diff --git a/.gitignore b/.gitignore index 587db6a0..501ce84c 100644 --- a/.gitignore +++ b/.gitignore @@ -16,5 +16,5 @@ logs/ /dast-java/target /tools/library/target /tools/plugin/target -/tools/library/target *.pyc +results/ \ No newline at end of file diff --git a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_reference_005_F/argument_passing_reference_005_F.go b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_reference_005_F/argument_passing_reference_005_F.go index c6fddbc9..94905a48 100644 --- a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_reference_005_F/argument_passing_reference_005_F.go +++ b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_reference_005_F/argument_passing_reference_005_F.go @@ -4,7 +4,7 @@ // evaluation item = 准确度->上下文敏感分析->参数/返回值传递 // scene introduction = 参数值传递->引用传递->map // level = 2 -// bind_url = cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_reference_005_F/argument_passing_reference_005_F +// bind_url = accuracy/context_sensitive/argument_return_value_passing/argument_passing_reference_005_F/argument_passing_reference_005_F // evaluation information end package main diff --git a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_reference_006_T/argument_passing_reference_006_T.go b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_reference_006_T/argument_passing_reference_006_T.go index a49a410f..2ca5304d 100644 --- a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_reference_006_T/argument_passing_reference_006_T.go +++ b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_reference_006_T/argument_passing_reference_006_T.go @@ -4,7 +4,7 @@ // evaluation item = 准确度->上下文敏感分析->参数/返回值传递 // scene introduction = 参数值传递->引用传递->map // level = 2 -// bind_url = cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_reference_006_T/argument_passing_reference_006_T +// bind_url = accuracy/context_sensitive/argument_return_value_passing/argument_passing_reference_006_T/argument_passing_reference_006_T // evaluation information end package main diff --git a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/multiple_return_value_passing_003_F/multiple_return_value_passing_003_F.go b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/multiple_return_value_passing_003_F/multiple_return_value_passing_003_F.go index 97492b0d..a582ac8d 100644 --- a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/multiple_return_value_passing_003_F/multiple_return_value_passing_003_F.go +++ b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/multiple_return_value_passing_003_F/multiple_return_value_passing_003_F.go @@ -4,7 +4,7 @@ // evaluation item = 准确度->上下文敏感分析->参数/返回值传递 // scene introduction = 返回值传递->函数内交换位置 // level = 2 -// bind_url = accuracy/context_sensitive/argument_return_value_passing_value_passing/multiple_return_value_passing_003_F/multiple_return_value_passing_003_F +// bind_url = accuracy/context_sensitive/argument_return_value_passing/multiple_return_value_passing_003_F/multiple_return_value_passing_003_F // evaluation information end package main diff --git a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/multiple_return_value_passing_004_T/multiple_return_value_passing_004_T.go b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/multiple_return_value_passing_004_T/multiple_return_value_passing_004_T.go index eed20141..9ab02cdf 100644 --- a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/multiple_return_value_passing_004_T/multiple_return_value_passing_004_T.go +++ b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/multiple_return_value_passing_004_T/multiple_return_value_passing_004_T.go @@ -4,7 +4,7 @@ // evaluation item = 准确度->上下文敏感分析->参数/返回值传递 // scene introduction = 返回值传递->函数内交换位置 // level = 2 -// bind_url = accuracy/context_sensitive/argument_return_value_passing_value_passing/multiple_return_value_passing_004_T/multiple_return_value_passing_004_T +// bind_url = accuracy/context_sensitive/argument_return_value_passing/multiple_return_value_passing_004_T/multiple_return_value_passing_004_T // evaluation information end package main diff --git a/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_005_T/array_index_no_solver_005_T.go b/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_005_T/array_index_no_solver_005_T.go index d2acfe5e..48ee4532 100644 --- a/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_005_T/array_index_no_solver_005_T.go +++ b/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_005_T/array_index_no_solver_005_T.go @@ -1,4 +1,3 @@ - // evaluation information start // real case = true // evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) @@ -7,8 +6,8 @@ // bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_005_T/array_index_no_solver_005_T // evaluation information end -// YASA中现在处理memberAccess时,以property的符号字面量作为key进行存取。导致精度损失。 package main + import "os/exec" func array_index_no_solver_005_T(__taint_src string) { @@ -23,8 +22,8 @@ func array_index_no_solver_005_T(__taint_src string) { func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } +} func main() { - __taint_src := "taint_src_value" - array_index_no_solver_005_T(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + array_index_no_solver_005_T(__taint_src) +} diff --git a/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/slice_index_003_T/slice_index_003_T.go b/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/slice_index_003_T/slice_index_003_T.go index 03b4cc74..71261629 100644 --- a/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/slice_index_003_T/slice_index_003_T.go +++ b/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/slice_index_003_T/slice_index_003_T.go @@ -4,7 +4,7 @@ // evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) // scene introduction = 切片->切片截取 // level = 3 -// bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/slice_index_001_T/slice_index_001_T +// bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/slice_index_003_T/slice_index_003_T // evaluation information end package main diff --git a/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/slice_index_004_F/slice_index_004_F.go b/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/slice_index_004_F/slice_index_004_F.go index dd0f5c93..ce2c3d92 100644 --- a/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/slice_index_004_F/slice_index_004_F.go +++ b/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/slice_index_004_F/slice_index_004_F.go @@ -4,7 +4,7 @@ // evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) // scene introduction = 切片->切片截取 // level = 3 -// bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/slice_index_002_F/slice_index_002_F +// bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/slice_index_004_F/slice_index_004_F // evaluation information end package main diff --git a/sast-go/cases/accuracy/flow_sensitive/normal_stmt/config.json b/sast-go/cases/accuracy/flow_sensitive/normal_stmt/config.json new file mode 100644 index 00000000..fa3573a1 --- /dev/null +++ b/sast-go/cases/accuracy/flow_sensitive/normal_stmt/config.json @@ -0,0 +1,18 @@ +{ + "normal_stmt": [ + { + "evaluation_item": "准确度->流敏感分析->常规顺序执行语句", + "scene_levels": [ + { + "level": "2", + "scene_list": [ + { + "compose": "sequential_assign_001_T/sequential_assign_001_T.go && !sequential_assign_002_F/sequential_assign_002_F.go", + "scene": "顺序赋值语句" + } + ] + } + ] + } + ] +} diff --git a/sast-go/cases/accuracy/flow_sensitive/normal_stmt/sequential_assign_001_T/sequential_assign_001_T.go b/sast-go/cases/accuracy/flow_sensitive/normal_stmt/sequential_assign_001_T/sequential_assign_001_T.go new file mode 100644 index 00000000..27cd03c2 --- /dev/null +++ b/sast-go/cases/accuracy/flow_sensitive/normal_stmt/sequential_assign_001_T/sequential_assign_001_T.go @@ -0,0 +1,33 @@ +// evaluation information start +// real case = true +// evaluation item = 准确度->流敏感分析->常规顺序执行语句 +// scene introduction = 顺序赋值语句 +// level = 2 +// bind_url = accuracy/flow_sensitive/normal_stmt/sequential_assign_001_T/sequential_assign_001_T +// date = 2025-12-01 16:19:24 +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func sequentialAssign_001_T(__taint_src string) { + // 场景特点:按顺序执行多个赋值语句 + var a string + var b string + a = __taint_src + b = a + __taint_sink(b) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + sequentialAssign_001_T(__taint_src) +} diff --git a/sast-go/cases/accuracy/flow_sensitive/normal_stmt/sequential_assign_002_F/sequential_assign_002_F.go b/sast-go/cases/accuracy/flow_sensitive/normal_stmt/sequential_assign_002_F/sequential_assign_002_F.go new file mode 100644 index 00000000..cc3a58cf --- /dev/null +++ b/sast-go/cases/accuracy/flow_sensitive/normal_stmt/sequential_assign_002_F/sequential_assign_002_F.go @@ -0,0 +1,34 @@ +// evaluation information start +// real case = false +// evaluation item = 准确度->流敏感分析->常规顺序执行语句 +// scene introduction = 顺序赋值语句 +// level = 2 +// bind_url = accuracy/flow_sensitive/normal_stmt/sequential_assign_002_F/sequential_assign_002_F +// date = 2025-12-01 16:19:24 +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func sequentialAssign_002_F(__taint_src string) { + // 场景特点:按顺序执行多个赋值语句,但污点数据未传播到最终变量 + var a string + var b string + a = __taint_src + b = "_" + _ = a // 使用变量a避免编译错误 + __taint_sink(b) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + sequentialAssign_002_F(__taint_src) +} diff --git a/sast-go/cases/accuracy/flow_sensitive/sequential_execution/config.json b/sast-go/cases/accuracy/flow_sensitive/sequential_execution/config.json deleted file mode 100644 index e69de29b..00000000 diff --git a/sast-go/cases/accuracy/path_sensitive/exception_throw/config.json b/sast-go/cases/accuracy/path_sensitive/exception_throw/config.json new file mode 100644 index 00000000..622cf722 --- /dev/null +++ b/sast-go/cases/accuracy/path_sensitive/exception_throw/config.json @@ -0,0 +1,22 @@ +{ + "exception_throw": [ + { + "evaluation_item": "准确度->路径敏感分析->异常抛出和捕获", + "scene_levels": [ + { + "level": "3", + "scene_list": [ + { + "compose": "exception_catch_001_T/exception_catch_001_T.go && !exception_catch_002_F/exception_catch_002_F.go", + "scene": "异常抛出和捕获->不可控错误处理" + }, + { + "compose": "exception_catch_003_T/exception_catch_003_T.go && !exception_catch_004_F/exception_catch_004_F.go", + "scene": "异常抛出和捕获->可控错误处理" + } + ] + } + ] + } + ] +} diff --git a/sast-go/cases/accuracy/path_sensitive/exception_throw/exception_catch_001_T/exception_catch_001_T.go b/sast-go/cases/accuracy/path_sensitive/exception_throw/exception_catch_001_T/exception_catch_001_T.go new file mode 100644 index 00000000..fd32d112 --- /dev/null +++ b/sast-go/cases/accuracy/path_sensitive/exception_throw/exception_catch_001_T/exception_catch_001_T.go @@ -0,0 +1,37 @@ +// evaluation information start +// real case = true +// evaluation item = 准确度->路径敏感分析->异常抛出和捕获 +// scene introduction = 异常抛出路径 +// level = 3 +// bind_url = accuracy/path_sensitive/exception_throw/exception_catch_001_T/exception_catch_001_T +// date = 2025-12-01 16:29:18 +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func exception_catch_001_T(__taint_src string) { + // 场景特点:在异常抛出路径中传播污点数据 + defer func() { + // recover只能在defer函数中调用,并捕获最新一次panic的值 + if r := recover(); r != nil { + __taint_sink(r) + } + }() + + // 立即平直当前函数,依次执行 defer 函数 + panic(__taint_src) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + exception_catch_001_T(__taint_src) +} diff --git a/sast-go/cases/accuracy/path_sensitive/exception_throw/exception_catch_002_F/exception_catch_002_F.go b/sast-go/cases/accuracy/path_sensitive/exception_throw/exception_catch_002_F/exception_catch_002_F.go new file mode 100644 index 00000000..b497256f --- /dev/null +++ b/sast-go/cases/accuracy/path_sensitive/exception_throw/exception_catch_002_F/exception_catch_002_F.go @@ -0,0 +1,35 @@ +// evaluation information start +// real case = false +// evaluation item = 准确度->路径敏感分析->异常抛出和捕获 +// scene introduction = 异常抛出路径 +// level = 3 +// bind_url = accuracy/path_sensitive/exception_throw/exception_catch_002_F/exception_catch_002_F +// date = 2025-12-01 16:29:18 +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func exception_catch_002_F(__taint_src string) { + // 场景特点:在异常抛出路径中传播污点数据,但污点数据未传播到汇聚点 + defer func() { + if r := recover(); r != nil { + __taint_sink("_") + } + }() + + panic(__taint_src) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + exception_catch_002_F(__taint_src) +} diff --git a/sast-go/cases/accuracy/path_sensitive/exception_throw/exception_catch_003_T/exception_catch_003_T.go b/sast-go/cases/accuracy/path_sensitive/exception_throw/exception_catch_003_T/exception_catch_003_T.go new file mode 100644 index 00000000..41f2fb24 --- /dev/null +++ b/sast-go/cases/accuracy/path_sensitive/exception_throw/exception_catch_003_T/exception_catch_003_T.go @@ -0,0 +1,35 @@ +// evaluation information start +// real case = true +// evaluation item = 准确度->路径敏感分析->异常抛出和捕获 +// scene introduction = 异常抛出路径 +// level = 3 +// bind_url = accuracy/path_sensitive/exception_throw/exception_catch_003_T/exception_catch_003_T +// date = 2025-12-01 16:29:18 +// evaluation information end + +package main + +import ( + "errors" + "fmt" + "os/exec" +) + +func exception_catch_003_T(__taint_src string) { + // 场景特点:在异常抛出路径中传播污点数据 + errMsg := createThrow(__taint_src) + __taint_sink(errMsg.Error()) +} + +func createThrow(msg string) error { + return errors.New(msg) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + exception_catch_003_T(__taint_src) +} diff --git a/sast-go/cases/accuracy/path_sensitive/exception_throw/exception_catch_004_F/exception_catch_004_F.go b/sast-go/cases/accuracy/path_sensitive/exception_throw/exception_catch_004_F/exception_catch_004_F.go new file mode 100644 index 00000000..789dd163 --- /dev/null +++ b/sast-go/cases/accuracy/path_sensitive/exception_throw/exception_catch_004_F/exception_catch_004_F.go @@ -0,0 +1,35 @@ +// evaluation