, 3)) # 创建一个 3x3x3 的随机数组 + + # 使用 Ellipsis 进行切片操作 + sliced = arr[..., 0] # 等价于 arr[:, :, 0] + taint_sink(sliced) + + +def taint_sink(o): + os.system(unicode(o)) + + +# 示例调用 +if __name__ == u"__main__": + taint_src = u"taint_src_value" + ellipsis_002_F(taint_src) + diff --git a/sast-python2/case/completeness/single_app_tracing/alias/alias_001_T.py b/sast-python2/case/completeness/single_app_tracing/alias/alias_001_T.py index ed864295..e79f06ea 100644 --- a/sast-python2/case/completeness/single_app_tracing/alias/alias_001_T.py +++ b/sast-python2/case/completeness/single_app_tracing/alias/alias_001_T.py @@ -1,27 +1,27 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 完整度->单应用跟踪完整度->别名 -# scene introduction = 别名问题 -# level = 2 -# bind_url = completeness/single_app_tracing/alias/alias_001_T -# evaluation information end -import os - - -def alias_001_T(taint_src): - a = {u'value': u'_'} - b = a - b[u'value'] = taint_src - taint_sink(a[u'value']) - - -def taint_sink(o): - os.system(o) - - -# 示例调用 -if __name__ == u"__main__": - taint_src = u"taint_src_value" - alias_001_T(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->别名 +# scene introduction = 别名问题 +# level = 2 +# bind_url = completeness/single_app_tracing/alias/alias_001_T +# evaluation information end +import os + + +def alias_001_T(taint_src): + a = {u'value': u'_'} + b = a + b[u'value'] = taint_src + taint_sink(a[u'value']) + + +def taint_sink(o): + os.system(o) + + +# 示例调用 +if __name__ == u"__main__": + taint_src = u"taint_src_value" + alias_001_T(taint_src) + diff --git a/sast-python2/case/completeness/single_app_tracing/alias/alias_006_F.py b/sast-python2/case/completeness/single_app_tracing/alias/alias_006_F.py index 09d6a894..88428339 100644 --- a/sast-python2/case/completeness/single_app_tracing/alias/alias_006_F.py +++ b/sast-python2/case/completeness/single_app_tracing/alias/alias_006_F.py @@ -1,24 +1,24 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->别名 -# scene introduction = 列表元素别名 -# level = 2 -# bind_url = completeness/single_app_tracing/alias/alias_006_F -# evaluation information end -import os - - -def alias_006_F(taint_src): - a = [taint_src, u'_'] - b = a # 别名 - b[0] = u'_' # 修改列表元素 - taint_sink(a[0]) - -def taint_sink(o): - os.system(o) - -if __name__ == u"__main__": - taint_src = u"taint_src_value" - alias_006_F(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->别名 +# scene introduction = 列表元素别名 +# level = 2 +# bind_url = completeness/single_app_tracing/alias/alias_006_F +# evaluation information end +import os + + +def alias_006_F(taint_src): + a = [taint_src, u'_'] + b = a # 别名 + b[0] = u'_' # 修改列表元素 + taint_sink(a[0]) + +def taint_sink(o): + os.system(o) + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + alias_006_F(taint_src) + diff --git a/sast-python2/case/completeness/single_app_tracing/alias/alias_011_T.py b/sast-python2/case/completeness/single_app_tracing/alias/alias_011_T.py new file mode 100644 index 00000000..8d192e58 --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/alias/alias_011_T.py @@ -0,0 +1,26 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->别名 +# scene introduction = 函数别名 +# level = 2 +# bind_url = completeness/single_app_tracing/alias/alias_011_T +# evaluation information end +import os + + +def alias_011_T(taint_src): + def process(data): + taint_sink(data) + + func = process + + func(taint_src) + +def taint_sink(o): + os.system(o) + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + alias_011_T(taint_src) + diff --git a/sast-python2/case/completeness/single_app_tracing/alias/alias_012_F.py b/sast-python2/case/completeness/single_app_tracing/alias/alias_012_F.py new file mode 100644 index 00000000..6ccdb9db --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/alias/alias_012_F.py @@ -0,0 +1,26 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->别名 +# scene introduction = 函数别名 +# level = 2 +# bind_url = completeness/single_app_tracing/alias/alias_012_F +# evaluation information end +import os + + +def alias_012_F(taint_src): + def process(data): + taint_sink("safe_value") + + func = process + + func(taint_src) + +def taint_sink(o): + os.system(o) + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + alias_012_F(taint_src) + diff --git a/sast-python2/case/completeness/single_app_tracing/alias/alias_013_T.py b/sast-python2/case/completeness/single_app_tracing/alias/alias_013_T.py new file mode 100644 index 00000000..e116b7dc --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/alias/alias_013_T.py @@ -0,0 +1,24 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->别名 +# scene introduction = 模块别名 +# level = 2 +# bind_url = completeness/single_app_tracing/alias/alias_013_T +# evaluation information end +import os +import copy as my_copy + + +def alias_013_T(taint_src): + s = my_copy.copy(taint_src) + + taint_sink(s) + +def taint_sink(o): + os.system(o) + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + alias_013_T(taint_src) + diff --git a/sast-python2/case/completeness/single_app_tracing/alias/alias_014_F.py b/sast-python2/case/completeness/single_app_tracing/alias/alias_014_F.py new file mode 100644 index 00000000..8f349dd7 --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/alias/alias_014_F.py @@ -0,0 +1,24 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->别名 +# scene introduction = 模块别名 +# level = 2 +# bind_url = completeness/single_app_tracing/alias/alias_014_F +# evaluation information end +import os +import copy as my_copy + + +def alias_014_F(taint_src): + s = my_copy.copy(taint_src) + s = "safe_value" + taint_sink(s) + +def taint_sink(o): + os.system(o) + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + alias_014_F(taint_src) + diff --git a/sast-python2/case/completeness/single_app_tracing/alias/config.json b/sast-python2/case/completeness/single_app_tracing/alias/config.json index d600596c..cb17f78e 100644 --- a/sast-python2/case/completeness/single_app_tracing/alias/config.json +++ b/sast-python2/case/completeness/single_app_tracing/alias/config.json @@ -25,10 +25,18 @@ { "compose": "alias_003_T.py && !alias_004_F.py", "scene": "多级别名链" + }, + { + "compose": "alias_011_T.py && !alias_012_F.py", + "scene": "函数别名" + }, + { + "compose": "alias_013_T.py && !alias_014_F.py", + "scene": "模块别名" } ] } ] } ] -} \ No newline at end of file +} diff --git a/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/delayed_execution_async/config.json b/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/delayed_execution_async/config.json new file mode 100644 index 00000000..05f4c0c8 --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/delayed_execution_async/config.json @@ -0,0 +1,22 @@ +{ + "delayed_execution_async": [ + { + "evaluation_item": "完整度->单应用跟踪完整度->并发、多线程、异步->延迟执行异步", + "scene_levels": [ + { + "level": "2", + "scene_list": [ + { + "compose": "timer_callback_single_001_T.py && !timer_callback_single_002_F.py", + "scene": "定时器回调" + }, + { + "compose": "thread_delay_direct_001_T.py && !thread_delay_direct_002_F.py", + "scene": "线程延迟执行" + } + ] + } + ] + } + ] +} diff --git a/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/delayed_execution_async/thread_delay_direct_001_T.py b/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/delayed_execution_async/thread_delay_direct_001_T.py new file mode 100644 index 00000000..dc397976 --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/delayed_execution_async/thread_delay_direct_001_T.py @@ -0,0 +1,34 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->延迟执行异步 +# scene introduction = 线程延迟执行 +# level = 2 +# bind_url = completeness/single_app_tracing/asynchronous_tracing/delayed_execution_async/thread_delay_direct_001_T +# date = 2026-01-08 02:38:35 +# evaluation information end +import os +import time +import threading + +def thread_delay_direct_001_T(taint_src): + result = None + + def delayed_thread(): + # 场景特点:在线程中使用sleep实现延迟 + time.sleep(0.1) + global result + result = taint_src + taint_sink(result) + + # 场景特点:创建并启动延迟执行线程 + thread = threading.Thread(target=delayed_thread) + thread.start() + thread.join() + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + thread_delay_direct_001_T(taint_src) \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/delayed_execution_async/thread_delay_direct_002_F.py b/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/delayed_execution_async/thread_delay_direct_002_F.py new file mode 100644 index 00000000..bbacf8ac --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/delayed_execution_async/thread_delay_direct_002_F.py @@ -0,0 +1,34 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->延迟执行异步 +# scene introduction = 线程延迟执行 +# level = 2 +# bind_url = completeness/single_app_tracing/asynchronous_tracing/delayed_execution_async/thread_delay_direct_002_F +# date = 2026-01-08 02:38:35 +# evaluation information end +import os +import time +import threading + +def thread_delay_direct_002_F(taint_src): + result = None + + def delayed_thread(): + # 场景特点:在线程中使用sleep实现延迟但使用安全值 + time.sleep(0.1) + global result + result = "safe_value" + taint_sink(result) + + # 场景特点:创建并启动延迟执行线程 + thread = threading.Thread(target=delayed_thread) + thread.start() + thread.join() + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + thread_delay_direct_002_F(taint_src) \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/delayed_execution_async/timer_callback_single_001_T.py b/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/delayed_execution_async/timer_callback_single_001_T.py new file mode 100644 index 00000000..959d9024 --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/delayed_execution_async/timer_callback_single_001_T.py @@ -0,0 +1,32 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->延迟执行异步 +# scene introduction = 定时器回调 +# level = 2 +# bind_url = completeness/single_app_tracing/asynchronous_tracing/delayed_execution_async/timer_callback_single_001_T +# date = 2026-01-08 02:38:35 +# evaluation information end +import os +import threading + +def timer_callback_single_001_T(taint_src): + result = None + + def delayed_task(): + # 场景特点:定时器回调函数中直接使用污染源 + global result + result = taint_src + taint_sink(result) + + # 场景特点:设置单次定时器延迟执行 + timer = threading.Timer(1.0, delayed_task) + timer.start() + timer.join() + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + timer_callback_single_001_T(taint_src) \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/delayed_execution_async/timer_callback_single_002_F.py b/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/delayed_execution_async/timer_callback_single_002_F.py new file mode 100644 index 00000000..c2962335 --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/delayed_execution_async/timer_callback_single_002_F.py @@ -0,0 +1,32 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->延迟执行异步 +# scene introduction = 定时器回调 +# level = 2 +# bind_url = completeness/single_app_tracing/asynchronous_tracing/delayed_execution_async/timer_callback_single_002_F +# date = 2026-01-08 02:38:35 +# evaluation information end +import os +import threading + +def timer_callback_single_002_F(taint_src): + result = None + + def delayed_task(): + # 场景特点:定时器回调函数中使用安全值而非污染源 + global result + result = "safe_value" + taint_sink(result) + + # 场景特点:设置单次定时器延迟执行 + timer = threading.Timer(1.0, delayed_task) + timer.start() + timer.join() + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + timer_callback_single_002_F(taint_src) \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/multi_process/config.json b/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/multi_process/config.json new file mode 100644 index 00000000..22dc721e --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/multi_process/config.json @@ -0,0 +1,18 @@ +{ + "multi_process": [ + { + "evaluation_item": "完整度->单应用跟踪完整度->并发、多线程、异步->多进程", + "scene_levels": [ + { + "level": "2", + "scene_list": [ + { + "compose": "process_create_001_T.py && !process_create_002_F.py", + "scene": "Process直接创建" + } + ] + } + ] + } + ] +} diff --git a/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/multi_process/process_create_001_T.py b/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/multi_process/process_create_001_T.py new file mode 100644 index 00000000..28d697c8 --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/multi_process/process_create_001_T.py @@ -0,0 +1,36 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->多进程 +# scene introduction = Process直接创建 +# level = 2 +# bind_url = completeness/single_app_tracing/asynchronous_tracing/multi_process/process_create_001_T +# date = 2026-01-07 06:14:06 +# evaluation information end +import os +import multiprocessing + + +def process_create_001_T(taint_src): + result = taint_src + + def worker(): + global result + # 场景特点:进程直接访问污染源参数 + result = "safe_value" + + # 场景特点:直接创建Process对象并传递参数 + process = multiprocessing.Process(target=worker) + process.start() + + # 场景特点:污染源通过进程参数传递并最终到达sink + taint_sink(result) + + +def taint_sink(o): + os.system(o) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + process_create_001_T(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/multi_process/process_create_002_F.py b/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/multi_process/process_create_002_F.py new file mode 100644 index 00000000..5f5f74e0 --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/multi_process/process_create_002_F.py @@ -0,0 +1,36 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->多进程 +# scene introduction = Process直接创建 +# level = 2 +# bind_url = completeness/single_app_tracing/asynchronous_tracing/multi_process/process_create_002_F +# date = 2026-01-07 06:14:06 +# evaluation information end +import os +import multiprocessing + + +def process_create_002_F(taint_src): + result = "safe_value" + + def worker(): + global result + # 场景特点:进程使用安全值而非污染源 + result = taint_src + + # 场景特点:直接创建Process对象但不传递污染源 + process = multiprocessing.Process(target=worker) + process.start() + + # 场景特点:安全值到达sink,污染源未传递 + taint_sink(result) + + +def taint_sink(o): + os.system(o) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + process_create_002_F(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/multi_thread/config.json b/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/multi_thread/config.json new file mode 100644 index 00000000..3b9945b0 --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/multi_thread/config.json @@ -0,0 +1,18 @@ +{ + "multi_thread": [ + { + "evaluation_item": "完整度->单应用跟踪完整度->并发、多线程、异步->多线程", + "scene_levels": [ + { + "level": "2", + "scene_list": [ + { + "compose": "thread_create_001_T.py && !thread_create_002_F.py", + "scene": "Thread" + } + ] + } + ] + } + ] +} diff --git a/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/multi_thread/thread_create_001_T.py b/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/multi_thread/thread_create_001_T.py new file mode 100644 index 00000000..c89ca6f8 --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/multi_thread/thread_create_001_T.py @@ -0,0 +1,38 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->多线程 +# scene introduction = Thread +# level = 2 +# bind_url = completeness/single_app_tracing/asynchronous_tracing/multi_thread/thread_create_001_T +# date = 2026-01-07 06:02:28 +# evaluation information end +import os +import threading +import time + + +def thread_create_001_T(taint_src): + result = taint_src + + def worker(): + global result + time.sleep(0.1) + # 场景特点:线程使用安全值而非污染源 + result = "safe_value" + + # 场景特点:直接创建Thread对象但不传递污染源 + thread = threading.Thread(target=worker) + thread.start() + + # 场景特点:安全值到达sink,污染源未传递 + taint_sink(result) + + +def taint_sink(o): + os.system(o) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + thread_create_001_T(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/multi_thread/thread_create_002_F.py b/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/multi_thread/thread_create_002_F.py new file mode 100644 index 00000000..e8257394 --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/multi_thread/thread_create_002_F.py @@ -0,0 +1,38 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->多线程 +# scene introduction = Thread +# level = 2 +# bind_url = completeness/single_app_tracing/asynchronous_tracing/multi_thread/thread_create_002_F +# date = 2026-01-07 06:02:28 +# evaluation information end +import os +import threading +import time + + +def thread_create_002_F(taint_src): + result = "safe_value" + + def worker(): + global result + time.sleep(0.1) + # 场景特点:线程直接访问污染源参数 + result = taint_src + + # 场景特点:直接创建Thread对象并传递参数 + thread = threading.Thread(target=worker) + thread.start() + + # 场景特点:污染源通过线程传递并最终到达sink + taint_sink(result) + + +def taint_sink(o): + os.system(o) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + thread_create_002_F(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/condition_create_001_T.py b/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/condition_create_001_T.py new file mode 100644 index 00000000..081b0b79 --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/condition_create_001_T.py @@ -0,0 +1,53 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 +# scene introduction = 条件变量 +# level = 2 +# bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/condition_create_001_T +# evaluation information end + +import os +import threading +import time + + +def condition_create_001_T(taint_src): + result = [""] + # 场景特点:创建条件变量对象并直接传递污染源 + condition = threading.Condition() + + def worker1(): + with condition: + # 等待通知再写入 + condition.wait() + result[0] = taint_src + + def worker2(): + # 等待 0.1s 看 worker1 是否在等通知 + time.sleep(0.1) + with condition: + result[0] = "safe_value" + # 写入后通知 worker1 + condition.notify() + + thread1 = threading.Thread(target=worker1) + thread2 = threading.Thread(target=worker2) + + thread1.start() + thread2.start() + + thread1.join() + thread2.join() + + # 场景特点:条件变量对象作为参数传递污染源到sink + taint_sink(result[0]) + + +def taint_sink(o): + os.system(o) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + condition_create_001_T(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/condition_create_002_F.py b/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/condition_create_002_F.py new file mode 100644 index 00000000..d33be02f --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/condition_create_002_F.py @@ -0,0 +1,52 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 +# scene introduction = 条件变量 +# level = 2 +# bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/condition_create_002_F +# date = 2026-01-07 06:30:09 +# evaluation information end +import os +import threading +import time + + +def condition_create_002_F(taint_src): + result = [""] + # 场景特点:创建条件变量对象并直接传递污染源 + condition = threading.Condition() + + def worker1(): + with condition: + # 不等待直接写入 + result[0] = taint_src + + def worker2(): + # 等待 0.1s 看 worker1 是否在等通知 + time.sleep(0.1) + with condition: + result[0] = "safe_value" + # 写入后通知 worker1 + condition.notify() + + thread1 = threading.Thread(target=worker1) + thread2 = threading.Thread(target=worker2) + + thread1.start() + thread2.start() + + thread1.join() + thread2.join() + + # 场景特点:条件变量对象作为参数传递污染源到sink + taint_sink(result[0]) + + +def taint_sink(o): + os.system(o) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + condition_create_002_F(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/config.json b/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/config.json new file mode 100644 index 00000000..0fe14b82 --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/config.json @@ -0,0 +1,34 @@ +{ + "promise_callback_await": [ + { + "evaluation_item": "完整度->单应用跟踪完整度->并发、多线程、异步->同步原语", + "scene_levels": [ + { + "level": "2", + "scene_list": [ + { + "compose": "lock_create_001_T.py && !lock_create_002_F.py", + "scene": "锁" + }, + { + "compose": "event_create_001_T.py && !event_create_002_F.py", + "scene": "事件" + }, + { + "compose": "condition_create_001_T.py && !condition_create_002_F.py", + "scene": "条件变量" + }, + { + "compose": "process_join_001_T.py && !process_join_002_F.py", + "scene": "进程同步" + }, + { + "compose": "thread_join_001_T.py && !thread_join_002_F.py", + "scene": "线程同步" + } + ] + } + ] + } + ] +} \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/event_create_001_T.py b/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/event_create_001_T.py new file mode 100644 index 00000000..6db181fa --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/event_create_001_T.py @@ -0,0 +1,38 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 +# scene introduction = 事件 +# level = 2 +# bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/event_create_001_T +# date = 2026-01-07 06:26:35 +# evaluation information end +import os +import threading +import time + + +def event_create_001_T(taint_src): + result = ["safe_value"] + event = threading.Event() + + def worker(event): + time.sleep(0.1) + result[0] = taint_src + event.set() + + thread = threading.Thread(target=worker, args=(event,)) + thread.start() + + event.wait() + + taint_sink(result[0]) + + +def taint_sink(o): + os.system(o) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + event_create_001_T(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/event_create_002_F.py b/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/event_create_002_F.py new file mode 100644 index 00000000..ef64fb62 --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/event_create_002_F.py @@ -0,0 +1,36 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 +# scene introduction = 事件 +# level = 2 +# bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/event_create_002_F +# date = 2026-01-07 06:26:35 +# evaluation information end +import os +import threading +import time + +def event_create_002_F(taint_src): + result = [taint_src] + event = threading.Event() + + def worker(event): + time.sleep(0.1) + result[0] = "safe_value" + event.set() + + thread = threading.Thread(target=worker, args=(event,)) + thread.start() + + event.wait() + + taint_sink(result[0]) + + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + event_create_002_F(taint_src) \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/lock_create_001_T.py b/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/lock_create_001_T.py new file mode 100644 index 00000000..3a590f13 --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/lock_create_001_T.py @@ -0,0 +1,49 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 +# scene introduction = 锁 +# level = 2 +# bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/lock_create_001_T +# date = 2026-01-07 06:26:35 +# evaluation information end +import os +import threading +import time + + +def lock_create_001_T(taint_src): + result = [""] + lock = threading.Lock() + + def worker1(): + # 等待 worker2 同步锁 + time.sleep(0.1) + with lock: + result[0] = taint_src + + def worker2(): + with lock: + # lock 锁住等 0.2s 再释放 + time.sleep(0.2) + result[0] = "safe_value" + + thread1 = threading.Thread(target=worker1) + thread2 = threading.Thread(target=worker2) + + thread1.start() + thread2.start() + + thread1.join() + thread2.join() + + taint_sink(result[0]) + + +def taint_sink(o): + os.system(o) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + lock_create_001_T(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/lock_create_002_F.py b/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/lock_create_002_F.py new file mode 100644 index 00000000..8d8814d6 --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/lock_create_002_F.py @@ -0,0 +1,49 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 +# scene introduction = 锁 +# level = 2 +# bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/lock_create_002_F +# date = 2026-01-07 06:26:35 +# evaluation information end +import os +import threading +import time + + +def lock_create_002_F(taint_src): + result = [""] + lock = threading.Lock() + + def worker1(): + with lock: + # lock 锁住等 0.2s 再释放 + time.sleep(0.2) + result[0] = taint_src + + def worker2(): + # 等待 worker1 同步锁 + time.sleep(0.1) + with lock: + result[0] = "safe_value" + + thread1 = threading.Thread(target=worker1) + thread2 = threading.Thread(target=worker2) + + thread1.start() + thread2.start() + + thread1.join() + thread2.join() + + taint_sink(result[0]) + + +def taint_sink(o): + os.system(o) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + lock_create_002_F(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/process_join_001_T.py b/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/process_join_001_T.py new file mode 100644 index 00000000..6b9945de --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/process_join_001_T.py @@ -0,0 +1,35 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 +# scene introduction = 进程同步 +# level = 2 +# bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/process_join_001_T +# date = 2026-01-07 06:30:09 +# evaluation information end +import os +import multiprocessing + + +def process_join_001_T(taint_src): + result = multiprocessing.Manager().list(["safe_value"]) + + # 场景特点:创建进程并传递污染源 + def worker(list, data): + # 场景特点:进程同步时传递污染源 + list[0] = data + + process = multiprocessing.Process(target=worker, args=(result, taint_src)) + process.start() + + process.join() + taint_sink(result[0]) + + +def taint_sink(o): + os.system(o) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + process_join_001_T(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/process_join_002_F.py b/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/process_join_002_F.py new file mode 100644 index 00000000..e6bb75f3 --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/process_join_002_F.py @@ -0,0 +1,34 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 +# scene introduction = 进程同步 +# level = 2 +# bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/process_join_002_F +# date = 2026-01-07 06:30:09 +# evaluation information end +import os +import multiprocessing + + +def process_join_002_F(taint_src): + result = multiprocessing.Manager().list([taint_src]) + + def worker(list, data): + # 场景特点:进程同步时传递安全值而非污染源 + list[0] = "safe_value" + + process = multiprocessing.Process(target=worker, args=(result, taint_src)) + process.start() + + process.join() + taint_sink(result[0]) + + +def taint_sink(o): + os.system(o) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + process_join_002_F(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/thread_join_001_T.py b/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/thread_join_001_T.py new file mode 100644 index 00000000..feed1e84 --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/thread_join_001_T.py @@ -0,0 +1,35 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 +# scene introduction = 线程同步 +# level = 2 +# bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/thread_join_001_T +# date = 2026-01-07 06:30:09 +# evaluation information end +import os +import threading + + +def thread_join_001_T(taint_src): + result = ["safe_value"] + + # 场景特点:创建线程并传递污染源 + def worker(): + # 场景特点:线程同步时传递污染源 + result[0] = taint_src + + thread = threading.Thread(target=worker) + thread.start() + + thread.join() + taint_sink(result[0]) + + +def taint_sink(o): + os.system(o) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + thread_join_001_T(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/thread_join_002_F.py b/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/thread_join_002_F.py new file mode 100644 index 00000000..2119ee11 --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/thread_join_002_F.py @@ -0,0 +1,34 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 +# scene introduction = 线程同步 +# level = 2 +# bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/thread_join_002_F +# date = 2026-01-07 06:30:09 +# evaluation information end +import os +import threading + + +def thread_join_002_F(taint_src): + result = [taint_src] + + def worker(): + # 场景特点:线程同步时传递安全值而非污染源 + result[0] = "safe_value" + + thread = threading.Thread(target=worker) + thread.start() + + thread.join() + taint_sink(result[0]) + + +def taint_sink(o): + os.system(o) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + thread_join_002_F(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/class/anonymous_object/anonymous_object_001_T.py b/sast-python2/case/completeness/single_app_tracing/class/anonymous_object/anonymous_object_001_T.py new file mode 100644 index 00000000..b6c2eeca --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/class/anonymous_object/anonymous_object_001_T.py @@ -0,0 +1,23 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->接口与类->匿名对象 +# scene introduction = 匿名对象 +# level = 2 +# bind_url = completeness/single_app_tracing/class/anonymous_object/anonymous_object_001_T +# evaluation information end +import os + + +def anonymous_object_001_T(taint_src): + obj = {"data": taint_src} + taint_sink(obj["data"]) + + +def taint_sink(o): + os.system(o) + + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + anonymous_object_001_T(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/class/anonymous_object/anonymous_object_002_F.py b/sast-python2/case/completeness/single_app_tracing/class/anonymous_object/anonymous_object_002_F.py new file mode 100644 index 00000000..e190e61a --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/class/anonymous_object/anonymous_object_002_F.py @@ -0,0 +1,24 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->接口与类->匿名对象 +# scene introduction = 匿名对象 +# level = 2 +# bind_url = completeness/single_app_tracing/class/anonymous_object/anonymous_object_002_F +# evaluation information end +import os + + +def anonymous_object_002_F(taint_src): + obj = {"data": taint_src} + obj["data"] = "safe_value" + taint_sink(obj["data"]) + + +def taint_sink(o): + os.system(o) + + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + anonymous_object_002_F(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/class/anonymous_object/config.json b/sast-python2/case/completeness/single_app_tracing/class/anonymous_object/config.json new file mode 100644 index 00000000..30e33418 --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/class/anonymous_object/config.json @@ -0,0 +1,18 @@ +{ + "anonymous_object": [ + { + "evaluation_item": "完整度->单应用跟踪完整度->接口与类->匿名对象", + "scene_levels": [ + { + "level": "2", + "scene_list": [ + { + "compose": "anonymous_object_001_T.py&& !anonymous_object_002_F.py", + "scene": "匿名对象" + } + ] + } + ] + } + ] +} diff --git a/sast-python2/case/completeness/single_app_tracing/class/simple_object/config.json b/sast-python2/case/completeness/single_app_tracing/class/simple_object/config.json index 019da65b..517bdd3a 100644 --- a/sast-python2/case/completeness/single_app_tracing/class/simple_object/config.json +++ b/sast-python2/case/completeness/single_app_tracing/class/simple_object/config.json @@ -8,7 +8,7 @@ "scene_list": [ { "compose": "simple_object_001_T.py && !simple_object_002_F.py", - "scene": "1" + "scene": "简单对象声明" }, { "compose": "simple_object_003_T.py && !simple_object_004_F.py", diff --git a/sast-python2/case/completeness/single_app_tracing/class/simple_object/simple_object_001_T.py b/sast-python2/case/completeness/single_app_tracing/class/simple_object/simple_object_001_T.py index 96ec57db..79b41fee 100644 --- a/sast-python2/case/completeness/single_app_tracing/class/simple_object/simple_object_001_T.py +++ b/sast-python2/case/completeness/single_app_tracing/class/simple_object/simple_object_001_T.py @@ -1,28 +1,28 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->接口与类->简单对象 -# scene introduction = -# level = 2 -# bind_url = completeness/single_app_tracing/class/simple_object/simple_object_001_T -# evaluation information end -import os - - -def simple_object_001_T(taint_src): - class A(object): - def __init__(self, data): - self.data = data - - obj = A(taint_src) - taint_sink(obj.data) - - -def taint_sink(o): - os.system(o) - - -if __name__ == u'__main__': - taint_src = u"taint_src_value" - simple_object_001_T(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->接口与类->简单对象 +# scene introduction = 简单对象声明 +# level = 2 +# bind_url = completeness/single_app_tracing/class/simple_object/simple_object_001_T +# evaluation information end +import os + + +def simple_object_001_T(taint_src): + class A(object): + def __init__(self, data): + self.data = data + + obj = A(taint_src) + taint_sink(obj.data) + + +def taint_sink(o): + os.system(o) + + +if __name__ == u'__main__': + taint_src = u"taint_src_value" + simple_object_001_T(taint_src) + diff --git a/sast-python2/case/completeness/single_app_tracing/class/simple_object/simple_object_002_F.py b/sast-python2/case/completeness/single_app_tracing/class/simple_object/simple_object_002_F.py index a2091219..5afd64a0 100644 --- a/sast-python2/case/completeness/single_app_tracing/class/simple_object/simple_object_002_F.py +++ b/sast-python2/case/completeness/single_app_tracing/class/simple_object/simple_object_002_F.py @@ -1,28 +1,28 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 完整度->单应用跟踪完整度->接口与类->简单对象 -# scene introduction = -# level = 2 -# bind_url = completeness/single_app_tracing/class/simple_object/simple_object_002_F -# evaluation information end -import os - - -def simple_object_002_F(taint_src): - class A(object): - def __init__(self, data): - self.data = data - - obj = A(u'_') - taint_sink(obj.data) - - -def taint_sink(o): - os.system(o) - - -if __name__ == u'__main__': - taint_src = u"taint_src_value" - simple_object_002_F(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->接口与类->简单对象 +# scene introduction = 简单对象声明 +# level = 2 +# bind_url = completeness/single_app_tracing/class/simple_object/simple_object_002_F +# evaluation information end +import os + + +def simple_object_002_F(taint_src): + class A(object): + def __init__(self, data): + self.data = data + + obj = A(u'_') + taint_sink(obj.data) + + +def taint_sink(o): + os.system(o) + + +if __name__ == u'__main__': + taint_src = u"taint_src_value" + simple_object_002_F(taint_src) + diff --git a/sast-python2/case/completeness/single_app_tracing/class/subclass/config.json b/sast-python2/case/completeness/single_app_tracing/class/subclass/config.json new file mode 100644 index 00000000..bb20f8a4 --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/class/subclass/config.json @@ -0,0 +1,22 @@ +{ + "subclass": [ + { + "evaluation_item": "完整度->单应用跟踪完整度->接口与类->子类对象", + "scene_levels": [ + { + "level": "2", + "scene_list": [ + { + "compose": "subclass_001_T.py&& !subclass_002_F.py", + "scene": "继承属性" + }, + { + "compose": "subclass_003_T.py && !subclass_004_F.py", + "scene": "继承方法" + } + ] + } + ] + } + ] +} diff --git a/sast-python2/case/completeness/single_app_tracing/class/subclass/subclass_001_T.py b/sast-python2/case/completeness/single_app_tracing/class/subclass/subclass_001_T.py new file mode 100644 index 00000000..549de67e --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/class/subclass/subclass_001_T.py @@ -0,0 +1,32 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->接口与类->子类对象 +# scene introduction = 继承属性 +# level = 2 +# bind_url = completeness/single_app_tracing/class/subclass/subclass_001_T +# evaluation information end +import os + + +class Parent(object): + def __init__(self, data): + self.data = data + + +class Child(Parent): + pass + + +def subclass_001_T(taint_src): + obj = Child(taint_src) + taint_sink(obj.data) + + +def taint_sink(o): + os.system(o) + + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + subclass_001_T(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/class/subclass/subclass_002_F.py b/sast-python2/case/completeness/single_app_tracing/class/subclass/subclass_002_F.py new file mode 100644 index 00000000..156941bf --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/class/subclass/subclass_002_F.py @@ -0,0 +1,32 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->接口与类->子类对象 +# scene introduction = 继承属性 +# level = 2 +# bind_url = completeness/single_app_tracing/class/subclass/subclass_002_F +# evaluation information end +import os + + +class BaseObject(object): + def __init__(self, data): + self.data = "safe_value" + + +class DerivedObject(BaseObject): + pass + + +def subclass_002_F(taint_src): + obj = DerivedObject(taint_src) + taint_sink(obj.data) + + +def taint_sink(o): + os.system(o) + + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + subclass_002_F(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/class/subclass/subclass_003_T.py b/sast-python2/case/completeness/single_app_tracing/class/subclass/subclass_003_T.py new file mode 100644 index 00000000..426c192d --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/class/subclass/subclass_003_T.py @@ -0,0 +1,35 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->接口与类->子类对象 +# scene introduction = 继承方法 +# level = 2 +# bind_url = completeness/single_app_tracing/class/subclass/subclass_003_T +# evaluation information end +import os + + +class Parent(object): + def __init__(self, data): + self.data = data + + def getData(self): + return self.data + + +class Child(Parent): + pass + + +def subclass_003_T(taint_src): + obj = Child(taint_src) + taint_sink(obj.getData()) + + +def taint_sink(o): + os.system(o) + + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + subclass_003_T(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/class/subclass/subclass_004_F.py b/sast-python2/case/completeness/single_app_tracing/class/subclass/subclass_004_F.py new file mode 100644 index 00000000..ea03a101 --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/class/subclass/subclass_004_F.py @@ -0,0 +1,35 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->接口与类->子类对象 +# scene introduction = 继承方法 +# level = 2 +# bind_url = completeness/single_app_tracing/class/subclass/subclass_004_F +# evaluation information end +import os + + +class Parent(object): + def __init__(self, data): + self.data = data + + def getData(self): + return "sefa_value" + + +class Child(Parent): + pass + + +def subclass_004_F(taint_src): + obj = Child(taint_src) + taint_sink(obj.getData()) + + +def taint_sink(o): + os.system(o) + + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + subclass_004_F(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/control_flow/loop_stmt/while_else_002_F.py b/sast-python2/case/completeness/single_app_tracing/control_flow/loop_stmt/while_else_002_F.py index 306e01e2..59bf8ee3 100644 --- a/sast-python2/case/completeness/single_app_tracing/control_flow/loop_stmt/while_else_002_F.py +++ b/sast-python2/case/completeness/single_app_tracing/control_flow/loop_stmt/while_else_002_F.py @@ -1,31 +1,31 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->流程控制语句->循环结构 -# scene introduction = while_else -# level = 4 -# bind_url = completeness/single_app_tracing/control_flow/loop_stmt/while_else_002_F -# evaluation information end - -import os - -def while_else_002_F(taint_src): - i = 2 - res = taint_src - while i < 2: - i += 1 - break - else: - res = u"_" - - taint_sink(res) - - -def taint_sink(o): - os.system(o) - - -# 示例调用 -if __name__ == u"__main__": - taint_src = u"taint_src_value" - while_else_002_F(taint_src) +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->流程控制语句->循环结构 +# scene introduction = while_else +# level = 4 +# bind_url = completeness/single_app_tracing/control_flow/loop_stmt/while_else_002_F +# evaluation information end + +import os + +def while_else_002_F(taint_src): + i = 2 + res = taint_src + while i < 2: + i += 1 + break + else: + res = u"_" + + taint_sink(res) + + +def taint_sink(o): + os.system(o) + + +# 示例调用 +if __name__ == u"__main__": + taint_src = u"taint_src_value" + while_else_002_F(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/A/cross_module_005_T_a.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/A/cross_module_005_T_a.py index f6d63115..025cdeae 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/A/cross_module_005_T_a.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/A/cross_module_005_T_a.py @@ -4,7 +4,7 @@ # evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 # scene introduction = 跨目录变量导出 # level = 2 -# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_011_T/A/cross_module_005_T_a +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/A/cross_module_005_T_a # evaluation information end exportedVariable = u"taint_src_value" diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/B/cross_module_005_T_b.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/B/cross_module_005_T_b.py index cc60e9b9..709fb279 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/B/cross_module_005_T_b.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/B/cross_module_005_T_b.py @@ -1,27 +1,27 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 -# scene introduction = 跨目录变量导出 -# level = 2 -# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_011_T/B/cross_module_005_T_b -# evaluation information end - -import sys -import os -sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))) -from A.cross_module_005_T_a import exportedVariable - - -def cross_module_005_T_b(): - result = exportedVariable - taint_sink(result) - - -def taint_sink(o): - os.system(o) - - -if __name__ == u"__main__": - cross_module_005_T_b() - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 +# scene introduction = 跨目录变量导出 +# level = 2 +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/B/cross_module_005_T_b +# evaluation information end + +import sys +import os +sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))) +from A.cross_module_005_T_a import exportedVariable + + +def cross_module_005_T_b(): + result = exportedVariable + taint_sink(result) + + +def taint_sink(o): + os.system(o) + + +if __name__ == u"__main__": + cross_module_005_T_b() + diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/A/cross_module_006_F_a.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/A/cross_module_006_F_a.py index bc452544..6ac8bfa0 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/A/cross_module_006_F_a.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/A/cross_module_006_F_a.py @@ -4,7 +4,7 @@ # evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 # scene introduction = 跨目录变量导出 # level = 2 -# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_012_F/A/cross_module_006_F_a +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/A/cross_module_006_F_a # evaluation information end exportedVariable = u'_' diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/B/cross_module_006_F_b.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/B/cross_module_006_F_b.py index 4e5da413..6b66c2e0 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/B/cross_module_006_F_b.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/B/cross_module_006_F_b.py @@ -4,7 +4,7 @@ # evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 # scene introduction = 跨目录变量导出 # level = 2 -# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_012_F/B/cross_module_006_F_b +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/B/cross_module_006_F_b # evaluation information end import sys diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_009_T/cross_module_009_T.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_009_T/cross_module_009_T.py index fcb8672d..77812d70 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_009_T/cross_module_009_T.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_009_T/cross_module_009_T.py @@ -9,7 +9,10 @@ from B.cross_module_009_T_b import cross_module_009_T_b +def cross_module_009_T(taint_src): + cross_module_009_T_b(taint_src) + if __name__ == u"__main__": taint_src = u"taint_src_value" - cross_module_009_T_b(taint_src) + cross_module_009_T(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_010_F/cross_module_010_F.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_010_F/cross_module_010_F.py index 0c433b8a..51d57ab8 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_010_F/cross_module_010_F.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_010_F/cross_module_010_F.py @@ -9,8 +9,11 @@ from B.cross_module_010_F_b import cross_module_010_F_b +def cross_module_010_F(taint_src): + cross_module_010_F_b(taint_src) + if __name__ == u"__main__": taint_src = u"taint_src_value" - cross_module_010_F_b(taint_src) + cross_module_010_F(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_011_T/cross_module_011_T.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_011_T/cross_module_011_T.py index d2de9a25..82fdaf1e 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_011_T/cross_module_011_T.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_011_T/cross_module_011_T.py @@ -9,8 +9,10 @@ from B.cross_module_011_T_b import cross_module_011_T_b +def cross_module_011_T(taint_src): + cross_module_011_T_b(taint_src) if __name__ == u'__main__': taint_src = u"taint_src_value" - cross_module_011_T_b(taint_src) + cross_module_011_T(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_012_F/cross_module_012_F.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_012_F/cross_module_012_F.py index d29f5f5e..eb1f5bea 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_012_F/cross_module_012_F.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_012_F/cross_module_012_F.py @@ -9,7 +9,10 @@ from B.cross_module_012_F_b import cross_module_012_F_b +def cross_module_012_F(taint_src): + cross_module_012_F_b(taint_src) + if __name__ == u"__main__": taint_src = u"taint_src_value" - cross_module_012_F_b(taint_src) + cross_module_012_F(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_013_T/cross_module_013_T.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_013_T/cross_module_013_T.py index 8852bf4e..0d5816c7 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_013_T/cross_module_013_T.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_013_T/cross_module_013_T.py @@ -9,5 +9,8 @@ from B.cross_module_013_T_b import cross_module_013_T_b -if __name__ == u"__main__": +def cross_module_013_T(): cross_module_013_T_b() + +if __name__ == u"__main__": + cross_module_013_T() diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_014_F/cross_module_014_F.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_014_F/cross_module_014_F.py index 61736524..af63cc9d 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_014_F/cross_module_014_F.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_014_F/cross_module_014_F.py @@ -9,6 +9,9 @@ from B.cross_module_014_F_b import cross_module_014_F_b +def cross_module_014_F(): + cross_module_014_F_b() + if __name__ == u"__main__": - cross_module_014_F_b() + cross_module_014_F() diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_015_T/cross_module_015_T.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_015_T/cross_module_015_T.py index 7eef26f6..2c027bc1 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_015_T/cross_module_015_T.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_015_T/cross_module_015_T.py @@ -9,7 +9,10 @@ from B.cross_module_015_T_b import cross_module_015_T_b -if __name__ == u'__main__': +def cross_module_015_T(): cross_module_015_T_b() +if __name__ == u'__main__': + cross_module_015_T() + diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_016_F/cross_module_016_F.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_016_F/cross_module_016_F.py index 97707430..417c38c6 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_016_F/cross_module_016_F.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_016_F/cross_module_016_F.py @@ -9,7 +9,10 @@ from B.cross_module_016_F_b import cross_module_016_F_b -if __name__ == u'__main__': +def cross_module_016_F(): cross_module_016_F_b() +if __name__ == u'__main__': + cross_module_016_F() + diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_017_T/A/__init__.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_017_T/A/__init__.py index 64f06851..be77a02e 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_017_T/A/__init__.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_017_T/A/__init__.py @@ -1,2 +1,2 @@ -from .cross_module_017_T_a import function_a -from .cross_module_017_T_b import function_b \ No newline at end of file +from .cross_module_017_T_a import cross_module_017_T_a +from .cross_module_017_T_b import cross_module_017_T_b \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_017_T/A/cross_module_017_T_a.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_017_T/A/cross_module_017_T_a.py index 05b13534..2dc52bab 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_017_T/A/cross_module_017_T_a.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_017_T/A/cross_module_017_T_a.py @@ -1,11 +1,11 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 -# scene introduction = 在init文件中import -# level = 2 -# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_017_T/A/cross_module_017_T_a -# evaluation information end - -def function_a(taint_src): +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 +# scene introduction = 在init文件中import1 +# level = 2 +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_017_T/A/cross_module_017_T_a +# evaluation information end + +def cross_module_017_T_a(taint_src): return taint_src \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_017_T/A/cross_module_017_T_b.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_017_T/A/cross_module_017_T_b.py index 21351aa8..446a5414 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_017_T/A/cross_module_017_T_b.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_017_T/A/cross_module_017_T_b.py @@ -1,12 +1,12 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 -# scene introduction = 在init文件中import -# level = 2 -# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_017_T/A/cross_module_017_T_b -# evaluation information end - - -def function_b(taint_src): +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 +# scene introduction = 在init文件中import1 +# level = 2 +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_017_T/A/cross_module_017_T_b +# evaluation information end + + +def cross_module_017_T_b(taint_src): return u"_" \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_017_T/cross_module_017_T.