information start +// real case = false +// evaluation item = 准确度->路径敏感分析->异常抛出和捕获 +// scene introduction = 异常抛出路径 +// level = 3 +// date = 2025-12-01 16:29:18 +// bind_url = accuracy/path_sensitive/exception_throw/exception_catch_004_F/exception_catch_004_T +// evaluation information end + +package main + +import ( + "errors" + "fmt" + "os/exec" +) + +func exception_catch_003_T(__taint_src string) { + // 场景特点:在异常抛出路径中传播污点数据 + errMsg := createThrow(__taint_src) + __taint_sink(errMsg.Error()) +} + +func createThrow(msg string) error { + return errors.New("_") +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + exception_catch_003_T(__taint_src) +} diff --git a/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/return_001_T/return_001_T.go b/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/return_001_T/return_001_T.go index 2fed5780..84ad0fcb 100644 --- a/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/return_001_T/return_001_T.go +++ b/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/return_001_T/return_001_T.go @@ -7,7 +7,7 @@ import "os/exec" // evaluation item = 准确度->路径敏感分析->跳转语句 // scene introduction = return // level = 4+ -// bind_url = accuracy/path_sensitive/explicit_jump_control/return/return_001_T/return_001_T +// bind_url = accuracy/path_sensitive/explicit_jump_control/return_001_T/return_001_T // evaluation information end func return_001_T(__taint_src string) string { diff --git a/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/return_002_F/return_002_F.go b/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/return_002_F/return_002_F.go index fe89e048..4ad763ec 100644 --- a/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/return_002_F/return_002_F.go +++ b/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/return_002_F/return_002_F.go @@ -7,7 +7,7 @@ import "os/exec" // evaluation item = 准确度->路径敏感分析->跳转语句 // scene introduction = return // level = 4+ -// bind_url = accuracy/path_sensitive/explicit_jump_control/return/return_002_F/return_002_F +// bind_url = accuracy/path_sensitive/explicit_jump_control/return_002_F/return_002_F // evaluation information end func return_002_F(__taint_src string) string { diff --git a/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_001_F/conditional_if_no_solver_001_F.go b/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_001_T/conditional_if_no_solver_001_T.go similarity index 81% rename from sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_001_F/conditional_if_no_solver_001_F.go rename to sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_001_T/conditional_if_no_solver_001_T.go index e4bd7966..fdb1fdde 100644 --- a/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_001_F/conditional_if_no_solver_001_F.go +++ b/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_001_T/conditional_if_no_solver_001_T.go @@ -1,13 +1,13 @@ package main -import "os/exec" +import "os/exec" // evaluation information start // real case = true // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 // scene introduction = if->区分if else扁平化与分支(不求解) // level = 3 -// bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_001_F/conditional_if_no_solver_001_F +// bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_001_T/conditional_if_no_solver_001_T // evaluation information end func conditional_if_no_solver_001_F(__taint_src string) { @@ -21,9 +21,9 @@ func conditional_if_no_solver_001_F(__taint_src string) { func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } +} func main() { - __taint_src := "taint_src_value" - conditional_if_no_solver_001_F(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + conditional_if_no_solver_001_F(__taint_src) +} diff --git a/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_001_F/conditional_switch_no_solver_001_F.go b/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_001_T/conditional_switch_no_solver_001_T.go similarity index 80% rename from sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_001_F/conditional_switch_no_solver_001_F.go rename to sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_001_T/conditional_switch_no_solver_001_T.go index a3f1d3a8..4a9a3ec9 100644 --- a/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_001_F/conditional_switch_no_solver_001_F.go +++ b/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_001_T/conditional_switch_no_solver_001_T.go @@ -1,13 +1,13 @@ package main -import "os/exec" +import "os/exec" // evaluation information start // real case = true // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 // scene introduction = switch->区分switch平坦化与分支(不需求解) // level = 3 -// bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_001_F/conditional_switch_no_solver_001_F +// bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_001_T/conditional_switch_no_solver_001_T // evaluation information end func conditional_switch_no_solver_001_F(__taint_src string) { @@ -23,9 +23,9 @@ func conditional_switch_no_solver_001_F(__taint_src string) { func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } +} func main() { - __taint_src := "taint_src_value" - conditional_switch_no_solver_001_F(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + conditional_switch_no_solver_001_F(__taint_src) +} diff --git a/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/config.json b/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/config.json index 0634d1a0..8431c302 100644 --- a/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/config.json +++ b/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/config.json @@ -7,7 +7,7 @@ "level": "3", "scene_list": [ { - "compose": "!conditional_if_no_solver_001_F/conditional_if_no_solver_001_F.go && !conditional_if_no_solver_002_F/conditional_if_no_solver_002_F.go", + "compose": "conditional_if_no_solver_001_T/conditional_if_no_solver_001_T.go && !conditional_if_no_solver_002_F/conditional_if_no_solver_002_F.go", "scene": "if->区分if else扁平化与分支(不求解)" }, { @@ -15,7 +15,7 @@ "scene": "if->区分if else具体路径(不求解)" }, { - "compose": "!conditional_switch_no_solver_001_F/conditional_switch_no_solver_001_F.go && !conditional_switch_no_solver_002_F/conditional_switch_no_solver_002_F.go", + "compose": "conditional_switch_no_solver_001_T/conditional_switch_no_solver_001_T.go && !conditional_switch_no_solver_002_F/conditional_switch_no_solver_002_F.go", "scene": "switch->区分switch平坦化与分支(不需求解)" }, { @@ -27,4 +27,4 @@ ] } ] -} \ No newline at end of file +} diff --git a/sast-go/cases/completeness/dynamic_tracing/dynamic_type/config.json b/sast-go/cases/completeness/dynamic_tracing/dynamic_type/config.json deleted file mode 100644 index e69de29b..00000000 diff --git a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/multi_process/config.json b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/multi_process/config.json deleted file mode 100644 index e69de29b..00000000 diff --git a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/multi_thread/config.json b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/multi_thread/config.json index 6b2530dc..8c2719ed 100644 --- a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/multi_thread/config.json +++ b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/multi_thread/config.json @@ -13,6 +13,10 @@ { "compose": "asynchronous_select_001_T/asynchronous_select_001_T.go && !asynchronous_select_002_F/asynchronous_select_002_F.go", "scene": "select" + }, + { + "compose": "atomic_synchronization_001_T/atomic_synchronization_001_T.go && !atomic_synchronization_002_F/atomic_synchronization_002_F.go", + "scene": "原子操作" } ] }, @@ -32,4 +36,4 @@ ] } ] -} \ No newline at end of file +} diff --git a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/atomic_synchronization_001_T/atomic_synchronization_001_T.go b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/atomic_synchronization_001_T/atomic_synchronization_001_T.go new file mode 100644 index 00000000..c985a407 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/atomic_synchronization_001_T/atomic_synchronization_001_T.go @@ -0,0 +1,56 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 +// scene introduction = 原子操作 +// level = 2 +// bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/atomic_synchronization_001_T/atomic_synchronization_001_T +// date = 2025-11-28 10:36:30 +// evaluation information end + +package main + +import ( + "os/exec" + "sync" + "sync/atomic" +) + +func atomic_synchronization_001_T(__taint_src string) { + var sharedData atomic.Value + var done int32 + var wg sync.WaitGroup + + // 场景特点:使用原子操作在goroutine间安全地传递数据 + wg.Add(1) + go func() { + defer wg.Done() + sharedData.Store(__taint_src) + atomic.StoreInt32(&done, 1) + }() + + // 等待写入操作完成 + wg.Wait() + + // 现在进行读取操作 + wg.Add(1) + go func() { + defer wg.Done() + for atomic.LoadInt32(&done) == 0 { + // 等待数据准备完成 + } + data := sharedData.Load().(string) + __taint_sink(data) + }() + + // 等待读取操作完成 + wg.Wait() +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := "taint_src_value" + atomic_synchronization_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/atomic_synchronization_002_F/atomic_synchronization_002_F.go b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/atomic_synchronization_002_F/atomic_synchronization_002_F.go new file mode 100644 index 00000000..16cce2cf --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/atomic_synchronization_002_F/atomic_synchronization_002_F.go @@ -0,0 +1,56 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 +// scene introduction = 原子操作 +// level = 2 +// bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/atomic_synchronization_002_F/atomic_synchronization_002_F +// date = 2025-11-28 10:36:30 +// evaluation information end + +package main + +import ( + "os/exec" + "sync" + "sync/atomic" +) + +func atomic_synchronization_002_F(__taint_src string) { + var sharedData atomic.Value + var done int32 + var wg sync.WaitGroup + + // 场景特点:使用原子操作在goroutine间传递数据,但污染数据未传递到sink + wg.Add(1) + go func() { + defer wg.Done() + sharedData.Store(__taint_src) // 污染源存储到原子值 + atomic.StoreInt32(&done, 1) + }() + + // 等待写入操作完成 + wg.Wait() + + // 现在进行读取操作 + wg.Add(1) + go func() { + defer wg.Done() + for atomic.LoadInt32(&done) == 0 { + // 等待数据准备完成 + } + _ = sharedData.Load() // 读取原子值但不传递到sink + __taint_sink("clean_data") // 使用干净数据 + }() + + // 等待读取操作完成 + wg.Wait() +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := "taint_src_value" + atomic_synchronization_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/cond_synchronization_001_T/cond_synchronization_001_T.go b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/cond_synchronization_001_T/cond_synchronization_001_T.go new file mode 100644 index 00000000..09eb1c6e --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/cond_synchronization_001_T/cond_synchronization_001_T.go @@ -0,0 +1,51 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 +// scene introduction = 条件变量 +// level = 2 +// bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/cond_synchronization_001_T/cond_synchronization_001_T +// date = 2025-11-28 10:36:30 +// evaluation information end + +package main + +import ( + "os/exec" + "sync" +) + +func cond_synchronization_001_T(__taint_src string) { + var mu sync.Mutex + cond := sync.NewCond(&mu) + var result string = "" + var wg sync.WaitGroup + + wg.Add(1) + // 启动一个goroutine来通知条件变量 + go func() { + defer wg.Done() + // 场景特点:使用条件变量等待和通知机制同步数据 + mu.Lock() + for result == "" { + cond.Wait() + } + __taint_sink(result) + mu.Unlock() + }() + + mu.Lock() + result = __taint_src + cond.Signal() + mu.Unlock() + + wg.Wait() +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := "taint_src_value" + cond_synchronization_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/cond_synchronization_002_F/cond_synchronization_002_F.go b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/cond_synchronization_002_F/cond_synchronization_002_F.go new file mode 100644 index 00000000..0000478d --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/cond_synchronization_002_F/cond_synchronization_002_F.go @@ -0,0 +1,51 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 +// scene introduction = 条件变量 +// level = 2 +// bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/cond_synchronization_002_F/cond_synchronization_002_F +// date = 2025-11-28 10:36:30 +// evaluation information end + +package main + +import ( + "os/exec" + "sync" +) + +func cond_synchronization_002_F(__taint_src string) { + var mu sync.Mutex + cond := sync.NewCond(&mu) + var result string = "" + var wg sync.WaitGroup + + wg.Add(1) + // 启动一个goroutine来通知条件变量 + go func() { + defer wg.Done() + // 场景特点:使用条件变量等待和通知机制同步数据 + mu.Lock() + for result == "" { + cond.Wait() + } + __taint_sink(result) + mu.Unlock() + }() + + mu.Lock() + result = "safe_value" + cond.Signal() + mu.Unlock() + + wg.Wait() +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := "taint_src_value" + cond_synchronization_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/config.json b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/config.json index 434cc236..e738225e 100644 --- a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/config.json +++ b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/config.json @@ -1,8 +1,46 @@ { "promise_callback_await": [ { - "evaluation_item": "", - "scene_levels": [] + "evaluation_item": "完整度->单应用跟踪完整度->并发、多线程、异步->同步原语", + "scene_levels": [ + { + "level": "2", + "scene_list": [ + { + "compose": "mutex_synchronization_001_T/mutex_synchronization_001_T.go && !mutex_synchronization_002_F/mutex_synchronization_002_F.go", + "scene": "互斥锁" + }, + { + "compose": "rwmutex_synchronization_001_T/rwmutex_synchronization_001_T.go && !rwmutex_synchronization_002_F/rwmutex_synchronization_002_F.go", + "scene": "读写锁" + }, + { + "compose": "cond_synchronization_001_T/cond_synchronization_001_T.go && !cond_synchronization_002_F/cond_synchronization_002_F.go", + "scene": "条件变量" + }, + { + "compose": "atomic_synchronization_001_T/atomic_synchronization_001_T.go && !atomic_synchronization_002_F/atomic_synchronization_002_F.go", + "scene": "原子操作" + }, + { + "compose": "waitgroup_synchronization_001_T/waitgroup_synchronization_001_T.go && !waitgroup_synchronization_002_F/waitgroup_synchronization_002_F.go", + "scene": "WaitGroup" + }, + { + "compose": "once_execution_001_T/once_execution_001_T.go && !once_execution_002_F/once_execution_002_F.go", + "scene": "Once单次执行" + }, + { + "compose": "synchronization_primitive_001_T/synchronization_primitive_001_T.go && !synchronization_primitive_002_F/synchronization_primitive_002_F.go", + "scene": "同步原语-'<-'" + }, + { + "compose": "synchronization_primitive_003_T/synchronization_primitive_003_T.go && !synchronization_primitive_004_F/synchronization_primitive_004_F.go", + "scene": "同步原语-'<-'2" + } + ] + } + ] } ] -} \ No newline at end of file +} diff --git a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/mutex_synchronization_001_T/mutex_synchronization_001_T.go b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/mutex_synchronization_001_T/mutex_synchronization_001_T.go new file mode 100644 index 00000000..24e6da63 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/mutex_synchronization_001_T/mutex_synchronization_001_T.go @@ -0,0 +1,53 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 +// scene introduction = 互斥锁 +// level = 2 +// bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/mutex_synchronization_001_T/mutex_synchronization_001_T +// date = 2025-11-28 10:36:30 +// evaluation information end + +package main + +import ( + "os/exec" + "sync" + "time" +) + +func mutex_synchronization_001_T(__taint_src string) { + var mu sync.Mutex + var wg sync.WaitGroup + var result string = __taint_src + + wg.Add(2) + // 场景特点:使用互斥锁保护临界区,确保数据一致性 + go func() { + defer wg.Done() + mu.Lock() + time.Sleep(2 * time.Second) + result = result + "1" + mu.Unlock() + }() + + go func() { + defer wg.Done() + time.Sleep(1 * time.Second) + mu.Lock() + result = result + "2" + mu.Unlock() + }() + + wg.Wait() + + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := "taint_src_value" + mutex_synchronization_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/mutex_synchronization_002_F/mutex_synchronization_002_F.go b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/mutex_synchronization_002_F/mutex_synchronization_002_F.go new file mode 100644 index 00000000..2f97ea74 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/mutex_synchronization_002_F/mutex_synchronization_002_F.go @@ -0,0 +1,53 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 +// scene introduction = 互斥锁 +// level = 2 +// bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/mutex_synchronization_002_F/mutex_synchronization_002_F +// date = 2025-11-28 10:36:30 +// evaluation information end + +package main + +import ( + "os/exec" + "sync" + "time" +) + +func mutex_synchronization_002_F(__taint_src string) { + var mu sync.Mutex + var wg sync.WaitGroup + var result string = __taint_src + + wg.Add(2) + // 场景特点:使用互斥锁保护临界区,确保数据一致性 + go func() { + defer wg.Done() + mu.Lock() + time.Sleep(2 * time.Second) + result = "1" + mu.Unlock() + }() + + go func() { + defer wg.Done() + time.Sleep(1 * time.Second) + mu.Lock() + result = result + "2" + mu.Unlock() + }() + + wg.Wait() + + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := "taint_src_value" + mutex_synchronization_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/once_execution_001_T/once_execution_001_T.go b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/once_execution_001_T/once_execution_001_T.go new file mode 100644 index 00000000..17b92372 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/once_execution_001_T/once_execution_001_T.go @@ -0,0 +1,42 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 +// scene introduction = Once单次执行 +// level = 2 +// bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/once_execution_001_T/once_execution_001_T +// date = 2025-11-28 10:36:30 +// evaluation information end + +package main + +import ( + "os/exec" + "sync" +) + +var once sync.Once +var result string + +func createOnce() { + once.Do(func() { + result = result + "1" + }) +} + +func once_execution_001_T(__taint_src string) { + result = __taint_src + // 场景特点:使用Once确保函数只执行一次,保护数据初始化 + createOnce() + createOnce() + + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := "taint_src_value" + once_execution_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/once_execution_002_F/once_execution_002_F.go b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/once_execution_002_F/once_execution_002_F.go new file mode 100644 index 00000000..78103b0e --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/once_execution_002_F/once_execution_002_F.go @@ -0,0 +1,42 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 +// scene introduction = Once单次执行 +// level = 2 +// bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/once_execution_002_F/once_execution_002_F +// date = 2025-11-28 10:36:30 +// evaluation information end + +package main + +import ( + "os/exec" + "sync" +) + +var once sync.Once +var result string + +func createOnce() { + once.Do(func() { + result = "safe_value" + }) +} + +func once_execution_002_F(__taint_src string) { + result = __taint_src + // 场景特点:使用Once确保函数只执行一次,但污染源未传递到结果 + createOnce() + createOnce() + + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := "taint_src_value" + once_execution_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/rwmutex_synchronization_001_T/rwmutex_synchronization_001_T.go b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/rwmutex_synchronization_001_T/rwmutex_synchronization_001_T.go new file mode 100644 index 00000000..76c40e60 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/rwmutex_synchronization_001_T/rwmutex_synchronization_001_T.go @@ -0,0 +1,51 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 +// scene introduction = 读写锁 +// level = 2 +// bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/rwmutex_synchronization_001_T/rwmutex_synchronization_001_T +// date = 2025-11-28 10:36:30 +// evaluation information end + +package main + +import ( + "os/exec" + "sync" + "time" +) + +func rwmutex_synchronization_001_T(__taint_src string) { + var rwMu sync.RWMutex + var result string + var wg sync.WaitGroup + + wg.Add(2) + // 场景特点:使用读写锁保护数据,写操作加写锁 + go func() { + defer wg.Done() + rwMu.Lock() + result = __taint_src + rwMu.Unlock() + }() + + go func() { + defer wg.Done() + time.Sleep(1 * time.Second) + rwMu.RLock() + __taint_sink(result) + rwMu.RUnlock() + }() + + wg.Wait() + +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := "taint_src_value" + rwmutex_synchronization_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/rwmutex_synchronization_002_F/rwmutex_synchronization_002_F.go b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/rwmutex_synchronization_002_F/rwmutex_synchronization_002_F.go new file mode 100644 index 00000000..06451bbb --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/rwmutex_synchronization_002_F/rwmutex_synchronization_002_F.go @@ -0,0 +1,51 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 +// scene introduction = 读写锁 +// level = 2 +// bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/rwmutex_synchronization_002_F/rwmutex_synchronization_002_F +// date = 2025-11-28 10:36:30 +// evaluation information end + +package main + +import ( + "os/exec" + "sync" + "time" +) + +func rwmutex_synchronization_002_F(__taint_src string) { + var rwMu sync.RWMutex + var result string + var wg sync.WaitGroup + + wg.Add(2) + // 场景特点:使用读写锁保护数据,写操作加写锁 + go func() { + defer wg.Done() + rwMu.Lock() + result = __taint_src + rwMu.Unlock() + }() + + go func() { + defer wg.Done() + time.Sleep(1 * time.Second) + rwMu.RLock() + _ = result + __taint_sink("safe_value") + rwMu.RUnlock() + }() + + wg.Wait() +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := "taint_src_value" + rwmutex_synchronization_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/synchronization_primitive/synchronization_primitive_001_T/synchronization_primitive_001_T.go b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/synchronization_primitive_001_T/synchronization_primitive_001_T.go similarity index 87% rename from sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/synchronization_primitive/synchronization_primitive_001_T/synchronization_primitive_001_T.go rename to sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/synchronization_primitive_001_T/synchronization_primitive_001_T.go index 9dfb7dda..c1fece3f 100644 --- a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/synchronization_primitive/synchronization_primitive_001_T/synchronization_primitive_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/synchronization_primitive_001_T/synchronization_primitive_001_T.go @@ -4,7 +4,7 @@ // evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 // scene introduction = 同步原语-'<-' // level = 2 -// bind_url = completeness/single_app_tracing/asynchronous_tracing/synchronization_primitive/synchronization_primitive_001_T/synchronization_primitive_001_T +// bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/synchronization_primitive_001_T/synchronization_primitive_001_T // evaluation information end package main diff --git a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/synchronization_primitive/synchronization_primitive_002_F/synchronization_primitive_002_F.go b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/synchronization_primitive_002_F/synchronization_primitive_002_F.go similarity index 88% rename from sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/synchronization_primitive/synchronization_primitive_002_F/synchronization_primitive_002_F.go rename to sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/synchronization_primitive_002_F/synchronization_primitive_002_F.go index c0f4d4f0..3220c2f0 100644 --- a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/synchronization_primitive/synchronization_primitive_002_F/synchronization_primitive_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/synchronization_primitive_002_F/synchronization_primitive_002_F.go @@ -4,7 +4,7 @@ // evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 // scene introduction = 同步原语-'<-' // level = 2 -// bind_url = completeness/single_app_tracing/asynchronous_tracing/synchronization_primitive/synchronization_primitive_002_F/synchronization_primitive_002_F +// bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/synchronization_primitive_002_F/synchronization_primitive_002_F // evaluation information end package main diff --git a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/synchronization_primitive/synchronization_primitive_003_T/synchronization_primitive_003_T.go b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/synchronization_primitive_003_T/synchronization_primitive_003_T.go similarity index 88% rename from sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/synchronization_primitive/synchronization_primitive_003_T/synchronization_primitive_003_T.go rename to sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/synchronization_primitive_003_T/synchronization_primitive_003_T.go index 73f77162..31673c15 100644 --- a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/synchronization_primitive/synchronization_primitive_003_T/synchronization_primitive_003_T.go +++ b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/synchronization_primitive_003_T/synchronization_primitive_003_T.go @@ -4,7 +4,7 @@ // evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 // scene introduction = 同步原语-'<-' // level = 2 -// bind_url = completeness/single_app_tracing/asynchronous_tracing/synchronization_primitive/synchronization_primitive_003_T/synchronization_primitive_003_T +// bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/synchronization_primitive_003_T/synchronization_primitive_003_T // evaluation information end package main diff --git a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/synchronization_primitive/synchronization_primitive_004_F/synchronization_primitive_004_F.go b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/synchronization_primitive_004_F/synchronization_primitive_004_F.go similarity index 88% rename from sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/synchronization_primitive/synchronization_primitive_004_F/synchronization_primitive_004_F.go rename to sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/synchronization_primitive_004_F/synchronization_primitive_004_F.go index 428d2602..dd67c5ae 100644 --- a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/synchronization_primitive/synchronization_primitive_004_F/synchronization_primitive_004_F.go +++ b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/synchronization_primitive_004_F/synchronization_primitive_004_F.go @@ -4,7 +4,7 @@ // evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 // scene introduction = 同步原语-'<-' // level = 2 -// bind_url = completeness/single_app_tracing/asynchronous_tracing/synchronization_primitive/synchronization_primitive_004_F/synchronization_primitive_004_F +// bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/synchronization_primitive_004_F/synchronization_primitive_004_F // evaluation information end package main diff --git a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/waitgroup_synchronization_001_T/waitgroup_synchronization_001_T.go b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/waitgroup_synchronization_001_T/waitgroup_synchronization_001_T.go new file mode 100644 index 00000000..9cb18cad --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/waitgroup_synchronization_001_T/waitgroup_synchronization_001_T.go @@ -0,0 +1,39 