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_017_T/cross_module_017_T.py index acd6d272..d48a69b5 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_017_T/cross_module_017_T.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_017_T/cross_module_017_T.py @@ -1,22 +1,22 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 -# scene introduction = 在init文件中import -# level = 2 -# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_017_T/cross_module_017_T -# evaluation information end - -import os -from A import function_a, function_b - -def cross_module_017_T(taint_src): - result = function_a(taint_src) - taint_sink(result) - -def taint_sink(o): - os.system(o) - -if __name__ == u"__main__": - taint_src = u"taint_src_value" +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 +# scene introduction = 在init文件中import1 +# level = 2 +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_017_T/cross_module_017_T +# evaluation information end + +import os +from A import cross_module_017_T_a, cross_module_017_T_b + +def cross_module_017_T(taint_src): + result = cross_module_017_T_a(taint_src) + taint_sink(result) + +def taint_sink(o): + os.system(o) + +if __name__ == u"__main__": + taint_src = u"taint_src_value" cross_module_017_T(taint_src) \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_018_F/A/__init__.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_018_F/A/__init__.py index a9fd7392..93316dd5 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_018_F/A/__init__.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_018_F/A/__init__.py @@ -1,2 +1,2 @@ -from .cross_module_018_F_a import function_a -from .cross_module_018_F_b import function_b \ No newline at end of file +from .cross_module_018_F_a import cross_module_018_F_a +from .cross_module_018_F_b import cross_module_018_F_b \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_018_F/A/cross_module_018_F_a.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_018_F/A/cross_module_018_F_a.py index 78061b1f..8cd635aa 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_018_F/A/cross_module_018_F_a.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_018_F/A/cross_module_018_F_a.py @@ -1,11 +1,11 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 -# scene introduction = 在init文件中import -# level = 2 -# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_018_F/A/cross_module_018_F_a -# evaluation information end - -def function_a(taint_src): +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 +# scene introduction = 在init文件中import1 +# level = 2 +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_018_F/A/cross_module_018_F_a +# evaluation information end + +def cross_module_018_F_a(taint_src): return taint_src \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_018_F/A/cross_module_018_F_b.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_018_F/A/cross_module_018_F_b.py index efc7a3d1..dfba21a0 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_018_F/A/cross_module_018_F_b.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_018_F/A/cross_module_018_F_b.py @@ -1,12 +1,12 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 -# scene introduction = 在init文件中import -# level = 2 -# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_018_F/A/cross_module_018_F_b -# evaluation information end - - -def function_b(taint_src): +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 +# scene introduction = 在init文件中import1 +# level = 2 +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_018_F/A/cross_module_018_F_b +# evaluation information end + + +def cross_module_018_F_b(taint_src): return u"_" \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_018_F/cross_module_018_F.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_018_F/cross_module_018_F.py index 94015a51..4eca10e9 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_018_F/cross_module_018_F.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_018_F/cross_module_018_F.py @@ -1,22 +1,22 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 -# scene introduction = 在init文件中import -# level = 2 -# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_018_F/cross_module_018_F -# evaluation information end - -import os -from A import function_a, function_b - -def cross_module_018_F(taint_src): - result = function_b(taint_src) - taint_sink(result) - -def taint_sink(o): - os.system(o) - -if __name__ == u"__main__": - taint_src = u"taint_src_value" +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 +# scene introduction = 在init文件中import1 +# level = 2 +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_018_F/cross_module_018_F +# evaluation information end + +import os +from A import cross_module_018_F_a, cross_module_018_F_b + +def cross_module_018_F(taint_src): + result = cross_module_018_F_b(taint_src) + taint_sink(result) + +def taint_sink(o): + os.system(o) + +if __name__ == u"__main__": + taint_src = u"taint_src_value" cross_module_018_F(taint_src) \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_019_T/A/__init__.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_019_T/A/__init__.py index f9de874d..e489028d 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_019_T/A/__init__.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_019_T/A/__init__.py @@ -1,2 +1,2 @@ -from .cross_module_019_T_a import function_a -from .cross_module_019_T_b import function_b \ No newline at end of file +from .cross_module_019_T_a import cross_module_019_T_a +from .cross_module_019_T_b import cross_module_019_T_b \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_019_T/A/cross_module_019_T_a.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_019_T/A/cross_module_019_T_a.py index 4ec2d5ed..ca2d9740 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_019_T/A/cross_module_019_T_a.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_019_T/A/cross_module_019_T_a.py @@ -1,11 +1,11 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 -# scene introduction = 在init文件中import -# level = 2 -# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_019_T/A/cross_module_019_T_a -# evaluation information end - -def function_a(taint_src): +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 +# scene introduction = 在init文件中import2 +# level = 2 +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_019_T/A/cross_module_019_T_a +# evaluation information end + +def cross_module_019_T_a(taint_src): return taint_src \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_019_T/A/cross_module_019_T_b.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_019_T/A/cross_module_019_T_b.py index 827f0b6c..c917a602 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_019_T/A/cross_module_019_T_b.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_019_T/A/cross_module_019_T_b.py @@ -1,12 +1,12 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 -# scene introduction = 在init文件中import -# level = 2 -# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_019_T/A/cross_module_019_T_b -# evaluation information end - - -def function_b(taint_src): +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 +# scene introduction = 在init文件中import2 +# level = 2 +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_019_T/A/cross_module_019_T_b +# evaluation information end + + +def cross_module_019_T_b(taint_src): return u"_" \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_019_T/cross_module_019_T.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_019_T/cross_module_019_T.py index 41b696bc..ec75799e 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_019_T/cross_module_019_T.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_019_T/cross_module_019_T.py @@ -1,22 +1,22 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 -# scene introduction = 在init文件中import -# level = 2 -# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_019_T/cross_module_019_T -# evaluation information end - -import os -import A - -def cross_module_019_T(taint_src): - result = A.function_a(taint_src) - taint_sink(result) - -def taint_sink(o): - os.system(o) - -if __name__ == u"__main__": - taint_src = u"taint_src_value" +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 +# scene introduction = 在init文件中import2 +# level = 2 +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_019_T/cross_module_019_T +# evaluation information end + +import os +import A + +def cross_module_019_T(taint_src): + result = A.cross_module_019_T_a(taint_src) + taint_sink(result) + +def taint_sink(o): + os.system(o) + +if __name__ == u"__main__": + taint_src = u"taint_src_value" cross_module_019_T(taint_src) \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_020_F/A/__init__.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_020_F/A/__init__.py index 99b80302..72f72b29 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_020_F/A/__init__.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_020_F/A/__init__.py @@ -1,2 +1,2 @@ -from .cross_module_020_F_a import function_a -from .cross_module_020_F_b import function_b \ No newline at end of file +from .cross_module_020_F_a import cross_module_020_F_a +from .cross_module_020_F_b import cross_module_020_F_b \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_020_F/A/cross_module_020_F_a.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_020_F/A/cross_module_020_F_a.py index 6d37f596..50437485 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_020_F/A/cross_module_020_F_a.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_020_F/A/cross_module_020_F_a.py @@ -1,11 +1,11 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 -# scene introduction = 在init文件中import -# level = 2 -# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_020_F/A/cross_module_020_F_a -# evaluation information end - -def function_a(taint_src): +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 +# scene introduction = 在init文件中import2 +# level = 2 +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_020_F/A/cross_module_020_F_a +# evaluation information end + +def cross_module_020_F_a(taint_src): return taint_src \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_020_F/A/cross_module_020_F_b.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_020_F/A/cross_module_020_F_b.py index 8e539e6a..cf6fc284 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_020_F/A/cross_module_020_F_b.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_020_F/A/cross_module_020_F_b.py @@ -1,12 +1,12 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 -# scene introduction = 在init文件中import -# level = 2 -# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_020_F/A/cross_module_020_F_b -# evaluation information end - - -def function_b(taint_src): +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 +# scene introduction = 在init文件中import2 +# level = 2 +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_020_F/A/cross_module_020_F_b +# evaluation information end + + +def cross_module_020_F_b(taint_src): return u"_" \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_020_F/cross_module_020_F.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_020_F/cross_module_020_F.py index 93d2d71c..b087bcea 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_020_F/cross_module_020_F.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_020_F/cross_module_020_F.py @@ -1,22 +1,22 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 -# scene introduction = 在init文件中import -# level = 2 -# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_020_F/cross_module_020_F -# evaluation information end - -import os -import A - -def cross_module_020_F(taint_src): - result = A.function_b(taint_src) - taint_sink(result) - -def taint_sink(o): - os.system(o) - -if __name__ == u"__main__": - taint_src = u"taint_src_value" +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 +# scene introduction = 在init文件中import2 +# level = 2 +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_020_F/cross_module_020_F +# evaluation information end + +import os +import A + +def cross_module_020_F(taint_src): + result = A.cross_module_020_F_b(taint_src) + taint_sink(result) + +def taint_sink(o): + os.system(o) + +if __name__ == u"__main__": + taint_src = u"taint_src_value" cross_module_020_F(taint_src) \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_021_T/A/B/__init__.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_021_T/A/B/__init__.py index a42bf993..f0a607ad 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_021_T/A/B/__init__.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_021_T/A/B/__init__.py @@ -1 +1 @@ -from .cross_module_021_T_b import function_b \ No newline at end of file +from .cross_module_021_T_b import cross_module_021_T_b \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_021_T/A/B/cross_module_021_T_b.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_021_T/A/B/cross_module_021_T_b.py index 1346112c..8069833d 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_021_T/A/B/cross_module_021_T_b.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_021_T/A/B/cross_module_021_T_b.py @@ -1,12 +1,12 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 -# scene introduction = 在init文件中import—双层嵌套 -# level = 2 -# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_021_T/A/B/cross_module_021_T_b -# evaluation information end - - -def function_b(taint_src): +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 +# scene introduction = 在init文件中import—双层嵌套1 +# level = 2 +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_021_T/A/B/cross_module_021_T_b +# evaluation information end + + +def cross_module_021_T_b(taint_src): return taint_src \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_021_T/A/__init__.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_021_T/A/__init__.py index 0aaab503..6b0bc1c0 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_021_T/A/__init__.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_021_T/A/__init__.py @@ -1 +1 @@ -from .cross_module_021_T_a import function_a \ No newline at end of file +from .cross_module_021_T_a import cross_module_021_T_a \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_021_T/A/cross_module_021_T_a.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_021_T/A/cross_module_021_T_a.py index a1bfb408..fa796358 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_021_T/A/cross_module_021_T_a.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_021_T/A/cross_module_021_T_a.py @@ -1,13 +1,13 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 -# scene introduction = 在init文件中import—双层嵌套 -# level = 2 -# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_021_T/A/cross_module_021_T_a -# evaluation information end - -from A.B import function_b - -def function_a(taint_src): - return function_b(taint_src) \ No newline at end of file +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 +# scene introduction = 在init文件中import—双层嵌套1 +# level = 2 +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_021_T/A/cross_module_021_T_a +# evaluation information end + +from A.B import cross_module_021_T_b + +def cross_module_021_T_a(taint_src): + return cross_module_021_T_b(taint_src) \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_021_T/cross_module_021_T.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_021_T/cross_module_021_T.py index e6d306fc..57f26538 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_021_T/cross_module_021_T.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_021_T/cross_module_021_T.py @@ -1,22 +1,22 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 -# scene introduction = 在init文件中import—双层嵌套 -# level = 2 -# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_021_T/cross_module_021_T -# evaluation information end - -import os -from A import function_a - -def cross_module_021_T(taint_src): - result = function_a(taint_src) - taint_sink(result) - -def taint_sink(o): - os.system(o) - -if __name__ == u"__main__": - taint_src = u"taint_src_value" +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 +# scene introduction = 在init文件中import—双层嵌套1 +# level = 2 +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_021_T/cross_module_021_T +# evaluation information end + +import os +from A import cross_module_021_T_a + +def cross_module_021_T(taint_src): + result = cross_module_021_T_a(taint_src) + taint_sink(result) + +def taint_sink(o): + os.system(o) + +if __name__ == u"__main__": + taint_src = u"taint_src_value" cross_module_021_T(taint_src) \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_022_F/A/B/__init__.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_022_F/A/B/__init__.py index 266c8b2f..a10fe957 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_022_F/A/B/__init__.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_022_F/A/B/__init__.py @@ -1 +1 @@ -from .cross_module_022_F_b import function_b \ No newline at end of file +from .cross_module_022_F_b import cross_module_022_F_b \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_022_F/A/B/cross_module_022_F_b.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_022_F/A/B/cross_module_022_F_b.py index eb421f7f..d5a422fc 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_022_F/A/B/cross_module_022_F_b.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_022_F/A/B/cross_module_022_F_b.py @@ -1,12 +1,12 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 -# scene introduction = 在init文件中import—双层嵌套 -# level = 2 -# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_022_F/A/B/cross_module_022_F_b -# evaluation information end - - -def function_b(taint_src): +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 +# scene introduction = 在init文件中import—双层嵌套1 +# level = 2 +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_022_F/A/B/cross_module_022_F_b +# evaluation information end + + +def cross_module_022_F_b(taint_src): return "_" \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_022_F/A/__init__.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_022_F/A/__init__.py index 30da7f30..1be3b64b 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_022_F/A/__init__.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_022_F/A/__init__.py @@ -1 +1 @@ -from .cross_module_022_F_a import function_a \ No newline at end of file +from .cross_module_022_F_a import cross_module_022_F_a \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_022_F/A/cross_module_022_F_a.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_022_F/A/cross_module_022_F_a.py index 1f44ddc7..fe1ad9d5 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_022_F/A/cross_module_022_F_a.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_022_F/A/cross_module_022_F_a.py @@ -1,13 +1,13 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 -# scene introduction = 在init文件中import—双层嵌套 -# level = 2 -# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_022_F/A/cross_module_022_F_a -# evaluation information end - -from A.B import function_b - -def function_a(taint_src): - return function_b(taint_src) \ No newline at end of file +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 +# scene introduction = 在init文件中import—双层嵌套1 +# level = 2 +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_022_F/A/cross_module_022_F_a +# evaluation information end + +from A.B import cross_module_022_F_b + +def cross_module_022_F_a(taint_src): + return cross_module_022_F_b(taint_src) \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_022_F/cross_module_022_F.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_022_F/cross_module_022_F.py index a5d338a8..293d3c80 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_022_F/cross_module_022_F.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_022_F/cross_module_022_F.py @@ -1,22 +1,22 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 -# scene introduction = 在init文件中import—双层嵌套 -# level = 2 -# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_022_F/cross_module_022_F -# evaluation information end - -import os -from A import function_a - -def cross_module_022_F(taint_src): - result = function_a(taint_src) - taint_sink(result) - -def taint_sink(o): - os.system(o) - -if __name__ == u"__main__": - taint_src = u"taint_src_value" +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 +# scene introduction = 在init文件中import—双层嵌套1 +# level = 2 +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_022_F/cross_module_022_F +# evaluation information end + +import os +from A import cross_module_022_F_a + +def cross_module_022_F(taint_src): + result = cross_module_022_F_a(taint_src) + taint_sink(result) + +def taint_sink(o): + os.system(o) + +if __name__ == u"__main__": + taint_src = u"taint_src_value" cross_module_022_F(taint_src) \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_023_T/A/B/__init__.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_023_T/A/B/__init__.py index 77d21ec4..6bd2b0f9 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_023_T/A/B/__init__.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_023_T/A/B/__init__.py @@ -1 +1 @@ -from .cross_module_023_T_b import function_b \ No newline at end of file +from .cross_module_023_T_b import cross_module_023_T_b \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_023_T/A/B/cross_module_023_T_b.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_023_T/A/B/cross_module_023_T_b.py index 7d856a77..6ce58fc2 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_023_T/A/B/cross_module_023_T_b.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_023_T/A/B/cross_module_023_T_b.py @@ -1,12 +1,12 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 -# scene introduction = 在init文件中import—双层嵌套 -# level = 2 -# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_023_T/A/B/cross_module_023_T_b -# evaluation information end - - -def function_b(taint_src): +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 +# scene introduction = 在init文件中import—双层嵌套2 +# level = 2 +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_023_T/A/B/cross_module_023_T_b +# evaluation information end + + +def cross_module_023_T_b(taint_src): return taint_src \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_023_T/A/__init__.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_023_T/A/__init__.py index c7922fec..79efafe7 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_023_T/A/__init__.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_023_T/A/__init__.py @@ -1 +1 @@ -from .cross_module_023_T_a import function_a \ No newline at end of file +from .cross_module_023_T_a import cross_module_023_T_a \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_023_T/A/cross_module_023_T_a.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_023_T/A/cross_module_023_T_a.py index b7f8c36b..e5e90e0f 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_023_T/A/cross_module_023_T_a.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_023_T/A/cross_module_023_T_a.py @@ -1,13 +1,13 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 -# scene introduction = 在init文件中import—双层嵌套 -# level = 2 -# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_023_T/A/cross_module_023_T_a -# evaluation information end - -import A.B - -def function_a(taint_src): +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 +# scene introduction = 在init文件中import—双层嵌套2 +# level = 2 +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_023_T/A/cross_module_023_T_a +# evaluation information end + +import A.B + +def cross_module_023_T_a(taint_src): return A.B.function_b(taint_src) \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_023_T/cross_module_023_T.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_023_T/cross_module_023_T.py index 89433c0f..4255f04b 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_023_T/cross_module_023_T.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_023_T/cross_module_023_T.py @@ -1,22 +1,22 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 -# scene introduction = 在init文件中import—双层嵌套 -# level = 2 -# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_023_T/cross_module_023_T -# evaluation information end - -import os -import A - -def cross_module_023_T(taint_src): - result = A.function_a(taint_src) - taint_sink(result) - -def taint_sink(o): - os.system(o) - -if __name__ == u"__main__": - taint_src = u"taint_src_value" +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 +# scene introduction = 在init文件中import—双层嵌套2 +# level = 2 +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_023_T/cross_module_023_T +# evaluation information end + +import os +import A + +def cross_module_023_T(taint_src): + result = A.cross_module_023_T_a(taint_src) + taint_sink(result) + +def taint_sink(o): + os.system(o) + +if __name__ == u"__main__": + taint_src = u"taint_src_value" cross_module_023_T(taint_src) \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_024_F/A/B/__init__.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_024_F/A/B/__init__.py index b61d6506..e9b87fc0 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_024_F/A/B/__init__.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_024_F/A/B/__init__.py @@ -1 +1 @@ -from .cross_module_024_F_b import function_b \ No newline at end of file +from .cross_module_024_F_b import cross_module_024_F_b \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_024_F/A/B/cross_module_024_F_b.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_024_F/A/B/cross_module_024_F_b.py index 6b4de0b6..06c1436a 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_024_F/A/B/cross_module_024_F_b.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_024_F/A/B/cross_module_024_F_b.py @@ -1,12 +1,12 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 -# scene introduction = 在init文件中import—双层嵌套 -# level = 2 -# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_024_F/A/B/cross_module_024_F_b -# evaluation information end - - -def function_b(taint_src): +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 +# scene introduction = 在init文件中import—双层嵌套2 +# level = 2 +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_024_F/A/B/cross_module_024_F_b +# evaluation information end + + +def cross_module_024_F_b(taint_src): return "_" \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_024_F/A/__init__.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_024_F/A/__init__.py index 3595c472..c663a1d0 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_024_F/A/__init__.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_024_F/A/__init__.py @@ -1 +1 @@ -from .cross_module_024_F_a import function_a \ No newline at end of file +from .cross_module_024_F_a import cross_module_024_F_a \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_024_F/A/cross_module_024_F_a.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_024_F/A/cross_module_024_F_a.py index 52082d5d..e5406f62 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_024_F/A/cross_module_024_F_a.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_024_F/A/cross_module_024_F_a.py @@ -1,13 +1,13 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 -# scene introduction = 在init文件中import—双层嵌套 -# level = 2 -# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_024_F/A/cross_module_024_F_a -# evaluation information end - -import A.B - -def function_a(taint_src): - return A.B.function_b(taint_src) \ No newline at end of file +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 +# scene introduction = 在init文件中import—双层嵌套2 +# level = 2 +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_024_F/A/cross_module_024_F_a +# evaluation information end + +import A.B + +def cross_module_024_F_a(taint_src): + return A.B.cross_module_024_F_b(taint_src) \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_024_F/cross_module_024_F.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_024_F/cross_module_024_F.py index 64256f0f..bbeb2603 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_024_F/cross_module_024_F.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_024_F/cross_module_024_F.py @@ -1,22 +1,22 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 -# scene introduction = 在init文件中import—双层嵌套 -# level = 2 -# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_024_F/cross_module_024_F -# evaluation information end - -import os -import A - -def cross_module_024_F(taint_src): - result = A.function_a(taint_src) - taint_sink(result) - -def taint_sink(o): - os.system(o) - -if __name__ == u"__main__": - taint_src = u"taint_src_value" +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 +# scene introduction = 在init文件中import—双层嵌套2 +# level = 2 +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_024_F/cross_module_024_F +# evaluation information end + +import os +import A + +def cross_module_024_F(taint_src): + result = A.cross_module_024_F_a(taint_src) + taint_sink(result) + +def taint_sink(o): + os.system(o) + +if __name__ == u"__main__": + taint_src = u"taint_src_value" cross_module_024_F(taint_src) \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_026_F/B/cross_module_026_F_b.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_026_F/B/cross_module_026_F_b.py index 4eaa8e2a..00db3805 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_026_F/B/cross_module_026_F_b.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_026_F/B/cross_module_026_F_b.py @@ -1,28 +1,28 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 -# scene introduction = 跨目录导出—双层嵌套 -# level = 2 -# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_026_F/B/cross_module_026_F -# evaluation information end - -import sys -import os -sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))) -from A.cross_module_026_F_a import cross_module_026_F_a - - -def cross_module_026_F(taint_src): - result = cross_module_026_F_a(taint_src) - taint_sink(result) - - -def taint_sink(o): - os.system(o) - - -if __name__ == u'__main__': - taint_src = u"taint_src_value" - cross_module_026_F(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 +# scene introduction = 跨目录导出—双层嵌套 +# level = 2 +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_026_F/B/cross_module_026_F_b +# evaluation information end + +import sys +import os +sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))) +from A.cross_module_026_F_a import cross_module_026_F_a + + +def cross_module_026_F_b(taint_src): + result = cross_module_026_F_a(taint_src) + taint_sink(result) + + +def taint_sink(o): + os.system(o) + + +if __name__ == u'__main__': + taint_src = u"taint_src_value" + cross_module_026_F_b(taint_src) + diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_027_T/cross_module_027_T.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_027_T/cross_module_027_T.py index e83e98a5..bfa63b1d 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_027_T/cross_module_027_T.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_027_T/cross_module_027_T.py @@ -9,7 +9,10 @@ from A.cross_module_027_T_a import cross_module_027_T_a +def cross_module_027_T(taint_src): + cross_module_027_T_a(taint_src) + if __name__ == u"__main__": taint_src = u"taint_src_value" - cross_module_027_T_a(taint_src) + cross_module_027_T(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_028_F/cross_module_028_F.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_028_F/cross_module_028_F.py index 7899bda8..7fce2752 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_028_F/cross_module_028_F.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_028_F/cross_module_028_F.py @@ -9,7 +9,10 @@ from A.cross_module_028_F_a import cross_module_028_F_a +def cross_module_028_F(taint_src): + cross_module_028_F_a(taint_src) + if __name__ == u"__main__": taint_src = u"taint_src_value" - cross_module_028_F_a(taint_src) + cross_module_028_F(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_029_T/A/B/cross_module_029_T_b.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_029_T/A/B/cross_module_029_T_b.py index f0056341..e2fedabc 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_029_T/A/B/cross_module_029_T_b.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_029_T/A/B/cross_module_029_T_b.py @@ -7,5 +7,5 @@ # bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_029_T/A/B/cross_module_029_T_b # evaluation information end -def source(taint_src): +def cross_module_029_T_b(taint_src): return taint_src \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_029_T/cross_module_029_T_a.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_029_T/cross_module_029_T_a.py index 282a7b42..3728ec10 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_029_T/cross_module_029_T_a.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_029_T/cross_module_029_T_a.py @@ -11,7 +11,7 @@ import A.B.cross_module_029_T_b def cross_module_029_T_a(taint_src): - result = A.B.cross_module_029_T_b.source(taint_src) + result = A.B.cross_module_029_T_b.cross_module_029_T_b(taint_src) taint_sink(result) diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_030_F/A/B/cross_module_030_F_b.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_030_F/A/B/cross_module_030_F_b.py index 5c8b62e1..512c97a4 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_030_F/A/B/cross_module_030_F_b.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_030_F/A/B/cross_module_030_F_b.py @@ -7,6 +7,6 @@ # bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_030_F/A/B/cross_module_030_F_b # evaluation information end -def source(taint_src): +def cross_module_030_F_b(taint_src): return "default" diff --git a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_030_F/cross_module_030_F_a.py b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_030_F/cross_module_030_F_a.py index 985250d0..2d67c551 100644 --- a/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_030_F/cross_module_030_F_a.py +++ b/sast-python2/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_030_F/cross_module_030_F_a.py @@ -4,14 +4,14 @@ # evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 # scene introduction = 绝对导入 # level = 2 -# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_040_F/A/cross_module_040_F_a +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_030_F/cross_module_030_F_a # evaluation information end import os import A.B.cross_module_030_F_b def cross_module_030_F_a(taint_src): - result = A.B.cross_module_030_F_b.source(taint_src) + result = A.B.cross_module_030_F_b.cross_module_030_F_b(taint_src) taint_sink(result) diff --git a/sast-python2/case/completeness/single_app_tracing/datatype/array/array_001_T.py b/sast-python2/case/completeness/single_app_tracing/datatype/array/array_001_T.py index 5753cd6d..e0f0d62a 100644 --- a/sast-python2/case/completeness/single_app_tracing/datatype/array/array_001_T.py +++ b/sast-python2/case/completeness/single_app_tracing/datatype/array/array_001_T.py @@ -1,25 +1,25 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->数组 -# scene introduction = -# level = 2 -# bind_url = completeness/single_app_tracing/datatype/array/array_001_T -# evaluation information end - -import os -import array - - -def array_001_T(taint_src): - char_array = array.array(u'u', taint_src) # 每个字符作为独立元素 - s = array.array(u'u', [char_array[0], u'b', u'c']) - taint_sink(s) - -def taint_sink(o): - os.system(u''.join(o)) - -if __name__ == u"__main__": - taint_src = u"taint_src_value" - array_001_T(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->数组 +# scene introduction = array操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/array/array_001_T +# evaluation information end + +import os +import array + + +def array_001_T(taint_src): + char_array = array.array(u'u', taint_src) # 每个字符作为独立元素 + s = array.array(u'u', [char_array[0], u'b', u'c']) + taint_sink(s) + +def taint_sink(o): + os.system(u''.join(o)) + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + array_001_T(taint_src) + diff --git a/sast-python2/case/completeness/single_app_tracing/datatype/array/array_002_F.py b/sast-python2/case/completeness/single_app_tracing/datatype/array/array_002_F.py index 8eda0e0a..a6e5da6a 100644 --- a/sast-python2/case/completeness/single_app_tracing/datatype/array/array_002_F.py +++ b/sast-python2/case/completeness/single_app_tracing/datatype/array/array_002_F.py @@ -1,24 +1,24 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->数组 -# scene introduction = -# level = 2 -# bind_url = completeness/single_app_tracing/datatype/array/array_002_F -# evaluation information end - -import os -import array - -def array_002_F(taint_src): - char_array = array.array(u'u', taint_src) # 每个字符作为独立元素 - s = array.array(u'u', [u'a', u'b', u'c']) - taint_sink(s) - -def taint_sink(o): - os.system(u''.join(o)) - -if __name__ == u"__main__": - taint_src = u"taint_src_value" - array_002_F(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->数组 +# scene introduction = array操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/array/array_002_F +# evaluation information end + +import os +import array + +def array_002_F(taint_src): + char_array = array.array(u'u', taint_src) # 每个字符作为独立元素 + s = array.array(u'u', [u'a', u'b', u'c']) + taint_sink(s) + +def taint_sink(o): + os.system(u''.join(o)) + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + array_002_F(taint_src) + diff --git a/sast-python2/case/completeness/single_app_tracing/datatype/array/config.json b/sast-python2/case/completeness/single_app_tracing/datatype/array/config.json index f60c5abd..78f24265 100644 --- a/sast-python2/case/completeness/single_app_tracing/datatype/array/config.json +++ b/sast-python2/case/completeness/single_app_tracing/datatype/array/config.json @@ -6,17 +6,13 @@ { "level": "2", "scene_list": [ - { - "compose": "numpy_array_001_T.py && !numpy_array_002_F.py", - "scene": "numpy数组" - }, { "compose": "extslice_001_T.py && !extslice_002_F.py", "scene": "多维切片" }, { "compose": "array_001_T.py && !array_002_F.py", - "scene": "1" + "scene": "array操作" }, { "compose": "array_003_T.py && !array_004_F.py", diff --git a/sast-python2/case/completeness/single_app_tracing/datatype/array/numpy_array_001_T.py b/sast-python2/case/completeness/single_app_tracing/datatype/array/numpy_array_001_T.py deleted file mode 100644 index acc91a00..00000000 --- a/sast-python2/case/completeness/single_app_tracing/datatype/array/numpy_array_001_T.py +++ /dev/null @@ -1,28 +0,0 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->数组 -# scene introduction = numpy数组 -# level = 2 -# bind_url = completeness/single_app_tracing/datatype/array/numpy_array_001_T -# evaluation information end - -# 需要安装numpy库来使用此语法创建一个数组 pip install numpy -import os -import numpy as np - - -def numpy_array_001_T(taint_src): - arr = np.array([taint_src, 111]) - taint_sink(arr) - - -def taint_sink(o): - os.system(u''.join(o)) - - -# 示例调用 -if __name__ == u"__main__": - taint_src = u"taint_src_value" - numpy_array_001_T(taint_src) - diff --git a/sast-python2/case/completeness/single_app_tracing/datatype/array/numpy_array_002_F.py b/sast-python2/case/completeness/single_app_tracing/datatype/array/numpy_array_002_F.py deleted file mode 100644 index 3d278958..00000000 --- a/sast-python2/case/completeness/single_app_tracing/datatype/array/numpy_array_002_F.py +++ /dev/null @@ -1,28 +0,0 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->数组 -# scene introduction = numpy数组 -# level = 2 -# bind_url = completeness/single_app_tracing/datatype/array/numpy_array_002_F -# evaluation information end - - -import os -import numpy as np - - -def numpy_array_002_F(taint_src): - arr = np.array([u"_", 111]) - taint_sink(arr) - - -def taint_sink(o): - os.system(u''.join(o)) - - -# 示例调用 -if __name__ == u"__main__": - taint_src = u"taint_src_value" - numpy_array_002_F(taint_src) - diff --git a/sast-python2/case/completeness/single_app_tracing/datatype/collections/set_006_F.py b/sast-python2/case/completeness/single_app_tracing/datatype/collections/set_006_F.py index a602bb6a..4239b64d 100644 --- a/sast-python2/case/completeness/single_app_tracing/datatype/collections/set_006_F.py +++ b/sast-python2/case/completeness/single_app_tracing/datatype/collections/set_006_F.py @@ -1,23 +1,23 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->集合 -# scene introduction = 交集-并集 -# level = 2 -# bind_url = completeness/single_app_tracing/datatype/collections/set_006_F -# evaluation information end -import os - -def set_006_F(taint_src): - set1 = set([taint_src, u'a', u'b']) - set2 = set([u'a', u"b", u'c']) - result = set1.intersection(set2) # 交集包含污点 - taint_sink(result) - -def taint_sink(o): - os.system(unicode(o)) - -if __name__ == u"__main__": - taint_src = u"taint_src_value" - set_006_F(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->集合 +# scene introduction = 交集-并集 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/collections/set_006_F +# evaluation information end +import os + +def set_006_F(taint_src): + set1 = set([taint_src, u'a', u'b']) + set2 = set([u'a', u"b", u'c']) + result = set1.intersection(set2) # 交集包含污点 + taint_sink(result) + +def taint_sink(o): + os.system(unicode(o)) + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + set_006_F(taint_src) + diff --git a/sast-python2/case/completeness/single_app_tracing/datatype/list/config.json b/sast-python2/case/completeness/single_app_tracing/datatype/list/config.json index fb19c3e5..1169c440 100644 --- a/sast-python2/case/completeness/single_app_tracing/datatype/list/config.json +++ b/sast-python2/case/completeness/single_app_tracing/datatype/list/config.json @@ -8,7 +8,7 @@ "scene_list": [ { "compose": "list_001_T.py && !list_002_F.py", - "scene": "1" + "scene": "一维" }, { "compose": "list_003_T.py && !list_004_F.py", diff --git a/sast-python2/case/completeness/single_app_tracing/datatype/list/list_001_T.py b/sast-python2/case/completeness/single_app_tracing/datatype/list/list_001_T.py index 768a9a13..2dfd35ce 100644 --- a/sast-python2/case/completeness/single_app_tracing/datatype/list/list_001_T.py +++ b/sast-python2/case/completeness/single_app_tracing/datatype/list/list_001_T.py @@ -1,25 +1,25 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->列表 -# scene introduction = -# level = 2 -# bind_url = completeness/single_app_tracing/datatype/list/list_001_T -# evaluation information end -import os - - -def list_001_T(taint_src): - s = [taint_src, u'b', u'c'] - taint_sink(s) - - -def taint_sink(o): - os.system(unicode(o)) - - -# 示例调用 -if __name__ == u"__main__": - taint_src = u"taint_src_value" - list_001_T(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->列表 +# scene introduction = 一维 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/list/list_001_T +# evaluation information end +import os + + +def list_001_T(taint_src): + s = [taint_src, u'b', u'c'] + taint_sink(s) + + +def taint_sink(o): + os.system(unicode(o)) + + +# 示例调用 +if __name__ == u"__main__": + taint_src = u"taint_src_value" + list_001_T(taint_src) + diff --git a/sast-python2/case/completeness/single_app_tracing/datatype/list/list_002_F.py b/sast-python2/case/completeness/single_app_tracing/datatype/list/list_002_F.py index 9a65490f..1f0085d7 100644 --- a/sast-python2/case/completeness/single_app_tracing/datatype/list/list_002_F.py +++ b/sast-python2/case/completeness/single_app_tracing/datatype/list/list_002_F.py @@ -1,25 +1,25 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->列表 -# scene introduction = -# level = 2 -# bind_url = completeness/single_app_tracing/datatype/list/list_002_F -# evaluation information end -import os - - -def list_002_F(taint_src): - s2 = [u'_', u'b', u'c'] - taint_sink(s2) - - -def taint_sink(o): - os.system(unicode(o)) - - -# 示例调用 -if __name__ == u"__main__": - taint_src = u"taint_src_value" - list_002_F(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->列表 +# scene introduction = 一维 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/list/list_002_F +# evaluation information end +import os + + +def list_002_F(taint_src): + s2 = [u'_', u'b', u'c'] + taint_sink(s2) + + +def taint_sink(o): + os.system(unicode(o)) + + +# 示例调用 +if __name__ == u"__main__": + taint_src = u"taint_src_value" + list_002_F(taint_src) + diff --git a/sast-python2/case/completeness/single_app_tracing/datatype/map/map_001_T.py b/sast-python2/case/completeness/single_app_tracing/datatype/map/map_001_T.py index 6cd63752..2698088a 100644 --- a/sast-python2/case/completeness/single_app_tracing/datatype/map/map_001_T.py +++ b/sast-python2/case/completeness/single_app_tracing/datatype/map/map_001_T.py @@ -1,25 +1,25 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字典 -# scene introduction = 字典/映射(Map)对象 -# level = 2 -# bind_url = completeness/single_app_tracing/datatype/map/map_001_T -# evaluation information end -import os - - -def map_001_T(taint_src): - m = dict() # 或者直接使用 m = {} - m[u'key1'] = taint_src - taint_sink(m) - - -def taint_sink(o): - os.system(unicode(o)) - - -if __name__ == u"__main__": - taint_src = u"taint_src_value" - map_001_T(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字典 +# scene introduction = 字典/映射(Map)对象1 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/map/map_001_T +# evaluation information end +import os + + +def map_001_T(taint_src): + m = dict() # 或者直接使用 m = {} + m[u'key1'] = taint_src + taint_sink(m) + + +def taint_sink(o): + os.system(unicode(o)) + + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + map_001_T(taint_src) + diff --git a/sast-python2/case/completeness/single_app_tracing/datatype/map/map_002_F.py b/sast-python2/case/completeness/single_app_tracing/datatype/map/map_002_F.py index e624323a..f3d473f7 100644 --- a/sast-python2/case/completeness/single_app_tracing/datatype/map/map_002_F.py +++ b/sast-python2/case/completeness/single_app_tracing/datatype/map/map_002_F.py @@ -1,25 +1,25 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字典 -# scene introduction = 字典/映射(Map)对象 -# level = 2 -# bind_url = completeness/single_app_tracing/datatype/map/map_002_F -# evaluation information end -import os - - -def map_002_F(taint_src): - m = {} - m[u'key1'] = u'_' - taint_sink(m) - - -def taint_sink(o): - os.system(unicode(o)) - - -if __name__ == u"__main__": - taint_src = u"taint_src_value" - map_002_F(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字典 +# scene introduction = 字典/映射(Map)对象1 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/map/map_002_F +# evaluation information end +import os + + +def map_002_F(taint_src): + m = {} + m[u'key1'] = u'_' + taint_sink(m) + + +def taint_sink(o): + os.system(unicode(o)) + + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + map_002_F(taint_src) + diff --git a/sast-python2/case/completeness/single_app_tracing/datatype/map/map_003_T.py b/sast-python2/case/completeness/single_app_tracing/datatype/map/map_003_T.py index cbe82209..f13c8c9a 100644 --- a/sast-python2/case/completeness/single_app_tracing/datatype/map/map_003_T.py +++ b/sast-python2/case/completeness/single_app_tracing/datatype/map/map_003_T.py @@ -1,25 +1,25 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字典 -# scene introduction = 字典/映射(Map)对象 -# level = 2 -# bind_url = completeness/single_app_tracing/datatype/map/map_003_T -# evaluation information end -import os - - -def map_003_T(taint_src): - m = dict() # 或者直接使用 m = {} - m[taint_src] = u"value1" - taint_sink(m) - - -def taint_sink(o): - os.system(unicode(o)) - - -if __name__ == u"__main__": - taint_src = u"taint_src_value" - map_003_T(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字典 +# scene introduction = 字典/映射(Map)对象2 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/map/map_003_T +# evaluation information end +import os + + +def map_003_T(taint_src): + m = dict() # 或者直接使用 m = {} + m[taint_src] = u"value1" + taint_sink(m) + + +def taint_sink(o): + os.system(unicode(o)) + + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + map_003_T(taint_src) + diff --git a/sast-python2/case/completeness/single_app_tracing/datatype/map/map_004_F.py b/sast-python2/case/completeness/single_app_tracing/datatype/map/map_004_F.py index cbe17ef7..339c6b4d 100644 --- a/sast-python2/case/completeness/single_app_tracing/datatype/map/map_004_F.py +++ b/sast-python2/case/completeness/single_app_tracing/datatype/map/map_004_F.py @@ -1,25 +1,25 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字典 -# scene introduction = 字典/映射(Map)对象 -# level = 2 -# bind_url = completeness/single_app_tracing/datatype/map/map_004_F -# evaluation information end -import os - - -def map_004_F(taint_src): - m = dict() # 或者直接使用 m = {} - m[u"key1"] = u"value1" - taint_sink(m) - - -def taint_sink(o): - os.system(unicode(o)) - - -if __name__ == u"__main__": - taint_src = u"taint_src_value" - map_004_F(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字典 +# scene introduction = 字典/映射(Map)对象2 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/map/map_004_F +# evaluation information end +import os + + +def map_004_F(taint_src): + m = dict() # 或者直接使用 m = {} + m[u"key1"] = u"value1" + taint_sink(m) + + +def taint_sink(o): + os.system(unicode(o)) + + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + map_004_F(taint_src) + diff --git a/sast-python2/case/completeness/single_app_tracing/datatype/map/map_005_T.py b/sast-python2/case/completeness/single_app_tracing/datatype/map/map_005_T.py index 4df0e9fd..050eed15 100644 --- a/sast-python2/case/completeness/single_app_tracing/datatype/map/map_005_T.py +++ b/sast-python2/case/completeness/single_app_tracing/datatype/map/map_005_T.py @@ -1,28 +1,28 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字典 -# scene introduction = 字典/映射(Map)对象 -# level = 2 -# bind_url = completeness/single_app_tracing/datatype/map/map_005_T -# evaluation information end -import os - - -def map_005_T(taint_src): - # 初始化干净字典 - m = {u"key": u"_"} - # 更新为污染值 - m.update({u"key": taint_src}) - - taint_sink(m) # 传递更新后的污染字典 - - -def taint_sink(o): - os.system(unicode(o)) - - -if __name__ == u"__main__": - taint_src = u"taint_src_value" - map_005_T(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字典 +# scene introduction = 字典/映射(Map)对象3 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/map/map_005_T +# evaluation information end +import os + + +def map_005_T(taint_src): + # 初始化干净字典 + m = {u"key": u"_"} + # 更新为污染值 + m.update({u"key": taint_src}) + + taint_sink(m) # 传递更新后的污染字典 + + +def taint_sink(o): + os.system(unicode(o)) + + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + map_005_T(taint_src) + diff --git a/sast-python2/case/completeness/single_app_tracing/datatype/map/map_006_F.py b/sast-python2/case/completeness/single_app_tracing/datatype/map/map_006_F.py index f255fb79..89dea110 100644 --- a/sast-python2/case/completeness/single_app_tracing/datatype/map/map_006_F.py +++ b/sast-python2/case/completeness/single_app_tracing/datatype/map/map_006_F.py @@ -1,28 +1,28 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字典 -# scene introduction = 字典/映射(Map)对象 -# level = 2 -# bind_url = completeness/single_app_tracing/datatype/map/map_006_F -# evaluation information end -import os - - -def map_006_F(taint_src): - # 初始化干净字典 - m = {u"key": taint_src} - # 更新为污染值 - m.update({u"key":u"_" }) - - taint_sink(m) # 传递更新后的污染字典 - - -def taint_sink(o): - os.system(unicode(o)) - - -if __name__ == u"__main__": - taint_src = u"taint_src_value" - map_006_F(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字典 +# scene introduction = 字典/映射(Map)对象3 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/map/map_006_F +# evaluation information end +import os + + +def map_006_F(taint_src): + # 初始化干净字典 + m = {u"key": taint_src} + # 更新为污染值 + m.update({u"key":u"_" }) + + taint_sink(m) # 传递更新后的污染字典 + + +def taint_sink(o): + os.system(unicode(o)) + + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + map_006_F(taint_src) + diff --git a/sast-python2/case/completeness/single_app_tracing/datatype/map/map_007_T.py b/sast-python2/case/completeness/single_app_tracing/datatype/map/map_007_T.py index c574a4ca..b032fb79 100644 --- a/sast-python2/case/completeness/single_app_tracing/datatype/map/map_007_T.py +++ b/sast-python2/case/completeness/single_app_tracing/datatype/map/map_007_T.py @@ -1,28 +1,28 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字典 -# scene introduction = 字典/映射(Map)对象 -# level = 2 -# bind_url = completeness/single_app_tracing/datatype/map/map_007_T -# evaluation information end -import os - - -def map_007_T(taint_src): - # 初始化字典 - m = {u"key": u"_",u"src":taint_src} - # 删除非污染值 - del m[u'key'] - - taint_sink(m) # 传递更新后的字典 - - -def taint_sink(o): - os.system(unicode(o)) - - -if __name__ == u"__main__": - taint_src = u"taint_src_value" - map_007_T(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字典 +# scene introduction = 字典/映射(Map)对象4 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/map/map_007_T +# evaluation information end +import os + + +def map_007_T(taint_src): + # 初始化字典 + m = {u"key": u"_",u"src":taint_src} + # 删除非污染值 + del m[u'key'] + + taint_sink(m) # 传递更新后的字典 + + +def taint_sink(o): + os.system(unicode(o)) + + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + map_007_T(taint_src) + diff --git a/sast-python2/case/completeness/single_app_tracing/datatype/map/map_008_F.py b/sast-python2/case/completeness/single_app_tracing/datatype/map/map_008_F.py index b6142367..3308f1e2 100644 --- a/sast-python2/case/completeness/single_app_tracing/datatype/map/map_008_F.py +++ b/sast-python2/case/completeness/single_app_tracing/datatype/map/map_008_F.py @@ -1,28 +1,28 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字典 -# scene introduction = 字典/映射(Map)对象 -# level = 2 -# bind_url = completeness/single_app_tracing/datatype/map/map_008_F -# evaluation information end -import os - - -def map_008_F(taint_src): - # 初始化字典 - m = {u"key": u"_",u"src":taint_src} - # 删除污染值 - del m[u'src'] - - taint_sink(m) # 传递更新后的字典 - - -def taint_sink(o): - os.system(unicode(o)) - - -if __name__ == u"__main__": - taint_src = u"taint_src_value" - map_008_F(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字典 +# scene introduction = 字典/映射(Map)对象4 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/map/map_008_F +# evaluation information end +import os + + +def map_008_F(taint_src): + # 初始化字典 + m = {u"key": u"_",u"src":taint_src} + # 删除污染值 + del m[u'src'] + + taint_sink(m) # 传递更新后的字典 + + +def taint_sink(o): + os.system(unicode(o)) + + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + map_008_F(taint_src) + diff --git a/sast-python2/case/completeness/single_app_tracing/datatype/primitives/complex_001_T.py b/sast-python2/case/completeness/single_app_tracing/datatype/primitives/complex_001_T.py index 867e37ed..6c129e87 100644 --- a/sast-python2/case/completeness/single_app_tracing/datatype/primitives/complex_001_T.py +++ b/sast-python2/case/completeness/single_app_tracing/datatype/primitives/complex_001_T.py @@ -1,20 +1,20 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -# scene introduction = 复数 -# level = 2 -# bind_url = completeness/single_app_tracing/datatype/primitives/complex_001_T -# evaluation information end -import os - -def complex_001_T(taint_src): - tainted_complex = complex(taint_src,4) - taint_sink(tainted_complex) - -def taint_sink(o): - os.system(unicode(o)) - -if __name__ == u"__main__": - taint_src = 3 - complex_001_T(taint_src) +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 +# scene introduction = 复数1 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/primitives/complex_001_T +# evaluation information end +import os + +def complex_001_T(taint_src): + tainted_complex = complex(taint_src,4) + taint_sink(tainted_complex) + +def taint_sink(o): + os.system(unicode(o)) + +if __name__ == u"__main__": + taint_src = 3 + complex_001_T(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/datatype/primitives/complex_002_F.py b/sast-python2/case/completeness/single_app_tracing/datatype/primitives/complex_002_F.py index 7f640a42..4a447790 100644 --- a/sast-python2/case/completeness/single_app_tracing/datatype/primitives/complex_002_F.py +++ b/sast-python2/case/completeness/single_app_tracing/datatype/primitives/complex_002_F.py @@ -1,20 +1,20 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -# scene introduction = 复数 -# level = 2 -# bind_url = completeness/single_app_tracing/datatype/primitives/complex_002_F -# evaluation information end -import os - -def complex_002_F(taint_src): - tainted_complex = complex(2,4) - taint_sink(tainted_complex) - -def taint_sink(o): - os.system(unicode(o)) - -if __name__ == u"__main__": - taint_src = 3 - complex_002_F(taint_src) +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 +# scene introduction = 复数1 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/primitives/complex_002_F +# evaluation information end +import os + +def complex_002_F(taint_src): + tainted_complex = complex(2,4) + taint_sink(tainted_complex) + +def taint_sink(o): + os.system(unicode(o)) + +if __name__ == u"__main__": + taint_src = 3 + complex_002_F(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/datatype/primitives/complex_003_T.py b/sast-python2/case/completeness/single_app_tracing/datatype/primitives/complex_003_T.py index 871a8fec..53e96cc1 100644 --- a/sast-python2/case/completeness/single_app_tracing/datatype/primitives/complex_003_T.py +++ b/sast-python2/case/completeness/single_app_tracing/datatype/primitives/complex_003_T.py @@ -1,21 +1,21 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -# scene introduction = 复数 -# level = 2 -# bind_url = completeness/single_app_tracing/datatype/primitives/complex_003_T -# evaluation information end -import os - -def complex_003_T(taint_src): - a = taint_src + 4j - b = a.real - taint_sink(b) - -def taint_sink(o): - os.system(unicode(o)) - -if __name__ == u"__main__": - taint_src = 3 - complex_003_T(taint_src) +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 +# scene introduction = 复数2 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/primitives/complex_003_T +# evaluation information end +import os + +def complex_003_T(taint_src): + a = taint_src + 4j + b = a.real + taint_sink(b) + +def taint_sink(o): + os.system(unicode(o)) + +if __name__ == u"__main__": + taint_src = 3 + complex_003_T(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/datatype/primitives/complex_004_F.py b/sast-python2/case/completeness/single_app_tracing/datatype/primitives/complex_004_F.py index 086f7771..0f63498c 100644 --- a/sast-python2/case/completeness/single_app_tracing/datatype/primitives/complex_004_F.py +++ b/sast-python2/case/completeness/single_app_tracing/datatype/primitives/complex_004_F.py @@ -1,21 +1,21 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -# scene introduction = 复数 -# level = 2 -# bind_url = completeness/single_app_tracing/datatype/primitives/complex_004_F -# evaluation information end -import os - -def complex_004_F(taint_src): - a = taint_src + 4j - b = a.imag - taint_sink(b) - -def taint_sink(o): - os.system(unicode(o)) - -if __name__ == u"__main__": - taint_src = 3 - complex_004_F(taint_src) +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 +# scene introduction = 复数2 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/primitives/complex_004_F +# evaluation information end +import os + +def complex_004_F(taint_src): + a = taint_src + 4j + b = a.imag + taint_sink(b) + +def taint_sink(o): + os.system(unicode(o)) + +if __name__ == u"__main__": + taint_src = 3 + complex_004_F(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/datatype/primitives/config.json b/sast-python2/case/completeness/single_app_tracing/datatype/primitives/config.json index a3a59cde..bd6bf9d5 100644 --- a/sast-python2/case/completeness/single_app_tracing/datatype/primitives/config.json +++ b/sast-python2/case/completeness/single_app_tracing/datatype/primitives/config.json @@ -37,6 +37,10 @@ { "compose": "complex_003_T.py && !complex_004_F.py", "scene": "复数2" + }, + { + "compose": "long_001_T.py && !long_002_F.py", + "scene": "长整型" } ] } diff --git a/sast-python2/case/completeness/single_app_tracing/datatype/primitives/long_001_T.py b/sast-python2/case/completeness/single_app_tracing/datatype/primitives/long_001_T.py new file mode 100644 index 00000000..52c8e547 --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/datatype/primitives/long_001_T.py @@ -0,0 +1,25 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 +# scene introduction = 长整型 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/primitives/long_001_T +# date = 2026-01-06 02:34:28 +# evaluation information end +import os + + +def long_001_T(taint_src): + # 场景特点:长整型数据直接传递 + tainted_long = taint_src + taint_sink(tainted_long) + + +def taint_sink(o): + os.system(unicode(o)) + + +if __name__ == u"__main__": + taint_src = 123L + long_001_T(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/datatype/primitives/long_002_F.py b/sast-python2/case/completeness/single_app_tracing/datatype/primitives/long_002_F.py new file mode 100644 index 00000000..76448af3 --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/datatype/primitives/long_002_F.py @@ -0,0 +1,26 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 +# scene introduction = 长整型 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/primitives/long_002_F +# date = 2026-01-06 02:34:28 +# evaluation information end +import os + + +def long_002_F(taint_src): + # 场景特点:长整型数据被安全值替换 + tainted_long = taint_src + safe_long = 456L + taint_sink(safe_long) + + +def taint_sink(o): + os.system(unicode(o)) + + +if __name__ == u"__main__": + taint_src = 123 + long_002_F(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/datatype/string/config.json b/sast-python2/case/completeness/single_app_tracing/datatype/string/config.json new file mode 100644 index 00000000..3a37e2e2 --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/datatype/string/config.json @@ -0,0 +1,22 @@ +{ + "string": [ + { + "evaluation_item": "完整度->单应用跟踪完整度->数据类型和结构->字符串", + "scene_levels": [ + { + "level": "2", + "scene_list": [ + { + "compose": "string_type_001_T.py && !string_type_002_F.py", + "scene": "字符串创建" + }, + { + "compose": "string_type_003_T.py && !string_type_004_F.py", + "scene": "字符串拼接" + } + ] + } + ] + } + ] +} diff --git a/sast-python2/case/completeness/single_app_tracing/datatype/string/string_type_001_T.py b/sast-python2/case/completeness/single_app_tracing/datatype/string/string_type_001_T.py new file mode 100644 index 00000000..d3926d8b --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/datatype/string/string_type_001_T.py @@ -0,0 +1,22 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字符串 +# scene introduction = 字符串创建 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/string/string_type_001_T +# date = 2026-01-06 05:56:38 +# evaluation information end +import os + +def string_type_001_T(taint_src): + # 场景特点:直接创建字符串对象并传递 + data = f"{taint_src}" + taint_sink(data) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + string_type_001_T(taint_src) \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/datatype/string/string_type_002_F.py b/sast-python2/case/completeness/single_app_tracing/datatype/string/string_type_002_F.py new file mode 100644 index 00000000..053fac4a --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/datatype/string/string_type_002_F.py @@ -0,0 +1,22 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字符串 +# scene introduction = 字符串创建 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/string/string_type_002_F +# date = 2026-01-06 05:56:38 +# evaluation information end +import os + +def string_type_002_F(taint_src): + # 场景特点:创建安全字符串对象,与输入无关 + data = u"safe_value" + taint_sink(data) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + string_type_002_F(taint_src) \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/datatype/string/string_type_003_T.py b/sast-python2/case/completeness/single_app_tracing/datatype/string/string_type_003_T.py new file mode 100644 index 00000000..776c69ab --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/datatype/string/string_type_003_T.py @@ -0,0 +1,23 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字符串 +# scene introduction = 字符串拼接 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/string/string_type_003_T +# date = 2026-01-06 05:56:38 +# evaluation information end +import os + +def string_type_003_T(taint_src): + # 场景特点:使用+运算符拼接字符串,包含污染源 + base_string = u"prefix_" + data = base_string + taint_src + taint_sink(data) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + string_type_003_T(taint_src) \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/datatype/string/string_type_004_F.py b/sast-python2/case/completeness/single_app_tracing/datatype/string/string_type_004_F.py new file mode 100644 index 00000000..5121f35d --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/datatype/string/string_type_004_F.py @@ -0,0 +1,23 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字符串 +# scene introduction = 字符串拼接 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/string/string_type_004_F +# date = 2026-01-06 05:56:38 +# evaluation information end +import os + +def string_type_004_F(taint_src): + # 场景特点:拼接安全字符串,与输入无关 + base_string = u"prefix_" + data = base_string + u"safe_suffix" + taint_sink(data) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + string_type_004_F(taint_src) \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/datatype/tuple/tuple_002_F.py b/sast-python2/case/completeness/single_app_tracing/datatype/tuple/tuple_002_F.py index 8a596159..6e892aac 100644 --- a/sast-python2/case/completeness/single_app_tracing/datatype/tuple/tuple_002_F.py +++ b/sast-python2/case/completeness/single_app_tracing/datatype/tuple/tuple_002_F.py @@ -1,25 +1,25 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->元组 -# scene introduction = 元组字面量 -# level = 2 -# bind_url = completeness/single_app_tracing/datatype/tuple/tuple_002_F -# evaluation information end -import os - - -def tuple_002_F(taint_src): - t = (u"_", 2, u"c") # 使用 Tuple 节点创建元组字面量 - taint_sink(t) - - -def taint_sink(o): - os.system(unicode(o)) - - -# 示例调用 -if __name__ == u"__main__": - taint_src = u"taint_src_value" - tuple_002_F(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->元组 +# scene introduction = 元组字面量 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/tuple/tuple_002_F +# evaluation information end +import os + + +def tuple_002_F(taint_src): + t = (u"_", 2, u"c") # 使用 Tuple 节点创建元组字面量 + taint_sink(t) + + +def taint_sink(o): + os.system(unicode(o)) + + +# 示例调用 +if __name__ == u"__main__": + taint_src = u"taint_src_value" + tuple_002_F(taint_src) + diff --git a/sast-python2/case/completeness/single_app_tracing/datatype/tuple/tuple_004_F.py b/sast-python2/case/completeness/single_app_tracing/datatype/tuple/tuple_004_F.py index 9a49f092..26463fcb 100644 --- a/sast-python2/case/completeness/single_app_tracing/datatype/tuple/tuple_004_F.py +++ b/sast-python2/case/completeness/single_app_tracing/datatype/tuple/tuple_004_F.py @@ -1,25 +1,25 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->元组 -# scene introduction = 解构赋值 -# level = 2 -# bind_url = completeness/single_app_tracing/datatype/tuple/tuple_004_F -# evaluation information end -import os - - -def tuple_004_F(taint_src): - items = (taint_src, u"b", u"c") - first,second,third = items - taint_sink(third) - - -def taint_sink(o): - os.system(unicode(o)) - - -# 示例调用 -if __name__ == u"__main__": - taint_src = u"taint_src_value" - tuple_004_F(taint_src) +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->元组 +# scene introduction = 解构赋值 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/tuple/tuple_004_F +# evaluation information end +import os + + +def tuple_004_F(taint_src): + items = (taint_src, u"b", u"c") + first,second,third = items + taint_sink(third) + + +def taint_sink(o): + os.system(unicode(o)) + + +# 示例调用 +if __name__ == u"__main__": + taint_src = u"taint_src_value" + tuple_004_F(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/control_flow/assert/assert_001_T.py b/sast-python2/case/completeness/single_app_tracing/exception_error/assert/assert_001_T.py similarity index 71% rename from sast-python2/case/completeness/single_app_tracing/control_flow/assert/assert_001_T.py rename to sast-python2/case/completeness/single_app_tracing/exception_error/assert/assert_001_T.py index b58eeff4..74bb094e 100644 --- a/sast-python2/case/completeness/single_app_tracing/control_flow/assert/assert_001_T.py +++ b/sast-python2/case/completeness/single_app_tracing/exception_error/assert/assert_001_T.py @@ -1,33 +1,30 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->流程控制语句->断言 -# scene introduction = 验证输入值 -# level = 2 -# bind_url = completeness/single_app_tracing/control_flow/assert/assert_001_T -# evaluation information end - - -import os -import numpy as np - - -def assert_001_T(taint_src): - # 创建一个 NumPy 数组,包含 taint_src 和 "SAFE" - arr = np.array([taint_src, u"SAFE"]) - - # 使用 assert 确保数组的第一个元素不是空字符串 - assert arr[0] != u"", u"The first element should not be an empty string." - - taint_sink(arr[0]) - - -def taint_sink(o): - os.system(o) - - -# 示例调用 -if __name__ == u"__main__": - taint_src = u"taint_src_value" - assert_001_T(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->流程控制语句->断言 +# scene introduction = 验证输入值 +# level = 2 +# bind_url = completeness/single_app_tracing/exception_error/assert/assert_001_T +# evaluation information end + + +import os + +def assert_001_T(taint_src): + arr = [taint_src, u"SAFE"] + + # 使用 assert 确保数组的第一个元素不是空字符串 + assert arr[0] != u"", u"The first element should not be an empty string." + + taint_sink(arr[0]) + + +def taint_sink(o): + os.system(o) + + +# 示例调用 +if __name__ == u"__main__": + taint_src = u"taint_src_value" + assert_001_T(taint_src) + diff --git a/sast-python2/case/completeness/single_app_tracing/control_flow/assert/assert_002_F.py b/sast-python2/case/completeness/single_app_tracing/exception_error/assert/assert_002_F.py similarity index 70% rename from sast-python2/case/completeness/single_app_tracing/control_flow/assert/assert_002_F.py rename to sast-python2/case/completeness/single_app_tracing/exception_error/assert/assert_002_F.py index 88afa342..22876951 100644 --- a/sast-python2/case/completeness/single_app_tracing/control_flow/assert/assert_002_F.py +++ b/sast-python2/case/completeness/single_app_tracing/exception_error/assert/assert_002_F.py @@ -1,32 +1,30 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->流程控制语句->断言 -# scene introduction = 验证输入值 -# level = 2 -# bind_url = completeness/single_app_tracing/control_flow/assert/assert_002_F -# evaluation information end - - -import os -import numpy as np - - -def assert_002_F(taint_src): - # 创建一个 NumPy 数组,包含 taint_src 和 "SAFE" - arr = np.array([taint_src, u"SAFE"]) - - # 使用 assert 确保数组的第一个元素不是空字符串 - assert arr[1] != u"", u"The first element should not be an empty string." - - taint_sink(arr[1]) - - -def taint_sink(o): - # 使用 os.system 执行命令 - os.system(o) - - -if __name__ == u"__main__": - taint_src = u"taint_src_value" - assert_002_F(taint_src) +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->流程控制语句->断言 +# scene introduction = 验证输入值 +# level = 2 +# bind_url = completeness/single_app_tracing/exception_error/assert/assert_002_F +# evaluation information end + + +import os + + +def assert_002_F(taint_src): + arr = [taint_src, u"safe_value"] + + # 使用 assert 确保数组的第一个元素不是空字符串 + assert arr[1] != u"", u"The first element should not be an empty string." + + taint_sink(arr[1]) + + +def taint_sink(o): + # 使用 os.system 执行命令 + os.system(o) + + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + assert_002_F(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/control_flow/assert/config.json b/sast-python2/case/completeness/single_app_tracing/exception_error/assert/config.json similarity index 95% rename from sast-python2/case/completeness/single_app_tracing/control_flow/assert/config.json rename to sast-python2/case/completeness/single_app_tracing/exception_error/assert/config.json index 50bc911a..4b8c8caf 100644 --- a/sast-python2/case/completeness/single_app_tracing/control_flow/assert/config.json +++ b/sast-python2/case/completeness/single_app_tracing/exception_error/assert/config.json @@ -1,18 +1,18 @@ -{ - "assert": [ - { - "evaluation_item": "完整度->单应用跟踪完整度->流程控制语句->断言", - "scene_levels": [ - { - "level": "2", - "scene_list": [ - { - "compose": "assert_001_T.py && !assert_002_F.py", - "scene": "验证输入值" - } - ] - } - ] - } - ] +{ + "assert": [ + { + "evaluation_item": "完整度->单应用跟踪完整度->流程控制语句->断言", + "scene_levels": [ + { + "level": "2", + "scene_list": [ + { + "compose": "assert_001_T.py && !assert_002_F.py", + "scene": "验证输入值" + } + ] + } + ] + } + ] } \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/exception_error/exception_throw/config.json b/sast-python2/case/completeness/single_app_tracing/exception_error/exception_throw/config.json index 94093f6e..07a81cbd 100644 --- a/sast-python2/case/completeness/single_app_tracing/exception_error/exception_throw/config.json +++ b/sast-python2/case/completeness/single_app_tracing/exception_error/exception_throw/config.json @@ -14,6 +14,10 @@ "compose": "exception_catch_001_T.py && !exception_catch_002_F.py", "scene": "exception_catch" }, + { + "compose": "exception_catch_003_T.py && !exception_catch_004_F.py", + "scene": "exception_raise_string" + }, { "compose": "exception_try_else_001_T.py && !exception_try_else_002_F.py", "scene": "exception_try_else" @@ -27,4 +31,4 @@ ] } ] -} \ No newline at end of file +} diff --git a/sast-python2/case/completeness/single_app_tracing/exception_error/exception_throw/exception_catch_001_T.py b/sast-python2/case/completeness/single_app_tracing/exception_error/exception_throw/exception_catch_001_T.py index 022f4439..9a165fc2 100644 --- a/sast-python2/case/completeness/single_app_tracing/exception_error/exception_throw/exception_catch_001_T.py +++ b/sast-python2/case/completeness/single_app_tracing/exception_error/exception_throw/exception_catch_001_T.py @@ -1,28 +1,28 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 完整度->单应用跟踪完整度->异常与错误处理->异常抛出和捕获 -# scene introduction = exception_catch -# level = 2 -# bind_url = completeness/chain_tracing/exception_error/exception_throw/exception_catch_001_T -# evaluation information end -import os - -def exception_catch_001_T(taint_src): - try: - # 抛出一个包含 message 和 code 的异常对象 - raise Exception({u'message': taint_src, u'code': 123}) - except Exception, e: - # 捕获异常并提取 message 属性 - error_info = e.args[0] # 获取抛出的异常内容(这里是字典) - taint_sink(error_info[u'message']) # 将 message 传递给污染接收函数 - - -def taint_sink(o): - os.system(o) - - -if __name__ == u"__main__": - taint_src = u"taint_src_value" - exception_catch_001_T(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->异常与错误处理->异常抛出和捕获 +# scene introduction = exception_catch +# level = 2 +# bind_url = completeness/single_app_tracing/exception_error/exception_throw/exception_catch_001_T +# evaluation information end +import os + +def exception_catch_001_T(taint_src): + try: + # 抛出一个包含 message 和 code 的异常对象 + raise Exception({u'message': taint_src, u'code': 123}) + except Exception, e: + # 捕获异常并提取 message 属性 + error_info = e.args[0] # 获取抛出的异常内容(这里是字典) + taint_sink(error_info[u'message']) # 将 message 传递给污染接收函数 + + +def taint_sink(o): + os.system(o) + + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + exception_catch_001_T(taint_src) + diff --git a/sast-python2/case/completeness/single_app_tracing/exception_error/exception_throw/exception_catch_002_F.py b/sast-python2/case/completeness/single_app_tracing/exception_error/exception_throw/exception_catch_002_F.py index b32d8a20..7a2ceb89 100644 --- a/sast-python2/case/completeness/single_app_tracing/exception_error/exception_throw/exception_catch_002_F.py +++ b/sast-python2/case/completeness/single_app_tracing/exception_error/exception_throw/exception_catch_002_F.py @@ -4,7 +4,7 @@ # evaluation item = 完整度->单应用跟踪完整度->异常与错误处理->异常抛出和捕获 # scene introduction = exception_catch # level = 2 -# bind_url = completeness/chain_tracing/exception_error/exception_throw/exception_catch_002_F +# bind_url = completeness/single_app_tracing/exception_error/exception_throw/exception_catch_002_F # evaluation information end import os diff --git a/sast-python2/case/completeness/single_app_tracing/exception_error/exception_throw/exception_catch_003_T.py b/sast-python2/case/completeness/single_app_tracing/exception_error/exception_throw/exception_catch_003_T.py new file mode 100644 index 00000000..51cdb266 --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/exception_error/exception_throw/exception_catch_003_T.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->异常与错误处理->异常抛出和捕获 +# scene introduction = exception_raise_string +# level = 2 +# bind_url = completeness/single_app_tracing/exception_error/exception_throw/exception_catch_003_T +# date = 2026-01-07 02:25:05 +# evaluation information end +import os + + +def exception_catch_003_T(taint_src): + try: + # 场景特点:使用raise语句直接抛出字符串异常 + raise Exception(taint_src) + except Exception as e: + taint_sink(e) + + +def taint_sink(o): + os.system(str(o)) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + exception_catch_003_T(taint_src) \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/exception_error/exception_throw/exception_catch_004_F.py b/sast-python2/case/completeness/single_app_tracing/exception_error/exception_throw/exception_catch_004_F.py new file mode 100644 index 00000000..1454dc78 --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/exception_error/exception_throw/exception_catch_004_F.py @@ -0,0 +1,26 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->异常与错误处理->异常抛出和捕获 +# scene introduction = exception_raise_string +# level = 2 +# bind_url = completeness/single_app_tracing/exception_error/exception_throw/exception_catch_004_F +# date = 2026-01-07 02:25:05 +# evaluation information end +import os + + +def exception_catch_004_F(taint_src): + try: + raise Exception("safe_value") + except Exception as e: + taint_sink(e) + + +def taint_sink(o): + os.system(str(o)) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + exception_catch_004_F(taint_src) \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/exception_error/exception_throw/exception_finally_001_T.py b/sast-python2/case/completeness/single_app_tracing/exception_error/exception_throw/exception_finally_001_T.py index 37f50956..297a2d42 100644 --- a/sast-python2/case/completeness/single_app_tracing/exception_error/exception_throw/exception_finally_001_T.py +++ b/sast-python2/case/completeness/single_app_tracing/exception_error/exception_throw/exception_finally_001_T.py @@ -1,29 +1,29 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->异常与错误处理->异常抛出和捕获 -# scene introduction = exception_finally -# level = 2 -# bind_url = completeness/chain_tracing/exception_error/exception_throw/exception_finally_001_T -# evaluation information end -import os - - -def exception_finally_001_T(taint_src): - res = u'' - try: - raise Exception(taint_src) - except Exception, e: - res = e - finally: - taint_sink(res) - - -def taint_sink(o): - os.system(unicode(o)) - - -if __name__ == u"__main__": - taint_src = u"taint_src_value" - exception_finally_001_T(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->异常与错误处理->异常抛出和捕获 +# scene introduction = exception_finally +# level = 2 +# bind_url = completeness/single_app_tracing/exception_error/exception_throw/exception_finally_001_T +# evaluation information end +import os + + +def exception_finally_001_T(taint_src): + res = u'' + try: + raise Exception(taint_src) + except Exception, e: + res = e + finally: + taint_sink(res) + + +def taint_sink(o): + os.system(unicode(o)) + + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + exception_finally_001_T(taint_src) + diff --git a/sast-python2/case/completeness/single_app_tracing/exception_error/exception_throw/exception_finally_002_F.py b/sast-python2/case/completeness/single_app_tracing/exception_error/exception_throw/exception_finally_002_F.py index 68867c30..b5f8450b 100644 --- a/sast-python2/case/completeness/single_app_tracing/exception_error/exception_throw/exception_finally_002_F.py +++ b/sast-python2/case/completeness/single_app_tracing/exception_error/exception_throw/exception_finally_002_F.py @@ -1,28 +1,28 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 完整度->单应用跟踪完整度->异常与错误处理->异常抛出和捕获 -# scene introduction = exception_finally -# level = 2 -# bind_url = completeness/chain_tracing/exception_error/exception_throw/exception_finally_002_F -# evaluation information end -import os - -def exception_finally_002_F(taint_src): - res = u'_' - try: - raise Exception(taint_src) - except Exception, e: - pass - finally: - taint_sink(res) - - -def taint_sink(o): - os.system(o) - - -if __name__ == u"__main__": - taint_src = u"taint_src_value" - exception_finally_002_F(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->异常与错误处理->异常抛出和捕获 +# scene introduction = exception_finally +# level = 2 +# bind_url = completeness/single_app_tracing/exception_error/exception_throw/exception_finally_002_F +# evaluation information end +import os + +def exception_finally_002_F(taint_src): + res = u'_' + try: + raise Exception(taint_src) + except Exception, e: + pass + finally: + taint_sink(res) + + +def taint_sink(o): + os.system(o) + + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + exception_finally_002_F(taint_src) + diff --git a/sast-python2/case/completeness/single_app_tracing/exception_error/exception_throw/exception_try_001_T.py b/sast-python2/case/completeness/single_app_tracing/exception_error/exception_throw/exception_try_001_T.py index f51f7c55..f9272f50 100644 --- a/sast-python2/case/completeness/single_app_tracing/exception_error/exception_throw/exception_try_001_T.py +++ b/sast-python2/case/completeness/single_app_tracing/exception_error/exception_throw/exception_try_001_T.py @@ -4,7 +4,7 @@ # evaluation item = 完整度->单应用跟踪完整度->异常与错误处理->异常抛出和捕获 # scene introduction = exception_try # level = 2 -# bind_url = completeness/chain_tracing/exception_error/exception_throw/exception_try_001_T +# bind_url = completeness/single_app_tracing/exception_error/exception_throw/exception_try_001_T # evaluation information end import os diff --git a/sast-python2/case/completeness/single_app_tracing/exception_error/exception_throw/exception_try_002_F.py b/sast-python2/case/completeness/single_app_tracing/exception_error/exception_throw/exception_try_002_F.py index 745c056f..984265b1 100644 --- a/sast-python2/case/completeness/single_app_tracing/exception_error/exception_throw/exception_try_002_F.py +++ b/sast-python2/case/completeness/single_app_tracing/exception_error/exception_throw/exception_try_002_F.py @@ -4,7 +4,7 @@ # evaluation item = 完整度->单应用跟踪完整度->异常与错误处理->异常抛出和捕获 # scene introduction = exception_try # level = 2 -# bind_url = completeness/chain_tracing/exception_error/exception_throw/exception_try_002_F +# bind_url = completeness/single_app_tracing/exception_error/exception_throw/exception_try_002_F # evaluation information end import os diff --git a/sast-python2/case/completeness/single_app_tracing/exception_error/exception_throw/exception_try_else_001_T.py b/sast-python2/case/completeness/single_app_tracing/exception_error/exception_throw/exception_try_else_001_T.py index dc0f8bf2..223c35fd 100644 --- a/sast-python2/case/completeness/single_app_tracing/exception_error/exception_throw/exception_try_else_001_T.py +++ b/sast-python2/case/completeness/single_app_tracing/exception_error/exception_throw/exception_try_else_001_T.py @@ -1,31 +1,31 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->异常与错误处理->异常抛出和捕获 -# scene introduction = exception_try_else -# level = 2 -# bind_url = completeness/chain_tracing/exception_error/exception_throw/exception_try_else_001_T -# evaluation information end - - -import os - - -def exception_try_else_001_T(taint_src): - try: - pass - except Exception, e: - # 异常发生时的处理逻辑 - pass - else: - # 没有异常时执行的逻辑 - taint_sink(taint_src) - - -def taint_sink(o): - os.system(unicode(o)) - - -if __name__ == u"__main__": - taint_src = u"taint_src_value" - exception_try_else_001_T(taint_src) +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->异常与错误处理->异常抛出和捕获 +# scene introduction = exception_try_else +# level = 2 +# bind_url = completeness/single_app_tracing/exception_error/exception_throw/exception_try_else_001_T +# evaluation information end + + +import os + + +def exception_try_else_001_T(taint_src): + try: + pass + except Exception, e: + # 异常发生时的处理逻辑 + pass + else: + # 没有异常时执行的逻辑 + taint_sink(taint_src) + + +def taint_sink(o): + os.system(unicode(o)) + + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + exception_try_else_001_T(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/exception_error/exception_throw/exception_try_else_002_F.py b/sast-python2/case/completeness/single_app_tracing/exception_error/exception_throw/exception_try_else_002_F.py index 048dc0db..abe74702 100644 --- a/sast-python2/case/completeness/single_app_tracing/exception_error/exception_throw/exception_try_else_002_F.py +++ b/sast-python2/case/completeness/single_app_tracing/exception_error/exception_throw/exception_try_else_002_F.py @@ -1,31 +1,31 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 完整度->单应用跟踪完整度->异常与错误处理->异常抛出和捕获 -# scene introduction = exception_try_else -# level = 2 -# bind_url = completeness/chain_tracing/exception_error/exception_throw/exception_try_else_002_F -# evaluation information end - - -import os - - -def exception_try_else_002_F(taint_src): - try: - pass - except Exception, e: - # 异常发生时的处理逻辑 - pass - else: - # 没有异常时执行的逻辑 - taint_sink(u"_") - - -def taint_sink(o): - os.system(o) - - -if __name__ == u"__main__": - taint_src = u"taint_src_value" - exception_try_else_002_F(taint_src) +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->异常与错误处理->异常抛出和捕获 +# scene introduction = exception_try_else +# level = 2 +# bind_url = completeness/single_app_tracing/exception_error/exception_throw/exception_try_else_002_F +# evaluation information end + + +import os + + +def exception_try_else_002_F(taint_src): + try: + pass + except Exception, e: + # 异常发生时的处理逻辑 + pass + else: + # 没有异常时执行的逻辑 + taint_sink(u"_") + + +def taint_sink(o): + os.system(o) + + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + exception_try_else_002_F(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_add_assignment_002_F.py b/sast-python2/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_add_assignment_002_F.py index d8ef2c58..75203087 100644 --- a/sast-python2/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_add_assignment_002_F.py +++ b/sast-python2/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_add_assignment_002_F.py @@ -9,7 +9,7 @@ import os -def binary_expression_add_assignment_002_T(taint_src): +def binary_expression_add_assignment_002_F(taint_src): aa = u"aa" result = u'_' result += aa # 使用传入的参数 aa @@ -22,5 +22,5 @@ def taint_sink(o): if __name__ == u'__main__': taint_src = u"taint_src_value" - binary_expression_add_assignment_002_T(taint_src) + binary_expression_add_assignment_002_F(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_mult_002_F.py b/sast-python2/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_mult_002_F.py index a6d94717..ac9fda0c 100644 --- a/sast-python2/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_mult_002_F.py +++ b/sast-python2/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_mult_002_F.py @@ -1,26 +1,26 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 -# scene introduction = 二元运算->乘 -# level = 2 -# bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_mult_002_F -# evaluation information end - - -import os - - -def binary_expression_mult_002_F(taint_src): - result = taint_src * 3 - taint_sink(1) - - -def taint_sink(o): - os.system(unicode(o)) - - -if __name__ == u'__main__': - taint_src = 2 - binary_expression_mult_002_F(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 +# scene introduction = 二元运算->乘 +# level = 2 +# bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_mult_002_F +# evaluation information end + + +import os + + +def binary_expression_mult_002_F(taint_src): + result = taint_src * 3 + taint_sink(1) + + +def taint_sink(o): + os.system(unicode(o)) + + +if __name__ == u'__main__': + taint_src = 2 + binary_expression_mult_002_F(taint_src) + diff --git a/sast-python2/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_sub_002_F.py b/sast-python2/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_sub_002_F.py index ce164333..f1cd0aef 100644 --- a/sast-python2/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_sub_002_F.py +++ b/sast-python2/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_sub_002_F.py @@ -1,26 +1,26 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 -# scene introduction = 二元运算->减 -# level = 2 -# bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_sub_002_F -# evaluation information end - - -import os - - -def binary_expression_sub_002_F(taint_src): - result = 2 - 1 - taint_sink(result) - - -def taint_sink(o): - os.system(unicode(o)) - - -if __name__ == u'__main__': - taint_src = u"taint_src_value" - binary_expression_sub_002_F(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 +# scene introduction = 二元运算->减 +# level = 2 +# bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_sub_002_F +# evaluation information end + + +import os + + +def binary_expression_sub_002_F(taint_src): + result = 2 - 1 + taint_sink(result) + + +def taint_sink(o): + os.system(unicode(o)) + + +if __name__ == u'__main__': + taint_src = u"taint_src_value" + binary_expression_sub_002_F(taint_src) + diff --git a/sast-python2/case/completeness/single_app_tracing/expression/conditional_expression/logical_or_002_F.py b/sast-python2/case/completeness/single_app_tracing/expression/conditional_expression/logical_or_002_F.py index 69473d29..3b8ec89d 100644 --- a/sast-python2/case/completeness/single_app_tracing/expression/conditional_expression/logical_or_002_F.py +++ b/sast-python2/case/completeness/single_app_tracing/expression/conditional_expression/logical_or_002_F.py @@ -1,23 +1,23 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->表达式->条件表达式 -# scene introduction = 逻辑或 -# level = 2 -# bind_url = completeness/single_app_tracing/expression/conditional_expression/logical_or_002_F -# evaluation information end -import os - - -def logical_or_002_F(taint_src): - result = taint_src != u"taint_src_value" or "aa" # 污点通过OR条件传递 - taint_sink(result) - -def taint_sink(o): - os.system(unicode(o)) - - -if __name__ == u"__main__": - taint_src = u"taint_src_value" - logical_or_002_F(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->表达式->条件表达式 +# scene introduction = 逻辑或 +# level = 2 +# bind_url = completeness/single_app_tracing/expression/conditional_expression/logical_or_002_F +# evaluation information end +import os + + +def logical_or_002_F(taint_src): + result = taint_src != u"taint_src_value" or "aa" # 污点通过OR条件传递 + taint_sink(result) + +def taint_sink(o): + os.system(unicode(o)) + + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + logical_or_002_F(taint_src) + diff --git a/sast-python2/case/completeness/single_app_tracing/expression/special_expression/del_expression_006_F.py b/sast-python2/case/completeness/single_app_tracing/expression/special_expression/del_expression_006_F.py index 43270ed5..748d544b 100644 --- a/sast-python2/case/completeness/single_app_tracing/expression/special_expression/del_expression_006_F.py +++ b/sast-python2/case/completeness/single_app_tracing/expression/special_expression/del_expression_006_F.py @@ -1,25 +1,25 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -# scene introduction = del运算符->字典键值对 -# level = 2 -# bind_url = completeness/single_app_tracing/expression/special_expression/del_expression_006_F -# evaluation information end -import os - - - -def del_expression_006_F(taint_src): - dct = {u"key1": taint_src,u"key2":u"aaa"} # 初始化字典,包含 __taint_src 的值 - del dct[u"key1"] # 删除字典中的键值对 - taint_sink(dct) # 将修改后的字典传递给 sink 点 - - -def taint_sink(o): - os.system(unicode(o)) - - -if __name__ == u'__main__': - taint_src = u"taint_src_value" - del_expression_006_F(taint_src) +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 +# scene introduction = del运算符->字典键值对 +# level = 2 +# bind_url = completeness/single_app_tracing/expression/special_expression/del_expression_006_F +# evaluation information end +import os + + + +def del_expression_006_F(taint_src): + dct = {u"key1": taint_src,u"key2":u"aaa"} # 初始化字典,包含 __taint_src 的值 + del dct[u"key1"] # 删除字典中的键值对 + taint_sink(dct) # 将修改后的字典传递给 sink 点 + + +def taint_sink(o): + os.system(unicode(o)) + + +if __name__ == u'__main__': + taint_src = u"taint_src_value" + del_expression_006_F(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/expression/special_expression/del_expression_008_F.py b/sast-python2/case/completeness/single_app_tracing/expression/special_expression/del_expression_008_F.py index a028aa5e..e1219109 100644 --- a/sast-python2/case/completeness/single_app_tracing/expression/special_expression/del_expression_008_F.py +++ b/sast-python2/case/completeness/single_app_tracing/expression/special_expression/del_expression_008_F.py @@ -1,25 +1,25 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -# scene introduction = del运算符->切片 -# level = 2 -# bind_url = completeness/single_app_tracing/expression/special_expression/del_expression_008_F -# evaluation information end -import os - - - -def del_expression_008_F(taint_src): - lst = [taint_src, u"b", u"c", u"d"] # 初始化列表,包含 __taint_src 的值 - del lst[0:1] # 删除列表的切片 - taint_sink(lst) # 将修改后的列表传递给 sink 点 - - -def taint_sink(o): - os.system(unicode(o)) - - -if __name__ == u'__main__': - taint_src = u"taint_src_value" - del_expression_008_F(taint_src) +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 +# scene introduction = del运算符->切片 +# level = 2 +# bind_url = completeness/single_app_tracing/expression/special_expression/del_expression_008_F +# evaluation information end +import os + + + +def del_expression_008_F(taint_src): + lst = [taint_src, u"b", u"c", u"d"] # 初始化列表,包含 __taint_src 的值 + del lst[0:1] # 删除列表的切片 + taint_sink(lst) # 将修改后的列表传递给 sink 点 + + +def taint_sink(o): + os.system(unicode(o)) + + +if __name__ == u'__main__': + taint_src = u"taint_src_value" + del_expression_008_F(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/expression/special_expression/list_comprehension_002_F.py b/sast-python2/case/completeness/single_app_tracing/expression/special_expression/list_comprehension_002_F.py index 9350c904..b5bf931a 100644 --- a/sast-python2/case/completeness/single_app_tracing/expression/special_expression/list_comprehension_002_F.py +++ b/sast-python2/case/completeness/single_app_tracing/expression/special_expression/list_comprehension_002_F.py @@ -1,22 +1,22 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -# scene introduction = 列表推导式 -# level = 3 -# bind_url = completeness/single_app_tracing/expression/special_expression/list_comprehension_002_F -# evaluation information end - -import os - -def list_comprehension_002_F(taint_src): - # 简化的列表推导式,直接使用污染源作为输出的一部分 - result = [x for x in (taint_src, u"_")] - taint_sink(result[1]) - -def taint_sink(o): - os.system(o) - -if __name__ == u"__main__": - taint_src = u"taint_src_value" # 固定字符串"taint_src_value"作为source点流入 - list_comprehension_002_F(taint_src) +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 +# scene introduction = 列表推导式 +# level = 3 +# bind_url = completeness/single_app_tracing/expression/special_expression/list_comprehension_002_F +# evaluation information end + +import os + +def list_comprehension_002_F(taint_src): + # 简化的列表推导式,直接使用污染源作为输出的一部分 + result = [x for x in (taint_src, u"_")] + taint_sink(result[1]) + +def taint_sink(o): + os.system(o) + +if __name__ == u"__main__": + taint_src = u"taint_src_value" # 固定字符串"taint_src_value"作为source点流入 + list_comprehension_002_F(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/expression/special_expression/map_comprehension_002_F.py b/sast-python2/case/completeness/single_app_tracing/expression/special_expression/map_comprehension_002_F.py index b9f02711..be34f36b 100644 --- a/sast-python2/case/completeness/single_app_tracing/expression/special_expression/map_comprehension_002_F.py +++ b/sast-python2/case/completeness/single_app_tracing/expression/special_expression/map_comprehension_002_F.py @@ -1,25 +1,25 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -# scene introduction = 字典推导式 -# level = 3 -# bind_url = completeness/single_app_tracing/expression/special_expression/map_comprehension_002_F -# evaluation information end - -import os - -def map_comprehension_002_F(taint_src): - def process(): - # 使用字典推导式创建map,其中包含污染数据作为部分键或值 - result = dict((i, u"_") for i in xrange(1)) # 简化示例,只循环一次以展示概念 - taint_sink(result[0]) - - process() - -def taint_sink(o): - os.system(o) - -if __name__ == u"__main__": - taint_src = u"taint_src_value" - map_comprehension_002_F(taint_src) +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 +# scene introduction = 字典推导式 +# level = 3 +# bind_url = completeness/single_app_tracing/expression/special_expression/map_comprehension_002_F +# evaluation information end + +import os + +def map_comprehension_002_F(taint_src): + def process(): + # 使用字典推导式创建map,其中包含污染数据作为部分键或值 + result = dict((i, u"_") for i in xrange(1)) # 简化示例,只循环一次以展示概念 + taint_sink(result[0]) + + process() + +def taint_sink(o): + os.system(o) + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + map_comprehension_002_F(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/expression/special_expression/spread_operator_001_T.py b/sast-python2/case/completeness/single_app_tracing/expression/special_expression/spread_operator_001_T.py index bbe512fe..55f9d497 100644 --- a/sast-python2/case/completeness/single_app_tracing/expression/special_expression/spread_operator_001_T.py +++ b/sast-python2/case/completeness/single_app_tracing/expression/special_expression/spread_operator_001_T.py @@ -1,27 +1,27 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -# scene introduction = 扩展运算符 -# level = 2 -# bind_url = completeness/single_app_tracing/expression/special_expression/spread_operator_001_T -# evaluation information end -import os - - -def spread_operator_001_T(taint_src): - collectArgs(taint_src,u'prefix', u'suffix') - - -def collectArgs(*args): - taint_sink(args) - - -def taint_sink(o): - os.system(unicode(o)) - - -if __name__ == u'__main__': - taint_src = u"taint_src_value" - spread_operator_001_T(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 +# scene introduction = 扩展运算符1 +# level = 2 +# bind_url = completeness/single_app_tracing/expression/special_expression/spread_operator_001_T +# evaluation information end +import os + + +def spread_operator_001_T(taint_src): + collectArgs(taint_src,u'prefix', u'suffix') + + +def collectArgs(*args): + taint_sink(args) + + +def taint_sink(o): + os.system(unicode(o)) + + +if __name__ == u'__main__': + taint_src = u"taint_src_value" + spread_operator_001_T(taint_src) + diff --git a/sast-python2/case/completeness/single_app_tracing/expression/special_expression/spread_operator_002_F.py b/sast-python2/case/completeness/single_app_tracing/expression/special_expression/spread_operator_002_F.py index 59b48bc5..a6f6cefe 100644 --- a/sast-python2/case/completeness/single_app_tracing/expression/special_expression/spread_operator_002_F.py +++ b/sast-python2/case/completeness/single_app_tracing/expression/special_expression/spread_operator_002_F.py @@ -1,27 +1,27 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -# scene introduction = 扩展运算符 -# level = 2 -# bind_url = completeness/single_app_tracing/expression/special_expression/spread_operator_002_F -# evaluation information end -import os - - -def spread_operator_002_F(taint_src): - collectArgs(taint_src,u'prefix', u'suffix') - - -def collectArgs(*args): - taint_sink(u'_') - - -def taint_sink(o): - os.system(o) - - -if __name__ == u'__main__': - taint_src = u"taint_src_value" - spread_operator_002_F(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 +# scene introduction = 扩展运算符1 +# level = 2 +# bind_url = completeness/single_app_tracing/expression/special_expression/spread_operator_002_F +# evaluation information end +import os + + +def spread_operator_002_F(taint_src): + collectArgs(taint_src,u'prefix', u'suffix') + + +def collectArgs(*args): + taint_sink(u'_') + + +def taint_sink(o): + os.system(o) + + +if __name__ == u'__main__': + taint_src = u"taint_src_value" + spread_operator_002_F(taint_src) + diff --git