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 +// scene introduction = WaitGroup +// level = 2 +// bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/waitgroup_synchronization_001_T/waitgroup_synchronization_001_T +// date = 2025-11-28 10:36:30 +// evaluation information end + +package main + +import ( + "os/exec" + "sync" +) + +func waitgroup_synchronization_001_T(__taint_src string) { + var wg sync.WaitGroup + var result string + + wg.Add(1) + go func() { + defer wg.Done() + // 场景特点:使用WaitGroup等待goroutine完成,确保数据传递 + result = __taint_src + }() + + wg.Wait() + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := "taint_src_value" + waitgroup_synchronization_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/waitgroup_synchronization_002_F/waitgroup_synchronization_002_F.go b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/waitgroup_synchronization_002_F/waitgroup_synchronization_002_F.go new file mode 100644 index 00000000..4daa382c --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/waitgroup_synchronization_002_F/waitgroup_synchronization_002_F.go @@ -0,0 +1,40 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 +// scene introduction = WaitGroup +// level = 2 +// bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/waitgroup_synchronization_002_F/waitgroup_synchronization_002_F +// date = 2025-11-28 10:36:30 +// evaluation information end + +package main + +import ( + "os/exec" + "sync" +) + +func waitgroup_synchronization_002_F(__taint_src string) { + var wg sync.WaitGroup + var result string + + wg.Add(1) + go func() { + defer wg.Done() + // 场景特点:使用WaitGroup等待goroutine完成,但污染源未传递到结果 + result = __taint_src + }() + + wg.Wait() + result = "safe_value" // 污染源被覆盖 + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := "taint_src_value" + waitgroup_synchronization_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/synchronization_primitive/config.json b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/synchronization_primitive/config.json deleted file mode 100644 index 7f7ad3bb..00000000 --- a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/synchronization_primitive/config.json +++ /dev/null @@ -1,22 +0,0 @@ -{ - "synchronization_primitive": [ - { - "evaluation_item": "完整度->单应用跟踪完整度->并发、多线程、异步->同步原语", - "scene_levels": [ - { - "level": "2", - "scene_list": [ - { - "compose": "synchronization_primitive_001_T/synchronization_primitive_001_T.go && !synchronization_primitive_002_F/synchronization_primitive_002_F.go", - "scene": "同步原语-'<-'" - }, - { - "compose": "synchronization_primitive_003_T/synchronization_primitive_003_T.go && !synchronization_primitive_004_F/synchronization_primitive_004_F.go", - "scene": "同步原语-'<-'2" - } - ] - } - ] - } - ] -} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/config.json b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/config.json index 99274d08..e74b9ab4 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/config.json +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/config.json @@ -25,6 +25,34 @@ { "compose": "(cross_directory_009_T/cross/cross_directory_009_T.go || cross_directory_009_T/cross/cross_init/cross_directory_init_009_T.go) && !(cross_directory_010_F/cross/cross_directory_010_F.go || cross_directory_010_F/cross/cross_init/cross_directory_init_010_F.go)", "scene": "跨package5" + }, + { + "compose": "(cross_directory_011_T/cross/cross_01/cross_directory_011_T_b.go || cross_directory_011_T/cross_directory_011_T_a/cross_directory_011_T_a.go) && !(cross_directory_012_F/cross/cross_01/cross_directory_012_F_b.go || cross_directory_012_F/cross_directory_012_F_a/cross_directory_012_F_a.go)", + "scene": "replace包层级调用链1" + }, + { + "compose": "(cross_directory_013_T/cross/other/cross_01/cross_directory_013_T_b.go || cross_directory_013_T/cross_directory_013_T_a/cross_directory_013_T_a.go) && !(cross_directory_014_F/cross/other/cross_01/cross_directory_014_F_b.go || cross_directory_014_F/cross_directory_014_F_a/cross_directory_014_F_a.go)", + "scene": "replace包层级调用链2" + }, + { + "compose": "(cross_directory_021_T/cross/cross_same_name_021_T.go || cross_directory_021_T/main_dir/cross_directory_021_T_a.go || cross_directory_021_T/main_dir/cross_directory_021_T_b.go || cross_directory_021_T/other/cross/cross_same_name_021_T.go) && !(cross_directory_022_F/cross/cross_same_name_022_F.go || cross_directory_022_F/main_dir/cross_directory_022_F_a.go || cross_directory_022_F/main_dir/cross_directory_022_F_b.go || cross_directory_022_F/other/cross/cross_same_name_022_F.go)", + "scene": "同名包导入区分" + }, + { + "compose": "(cross_directory_023_T/cross/cross_directory_023_T.go || cross_directory_023_T/cross/cross_01/cross_directory_023_T_a.go) && !(cross_directory_024_F/cross/cross_directory_024_F.go || cross_directory_024_F/cross/cross_01/cross_directory_024_F_a.go)", + "scene": "可见性校验" + }, + { + "compose": "(cross_directory_025_T/cross/cross_01/cross_directory_025_T_a.go || cross_directory_025_T/cross/cross_directory_025_T.go) && !(cross_directory_026_F/cross/cross_01/cross_directory_026_F_a.go || cross_directory_026_F/cross/cross_directory_026_F.go)", + "scene": "导入路径与包名解耦" + }, + { + "compose": "(cross_directory_027_T/cross_01/cross_same_name_027_T.go || cross_directory_027_T/cross_02/cross_same_name_027_T.go || cross_directory_027_T/cross_directory_027_T.go) && !(cross_directory_028_F/cross_01/cross_same_name_028_F.go || cross_directory_028_F/cross_02/cross_same_name_028_F.go || cross_directory_028_F/cross_directory_028_F.go)", + "scene": "同名包路径区分" + }, + { + "compose": "(cross_directory_029_T/cross/cross_01/cross_directory_029_T_a.go || cross_directory_029_T/cross/cross_directory_029_T.go) && !(cross_directory_030_F/cross/cross_01/cross_directory_030_F_a.go || cross_directory_030_F/cross/cross_directory_030_F.go)", + "scene": "识别导入根目录" } ] } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_009_T/cross/cross_init/cross_directory_init_009_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_009_T/cross/cross_init/cross_directory_init_009_T.go index 76ab2ec1..2ab0eba5 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_009_T/cross/cross_init/cross_directory_init_009_T.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_009_T/cross/cross_init/cross_directory_init_009_T.go @@ -3,7 +3,7 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 跨package5 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_009_T/cross/ccross_init/cross_directory_init_009_T +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_009_T/cross/cross_init/cross_directory_init_009_T // evaluation information end package pkg diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/cross_directory_011_T_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/cross_directory_011_T_b.go new file mode 100644 index 00000000..cf7daea6 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/cross_directory_011_T_b.go @@ -0,0 +1,18 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = replace包层级调用链 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/cross_directory_011_T_b +// evaluation information end + +package cross_directory_011_T_b +import "os/exec" + +func SayHello(taint_src string) { + __taint_sink(taint_src) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/go.mod new file mode 100644 index 00000000..2c7edc9e --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/go.mod @@ -0,0 +1,3 @@ +module cross/cross_01 + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross_directory_011_T_a/cross_directory_011_T_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross_directory_011_T_a/cross_directory_011_T_a.go new file mode 100644 index 00000000..b39f0ded --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross_directory_011_T_a/cross_directory_011_T_a.go @@ -0,0 +1,23 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = replace包层级调用链 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross_directory_011_T_a/cross_directory_011_T_a +// evaluation information end + +// 这里有两个go.mod文件 cross_directory_011_T文件夹下的go.mod文件是负责"指路"(replace指令),当看到 import "cross/cross_01" 时 +// 不要去其他地方寻找 应该去本地的 ./cross/cross_01 目录找,cross_01文件夹下的go.mod文件是"亮明身份",告诉go模块 我确实是你要找的文件。 +// 执行跨模块文件时需先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T +// 再执行go run cross_directory_011_T_a/cross_directory_011_T_a.go +package main +import "cross/cross_01" + +func cross_directory_011_T_a(__taint_src string) { + cross_directory_011_T_b.SayHello(__taint_src) +} + +func main() { + __taint_src := "taint_src_value" + cross_directory_011_T_a(__taint_src) +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/go.mod new file mode 100644 index 00000000..bb2fdd71 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/go.mod @@ -0,0 +1,7 @@ +module cross_directory_011_T + +go 1.20 + +replace cross/cross_01 => ./cross/cross_01 + +require cross/cross_01 v0.0.0-00010101000000-000000000000 // indirect diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/cross_directory_012_F_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/cross_directory_012_F_b.go new file mode 100644 index 00000000..4dfdba1c --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/cross_directory_012_F_b.go @@ -0,0 +1,18 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = replace包层级调用链 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/cross_directory_012_F_b +// evaluation information end + +package cross_directory_012_F_b +import "os/exec" + +func SayHello(taint_src string) { + __taint_sink("_") +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/go.mod new file mode 100644 index 00000000..2c7edc9e --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/go.mod @@ -0,0 +1,3 @@ +module cross/cross_01 + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross_directory_012_F_a/cross_directory_012_F_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross_directory_012_F_a/cross_directory_012_F_a.go new file mode 100644 index 00000000..c3e493ea --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross_directory_012_F_a/cross_directory_012_F_a.go @@ -0,0 +1,23 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = replace包层级调用链 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross_directory_012_F_a/cross_directory_012_F_a +// evaluation information end + +// 这里有两个go.mod文件 cross_directory_012_F文件夹下的go.mod文件是负责"指路"(replace指令),当看到 import "cross/cross_01" 时 +// 不要去其他地方寻找 应该去本地的 ./cross/cross_01 目录找,cross_01文件夹下的go.mod文件是"亮明身份",告诉go模块 我确实是你要找的文件。 +// 执行跨模块文件时需先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F +// 再执行go run cross_directory_012_F_a/cross_directory_012_F_a.go +package main +import "cross/cross_01" + +func cross_directory_012_F_a(__taint_src string) { + cross_directory_012_F_b.SayHello(__taint_src) +} + +func main() { + __taint_src := "taint_src_value" + cross_directory_012_F_a(__taint_src) +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/go.mod new file mode 100644 index 00000000..1158d2fa --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/go.mod @@ -0,0 +1,7 @@ +module cross_directory_012_F + +go 1.20 + +replace cross/cross_01 => ./cross/cross_01 + +require cross/cross_01 v0.0.0-00010101000000-000000000000 diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/cross_directory_013_T_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/cross_directory_013_T_b.go new file mode 100644 index 00000000..8e708924 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/cross_directory_013_T_b.go @@ -0,0 +1,18 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = replace包层级调用链 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/cross_directory_013_T_b +// evaluation information end + +package cross_directory_013_T_b +import "os/exec" + +func SayHello(taint_src string) { + __taint_sink(taint_src) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/go.mod new file mode 100644 index 00000000..35cbddd5 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/go.mod @@ -0,0 +1,3 @@ +module cross/other/cross_01 + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross_directory_013_T_a/cross_directory_013_T_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross_directory_013_T_a/cross_directory_013_T_a.go new file mode 100644 index 00000000..56b2b1d8 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross_directory_013_T_a/cross_directory_013_T_a.go @@ -0,0 +1,23 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = replace包层级调用链 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross_directory_013_T_a/cross_directory_013_T_a +// evaluation information end + +// 这里有两个go.mod文件 cross_directory_013_T文件夹下的go.mod文件是负责"指路"(replace指令),当看到 import "cross/other/cross_01" 时 +// 不要去其他地方寻找 应该去本地的 .cross/other/cross_01 目录找,cross_01文件夹下的go.mod文件是"亮明身份",告诉go模块 我确实是你要找的文件。 +// 执行跨模块文件时需先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T +// 再执行go run cross_directory_013_T_a/cross_directory_013_T_a.go +package main +import "cross/other/cross_01" + +func cross_directory_013_T_a(__taint_src string) { + cross_directory_013_T_b.SayHello(__taint_src) +} + +func main() { + __taint_src := "taint_src_value" + cross_directory_013_T_a(__taint_src) +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/go.mod new file mode 100644 index 00000000..80d03798 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/go.mod @@ -0,0 +1,7 @@ +module cross_directory_013_T + +go 1.20 + +replace cross/other/cross_01 => ./cross/other/cross_01 + +require cross/other/cross_01 v0.0.0-00010101000000-000000000000 // indirect diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/cross_directory_014_F_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/cross_directory_014_F_b.go new file mode 100644 index 00000000..f6820707 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/cross_directory_014_F_b.go @@ -0,0 +1,18 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = replace包层级调用链 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/cross_directory_014_F_b +// evaluation information end + +package cross_directory_014_F_b +import "os/exec" + +func SayHello(taint_src string) { + __taint_sink("_") +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/go.mod new file mode 100644 index 00000000..35cbddd5 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/go.mod @@ -0,0 +1,3 @@ +module cross/other/cross_01 + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross_directory_014_F_a/cross_directory_014_F_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross_directory_014_F_a/cross_directory_014_F_a.go new file mode 100644 index 00000000..bc2831d0 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross_directory_014_F_a/cross_directory_014_F_a.go @@ -0,0 +1,23 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = replace包层级调用链 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross_directory_014_F_a/cross_directory_014_F_a +// evaluation information end + +// 这里有两个go.mod文件 cross_directory_014_F文件夹下的go.mod文件是负责"指路"(replace指令),当看到 import "cross/other/cross_01" 时 +// 不要去其他地方寻找 应该去本地的 .cross/other/cross_01 目录找,cross_01文件夹下的go.mod文件是"亮明身份",告诉go模块 我确实是你要找的文件。 +// 执行跨模块文件时需先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F +// 再执行go run cross_directory_014_F_a/cross_directory_014_F_a.go +package main +import "cross/other/cross_01" + +func cross_directory_014_F_a(__taint_src string) { + cross_directory_014_F_b.SayHello(__taint_src) +} + +func main() { + __taint_src := "taint_src_value" + cross_directory_014_F_a(__taint_src) +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/go.mod new file mode 100644 index 00000000..6bb8be51 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/go.mod @@ -0,0 +1,7 @@ +module cross_directory_014_F + +go 1.20 + +replace cross/other/cross_01 => ./cross/other/cross_01 + +require cross/other/cross_01 v0.0.0-00010101000000-000000000000 // indirect diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/cross/cross_same_name_021_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/cross/cross_same_name_021_T.go new file mode 100644 index 00000000..e85ff593 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/cross/cross_same_name_021_T.go @@ -0,0 +1,20 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包导入区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/cross/cross_same_name_021_T +// evaluation information end + +package cross_same_name_021_T +import "os/exec" + +func SayHello(taint_src string) { + __taint_sink(taint_src) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } + + \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/go.mod new file mode 100644 index 00000000..6e69eece --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/go.mod @@ -0,0 +1,3 @@ +module cross_directory_021_T + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_a.go new file mode 100644 index 00000000..00dbc022 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_a.go @@ -0,0 +1,24 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包导入区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_a +// evaluation information end + + +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T +// 再执行go run main_dir/cross_directory_021_T_a.go + +package main +import "cross_directory_021_T/cross" + +var __taint_src = "taint_src_value" + +func init() { + cross_same_name_021_T.SayHello(__taint_src) +} + +func main() { + return +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_b.go new file mode 100644 index 00000000..22301eb1 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_b.go @@ -0,0 +1,25 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包导入区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_b +// evaluation information end + + +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T +// 再执行go run main_dir/cross_directory_021_T_b.go + + +package main +import "cross_directory_021_T/other/cross" + +var __taint_src = "taint_src_value" + +func init() { + cross_same_name_021_T.SayHello(__taint_src) +} + +func main() { + return +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/other/cross/cross_same_name_021_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/other/cross/cross_same_name_021_T.go new file mode 100644 index 00000000..a861ccef --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/other/cross/cross_same_name_021_T.go @@ -0,0 +1,18 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包导入区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/other/cross/cross_same_name_021_T +// evaluation information end + + +package cross_same_name_021_T +import "os/exec" +func SayHello(taint_src string) { + __taint_sink(taint_src) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/cross/cross_same_name_022_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/cross/cross_same_name_022_F.go new file mode 100644 index 00000000..18c85d90 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/cross/cross_same_name_022_F.go @@ -0,0 +1,20 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包导入区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/cross/cross_same_name_022_F +// evaluation information end + +package cross_same_name_022_F +import "os/exec" + +func SayHello(taint_src string) { + __taint_sink(taint_src) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } + + \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/go.mod new file mode 100644 index 00000000..fadb9201 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/go.mod @@ -0,0 +1,3 @@ +module cross_directory_022_F + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_a.go new file mode 100644 index 00000000..b948b04a --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_a.go @@ -0,0 +1,24 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包导入区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_a +// evaluation information end + + +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F +// 再执行go run main_dir/cross_directory_022_F_a.go + +package main +import "cross_directory_022_F/cross" + +var __taint_src = "_" + +func init() { + cross_same_name_022_F.SayHello(__taint_src) +} + +func main() { + return +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_b.go new file mode 100644 index 00000000..bb0eecaf --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_b.go @@ -0,0 +1,25 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包导入区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_b +// evaluation information end + + +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F +// 再执行go run main_dir/cross_directory_022_F_b.go + + +package main +import "cross_directory_022_F/other/cross" + +var __taint_src = "abc" + +func init() { + cross_same_name_022_F.SayHello(__taint_src) +} + +func main() { + return +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/other/cross/cross_same_name_022_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/other/cross/cross_same_name_022_F.go new file mode 100644 index 00000000..79b1c443 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/other/cross/cross_same_name_022_F.go @@ -0,0 +1,19 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包导入区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/other/cross/cross_same_name_022_F +// evaluation information end + + +package cross_same_name_022_F +import "os/exec" + +func SayHello(taint_src string) { + __taint_sink(taint_src) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_01/cross_directory_023_T_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_01/cross_directory_023_T_a.go new file mode 100644 index 00000000..b90bb7da --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_01/cross_directory_023_T_a.go @@ -0,0 +1,14 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 可见性校验 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_01/cross_directory_023_T_a +// evaluation information end + + +package cross_01 + +var status string = "private" + +var Status string = "taint_src_value" diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_directory_023_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_directory_023_T.go new file mode 100644 index 00000000..7bea4cfa --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_directory_023_T.go @@ -0,0 +1,32 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 可见性校验 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_directory_023_T +// evaluation information end + +// 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T +// 再执行 go run cross/cross_directory_023_T.go +package main + +import ( + "cross_directory_023_T/cross/cross_01" + "fmt" + "os/exec" +) + +// Go语言中,一个包内只有大写开头的Symbol能够被导出(对外部可见) +// 考察特性:@@@@是否会错误地将小写的(非public的)Symbol错误的import过来 + +func cross_directory_023_T() { + __taint_sink(cross_01.Status) //Status大写 应该被正确import过来 +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + cross_directory_023_T() +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/go.mod new file mode 100644 index 00000000..d97f3000 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/go.mod @@ -0,0 +1,3 @@ +module cross_directory_023_T + +go 1.20 diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_01/cross_directory_024_F_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_01/cross_directory_024_F_a.go new file mode 100644 index 00000000..e0de314f --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_01/cross_directory_024_F_a.go @@ -0,0 +1,14 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 可见性校验 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_01/cross_directory_024_F_a +// evaluation information end + + +package cross_01 + +var status string = "private" + +var Status string = "taint_src_value" diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_directory_024_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_directory_024_F.go new file mode 100644 index 00000000..76c4b5d5 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_directory_024_F.go @@ -0,0 +1,32 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 可见性校验 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_directory_024_F +// evaluation information end + +// 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F +// 再执行 go run cross/cross_directory_024_F.go + +package main + +import ( + "fmt" + "os/exec" +) + +// Go语言中,一个包内只有大写开头的Symbol能够被导出(对外部可见) +// 考察特性:@@@@是否会错误地将小写的(非public的)Symbol错误的import过来 + +func cross_directory_024_F() { + __taint_sink(cross_01.status) //status小写 若正确处理,无法获取到cross_01.status +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + cross_directory_024_F() +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/go.mod new file mode 100644 index 00000000..501fc33c --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/go.mod @@ -0,0 +1,3 @@ +module cross_directory_024_F + +go 1.20 diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_01/cross_directory_025_T_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_01/cross_directory_025_T_a.go new file mode 100644 index 00000000..49240120 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_01/cross_directory_025_T_a.go @@ -0,0 +1,23 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 导入路径与包名解耦 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_01/cross_directory_025_T_a +// evaluation information end + + +package cross_directory_025_T_a + +var status string + +type Person struct { + Name string + Age int +} + +func (p Person) Swimming(taint_src string) string { + status = taint_src + return status +} + diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_directory_025_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_directory_025_T.go new file mode 100644 index 00000000..3d216b90 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_directory_025_T.go @@ -0,0 +1,32 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 导入路径与包名解耦 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_directory_025_T +// evaluation information end + +// 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T +// 再执行 go run cross/cross_directory_025_T.go +package main +import ( + "fmt" + "cross_directory_025_T/cross/cross_01" + "os/exec" +) + +// Go语言中,import路径从第二项开始的每项一定是目录名,包括最后一项(并非包名)。 +// 然而,导入后,使用的符号值是包名。比如这边,import cross_01,使用的却是cross_directory_025_T_a + +func cross_directory_025_T(__taint_src string) { + __taint_sink(cross_directory_025_T_a.Person{}.Swimming(__taint_src)) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() + } + +func main() { + __taint_src := "taint_src_value" + cross_directory_025_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/go.mod new file mode 100644 index 00000000..23b5d919 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/go.mod @@ -0,0 +1,3 @@ +module cross_directory_025_T + +go 1.20 diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_01/cross_directory_026_F_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_01/cross_directory_026_F_a.go new file mode 100644 index 00000000..6837a63a --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_01/cross_directory_026_F_a.go @@ -0,0 +1,23 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 导入路径与包名解耦 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_01/cross_directory_026_F_a +// evaluation information end + + +package cross_directory_026_F_a + +var status string + +type Person struct { + Name string + Age int +} + +func (p Person) Swimming(taint_src string) string { + status = taint_src + return status +} + diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_directory_026_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_directory_026_F.go new file mode 100644 index 00000000..203557cd --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_directory_026_F.go @@ -0,0 +1,32 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 导入路径与包名解耦 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_directory_026_F +// evaluation information end + +// 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F +// 再执行 go run cross/cross_directory_026_F.go +package main +import ( + "fmt" + "cross_directory_026_F/cross/cross_01" + "os/exec" +) + +// Go语言中,import路径从第二项开始的每项一定是目录名,包括最后一项(并非包名)。 +// 然而,导入后,使用的符号值是包名。比如这边,import cross_01,使用的却是pkg + +func cross_directory_026_F(__taint_src string) { + __taint_sink(cross_directory_026_F_a.Person{}.Swimming("_")) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() + } + +func main() { + __taint_src := "taint_src_value" + cross_directory_026_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/go.mod new file mode 100644 index 00000000..e34eb465 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/go.mod @@ -0,0 +1,3 @@ +module cross_directory_026_F + +go 1.20 diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_01/cross_same_name_027_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_01/cross_same_name_027_T.go new file mode 100644 index 00000000..c027d647 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_01/cross_same_name_027_T.go @@ -0,0 +1,23 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包路径区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_01/cross_same_name_027_T +// evaluation information end + + +package cross_same_name_027_T +import "os/exec" + +var dir string + +func Fun(__taint_src string) { + dir = __taint_src + __taint_sink(dir) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } + diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_02/cross_same_name_027_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_02/cross_same_name_027_T.go new file mode 100644 index 00000000..ec4aa3c7 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_02/cross_same_name_027_T.go @@ -0,0 +1,22 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包路径区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_02/cross_same_name_027_T +// evaluation information end + + +package cross_same_name_027_T +import "os/exec" + +var dir string + +func Fun(__taint_src string) { + dir = "abc" + __taint_sink(dir) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T.go new file mode 100644 index 00000000..10f8b3f9 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T.go @@ -0,0 +1,25 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包路径区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T +// evaluation information end + +// 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T +// 再执行 go run cross_directory_027_T.go + +package main + +// Go语言中,一个包以文件结构路径唯一标识。允许同名包。 +// 旧版@@@@以包名作为key来进行包管理,导致同名包丢失。 + +// 考察特性:@@@@-Go的**包管理逻辑**(this.packageManager),是否能够区分并保存同名包 +func cross_directory_027_T(__taint_src string) { + cross_same_name_027_T.Fun(__taint_src) +} + +func main() { + __taint_src := "taint_src_value" + cross_directory_027_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/go.mod new file mode 100644 index 00000000..40b6f045 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/go.mod @@ -0,0 +1,3 @@ +module cross_directory_027_T + +go 1.20 diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_01/cross_same_name_028_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_01/cross_same_name_028_F.go new file mode 100644 index 00000000..3b064e08 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_01/cross_same_name_028_F.go @@ -0,0 +1,23 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包路径区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_01/cross_same_name_028_F +// evaluation information end + + +package cross_same_name_028_F +import "os/exec" + +var dir string + +func Fun(__taint_src string) { + dir = __taint_src + __taint_sink(dir) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } + diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_02/cross_same_name_028_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_02/cross_same_name_028_F.go new file mode 100644 index 00000000..cf574b2d --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_02/cross_same_name_028_F.go @@ -0,0 +1,21 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包路径区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_02/cross_same_name_028_F +// evaluation information end + + +package cross_same_name_028_F +import "os/exec" +var dir string + +func Fun(__taint_src string) { + dir = "abc" + __taint_sink(dir) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F.go new file mode 100644 index 00000000..f3f38c67 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F.go @@ -0,0 +1,27 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包路径区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F +// evaluation information end + +// 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F +// 再执行 go run cross_directory_028_F.go + +package main + +import cross_same_name_028_F "cross_directory_028_F/cross_02" + +// Go语言中,一个包以文件结构路径唯一标识。允许同名包。 +// 旧版@@以包名作为key来进行包管理,导致同名包丢失。 + +// 考察特性:@@-Go的**包管理逻辑**(this.packageManager),是否能够区分并保存同名包 +func cross_directory_028_F(__taint_src string) { + cross_same_name_028_F.Fun(__taint_src) +} + +func main() { + __taint_src := "taint_src_value" + cross_directory_028_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/go.mod new file mode 100644 index 00000000..eafff194 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/go.mod @@ -0,0 +1,3 @@ +module cross_directory_028_F + +go 1.20 diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_01/cross_directory_029_T_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_01/cross_directory_029_T_a.go new file mode 100644 index 00000000..13aa02e0 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_01/cross_directory_029_T_a.go @@ -0,0 +1,18 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 识别导入根目录 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_01/cross_directory_029_T_a +// evaluation information end + +package cross_directory_029_T_a + +type Person struct { + Name string + Age int +} + +func (p Person) Skiing(__taint_src string) string{ + return __taint_src +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_directory_029_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_directory_029_T.go new file mode 100644 index 00000000..687bf49f --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_directory_029_T.go @@ -0,0 +1,36 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 识别导入根目录 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_directory_029_T +// evaluation information end + + +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross +// 再执行go run cross_directory_029_T.go + +package main + +import ( + "rainy/cross_01" + "os/exec" +) +// Go语言中的import: import 项目名(代表根目录)/目录名1/目录名2/目录名3 +// 所谓的根目录 指 go.mod所在的目录 +// 考察特性:是否支持识别go项目的根目录,从根目录开始解析并找到import语句 + + +func cross_directory_029_T(__taint_src string) { + value := cross_directory_029_T_a.Person{}.Skiing(__taint_src)// 看这些符号值能不能被解析出来 + __taint_sink(value) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } + +func main() { + __taint_src := "taint_src_value" + cross_directory_029_T(__taint_src) +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/go.mod new file mode 100644 index 00000000..c88bf90c --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/go.mod @@ -0,0 +1,3 @@ +module rainy + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_01/cross_directory_030_F_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_01/cross_directory_030_F_a.go new file mode 100644 index 00000000..13969309 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_01/cross_directory_030_F_a.go @@ -0,0 +1,18 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 识别导入根目录 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_01/cross_directory_030_F_a +// evaluation information end + +package cross_directory_030_F_a + +type Person struct { + Name string + Age int +} + +func (p Person) Skiing(__taint_src string) string{ + return __taint_src +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_directory_030_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_directory_030_F.go new file mode 100644 index 00000000..9a82e327 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_directory_030_F.go @@ -0,0 +1,36 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 识别导入根目录 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_directory_030_F +// evaluation information end + + +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross +// 再执行go run cross_directory_030_F.go + +package main + +import ( + "rainy/cross_01" + "os/exec" +) +// Go语言中的import: import 项目名(代表根目录)/目录名1/目录名2/目录名3 +// 所谓的根目录 指 go.mod所在的目录 +// 考察特性:是否支持识别go项目的根目录,从根目录开始解析并找到import语句 + + +func cross_directory_030_F(__taint_src string) { + value := cross_directory_030_F_a.Person{}.Skiing("_")// 看这些符号值能不能被解析出来 + __taint_sink(value) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } + +func main() { + __taint_src := "taint_src_value" + cross_directory_030_F(__taint_src) +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/go.mod new file mode 100644 index 00000000..c88bf90c --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/go.mod @@ -0,0 +1,3 @@ +module rainy + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_001_T/cross_file_001_T_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_001_T/cross_file_001_T_a.go index 19910598..b3f4c0f9 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_001_T/cross_file_001_T_a.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_001_T/cross_file_001_T_a.go @@ -4,7 +4,7 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨文件 // scene introduction = 跨文件 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_001_T/cross_file_001_T +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_001_T/cross_file_001_T_a // evaluation information end //两个文件都使用 package main,Go 会将它们视为同一个包 diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_001_T/cross_file_001_T_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_001_T/cross_file_001_T_b.go index 1b152a63..46dd7567 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_001_T/cross_file_001_T_b.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_001_T/cross_file_001_T_b.go @@ -4,7 +4,7 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨文件 // scene introduction = 跨文件 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_001_T/cross_file_001_T +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_001_T/cross_file_001_T_b // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_002_F/cross_file_002_F_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_002_F/cross_file_002_F_a.go index af476ac9..630101eb 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_002_F/cross_file_002_F_a.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_002_F/cross_file_002_F_a.go @@ -4,7 +4,7 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨文件 // scene introduction = 跨文件 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_002_F/cross_file_002_F +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_002_F/cross_file_002_F_a // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_002_F/cross_file_002_F_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_002_F/cross_file_002_F_b.go index f2e0344f..439d3ba7 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_002_F/cross_file_002_F_b.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_002_F/cross_file_002_F_b.go @@ -4,7 +4,7 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨文件 // scene introduction = 跨文件 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_002_F/cross_file_002_F +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_002_F/cross_file_002_F_b // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/config.json b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/config.json index 95611ba3..65b4f607 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/config.json +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/config.json @@ -13,6 +13,10 @@ { "compose": "(cross_module_003_T/cross_module_003_T_a/cross_module_003_T_a.go || cross_module_003_T/cross_module_003_T_b/cross_module_003_T_b.go) && !(cross_module_004_F/cross_module_004_F_a/cross_module_004_F_a.go || cross_module_004_F/cross_module_004_F_b/cross_module_004_F_b.go)", "scene": "跨module-别名" + }, + { + "compose": "(cross_module_005_T/cross_module_005_T_a/cross_module_005_T.go || cross_module_005_T/cross_module_005_T_b/cross_module_005_T.go) && !