a/sast-python2/case/completeness/single_app_tracing/expression/special_expression/spread_operator_003_T.py b/sast-python2/case/completeness/single_app_tracing/expression/special_expression/spread_operator_003_T.py index bf32671b..40801d75 100644 --- a/sast-python2/case/completeness/single_app_tracing/expression/special_expression/spread_operator_003_T.py +++ b/sast-python2/case/completeness/single_app_tracing/expression/special_expression/spread_operator_003_T.py @@ -1,27 +1,27 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -# scene introduction = 扩展运算符 -# level = 2 -# bind_url = completeness/single_app_tracing/expression/special_expression/spread_operator_003_T -# evaluation information end -import os - - -def spread_operator_003_T(taint_src): - collectArgs([u'prefix', taint_src, u'suffix']) - - -def collectArgs(*args): - taint_sink(args) - - -def taint_sink(o): - os.system(unicode(o)) - - -if __name__ == u'__main__': - taint_src = u"taint_src_value" - spread_operator_003_T(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 +# scene introduction = 扩展运算符2 +# level = 2 +# bind_url = completeness/single_app_tracing/expression/special_expression/spread_operator_003_T +# evaluation information end +import os + + +def spread_operator_003_T(taint_src): + collectArgs([u'prefix', taint_src, u'suffix']) + + +def collectArgs(*args): + taint_sink(args) + + +def taint_sink(o): + os.system(unicode(o)) + + +if __name__ == u'__main__': + taint_src = u"taint_src_value" + spread_operator_003_T(taint_src) + diff --git a/sast-python2/case/completeness/single_app_tracing/expression/special_expression/spread_operator_004_F.py b/sast-python2/case/completeness/single_app_tracing/expression/special_expression/spread_operator_004_F.py index 37fe04ef..62df8209 100644 --- a/sast-python2/case/completeness/single_app_tracing/expression/special_expression/spread_operator_004_F.py +++ b/sast-python2/case/completeness/single_app_tracing/expression/special_expression/spread_operator_004_F.py @@ -1,27 +1,27 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -# scene introduction = 扩展运算符 -# level = 2 -# bind_url = completeness/single_app_tracing/expression/special_expression/spread_operator_004_F -# evaluation information end -import os - - -def spread_operator_004_F(taint_src): - collectArgs([u'prefix', taint_src, u'suffix']) - - -def collectArgs(*args): - taint_sink(u'_') - - -def taint_sink(o): - os.system(o) - - -if __name__ == u'__main__': - taint_src = u"taint_src_value" - spread_operator_004_F(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 +# scene introduction = 扩展运算符2 +# level = 2 +# bind_url = completeness/single_app_tracing/expression/special_expression/spread_operator_004_F +# evaluation information end +import os + + +def spread_operator_004_F(taint_src): + collectArgs([u'prefix', taint_src, u'suffix']) + + +def collectArgs(*args): + taint_sink(u'_') + + +def taint_sink(o): + os.system(o) + + +if __name__ == u'__main__': + taint_src = u"taint_src_value" + spread_operator_004_F(taint_src) + diff --git a/sast-python2/case/completeness/single_app_tracing/expression/special_expression/template_literal_001_T.py b/sast-python2/case/completeness/single_app_tracing/expression/special_expression/template_literal_001_T.py index a28e531f..bea12836 100644 --- a/sast-python2/case/completeness/single_app_tracing/expression/special_expression/template_literal_001_T.py +++ b/sast-python2/case/completeness/single_app_tracing/expression/special_expression/template_literal_001_T.py @@ -1,24 +1,24 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -# scene introduction = 模板字面量 -# level = 2 -# bind_url = completeness/single_app_tracing/expression/special_expression/template_literal_001_T -# evaluation information end -import os - - -def template_literal_001_T(taint_src): - result = "_{}".format(taint_src) - taint_sink(result) - - -def taint_sink(o): - os.system(o) - - -if __name__ == '__main__': - taint_src = "taint_src_value" - template_literal_001_T(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 +# scene introduction = 模板字面量1 +# level = 2 +# bind_url = completeness/single_app_tracing/expression/special_expression/template_literal_001_T +# evaluation information end +import os + + +def template_literal_001_T(taint_src): + result = "_{}".format(taint_src) + taint_sink(result) + + +def taint_sink(o): + os.system(o) + + +if __name__ == '__main__': + taint_src = "taint_src_value" + template_literal_001_T(taint_src) + diff --git a/sast-python2/case/completeness/single_app_tracing/expression/special_expression/template_literal_002_F.py b/sast-python2/case/completeness/single_app_tracing/expression/special_expression/template_literal_002_F.py index c00de719..7310a653 100644 --- a/sast-python2/case/completeness/single_app_tracing/expression/special_expression/template_literal_002_F.py +++ b/sast-python2/case/completeness/single_app_tracing/expression/special_expression/template_literal_002_F.py @@ -1,24 +1,24 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -# scene introduction = 模板字面量 -# level = 2 -# bind_url = completeness/single_app_tracing/expression/special_expression/template_literal_002_F -# evaluation information end -import os - - -def template_literal_002_F(taint_src): - result = "_{}".format(taint_src) - taint_sink('_') - - -def taint_sink(o): - os.system(o) - - -if __name__ == '__main__': - taint_src = "taint_src_value" - template_literal_002_F(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 +# scene introduction = 模板字面量1 +# level = 2 +# bind_url = completeness/single_app_tracing/expression/special_expression/template_literal_002_F +# evaluation information end +import os + + +def template_literal_002_F(taint_src): + result = "_{}".format(taint_src) + taint_sink('_') + + +def taint_sink(o): + os.system(o) + + +if __name__ == '__main__': + taint_src = "taint_src_value" + template_literal_002_F(taint_src) + diff --git a/sast-python2/case/completeness/single_app_tracing/expression/special_expression/template_literal_003_T.py b/sast-python2/case/completeness/single_app_tracing/expression/special_expression/template_literal_003_T.py index 12764d42..f3b278c7 100644 --- a/sast-python2/case/completeness/single_app_tracing/expression/special_expression/template_literal_003_T.py +++ b/sast-python2/case/completeness/single_app_tracing/expression/special_expression/template_literal_003_T.py @@ -1,24 +1,24 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -# scene introduction = 模板字面量 -# level = 2 -# bind_url = completeness/single_app_tracing/expression/special_expression/template_literal_003_T -# evaluation information end -import os - - -def template_literal_003_T(taint_src): - result = "{}_".format(taint_src) - taint_sink(result) - - -def taint_sink(o): - os.system(o) - - -if __name__ == '__main__': - taint_src = "taint_src_value" - template_literal_003_T(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 +# scene introduction = 模板字面量2 +# level = 2 +# bind_url = completeness/single_app_tracing/expression/special_expression/template_literal_003_T +# evaluation information end +import os + + +def template_literal_003_T(taint_src): + result = "{}_".format(taint_src) + taint_sink(result) + + +def taint_sink(o): + os.system(o) + + +if __name__ == '__main__': + taint_src = "taint_src_value" + template_literal_003_T(taint_src) + diff --git a/sast-python2/case/completeness/single_app_tracing/expression/special_expression/template_literal_004_F.py b/sast-python2/case/completeness/single_app_tracing/expression/special_expression/template_literal_004_F.py index 400acf28..d4db01a7 100644 --- a/sast-python2/case/completeness/single_app_tracing/expression/special_expression/template_literal_004_F.py +++ b/sast-python2/case/completeness/single_app_tracing/expression/special_expression/template_literal_004_F.py @@ -1,24 +1,24 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -# scene introduction = 模板字面量 -# level = 2 -# bind_url = completeness/single_app_tracing/expression/special_expression/template_literal_004_F -# evaluation information end -import os - - -def template_literal_004_F(taint_src): - result = "{}_".format(taint_src) - taint_sink('_') - - -def taint_sink(o): - os.system(o) - - -if __name__ == '__main__': - taint_src = "taint_src_value" - template_literal_004_F(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 +# scene introduction = 模板字面量2 +# level = 2 +# bind_url = completeness/single_app_tracing/expression/special_expression/template_literal_004_F +# evaluation information end +import os + + +def template_literal_004_F(taint_src): + result = "{}_".format(taint_src) + taint_sink('_') + + +def taint_sink(o): + os.system(o) + + +if __name__ == '__main__': + taint_src = "taint_src_value" + template_literal_004_F(taint_src) + diff --git a/sast-python2/case/completeness/single_app_tracing/expression/special_expression/template_literal_005_T.py b/sast-python2/case/completeness/single_app_tracing/expression/special_expression/template_literal_005_T.py index 65561535..51747ea9 100644 --- a/sast-python2/case/completeness/single_app_tracing/expression/special_expression/template_literal_005_T.py +++ b/sast-python2/case/completeness/single_app_tracing/expression/special_expression/template_literal_005_T.py @@ -1,24 +1,24 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -# scene introduction = 模板字面量 -# level = 2 -# bind_url = completeness/single_app_tracing/expression/special_expression/template_literal_005_T -# evaluation information end -import os - - -def template_literal_005_T(taint_src): - result = "_{}_".format(taint_src) - taint_sink(result) - - -def taint_sink(o): - os.system(o) - - -if __name__ == '__main__': - taint_src = "taint_src_value" - template_literal_005_T(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 +# scene introduction = 模板字面量3 +# level = 2 +# bind_url = completeness/single_app_tracing/expression/special_expression/template_literal_005_T +# evaluation information end +import os + + +def template_literal_005_T(taint_src): + result = "_{}_".format(taint_src) + taint_sink(result) + + +def taint_sink(o): + os.system(o) + + +if __name__ == '__main__': + taint_src = "taint_src_value" + template_literal_005_T(taint_src) + diff --git a/sast-python2/case/completeness/single_app_tracing/expression/special_expression/template_literal_006_F.py b/sast-python2/case/completeness/single_app_tracing/expression/special_expression/template_literal_006_F.py index e0785dff..e9a31836 100644 --- a/sast-python2/case/completeness/single_app_tracing/expression/special_expression/template_literal_006_F.py +++ b/sast-python2/case/completeness/single_app_tracing/expression/special_expression/template_literal_006_F.py @@ -1,24 +1,24 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -# scene introduction = 模板字面量 -# level = 2 -# bind_url = completeness/single_app_tracing/expression/special_expression/template_literal_006_F -# evaluation information end -import os - - -def template_literal_006_F(taint_src): - result = "_{}_".format(taint_src) - taint_sink('_') - - -def taint_sink(o): - os.system(o) - - -if __name__ == '__main__': - taint_src = "taint_src_value" - template_literal_006_F(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 +# scene introduction = 模板字面量3 +# level = 2 +# bind_url = completeness/single_app_tracing/expression/special_expression/template_literal_006_F +# evaluation information end +import os + + +def template_literal_006_F(taint_src): + result = "_{}_".format(taint_src) + taint_sink('_') + + +def taint_sink(o): + os.system(o) + + +if __name__ == '__main__': + taint_src = "taint_src_value" + template_literal_006_F(taint_src) + diff --git a/sast-python2/case/completeness/single_app_tracing/expression/this_expression/config.json b/sast-python2/case/completeness/single_app_tracing/expression/this_expression/config.json new file mode 100644 index 00000000..016ef479 --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/expression/this_expression/config.json @@ -0,0 +1,18 @@ +{ + "this_expression": [ + { + "evaluation_item": "完整度->单应用跟踪完整度->表达式->this表达式", + "scene_levels": [ + { + "level": "2", + "scene_list": [ + { + "compose": "self_001_T.py && !self_002_F.py", + "scene": "self" + } + ] + } + ] + } + ] +} \ No newline at end of file diff --git a/sast-python2/case/completeness/single_app_tracing/expression/this_expression/self_001_T.py b/sast-python2/case/completeness/single_app_tracing/expression/this_expression/self_001_T.py new file mode 100644 index 00000000..b081063a --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/expression/this_expression/self_001_T.py @@ -0,0 +1,28 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->表达式->this表达式 +# scene introduction = self +# level = 2 +# bind_url = completeness/single_app_tracing/expression/this_expression/self_001_T +# evaluation information end +import os + + +class Base(object): + def __init__(self, data): + self.data = data + + +def self_001_T(taint_src): + obj = Base(taint_src) + taint_sink(obj.data) + + +def taint_sink(o): + os.system(o) + + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + self_001_T(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/expression/this_expression/self_002_F.py b/sast-python2/case/completeness/single_app_tracing/expression/this_expression/self_002_F.py new file mode 100644 index 00000000..54fe79c0 --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/expression/this_expression/self_002_F.py @@ -0,0 +1,28 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->表达式->this表达式 +# scene introduction = self +# level = 2 +# bind_url = completeness/single_app_tracing/expression/this_expression/self_002_F +# evaluation information end +import os + + +class Base(object): + def __init__(self, data): + self.data = "safe_value" + + +def self_002_F(taint_src): + obj = Base(taint_src) + taint_sink(obj.data) + + +def taint_sink(o): + os.system(o) + + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + self_002_F(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/expression/type_cast/bool_conversion_002_F.py b/sast-python2/case/completeness/single_app_tracing/expression/type_cast/bool_conversion_002_F.py index 7a5fbc63..6dce7c15 100644 --- a/sast-python2/case/completeness/single_app_tracing/expression/type_cast/bool_conversion_002_F.py +++ b/sast-python2/case/completeness/single_app_tracing/expression/type_cast/bool_conversion_002_F.py @@ -1,24 +1,24 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->表达式->类型转换 -# scene introduction = 布尔转换 -# level = 2 -# bind_url = completeness/single_app_tracing/expression/type_cast/bool_conversion_002_F -# evaluation information end -import os - - -def bool_conversion_002_F(taint_src): - result = bool(u"") - taint_sink(result) - - -def taint_sink(o): - os.system(unicode(o)) - - -if __name__ == u"__main__": - taint_src = u"True" - bool_conversion_002_F(taint_src) # 输出True - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->表达式->类型转换 +# scene introduction = 布尔转换 +# level = 2 +# bind_url = completeness/single_app_tracing/expression/type_cast/bool_conversion_002_F +# evaluation information end +import os + + +def bool_conversion_002_F(taint_src): + result = bool(u"") + taint_sink(result) + + +def taint_sink(o): + os.system(unicode(o)) + + +if __name__ == u"__main__": + taint_src = u"True" + bool_conversion_002_F(taint_src) # 输出True + diff --git a/sast-python2/case/completeness/single_app_tracing/expression/type_cast/config.json b/sast-python2/case/completeness/single_app_tracing/expression/type_cast/config.json index 1c8c741f..fe5fcfdd 100644 --- a/sast-python2/case/completeness/single_app_tracing/expression/type_cast/config.json +++ b/sast-python2/case/completeness/single_app_tracing/expression/type_cast/config.json @@ -25,10 +25,14 @@ { "compose": "str_conversion_001_T.py && !str_conversion_002_F.py", "scene": "字符串转换" + }, + { + "compose": "custom_conversion_001_T.py && !custom_conversion_002_F.py", + "scene": "自定义转换" } ] } ] } ] -} \ No newline at end of file +} diff --git a/sast-python2/case/completeness/single_app_tracing/expression/type_cast/custom_conversion_001_T.py b/sast-python2/case/completeness/single_app_tracing/expression/type_cast/custom_conversion_001_T.py new file mode 100644 index 00000000..773d6bf1 --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/expression/type_cast/custom_conversion_001_T.py @@ -0,0 +1,32 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->表达式->类型转换 +# scene introduction = 自定义转换 +# level = 2 +# bind_url = completeness/single_app_tracing/expression/type_cast/custom_conversion_001_T +# evaluation information end +import os + + +class CustomConversion(object): + def __init__(self, data): + self.data = data + + # 这里自定义了字符串的转换方式 + def __str__(self): + return i + + +def custom_conversion_001_T(taint_src): + obj = CustomConversion(taint_src) + taint_sink(str(obj)) + + +def taint_sink(o): + os.system(o) + + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + custom_conversion_001_T(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/expression/type_cast/custom_conversion_002_F.py b/sast-python2/case/completeness/single_app_tracing/expression/type_cast/custom_conversion_002_F.py new file mode 100644 index 00000000..3f415511 --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/expression/type_cast/custom_conversion_002_F.py @@ -0,0 +1,32 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->表达式->类型转换 +# scene introduction = 自定义转换 +# level = 2 +# bind_url = completeness/single_app_tracing/expression/type_cast/custom_conversion_002_F +# evaluation information end +import os + + +class CustomConversion(object): + def __init__(self, data): + self.data = data + + # 这里自定义了字符串的转换方式 + def __str__(self): + return "safe_value" + + +def custom_conversion_002_F(taint_src): + obj = CustomConversion(taint_src) + taint_sink(str(obj)) + + +def taint_sink(o): + os.system(o) + + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + custom_conversion_002_F(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/expression/type_cast/type_cast_002_F.py b/sast-python2/case/completeness/single_app_tracing/expression/type_cast/type_cast_002_F.py index b07a8663..af1a3a8a 100644 --- a/sast-python2/case/completeness/single_app_tracing/expression/type_cast/type_cast_002_F.py +++ b/sast-python2/case/completeness/single_app_tracing/expression/type_cast/type_cast_002_F.py @@ -1,24 +1,24 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->表达式->类型转换 -# scene introduction = 隐式类型转换 -# level = 2 -# bind_url = completeness/single_app_tracing/expression/type_cast/type_cast_002_F -# evaluation information end -import os - - -def type_cast_002_F(taint_src): - result = taint_src == u"5" - taint_sink(result) - - -def taint_sink(o): - os.system(unicode(o)) - - -if __name__ == u'__main__': - taint_src = 5 - type_cast_002_F(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->表达式->类型转换 +# scene introduction = 隐式类型转换 +# level = 2 +# bind_url = completeness/single_app_tracing/expression/type_cast/type_cast_002_F +# evaluation information end +import os + + +def type_cast_002_F(taint_src): + result = taint_src == u"5" + taint_sink(result) + + +def taint_sink(o): + os.system(unicode(o)) + + +if __name__ == u'__main__': + taint_src = 5 + type_cast_002_F(taint_src) + diff --git a/sast-python2/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_various_types_002_F.py b/sast-python2/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_various_types_002_F.py index fe12f203..3d3ec8e9 100644 --- a/sast-python2/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_various_types_002_F.py +++ b/sast-python2/case/completeness/single_app_tracing/function_call/argument_passing/argument_passing_various_types_002_F.py @@ -1,28 +1,28 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->参数传递 -# scene introduction = 参数列表 -# level = 2 -# bind_url = completeness/single_app_tracing/function_call/argument_passing/argument_passing_various_types_002_F -# evaluation information end - -import os - - -def argument_passing_various_types_002_F(taint_src): - def process(a, b=2, *args, **kwargs): - c = kwargs['c']; - taint_sink(c) - - # 调用过程,展示各种参数的使用方式 - process(1, taint_src, 4, c=u"critical", data=taint_src) - - -def taint_sink(o): - os.system(o) - - -if __name__ == u"__main__": - taint_src = u"taint_src_value" - argument_passing_various_types_002_F(taint_src) +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->参数传递 +# scene introduction = 参数列表 +# level = 2 +# bind_url = completeness/single_app_tracing/function_call/argument_passing/argument_passing_various_types_002_F +# evaluation information end + +import os + + +def argument_passing_various_types_002_F(taint_src): + def process(a, b=2, *args, **kwargs): + c = kwargs['c'] + taint_sink(c) + + # 调用过程,展示各种参数的使用方式 + process(1, taint_src, 4, c=u"critical", data=taint_src) + + +def taint_sink(o): + os.system(o) + + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + argument_passing_various_types_002_F(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/function_call/chained_call/chained_call_001_F.py b/sast-python2/case/completeness/single_app_tracing/function_call/chained_call/chained_call_001_F.py index 4a7ecbdd..ce49e265 100644 --- a/sast-python2/case/completeness/single_app_tracing/function_call/chained_call/chained_call_001_F.py +++ b/sast-python2/case/completeness/single_app_tracing/function_call/chained_call/chained_call_001_F.py @@ -1,42 +1,42 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->链式调用 -# scene introduction = -# level = 2 -# bind_url = completeness/single_app_tracing/function_call/chained_call/chained_call_001_F -# evaluation information end -import os - - -def chained_call_001_F(taint_src): - # 创建类 A 的实例并进行链式调用 - A(taint_sink).set_name(taint_src).clear_name().set_name(u'_').process() - - -def taint_sink(o): - os.system(o) - - -class A(object): - def __init__(self, taint_sink): - self.name = u'' - self.taint_sink = taint_sink # 将污染接收函数保存为实例属性 - - def set_name(self, name): - self.name = name - return self # 返回实例以支持链式调用 - - def clear_name(self): - self.name = u'' - return self # 返回实例以支持链式调用 - - def process(self): - self.taint_sink(self.name) # 使用保存的污染接收函数 - - - -if __name__ == u"__main__": - taint_src = u"taint_src_value" - chained_call_001_F(taint_src) # 调用函数,传入污染源值 taint_src - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->链式调用 +# scene introduction = 类方法链式调用 +# level = 2 +# bind_url = completeness/single_app_tracing/function_call/chained_call/chained_call_001_F +# evaluation information end +import os + + +def chained_call_001_F(taint_src): + # 创建类 A 的实例并进行链式调用 + A(taint_sink).set_name(taint_src).clear_name().set_name(u'_').process() + + +def taint_sink(o): + os.system(o) + + +class A(object): + def __init__(self, taint_sink): + self.name = u'' + self.taint_sink = taint_sink # 将污染接收函数保存为实例属性 + + def set_name(self, name): + self.name = name + return self # 返回实例以支持链式调用 + + def clear_name(self): + self.name = u'' + return self # 返回实例以支持链式调用 + + def process(self): + self.taint_sink(self.name) # 使用保存的污染接收函数 + + + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + chained_call_001_F(taint_src) # 调用函数,传入污染源值 taint_src + diff --git a/sast-python2/case/completeness/single_app_tracing/function_call/chained_call/chained_call_002_T.py b/sast-python2/case/completeness/single_app_tracing/function_call/chained_call/chained_call_002_T.py index 6c1dcb60..00cf32b2 100644 --- a/sast-python2/case/completeness/single_app_tracing/function_call/chained_call/chained_call_002_T.py +++ b/sast-python2/case/completeness/single_app_tracing/function_call/chained_call/chained_call_002_T.py @@ -1,41 +1,41 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->链式调用 -# scene introduction = -# level = 2 -# bind_url = completeness/single_app_tracing/function_call/chained_call/chained_call_002_T -# evaluation information end -import os - -def chained_call_002_T(taint_src): - # 创建类 A 的实例并进行链式调用 - A(taint_sink).set_name(u"_").clear_name().set_name(taint_src).process() - - -def taint_sink(o): - os.system(o) - - -class A(object): - def __init__(self, taint_sink): - self.name = u'' - self.taint_sink = taint_sink # 将污染接收函数保存为实例属性 - - def set_name(self, name): - self.name = name - return self # 返回实例以支持链式调用 - - def clear_name(self): - self.name = u'' - return self # 返回实例以支持链式调用 - - def process(self): - self.taint_sink(self.name) # 使用保存的污染接收函数 - - - -if __name__ == u"__main__": - taint_src = u"taint_src_value" - chained_call_002_T(taint_src) # 调用函数,传入污染源值 taint_src - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->链式调用 +# scene introduction = 类方法链式调用 +# level = 2 +# bind_url = completeness/single_app_tracing/function_call/chained_call/chained_call_002_T +# evaluation information end +import os + +def chained_call_002_T(taint_src): + # 创建类 A 的实例并进行链式调用 + A(taint_sink).set_name(u"_").clear_name().set_name(taint_src).process() + + +def taint_sink(o): + os.system(o) + + +class A(object): + def __init__(self, taint_sink): + self.name = u'' + self.taint_sink = taint_sink # 将污染接收函数保存为实例属性 + + def set_name(self, name): + self.name = name + return self # 返回实例以支持链式调用 + + def clear_name(self): + self.name = u'' + return self # 返回实例以支持链式调用 + + def process(self): + self.taint_sink(self.name) # 使用保存的污染接收函数 + + + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + chained_call_002_T(taint_src) # 调用函数,传入污染源值 taint_src + diff --git a/sast-python2/case/completeness/single_app_tracing/function_call/chained_call/config.json b/sast-python2/case/completeness/single_app_tracing/function_call/chained_call/config.json index 7772cfc7..37dac9f4 100644 --- a/sast-python2/case/completeness/single_app_tracing/function_call/chained_call/config.json +++ b/sast-python2/case/completeness/single_app_tracing/function_call/chained_call/config.json @@ -8,7 +8,7 @@ "scene_list": [ { "compose": "!chained_call_001_F.py && chained_call_002_T.py", - "scene": "1" + "scene": "类方法链式调用" }, { "compose": "chained_call_003_T.py && !chained_call_004_F.py", diff --git a/sast-python2/case/completeness/single_app_tracing/function_call/decorator_function/class_decorator_001_T.py b/sast-python2/case/completeness/single_app_tracing/function_call/decorator_function/class_decorator_001_T.py new file mode 100644 index 00000000..94538605 --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/function_call/decorator_function/class_decorator_001_T.py @@ -0,0 +1,40 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->装饰器函数 +# scene introduction = 类装饰器 +# level = 2 +# bind_url = completeness/single_app_tracing/function_call/decorator_function/class_decorator_001_T +# date = 2026-01-06 09:53:06 +# evaluation information end +import os + + +def class_decorator_001_T(taint_src): + class MyDecorator(object): + def __init__(self, cls): + self.cls = cls + + def __call__(self, *args, **kwargs): + return self.cls((taint_src), **kwargs) + + # 场景特点:使用类装饰器修饰类 + @MyDecorator + class MyClass(object): + def __init__(self, data): + self.data = data + + def get_data(self): + return self.data + + obj = MyClass("safe_value") + taint_sink(obj.get_data()) + + +def taint_sink(o): + os.system(o) + + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + class_decorator_001_T(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/function_call/decorator_function/class_decorator_002_F.py b/sast-python2/case/completeness/single_app_tracing/function_call/decorator_function/class_decorator_002_F.py new file mode 100644 index 00000000..5f120181 --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/function_call/decorator_function/class_decorator_002_F.py @@ -0,0 +1,40 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->装饰器函数 +# scene introduction = 类装饰器 +# level = 2 +# bind_url = completeness/single_app_tracing/function_call/decorator_function/class_decorator_002_F +# date = 2026-01-06 09:53:06 +# evaluation information end +import os + + +def class_decorator_002_F(taint_src): + class MyDecorator(object): + def __init__(self, cls): + self.cls = cls + + def __call__(self, *args, **kwargs): + return self.cls(("safe_value"), **kwargs) + + # 场景特点:使用类装饰器修饰类,但传递的是安全值 + @MyDecorator + class MyClass(object): + def __init__(self, data): + self.data = data + + def get_data(self): + return self.data + + obj = MyClass(taint_src) + taint_sink(obj.get_data()) + + +def taint_sink(o): + os.system(o) + + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + class_decorator_002_F(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/function_call/decorator_function/config.json b/sast-python2/case/completeness/single_app_tracing/function_call/decorator_function/config.json index 4b1b04e3..24343767 100644 --- a/sast-python2/case/completeness/single_app_tracing/function_call/decorator_function/config.json +++ b/sast-python2/case/completeness/single_app_tracing/function_call/decorator_function/config.json @@ -21,10 +21,26 @@ { "compose": "staticmethod_decorator_001_T.py && !staticmethod_decorator_002_F.py", "scene": "staticmethod" + }, + { + "compose": "custom_decorator_no_param_001_T.py && !custom_decorator_no_param_002_F.py", + "scene": "自定义无参装饰器" + }, + { + "compose": "custom_decorator_with_param_001_T.py && !custom_decorator_with_param_002_F.py", + "scene": "自定义带参装饰器" + }, + { + "compose": "decorator_chain_001_T.py && !decorator_chain_002_F.py", + "scene": "装饰器链" + }, + { + "compose": "class_decorator_001_T.py && !class_decorator_002_F.py", + "scene": "类装饰器" } ] } ] } ] -} \ No newline at end of file +} diff --git a/sast-python2/case/completeness/single_app_tracing/function_call/decorator_function/custom_decorator_no_param_001_T.py b/sast-python2/case/completeness/single_app_tracing/function_call/decorator_function/custom_decorator_no_param_001_T.py new file mode 100644 index 00000000..209cb0f2 --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/function_call/decorator_function/custom_decorator_no_param_001_T.py @@ -0,0 +1,34 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->装饰器函数 +# scene introduction = 自定义无参装饰器 +# level = 2 +# bind_url = completeness/single_app_tracing/function_call/decorator_function/custom_decorator_no_param_001_T +# date = 2026-01-06 09:53:06 +# evaluation information end +import os + + +def custom_decorator_no_param_001_T(taint_src): + def my_decorator(func): + def wrapper(*args, **kwargs): + return func((taint_src), **kwargs) + return wrapper + + # 场景特点:使用自定义无参装饰器修饰函数 + @my_decorator + def process(data): + return data + + result = process("safe_value") + taint_sink(result) + + +def taint_sink(o): + os.system(o) + + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + custom_decorator_no_param_001_T(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/function_call/decorator_function/custom_decorator_no_param_002_F.py b/sast-python2/case/completeness/single_app_tracing/function_call/decorator_function/custom_decorator_no_param_002_F.py new file mode 100644 index 00000000..ab18a765 --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/function_call/decorator_function/custom_decorator_no_param_002_F.py @@ -0,0 +1,34 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->装饰器函数 +# scene introduction = 自定义无参装饰器 +# level = 2 +# bind_url = completeness/single_app_tracing/function_call/decorator_function/custom_decorator_no_param_002_F +# date = 2026-01-06 09:53:06 +# evaluation information end +import os + + +def custom_decorator_no_param_002_F(taint_src): + def my_decorator(func): + def wrapper(*args, **kwargs): + return func(("safe_value"), **kwargs) + return wrapper + + # 场景特点:使用自定义无参装饰器修饰函数,但传递的是安全值 + @my_decorator + def process(data): + return data + + result = process(taint_src) + taint_sink(result) + + +def taint_sink(o): + os.system(o) + + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + custom_decorator_no_param_002_F(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/function_call/decorator_function/custom_decorator_with_param_001_T.py b/sast-python2/case/completeness/single_app_tracing/function_call/decorator_function/custom_decorator_with_param_001_T.py new file mode 100644 index 00000000..dee01b15 --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/function_call/decorator_function/custom_decorator_with_param_001_T.py @@ -0,0 +1,36 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->装饰器函数 +# scene introduction = 自定义带参装饰器 +# level = 2 +# bind_url = completeness/single_app_tracing/function_call/decorator_function/custom_decorator_with_param_001_T +# date = 2026-01-06 09:53:06 +# evaluation information end +import os + + +def custom_decorator_with_param_001_T(taint_src): + def my_decorator_with_param(prefix): + def decorator(func): + def wrapper(*args, **kwargs): + return func((prefix), **kwargs) + return wrapper + return decorator + + # 场景特点:使用自定义带参装饰器修饰函数 + @my_decorator_with_param(taint_src) + def process(data): + return data + + result = process("safe_value") + taint_sink(result) + + +def taint_sink(o): + os.system(o) + + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + custom_decorator_with_param_001_T(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/function_call/decorator_function/custom_decorator_with_param_002_F.py b/sast-python2/case/completeness/single_app_tracing/function_call/decorator_function/custom_decorator_with_param_002_F.py new file mode 100644 index 00000000..e28fc40b --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/function_call/decorator_function/custom_decorator_with_param_002_F.py @@ -0,0 +1,36 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->装饰器函数 +# scene introduction = 自定义带参装饰器 +# level = 2 +# bind_url = completeness/single_app_tracing/function_call/decorator_function/custom_decorator_with_param_002_F +# date = 2026-01-06 09:53:06 +# evaluation information end +import os + + +def custom_decorator_with_param_002_F(taint_src): + def my_decorator_with_param(prefix): + def decorator(func): + def wrapper(*args, **kwargs): + return func((prefix), **kwargs) + return wrapper + return decorator + + # 场景特点:使用自定义带参装饰器修饰函数,但传递的是安全值 + @my_decorator_with_param("safe_value") + def process(data): + return data + + result = process(taint_src) + taint_sink(result) + + +def taint_sink(o): + os.system(o) + + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + custom_decorator_with_param_002_F(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/function_call/decorator_function/decorator_chain_001_T.py b/sast-python2/case/completeness/single_app_tracing/function_call/decorator_function/decorator_chain_001_T.py new file mode 100644 index 00000000..1b9c0f5e --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/function_call/decorator_function/decorator_chain_001_T.py @@ -0,0 +1,41 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->装饰器函数 +# scene introduction = 装饰器链 +# level = 2 +# bind_url = completeness/single_app_tracing/function_call/decorator_function/decorator_chain_001_T +# date = 2026-01-06 09:53:06 +# evaluation information end +import os + + +def decorator_chain_001_T(taint_src): + def decorator1(func): + def wrapper(*args, **kwargs): + return func(*args, **kwargs) + return wrapper + + def decorator2(func): + def wrapper(*args, **kwargs): + result = func((taint_src), **kwargs) + return result + return wrapper + + # 场景特点:装饰器按顺序链式应用 + @decorator1 + @decorator2 + def process(data): + return data + + result = process("safe_value") + taint_sink(result) + + +def taint_sink(o): + os.system(o) + + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + decorator_chain_001_T(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/function_call/decorator_function/decorator_chain_002_F.py b/sast-python2/case/completeness/single_app_tracing/function_call/decorator_function/decorator_chain_002_F.py new file mode 100644 index 00000000..7af7a989 --- /dev/null +++ b/sast-python2/case/completeness/single_app_tracing/function_call/decorator_function/decorator_chain_002_F.py @@ -0,0 +1,41 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->装饰器函数 +# scene introduction = 装饰器链 +# level = 2 +# bind_url = completeness/single_app_tracing/function_call/decorator_function/decorator_chain_002_F +# date = 2026-01-06 09:53:06 +# evaluation information end +import os + + +def decorator_chain_002_F(taint_src): + def decorator1(func): + def wrapper(*args, **kwargs): + return func(("safe_value"), **kwargs) + return wrapper + + def decorator2(func): + def wrapper(*args, **kwargs): + result = func(*args, **kwargs) + return result + return wrapper + + # 场景特点:装饰器按顺序链式应用,但传递的是安全值 + @decorator1 + @decorator2 + def process(data): + return data + + result = process(taint_src) + taint_sink(result) + + +def taint_sink(o): + os.system(o) + + +if __name__ == u"__main__": + taint_src = u"taint_src_value" + decorator_chain_002_F(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/function_call/library_function/json_001_T.py b/sast-python2/case/completeness/single_app_tracing/function_call/library_function/json_001_T.py index 6a6db6a6..36b31a3d 100644 --- a/sast-python2/case/completeness/single_app_tracing/function_call/library_function/json_001_T.py +++ b/sast-python2/case/completeness/single_app_tracing/function_call/library_function/json_001_T.py @@ -9,7 +9,7 @@ import os import json -def json_001_t(taint_src): +def json_001_T(taint_src): def process(arg): obj = json.loads(arg) taint_sink(obj[u"key"]) @@ -23,5 +23,5 @@ def taint_sink(o): if __name__ == u'__main__': taint_src = u'{"key": "taint_src_value"}' - json_001_t(taint_src) # 传递一个有效的 JSON 字符串 + json_001_T(taint_src) # 传递一个有效的 JSON 字符串 diff --git a/sast-python2/case/completeness/single_app_tracing/function_call/override/constructor_extends_001_T.py b/sast-python2/case/completeness/single_app_tracing/function_call/override/constructor_extends_001_T.py index ed728daf..1f778532 100644 --- a/sast-python2/case/completeness/single_app_tracing/function_call/override/constructor_extends_001_T.py +++ b/sast-python2/case/completeness/single_app_tracing/function_call/override/constructor_extends_001_T.py @@ -1,41 +1,41 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->方法重写 -# scene introduction = 构造函数 -# level = 2 -# bind_url = completeness/single_app_tracing/function_call/override/constructor_extends_001_T -# evaluation information end -import os - -def constructor_extends_001_T(taint_src): - derived = DerivedClass(taint_src) - derived.process() - -class BaseClass(object): - def __init__(self, data): - self.data = data - - def get_data(self): - return self.data - - def process(self): - pass - - -class DerivedClass(BaseClass): - def __init__(self, data): - super(DerivedClass, self).__init__(data) - - def process(self): - taint_sink(self.get_data()) - - -def taint_sink(o): - os.system(o) - - -if __name__ == u'__main__': - taint_src = u"taint_src_value" - constructor_extends_001_T(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->方法重写 +# scene introduction = 构造函数1 +# level = 2 +# bind_url = completeness/single_app_tracing/function_call/override/constructor_extends_001_T +# evaluation information end +import os + +def constructor_extends_001_T(taint_src): + derived = DerivedClass(taint_src) + derived.process() + +class BaseClass(object): + def __init__(self, data): + self.data = data + + def get_data(self): + return self.data + + def process(self): + pass + + +class DerivedClass(BaseClass): + def __init__(self, data): + super(DerivedClass, self).__init__(data) + + def process(self): + taint_sink(self.get_data()) + + +def taint_sink(o): + os.system(o) + + +if __name__ == u'__main__': + taint_src = u"taint_src_value" + constructor_extends_001_T(taint_src) + diff --git a/sast-python2/case/completeness/single_app_tracing/function_call/override/constructor_extends_002_F.py b/sast-python2/case/completeness/single_app_tracing/function_call/override/constructor_extends_002_F.py index 87ba9e49..9a3b3b4b 100644 --- a/sast-python2/case/completeness/single_app_tracing/function_call/override/constructor_extends_002_F.py +++ b/sast-python2/case/completeness/single_app_tracing/function_call/override/constructor_extends_002_F.py @@ -1,43 +1,43 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->方法重写 -# scene introduction = 构造函数 -# level = 2 -# bind_url = completeness/single_app_tracing/function_call/override/constructor_extends_002_F -# evaluation information end -import os - - -class BaseClass(object): - def __init__(self, data): - self.data = data - - def getData(self): - return self.data - - def process(self): - pass - - -class DerivedClass(BaseClass): - def __init__(self, data): - super(DerivedClass, self).__init__(data) - - def process(self): - taint_sink(self.getData()) - - -def constructor_extends_002_F(taint_src): - derived = DerivedClass(u'_') - derived.process() - - -def taint_sink(o): - os.system(o) - - -if __name__ == u'__main__': - taint_src = u"taint_src_value" - constructor_extends_002_F(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->方法重写 +# scene introduction = 构造函数1 +# level = 2 +# bind_url = completeness/single_app_tracing/function_call/override/constructor_extends_002_F +# evaluation information end +import os + + +class BaseClass(object): + def __init__(self, data): + self.data = data + + def getData(self): + return self.data + + def process(self): + pass + + +class DerivedClass(BaseClass): + def __init__(self, data): + super(DerivedClass, self).__init__(data) + + def process(self): + taint_sink(self.getData()) + + +def constructor_extends_002_F(taint_src): + derived = DerivedClass(u'_') + derived.process() + + +def taint_sink(o): + os.system(o) + + +if __name__ == u'__main__': + taint_src = u"taint_src_value" + constructor_extends_002_F(taint_src) + diff --git a/sast-python2/case/completeness/single_app_tracing/function_call/override/constructor_extends_003_T.py b/sast-python2/case/completeness/single_app_tracing/function_call/override/constructor_extends_003_T.py index 5aafe404..8eac55d4 100644 --- a/sast-python2/case/completeness/single_app_tracing/function_call/override/constructor_extends_003_T.py +++ b/sast-python2/case/completeness/single_app_tracing/function_call/override/constructor_extends_003_T.py @@ -1,43 +1,43 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->方法重写 -# scene introduction = 构造函数 -# level = 2 -# bind_url = completeness/single_app_tracing/function_call/override/constructor_extends_003_T -# evaluation information end -import os - - -def constructor_extends_003_T(taint_src): - class BaseClass(object): - def __init__(self ): - self.data = taint_src - - def get_data(self): - return self.data - - def process(self): - pass - - class DerivedClass(BaseClass): - def __init__(self ): - super(DerivedClass, self).__init__() - - def process(self): - taint_sink(self.get_data()) - - - derived = DerivedClass() - derived.process() - - - -def taint_sink(data): - os.system(data) - - -if __name__ == u'__main__': - taint_src = u"taint_src_value" - constructor_extends_003_T(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->方法重写 +# scene introduction = 构造函数2 +# level = 2 +# bind_url = completeness/single_app_tracing/function_call/override/constructor_extends_003_T +# evaluation information end +import os + + +def constructor_extends_003_T(taint_src): + class BaseClass(object): + def __init__(self ): + self.data = taint_src + + def get_data(self): + return self.data + + def process(self): + pass + + class DerivedClass(BaseClass): + def __init__(self ): + super(DerivedClass, self).__init__() + + def process(self): + taint_sink(self.get_data()) + + + derived = DerivedClass() + derived.process() + + + +def taint_sink(data): + os.system(data) + + +if __name__ == u'__main__': + taint_src = u"taint_src_value" + constructor_extends_003_T(taint_src) + diff --git a/sast-python2/case/completeness/single_app_tracing/function_call/override/constructor_extends_004_F.py b/sast-python2/case/completeness/single_app_tracing/function_call/override/constructor_extends_004_F.py index c4338ed3..d6185475 100644 --- a/sast-python2/case/completeness/single_app_tracing/function_call/override/constructor_extends_004_F.py +++ b/sast-python2/case/completeness/single_app_tracing/function_call/override/constructor_extends_004_F.py @@ -1,43 +1,43 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->方法重写 -# scene introduction = 构造函数 -# level = 2 -# bind_url = completeness/single_app_tracing/function_call/override/constructor_extends_004_F -# evaluation information end -import os - - -def constructor_extends_004_F(taint_src): - class BaseClass(object): - def __init__(self ): - self.data = u"_" - - def get_data(self): - return self.data - - def process(self): - pass - - class DerivedClass(BaseClass): - def __init__(self ): - super(DerivedClass, self).__init__() - - def process(self): - taint_sink(self.get_data()) - - - derived = DerivedClass() - derived.process() - - - -def taint_sink(data): - os.system(data) - - -if __name__ == u'__main__': - taint_src = u"taint_src_value" - constructor_extends_004_F(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->方法重写 +# scene introduction = 构造函数2 +# level = 2 +# bind_url = completeness/single_app_tracing/function_call/override/constructor_extends_004_F +# evaluation information end +import os + + +def constructor_extends_004_F(taint_src): + class BaseClass(object): + def __init__(self ): + self.data = u"_" + + def get_data(self): + return self.data + + def process(self): + pass + + class DerivedClass(BaseClass): + def __init__(self ): + super(DerivedClass, self).__init__() + + def process(self): + taint_sink(self.get_data()) + + + derived = DerivedClass() + derived.process() + + + +def taint_sink(data): + os.system(data) + + +if __name__ == u'__main__': + taint_src = u"taint_src_value" + constructor_extends_004_F(taint_src) + diff --git a/sast-python2/case/completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_001_F.py b/sast-python2/case/completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_001_F.py index d10a2fd2..c3a80c65 100644 --- a/sast-python2/case/completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_001_F.py +++ b/sast-python2/case/completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_001_F.py @@ -9,7 +9,7 @@ import os -def return_normal_value_passing_001_f(taint_src): +def return_normal_value_passing_001_F(taint_src): def process(src): return u'_' # 直接返回传入的参数 @@ -23,5 +23,5 @@ def taint_sink(o): if __name__ == u'__main__': taint_src = u"taint_src_value" - return_normal_value_passing_001_f(taint_src) + return_normal_value_passing_001_F(taint_src) diff --git a/sast-python2/case/completeness/single_app_tracing/variable_scope/private_variable/config.json b/sast-python2/case/completeness/single_app_tracing/variable_scope/private_variable/config.json index 67145d08..827f6b04 100644 --- a/sast-python2/case/completeness/single_app_tracing/variable_scope/private_variable/config.json +++ b/sast-python2/case/completeness/single_app_tracing/variable_scope/private_variable/config.json @@ -8,7 +8,7 @@ "scene_list": [ { "compose": "private_variable_001_T.py && !private_variable_002_F.py", - "scene": "1" + "scene": "私有变量" } ] } diff --git a/sast-python2/case/completeness/single_app_tracing/variable_scope/private_variable/private_variable_001_T.py b/sast-python2/case/completeness/single_app_tracing/variable_scope/private_variable/private_variable_001_T.py index c38f57c4..65f7fa21 100644 --- a/sast-python2/case/completeness/single_app_tracing/variable_scope/private_variable/private_variable_001_T.py +++ b/sast-python2/case/completeness/single_app_tracing/variable_scope/private_variable/private_variable_001_T.py @@ -1,34 +1,34 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->变量作用域->private变量 -# scene introduction = -# level = 2 -# bind_url = completeness/single_app_tracing/variable_scope/private_variable/private_variable_001_T -# evaluation information end -import os - - -def private_variable_001_T(taint_src): - class A(object): - def __init__(self, data): - self.__data = data - - def get_data(self): - return self.__data - - def set_data(self, data): - self.__data = data - - o = A(data=taint_src) # 显式传递 taint_src - taint_sink(o.get_data()) - - -def taint_sink(o): - os.system(o) - - -if __name__ == u'__main__': - taint_src = u"taint_src_value" - private_variable_001_T(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->变量作用域->private变量 +# scene introduction = 私有变量 +# level = 2 +# bind_url = completeness/single_app_tracing/variable_scope/private_variable/private_variable_001_T +# evaluation information end +import os + + +def private_variable_001_T(taint_src): + class A(object): + def __init__(self, data): + self.__data = data + + def get_data(self): + return self.__data + + def set_data(self, data): + self.__data = data + + o = A(data=taint_src) # 显式传递 taint_src + taint_sink(o.get_data()) + + +def taint_sink(o): + os.system(o) + + +if __name__ == u'__main__': + taint_src = u"taint_src_value" + private_variable_001_T(taint_src) + diff --git a/sast-python2/case/completeness/single_app_tracing/variable_scope/private_variable/private_variable_002_F.py b/sast-python2/case/completeness/single_app_tracing/variable_scope/private_variable/private_variable_002_F.py index c88e50fb..c8fa8d58 100644 --- a/sast-python2/case/completeness/single_app_tracing/variable_scope/private_variable/private_variable_002_F.py +++ b/sast-python2/case/completeness/single_app_tracing/variable_scope/private_variable/private_variable_002_F.py @@ -1,35 +1,35 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 完整度->单应用跟踪完整度->变量作用域->private变量 -# scene introduction = -# level = 2 -# bind_url = completeness/single_app_tracing/variable_scope/private_variable/private_variable_002_F -# evaluation information end -import os - - -def private_variable_002_F(taint_src): - class A(object): - def __init__(self, data): - self.__data = data - - def get_data(self): - return self.__data - - def set_data(self, data): - self.__data = data - - o = A(data=taint_src) # 显式传递 taint_src - o.set_data(u"_") - taint_sink(o.get_data()) - - -def taint_sink(o): - os.system(o) - - -if __name__ == u'__main__': - taint_src = u"taint_src_value" - private_variable_002_F(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->变量作用域->private变量 +# scene introduction = 私有变量 +# level = 2 +# bind_url = completeness/single_app_tracing/variable_scope/private_variable/private_variable_002_F +# evaluation information end +import os + + +def private_variable_002_F(taint_src): + class A(object): + def __init__(self, data): + self.__data = data + + def get_data(self): + return self.__data + + def set_data(self, data): + self.__data = data + + o = A(data=taint_src) # 显式传递 taint_src + o.set_data(u"_") + taint_sink(o.get_data()) + + +def taint_sink(o): + os.system(o) + + +if __name__ == u'__main__': + taint_src = u"taint_src_value" + private_variable_002_F(taint_src) + diff --git a/sast-python2/case/completeness/single_app_tracing/variable_scope/static_variable/config.json b/sast-python2/case/completeness/single_app_tracing/variable_scope/static_variable/config.json index 3794580c..b1f074e2 100644 --- a/sast-python2/case/completeness/single_app_tracing/variable_scope/static_variable/config.json +++ b/sast-python2/case/completeness/single_app_tracing/variable_scope/static_variable/config.json @@ -17,7 +17,7 @@ }, { "compose": "static_variable_001_T.py && !static_variable_002_F.py", - "scene": "1" + "scene": "静态变量" } ] } diff --git a/sast-python2/case/completeness/single_app_tracing/variable_scope/static_variable/static_variable_001_T.py b/sast-python2/case/completeness/single_app_tracing/variable_scope/static_variable/static_variable_001_T.py index 0bc51a49..5d786bc1 100644 --- a/sast-python2/case/completeness/single_app_tracing/variable_scope/static_variable/static_variable_001_T.py +++ b/sast-python2/case/completeness/single_app_tracing/variable_scope/static_variable/static_variable_001_T.py @@ -1,37 +1,37 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = true -# evaluation item = 完整度->单应用跟踪完整度->变量作用域->静态变量 -# scene introduction = -# level = 2 -# bind_url = completeness/single_app_tracing/variable_scope/static_variable/static_variable_001_T -# evaluation information end -import os - - -def static_variable_001_T(taint_src): - - def set_static_data(value): - # set_static_data函数返回一个装饰器函数decorator,该装饰器接收一个类cls作为参数, - # 并在该类中添加一个名为data的属性,其值设为传入的value。 - def decorator(cls): - cls.data = value - return cls - return decorator - - class A(object): - pass - - A = set_static_data(taint_src)(A) - - taint_sink(A.data) - - -def taint_sink(o): - os.system(o) - - -if __name__ == u'__main__': - taint_src = u"taint_src_value" - static_variable_001_T(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->变量作用域->静态变量 +# scene introduction = 静态变量 +# level = 2 +# bind_url = completeness/single_app_tracing/variable_scope/static_variable/static_variable_001_T +# evaluation information end +import os + + +def static_variable_001_T(taint_src): + + def set_static_data(value): + # set_static_data函数返回一个装饰器函数decorator,该装饰器接收一个类cls作为参数, + # 并在该类中添加一个名为data的属性,其值设为传入的value。 + def decorator(cls): + cls.data = value + return cls + return decorator + + class A(object): + pass + + A = set_static_data(taint_src)(A) + + taint_sink(A.data) + + +def taint_sink(o): + os.system(o) + + +if __name__ == u'__main__': + taint_src = u"taint_src_value" + static_variable_001_T(taint_src) + diff --git a/sast-python2/case/completeness/single_app_tracing/variable_scope/static_variable/static_variable_002_F.py b/sast-python2/case/completeness/single_app_tracing/variable_scope/static_variable/static_variable_002_F.py index 7280325a..dc53e462 100644 --- a/sast-python2/case/completeness/single_app_tracing/variable_scope/static_variable/static_variable_002_F.py +++ b/sast-python2/case/completeness/single_app_tracing/variable_scope/static_variable/static_variable_002_F.py @@ -1,26 +1,26 @@ -# -*- coding: utf-8 -*- -# evaluation information start -# real case = false -# evaluation item = 完整度->单应用跟踪完整度->变量作用域->静态变量 -# scene introduction = -# level = 2 -# bind_url = completeness/single_app_tracing/variable_scope/static_variable/static_variable_002_F -# evaluation information end -import os - - -def static_variable_002_F(taint_src): - class A(object): - data = u'_' - - taint_sink(A.data) - - -def taint_sink(o): - os.system(o) - - -if __name__ == u'__main__': - taint_src = u"taint_src_value" - static_variable_002_F(taint_src) - +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->变量作用域->静态变量 +# scene introduction = 静态变量 +# level = 2 +# bind_url = completeness/single_app_tracing/variable_scope/static_variable/static_variable_002_F +# evaluation information end +import os + + +def static_variable_002_F(taint_src): + class A(object): + data = u'_' + + taint_sink(A.data) + + +def taint_sink(o): + os.system(o) + + +if __name__ == u'__main__': + taint_src = u"taint_src_value" + static_variable_002_F(taint_src) + diff --git a/sast-python3/case/accuracy/context_sensitive/polymorphism/config.json b/sast-python3/case/accuracy/context_sensitive/polymorphism/config.json index 4aea41b1..9f4cd206 100644 --- a/sast-python3/case/accuracy/context_sensitive/polymorphism/config.json +++ b/sast-python3/case/accuracy/context_sensitive/polymorphism/config.json @@ -8,7 +8,7 @@ "scene_list": [ { "compose": "polymorphism_001_T.py && !polymorphism_002_F.py", - "scene": "1" + "scene": "子类继承父类" }, { "compose": "polymorphism_003_T.py && !polymorphism_004_F.py", diff --git a/sast-python3/case/accuracy/context_sensitive/polymorphism/polymorphism_001_T.py b/sast-python3/case/accuracy/context_sensitive/polymorphism/polymorphism_001_T.py index e4bedd87..2785b5ba 100644 --- a/sast-python3/case/accuracy/context_sensitive/polymorphism/polymorphism_001_T.py +++ b/sast-python3/case/accuracy/context_sensitive/polymorphism/polymorphism_001_T.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 准确度->上下文敏感分析->多态 -# scene introduction = +# scene introduction = 子类继承父类 # level = 2 # bind_url = accuracy/context_sensitive/polymorphism/polymorphism_001_T # evaluation information end diff --git a/sast-python3/case/accuracy/context_sensitive/polymorphism/polymorphism_002_F.py b/sast-python3/case/accuracy/context_sensitive/polymorphism/polymorphism_002_F.py index 1d4ea934..53179378 100644 --- a/sast-python3/case/accuracy/context_sensitive/polymorphism/polymorphism_002_F.py +++ b/sast-python3/case/accuracy/context_sensitive/polymorphism/polymorphism_002_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 准确度->上下文敏感分析->多态 -# scene introduction = +# scene introduction = 子类继承父类 # level = 2 # bind_url = accuracy/context_sensitive/polymorphism/polymorphism_002_F # evaluation information end diff --git a/sast-python3/case/accuracy/field_sensitive/class/field_len_001_T.py b/sast-python3/case/accuracy/field_sensitive/class/field_len_001_T.py index c706584e..790a3241 100644 --- a/sast-python3/case/accuracy/field_sensitive/class/field_len_001_T.py +++ b/sast-python3/case/accuracy/field_sensitive/class/field_len_001_T.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象的不同字段 -# scene introduction = 路径长度 +# scene introduction = 路径长度1 # level = 3 # bind_url = accuracy/field_sensitive/class/field_len_001_T # evaluation information end diff --git a/sast-python3/case/accuracy/field_sensitive/class/field_len_002_F.py b/sast-python3/case/accuracy/field_sensitive/class/field_len_002_F.py index 1dbfbfea..d79d6b12 100644 --- a/sast-python3/case/accuracy/field_sensitive/class/field_len_002_F.py +++ b/sast-python3/case/accuracy/field_sensitive/class/field_len_002_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象的不同字段 -# scene introduction = 路径长度 +# scene introduction = 路径长度1 # level = 3 # bind_url = accuracy/field_sensitive/class/field_len_002_F # evaluation information end diff --git a/sast-python3/case/accuracy/field_sensitive/class/field_len_003_T.py b/sast-python3/case/accuracy/field_sensitive/class/field_len_003_T.py index b841f291..84d4f607 100644 --- a/sast-python3/case/accuracy/field_sensitive/class/field_len_003_T.py +++ b/sast-python3/case/accuracy/field_sensitive/class/field_len_003_T.py @@ -2,8 +2,8 @@ # evaluation information start # real case = true # evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象的不同字段 -# scene introduction = 路径长度 -# level = 3+ +# scene introduction = 路径长度2 +# level = 3 # bind_url = accuracy/field_sensitive/class/field_len_003_T # evaluation information end import os diff --git a/sast-python3/case/accuracy/field_sensitive/class/field_len_004_F.py b/sast-python3/case/accuracy/field_sensitive/class/field_len_004_F.py index 75f13ed9..271be7f1 100644 --- a/sast-python3/case/accuracy/field_sensitive/class/field_len_004_F.py +++ b/sast-python3/case/accuracy/field_sensitive/class/field_len_004_F.py @@ -2,8 +2,8 @@ # evaluation information start # real case = false # evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象的不同字段 -# scene introduction = 路径长度 -# level = 3+ +# scene introduction = 路径长度2 +# level = 3 # bind_url = accuracy/field_sensitive/class/field_len_004_F # evaluation information end import os diff --git a/sast-python3/case/accuracy/field_sensitive/class/field_len_005_T.py b/sast-python3/case/accuracy/field_sensitive/class/field_len_005_T.py index a4d56b81..a4562741 100644 --- a/sast-python3/case/accuracy/field_sensitive/class/field_len_005_T.py +++ b/sast-python3/case/accuracy/field_sensitive/class/field_len_005_T.py @@ -2,8 +2,8 @@ # evaluation information start # real case = true # evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象的不同字段 -# scene introduction = 路径长度 -# level = 3+ +# scene introduction = 路径长度3 +# level = 3 # bind_url = accuracy/field_sensitive/class/field_len_005_T # evaluation information end import os diff --git a/sast-python3/case/accuracy/field_sensitive/class/field_len_006_F.py b/sast-python3/case/accuracy/field_sensitive/class/field_len_006_F.py index 2b6b8be2..b79dcf8a 100644 --- a/sast-python3/case/accuracy/field_sensitive/class/field_len_006_F.py +++ b/sast-python3/case/accuracy/field_sensitive/class/field_len_006_F.py @@ -2,13 +2,13 @@ # evaluation information start # real case = false # evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象的不同字段 -# scene introduction = 路径长度 -# level = 3+ -# bind_url = accuracy/field_sensitive/class/field_len_006_T +# scene introduction = 路径长度3 +# level = 3 +# bind_url = accuracy/field_sensitive/class/field_len_006_F # evaluation information end import os -def field_len_006_T(taint_src): +def field_len_006_F(taint_src): class A: def __init__(self, taint_src): self.b = B(taint_src) # 传递参数到 B @@ -69,5 +69,5 @@ def taint_sink(o): # 示例调用 if __name__ == "__main__": taint_src = "taint_src_value" - field_len_006_T(taint_src) + field_len_006_F(taint_src) diff --git a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_001_T.py b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_001_T.py index 34d9b4e9..d7ca9e70 100644 --- a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_001_T.py +++ b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_001_T.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) -# scene introduction = 列表->列表索引 +# scene introduction = 列表->列表索引1 # level = 3 # bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_001_T # evaluation information end diff --git a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_002_F.py b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_002_F.py index 842b8520..16f55127 100644 --- a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_002_F.py +++ b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_002_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) -# scene introduction = 列表->列表索引 +# scene introduction = 列表->列表索引1 # level = 3 # bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_002_F # evaluation information end diff --git a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_003_T.py b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_003_T.py index cbb997ff..f252fe55 100644 --- a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_003_T.py +++ b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_003_T.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) -# scene introduction = 列表->列表索引 +# scene introduction = 列表->列表索引2 # level = 3 # bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_003_T # evaluation information end diff --git a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_004_F.py b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_004_F.py index aa7b69e1..916c125f 100644 --- a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_004_F.py +++ b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_004_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) -# scene introduction = 列表->列表索引 +# scene introduction = 列表->列表索引2 # level = 3 # bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/list_no_solver_004_F # evaluation information end diff --git a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/map_field_sensitive_005_F.py b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/map_field_sensitive_005_F.py index aa7f582c..84a3ad7a 100644 --- a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/map_field_sensitive_005_F.py +++ b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/map_field_sensitive_005_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) -# scene introduction = 映射->域敏感->delete函数 +# scene introduction = 字典->域敏感->delete函数 # level = 3 # bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/map_field_sensitive_005_F # evaluation information end diff --git a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/map_field_sensitive_008_T.py b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/map_field_sensitive_008_T.py index f8a0373b..ef16464e 100644 --- a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/map_field_sensitive_008_T.py +++ b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/map_field_sensitive_008_T.py @@ -9,7 +9,7 @@ import os -def map_object_sensitive_008_T(taint_src): +def map_field_sensitive_008_T(taint_src): my_map = {} my_map[taint_src] = 'value1' # 污染源作为键,值为干净的 'value1' my_map['key2'] = 'value2' # 设置另一个键值对(非污染键) @@ -22,5 +22,5 @@ def taint_sink(o): # 示例调用 if __name__ == "__main__": taint_src = "taint_src_value" - map_object_sensitive_008_T(taint_src) + map_field_sensitive_008_T(taint_src) diff --git a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_001_T.py b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_001_T.py index 2c852614..c34099f6 100644 --- a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_001_T.py +++ b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_001_T.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) -# scene introduction = 列表->列表索引->扩展运算符 +# scene introduction = 列表->列表索引->扩展运算符1 # level = 3 # bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_001_T # evaluation information end diff --git a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_002_F.py b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_002_F.py index e473c7a3..8f9be747 100644 --- a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_002_F.py +++ b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_002_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) -# scene introduction = 列表->列表索引->扩展运算符 +# scene introduction = 列表->列表索引->扩展运算符1 # level = 3 # bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_002_F # evaluation information end diff --git a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_003_T.py b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_003_T.py index bd114276..ac4de64f 100644 --- a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_003_T.py +++ b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_003_T.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) -# scene introduction = 列表->列表索引->扩展运算符 +# scene introduction = 列表->列表索引->扩展运算符2 # level = 3 # bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_003_T # evaluation information end diff --git a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_004_F.py b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_004_F.py index 653c6af5..3164739f 100644 --- a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_004_F.py +++ b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_004_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) -# scene introduction = 列表->列表索引->扩展运算符 +# scene introduction = 列表->列表索引->扩展运算符2 # level = 3 # bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/spread_operator_no_solver_004_F # evaluation information end diff --git a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_001_T.py b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_001_T.py index af2734da..9852080b 100644 --- a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_001_T.py +++ b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_001_T.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值非数字的场景,能够区分不同索引上特定元素的状态(需要求解) -# scene introduction = 数组->数组索引->需求解 +# scene introduction = 数组->数组索引->需求解1 # level = 4 # bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_001_T # evaluation information end diff --git a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_002_F.py b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_002_F.py index 9366fa0a..698c8df0 100644 --- a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_002_F.py +++ b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_002_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值非数字的场景,能够区分不同索引上特定元素的状态(需要求解) -# scene introduction = 数组->数组索引->需求解 +# scene introduction = 数组->数组索引->需求解1 # level = 4 # bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_002_F # evaluation information end diff --git a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_003_T.py b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_003_T.py index 61077450..5005bd3f 100644 --- a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_003_T.py +++ b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_003_T.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值非数字的场景,能够区分不同索引上特定元素的状态(需要求解) -# scene introduction = 数组->数组索引->需求解 +# scene introduction = 数组->数组索引->需求解2 # level = 4 # bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_003_T # evaluation information end diff --git a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_004_F.py b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_004_F.py index 95978d2d..fa1399a4 100644 --- a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_004_F.py +++ b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_004_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值非数字的场景,能够区分不同索引上特定元素的状态(需要求解) -# scene introduction = 数组->数组索引->需求解 +# scene introduction = 数组->数组索引->需求解2 # level = 4 # bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/array_solver_004_F # evaluation information end diff --git a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_001_T.py b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_001_T.py index de723cd4..5c1e41c3 100644 --- a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_001_T.py +++ b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_001_T.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值非数字的场景,能够区分不同索引上特定元素的状态(需要求解) -# scene introduction = 列表->列表索引->需求解 +# scene introduction = 列表->列表索引->需求解1 # level = 4 # bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_001_T # evaluation information end diff --git a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_002_F.py b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_002_F.py index 6bf2c6f5..e05d7ad3 100644 --- a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_002_F.py +++ b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_002_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值非数字的场景,能够区分不同索引上特定元素的状态(需要求解) -# scene introduction = 列表->列表索引->需求解 +# scene introduction = 列表->列表索引->需求解1 # level = 4 # bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_002_F # evaluation information end diff --git a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_003_T.py b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_003_T.py index d5d5481d..ae61407c 100644 --- a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_003_T.py +++ b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_003_T.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值非数字的场景,能够区分不同索引上特定元素的状态(需要求解) -# scene introduction = 列表->列表索引->需求解 +# scene introduction = 列表->列表索引->需求解2 # level = 4 # bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_003_T # evaluation information end diff --git a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_004_F.py b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_004_F.py index f4e374c5..5925a24f 100644 --- a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_004_F.py +++ b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_004_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值非数字的场景,能够区分不同索引上特定元素的状态(需要求解) -# scene introduction = 列表->列表索引->需求解 +# scene introduction = 列表->列表索引->需求解2 # level = 4 # bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/list_solver_004_F # evaluation information end diff --git a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_001_T.py b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_001_T.py index 3c4311ba..c648c129 100644 --- a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_001_T.py +++ b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_001_T.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值非数字的场景,能够区分不同索引上特定元素的状态(需要求解) -# scene introduction = 字典->字典索引->需求解 +# scene introduction = 字典->字典索引->需求解1 # level = 4 # bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_001_T # evaluation information end diff --git a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_002_F.py b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_002_F.py index b9b6fa2b..e72219f1 100644 --- a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_002_F.py +++ b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_002_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值非数字的场景,能够区分不同索引上特定元素的状态(需要求解) -# scene introduction = 字典->字典索引->需求解 +# scene introduction = 字典->字典索引->需求解1 # level = 4 # bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_002_F # evaluation information end diff --git a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_003_T.py b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_003_T.py index 9fb3bd8f..90a29b7a 100644 --- a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_003_T.py +++ b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_003_T.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值非数字的场景,能够区分不同索引上特定元素的状态(需要求解) -# scene introduction = 字典->字典索引->需求解 +# scene introduction = 字典->字典索引->需求解2 # level = 4 # bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_003_T # evaluation information end diff --git a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_004_F.py b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_004_F.py index 3a053d05..5175fbd1 100644 --- a/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_004_F.py +++ b/sast-python3/case/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_004_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值非数字的场景,能够区分不同索引上特定元素的状态(需要求解) -# scene introduction = 字典->字典索引->需求解 +# scene introduction = 字典->字典索引->需求解2 # level = 4 # bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_solver/map_solver_004_F # evaluation information end diff --git a/sast-python3/case/accuracy/object_sensitive/collection/array_object_sensitive_001_T.py b/sast-python3/case/accuracy/object_sensitive/collection/array_object_sensitive_001_T.py index 9672bc77..a692fcc8 100644 --- a/sast-python3/case/accuracy/object_sensitive/collection/array_object_sensitive_001_T.py +++ b/sast-python3/case/accuracy/object_sensitive/collection/array_object_sensitive_001_T.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 准确度->对象敏感与域敏感分析->区分字典/列表/数组的不同元素 -# scene introduction = 数组/集合->数组对象 +# scene introduction = 数组/集合->数组对象1 # level = 2 # bind_url = accuracy/object_sensitive/collection/array_object_sensitive_001_T # evaluation information end diff --git a/sast-python3/case/accuracy/object_sensitive/collection/array_object_sensitive_002_F.py b/sast-python3/case/accuracy/object_sensitive/collection/array_object_sensitive_002_F.py index 75b8df55..c7008be8 100644 --- a/sast-python3/case/accuracy/object_sensitive/collection/array_object_sensitive_002_F.py +++ b/sast-python3/case/accuracy/object_sensitive/collection/array_object_sensitive_002_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 准确度->对象敏感与域敏感分析->区分字典/列表/数组的不同元素 -# scene introduction = 数组/集合->数组对象 +# scene introduction = 数组/集合->数组对象1 # level = 2 # bind_url = accuracy/object_sensitive/collection/array_object_sensitive_002_F # evaluation information end diff --git a/sast-python3/case/accuracy/object_sensitive/collection/array_object_sensitive_003_T.py b/sast-python3/case/accuracy/object_sensitive/collection/array_object_sensitive_003_T.py index 8f90ee1a..4daff687 100644 --- a/sast-python3/case/accuracy/object_sensitive/collection/array_object_sensitive_003_T.py +++ b/sast-python3/case/accuracy/object_sensitive/collection/array_object_sensitive_003_T.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 准确度->对象敏感与域敏感分析->区分字典/列表/数组的不同元素 -# scene introduction = 数组/集合->数组对象 +# scene introduction = 数组/集合->数组对象2 # level = 2 # bind_url = accuracy/object_sensitive/collection/array_object_sensitive_003_T # evaluation information end diff --git a/sast-python3/case/accuracy/object_sensitive/collection/array_object_sensitive_004_F.py b/sast-python3/case/accuracy/object_sensitive/collection/array_object_sensitive_004_F.py index b14ebeef..18e0e61e 100644 --- a/sast-python3/case/accuracy/object_sensitive/collection/array_object_sensitive_004_F.py +++ b/sast-python3/case/accuracy/object_sensitive/collection/array_object_sensitive_004_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 准确度->对象敏感与域敏感分析->区分字典/列表/数组的不同元素 -# scene introduction = 数组/集合->数组对象 +# scene introduction = 数组/集合->数组对象2 # level = 2 # bind_url = accuracy/object_sensitive/collection/array_object_sensitive_004_F # evaluation information end diff --git a/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_throw_004_F.py b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_throw_004_F.py index a1a01ba8..c3af3097 100644 --- a/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_throw_004_F.py +++ b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_throw_004_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 准确度->路径敏感分析->异常抛出和捕获 # scene introduction = 异常抛出-except块 # level = 3 diff --git a/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/break_004_F.py b/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/break_004_F.py index 391558c1..c4793ffd 100644 --- a/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/break_004_F.py +++ b/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/break_004_F.py @@ -4,12 +4,12 @@ # evaluation item = 准确度->路径敏感分析->跳转语句 # scene introduction = break-嵌套循环 # level = 4 -# bind_url = accuracy/path_sensitive/explicit_jump_control/break_003_F +# bind_url = accuracy/path_sensitive/explicit_jump_control/break_004_F # evaluation information end import os -def break_003_F(taint_src): +def break_004_F(taint_src): res = "" for i in range(2): for j in range(2): @@ -24,5 +24,5 @@ def taint_sink(o): if __name__ == "__main__": taint_src = "taint_src_value" - break_003_F(taint_src) + break_004_F(taint_src) diff --git a/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/continue_002_F.py b/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/continue_002_F.py index fd897924..020d00e6 100644 --- a/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/continue_002_F.py +++ b/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/continue_002_F.py @@ -12,7 +12,8 @@ def continue_002_F(taint_src): res = 'safe_value' for i in range(10): - continue + if i < 10: + continue res = taint_src taint_sink(res) diff --git a/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_001_T.py b/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_001_T.py index 6011d6b5..63a9887a 100644 --- a/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_001_T.py +++ b/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_001_T.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = false +# real case = true # evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 # scene introduction = 区分if else准入条件(不需求解)->if->区分分支 # level = 3 diff --git a/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_005_T.py b/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_005_T.py new file mode 100644 index 00000000..f6924c52 --- /dev/null +++ b/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_005_T.py @@ -0,0 +1,29 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 +# scene introduction = 区分变量声明位置 +# level = 3 +# bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_005_T +# evaluation information end +import os + + +def conditional_if_no_solver_005_T(taint_src): + if True: + res = taint_src + else: + res = "safe_value" + + taint_sink(res) + + + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + conditional_if_no_solver_005_T(taint_src) + diff --git a/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_006_F.py b/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_006_F.py new file mode 100644 index 00000000..d4636177 --- /dev/null +++ b/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_006_F.py @@ -0,0 +1,29 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 +# scene introduction = 区分变量声明位置 +# level = 3 +# bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_006_F +# evaluation information end +import os + + +def conditional_if_no_solver_006_F(taint_src): + if False: + res = taint_src + else: + res = "safe_value" + + taint_sink(res) + + + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + conditional_if_no_solver_006_F(taint_src) + diff --git a/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_match_no_solver_001_T.py b/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_match_no_solver_001_T.py index 9f28dc47..33ea9d82 100644 --- a/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_match_no_solver_001_T.py +++ b/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_match_no_solver_001_T.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = false +# real case = true # evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 # scene introduction = 区分match准入条件(不需求解)->match->区分分支 # level = 3 diff --git a/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/config.json b/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/config.json index 0c28ff4f..9d59f384 100644 --- a/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/config.json +++ b/sast-python3/case/accuracy/path_sensitive/loop_conditional_stmt/no_solver/config.json @@ -14,6 +14,10 @@ "compose": "conditional_if_no_solver_003_T.py && !conditional_if_no_solver_004_F.py", "scene": "区分if else分支+准入条件(不需求解)->if->区分具体执行路径->不求解" }, + { + "compose": "conditional_if_no_solver_005_T.py && !conditional_if_no_solver_006_F.py", + "scene": "区分变量声明位置" + }, { "compose": "!conditional_match_no_solver_001_T.py && !conditional_match_no_solver_002_F.py", "scene": "区分match准入条件(不需求解)->match->区分分支" diff --git a/sast-python3/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_001_F.py b/sast-python3/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_001_F.py index a7078cf7..2193ac71 100644 --- a/sast-python3/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_001_F.py +++ b/sast-python3/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_001_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 完整度->动态特性跟踪完整度->反射调用 -# scene introduction = 字符串常量->反射 +# scene introduction = 字符串常量->反射1 # level = 3 # bind_url = completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_001_F # evaluation information end diff --git a/sast-python3/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_002_T.py b/sast-python3/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_002_T.py index 46dec642..0077319c 100644 --- a/sast-python3/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_002_T.py +++ b/sast-python3/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_002_T.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 完整度->动态特性跟踪完整度->反射调用 -# scene introduction = 字符串常量->反射 +# scene introduction = 字符串常量->反射1 # level = 3 # bind_url = completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_002_T # evaluation information end diff --git a/sast-python3/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_003_T.py b/sast-python3/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_003_T.py index 91c6b590..907901ab 100644 --- a/sast-python3/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_003_T.py +++ b/sast-python3/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_003_T.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 完整度->动态特性跟踪完整度->反射调用 -# scene introduction = 字符串常量->反射 +# scene introduction = 字符串常量->反射2 # level = 3 # bind_url = completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_003_T # evaluation information end diff --git a/sast-python3/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_004_F.py b/sast-python3/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_004_F.py index 279b37f1..12ade634 100644 --- a/sast-python3/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_004_F.py +++ b/sast-python3/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_004_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 完整度->动态特性跟踪完整度->反射调用 -# scene introduction = 字符串常量->反射 +# scene introduction = 字符串常量->反射2 # level = 3 # bind_url = completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_004_F # evaluation information end diff --git a/sast-python3/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_005_T.py b/sast-python3/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_005_T.py index 2f402683..c268a82b 100644 --- a/sast-python3/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_005_T.py +++ b/sast-python3/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_005_T.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 完整度->动态特性跟踪完整度->反射调用 -# scene introduction = 字符串常量->反射 +# scene introduction = 字符串常量->反射3 # level = 3 # bind_url = completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_005_T # evaluation information end diff --git a/sast-python3/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_006_F.py b/sast-python3/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_006_F.py index 034c6b8d..e97b978c 100644 --- a/sast-python3/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_006_F.py +++ b/sast-python3/case/completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_006_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 完整度->动态特性跟踪完整度->反射调用 -# scene introduction = 字符串常量->反射 +# scene introduction = 字符串常量->反射3 # level = 3 # bind_url = completeness/dynamic_tracing/dynamic_call/dynamic_call_reflect_006_F # evaluation information end diff --git a/sast-python3/case/completeness/other/ellipsis/ellipsis_002_F.py b/sast-python3/case/completeness/other/ellipsis/ellipsis_002_F.py index 958cfdf5..b1de9993 100644 --- a/sast-python3/case/completeness/other/ellipsis/ellipsis_002_F.py +++ b/sast-python3/case/completeness/other/ellipsis/ellipsis_002_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->其他->ellipsis # scene introduction = 占位符 # level = 2 diff --git a/sast-python3/case/completeness/other/ellipsis/ellipsis_004_F.py b/sast-python3/case/completeness/other/ellipsis/ellipsis_004_F.py index 909f87dc..d6fbb708 100644 --- a/sast-python3/case/completeness/other/ellipsis/ellipsis_004_F.py +++ b/sast-python3/case/completeness/other/ellipsis/ellipsis_004_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->其他->ellipsis # scene introduction = 切片占位 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/alias/alias_001_T.py b/sast-python3/case/completeness/single_app_tracing/alias/alias_001_T.py index 980808e2..722bc6c7 100644 --- a/sast-python3/case/completeness/single_app_tracing/alias/alias_001_T.py +++ b/sast-python3/case/completeness/single_app_tracing/alias/alias_001_T.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = false +# real case = true # evaluation item = 完整度->单应用跟踪完整度->别名 # scene introduction = 别名问题 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/alias/alias_006_F.py b/sast-python3/case/completeness/single_app_tracing/alias/alias_006_F.py index 5c303f7f..d5dd07e8 100644 --- a/sast-python3/case/completeness/single_app_tracing/alias/alias_006_F.py +++ b/sast-python3/case/completeness/single_app_tracing/alias/alias_006_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->别名 # scene introduction = 列表元素别名 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/class/simple_object/config.json b/sast-python3/case/completeness/single_app_tracing/class/simple_object/config.json index bb60b9c5..eab3d3a1 100644 --- a/sast-python3/case/completeness/single_app_tracing/class/simple_object/config.json +++ b/sast-python3/case/completeness/single_app_tracing/class/simple_object/config.json @@ -8,7 +8,7 @@ "scene_list": [ { "compose": "simple_object_001_T.py && !simple_object_002_F.py", - "scene": "1" + "scene": "简单对象声明" }, { "compose": "simple_object_003_T.py && !simple_object_004_F.py", diff --git a/sast-python3/case/completeness/single_app_tracing/class/simple_object/simple_object_001_T.py b/sast-python3/case/completeness/single_app_tracing/class/simple_object/simple_object_001_T.py index 32fb68c4..8f8e01be 100644 --- a/sast-python3/case/completeness/single_app_tracing/class/simple_object/simple_object_001_T.py +++ b/sast-python3/case/completeness/single_app_tracing/class/simple_object/simple_object_001_T.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 完整度->单应用跟踪完整度->接口与类->简单对象 -# scene introduction = +# scene introduction = 简单对象声明 # level = 2 # bind_url = completeness/single_app_tracing/class/simple_object/simple_object_001_T # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/class/simple_object/simple_object_002_F.py b/sast-python3/case/completeness/single_app_tracing/class/simple_object/simple_object_002_F.py index bfde39bf..75258b95 100644 --- a/sast-python3/case/completeness/single_app_tracing/class/simple_object/simple_object_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/class/simple_object/simple_object_002_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 完整度->单应用跟踪完整度->接口与类->简单对象 -# scene introduction = +# scene introduction = 简单对象声明 # level = 2 # bind_url = completeness/single_app_tracing/class/simple_object/simple_object_002_F # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/control_flow/assert/assert_002_F.py b/sast-python3/case/completeness/single_app_tracing/control_flow/assert/assert_002_F.py index a0ccbcc7..cc6937c9 100644 --- a/sast-python3/case/completeness/single_app_tracing/control_flow/assert/assert_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/control_flow/assert/assert_002_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->流程控制语句->断言 # scene introduction = 验证输入值 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_matchStar_004_F.py b/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_matchStar_004_F.py index 54a2ead6..6280e33f 100644 --- a/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_matchStar_004_F.py +++ b/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_matchStar_004_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->流程控制语句->条件语句 # scene introduction = 星号匹配->字典嵌套 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_001_T.py b/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_001_T.py index ca5e8691..cf37b6ce 100644 --- a/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_001_T.py +++ b/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_001_T.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 完整度->单应用跟踪完整度->流程控制语句->条件语句 -# scene introduction = match +# scene introduction = match1 # level = 2 # bind_url = completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_001_T # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_002_F.py b/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_002_F.py index 80f7261c..0251d744 100644 --- a/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_002_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 完整度->单应用跟踪完整度->流程控制语句->条件语句 -# scene introduction = match +# scene introduction = match1 # level = 2 # bind_url = completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_002_F # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_004_F.py b/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_004_F.py index d5abbb6c..9a3dfc4a 100644 --- a/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_004_F.py +++ b/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_004_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->流程控制语句->条件语句 # scene introduction = match_or # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_007_T.py b/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_007_T.py index 5c3abd65..22d381c0 100644 --- a/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_007_T.py +++ b/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_007_T.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 完整度->单应用跟踪完整度->流程控制语句->条件语句 -# scene introduction = match +# scene introduction = match2 # level = 2 # bind_url = completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_007_T # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_008_F.py b/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_008_F.py index 9bdf3c2d..c054530f 100644 --- a/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_008_F.py +++ b/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_008_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 完整度->单应用跟踪完整度->流程控制语句->条件语句 -# scene introduction = match +# scene introduction = match2 # level = 2 # bind_url = completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_008_F # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/control_flow/loop_stmt/while_else_002_F.py b/sast-python3/case/completeness/single_app_tracing/control_flow/loop_stmt/while_else_002_F.py index 195c3e43..f837d1c9 100644 --- a/sast-python3/case/completeness/single_app_tracing/control_flow/loop_stmt/while_else_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/control_flow/loop_stmt/while_else_002_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->流程控制语句->循环结构 # scene introduction = while_else # level = 4 diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_008_F/cross_file_008_F_a.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_008_F/cross_file_008_F_a.py index 13c053fb..3ad956f9 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_008_F/cross_file_008_F_a.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_008_F/cross_file_008_F_a.py @@ -7,7 +7,7 @@ # bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_008_F/cross_file_008_F_a # evaluation information end -taint_src = 'taint_src' +taint_src = 'taint_src_value' exportedVariable = taint_src exportedVariable1 = '_' diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/A/cross_module_005_T_a.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/A/cross_module_005_T_a.py index 4e73a302..c4604ad1 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/A/cross_module_005_T_a.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/A/cross_module_005_T_a.py @@ -4,7 +4,7 @@ # evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 # scene introduction = 跨目录变量导出 # level = 2 -# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_011_T/A/cross_module_005_T_a +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/A/cross_module_005_T_a # evaluation information end taint_src = "taint_src_value" diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/B/cross_module_005_T_b.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/B/cross_module_005_T_b.py index a33d79b7..918336e8 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/B/cross_module_005_T_b.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/B/cross_module_005_T_b.py @@ -4,7 +4,7 @@ # evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 # scene introduction = 跨目录变量导出 # level = 2 -# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_011_T/B/cross_module_005_T_b +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/B/cross_module_005_T_b # evaluation information end import sys diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/A/cross_module_006_F_a.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/A/cross_module_006_F_a.py index 6b74463c..de684c30 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/A/cross_module_006_F_a.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/A/cross_module_006_F_a.py @@ -4,7 +4,7 @@ # evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 # scene introduction = 跨目录变量导出 # level = 2 -# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_012_F/A/cross_module_006_F_a +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/A/cross_module_006_F_a # evaluation information end exportedVariable = '_' diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/B/cross_module_006_F_b.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/B/cross_module_006_F_b.py index 3c9695bc..b28f4d28 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/B/cross_module_006_F_b.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/B/cross_module_006_F_b.py @@ -4,7 +4,7 @@ # evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 # scene introduction = 跨目录变量导出 # level = 2 -# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_012_F/B/cross_module_006_F_b +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/B/cross_module_006_F_b # evaluation information end import sys diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_009_T/B/cross_module_009_T_b.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_009_T/B/cross_module_009_T_b.py index 13d7f86f..135af49c 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_009_T/B/cross_module_009_T_b.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_009_T/B/cross_module_009_T_b.py @@ -16,4 +16,4 @@ def cross_module_009_T_b(taint_src): taint_sink(result) def taint_sink(o): - os.system(o) \ No newline at end of file + os.system(o) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_017_T/A/__init__.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_017_T/A/__init__.py index 576c461f..ccbfd977 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_017_T/A/__init__.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_017_T/A/__init__.py @@ -1,2 +1,2 @@ -from .cross_module_017_T_a import function_a -from .cross_module_017_T_b import function_b \ No newline at end of file +from .cross_module_017_T_a import cross_module_017_T_a +from .cross_module_017_T_b import cross_module_017_T_b \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_017_T/A/cross_module_017_T_a.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_017_T/A/cross_module_017_T_a.py index e89b21ab..2dc52bab 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_017_T/A/cross_module_017_T_a.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_017_T/A/cross_module_017_T_a.py @@ -2,10 +2,10 @@ # evaluation information start # real case = true # evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 -# scene introduction = 在init文件中import +# scene introduction = 在init文件中import1 # level = 2 # bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_017_T/A/cross_module_017_T_a # evaluation information end -def function_a(taint_src): +def cross_module_017_T_a(taint_src): return taint_src \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_017_T/A/cross_module_017_T_b.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_017_T/A/cross_module_017_T_b.py index 16ac90a8..d9858467 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_017_T/A/cross_module_017_T_b.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_017_T/A/cross_module_017_T_b.py @@ -2,11 +2,11 @@ # evaluation information start # real case = true # evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 -# scene introduction = 在init文件中import +# scene introduction = 在init文件中import1 # level = 2 # bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_017_T/A/cross_module_017_T_b # evaluation information end -def function_b(taint_src): +def cross_module_017_T_b(taint_src): return "_" \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_017_T/cross_module_017_T.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_017_T/cross_module_017_T.py index 5cef1366..59fa878d 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_017_T/cross_module_017_T.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_017_T/cross_module_017_T.py @@ -2,16 +2,15 @@ # evaluation information start # real case = true # evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 -# scene introduction = 在init文件中import +# scene introduction = 在init文件中import1 # level = 2 # bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_017_T/cross_module_017_T # evaluation information end - import os -from A import function_a, function_b +from A import cross_module_017_T_a, cross_module_017_T_b def cross_module_017_T(taint_src): - result = function_a(taint_src) + result = cross_module_017_T_a(taint_src) taint_sink(result) def taint_sink(o): diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_018_F/A/__init__.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_018_F/A/__init__.py index 169db5dd..8aa0d4d8 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_018_F/A/__init__.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_018_F/A/__init__.py @@ -1,2 +1,2 @@ -from .cross_module_018_F_a import function_a -from .cross_module_018_F_b import function_b \ No newline at end of file +from .cross_module_018_F_a import cross_module_018_F_a +from .cross_module_018_F_b import cross_module_018_F_b \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_018_F/A/cross_module_018_F_a.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_018_F/A/cross_module_018_F_a.py index 6a37b091..8cd635aa 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_018_F/A/cross_module_018_F_a.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_018_F/A/cross_module_018_F_a.py @@ -2,10 +2,10 @@ # evaluation information start # real case = false # evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 -# scene introduction = 在init文件中import +# scene introduction = 在init文件中import1 # level = 2 # bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_018_F/A/cross_module_018_F_a # evaluation information end -def function_a(taint_src): +def cross_module_018_F_a(taint_src): return taint_src \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_018_F/A/cross_module_018_F_b.