(cross_module_006_F/cross_module_006_F_a/cross_module_006_F.go || cross_module_006_F/cross_module_006_F_b/cross_module_006_F.go)", + "scene": "多Main包模块化管理" } ] } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/cross_module_005_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/cross_module_005_T.go new file mode 100644 index 00000000..a74b8beb --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/cross_module_005_T.go @@ -0,0 +1,29 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 +// scene introduction = 多Main包模块化管理 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/cross_module_005_T +// evaluation information end + +// 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T +// 在执行 go run ./cross_module_005_T_a +package main + +import "os/exec" + +// Go语言中,允许多个main包和main函数(只要不在同一个目录) +// 考察特性:@@是否能否对多个main包和main函数的情况正确包管理和找到main函数 + +func cross_module_005_T_a(__taint_src string) { + __taint_sink(__taint_src) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := "taint_src_value_main1" + cross_module_005_T_a(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/cross_module_005_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/cross_module_005_T.go new file mode 100644 index 00000000..0b996094 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/cross_module_005_T.go @@ -0,0 +1,29 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 +// scene introduction = 多Main包模块化管理 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/cross_module_005_T +// evaluation information end + +// 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T +// 在执行 go run ./cross_module_005_T_b +package main + +import "os/exec" + +// Go语言中,允许多个main包和main函数(只要不在同一个目录) +// 考察特性:@@是否能否对多个main包和main函数的情况正确包管理和找到main函数 + +func cross_module_005_T_b(__taint_src string) { + __taint_sink(__taint_src) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := "taint_src_value_main2" + cross_module_005_T_b(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/go.mod new file mode 100644 index 00000000..7934c85a --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/go.mod @@ -0,0 +1,3 @@ +module cross_module_005_T + +go 1.14 diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/cross_module_006_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/cross_module_006_F.go new file mode 100644 index 00000000..a1d349cf --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/cross_module_006_F.go @@ -0,0 +1,29 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 +// scene introduction = 多Main包模块化管理 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/cross_module_006_F +// evaluation information end + +// 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F +// 在执行 go run ./cross_module_006_F_a +package main + +import "os/exec" + +// Go语言中,允许多个main包和main函数(只要不在同一个目录) +// 考察特性:@@是否能否对多个main包和main函数的情况正确包管理和找到main函数 + +func cross_module_006_F_a(__taint_src string) { + __taint_sink("this is main1") +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := "taint_src_value_main1" + cross_module_006_F_a(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/cross_module_006_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/cross_module_006_F.go new file mode 100644 index 00000000..b6f93e06 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/cross_module_006_F.go @@ -0,0 +1,29 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 +// scene introduction = 多Main包模块化管理 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/cross_module_006_F +// evaluation information end + +// 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F +// 在执行 go run ./cross_module_006_F_b +package main + +import "os/exec" + +// Go语言中,允许多个main包和main函数(只要不在同一个目录) +// 考察特性:@@是否能否对多个main包和main函数的情况正确包管理和找到main函数 + +func cross_module_006_F_b(__taint_src string) { + __taint_sink("this is main2") +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := "taint_src_value_main2" + cross_module_006_F_b(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/go.mod new file mode 100644 index 00000000..e21c91bd --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/go.mod @@ -0,0 +1,3 @@ +module cross_module_006_F + +go 1.14 diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/array/array_004_F/array_004_F.go b/sast-go/cases/completeness/single_app_tracing/datatype/array/array_004_F/array_004_F.go index 2877a637..91b9cae3 100644 --- a/sast-go/cases/completeness/single_app_tracing/datatype/array/array_004_F/array_004_F.go +++ b/sast-go/cases/completeness/single_app_tracing/datatype/array/array_004_F/array_004_F.go @@ -4,7 +4,7 @@ // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->数组 // scene introduction = 二维 // level = 2 -// bind_url = completeness/object_tracing/datatype/array_slice/array_004_F/array_004_F +// bind_url = completeness/single_app_tracing/datatype/array/array_004_F/array_004_F // evaluation information end package main diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/array/array_index_001_T/array_index_001_T.go b/sast-go/cases/completeness/single_app_tracing/datatype/array/array_index_001_T/array_index_001_T.go new file mode 100644 index 00000000..1c2e5c01 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/datatype/array/array_index_001_T/array_index_001_T.go @@ -0,0 +1,29 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->数组 +// scene introduction = 数组索引 +// level = 2 +// date = 2025-11-28 16:27:50 +// bind_url = completeness/single_app_tracing/datatype/array/array_index_001_T/array_index_001_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func array_index_002_F(__taint_src string) { + var arr = [3]string{__taint_src, "b", "c"} + __taint_sink(arr[0]) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + array_index_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/array/array_index_002_F/array_index_002_F.go b/sast-go/cases/completeness/single_app_tracing/datatype/array/array_index_002_F/array_index_002_F.go new file mode 100644 index 00000000..25a5e55d --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/datatype/array/array_index_002_F/array_index_002_F.go @@ -0,0 +1,30 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->数组 +// scene introduction = 数组索引 +// level = 2 +// date = 2025-11-28 16:27:50 +// bind_url = completeness/single_app_tracing/datatype/array/array_index_002_F/array_index_002_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func array_index_002_F(__taint_src string) { + var arr = [3]string{__taint_src, "b", "c"} + arr[0] = "safe_value" + __taint_sink(arr[0]) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + array_index_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/array/array_slice_001_T/array_slice_001_T.go b/sast-go/cases/completeness/single_app_tracing/datatype/array/array_slice_001_T/array_slice_001_T.go new file mode 100644 index 00000000..97d0c397 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/datatype/array/array_slice_001_T/array_slice_001_T.go @@ -0,0 +1,31 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->数组 +// scene introduction = 数组切片操作 +// level = 2 +// date = 2025-11-28 16:27:50 +// bind_url = completeness/single_app_tracing/datatype/array/array_slice_001_T/array_slice_001_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func array_slice_001_T(__taint_src string) { + // 场景特点:数组切片操作传递污染数据 + var arr = [3]string{__taint_src, "b", "c"} + slice := arr[0:1] + __taint_sink(slice) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + array_slice_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/array/array_slice_002_F/array_slice_002_F.go b/sast-go/cases/completeness/single_app_tracing/datatype/array/array_slice_002_F/array_slice_002_F.go new file mode 100644 index 00000000..23571894 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/datatype/array/array_slice_002_F/array_slice_002_F.go @@ -0,0 +1,31 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->数组 +// scene introduction = 数组切片操作 +// level = 2 +// date = 2025-11-28 16:27:50 +// bind_url = completeness/single_app_tracing/datatype/array/array_slice_002_F/array_slice_002_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func array_slice_002_F(__taint_src string) { + // 场景特点:数组切片操作中污染数据被净化 + var arr = [3]string{__taint_src, "b", "c"} + slice := arr[1:1] + __taint_sink(slice) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + array_slice_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/array/config.json b/sast-go/cases/completeness/single_app_tracing/datatype/array/config.json index 1dddd500..b2770639 100644 --- a/sast-go/cases/completeness/single_app_tracing/datatype/array/config.json +++ b/sast-go/cases/completeness/single_app_tracing/datatype/array/config.json @@ -21,10 +21,18 @@ { "compose": "array_007_T/array_007_T.go && !array_008_F/array_008_F.go", "scene": "3" + }, + { + "compose": "array_slice_001_T/array_slice_001_T.go && !array_slice_002_F/array_slice_002_F.go", + "scene": "数组切片操作" + }, + { + "compose": "array_index_001_T/array_index_001_T.go && !array_index_002_F/array_index_002_F.go", + "scene": "数组索引" } ] } ] } ] -} \ No newline at end of file +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/map/config.json b/sast-go/cases/completeness/single_app_tracing/datatype/map/config.json index 631584e3..206bdbaf 100644 --- a/sast-go/cases/completeness/single_app_tracing/datatype/map/config.json +++ b/sast-go/cases/completeness/single_app_tracing/datatype/map/config.json @@ -13,10 +13,14 @@ { "compose": "map_003_T/map_003_T.go && !map_004_F/map_004_F.go", "scene": "字典/映射(Map)对象2" + }, + { + "compose": "map_delete_001_T/map_delete_001_T.go && !map_delete_002_F/map_delete_002_F.go", + "scene": "Map删除操作" } ] } ] } ] -} \ No newline at end of file +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/map/map_delete_001_T/map_delete_001_T.go b/sast-go/cases/completeness/single_app_tracing/datatype/map/map_delete_001_T/map_delete_001_T.go new file mode 100644 index 00000000..97e1d1f5 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/datatype/map/map_delete_001_T/map_delete_001_T.go @@ -0,0 +1,33 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字典 +// scene introduction = Map删除操作 +// level = 2 +// date = 2025-11-28 16:52:19 +// bind_url = completeness/single_app_tracing/datatype/map/map_delete_001_T/map_delete_001_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func map_delete_001_T(__taint_src string) { + // 场景特点:向map添加元素后不删除,保持污染数据 + set := make(map[string]bool) + set[__taint_src] = true + // 删除污染元素 + delete(set, __taint_src) + __taint_sink(set) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + map_delete_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/map/map_delete_002_F/map_delete_002_F.go b/sast-go/cases/completeness/single_app_tracing/datatype/map/map_delete_002_F/map_delete_002_F.go new file mode 100644 index 00000000..ee4443f3 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/datatype/map/map_delete_002_F/map_delete_002_F.go @@ -0,0 +1,31 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字典 +// scene introduction = Map删除操作 +// level = 2 +// date = 2025-11-28 16:52:19 +// bind_url = completeness/single_app_tracing/datatype/map/map_delete_002_F/map_delete_002_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func map_delete_002_F(__taint_src string) { + // 场景特点:向map添加污染元素后删除该元素 + set := make(map[string]bool) + set[__taint_src] = true + __taint_sink(set) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + map_delete_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/primitives/config.json b/sast-go/cases/completeness/single_app_tracing/datatype/primitives/config.json index 862f7ea6..6336d3fd 100644 --- a/sast-go/cases/completeness/single_app_tracing/datatype/primitives/config.json +++ b/sast-go/cases/completeness/single_app_tracing/datatype/primitives/config.json @@ -21,10 +21,26 @@ { "compose": "primitives_float_001_T/primitives_float_001_T.go && !primitives_float_002_F/primitives_float_002_F.go", "scene": "浮点型" + }, + { + "compose": "primitives_string_001_T/primitives_string_001_T.go && !primitives_string_002_F/primitives_string_002_F.go", + "scene": "字符串类型" + }, + { + "compose": "primitives_char_001_T/primitives_char_001_T.go && !primitives_char_002_F/primitives_char_002_F.go", + "scene": "字符类型" + }, + { + "compose": "primitives_byte_001_T/primitives_byte_001_T.go && !primitives_byte_002_F/primitives_byte_002_F.go", + "scene": "字节类型" + }, + { + "compose": "primitives_uint_001_T/primitives_uint_001_T.go && !primitives_uint_002_F/primitives_uint_002_F.go", + "scene": "无符号整型" } ] } ] } ] -} \ No newline at end of file +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_byte_001_T/primitives_byte_001_T.go b/sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_byte_001_T/primitives_byte_001_T.go new file mode 100644 index 00000000..10235010 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_byte_001_T/primitives_byte_001_T.go @@ -0,0 +1,29 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 +// scene introduction = 字节类型 +// level = 2 +// date = 2025-11-28 16:16:41 +// bind_url = completeness/single_app_tracing/datatype/primitives/primitives_byte_001_T/primitives_byte_001_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func primitives_byte_001_T(__taint_src byte) { + // 场景特点:字节类型直接传递 + __taint_sink(__taint_src) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := byte(65) + primitives_byte_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_byte_002_F/primitives_byte_002_F.go b/sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_byte_002_F/primitives_byte_002_F.go new file mode 100644 index 00000000..9bb9c818 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_byte_002_F/primitives_byte_002_F.go @@ -0,0 +1,31 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 +// scene introduction = 字节类型 +// level = 2 +// date = 2025-11-28 16:16:41 +// bind_url = completeness/single_app_tracing/datatype/primitives/primitives_byte_002_F/primitives_byte_002_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func primitives_byte_002_F(__taint_src byte) { + // 场景特点:字节类型被净化 + var sani byte = __taint_src + sani = byte(66) + __taint_sink(sani) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := byte(65) + primitives_byte_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_char_001_T/primitives_char_001_T.go b/sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_char_001_T/primitives_char_001_T.go new file mode 100644 index 00000000..9314e419 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_char_001_T/primitives_char_001_T.go @@ -0,0 +1,29 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 +// scene introduction = 字符类型 +// level = 2 +// date = 2025-11-28 16:16:41 +// bind_url = completeness/single_app_tracing/datatype/primitives/primitives_char_001_T/primitives_char_001_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func primitives_char_001_T(__taint_src rune) { + // 场景特点:字符类型直接传递 + __taint_sink(__taint_src) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := 'A' + primitives_char_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_char_002_F/primitives_char_002_F.go b/sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_char_002_F/primitives_char_002_F.go new file mode 100644 index 00000000..7805967d --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_char_002_F/primitives_char_002_F.go @@ -0,0 +1,31 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 +// scene introduction = 字符类型 +// level = 2 +// date = 2025-11-28 16:16:41 +// bind_url = completeness/single_app_tracing/datatype/primitives/primitives_char_002_F/primitives_char_002_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func primitives_char_002_F(__taint_src rune) { + // 