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_018_F/A/cross_module_018_F_b.py index ec59a1c8..c326f49b 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_018_F/A/cross_module_018_F_b.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_018_F/A/cross_module_018_F_b.py @@ -2,11 +2,11 @@ # evaluation information start # real case = false # evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 -# scene introduction = 在init文件中import +# scene introduction = 在init文件中import1 # level = 2 # bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_018_F/A/cross_module_018_F_b # evaluation information end -def function_b(taint_src): +def cross_module_018_F_b(taint_src): return "_" \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_018_F/cross_module_018_F.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_018_F/cross_module_018_F.py index 61443a5c..c2bd95ae 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_018_F/cross_module_018_F.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_018_F/cross_module_018_F.py @@ -2,16 +2,16 @@ # evaluation information start # real case = false # evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 -# scene introduction = 在init文件中import +# scene introduction = 在init文件中import1 # level = 2 # bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_018_F/cross_module_018_F # evaluation information end import os -from A import function_a, function_b +from A import cross_module_018_F_a, cross_module_018_F_b def cross_module_018_F(taint_src): - result = function_b(taint_src) + result = cross_module_018_F_b(taint_src) taint_sink(result) def taint_sink(o): diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_019_T/A/__init__.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_019_T/A/__init__.py index 57d886d7..d0fb1351 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_019_T/A/__init__.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_019_T/A/__init__.py @@ -1,2 +1,2 @@ -from .cross_module_019_T_a import function_a -from .cross_module_019_T_b import function_b \ No newline at end of file +from .cross_module_019_T_a import cross_module_019_T_a +from .cross_module_019_T_b import cross_module_019_T_b \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_019_T/A/cross_module_019_T_a.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_019_T/A/cross_module_019_T_a.py index 1e14b1fb..ca2d9740 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_019_T/A/cross_module_019_T_a.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_019_T/A/cross_module_019_T_a.py @@ -2,10 +2,10 @@ # evaluation information start # real case = true # evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 -# scene introduction = 在init文件中import +# scene introduction = 在init文件中import2 # level = 2 # bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_019_T/A/cross_module_019_T_a # evaluation information end -def function_a(taint_src): +def cross_module_019_T_a(taint_src): return taint_src \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_019_T/A/cross_module_019_T_b.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_019_T/A/cross_module_019_T_b.py index fbfa7966..c917a602 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_019_T/A/cross_module_019_T_b.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_019_T/A/cross_module_019_T_b.py @@ -2,11 +2,11 @@ # evaluation information start # real case = true # evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 -# scene introduction = 在init文件中import +# scene introduction = 在init文件中import2 # level = 2 # bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_019_T/A/cross_module_019_T_b # evaluation information end -def function_b(taint_src): +def cross_module_019_T_b(taint_src): return u"_" \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_019_T/cross_module_019_T.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_019_T/cross_module_019_T.py index 124b49b2..d932eb0f 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_019_T/cross_module_019_T.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_019_T/cross_module_019_T.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 -# scene introduction = 在init文件中import +# scene introduction = 在init文件中import2 # level = 2 # bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_019_T/cross_module_019_T # evaluation information end @@ -11,7 +11,7 @@ import A def cross_module_019_T(taint_src): - result = A.function_a(taint_src) + result = A.cross_module_019_T_a(taint_src) taint_sink(result) def taint_sink(o): diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_020_F/A/__init__.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_020_F/A/__init__.py index 8b839ff2..3b7e67e0 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_020_F/A/__init__.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_020_F/A/__init__.py @@ -1,2 +1,2 @@ -from .cross_module_020_F_a import function_a -from .cross_module_020_F_b import function_b \ No newline at end of file +from .cross_module_020_F_a import cross_module_020_F_a +from .cross_module_020_F_b import cross_module_020_F_b \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_020_F/A/cross_module_020_F_a.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_020_F/A/cross_module_020_F_a.py index edb29d9d..50437485 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_020_F/A/cross_module_020_F_a.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_020_F/A/cross_module_020_F_a.py @@ -2,10 +2,10 @@ # evaluation information start # real case = false # evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 -# scene introduction = 在init文件中import +# scene introduction = 在init文件中import2 # level = 2 # bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_020_F/A/cross_module_020_F_a # evaluation information end -def function_a(taint_src): +def cross_module_020_F_a(taint_src): return taint_src \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_020_F/A/cross_module_020_F_b.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_020_F/A/cross_module_020_F_b.py index 9c9d4ddb..cf6fc284 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_020_F/A/cross_module_020_F_b.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_020_F/A/cross_module_020_F_b.py @@ -2,11 +2,11 @@ # evaluation information start # real case = false # evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 -# scene introduction = 在init文件中import +# scene introduction = 在init文件中import2 # level = 2 # bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_020_F/A/cross_module_020_F_b # evaluation information end -def function_b(taint_src): +def cross_module_020_F_b(taint_src): return u"_" \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_020_F/cross_module_020_F.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_020_F/cross_module_020_F.py index f81b35ff..3d4f673a 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_020_F/cross_module_020_F.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_020_F/cross_module_020_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 -# scene introduction = 在init文件中import +# scene introduction = 在init文件中import2 # level = 2 # bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_020_F/cross_module_020_F # evaluation information end @@ -11,7 +11,7 @@ import A def cross_module_020_F(taint_src): - result = A.function_b(taint_src) + result = A.cross_module_020_F_b(taint_src) taint_sink(result) def taint_sink(o): diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_021_T/A/B/__init__.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_021_T/A/B/__init__.py index a42bf993..f0a607ad 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_021_T/A/B/__init__.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_021_T/A/B/__init__.py @@ -1 +1 @@ -from .cross_module_021_T_b import function_b \ No newline at end of file +from .cross_module_021_T_b import cross_module_021_T_b \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_021_T/A/B/cross_module_021_T_b.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_021_T/A/B/cross_module_021_T_b.py index 716a0799..8069833d 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_021_T/A/B/cross_module_021_T_b.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_021_T/A/B/cross_module_021_T_b.py @@ -2,11 +2,11 @@ # evaluation information start # real case = true # evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 -# scene introduction = 在init文件中import—双层嵌套 +# scene introduction = 在init文件中import—双层嵌套1 # level = 2 # bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_021_T/A/B/cross_module_021_T_b # evaluation information end -def function_b(taint_src): +def cross_module_021_T_b(taint_src): return taint_src \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_021_T/A/__init__.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_021_T/A/__init__.py index 0aaab503..6b0bc1c0 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_021_T/A/__init__.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_021_T/A/__init__.py @@ -1 +1 @@ -from .cross_module_021_T_a import function_a \ No newline at end of file +from .cross_module_021_T_a import cross_module_021_T_a \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_021_T/A/cross_module_021_T_a.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_021_T/A/cross_module_021_T_a.py index 8143ad9d..fa796358 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_021_T/A/cross_module_021_T_a.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_021_T/A/cross_module_021_T_a.py @@ -2,12 +2,12 @@ # evaluation information start # real case = true # evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 -# scene introduction = 在init文件中import—双层嵌套 +# scene introduction = 在init文件中import—双层嵌套1 # level = 2 # bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_021_T/A/cross_module_021_T_a # evaluation information end -from A.B import function_b +from A.B import cross_module_021_T_b -def function_a(taint_src): - return function_b(taint_src) \ No newline at end of file +def cross_module_021_T_a(taint_src): + return cross_module_021_T_b(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_021_T/cross_module_021_T.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_021_T/cross_module_021_T.py index b11102d5..1a2e1916 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_021_T/cross_module_021_T.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_021_T/cross_module_021_T.py @@ -2,16 +2,16 @@ # evaluation information start # real case = true # evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 -# scene introduction = 在init文件中import—双层嵌套 +# scene introduction = 在init文件中import—双层嵌套1 # level = 2 # bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_021_T/cross_module_021_T # evaluation information end import os -from A import function_a +from A import cross_module_021_T_a def cross_module_021_T(taint_src): - result = function_a(taint_src) + result = cross_module_021_T_a(taint_src) taint_sink(result) def taint_sink(o): diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_022_F/A/B/__init__.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_022_F/A/B/__init__.py index 266c8b2f..a10fe957 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_022_F/A/B/__init__.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_022_F/A/B/__init__.py @@ -1 +1 @@ -from .cross_module_022_F_b import function_b \ No newline at end of file +from .cross_module_022_F_b import cross_module_022_F_b \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_022_F/A/B/cross_module_022_F_b.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_022_F/A/B/cross_module_022_F_b.py index a86c45ff..d5a422fc 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_022_F/A/B/cross_module_022_F_b.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_022_F/A/B/cross_module_022_F_b.py @@ -2,11 +2,11 @@ # evaluation information start # real case = false # evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 -# scene introduction = 在init文件中import—双层嵌套 +# scene introduction = 在init文件中import—双层嵌套1 # level = 2 # bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_022_F/A/B/cross_module_022_F_b # evaluation information end -def function_b(taint_src): +def cross_module_022_F_b(taint_src): return "_" \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_022_F/A/__init__.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_022_F/A/__init__.py index 30da7f30..1be3b64b 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_022_F/A/__init__.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_022_F/A/__init__.py @@ -1 +1 @@ -from .cross_module_022_F_a import function_a \ No newline at end of file +from .cross_module_022_F_a import cross_module_022_F_a \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_022_F/A/cross_module_022_F_a.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_022_F/A/cross_module_022_F_a.py index 9d72f1be..fe1ad9d5 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_022_F/A/cross_module_022_F_a.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_022_F/A/cross_module_022_F_a.py @@ -2,12 +2,12 @@ # evaluation information start # real case = false # evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 -# scene introduction = 在init文件中import—双层嵌套 +# scene introduction = 在init文件中import—双层嵌套1 # level = 2 # bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_022_F/A/cross_module_022_F_a # evaluation information end -from A.B import function_b +from A.B import cross_module_022_F_b -def function_a(taint_src): - return function_b(taint_src) \ No newline at end of file +def cross_module_022_F_a(taint_src): + return cross_module_022_F_b(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_022_F/cross_module_022_F.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_022_F/cross_module_022_F.py index e2f4254a..e100bf0a 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_022_F/cross_module_022_F.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_022_F/cross_module_022_F.py @@ -2,16 +2,16 @@ # evaluation information start # real case = false # evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 -# scene introduction = 在init文件中import—双层嵌套 +# scene introduction = 在init文件中import—双层嵌套1 # level = 2 # bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_022_F/cross_module_022_F # evaluation information end import os -from A import function_a +from A import cross_module_022_F_a def cross_module_022_F(taint_src): - result = function_a(taint_src) + result = cross_module_022_F_a(taint_src) taint_sink(result) def taint_sink(o): diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_023_T/A/B/__init__.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_023_T/A/B/__init__.py index 77d21ec4..6bd2b0f9 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_023_T/A/B/__init__.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_023_T/A/B/__init__.py @@ -1 +1 @@ -from .cross_module_023_T_b import function_b \ No newline at end of file +from .cross_module_023_T_b import cross_module_023_T_b \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_023_T/A/B/cross_module_023_T_b.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_023_T/A/B/cross_module_023_T_b.py index 927882e2..6ce58fc2 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_023_T/A/B/cross_module_023_T_b.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_023_T/A/B/cross_module_023_T_b.py @@ -2,11 +2,11 @@ # evaluation information start # real case = true # evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 -# scene introduction = 在init文件中import—双层嵌套 +# scene introduction = 在init文件中import—双层嵌套2 # level = 2 # bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_023_T/A/B/cross_module_023_T_b # evaluation information end -def function_b(taint_src): +def cross_module_023_T_b(taint_src): return taint_src \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_023_T/A/__init__.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_023_T/A/__init__.py index c7922fec..79efafe7 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_023_T/A/__init__.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_023_T/A/__init__.py @@ -1 +1 @@ -from .cross_module_023_T_a import function_a \ No newline at end of file +from .cross_module_023_T_a import cross_module_023_T_a \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_023_T/A/cross_module_023_T_a.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_023_T/A/cross_module_023_T_a.py index 7658fa15..fee791e3 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_023_T/A/cross_module_023_T_a.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_023_T/A/cross_module_023_T_a.py @@ -2,12 +2,12 @@ # evaluation information start # real case = true # evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 -# scene introduction = 在init文件中import—双层嵌套 +# scene introduction = 在init文件中import—双层嵌套2 # level = 2 # bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_023_T/A/cross_module_023_T_a # evaluation information end import A.B -def function_a(taint_src): - return A.B.function_b(taint_src) \ No newline at end of file +def cross_module_023_T_a(taint_src): + return A.B.cross_module_023_T_b(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_023_T/cross_module_023_T.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_023_T/cross_module_023_T.py index 440e5e0f..bd8f3ef7 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_023_T/cross_module_023_T.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_023_T/cross_module_023_T.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 -# scene introduction = 在init文件中import—双层嵌套 +# scene introduction = 在init文件中import—双层嵌套2 # level = 2 # bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_023_T/cross_module_023_T # evaluation information end @@ -11,7 +11,7 @@ import A def cross_module_023_T(taint_src): - result = A.function_a(taint_src) + result = A.cross_module_023_T_a(taint_src) taint_sink(result) def taint_sink(o): diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_024_F/A/B/__init__.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_024_F/A/B/__init__.py index b61d6506..e9b87fc0 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_024_F/A/B/__init__.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_024_F/A/B/__init__.py @@ -1 +1 @@ -from .cross_module_024_F_b import function_b \ No newline at end of file +from .cross_module_024_F_b import cross_module_024_F_b \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_024_F/A/B/cross_module_024_F_b.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_024_F/A/B/cross_module_024_F_b.py index 9f4115ee..06c1436a 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_024_F/A/B/cross_module_024_F_b.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_024_F/A/B/cross_module_024_F_b.py @@ -2,11 +2,11 @@ # evaluation information start # real case = false # evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 -# scene introduction = 在init文件中import—双层嵌套 +# scene introduction = 在init文件中import—双层嵌套2 # level = 2 # bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_024_F/A/B/cross_module_024_F_b # evaluation information end -def function_b(taint_src): +def cross_module_024_F_b(taint_src): return "_" \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_024_F/A/__init__.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_024_F/A/__init__.py index 3595c472..c663a1d0 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_024_F/A/__init__.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_024_F/A/__init__.py @@ -1 +1 @@ -from .cross_module_024_F_a import function_a \ No newline at end of file +from .cross_module_024_F_a import cross_module_024_F_a \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_024_F/A/cross_module_024_F_a.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_024_F/A/cross_module_024_F_a.py index 9cc52afb..e5406f62 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_024_F/A/cross_module_024_F_a.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_024_F/A/cross_module_024_F_a.py @@ -2,12 +2,12 @@ # evaluation information start # real case = false # evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 -# scene introduction = 在init文件中import—双层嵌套 +# scene introduction = 在init文件中import—双层嵌套2 # level = 2 # bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_024_F/A/cross_module_024_F_a # evaluation information end import A.B -def function_a(taint_src): - return A.B.function_b(taint_src) \ No newline at end of file +def cross_module_024_F_a(taint_src): + return A.B.cross_module_024_F_b(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_024_F/cross_module_024_F.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_024_F/cross_module_024_F.py index 665958ed..8c888d43 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_024_F/cross_module_024_F.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_024_F/cross_module_024_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 -# scene introduction = 在init文件中import—双层嵌套 +# scene introduction = 在init文件中import—双层嵌套2 # level = 2 # bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_024_F/cross_module_024_F # evaluation information end @@ -11,7 +11,7 @@ import A def cross_module_024_F(taint_src): - result = A.function_a(taint_src) + result = A.cross_module_024_F_a(taint_src) taint_sink(result) def taint_sink(o): diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_026_F/B/cross_module_026_F_b.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_026_F/B/cross_module_026_F_b.py index aacd38e6..60df4d4d 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_026_F/B/cross_module_026_F_b.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_026_F/B/cross_module_026_F_b.py @@ -4,7 +4,7 @@ # evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 # scene introduction = 跨目录导出—双层嵌套 # level = 2 -# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_026_F/B/cross_module_026_F +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_026_F/B/cross_module_026_F_b # evaluation information end import sys @@ -13,7 +13,7 @@ from A.cross_module_026_F_a import cross_module_026_F_a -def cross_module_026_F(taint_src): +def cross_module_026_F_b(taint_src): result = cross_module_026_F_a(taint_src) taint_sink(result) @@ -24,5 +24,5 @@ def taint_sink(o): if __name__ == '__main__': taint_src = "taint_src_value" - cross_module_026_F(taint_src) + cross_module_026_F_b(taint_src) diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_027_T/cross_module_027_T.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_027_T/cross_module_027_T.py index b262f51b..0a2fe6ce 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_027_T/cross_module_027_T.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_027_T/cross_module_027_T.py @@ -9,7 +9,10 @@ from A.cross_module_027_T_a import cross_module_027_T_a +def cross_module_027_T(taint_src): + cross_module_027_T_a(taint_src) + if __name__ == "__main__": taint_src = "taint_src_value" - cross_module_027_T_a(taint_src) + cross_module_027_T(taint_src) diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_028_F/cross_module_028_F.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_028_F/cross_module_028_F.py index f62a2da6..73c0459f 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_028_F/cross_module_028_F.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_028_F/cross_module_028_F.py @@ -9,7 +9,10 @@ from A.cross_module_028_F_a import cross_module_028_F_a +def cross_module_028_F(taint_src): + cross_module_028_F_a(taint_src) + if __name__ == "__main__": taint_src = "taint_src_value" - cross_module_028_F_a(taint_src) + cross_module_028_F(taint_src) diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_031_T/B/cross_module_031_T_b.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_031_T/B/cross_module_031_T_b.py index 508c533c..7d6d02ef 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_031_T/B/cross_module_031_T_b.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_031_T/B/cross_module_031_T_b.py @@ -8,10 +8,10 @@ # evaluation information end import os -from ..cross_module_031_T_a import source +from ..cross_module_031_T_a import cross_module_031_T_a -def cross_module_029_T_b(taint_src): - result = source(taint_src) +def cross_module_031_T_b(taint_src): + result = cross_module_031_T_a(taint_src) taint_sink(result) @@ -21,5 +21,5 @@ def taint_sink(o): if __name__ == '__main__': taint_src = "taint_src_value" - cross_module_029_T_b(taint_src) + cross_module_031_T_b(taint_src) diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_031_T/cross_module_031_T_a.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_031_T/cross_module_031_T_a.py index b947ff8a..d6fb5406 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_031_T/cross_module_031_T_a.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_031_T/cross_module_031_T_a.py @@ -7,6 +7,6 @@ # bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_031_T/cross_module_031_T_a # evaluation information end -def source(taint_src): +def cross_module_031_T_a(taint_src): return f"{taint_src}_default" diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_032_F/B/cross_module_032_F_b.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_032_F/B/cross_module_032_F_b.py index 89047406..fa56b6d9 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_032_F/B/cross_module_032_F_b.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_032_F/B/cross_module_032_F_b.py @@ -8,10 +8,10 @@ # evaluation information end import os -from ..cross_module_032_F_a import source +from ..cross_module_032_F_a import cross_module_032_F_a def cross_module_032_F_b(taint_src): - result = source(taint_src) + result = cross_module_032_F_a(taint_src) taint_sink(result) diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_032_F/cross_module_032_F_a.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_032_F/cross_module_032_F_a.py index e4432f1a..b0e01147 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_032_F/cross_module_032_F_a.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_032_F/cross_module_032_F_a.py @@ -7,6 +7,6 @@ # bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_032_F/cross_module_032_F_a # evaluation information end -def source(taint_src): +def cross_module_032_F_a(taint_src): return f"default" diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_033_T/B/C/cross_module_033_T_b.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_033_T/B/C/cross_module_033_T_b.py index 80b3ba43..f5ffd5f4 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_033_T/B/C/cross_module_033_T_b.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_033_T/B/C/cross_module_033_T_b.py @@ -4,14 +4,14 @@ # evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 # scene introduction = 多级模块相对导入 # level = 2 -# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_033_T/B/C/cross_module_03_T_b +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_033_T/B/C/cross_module_033_T_b # evaluation information end import os -from ...cross_module_033_T_a import source +from ...cross_module_033_T_a import cross_module_033_T_a def cross_module_033_T_b(taint_src): - result = source(taint_src) + result = cross_module_033_T_a(taint_src) taint_sink(result) diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_033_T/cross_module_033_T_a.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_033_T/cross_module_033_T_a.py index 1ea121d8..f038e47c 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_033_T/cross_module_033_T_a.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_033_T/cross_module_033_T_a.py @@ -7,6 +7,6 @@ # bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_033_T/cross_module_033_T_a # evaluation information end -def source(taint_src): +def cross_module_033_T_a(taint_src): return f"{taint_src}_default" diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_034_F/B/C/cross_module_034_F_b.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_034_F/B/C/cross_module_034_F_b.py index 7cb2bd60..cfab359f 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_034_F/B/C/cross_module_034_F_b.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_034_F/B/C/cross_module_034_F_b.py @@ -8,10 +8,10 @@ # evaluation information end import os -from ...cross_module_034_F_a import source +from ...cross_module_034_F_a import cross_module_034_F_a def cross_module_034_F_b(taint_src): - result = source(taint_src) + result = cross_module_034_F_a(taint_src) taint_sink(result) diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_034_F/cross_module_034_F_a.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_034_F/cross_module_034_F_a.py index 18ff19ab..c701d190 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_034_F/cross_module_034_F_a.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_034_F/cross_module_034_F_a.py @@ -7,6 +7,6 @@ # bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_034_F/cross_module_034_F_a # evaluation information end -def source(taint_src): +def cross_module_034_F_a(taint_src): return f"default" diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_035_T/B/cross_module_035_T_b.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_035_T/B/cross_module_035_T_b.py index afa64cae..6809fd3e 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_035_T/B/cross_module_035_T_b.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_035_T/B/cross_module_035_T_b.py @@ -11,7 +11,7 @@ from .. import cross_module_035_T_a def cross_module_035_T_b(taint_src): - result = cross_module_035_T_a.source(taint_src) + result = cross_module_035_T_a.cross_module_035_T_a(taint_src) taint_sink(result) diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_035_T/cross_module_035_T_a.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_035_T/cross_module_035_T_a.py index 02babfb6..7328b34b 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_035_T/cross_module_035_T_a.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_035_T/cross_module_035_T_a.py @@ -7,6 +7,6 @@ # bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_035_T/cross_module_035_T_a # evaluation information end -def source(taint_src): +def cross_module_035_T_a(taint_src): return f"{taint_src}_default" diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_036_F/B/cross_module_036_F_b.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_036_F/B/cross_module_036_F_b.py index beea6cc6..6062c8c5 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_036_F/B/cross_module_036_F_b.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_036_F/B/cross_module_036_F_b.py @@ -10,8 +10,8 @@ import os from .. import cross_module_036_F_a -def cross_module_035_T_b(taint_src): - result = cross_module_036_F_a.source(taint_src) +def cross_module_036_F_b(taint_src): + result = cross_module_036_F_a.cross_module_036_F_a(taint_src) taint_sink(result) @@ -21,5 +21,5 @@ def taint_sink(o): if __name__ == '__main__': taint_src = "taint_src_value" - cross_module_035_T_b(taint_src) + cross_module_036_F_b(taint_src) diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_036_F/cross_module_036_F_a.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_036_F/cross_module_036_F_a.py index 648d09ed..f9b67cb8 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_036_F/cross_module_036_F_a.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_036_F/cross_module_036_F_a.py @@ -7,6 +7,6 @@ # bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_036_F/cross_module_036_F_a # evaluation information end -def source(taint_src): +def cross_module_036_F_a(taint_src): return f"default" diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_037_T/A/B/C/D/cross_module_037_T_d.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_037_T/A/B/C/D/cross_module_037_T_d.py index 91b50fcc..4e771596 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_037_T/A/B/C/D/cross_module_037_T_d.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_037_T/A/B/C/D/cross_module_037_T_d.py @@ -11,7 +11,7 @@ from .... import cross_module_037_T_a def cross_module_037_T_d(taint_src): - result = cross_module_037_T_a.source(taint_src) + result = cross_module_037_T_a.cross_module_037_T_a(taint_src) taint_sink(result) diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_037_T/A/cross_module_037_T_a.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_037_T/A/cross_module_037_T_a.py index 2e717d01..1ddf0ae9 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_037_T/A/cross_module_037_T_a.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_037_T/A/cross_module_037_T_a.py @@ -4,9 +4,9 @@ # evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 # scene introduction = 相对导入-多级导入整个模块 # level = 2 -# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_037_T/cross_module_037_T_a +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_037_T/A/cross_module_037_T_a # evaluation information end -def source(taint_src): +def cross_module_037_T_a(taint_src): return f"{taint_src}_default" diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_038_F/A/B/C/D/cross_module_038_F_d.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_038_F/A/B/C/D/cross_module_038_F_d.py index e2f7cb3a..fbe49f62 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_038_F/A/B/C/D/cross_module_038_F_d.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_038_F/A/B/C/D/cross_module_038_F_d.py @@ -11,7 +11,7 @@ from .... import cross_module_038_F_a def cross_module_038_F_d(taint_src): - result = cross_module_038_F_a.source(taint_src) + result = cross_module_038_F_a.cross_module_038_F_a(taint_src) taint_sink(result) diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_038_F/A/cross_module_038_F_a.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_038_F/A/cross_module_038_F_a.py index 38389974..a5566c2f 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_038_F/A/cross_module_038_F_a.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_038_F/A/cross_module_038_F_a.py @@ -7,6 +7,6 @@ # bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_038_F/A/cross_module_038_F_a # evaluation information end -def source(taint_src): +def cross_module_038_F_a(taint_src): return f"default" diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_039_T/A/B/cross_module_039_T_b.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_039_T/A/B/cross_module_039_T_b.py index dd6b4d80..daf24a67 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_039_T/A/B/cross_module_039_T_b.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_039_T/A/B/cross_module_039_T_b.py @@ -7,5 +7,5 @@ # bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_039_T/A/B/cross_module_039_T_b # evaluation information end -def source(taint_src): +def cross_module_039_T_b(taint_src): return f"{taint_src}_default" \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_039_T/cross_module_039_T_a.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_039_T/cross_module_039_T_a.py index 709db213..f3e07c98 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_039_T/cross_module_039_T_a.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_039_T/cross_module_039_T_a.py @@ -11,7 +11,7 @@ import A.B.cross_module_039_T_b def cross_module_039_T_a(taint_src): - result = A.B.cross_module_039_T_b.source(taint_src) + result = A.B.cross_module_039_T_b.cross_module_039_T_b(taint_src) taint_sink(result) diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_040_F/A/B/cross_module_040_F_b.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_040_F/A/B/cross_module_040_F_b.py index c07739de..103092d5 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_040_F/A/B/cross_module_040_F_b.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_040_F/A/B/cross_module_040_F_b.py @@ -7,6 +7,6 @@ # bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_040_F/A/B/cross_module_040_F_b # evaluation information end -def source(taint_src): +def cross_module_040_F_b(taint_src): return f"default" diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_040_F/cross_module_040_F_a.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_040_F/cross_module_040_F_a.py index 282c1039..57aa2588 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_040_F/cross_module_040_F_a.py +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_040_F/cross_module_040_F_a.py @@ -4,14 +4,14 @@ # evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 # scene introduction = 绝对导入 # level = 2 -# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_040_F/A/cross_module_040_F_a +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_040_F/cross_module_040_F_a # evaluation information end import os import A.B.cross_module_040_F_b def cross_module_040_F_a(taint_src): - result = A.B.cross_module_040_F_b.source(taint_src) + result = A.B.cross_module_040_F_b.cross_module_040_F_b(taint_src) taint_sink(result) diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/any/config.json b/sast-python3/case/completeness/single_app_tracing/datatype/any/config.json index a0896983..2f566d80 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/any/config.json +++ b/sast-python3/case/completeness/single_app_tracing/datatype/any/config.json @@ -8,7 +8,7 @@ "scene_list": [ { "compose": "type_annotation_any_001_T.py && !type_annotation_any_002_F.py", - "scene": "1" + "scene": "any类型" } ] } diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/any/type_annotation_any_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/any/type_annotation_any_001_T.py index 47974264..82144ffe 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/any/type_annotation_any_001_T.py +++ b/sast-python3/case/completeness/single_app_tracing/datatype/any/type_annotation_any_001_T.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->any -# scene introduction = +# scene introduction = any类型 # level = 2 # bind_url = completeness/single_app_tracing/datatype/any/type_annotation_any_001_T # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/any/type_annotation_any_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/any/type_annotation_any_002_F.py index cf9d1944..c7b22d3e 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/any/type_annotation_any_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/datatype/any/type_annotation_any_002_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->any -# scene introduction = +# scene introduction = any类型 # level = 2 # bind_url = completeness/single_app_tracing/datatype/any/type_annotation_any_002_F # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/array/array_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/array/array_001_T.py index e5e500f3..fe8284d8 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/array/array_001_T.py +++ b/sast-python3/case/completeness/single_app_tracing/datatype/array/array_001_T.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->数组 -# scene introduction = +# scene introduction = array操作 # level = 2 # bind_url = completeness/single_app_tracing/datatype/array/array_001_T # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/array/array_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/array/array_002_F.py index a17d6e36..73ccfd8a 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/array/array_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/datatype/array/array_002_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->数组 -# scene introduction = +# scene introduction = array操作 # level = 2 # bind_url = completeness/single_app_tracing/datatype/array/array_002_F # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/array/config.json b/sast-python3/case/completeness/single_app_tracing/datatype/array/config.json index e2a8dd6a..a71db744 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/array/config.json +++ b/sast-python3/case/completeness/single_app_tracing/datatype/array/config.json @@ -8,7 +8,7 @@ "scene_list": [ { "compose": "array_001_T.py && !array_002_F.py", - "scene": "1" + "scene": "array操作" }, { "compose": "array_003_T.py && !array_004_F.py", diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/collections/set_006_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/collections/set_006_F.py index b3f86991..dceaba02 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/collections/set_006_F.py +++ b/sast-python3/case/completeness/single_app_tracing/datatype/collections/set_006_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->集合 # scene introduction = 交集-并集 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/customize/config.json b/sast-python3/case/completeness/single_app_tracing/datatype/customize/config.json index a3125af5..b43d60cb 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/customize/config.json +++ b/sast-python3/case/completeness/single_app_tracing/datatype/customize/config.json @@ -8,7 +8,7 @@ "scene_list": [ { "compose": "type_annotation_customize_001_T.py && !type_annotation_customize_002_F.py", - "scene": "1" + "scene": "自定义类型注解" } ] } diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/customize/type_annotation_customize_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/customize/type_annotation_customize_001_T.py index 128424ff..55a2be91 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/customize/type_annotation_customize_001_T.py +++ b/sast-python3/case/completeness/single_app_tracing/datatype/customize/type_annotation_customize_001_T.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->自定义类型注解 -# scene introduction = +# scene introduction = 自定义类型注解 # level = 2 # bind_url = completeness/single_app_tracing/datatype/customize/type_annotation_customize_001_T # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/customize/type_annotation_customize_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/customize/type_annotation_customize_002_F.py index a8dc1360..b2f6e13d 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/customize/type_annotation_customize_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/datatype/customize/type_annotation_customize_002_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->自定义类型注解 -# scene introduction = +# scene introduction = 自定义类型注解 # level = 2 # bind_url = completeness/single_app_tracing/datatype/customize/type_annotation_customize_002_F # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/config.json b/sast-python3/case/completeness/single_app_tracing/datatype/list/config.json index 9595fa87..c55b90fa 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/list/config.json +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/config.json @@ -8,7 +8,7 @@ "scene_list": [ { "compose": "list_001_T.py && !list_002_F.py", - "scene": "1" + "scene": "一维" }, { "compose": "list_003_T.py && !list_004_F.py", diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_001_T.py index ed62573f..0e2e20eb 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_001_T.py +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_001_T.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->列表 -# scene introduction = +# scene introduction = 一维 # level = 2 # bind_url = completeness/single_app_tracing/datatype/list/list_001_T # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_002_F.py index 902fa6b7..b60906a8 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_002_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->列表 -# scene introduction = +# scene introduction = 一维 # level = 2 # bind_url = completeness/single_app_tracing/datatype/list/list_002_F # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/map/map_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/map/map_001_T.py index 58e166e8..58a42748 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/map/map_001_T.py +++ b/sast-python3/case/completeness/single_app_tracing/datatype/map/map_001_T.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字典 -# scene introduction = 字典/映射(Map)对象 +# scene introduction = 字典/映射(Map)对象1 # level = 2 # bind_url = completeness/single_app_tracing/datatype/map/map_001_T # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/map/map_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/map/map_002_F.py index 9839123e..c45064dd 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/map/map_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/datatype/map/map_002_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字典 -# scene introduction = 字典/映射(Map)对象 +# scene introduction = 字典/映射(Map)对象1 # level = 2 # bind_url = completeness/single_app_tracing/datatype/map/map_002_F # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/map/map_003_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/map/map_003_T.py index fe9d515e..9071c08b 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/map/map_003_T.py +++ b/sast-python3/case/completeness/single_app_tracing/datatype/map/map_003_T.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字典 -# scene introduction = 字典/映射(Map)对象 +# scene introduction = 字典/映射(Map)对象2 # level = 2 # bind_url = completeness/single_app_tracing/datatype/map/map_003_T # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/map/map_004_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/map/map_004_F.py index 59740971..309eecf4 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/map/map_004_F.py +++ b/sast-python3/case/completeness/single_app_tracing/datatype/map/map_004_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字典 -# scene introduction = 字典/映射(Map)对象 +# scene introduction = 字典/映射(Map)对象2 # level = 2 # bind_url = completeness/single_app_tracing/datatype/map/map_004_F # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/map/map_005_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/map/map_005_T.py index 45037503..3861d39f 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/map/map_005_T.py +++ b/sast-python3/case/completeness/single_app_tracing/datatype/map/map_005_T.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字典 -# scene introduction = 字典/映射(Map)对象 +# scene introduction = 字典/映射(Map)对象3 # level = 2 # bind_url = completeness/single_app_tracing/datatype/map/map_005_T # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/map/map_006_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/map/map_006_F.py index be33a692..2b017acc 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/map/map_006_F.py +++ b/sast-python3/case/completeness/single_app_tracing/datatype/map/map_006_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字典 -# scene introduction = 字典/映射(Map)对象 +# scene introduction = 字典/映射(Map)对象3 # level = 2 # bind_url = completeness/single_app_tracing/datatype/map/map_006_F # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/map/map_007_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/map/map_007_T.py index 263d82cf..00bb8440 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/map/map_007_T.py +++ b/sast-python3/case/completeness/single_app_tracing/datatype/map/map_007_T.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字典 -# scene introduction = 字典/映射(Map)对象 +# scene introduction = 字典/映射(Map)对象4 # level = 2 # bind_url = completeness/single_app_tracing/datatype/map/map_007_T # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/map/map_008_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/map/map_008_F.py index a5eb9783..a150e012 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/map/map_008_F.py +++ b/sast-python3/case/completeness/single_app_tracing/datatype/map/map_008_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字典 -# scene introduction = 字典/映射(Map)对象 +# scene introduction = 字典/映射(Map)对象4 # level = 2 # bind_url = completeness/single_app_tracing/datatype/map/map_008_F # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/new_type/config.json b/sast-python3/case/completeness/single_app_tracing/datatype/new_type/config.json index 5ba084ae..72b61a4a 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/new_type/config.json +++ b/sast-python3/case/completeness/single_app_tracing/datatype/new_type/config.json @@ -8,7 +8,7 @@ "scene_list": [ { "compose": "type_annotation_new_type_001_T.py && !type_annotation_new_type_002_F.py", - "scene": "1" + "scene": "名义类型" } ] } diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/new_type/type_annotation_new_type_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/new_type/type_annotation_new_type_001_T.py index 03df9b61..cd28afc5 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/new_type/type_annotation_new_type_001_T.py +++ b/sast-python3/case/completeness/single_app_tracing/datatype/new_type/type_annotation_new_type_001_T.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->名义类型 -# scene introduction = +# scene introduction = 名义类型 # level = 2 # bind_url = completeness/single_app_tracing/datatype/new_type/type_annotation_new_type_001_T # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/new_type/type_annotation_new_type_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/new_type/type_annotation_new_type_002_F.py index 58ad8229..730f3105 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/new_type/type_annotation_new_type_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/datatype/new_type/type_annotation_new_type_002_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->名义类型 -# scene introduction = +# scene introduction = 名义类型 # level = 2 # bind_url = completeness/single_app_tracing/datatype/new_type/type_annotation_new_type_002_F # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/primitives/complex_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/primitives/complex_001_T.py index 2d3f2e62..46973c81 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/primitives/complex_001_T.py +++ b/sast-python3/case/completeness/single_app_tracing/datatype/primitives/complex_001_T.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -# scene introduction = 复数 +# scene introduction = 复数1 # level = 2 # bind_url = completeness/single_app_tracing/datatype/primitives/complex_001_T # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/primitives/complex_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/primitives/complex_002_F.py index 76cff27e..88867052 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/primitives/complex_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/datatype/primitives/complex_002_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -# scene introduction = 复数 +# scene introduction = 复数1 # level = 2 # bind_url = completeness/single_app_tracing/datatype/primitives/complex_002_F # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/primitives/complex_003_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/primitives/complex_003_T.py index 1f8b440d..33697340 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/primitives/complex_003_T.py +++ b/sast-python3/case/completeness/single_app_tracing/datatype/primitives/complex_003_T.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -# scene introduction = 复数 +# scene introduction = 复数2 # level = 2 # bind_url = completeness/single_app_tracing/datatype/primitives/complex_003_T # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/primitives/complex_004_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/primitives/complex_004_F.py index d18f59b9..fefe3f9c 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/primitives/complex_004_F.py +++ b/sast-python3/case/completeness/single_app_tracing/datatype/primitives/complex_004_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 -# scene introduction = 复数 +# scene introduction = 复数2 # level = 2 # bind_url = completeness/single_app_tracing/datatype/primitives/complex_004_F # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_002_F.py index c68c8549..71285384 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_002_F.py @@ -1,5 +1,5 @@ # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->元组 # scene introduction = 元组字面量 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_004_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_004_F.py index d3383cf2..b890731b 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_004_F.py +++ b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_004_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->元组 # scene introduction = 解包操作 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_catch_001_T.py b/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_catch_001_T.py index e183d9d6..fe2e6e89 100644 --- a/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_catch_001_T.py +++ b/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_catch_001_T.py @@ -1,10 +1,10 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = false +# real case = true # evaluation item = 完整度->单应用跟踪完整度->异常与错误处理->异常抛出与捕获 # scene introduction = exception_catch # level = 2 -# bind_url = completeness/chain_tracing/exception_error/exception_throw/exception_catch_001_T +# bind_url = completeness/single_app_tracing/exception_error/exception_throw/exception_catch_001_T # evaluation information end import os diff --git a/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_catch_002_F.py b/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_catch_002_F.py index 6752459c..a143d8db 100644 --- a/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_catch_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_catch_002_F.py @@ -4,7 +4,7 @@ # evaluation item = 完整度->单应用跟踪完整度->异常与错误处理->异常抛出与捕获 # scene introduction = exception_catch # level = 2 -# bind_url = completeness/chain_tracing/exception_error/exception_throw/exception_catch_002_F +# bind_url = completeness/single_app_tracing/exception_error/exception_throw/exception_catch_002_F # evaluation information end import os diff --git a/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_finally_001_T.py b/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_finally_001_T.py index 14812997..6ee6164d 100644 --- a/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_finally_001_T.py +++ b/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_finally_001_T.py @@ -4,7 +4,7 @@ # evaluation item = 完整度->单应用跟踪完整度->异常与错误处理->异常抛出与捕获 # scene introduction = exception_finally # level = 2 -# bind_url = completeness/chain_tracing/exception_error/exception_throw/exception_finally_001_T +# bind_url = completeness/single_app_tracing/exception_error/exception_throw/exception_finally_001_T # evaluation information end import os diff --git a/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_finally_002_F.py b/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_finally_002_F.py index 738bb341..a4b1db20 100644 --- a/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_finally_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_finally_002_F.py @@ -4,7 +4,7 @@ # evaluation item = 完整度->单应用跟踪完整度->异常与错误处理->异常抛出与捕获 # scene introduction = exception_finally # level = 2 -# bind_url = completeness/chain_tracing/exception_error/exception_throw/exception_finally_002_F +# bind_url = completeness/single_app_tracing/exception_error/exception_throw/exception_finally_002_F # evaluation information end import os diff --git a/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_try_001_T.py b/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_try_001_T.py index b9922e9f..520e66ac 100644 --- a/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_try_001_T.py +++ b/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_try_001_T.py @@ -4,7 +4,7 @@ # evaluation item = 完整度->单应用跟踪完整度->异常与错误处理->异常抛出与捕获 # scene introduction = exception_try # level = 2 -# bind_url = completeness/chain_tracing/exception_error/exception_throw/exception_try_001_T +# bind_url = completeness/single_app_tracing/exception_error/exception_throw/exception_try_001_T # evaluation information end import os diff --git a/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_try_002_F.py b/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_try_002_F.py index 420f58e7..704b9f34 100644 --- a/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_try_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_try_002_F.py @@ -4,7 +4,7 @@ # evaluation item = 完整度->单应用跟踪完整度->异常与错误处理->异常抛出与捕获 # scene introduction = exception_try # level = 2 -# bind_url = completeness/chain_tracing/exception_error/exception_throw/exception_try_002_F +# bind_url = completeness/single_app_tracing/exception_error/exception_throw/exception_try_002_F # evaluation information end import os diff --git a/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_try_else_001_T.py b/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_try_else_001_T.py index 93c9f001..d77d15b3 100644 --- a/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_try_else_001_T.py +++ b/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_try_else_001_T.py @@ -4,7 +4,7 @@ # evaluation item = 完整度->单应用跟踪完整度->异常与错误处理->异常抛出与捕获 # scene introduction = exception_try_else # level = 2 -# bind_url = completeness/chain_tracing/exception_error/exception_throw/exception_try_else_001_T +# bind_url = completeness/single_app_tracing/exception_error/exception_throw/exception_try_else_001_T # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_try_else_002_F.py b/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_try_else_002_F.py index 86d1af79..3f235f23 100644 --- a/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_try_else_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_try_else_002_F.py @@ -4,7 +4,7 @@ # evaluation item = 完整度->单应用跟踪完整度->异常与错误处理->异常抛出与捕获 # scene introduction = exception_try_else # level = 2 -# bind_url = completeness/chain_tracing/exception_error/exception_throw/exception_try_else_002_F +# bind_url = completeness/single_app_tracing/exception_error/exception_throw/exception_try_else_002_F # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_try_except_star_001_T.py b/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_try_except_star_001_T.py index 0935c1d3..3a58462b 100644 --- a/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_try_except_star_001_T.py +++ b/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_try_except_star_001_T.py @@ -4,7 +4,7 @@ # evaluation item = 完整度->单应用跟踪完整度->异常与错误处理->异常抛出与捕获 # scene introduction = exception_try_except_star # level = 2 -# bind_url = completeness/chain_tracing/exception_error/exception_throw_except_star/exception_try_except_star_001_T +# bind_url = completeness/single_app_tracing/exception_error/exception_throw/exception_try_except_star_001_T # evaluation information end import os diff --git a/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_try_except_star_002_F.py b/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_try_except_star_002_F.py index 2d054114..5895eba7 100644 --- a/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_try_except_star_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_try_except_star_002_F.py @@ -4,7 +4,7 @@ # evaluation item = 完整度->单应用跟踪完整度->异常与错误处理->异常抛出与捕获 # scene introduction = exception_try_except_star # level = 2 -# bind_url = completeness/chain_tracing/exception_error/exception_throw_except_star/exception_try_except_star_002_F +# bind_url = completeness/single_app_tracing/exception_error/exception_throw/exception_try_except_star_002_F # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_add_assignment_002_F.py b/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_add_assignment_002_F.py index f7477d57..49421505 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_add_assignment_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_add_assignment_002_F.py @@ -9,7 +9,7 @@ import os -def binary_expression_add_assignment_002_T(taint_src): +def binary_expression_add_assignment_002_F(taint_src): aa = "aa" result = '_' result += aa # 使用传入的参数 aa @@ -22,5 +22,5 @@ def taint_sink(o): if __name__ == '__main__': taint_src = "taint_src_value" - binary_expression_add_assignment_002_T(taint_src) + binary_expression_add_assignment_002_F(taint_src) diff --git a/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_mult_002_F.py b/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_mult_002_F.py index 325f5b9b..1e9661ec 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_mult_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_mult_002_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 # scene introduction = 二元运算->乘 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_namedexpr_basic_001_T.py b/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_namedexpr_basic_001_T.py index 857080d1..94785958 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_namedexpr_basic_001_T.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_namedexpr_basic_001_T.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 -# scene introduction = 二元运算->海象运算 +# scene introduction = 一元运算->海象运算 # level = 2 # bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_namedexpr_basic_001_T # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_namedexpr_basic_002_F.py b/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_namedexpr_basic_002_F.py index dffde32e..dfbe0c30 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_namedexpr_basic_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_namedexpr_basic_002_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 -# scene introduction = 二元运算->海象运算 +# scene introduction = 一元运算->海象运算 # level = 2 # bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_namedexpr_basic_002_F # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_sub_002_F.py b/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_sub_002_F.py index e6b60637..47f380fc 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_sub_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_sub_002_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 # scene introduction = 二元运算->减 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/expression/conditional_expression/logical_or_002_F.py b/sast-python3/case/completeness/single_app_tracing/expression/conditional_expression/logical_or_002_F.py index 9843bf64..df509edb 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/conditional_expression/logical_or_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/conditional_expression/logical_or_002_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->条件表达式 # scene introduction = 逻辑或 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_006_F.py b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_006_F.py index bb789291..66258587 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_006_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_006_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 # scene introduction = del运算符->字典键值对 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_008_F.py b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_008_F.py index 36125a52..7adcc148 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_008_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_008_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 # scene introduction = del运算符->切片 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/list_comprehension_002_F.py b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/list_comprehension_002_F.py index 915ab6d2..7683fdd8 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/list_comprehension_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/list_comprehension_002_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 # scene introduction = 列表推导式 # level = 3 diff --git a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/map_comprehension_002_F.py b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/map_comprehension_002_F.py index f5457289..b53c3e6c 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/map_comprehension_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/map_comprehension_002_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 # scene introduction = 字典推导式 # level = 3 diff --git a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/spread_operator_001_T.py b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/spread_operator_001_T.py index 2faa2399..fe036129 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/spread_operator_001_T.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/spread_operator_001_T.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -# scene introduction = 扩展运算符 +# scene introduction = 扩展运算符1 # level = 2 # bind_url = completeness/single_app_tracing/expression/special_expression/spread_operator_001_T # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/spread_operator_002_F.py b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/spread_operator_002_F.py index 9eeb4317..bc6b4523 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/spread_operator_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/spread_operator_002_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -# scene introduction = 扩展运算符 +# scene introduction = 扩展运算符1 # level = 2 # bind_url = completeness/single_app_tracing/expression/special_expression/spread_operator_002_F # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/spread_operator_003_T.py b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/spread_operator_003_T.py index 1e5837e4..2d293645 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/spread_operator_003_T.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/spread_operator_003_T.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -# scene introduction = 扩展运算符 +# scene introduction = 扩展运算符2 # level = 2 # bind_url = completeness/single_app_tracing/expression/special_expression/spread_operator_003_T # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/spread_operator_004_F.py b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/spread_operator_004_F.py index 0018b4bd..3e0e8682 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/spread_operator_004_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/spread_operator_004_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -# scene introduction = 扩展运算符 +# scene introduction = 扩展运算符2 # level = 2 # bind_url = completeness/single_app_tracing/expression/special_expression/spread_operator_004_F # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/spread_operator_005_T.py b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/spread_operator_005_T.py index 877c574b..8f264f66 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/spread_operator_005_T.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/spread_operator_005_T.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -# scene introduction = 扩展运算符 +# scene introduction = 扩展运算符3 # level = 2 # bind_url = completeness/single_app_tracing/expression/special_expression/spread_operator_005_T # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/spread_operator_006_F.py b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/spread_operator_006_F.py index 1f997013..94cfe66f 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/spread_operator_006_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/spread_operator_006_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -# scene introduction = 扩展运算符 +# scene introduction = 扩展运算符3 # level = 2 # bind_url = completeness/single_app_tracing/expression/special_expression/spread_operator_006_F # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/spread_operator_007_T.py b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/spread_operator_007_T.py index 12c7c955..6f55ea6b 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/spread_operator_007_T.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/spread_operator_007_T.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -# scene introduction = 扩展运算符 +# scene introduction = 扩展运算符4 # level = 2 # bind_url = completeness/single_app_tracing/expression/special_expression/spread_operator_007_T # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/spread_operator_008_F.py b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/spread_operator_008_F.py index c07eebc1..5ef66bbb 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/spread_operator_008_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/spread_operator_008_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -# scene introduction = 扩展运算符 +# scene introduction = 扩展运算符4 # level = 2 # bind_url = completeness/single_app_tracing/expression/special_expression/spread_operator_008_F # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/template_literal_001_T.py b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/template_literal_001_T.py index 8ce34b09..95719d38 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/template_literal_001_T.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/template_literal_001_T.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -# scene introduction = 模板字面量 +# scene introduction = 模板字面量1 # level = 2 # bind_url = completeness/single_app_tracing/expression/special_expression/template_literal_001_T # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/template_literal_002_F.py b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/template_literal_002_F.py index cf763c33..0cdd48d0 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/template_literal_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/template_literal_002_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -# scene introduction = 模板字面量 +# scene introduction = 模板字面量1 # level = 2 # bind_url = completeness/single_app_tracing/expression/special_expression/template_literal_002_F # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/template_literal_003_T.py b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/template_literal_003_T.py index ab957c2d..00722d9c 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/template_literal_003_T.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/template_literal_003_T.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -# scene introduction = 模板字面量 +# scene introduction = 模板字面量2 # level = 2 # bind_url = completeness/single_app_tracing/expression/special_expression/template_literal_003_T # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/template_literal_004_F.py b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/template_literal_004_F.py index c3d450cc..ccf737cf 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/template_literal_004_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/template_literal_004_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -# scene introduction = 模板字面量 +# scene introduction = 模板字面量2 # level = 2 # bind_url = completeness/single_app_tracing/expression/special_expression/template_literal_004_F # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/template_literal_005_T.py b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/template_literal_005_T.py index 0cef7440..cf1332e4 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/template_literal_005_T.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/template_literal_005_T.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -# scene introduction = 模板字面量 +# scene introduction = 模板字面量3 # level = 2 # bind_url = completeness/single_app_tracing/expression/special_expression/template_literal_005_T # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/template_literal_006_F.py b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/template_literal_006_F.py index 01269d89..24136e1c 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/template_literal_006_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/template_literal_006_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 -# scene introduction = 模板字面量 +# scene introduction = 模板字面量3 # level = 2 # bind_url = completeness/single_app_tracing/expression/special_expression/template_literal_006_F # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/expression/type_cast/bool_conversion_002_F.py b/sast-python3/case/completeness/single_app_tracing/expression/type_cast/bool_conversion_002_F.py index 7ed8477c..704ee846 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/type_cast/bool_conversion_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/type_cast/bool_conversion_002_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->类型转换 # scene introduction = 布尔转换 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/expression/type_cast/type_cast_002_F.py b/sast-python3/case/completeness/single_app_tracing/expression/type_cast/type_cast_002_F.py index a67d8524..ece12278 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/type_cast/type_cast_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/type_cast/type_cast_002_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->类型转换 # scene introduction = 隐式类型转换 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/function_call/chained_call/chained_call_001_F.py b/sast-python3/case/completeness/single_app_tracing/function_call/chained_call/chained_call_001_F.py index e01d3d7f..e5ea9fc8 100644 --- a/sast-python3/case/completeness/single_app_tracing/function_call/chained_call/chained_call_001_F.py +++ b/sast-python3/case/completeness/single_app_tracing/function_call/chained_call/chained_call_001_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->链式调用 -# scene introduction = +# scene introduction = 类方法链式调用 # level = 2 # bind_url = completeness/single_app_tracing/function_call/chained_call/chained_call_001_F # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/function_call/chained_call/chained_call_002_T.py b/sast-python3/case/completeness/single_app_tracing/function_call/chained_call/chained_call_002_T.py index d4976d03..b677bde2 100644 --- a/sast-python3/case/completeness/single_app_tracing/function_call/chained_call/chained_call_002_T.py +++ b/sast-python3/case/completeness/single_app_tracing/function_call/chained_call/chained_call_002_T.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->链式调用 -# scene introduction = +# scene introduction = 类方法链式调用 # level = 2 # bind_url = completeness/single_app_tracing/function_call/chained_call/chained_call_002_T # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/function_call/chained_call/config.json b/sast-python3/case/completeness/single_app_tracing/function_call/chained_call/config.json index 79e8c3c7..6ce9fa0e 100644 --- a/sast-python3/case/completeness/single_app_tracing/function_call/chained_call/config.json +++ b/sast-python3/case/completeness/single_app_tracing/function_call/chained_call/config.json @@ -8,7 +8,7 @@ "scene_list": [ { "compose": "!chained_call_001_F.py && chained_call_002_T.py", - "scene": "1" + "scene": "类方法链式调用" }, { "compose": "chained_call_003_T.py && !chained_call_004_F.py", diff --git a/sast-python3/case/completeness/single_app_tracing/function_call/generator_function/yieldFrom_001_T.py b/sast-python3/case/completeness/single_app_tracing/function_call/generator_function/yieldFrom_001_T.py index 40b1168d..8194ac5b 100644 --- a/sast-python3/case/completeness/single_app_tracing/function_call/generator_function/yieldFrom_001_T.py +++ b/sast-python3/case/completeness/single_app_tracing/function_call/generator_function/yieldFrom_001_T.py @@ -1,8 +1,8 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = false +# real case = true # evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->生成器函数 -# scene introduction = yield_from +# scene introduction = yield_from1 # level = 2 # bind_url = completeness/single_app_tracing/function_call/generator_function/yieldFrom_001_T # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/function_call/generator_function/yieldFrom_002_F.py b/sast-python3/case/completeness/single_app_tracing/function_call/generator_function/yieldFrom_002_F.py index b273deff..ba0845ad 100644 --- a/sast-python3/case/completeness/single_app_tracing/function_call/generator_function/yieldFrom_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/function_call/generator_function/yieldFrom_002_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->生成器函数 -# scene introduction = yield_from +# scene introduction = yield_from1 # level = 2 # bind_url = completeness/single_app_tracing/function_call/generator_function/yieldFrom_002_F # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/function_call/generator_function/yieldFrom_003_T.py b/sast-python3/case/completeness/single_app_tracing/function_call/generator_function/yieldFrom_003_T.py index a99e79a1..e9122269 100644 --- a/sast-python3/case/completeness/single_app_tracing/function_call/generator_function/yieldFrom_003_T.py +++ b/sast-python3/case/completeness/single_app_tracing/function_call/generator_function/yieldFrom_003_T.py @@ -1,8 +1,8 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = false +# real case = true # evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->生成器函数 -# scene introduction = yield_from +# scene introduction = yield_from2 # level = 2 # bind_url = completeness/single_app_tracing/function_call/generator_function/yieldFrom_003_T # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/function_call/generator_function/yieldFrom_004_F.py b/sast-python3/case/completeness/single_app_tracing/function_call/generator_function/yieldFrom_004_F.py index 695d49a1..d32c19a9 100644 --- a/sast-python3/case/completeness/single_app_tracing/function_call/generator_function/yieldFrom_004_F.py +++ b/sast-python3/case/completeness/single_app_tracing/function_call/generator_function/yieldFrom_004_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->生成器函数 -# scene introduction = yield_from +# scene introduction = yield_from2 # level = 2 # bind_url = completeness/single_app_tracing/function_call/generator_function/yieldFrom_004_F # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/function_call/library_function/json_001_T.py b/sast-python3/case/completeness/single_app_tracing/function_call/library_function/json_001_T.py index d3ccf7e9..43bcf814 100644 --- a/sast-python3/case/completeness/single_app_tracing/function_call/library_function/json_001_T.py +++ b/sast-python3/case/completeness/single_app_tracing/function_call/library_function/json_001_T.py @@ -9,7 +9,7 @@ import os import json -def json_001_t(taint_src): +def json_001_T(taint_src): def process(arg): obj = json.loads(arg) taint_sink(obj["key"]) @@ -23,5 +23,5 @@ def taint_sink(o): if __name__ == '__main__': taint_src = '{"key": "taint_src_value"}' - json_001_t(taint_src) # 传递一个有效的 JSON 字符串 + json_001_T(taint_src) # 传递一个有效的 JSON 字符串 diff --git a/sast-python3/case/completeness/single_app_tracing/function_call/override/constructor_extends_001_T.py b/sast-python3/case/completeness/single_app_tracing/function_call/override/constructor_extends_001_T.py index 46eb82e9..45dcea3f 100644 --- a/sast-python3/case/completeness/single_app_tracing/function_call/override/constructor_extends_001_T.py +++ b/sast-python3/case/completeness/single_app_tracing/function_call/override/constructor_extends_001_T.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->方法重写 -# scene introduction = 构造函数 +# scene introduction = 构造函数1 # level = 2 # bind_url = completeness/single_app_tracing/function_call/override/constructor_extends_001_T # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/function_call/override/constructor_extends_002_F.py b/sast-python3/case/completeness/single_app_tracing/function_call/override/constructor_extends_002_F.py index 8a9b7dbd..ef1ac8a1 100644 --- a/sast-python3/case/completeness/single_app_tracing/function_call/override/constructor_extends_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/function_call/override/constructor_extends_002_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->方法重写 -# scene introduction = 构造函数 +# scene introduction = 构造函数1 # level = 2 # bind_url = completeness/single_app_tracing/function_call/override/constructor_extends_002_F # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/function_call/override/constructor_extends_003_T.py b/sast-python3/case/completeness/single_app_tracing/function_call/override/constructor_extends_003_T.py index 74b236d1..af4227a1 100644 --- a/sast-python3/case/completeness/single_app_tracing/function_call/override/constructor_extends_003_T.py +++ b/sast-python3/case/completeness/single_app_tracing/function_call/override/constructor_extends_003_T.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->方法重写 -# scene introduction = 构造函数 +# scene introduction = 构造函数2 # level = 2 # bind_url = completeness/single_app_tracing/function_call/override/constructor_extends_003_T # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/function_call/override/constructor_extends_004_F.py b/sast-python3/case/completeness/single_app_tracing/function_call/override/constructor_extends_004_F.py index 3905b910..907a3d54 100644 --- a/sast-python3/case/completeness/single_app_tracing/function_call/override/constructor_extends_004_F.py +++ b/sast-python3/case/completeness/single_app_tracing/function_call/override/constructor_extends_004_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->方法重写 -# scene introduction = 构造函数 +# scene introduction = 构造函数2 # level = 2 # bind_url = completeness/single_app_tracing/function_call/override/constructor_extends_004_F # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_001_F.py b/sast-python3/case/completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_001_F.py index ed47f72d..2ff0563b 100644 --- a/sast-python3/case/completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_001_F.py +++ b/sast-python3/case/completeness/single_app_tracing/function_call/return_value_passing/return_normal_value_passing_001_F.py @@ -9,7 +9,7 @@ import os -def return_normal_value_passing_001_f(taint_src): +def return_normal_value_passing_001_F(taint_src): def process(src): return '_' # 直接返回传入的参数 @@ -23,5 +23,5 @@ def taint_sink(o): if __name__ == '__main__': taint_src = "taint_src_value" - return_normal_value_passing_001_f(taint_src) + return_normal_value_passing_001_F(taint_src) diff --git a/sast-python3/case/completeness/single_app_tracing/variable_scope/private_variable/config.json b/sast-python3/case/completeness/single_app_tracing/variable_scope/private_variable/config.json index 2417f080..583315aa 100644 --- a/sast-python3/case/completeness/single_app_tracing/variable_scope/private_variable/config.json +++ b/sast-python3/case/completeness/single_app_tracing/variable_scope/private_variable/config.json @@ -8,7 +8,7 @@ "scene_list": [ { "compose": "private_variable_001_T.py && !private_variable_002_F.py", - "scene": "1" + "scene": "私有变量" } ] } diff --git a/sast-python3/case/completeness/single_app_tracing/variable_scope/private_variable/private_variable_001_T.py b/sast-python3/case/completeness/single_app_tracing/variable_scope/private_variable/private_variable_001_T.py index b7b8e16e..e4fee097 100644 --- a/sast-python3/case/completeness/single_app_tracing/variable_scope/private_variable/private_variable_001_T.py +++ b/sast-python3/case/completeness/single_app_tracing/variable_scope/private_variable/private_variable_001_T.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 完整度->单应用跟踪完整度->变量作用域->private变量 -# scene introduction = +# scene introduction = 私有变量 # level = 2 # bind_url = completeness/single_app_tracing/variable_scope/private_variable/private_variable_001_T # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/variable_scope/private_variable/private_variable_002_F.py b/sast-python3/case/completeness/single_app_tracing/variable_scope/private_variable/private_variable_002_F.py index 7ee66c0a..77f18576 100644 --- a/sast-python3/case/completeness/single_app_tracing/variable_scope/private_variable/private_variable_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/variable_scope/private_variable/private_variable_002_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 完整度->单应用跟踪完整度->变量作用域->private变量 -# scene introduction = +# scene introduction = 私有变量 # level = 2 # bind_url = completeness/single_app_tracing/variable_scope/private_variable/private_variable_002_F # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/variable_scope/static_variable/config.json b/sast-python3/case/completeness/single_app_tracing/variable_scope/static_variable/config.json index 66ba29a8..f64db4b5 100644 --- a/sast-python3/case/completeness/single_app_tracing/variable_scope/static_variable/config.json +++ b/sast-python3/case/completeness/single_app_tracing/variable_scope/static_variable/config.json @@ -12,7 +12,7 @@ }, { "compose": "static_variable_001_T.py && !static_variable_002_F.py", - "scene": "1" + "scene": "声明" } ] } diff --git a/sast-python3/case/completeness/single_app_tracing/variable_scope/static_variable/static_variable_001_T.py b/sast-python3/case/completeness/single_app_tracing/variable_scope/static_variable/static_variable_001_T.py index 06f8316e..6721394c 100644 --- a/sast-python3/case/completeness/single_app_tracing/variable_scope/static_variable/static_variable_001_T.py +++ b/sast-python3/case/completeness/single_app_tracing/variable_scope/static_variable/static_variable_001_T.py @@ -2,7 +2,7 @@ # evaluation information start # real case = true # evaluation item = 完整度->单应用跟踪完整度->变量作用域->静态变量 -# scene introduction = +# scene introduction = 声明 # level = 2 # bind_url = completeness/single_app_tracing/variable_scope/static_variable/static_variable_001_T # evaluation information end diff --git a/sast-python3/case/completeness/single_app_tracing/variable_scope/static_variable/static_variable_002_F.py b/sast-python3/case/completeness/single_app_tracing/variable_scope/static_variable/static_variable_002_F.py index e730eb8a..71ed4edd 100644 --- a/sast-python3/case/completeness/single_app_tracing/variable_scope/static_variable/static_variable_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/variable_scope/static_variable/static_variable_002_F.py @@ -2,7 +2,7 @@ # evaluation information start # real case = false # evaluation item = 完整度->单应用跟踪完整度->变量作用域->静态变量 -# scene introduction = +# scene introduction = 声明 # level = 2 # bind_url = completeness/single_app_tracing/variable_scope/static_variable/static_variable_002_F # evaluation information end diff --git a/tools/plugin/src/main/java/com/alipay/xast/score/BenchmarkScore.java b/tools/plugin/src/main/java/com/alipay/xast/score/BenchmarkScore.java index b10fd36c..ab26bf19 100644 --- a/tools/plugin/src/main/java/com/alipay/xast/score/BenchmarkScore.java +++ b/tools/plugin/src/main/java/com/alipay/xast/score/BenchmarkScore.java @@ -21,6 +21,7 @@ import com.alibaba.excel.read.builder.ExcelReaderSheetBuilder; import com.alibaba.excel.write.builder.ExcelWriterSheetBuilder; import com.alipay.xast.score.TestSuiteResults.ToolType; +import com.alipay.xast.score.models.TestCaseResult; import com.alipay.xast.score.parsers.Reader; import com.alipay.xast.score.util.BooleanExpressionEvaluatorUtil; import com.alipay.xast.score.util.ScoreCardFormart; @@ -79,19 +80,19 @@ public class BenchmarkScore extends AbstractMojo { static final String USAGE_MSG = "Usage: -cf /PATH/TO/scoringconfigfile.yaml or -cr scoringconfigfile.yaml (where file is a resource)"; - // The 1st line of a supplied expectedresults.csv file looks like: - // # test name, category, real vulnerability, cwe, TESTSUITENAME version: x.y, YYYY-MM-DD + // 提供的预期结果.csv 文件的第一行如下所示: + // # 测试名称、类别、真实漏洞、cwe、TESTSUITENAME 版本:x.y、YYYY-MM-DD - // Prefixes for generated test suites and file names. Used by lots of other classes for - // scorecard generation. - public static String TESTSUITEVERSION; // Pulled from expected results file - public static String TESTSUITE; // Pulled from expected results file + // 生成的测试套件和文件名的前缀。被许多其他类用于 + // 记分卡生成。 + public static String TESTSUITEVERSION; // 从预期结果文件中提取 + public static String TESTSUITE; // 从预期结果文件中提取 public static final String TEST = "Test"; public static String TESTCASENAME; // Set w/TESTSUITE. i.e., TESTSUITE + TEST; public static String TESTPACKAGE = "org.owasp.benchmark.testcode."; - // The # of numbers in a test case name. Must match what is actually generated. + // 测试用例名称中的数字数量。必须与实际生成的内容匹配。 public static final int TESTIDLENGTH = 5; private static final String HOMEFILENAME = "Scorecard_Home.html"; @@ -304,9 +305,7 @@ public static void mainChange(Map cons) throws Exception { } try { - if (!rawToolResultsFile.isDirectory()) { - processNew(rawToolResultsFile, expectedResultsMap, tools, scoreCardDir, cons.get("lang")); - } + processNew(rawToolResultsFile, expectedResultsMap, tools, scoreCardDir, cons.get("lang")); System.exit(-1); } catch (Exception e) { System.out.println("Error during processing: " + e.getMessage()); @@ -884,8 +883,8 @@ private int getOrder(String level) { */ private static TestSuiteResults readActualResultsNew(File fileToParse) throws Exception { - ResultFile resultFile = new ResultFile(fileToParse); TestSuiteResults tr = null; + ResultFile resultFile = new ResultFile(fileToParse); Optional reader = Reader.allReaders().stream().filter(r -> r.canRead(resultFile)).findAny(); @@ -1352,7 +1351,7 @@ private static void processJsonFile(List testCaseResults, Path f if (level == null) { throw new NullPointerException( "Please check " + caseName + " is the relevant configuration correct?" + - " bind_url: " + testCaseResult.getUrl() + " | evaluation_item: " + testCaseResult.getAssesionProject() + " bind_url: " + testCaseResult.getUrl() + " | evaluation_item: " + testCaseResult.getAssesionProject() ); } if (!level.contains("+")) { @@ -1505,4 +1504,4 @@ private static String produceResultsFileNew(TestSuiteResults actuals, File score public static String fullTestSuiteName(String suite) { return ("Benchmark".equals(suite) ? "OWASP Benchmark" : suite); } -} +} \ No newline at end of file diff --git a/tools/plugin/src/main/java/com/alipay/xast/score/ResultFile.java b/tools/plugin/src/main/java/com/alipay/xast/score/ResultFile.java index d2c6e521..4f226114 100644 --- a/tools/plugin/src/main/java/com/alipay/xast/score/ResultFile.java +++ b/tools/plugin/src/main/java/com/alipay/xast/score/ResultFile.java @@ -40,157 +40,162 @@ import java.util.zip.ZipInputStream; public class ResultFile { - private final byte[] rawContent; - private final String filename; - private final File originalFile; - private JSONObject contentAsJson; - private Document contentAsXml; - - public ResultFile(File fileToParse) throws IOException { - this(fileToParse, readFileContent(fileToParse)); - } - - public ResultFile(String filename, String content) throws IOException { - this(filename, content.getBytes()); - } - - public ResultFile(String filename, byte[] rawContent) throws IOException { - this(new File(filename), rawContent); - } - - public ResultFile(File fileToParse, byte[] rawContent) throws IOException { - this.rawContent = rawContent; - originalFile = fileToParse; - filename = originalFile.getName(); - parseJson(); - parseXml(); - } - - private String removeBom(byte[] rawContent) { - String s = new String(rawContent, StandardCharsets.UTF_8); - - if (s.startsWith("\uFEFF")) { - return s.substring(1); - } - - return s; - } - - private static byte[] readFileContent(File fileToParse) throws IOException { - return Files.readAllBytes(Paths.get(fileToParse.getPath())); - } - - private void parseJson() { - try { - contentAsJson = new JSONObject(removeBom(rawContent)); - } catch (Exception ignored) { - // No JSON + private final byte[] rawContent; + private final String filename; + private final File originalFile; + private JSONObject contentAsJson; + private Document contentAsXml; + + public ResultFile(File fileToParse) throws IOException { + this(fileToParse, readFileContent(fileToParse)); + } + + public ResultFile(String filename, String content) throws IOException { + this(filename, content.getBytes()); + } + + public ResultFile(String filename, byte[] rawContent) throws IOException { + this(new File(filename), rawContent); + } + + public ResultFile(File fileToParse, byte[] rawContent) throws IOException { + this.rawContent = rawContent; + originalFile = fileToParse; + filename = originalFile.getName(); + parseJson(); + parseXml(); + } + + private String removeBom(byte[] rawContent) { + String s = new String(rawContent, StandardCharsets.UTF_8); + + if (s.startsWith("\uFEFF")) { + return s.substring(1); + } + + return s; + } + + private static byte[] readFileContent(File fileToParse) throws IOException { + try { + return Files.readAllBytes(Paths.get(fileToParse.getPath())); + } catch (IOException e) { + return new byte[0]; + } + + } + + private void parseJson() { + try { + contentAsJson = new JSONObject(removeBom(rawContent)); + } catch (Exception ignored) { + // No JSON + } + } + + private void parseXml() { + try { + DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory.newInstance(); + // Prevent XXE = Note, disabling DTDs entirely breaks the parsing of some XML files, + // like a Burp results file, so have to use the alternate defense. + // dbFactory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + docBuilderFactory.setFeature( + "http://xml.org/sax/features/external-general-entities", false); + docBuilderFactory.setFeature( + "http://xml.org/sax/features/external-parameter-entities", false); + DocumentBuilder docBuilder = docBuilderFactory.newDocumentBuilder(); + docBuilder.setErrorHandler(new DefaultHandler()); + InputSource is = new InputSource(new StringReader(this.content())); + this.contentAsXml = docBuilder.parse(is); + } catch (Exception ignored) { + // No XML + } + } + + public String filename() { + return filename; + } + + public boolean isJson() { + return contentAsJson != null; + } + + public boolean isXml() { + return contentAsXml != null; + } + + public JSONObject json() { + return contentAsJson; + } + + public String content() { + return removeBom(rawContent); + } + + public File file() { + return originalFile; + } + + /** + * Read the specified line of the provided file. Returns empty string if the given file does not + * have as many lines. + */ + public String line(int lineNum) { + List lines = Arrays.asList(removeBom(rawContent).split("\n")); + + if (lineNum >= lines.size()) { + return ""; + } + + return lines.get(lineNum); + } + + public List lines() { + return new ArrayList<>(); + } + + public Document xml() { + return contentAsXml; + } + + public Element xmlRootNode() { + return xml().getDocumentElement(); + } + + public String xmlRootNodeName() { + return isXml() ? xmlRootNode().getNodeName() : ""; + } + + /** + * Extracts a file from a packed ResultFile. + * + * @return + */ + public ResultFile extract(String zipPath) { + try (ZipInputStream zipIn = new ZipInputStream(new ByteArrayInputStream(rawContent))) { + ZipEntry entry = zipIn.getNextEntry(); + while (entry != null) { + if (entry.getName().equals(zipPath)) { + return readFileFromZip(zipPath, zipIn); } - } - - private void parseXml() { - try { - DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory.newInstance(); - // Prevent XXE = Note, disabling DTDs entirely breaks the parsing of some XML files, - // like a Burp results file, so have to use the alternate defense. - // dbFactory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); - docBuilderFactory.setFeature( - "http://xml.org/sax/features/external-general-entities", false); - docBuilderFactory.setFeature( - "http://xml.org/sax/features/external-parameter-entities", false); - DocumentBuilder docBuilder = docBuilderFactory.newDocumentBuilder(); - docBuilder.setErrorHandler(new DefaultHandler()); - InputSource is = new InputSource(new StringReader(this.content())); - this.contentAsXml = docBuilder.parse(is); - } catch (Exception ignored) { - // No XML - } - } - - public String filename() { - return filename; - } - - public boolean isJson() { - return contentAsJson != null; - } - - public boolean isXml() { - return contentAsXml != null; - } - - public JSONObject json() { - return contentAsJson; - } - - public String content() { - return removeBom(rawContent); - } - - public File file() { - return originalFile; - } - - /** - * Read the specified line of the provided file. Returns empty string if the given file does not - * have as many lines. - */ - public String line(int lineNum) { - List lines = Arrays.asList(removeBom(rawContent).split("\n")); - - if (lineNum >= lines.size()) { - return ""; - } - - return lines.get(lineNum); - } - - public List lines() { - return new ArrayList<>(); - } - - public Document xml() { - return contentAsXml; - } - - public Element xmlRootNode() { - return xml().getDocumentElement(); - } - - public String xmlRootNodeName() { - return isXml() ? xmlRootNode().getNodeName() : ""; - } - - /** - * Extracts a file from a packed ResultFile. - * - * @return - */ - public ResultFile extract(String zipPath) { - try (ZipInputStream zipIn = new ZipInputStream(new ByteArrayInputStream(rawContent))) { - ZipEntry entry = zipIn.getNextEntry(); - while (entry != null) { - if (entry.getName().equals(zipPath)) { - return readFileFromZip(zipPath, zipIn); - } - zipIn.closeEntry(); - entry = zipIn.getNextEntry(); - } - } catch (IOException e) { - throw new RuntimeException(e); - } - - throw new RuntimeException("ZipFile does not contain " + zipPath); - } - - private ResultFile readFileFromZip(String zipPath, ZipInputStream zipIn) throws IOException { - try (ByteArrayOutputStream bos = new ByteArrayOutputStream()) { - final byte[] buf = new byte[1024]; - int length; - while ((length = zipIn.read(buf, 0, buf.length)) >= 0) { - bos.write(buf, 0, length); - } - return new ResultFile(zipPath, bos.toByteArray()); - } - } + zipIn.closeEntry(); + entry = zipIn.getNextEntry(); + } + } catch (IOException e) { + throw new RuntimeException(e); + } + + throw new RuntimeException("ZipFile does not contain " + zipPath); + } + + private ResultFile readFileFromZip(String zipPath, ZipInputStream zipIn) throws IOException { + try (ByteArrayOutputStream bos = new ByteArrayOutputStream()) { + final byte[] buf = new byte[1024]; + int length; + while ((length = zipIn.read(buf, 0, buf.length)) >= 0) { + bos.write(buf, 0, length); + } + return new ResultFile(zipPath, bos.toByteArray()); + } + } } diff --git a/tools/plugin/src/main/java/com/alipay/xast/score/TestSuiteResults.java b/tools/plugin/src/main/java/com/alipay/xast/score/TestSuiteResults.java index f1a7ce15..dc618db6 100644 --- a/tools/plugin/src/main/java/com/alipay/xast/score/TestSuiteResults.java +++ b/tools/plugin/src/main/java/com/alipay/xast/score/TestSuiteResults.java @@ -17,6 +17,7 @@ */ package com.alipay.xast.score; +import com.alipay.xast.score.models.TestCaseResult; import org.apache.commons.lang3.StringUtils; import java.io.File; diff --git a/tools/plugin/src/main/java/com/alipay/xast/score/TestCaseResult.java b/tools/plugin/src/main/java/com/alipay/xast/score/models/TestCaseResult.java similarity index 99% rename from tools/plugin/src/main/java/com/alipay/xast/score/TestCaseResult.java rename to tools/plugin/src/main/java/com/alipay/xast/score/models/TestCaseResult.java index 545399de..91eccbf5 100644 --- a/tools/plugin/src/main/java/com/alipay/xast/score/TestCaseResult.java +++ b/tools/plugin/src/main/java/com/alipay/xast/score/models/TestCaseResult.java @@ -15,7 +15,7 @@ * @author Dave Wichers * @created 2015 */ -package com.alipay.xast.score; +package com.alipay.xast.score.models; import com.alipay.xast.tools.AbstractTestCaseRequest; diff --git a/tools/plugin/src/main/java/com/alipay/xast/score/models/ThreadFlowLocation.java b/tools/plugin/src/main/java/com/alipay/xast/score/models/ThreadFlowLocation.java new file mode 100644 index 00000000..f942a579 --- /dev/null +++ b/tools/plugin/src/main/java/com/alipay/xast/score/models/ThreadFlowLocation.java @@ -0,0 +1,86 @@ +package com.alipay.xast.score.models; + +public class ThreadFlowLocation { + + private String FileName; + + /** + * 文件路径 + * 对应 physicalLocation.artifactLocation.uri + */ + private String filePath; + + /** + * 开始行号 + * 对应 physicalLocation.region.startLine + */ + private Integer startLine; + + /** + * 开始列号 + * 对应 physicalLocation.region.startColumn + */ + private Integer startColumn; + + + /** + * 结束行号 + * 对应 physicalLocation.region.endLine + */ + private Integer endLine; + + /** + * 结束列号 + * 对应 physicalLocation.region.endColumn + */ + private Integer endColumn; + + + public String getFilePath() { + return filePath; + } + + public void setFilePath(String filePath) { + this.filePath = filePath; + } + + public Integer getStartLine() { + return startLine; + } + + public void setStartLine(Integer startLine) { + this.startLine = startLine; + } + + public Integer getStartColumn() { + return startColumn; + } + + public void setStartColumn(Integer startColumn) { + this.startColumn = startColumn; + } + + public Integer getEndLine() { + return endLine; + } + + public void setEndLine(Integer endLine) { + this.endLine = endLine; + } + + public Integer getEndColumn() { + return endColumn; + } + + public void setEndColumn(Integer endColumn) { + this.endColumn = endColumn; + } + + public String getFileName() { + return FileName; + } + + public void setFileName(String fileName) { + FileName = fileName; + } +} diff --git a/tools/plugin/src/main/java/com/alipay/xast/score/parsers/PMDReader.java b/tools/plugin/src/main/java/com/alipay/xast/score/parsers/PMDReader.java index 40bc215a..38c8409c 100644 --- a/tools/plugin/src/main/java/com/alipay/xast/score/parsers/PMDReader.java +++ b/tools/plugin/src/main/java/com/alipay/xast/score/parsers/PMDReader.java @@ -18,7 +18,7 @@ package com.alipay.xast.score.parsers; import com.alipay.xast.score.ResultFile; -import com.alipay.xast.score.TestCaseResult; +import com.alipay.xast.score.models.TestCaseResult; import com.alipay.xast.score.TestSuiteResults; import org.w3c.dom.Document; import org.w3c.dom.Node; diff --git a/tools/plugin/src/main/java/com/alipay/xast/score/parsers/Reader.java b/tools/plugin/src/main/java/com/alipay/xast/score/parsers/Reader.java index ce01982c..30809953 100644 --- a/tools/plugin/src/main/java/com/alipay/xast/score/parsers/Reader.java +++ b/tools/plugin/src/main/java/com/alipay/xast/score/parsers/Reader.java @@ -35,210 +35,211 @@ public abstract class Reader { - protected final ObjectMapper jsonMapper = new ObjectMapper(); - protected final XmlMapper xmlMapper = new XmlMapper(); - - // TODO: Figure out how to dynamically add all readers here without listing them - // out manually - // NOTE: There is a unit test that at least automatically verifies that any - // reader with a unit - // test is in this list - public static List allReaders() { - return Arrays.asList( - new PMDReader(), - new ZapReader() - ); - } - - public abstract boolean canRead(ResultFile resultFile); - - public abstract TestSuiteResults parse(ResultFile resultFile) throws Exception; - - public static Node getNamedNode(String name, NodeList list) { - for (int i = 0; i < list.getLength(); i++) { - Node n = list.item(i); - - if (n.getNodeName().equals(name)) { - return n; - } - } - - return null; - } - // Returns the node inside this nodelist whose name matches 'name', that also - // has an attribute - // called 'key' whose value matches 'keyvalue' - - public static Node getNamedNode(String name, String keyValue, NodeList list) { - if ((name == null) || (keyValue == null) || (list == null)) return null; - for (int i = 0; i < list.getLength(); i++) { - Node n = list.item(i); - if (n.getNodeName().equals(name)) { - if (keyValue.equals(getAttributeValue("key", n))) { - return n; - } - } - } - return null; - } - - public static Node getNamedChild(String name, Node parent) { - NodeList children = parent.getChildNodes(); - return getNamedNode(name, children); - } - - public static boolean hasNamedChild(String name, Node parent) { - NodeList children = parent.getChildNodes(); - return getNamedNode(name, children) != null; - } - - public static List getNamedChildren(String name, List list) { - List results = new ArrayList<>(); - for (Node n : list) { - NodeList children = n.getChildNodes(); - for (int i = 0; i < children.getLength(); i++) { - Node child = children.item(i); - if (child.getNodeName().equals(name)) { - results.add(child); - } - } - } - return results; - } - - public static List getNamedChildren(String name, Node parent) { - NodeList children = parent.getChildNodes(); - return getNamedNodes(name, children); - } - - public static List getNamedNodes(String name, NodeList list) { - List results = new ArrayList(); - for (int i = 0; i < list.getLength(); i++) { - Node n = list.item(i); - if (n.getNodeName().equals(name)) { - // System.out.println(">> " + n.getNodeName() + "::" + n.getNodeValue()); - results.add(n); - } + protected final ObjectMapper jsonMapper = new ObjectMapper(); + protected final XmlMapper xmlMapper = new XmlMapper(); + + // TODO: Figure out how to dynamically add all readers here without listing them + // out manually + // NOTE: There is a unit test that at least automatically verifies that any + // reader with a unit + // test is in this list + public static List allReaders() { + return Arrays.asList( + new PMDReader(), + new ZapReader(), + new SarifReader() + ); + } + + public abstract boolean canRead(ResultFile resultFile); + + public abstract TestSuiteResults parse(ResultFile resultFile) throws Exception; + + public static Node getNamedNode(String name, NodeList list) { + for (int i = 0; i < list.getLength(); i++) { + Node n = list.item(i); + + if (n.getNodeName().equals(name)) { + return n; + } + } + + return null; + } + // Returns the node inside this nodelist whose name matches 'name', that also + // has an attribute + // called 'key' whose value matches 'keyvalue' + + public static Node getNamedNode(String name, String keyValue, NodeList list) { + if ((name == null) || (keyValue == null) || (list == null)) return null; + for (int i = 0; i < list.getLength(); i++) { + Node n = list.item(i); + if (n.getNodeName().equals(name)) { + if (keyValue.equals(getAttributeValue("key", n))) { + return n; } - return results; - } - - public static String getAttributeValue(String name, Node node) { - if (node == null) return null; - NamedNodeMap nnm = node.getAttributes(); - if (nnm != null) { - Node attrnode = nnm.getNamedItem(name); - if (attrnode != null) { - return attrnode.getNodeValue(); - } + } + } + return null; + } + + public static Node getNamedChild(String name, Node parent) { + NodeList children = parent.getChildNodes(); + return getNamedNode(name, children); + } + + public static boolean hasNamedChild(String name, Node parent) { + NodeList children = parent.getChildNodes(); + return getNamedNode(name, children) != null; + } + + public static List getNamedChildren(String name, List list) { + List results = new ArrayList<>(); + for (Node n : list) { + NodeList children = n.getChildNodes(); + for (int i = 0; i < children.getLength(); i++) { + Node child = children.item(i); + if (child.getNodeName().equals(name)) { + results.add(child); } - return null; - } - - private static String manipulateTestcase(String path) { - if (path.startsWith(BenchmarkScore.TESTCASENAME)) { - int latest = path.indexOf("."); - String toReplace = path.substring(0, latest); - path = path.replaceAll(toReplace, BenchmarkScore.TESTCASENAME); - System.out.println(path); + } + } + return results; + } + + public static List getNamedChildren(String name, Node parent) { + NodeList children = parent.getChildNodes(); + return getNamedNodes(name, children); + } + + public static List getNamedNodes(String name, NodeList list) { + List results = new ArrayList(); + for (int i = 0; i < list.getLength(); i++) { + Node n = list.item(i); + if (n.getNodeName().equals(name)) { + // System.out.println(">> " + n.getNodeName() + "::" + n.getNodeValue()); + results.add(n); + } + } + return results; + } + + public static String getAttributeValue(String name, Node node) { + if (node == null) return null; + NamedNodeMap nnm = node.getAttributes(); + if (nnm != null) { + Node attrnode = nnm.getNamedItem(name); + if (attrnode != null) { + return attrnode.getNodeValue(); + } + } + return null; + } + + private static String manipulateTestcase(String path) { + if (path.startsWith(BenchmarkScore.TESTCASENAME)) { + int latest = path.indexOf("."); + String toReplace = path.substring(0, latest); + path = path.replaceAll(toReplace, BenchmarkScore.TESTCASENAME); + System.out.println(path); + } + return path; + } + + private static int findFirstNonNumeric(String path) { + for (int i = 0; i < path.length(); i++) { + if (!Character.isDigit(path.charAt(i))) { + return i; + } + } + return -1; + } + + public static long occurrences(String path, char c) { + return path.chars().filter(ch -> ch == c).count(); + } + + /* get rid of everything except the test name */ + public static int testNumber(String path) { + try { + // System.out.println("Path: " + path); + // No BenchmarkTest + if (path.indexOf(BenchmarkScore.TESTCASENAME) < 0) { + return -1; + } + int numberStart = + path.indexOf(BenchmarkScore.TESTCASENAME) + + BenchmarkScore.TESTCASENAME.length() + + 1; + path = path.substring(numberStart); + // System.out.println("After length: " + path); + path = path.replaceAll("\\?.*", ""); + path = path.replaceAll(",.*", ""); + + path = + path.replaceAll( + BenchmarkScore.TESTCASENAME + "v[0-9]*", BenchmarkScore.TESTCASENAME); + + path = path.replaceAll("/send", ""); + if (path.contains(":")) { + path = removeColon(path); + } + path = path.replaceAll("[^0-9.]", ""); + // System.out.println("After replace: " + path); + if (path.contains(".") && occurrences(path, '.') > 1) { + int start = path.indexOf(".") + 1; + int end = path.length(); + if (end - start > 1) { + path = path.substring(start, end); } - return path; - } + } + if (path.contains(".")) { + path = removeFileEnding(path); + } + // System.out.println("Before dot cleaning " + path); - private static int findFirstNonNumeric(String path) { - for (int i = 0; i < path.length(); i++) { - if (!Character.isDigit(path.charAt(i))) { - return i; - } - } - return -1; - } + // Remove remaining dots + path = path.replace(".", ""); + // System.out.println("Final: " + path); + // In the case of $innerclass + int dollar = path.indexOf("$"); + if (dollar != -1) { + path = path.substring(0, dollar); + } + return Integer.parseInt(path); - public static long occurrences(String path, char c) { - return path.chars().filter(ch -> ch == c).count(); - } + } catch (Exception e) { - /* get rid of everything except the test name */ - public static int testNumber(String path) { - try { - // System.out.println("Path: " + path); - // No BenchmarkTest - if (path.indexOf(BenchmarkScore.TESTCASENAME) < 0) { - return -1; - } - int numberStart = - path.indexOf(BenchmarkScore.TESTCASENAME) - + BenchmarkScore.TESTCASENAME.length() - + 1; - path = path.substring(numberStart); - // System.out.println("After length: " + path); - path = path.replaceAll("\\?.*", ""); - path = path.replaceAll(",.*", ""); - - path = - path.replaceAll( - BenchmarkScore.TESTCASENAME + "v[0-9]*", BenchmarkScore.TESTCASENAME); - - path = path.replaceAll("/send", ""); - if (path.contains(":")) { - path = removeColon(path); - } - path = path.replaceAll("[^0-9.]", ""); - // System.out.println("After replace: " + path); - if (path.contains(".") && occurrences(path, '.') > 1) { - int start = path.indexOf(".") + 1; - int end = path.length(); - if (end - start > 1) { - path = path.substring(start, end); - } - } - if (path.contains(".")) { - path = removeFileEnding(path); - } - // System.out.println("Before dot cleaning " + path); - - // Remove remaining dots - path = path.replace(".", ""); - // System.out.println("Final: " + path); - // In the case of $innerclass - int dollar = path.indexOf("$"); - if (dollar != -1) { - path = path.substring(0, dollar); - } - return Integer.parseInt(path); - - } catch (Exception e) { - - return -1; - } + return -1; } + } - public static String extractFilename(String path) { - try { - path = removeUrlPart(path); + public static String extractFilename(String path) { + try { + path = removeUrlPart(path); - return new File(fixWindowsPath(path)).getName(); - } catch (Throwable t) { - return ""; - } + return new File(fixWindowsPath(path)).getName(); + } catch (Throwable t) { + return ""; } + } - private static String removeColon(String filename) { - return filename.substring(0, filename.lastIndexOf(':')); - } + private static String removeColon(String filename) { + return filename.substring(0, filename.lastIndexOf(':')); + } - private static String removeFileEnding(String filename) { - return filename.substring(0, filename.lastIndexOf('.')); - } + private static String removeFileEnding(String filename) { + return filename.substring(0, filename.lastIndexOf('.')); + } - private static String fixWindowsPath(String path) { - return path.replace("\\", File.separator); - } + private static String fixWindowsPath(String path) { + return path.replace("\\", File.separator); + } - private static String removeUrlPart(String path) throws MalformedURLException { - if (path.startsWith("http")) { - path = new URL(path).getPath(); - } - return path; + private static String removeUrlPart(String path) throws MalformedURLException { + if (path.startsWith("http")) { + path = new URL(path).getPath(); } + return path; + } } diff --git a/tools/plugin/src/main/java/com/alipay/xast/score/parsers/SarifReader.java b/tools/plugin/src/main/java/com/alipay/xast/score/parsers/SarifReader.java new file mode 100644 index 00000000..14fa25dd --- /dev/null +++ b/tools/plugin/src/main/java/com/alipay/xast/score/parsers/SarifReader.java @@ -0,0 +1,235 @@ +package com.alipay.xast.score.parsers; + +import com.alipay.xast.score.ResultFile; +import com.alipay.xast.score.models.TestCaseResult; +import com.alipay.xast.score.TestSuiteResults; +import com.alipay.xast.score.models.ThreadFlowLocation; +import org.json.JSONArray; +import org.json.JSONObject; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import java.io.File; +import java.io.IOException; +import java.nio.file.Files; +import java.util.ArrayList; +import java.util.HashSet; +import java.util.List; +import java.util.Set; +import java.util.stream.Collectors; +import java.util.stream.IntStream; +import java.util.stream.Stream; + +public class SarifReader extends Reader { + private static final Logger logger = LoggerFactory.getLogger(SarifReader.class); + + private static final int PATH_DEEP = 1; + + @Override + public boolean canRead(ResultFile resultFile) { + + if (resultFile.file().isDirectory()) { + List resultFiles = handleDir(resultFile); + for (ResultFile item : resultFiles) { + if (handleCanRead(item)) { + return true; + } + } + return false; + } else { + return handleCanRead(resultFile); + } + } + + // 处理可读 + private boolean handleCanRead(ResultFile resultFile) { + // 只匹配 .sarif 后缀的文件 + return resultFile.filename().endsWith(".sarif"); + } + + @Override + public TestSuiteResults parse(ResultFile resultFile) throws Exception { + if (resultFile.file().isDirectory()) { + List resultFiles = handleDir(resultFile); + return dirParse(resultFiles); + } else { + return fileParse(resultFile); + } + } + + // 单文件解析器 + private TestSuiteResults fileParse(ResultFile resultFile) { + String toolName = getToolName(resultFile); + TestSuiteResults results = new TestSuiteResults(toolName, false, TestSuiteResults.ToolType.SAST); + + results.setTime(resultFile.file()); + + JSONObject json = resultFile.json(); + + results.setToolVersion(json.getString("version")); + + List testCaseResults = handleResultFileToCaseFileList(resultFile); + + for (TestCaseResult testCase : testCaseResults) { + results.getTcrs().add(testCase); + } + + return results; + } + + // 文件夹解析器 + private TestSuiteResults dirParse(List resultFiles) throws Exception { + String toolName = getToolName(resultFiles.get(0)); + TestSuiteResults results = new TestSuiteResults(toolName, false, TestSuiteResults.ToolType.SAST); + + for (ResultFile resultFile : resultFiles) { + if (resultFile.filename().endsWith(".sarif")) { + // 取第一个文件的时间和版本号 + if (results.getTime() == null) { + results.setTime(resultFile.file()); + } + JSONObject json = resultFile.json(); + + if (results.getToolVersion() == null) { + results.setToolVersion(json.getString("version")); + } + + List testCaseResults = handleResultFileToCaseFileList(resultFile); + for (TestCaseResult testCase : testCaseResults) { + results.getTcrs().add(testCase); + } + } + } + return results; + } + + // 获取工具名称 + private String getToolName(ResultFile resultFile) { + String name = "yasa"; + try { + JSONObject json = resultFile.json(); + JSONArray runs = json.getJSONArray("runs"); + JSONObject run = runs.getJSONObject(0); + name = run.getJSONObject("tool").getJSONObject("driver").getString("name"); + } catch (Exception e) { + logger.error("获取工具名称失败", e); + } + return name; + } + + // 处理文件夹构造文件列表 + private List handleDir(ResultFile resultFile) { + File file = resultFile.file(); + // 收集所有文件路径 + List resultFiles = new ArrayList<>(); + try { + Files.walk(file.toPath()) + .filter(Files::isRegularFile) + .forEach(path -> { + try { + resultFiles.add(new ResultFile(path.toFile())); + } catch (IOException e) { + throw new RuntimeException(e); + } + }); + } catch (IOException e) { + throw new RuntimeException(e); + } + return resultFiles; + } + + // 处理结果文件返回测试用例文件集合 + private List handleResultFileToCaseFileList(ResultFile resultFile) { + JSONObject json = resultFile.json(); + JSONArray runs = json.getJSONArray("runs"); + + List testCaseResults = new ArrayList<>(); + + // 用于给 case 文件名去重 + Set set = new HashSet<>(); + + // 收集所有的 locations + List> allLocations = IntStream.range(0, runs.length()) + .mapToObj(runs::getJSONObject) + .flatMap(run -> toStream(run.getJSONArray("results"))) + .flatMap(result -> toStream(result.getJSONArray("codeFlows"))) + .flatMap(codeFlow -> toStream(codeFlow.getJSONArray("threadFlows"))) + .map(threadFlow -> threadFlow.getJSONArray("locations")) + .map(this::toThreadFlowLocation) + .collect(Collectors.toList()); + + for (List locations : allLocations) { + for (int i = 0; i < locations.size(); i++) { + // 如果超过了 PATH_DEEP,就跳出循环 + if (i > PATH_DEEP) { + break; + } + ThreadFlowLocation location = locations.get(i); + set.add(location.getFileName()); + } + } + + // 文件名去重 + for (String testCaseName : set) { + TestCaseResult testCase = new TestCaseResult(); + testCase.setTestCaseName(testCaseName); + testCaseResults.add(testCase); + } + + return testCaseResults; + } + + // 处理成流 + private Stream toStream(JSONArray array) { + return IntStream.range(0, array.length()) + .mapToObj(array::getJSONObject); + } + + // 构造路径流实体类 + private List toThreadFlowLocation(JSONArray locations) { + List threadFlowLocations = new ArrayList<>(); + for (int i = 0; i < locations.length(); i++) { + JSONObject location = locations.getJSONObject(i).getJSONObject("location"); + JSONObject artifactLocation = location.getJSONObject("physicalLocation").getJSONObject("artifactLocation"); + JSONObject region = location.getJSONObject("physicalLocation").getJSONObject("region"); + + ThreadFlowLocation threadFlowLocation = new ThreadFlowLocation(); + threadFlowLocation.setFilePath(artifactLocation.getString("uri")); + threadFlowLocation.setFileName(extractTestCaseName(artifactLocation.getString("uri"))); + + if (region.has("startLine")) { + threadFlowLocation.setStartLine(region.getInt("startLine")); + } + if (region.has("startColumn")) { + threadFlowLocation.setStartColumn(region.getInt("startColumn")); + } + if (region.has("endLine")) { + threadFlowLocation.setEndLine(region.getInt("endLine")); + } + if (region.has("endColumn")) { + threadFlowLocation.setEndColumn(region.getInt("endColumn")); + } + + threadFlowLocations.add(threadFlowLocation); + } + return threadFlowLocations; + } + + // 获取检测工具名称 +// private Boolean isYASA(JSONObject run) { +// return run.getJSONObject("tool").getJSONObject("driver").getString("name").equals("yasa"); +// } + + private String extractTestCaseName(String filePath) { + // 从路径中提取测试用例名称 + return filePath.substring(filePath.lastIndexOf('/') + 1); + } + + private int figureCWE(String rule) { + // YASA AST 规则到 CWE 的映射 + switch (rule.toLowerCase()) { + default: + return 0; + } + } +} diff --git a/tools/plugin/src/main/java/com/alipay/xast/score/parsers/ZapJsonReader.java b/tools/plugin/src/main/java/com/alipay/xast/score/parsers/ZapJsonReader.java index 68bfc61a..e1541ee5 100644 --- a/tools/plugin/src/main/java/com/alipay/xast/score/parsers/ZapJsonReader.java +++ b/tools/plugin/src/main/java/com/alipay/xast/score/parsers/ZapJsonReader.java @@ -23,7 +23,7 @@ import com.alipay.xast.score.BenchmarkScore; import com.alipay.xast.score.CweNumber; import com.alipay.xast.score.ResultFile; -import com.alipay.xast.score.TestCaseResult; +import com.alipay.xast.score.models.TestCaseResult; import com.alipay.xast.score.TestSuiteResults; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonProperty; diff --git a/tools/plugin/src/main/java/com/alipay/xast/score/parsers/ZapReader.java b/tools/plugin/src/main/java/com/alipay/xast/score/parsers/ZapReader.java index 84cc496e..e248aef6 100644 --- a/tools/plugin/src/main/java/com/alipay/xast/score/parsers/ZapReader.java +++ b/tools/plugin/src/main/java/com/alipay/xast/score/parsers/ZapReader.java @@ -18,7 +18,7 @@ package com.alipay.xast.score.parsers; import com.alipay.xast.score.ResultFile; -import com.alipay.xast.score.TestCaseResult; +import com.alipay.xast.score.models.TestCaseResult; import com.alipay.xast.score.TestSuiteResults; import org.apache.commons.lang3.StringUtils; import org.w3c.dom.Document; diff --git a/tools/plugin/src/main/java/com/alipay/xast/tools/CalculateToolCodeBlocksSupport.java b/tools/plugin/src/main/java/com/alipay/xast/tools/CalculateToolCodeBlocksSupport.java index 07dc09cd..f0a29b17 100644 --- a/tools/plugin/src/main/java/com/alipay/xast/tools/CalculateToolCodeBlocksSupport.java +++ b/tools/plugin/src/main/java/com/alipay/xast/tools/CalculateToolCodeBlocksSupport.java @@ -19,7 +19,7 @@ import com.alipay.xast.CodeblockUtils; import com.alipay.xast.helpers.Utils; -import com.alipay.xast.score.TestCaseResult; +import com.alipay.xast.score.models.TestCaseResult; import com.alipay.xast.score.TestSuiteResults; import com.alipay.xast.score.TestSuiteResults.ToolType; import org.apache.commons.cli.CommandLine; diff --git a/tools/pyscripts/check.py b/tools/pyscripts/check.py new file mode 100644 index 00000000..92947caf --- /dev/null +++ b/tools/pyscripts/check.py @@ -0,0 +1,588 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- +""" +使用方法: + python check.py [目录路径] [文件后缀] + +示例: + python check.py sast-go go + python check.py sast-python3 py + +如果不提供目录路径,则默认使用当前目录下的sast-python3 +如果不提供文件后缀,则默认使用.py后缀 + +功能说明: +1. 检查config.json中的level值与文件注释中的level值是否一致 +2. 检测level格式是否包含+号等特殊标记 +3. 检查文件路径与注释中的bind_url是否一致 +4. 检查文件内容中是否有与文件名同名的方法/类 +5. 支持同名方法检测白名单跳过特定文件的同名方法/类检测(使用完整文件名匹配,包含扩展名) +6. 检测config.json中声明的case文件是否实际存在(文件缺失检测) +7. 检测config.json中的字段名称是否与config.json所在文件夹名称一致 +8. 检测文件重名情况,支持白名单机制 +9. 检测文件命名与注释中real case值的一致性(T结尾应为true,F结尾应为false) +10. 检测case文件注释中的evaluation item是否与config中的evaluation_item保持一致 +""" + +import json +import os +import re +import sys +from pathlib import Path +from typing import List, Set, Dict, Optional, TypedDict +from common import ERROR_LIST, init_pattern + + +# 不一致类型 +class Inconsistent(TypedDict): + file_path: str + problem: str + expectation: str | None + + +# 文件注释信息 +class FileCommentInfo(TypedDict): + level: str | None + bind_url: str | None + real_case: str | None + evaluation_item: str | None + scene_introduction: str | None + + +class ConfigLevelChecker(object): + # 语言特定的模式 + LANGUAGE_PATTERNS = { + '.go': [ + r'func\s+{name}\s*\(', + r'func\s+{name_upper}\s*\(' + ], + '.py': [ + r'def\s+{name}\s*\(', + r'async\s+def\s+{name}\s*\(' + ], + '.js': [ + r'function\s+{name}\s*\(', + r'(?:const|let|var)\s+{name}\s*=', + r'{name}\s*=\s*function\s*\(' + ], + '.java': [ + r'(?:public\s+)?class\s+{name}\s*[\{{\s]', + r'(?:public\s+)?(?:final\s+)?class\s+{name}\s*[\{{\s]' + ] + } + + def __init__(self, base_path: str, file_extensions: str = 'py'): + self.base_path = Path(base_path).resolve() + self.file_extensions = file_extensions + self.inconsistencies: Dict[str, List[Inconsistent]] = {} + self.checked_files = 0 + self.checked_fail_files = 0 + self.checked_config_files = 0 + self.checked_fail_config_files = 0 + self.error_count = 0 + + self.patterns = init_pattern('#' if file_extensions == 'py' else '//') + + # 初始化 inconsistencies + for error in ERROR_LIST.values(): + self.inconsistencies[error] = [] + + # 预编译正则表达式 + self._compile_patterns() + + # 同名方法检测白名单 + self.method_name_check_whitelist = self._get_method_name_check_whitelist() + + # 文件重名检测白名单 + self.duplicate_files_whitelist = self._get_duplicate_files_whitelist() + + def _get_method_name_check_whitelist(self) -> Set[str]: + """获取同名方法检测的白名单(根据目录动态返回对应的白名单)""" + # 按目录分类的白名单 + whitelist_by_dir = { + 'sast-go': { + 'cross_directory_021_T_a.go', 'cross_directory_021_T_b.go', + 'public_var_cross_package_002_F_a.go', 'public_var_cross_package_001_T_a.go', + 'cross_directory_022_F_a.go', 'cross_directory_022_F_b.go', + 'cross_directory_023_T_a.go', 'cross_directory_024_F_a.go', + 'cross_directory_025_T_a.go', 'cross_directory_026_F_a.go', + 'cross_same_name_027_T.go', 'cross_same_name_028_F.go', + 'cross_directory_029_T_a.go', 'cross_directory_030_F_a.go', + }, + 'sast-js': { + 'cross_module_007_T_a.js', 'cross_module_008_F_a.js', 'cross_module_011_T_a.js', + 'cross_module_012_F_a.js' + }, + 'sast-python2': { + 'cross_file_003_T_a.py', 'cross_file_004_F_a.py', 'cross_file_005_T_a.py', + 'cross_file_006_F_a.py', 'cross_file_007_T_a.py', 'cross_file_008_F_a.py', + 'cross_module_003_T_a.py', 'cross_module_004_F_a.py', 'cross_module_005_T_a.py', + 'cross_module_006_F_a.py', 'cross_module_007_T_a.py', 'cross_module_008_F_a.py', + 'cross_module_011_T_a.py', 'cross_module_012_F_a.py', 'cross_module_013_T_a.py', + 'cross_module_014_F_a.py', 'cross_module_015_T_a.py', 'cross_module_016_F_a.py' + }, + 'sast-python3': { + 'cross_file_003_T_a.py', 'cross_file_004_F_a.py', 'cross_file_005_T_a.py', + 'cross_file_006_F_a.py', 'cross_file_007_T_a.py', 'cross_file_008_F_a.py', + 'cross_file_009_T_a.py', 'cross_file_010_F_a.py', 'cross_module_003_T_a.py', + 'cross_module_004_F_a.py', 'cross_module_005_T_a.py', 'cross_module_006_F_a.py', + 'cross_module_007_T_a.py', 'cross_module_008_F_a.py', 'cross_module_009_T.py', + 'cross_module_010_F.py', 'cross_module_011_T.py', 'cross_module_011_T_a.py', + 'cross_module_012_F.py', 'cross_module_012_F_a.py', 'cross_module_013_T.py', + 'cross_module_013_T_a.py', 'cross_module_014_F.py', 'cross_module_014_F_a.py', + 'cross_module_015_T.py', 'cross_module_015_T_a.py', 'cross_module_016_F.py', + 'cross_module_016_F_a.py', 'cross_module_017_T_a.py', + }, + } + + # 根据当前base_path确定目录名 + current_dir_name = self.base_path.name.lower() + + # 返回对应目录的白名单,如果没有匹配的则返回空集合 + return whitelist_by_dir.get(current_dir_name, set()) + + def _get_duplicate_files_whitelist(self) -> Set[str]: + """获取文件重名检测的白名单(按目录分类)""" + # 按目录分类的重名文件白名单 + whitelist_by_dir = { + 'sast-go': { + 'main.go', 'test.go', 'helper.go', 'utils.go', 'config.go', + 'main_test.go', 'helper_test.go', + 'example.go', 'sample.go' + }, + 'sast-js': { + 'index.js', 'main.js', 'test.js', 'helper.js', 'utils.js', + 'config.js', 'main.test.js', 'helper.test.js', + 'example.js', 'sample.js' + }, + 'sast-python2': { + 'main.py', 'test.py', 'helper.py', 'utils.py', 'config.py', + '__init__.py', 'setup.py', 'example.py', 'sample.py' + }, + 'sast-python3': { + 'main.py', 'test.py', 'helper.py', 'utils.py', 'config.py', + '__init__.py', 'setup.py', 'example.py', 'sample.py' + }, + } + + # 根据当前base_path确定目录名 + current_dir_name = self.base_path.name.lower() + + # 返回对应目录的白名单,如果没有匹配的则返回空集合 + return whitelist_by_dir.get(current_dir_name, set()) + + def _compile_patterns(self): + """预编译语言特定的正则表达式""" + self.compiled_patterns = {} + for ext, patterns in self.LANGUAGE_PATTERNS.items(): + self.compiled_patterns[ext] = [re.compile(p) for p in patterns] + + def _find_config_files(self) -> List[Path]: + """查找所有config.json文件,忽略target文件夹""" + return [ + Path(root) / 'config.json' + for root, dirs, files in os.walk(self.base_path) + if 'target' not in [d.lower() for d in dirs] and + 'target' not in root.lower() and + 'config.json' in files + ] + + def _build_expected_bind_url(self, file_path: Path) -> str: + """根据文件路径构建期望的bind_url""" + # 获取相对于基准路径的路径 + try: + relative_path = file_path.relative_to(self.base_path) + except ValueError: + # 如果无法相对化,使用绝对路径 + return str(file_path) + + # 将路径转换为字符串并分割 + path_str = str(relative_path) + + # 查找completeness或accuracy的起始位置 + completeness_pos = path_str.find('completeness/') + accuracy_pos = path_str.find('accuracy/') + + if completeness_pos != -1: + # 从completeness开始 + relevant_path = path_str[completeness_pos:] + elif accuracy_pos != -1: + # 从accuracy开始 + relevant_path = path_str[accuracy_pos:] + else: + # 如果没有找到completeness或accuracy,使用完整路径 + relevant_path = path_str + + # 移除文件扩展名 + if '.' in relevant_path: + relevant_path = relevant_path.rsplit('.', 1)[0] + + return relevant_path + + def _build_expected_real_case(self, file_path: Path) -> str: + """根据文件名构建期望的 real case""" + filename = file_path.stem + + # 判断文件名是否以 T 结尾或 T_[任意字符] 结尾 + is_positive_case = (filename.endswith('T') or + (filename.endswith('T') and not filename.endswith('F')) or + re.search(r'T_[a-zA-Z0-9_]+$', filename) is not None) + + # 判断文件名是否以 F 结尾或 F_[任意字符] 结尾 + is_negative_case = (filename.endswith('F') or + (filename.endswith('F') and not filename.endswith('T')) or + re.search(r'F_[a-zA-Z0-9_]+$', filename) is not None) + + expected_real_case = None + if is_positive_case: + expected_real_case = 'true' + elif is_negative_case: + expected_real_case = 'false' + + return expected_real_case + + def _resolve_file_path(self, part: str, config_dir: Path, supported_extensions: Set[str]) -> Optional[Path]: + """解析单个文件路径""" + file_ext = Path(part).suffix.lower() + + # 直接路径检查 + direct_path = config_dir / part + if direct_path.exists() and 'target' not in str(direct_path).lower(): + return direct_path + + # 在子目录中查找 + for root, dirs, files in os.walk(config_dir): + dirs[:] = [d for d in dirs if 'target' not in d.lower()] + + if 'target' in root.lower(): + continue + + potential_file = Path(root) / part + if potential_file.exists() and 'target' not in str(potential_file).lower(): + return potential_file + + # 如果没有扩展名,添加默认扩展名 + if not file_ext: + default_ext = self.file_extensions[0] if self.file_extensions else 'go' + filename_with_ext = f"{part}.{default_ext.lstrip('.')}" + + for root, dirs, files in os.walk(config_dir): + dirs[:] = [d for d in dirs if 'target' not in d.lower()] + + if 'target' in root.lower(): + continue + + potential_file = Path(root) / filename_with_ext + if potential_file.exists() and 'target' not in str(potential_file).lower(): + return potential_file + + # 返回原始路径用于报告缺失,但排除target路径 + if 'target' in str(config_dir / part).lower(): + return None + + if file_ext in supported_extensions or '.' in part: + return config_dir / part + else: + default_ext = self.file_extensions[0] if self.file_extensions else 'go' + result_path = config_dir / f"{part}.{default_ext.lstrip('.')}" + if 'target' in str(result_path).lower(): + return None + return result_path + + def _parse_compose_files(self, compose_str: str, config_dir: Path) -> List[Path]: + """解析compose字段中的文件路径""" + if not compose_str: + return [] + + # 清理字符串 + clean_str = compose_str.replace('!', '').replace('(', '').replace(')', '') + + # 支持的扩展名集合 + supported_extensions = {f'.{ext.lstrip(".")}' for ext in self.file_extensions} + + result_files = [] + for condition in clean_str.split('&&'): + for part in condition.split('||'): + part = part.strip() + if not part: + continue + + file_path = self._resolve_file_path(part, config_dir, supported_extensions) + if file_path: + result_files.append(file_path) + + return result_files + + def _check_method_name_consistency(self, file_path: Path) -> List[str]: + """检查文件内容中是否有与文件名同名的方法或类""" + try: + with open(file_path, 'r', encoding='utf-8') as f: + content = f.read() + + filename_without_ext = file_path.stem + file_extension = file_path.suffix.lower() + + if file_extension not in self.compiled_patterns: + return [] + + # 根据语言类型获取模式 + patterns = self.compiled_patterns[file_extension] + name_upper = filename_without_ext[0].upper() + filename_without_ext[ + 1:] if filename_without_ext else filename_without_ext + + # 检查所有模式 + for pattern in patterns: + formatted_pattern = pattern.pattern.format(name=re.escape(filename_without_ext), + name_upper=re.escape(name_upper)) + if re.search(formatted_pattern, content): + return [filename_without_ext] + + return [] + except Exception as e: + print(f"检查方法名/类名失败: {file_path} - {e}") + return [] + + def _set_inconsistencies(self, file_path, problem, expectation=None): + self.error_count += 1 + self.inconsistencies[problem].append({ + 'file_path': str(file_path), + 'problem': problem, + 'expectation': expectation, + }) + + def get_file_comment_info(self, file_path: Path) -> FileCommentInfo: + """从文件中提取注释信息""" + + def get_match_value(match): + return match.group(2) if match else None + + result: FileCommentInfo = { + 'level': None, + 'real_case': None, + 'bind_url': None, + 'evaluation_item': None, + 'scene_introduction': None, + } + + try: + with open(file_path, 'r', encoding='utf-8') as f: + file_content = f.read() + level_match = self.patterns['LEVEL_PATTERN'].search(file_content) + real_case_match = self.patterns['REAL_CASE_PATTERN'].search(file_content) + bind_url_match = self.patterns['BIND_URL_PATTERN'].search(file_content) + evaluation_item = self.patterns['EVALUATION_ITEM_PATTERN'].search(file_content) + scene_introduction = self.patterns['SCENE_INTRODUCTION_PATTERN'].search(file_content) + + result['level'] = get_match_value(level_match) + result['real_case'] = get_match_value(real_case_match) + result['bind_url'] = get_match_value(bind_url_match) + result['evaluation_item'] = get_match_value(evaluation_item) + result['scene_introduction'] = get_match_value(scene_introduction) + + except Exception as e: + print(f"读取文件失败: {file_path} - {e}") + + return result + + def check_config_file(self, config_path: Path): + """检查单个config.json文件""" + # 检查配置文件数量增加 + self.checked_config_files += 1 + + try: + # 检查 config 是否为空 + with open(config_path, 'r', encoding='utf-8') as f: + content = f.read().strip() + config = json.loads(content) + + config_dir = config_path.parent + + # 检查config中的字段名称是否与所在文件夹名称一致 + expected_field_name = config_dir.name + actual_field_names = list(config.keys()) + + if expected_field_name not in actual_field_names: + self._set_inconsistencies(config_path, ERROR_LIST['CONFIG_FILED_AND_DIR_NAME_NOT_SAME'], + expected_field_name) + + for config_filed, evaluation_item_list in config.items(): + for evaluation_item in evaluation_item_list: + config_evaluation_item = evaluation_item['evaluation_item'] + + for scene_level in evaluation_item['scene_levels']: + config_level = scene_level['level'] + + if '+' in str(config_level): + self._set_inconsistencies(config_path, ERROR_LIST['LEVEL_HAS_PLUS']) + + scene_list = scene_level.get('scene_list', []) + + for scene in scene_list: + compose_str = scene.get('compose', '') + scene_str = scene.get('scene', '') + if not compose_str: + continue + + # 解析出所有相关的文件 + files = self._parse_compose_files(compose_str, config_dir) + + for file_path in files: + try: + if not file_path.exists(): + self._set_inconsistencies(file_path, ERROR_LIST['FILE_MISSING']) + continue + + # 检查文件数量增加 + self.checked_files += 1 + + # 获取注释信息 + file_comment_info = self.get_file_comment_info(file_path) + + # 检查 level 与 config 中是否一致 + if file_comment_info['level'] != config_level: + self._set_inconsistencies(file_path, + ERROR_LIST['LEVEL_AND_CONFIG_LEVEL_NOT_SAME'], + config_level) + + # 检查 bind_url 是否符合预期 + expected_bind_url = self._build_expected_bind_url(file_path) + if file_comment_info['bind_url'] != expected_bind_url: + self._set_inconsistencies(file_path, ERROR_LIST['BIND_URL_ERROR'], + expected_bind_url) + + # 检查 evaluation_item 与 config 中是否一致 + if file_comment_info['evaluation_item'] != config_evaluation_item: + self._set_inconsistencies(file_path, + ERROR_LIST[ + 'EVALUATION_ITEM_AND_CONFIG_EVALUATION_ITEM_NOT_SAME'], + config_evaluation_item) + + # 检查 real case 是否符合预期 + expected_real_case = self._build_expected_real_case(file_path) + if file_comment_info['real_case'] != expected_real_case: + self._set_inconsistencies(file_path, ERROR_LIST['REAL_CASE_ERROR'], + expected_real_case) + + # 检查 scene introduction 与 config 中是否一致 + if file_comment_info['scene_introduction'] != scene_str: + self._set_inconsistencies(file_path, + ERROR_LIST['SCENE_AND_CONFIG_SCENE_NOT_SAME'], + scene_str) + + # 检查是否有同名方法 + # 跳过同名方法检测白名单中的文件(使用完整文件名匹配) + file_methods = self._check_method_name_consistency(file_path) + filename_with_ext = file_path.name + if filename_with_ext not in self.method_name_check_whitelist and not file_methods: + self._set_inconsistencies(file_path, + ERROR_LIST['MISSING_METHOD_WITH_THE_SAME_NAME']) + except Exception as e: + self.checked_fail_files += 1 + print(f"❌ 处理文件失败: {self.handle_file_path(str(file_path))}") + + + except json.JSONDecodeError as e: + self.checked_fail_config_files += 1 + print(f"❌ 跳过无效的JSON文件: {self.handle_file_path(str(config_path))}") + except Exception as e: + self.checked_fail_config_files += 1 + print(f"❌ 处理配置文件失败: {self.handle_file_path(str(config_path))}") + + def find_duplicate_files(self) -> Dict[str, List[Path]]: + """查找重名文件""" + filename_map = {} + + # 遍历所有支持的文件类型 + for ext in self.file_extensions: + pattern = f"**/*.{ext.lstrip('.')}" + for file_path in self.base_path.rglob(pattern): + if ('target' not in str(file_path).lower() and + file_path.name != 'config.json' and + file_path.name not in self.duplicate_files_whitelist): + filename = file_path.name + if filename not in filename_map: + filename_map[filename] = [] + filename_map[filename].append(file_path) + + # 只保留重名的文件 + duplicate_files = {name: paths for name, paths in filename_map.items() if len(paths) > 1} + return duplicate_files + + def handle_file_path(self, file_path: str) -> str: + """将绝对路径替换为相对路径""" + file_rel_path = os.path.relpath(file_path, self.base_path) + file_display_path = os.path.join(self.base_path.name, file_rel_path) + return file_display_path + + def run_check(self): + config_files = self._find_config_files() + print(f"找到 {len(config_files)} 个config.json文件") + + for config_file in config_files: + self.check_config_file(config_file) + + def generate_report(self): + """生成检查报告""" + print("\n" + "=" * 60) + print("🚀 检查结果报告") + print("=" * 60) + + # 先报告重名文件 + duplicate_files = self.find_duplicate_files() + if duplicate_files: + print(f"\n[文件重名检测] ({len(duplicate_files)} 个文件名重复):") + for file_name, paths in duplicate_files.items(): + print(f" {file_name}:") + for path in paths: + try: + rel_path = path.relative_to(self.base_path) + print(f" {rel_path}") + except ValueError: + print(f" {path}") + + # 报告检测出的问题 + for key in self.inconsistencies: + if len(self.inconsistencies[key]) > 0: + print(f"\n[{key}] ({len(self.inconsistencies[key])}处):") + for item in self.inconsistencies[key]: + print(f" {self.handle_file_path(item['file_path'])}") + if item['expectation'] is not None: + print(f" 期望: {item['expectation']}") + + +def main(): + # 获取命令行参数 + base_path = "sast-python3" # 默认使用相对路径 + file_extensions = 'py' + + # 如果提供了参数,使用提供的参数 + if len(sys.argv) > 1: + base_path = sys.argv[1] + + # 如果路径是相对路径,转换为绝对路径 + if not os.path.isabs(base_path): + base_path = os.path.join(os.getcwd(), base_path) + + if len(sys.argv) > 2: + # 解析文件扩展名参数 + file_extensions = sys.argv[2] + + if not os.path.exists(base_path): + print(f"错误: 路径 {base_path} 不存在") + sys.exit(1) + + checker = ConfigLevelChecker(base_path, file_extensions) + + checker.run_check() + checker.generate_report() + + print(f"\n✅ 总计检查配置文件: {checker.checked_config_files} 个") + if checker.checked_fail_config_files > 0: + print(f"❌ 其中检查失败: {checker.checked_fail_config_files} 个") + print(f"✅ 总计检查文件: {checker.checked_files} 个") + if checker.checked_fail_files > 0: + print(f"❌ 其中检查失败: {checker.checked_fail_files} 个") + print(f"✅ 发现问题: {checker.error_count} 个") + +if __name__ == "__main__": + main() diff --git a/tools/pyscripts/common.py b/tools/pyscripts/common.py new file mode 100644 index 00000000..89f73d8d --- /dev/null +++ b/tools/pyscripts/common.py @@ -0,0 +1,29 @@ +import re + +# 错误集合,用于初始化错误集 +ERROR_LIST = { + # 支持自动修复的问题 + 'LEVEL_HAS_PLUS': 'level 含有 + 号', + 'CONFIG_FILED_AND_DIR_NAME_NOT_SAME': 'config 字段和所在文件夹名不一致', + 'LEVEL_AND_CONFIG_LEVEL_NOT_SAME': 'level 和 config 中的 level 不一致', + 'SCENE_AND_CONFIG_SCENE_NOT_SAME': 'scene 和 config 中的 scene 不一致', + 'BIND_URL_ERROR': 'bind_url 错误', + 'REAL_CASE_ERROR': 'real case 错误', + 'EVALUATION_ITEM_AND_CONFIG_EVALUATION_ITEM_NOT_SAME': 'evaluation item 和 config 中的 evaluation_item 不一致', + # 不支持自动修复的问题 + 'MISSING_METHOD_WITH_THE_SAME_NAME': '缺少同名方法', + 'FILE_MISSING': '文件缺失', +} + +def init_pattern(comment_icon): + """初始化正则表达式模式""" + end_flag = r'([^\n\r]*)' + + return { + 'COMMENT_START_PATTERN': re.compile(fr'^({comment_icon}[ \t]*evaluation information start){end_flag}', re.IGNORECASE | re.MULTILINE), + 'LEVEL_PATTERN': re.compile(fr'^({comment_icon}[ \t]*level[ \t]*=)[ \t]*{end_flag}', re.IGNORECASE | re.MULTILINE), + 'BIND_URL_PATTERN': re.compile(fr'^({comment_icon}[ \t]*bind_url[ \t]*=)[ \t]*{end_flag}', re.IGNORECASE | re.MULTILINE), + 'REAL_CASE_PATTERN': re.compile(fr'^({comment_icon}[ \t]*real case[ \t]*=)[ \t]*{end_flag}', re.IGNORECASE | re.MULTILINE), + 'EVALUATION_ITEM_PATTERN': re.compile(fr'^({comment_icon}[ \t]*evaluation item[ \t]*=)[ \t]*{end_flag}', re.IGNORECASE | re.MULTILINE), + 'SCENE_INTRODUCTION_PATTERN': re.compile(fr'^({comment_icon}[ \t]*scene introduction[ \t]*=)[ \t]*{end_flag}', re.IGNORECASE | re.MULTILINE) + } \ No newline at end of file diff --git a/tools/pyscripts/fix.py b/tools/pyscripts/fix.py new file mode 100644 index 00000000..da783029 --- /dev/null +++ b/tools/pyscripts/fix.py @@ -0,0 +1,292 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- +""" +基于 check.py 检查结果自动修复问题 +支持修复以下类型的问题: +1. bind_url 不一致问题 +2. real case 不一致问题 +3. 修复 level 和 config 中的 level 不一致问题 +4. 修复 evaluation item 和 config 中的 evaluation_item 不一致问题 +5. scene 和 config 中的 scene 不一致问题 +6. config 字段和所在文件夹名不一致问题 + +使用方法: + python fix.py [目录路径] [文件后缀] + +示例: + python fix.py sast-python3 py + python fix.py sast-go go +""" + +import json +import os +import re +import sys +from pathlib import Path +from typing import List, Dict +import subprocess +from common import ERROR_LIST, init_pattern + + +class AutoFixerFromCheck(object): + + def __init__(self, base_path: str, file_extensions: str = 'py'): + self.base_path = Path(base_path).resolve() + self.file_extensions = file_extensions + self.fixed_files = 0 + self.fixed_fail_files = 0 + + self.patterns = init_pattern('#' if file_extensions == 'py' else '//') + + def _common_fix(self, err_type: str, fix_error_dict: Dict[str, List[str]], callback): + """通用修复方法""" + + error_list = fix_error_dict.get(err_type, []) + fixed_count = 0 + fixed_fail_count = 0 + + if len(error_list) > 0: + print(f'\n正在修复 {err_type} 问题...') + + for index, file_path in enumerate(error_list): + if index % 2 == 1: + continue + else: + try: + full_path = self.base_path.parent / file_path + with open(full_path, 'r', encoding='utf-8') as f: + content = f.read() + + expected_match = re.search(r'期望:\s*(.+)', error_list[index + 1]) + if expected_match: + expected_value = expected_match.group(1).strip() + new_content = callback(content, expected_value) + + # 写入替换后的内容 + with open(full_path, 'w', encoding='utf-8') as f: + f.write(new_content) + fixed_count += 1 + self.fixed_files += 1 + + except Exception as e: + fixed_fail_count += 1 + self.fixed_fail_files += 1 + print(f'❌ 修复 {file_path} 时出错, {e}') + + print(f'✅ {err_type} 问题修复完成,成功修复 {fixed_count} 个问题, 失败修复 {fixed_fail_count} 个问题') + + def _fix_bind_url(self, content: str, expected_value: str): + """修复 bind_url 不一致""" + new_content = content + if self.patterns['BIND_URL_PATTERN'].search(content) is None: + new_content = self._fix_missing_comment(content) + + return re.sub(self.patterns['BIND_URL_PATTERN'], rf'\g<1> {expected_value}', new_content) + + def _fix_level_has_plus(self, error_list: List[str]): + """修复 level 含有 + 号""" + pass + + def _fix_config_filed(self, content: str, expected_value: str) -> str: + """修复 config 字段和所在文件夹名不一致""" + + config_json = json.loads(content) + + new_config_json = {expected_value: []} + + for old_filed, value in config_json.items(): + if isinstance(value, list): + new_config_json[expected_value] = value + else: + new_config_json[expected_value] = [value] + + return json.dumps(new_config_json, ensure_ascii=False, indent=2) + + def _fix_level_not_same(self, content: str, expected_value) -> str: + """修复 level 和 config 中的 level 不一致""" + new_content = content + if self.patterns['LEVEL_PATTERN'].search(content) is None: + new_content = self._fix_missing_comment(content) + + return re.sub(self.patterns['LEVEL_PATTERN'], rf'\g<1> {expected_value}', new_content) + + def _fix_scene_not_same(self, content: str, expected_value: str) -> str: + """修复 scene 和 config 中的 scene 不一致""" + new_content = content + if self.patterns['SCENE_INTRODUCTION_PATTERN'].search(content) is None: + new_content = self._fix_missing_comment(content) + + return re.sub(self.patterns['SCENE_INTRODUCTION_PATTERN'], rf'\g<1> {expected_value}', new_content) + + def _fix_real_case(self, content: str, expected_value: str) -> str: + """修复 real case 错误""" + new_content = content + if self.patterns['REAL_CASE_PATTERN'].search(content) is None: + new_content = self._fix_missing_comment(content) + return re.sub(self.patterns['REAL_CASE_PATTERN'], rf'\g<1> {expected_value}', new_content) + + def _fix_evaluation_item(self, content: str, expected_value: str): + """修复 evaluation item 和 config 中的 evaluation_item 不一致""" + new_content = content + if self.patterns['EVALUATION_ITEM_PATTERN'].search(content) is None: + new_content = self._fix_missing_comment(content) + return re.sub(self.patterns['EVALUATION_ITEM_PATTERN'], rf'\g<1> {expected_value}', + new_content) + + def _fix_missing_comment(self, content: str) -> str: + """修复缺失注释""" + start_match = self.patterns['COMMENT_START_PATTERN'].search(content) + comment_icon = '//' + if self.file_extensions == 'py': + comment_icon = '#' + if start_match and start_match.group(0) != '': + real_case = self.patterns['REAL_CASE_PATTERN'].search(content) + evaluation_item = self.patterns['EVALUATION_ITEM_PATTERN'].search(content) + scene = self.patterns['SCENE_INTRODUCTION_PATTERN'].search(content) + level = self.patterns['LEVEL_PATTERN'].search(content) + bind_url = self.patterns['BIND_URL_PATTERN'].search(content) + + # 清空之前的注释 + other_content = re.sub(f'^.*?{re.escape('evaluation information end')}', '', content, flags=re.DOTALL) + + return f"""{comment_icon} evaluation information start +{comment_icon} real case = {real_case.group(1) if real_case else ''} +{comment_icon} evaluation item = {evaluation_item.group(1) if evaluation_item else ''} +{comment_icon} scene introduction = {scene.group(1) if scene else ''} +{comment_icon} level = {level.group(1) if level else ''} +{comment_icon} bind_url = {bind_url.group(1) if bind_url else ''} +{comment_icon} evaluation information end +{other_content} +""" + else: + return f"""{comment_icon} evaluation information start +{comment_icon} real case = +{comment_icon} evaluation item = +{comment_icon} scene introduction = +{comment_icon} level = +{comment_icon} bind_url = +{comment_icon} evaluation information end +{content} +""" + + def _manual_repair(self, err_type: str, fix_error_dict: Dict[str, List[str]]): + """提示手动修复问题""" + error_list = fix_error_dict.get(err_type, []) + + if len(error_list) > 0: + print(f'\n请手动修复 {err_type} 问题:') + for file_path in error_list: + print(f' {file_path}') + + def run_script(self): + """运行脚本""" + print("运行 check.py 检查问题...") + + # 获取当前脚本所在目录 + script_dir = Path(__file__).parent + check_script = script_dir / "check.py" + + try: + cmd = [ + sys.executable, + str(check_script), + str(self.base_path), + self.file_extensions, + ] + result = subprocess.run(cmd, capture_output=True, text=True, cwd=script_dir.parent.parent) + check_output = result.stdout + + lines = check_output.split('\n') + + start_flag = False + fix_error_dict: Dict[str, List[str]] = {} + error_type = '' + error_list = list(ERROR_LIST.values()) + + # 将检查结果按问题分类 + for line in lines: + if start_flag: + if line.strip() == '': + start_flag = False + else: + fix_error_dict[error_type].append(line.strip()) + else: + for index, error_item in enumerate(error_list): + if error_item in line.strip(): + start_flag = True + error_type = error_item + fix_error_dict[error_type] = [] + del error_list[index] + + return fix_error_dict + + except Exception as e: + print(f"运行 check.py 时出错: {e}") + + def run_fix(self, fix_error_dict: Dict[str, List[str]]): + + # 修复 bind_url 不一致问题 + self._common_fix(ERROR_LIST['BIND_URL_ERROR'], fix_error_dict, self._fix_bind_url) + # 修复 real case 不一致问题 + self._common_fix(ERROR_LIST['REAL_CASE_ERROR'], fix_error_dict, self._fix_real_case) + # 修复 level 和 config 中的 level 不一致问题 + self._common_fix(ERROR_LIST['LEVEL_AND_CONFIG_LEVEL_NOT_SAME'], fix_error_dict, self._fix_level_not_same) + # 修复 evaluation item 和 config 中的 evaluation_item 不一致问题 + self._common_fix(ERROR_LIST['EVALUATION_ITEM_AND_CONFIG_EVALUATION_ITEM_NOT_SAME'], fix_error_dict, + self._fix_evaluation_item) + # 修复 scene 和 config 中的 scene 不一致问题 + self._common_fix(ERROR_LIST['SCENE_AND_CONFIG_SCENE_NOT_SAME'], fix_error_dict, self._fix_scene_not_same) + # 修复 config 字段和所在文件夹名不一致问题 + self._common_fix(ERROR_LIST['CONFIG_FILED_AND_DIR_NAME_NOT_SAME'], fix_error_dict, self._fix_config_filed) + # 提示手动修复 缺少同名方法 问题 + self._manual_repair(ERROR_LIST['MISSING_METHOD_WITH_THE_SAME_NAME'], fix_error_dict) + # 提示手动修复 文件缺失 问题 + self._manual_repair(ERROR_LIST['FILE_MISSING'], fix_error_dict) + + +def main(): + # 获取命令行参数 + base_path = "sast-python3" # 默认使用相对路径 + file_extensions = 'py' + + # 如果提供了参数,使用提供的参数 + if len(sys.argv) > 1: + base_path = sys.argv[1] + + # 如果路径是相对路径,转换为绝对路径 + if not os.path.isabs(base_path): + # 获取工作空间根目录(脚本目录的父级的父级目录) + workspace_root = Path(__file__).parent.parent.parent + base_path = str(workspace_root / base_path) + + if len(sys.argv) > 2: + # 解析文件扩展名参数 + file_extensions = sys.argv[2] + + if not os.path.exists(base_path): + print(f"错误: 路径 {base_path} 不存在") + sys.exit(1) + + fixer = AutoFixerFromCheck(base_path, file_extensions) + fix_error_dict = fixer.run_script() + + error_count = 0 + for key, value in fix_error_dict.items(): + for item in value: + if not item.startswith('期望'): + error_count += 1 + + if error_count == 0: + print("\n✅ 没有发现问题,无需修复") + else: + print(f"🚀 发现 {error_count} 个问题,开始修复...") + fixer.run_fix(fix_error_dict) + + if fixer.fixed_files > 0: + print(f"\n✅ 修复完成,总共成功修复 {fixer.fixed_files} 个问题") + if fixer.fixed_fail_files > 0: + print(f"❌ 总共修复失败 {fixer.fixed_fail_files} 个问题") + + +if __name__ == '__main__': + main()