场景特点:字符类型被净化 + var sani rune = __taint_src + sani = 'B' + __taint_sink(sani) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := 'A' + primitives_char_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_string_001_T/primitives_string_001_T.go b/sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_string_001_T/primitives_string_001_T.go new file mode 100644 index 00000000..be3a3cb9 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_string_001_T/primitives_string_001_T.go @@ -0,0 +1,29 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 +// scene introduction = 字符串类型 +// level = 2 +// date = 2025-11-28 16:16:41 +// bind_url = completeness/single_app_tracing/datatype/primitives/primitives_string_001_T/primitives_string_001_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func primitives_string_001_T(__taint_src string) { + // 场景特点:字符串类型直接传递 + __taint_sink(__taint_src) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + primitives_string_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_string_002_F/primitives_string_002_F.go b/sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_string_002_F/primitives_string_002_F.go new file mode 100644 index 00000000..c8a78687 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_string_002_F/primitives_string_002_F.go @@ -0,0 +1,31 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 +// scene introduction = 字符串类型 +// level = 2 +// date = 2025-11-28 16:16:41 +// bind_url = completeness/single_app_tracing/datatype/primitives/primitives_string_002_F/primitives_string_002_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func primitives_string_002_F(__taint_src string) { + // 场景特点:字符串类型被净化 + var sani string = __taint_src + sani = "safe_value" + __taint_sink(sani) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + primitives_string_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_uint_001_T/primitives_uint_001_T.go b/sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_uint_001_T/primitives_uint_001_T.go new file mode 100644 index 00000000..adc9f86c --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_uint_001_T/primitives_uint_001_T.go @@ -0,0 +1,29 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 +// scene introduction = 无符号整型 +// level = 2 +// date = 2025-11-28 16:16:41 +// bind_url = completeness/single_app_tracing/datatype/primitives/primitives_uint_001_T/primitives_uint_001_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func primitives_uint_001_T(__taint_src uint) { + // 场景特点:无符号整型直接传递 + __taint_sink(__taint_src) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := uint(123) + primitives_uint_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_uint_002_F/primitives_uint_002_F.go b/sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_uint_002_F/primitives_uint_002_F.go new file mode 100644 index 00000000..d4a6b6cc --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_uint_002_F/primitives_uint_002_F.go @@ -0,0 +1,31 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 +// scene introduction = 无符号整型 +// level = 2 +// date = 2025-11-28 16:16:41 +// bind_url = completeness/single_app_tracing/datatype/primitives/primitives_uint_002_F/primitives_uint_002_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func primitives_uint_002_F(__taint_src uint) { + // 场景特点:无符号整型被净化 + var sani uint = __taint_src + sani = uint(0) + __taint_sink(sani) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := uint(123) + primitives_uint_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/slice/slice_001_T/slice_001_T.go b/sast-go/cases/completeness/single_app_tracing/datatype/slice/slice_001_T/slice_001_T.go index a3b73c12..78906da9 100644 --- a/sast-go/cases/completeness/single_app_tracing/datatype/slice/slice_001_T/slice_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/datatype/slice/slice_001_T/slice_001_T.go @@ -4,7 +4,7 @@ // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->切片 // scene introduction = // level = 2 -// bind_url = completeness/object_tracing/datatype/array_slice/slice_001_T/slice_001_T +// bind_url = completeness/single_app_tracing/datatype/slice/slice_001_T/slice_001_T // evaluation information end package main diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/string/config.json b/sast-go/cases/completeness/single_app_tracing/datatype/string/config.json index 7e27581f..722c1d09 100644 --- a/sast-go/cases/completeness/single_app_tracing/datatype/string/config.json +++ b/sast-go/cases/completeness/single_app_tracing/datatype/string/config.json @@ -13,10 +13,18 @@ { "compose": "string_003_T/string_003_T.go && !string_004_F/string_004_F.go", "scene": "字符串拼接" + }, + { + "compose": "string_index_001_T/string_index_001_T.go && !string_index_002_F/string_index_002_F.go", + "scene": "字符串索引访问" + }, + { + "compose": "string_slice_001_T/string_slice_001_T.go && !string_slice_002_F/string_slice_002_F.go", + "scene": "字符串切片" } ] } ] } ] -} \ No newline at end of file +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/string/string_003_T/string_003_T.go b/sast-go/cases/completeness/single_app_tracing/datatype/string/string_003_T/string_003_T.go index cd6ba18b..f9926c8a 100644 --- a/sast-go/cases/completeness/single_app_tracing/datatype/string/string_003_T/string_003_T.go +++ b/sast-go/cases/completeness/single_app_tracing/datatype/string/string_003_T/string_003_T.go @@ -1,4 +1,3 @@ - // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字符串 @@ -10,20 +9,21 @@ // 当memberAccess的object来自特殊expression,比如binaryExpression时 package main + import ( - "os/exec" "fmt" + "os/exec" ) func string_003_T(__taint_src string) { object := __taint_src + " " - __taint_sink(object[0]) + __taint_sink(object) } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() - } +} func main() { - __taint_src := "taint_src_value" - string_003_T(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + string_003_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/string/string_004_F/string_004_F.go b/sast-go/cases/completeness/single_app_tracing/datatype/string/string_004_F/string_004_F.go index de9a5a67..08fc334e 100644 --- a/sast-go/cases/completeness/single_app_tracing/datatype/string/string_004_F/string_004_F.go +++ b/sast-go/cases/completeness/single_app_tracing/datatype/string/string_004_F/string_004_F.go @@ -1,4 +1,3 @@ - // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字符串 @@ -8,20 +7,21 @@ // evaluation information end package main + import ( - "os/exec" "fmt" + "os/exec" ) func string_004_F(__taint_src string) { object := "abc" + " " - __taint_sink(object[0]) + __taint_sink(object) } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() - } +} func main() { - __taint_src := "taint_src_value" - string_004_F(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + string_004_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/string/string_index_001_T/string_index_001_T.go b/sast-go/cases/completeness/single_app_tracing/datatype/string/string_index_001_T/string_index_001_T.go new file mode 100644 index 00000000..36513fe7 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/datatype/string/string_index_001_T/string_index_001_T.go @@ -0,0 +1,29 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字符串 +// scene introduction = 字符串索引访问 +// level = 2 +// bind_url = completeness/single_app_tracing/datatype/string/string_index_001_T/string_index_001_T +// date = 2025-12-01 14:42:05 +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func string_index_001_T(__taint_src string) { + // 场景特点:通过索引访问字符串中的字符 + __taint_sink(__taint_src[0]) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + string_index_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/string/string_index_002_F/string_index_002_F.go b/sast-go/cases/completeness/single_app_tracing/datatype/string/string_index_002_F/string_index_002_F.go new file mode 100644 index 00000000..65c104a7 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/datatype/string/string_index_002_F/string_index_002_F.go @@ -0,0 +1,29 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字符串 +// scene introduction = 字符串索引访问 +// level = 2 +// bind_url = completeness/single_app_tracing/datatype/string/string_index_002_F/string_index_002_F +// date = 2025-12-01 14:42:05 +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func string_index_002_F(__taint_src string) { + // 场景特点:通过索引访问字符串中的字符,但污点数据未传播到该位置 + __taint_sink("_"[0]) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + string_index_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/string/string_slice_001_T/string_slice_001_T.go b/sast-go/cases/completeness/single_app_tracing/datatype/string/string_slice_001_T/string_slice_001_T.go new file mode 100644 index 00000000..f9bffcd6 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/datatype/string/string_slice_001_T/string_slice_001_T.go @@ -0,0 +1,29 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字符串 +// scene introduction = 字符串切片 +// level = 2 +// bind_url = completeness/single_app_tracing/datatype/string/string_slice_001_T/string_slice_001_T +// date = 2025-12-01 14:42:05 +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func string_slice_001_T(__taint_src string) { + result := __taint_src + __taint_sink(result[0:5]) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + string_slice_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/string/string_slice_002_F/string_slice_002_F.go b/sast-go/cases/completeness/single_app_tracing/datatype/string/string_slice_002_F/string_slice_002_F.go new file mode 100644 index 00000000..655033a8 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/datatype/string/string_slice_002_F/string_slice_002_F.go @@ -0,0 +1,29 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字符串 +// scene introduction = 字符串切片 +// level = 2 +// bind_url = completeness/single_app_tracing/datatype/string/string_slice_002_F/string_slice_002_F +// date = 2025-12-01 14:42:05 +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func string_slice_002_F(__taint_src string) { + result := "safe_value_" + __taint_sink(result[0:5]) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + string_slice_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/struct/config.json b/sast-go/cases/completeness/single_app_tracing/datatype/struct/config.json index 9bc917ef..450ec8d3 100644 --- a/sast-go/cases/completeness/single_app_tracing/datatype/struct/config.json +++ b/sast-go/cases/completeness/single_app_tracing/datatype/struct/config.json @@ -25,6 +25,10 @@ { "compose": "struct_cross_001_T/struct_cross_001_T.go && !struct_cross_002_F/struct_cross_002_F.go", "scene": "跨结构体访问变量" + }, + { + "compose": "struct_pointer_001_T/struct_pointer_001_T.go && !struct_pointer_002_F/struct_pointer_002_F.go", + "scene": "结构体指针字段访问" } ] }, @@ -40,4 +44,4 @@ ] } ] -} \ No newline at end of file +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/struct/struct_pointer_001_T/struct_pointer_001_T.go b/sast-go/cases/completeness/single_app_tracing/datatype/struct/struct_pointer_001_T/struct_pointer_001_T.go new file mode 100644 index 00000000..1a7d2271 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/datatype/struct/struct_pointer_001_T/struct_pointer_001_T.go @@ -0,0 +1,36 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->结构体 +// scene introduction = 结构体指针字段访问 +// level = 2 +// bind_url = completeness/single_app_tracing/datatype/struct/struct_pointer_001_T/struct_pointer_001_T +// date = 2025-12-01 14:35:05 +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type A struct { + data string +} + +func struct_pointer_001_T(__taint_src string) { + p := &A{ + data: __taint_src, + } + // 场景特点:通过指针访问结构体字段 + __taint_sink(p.data) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + struct_pointer_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/struct/struct_pointer_002_F/struct_pointer_002_F.go b/sast-go/cases/completeness/single_app_tracing/datatype/struct/struct_pointer_002_F/struct_pointer_002_F.go new file mode 100644 index 00000000..9cef030f --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/datatype/struct/struct_pointer_002_F/struct_pointer_002_F.go @@ -0,0 +1,36 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->结构体 +// scene introduction = 结构体指针字段访问 +// level = 2 +// bind_url = completeness/single_app_tracing/datatype/struct/struct_pointer_002_F/struct_pointer_002_F +// date = 2025-12-01 14:35:05 +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type A struct { + data string +} + +func struct_pointer_002_F(__taint_src string) { + p := &A{ + data: "_", + } + // 场景特点:通过指针访问结构体字段,但污点数据未传播到该字段 + __taint_sink(p.data) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + struct_pointer_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/exception_error/assert_statement/assert_statement_001_T/assert_statement_001_T.go b/sast-go/cases/completeness/single_app_tracing/exception_error/assert_statement/assert_statement_001_T/assert_statement_001_T.go new file mode 100644 index 00000000..4241c657 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/exception_error/assert_statement/assert_statement_001_T/assert_statement_001_T.go @@ -0,0 +1,32 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->异常与错误处理->断言 +// scene introduction = 类型断言 +// level = 2 +// bind_url = completeness/single_app_tracing/exception_error/assert_statement/assert_statement_001_T/assert_statement_001_T +// evaluation information end + +package main + +import ( + "os/exec" +) + +func assert_statement_001_T(__taint_src interface{}) { + // 场景特点:对接口变量进行正确的类型断言,成功获取值 + str, ok := __taint_src.(string) + if !ok { + str = "safe_value" + } + + __taint_sink(str) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := "taint_src_value" + assert_statement_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/exception_error/assert_statement/assert_statement_002_F/assert_statement_002_F.go b/sast-go/cases/completeness/single_app_tracing/exception_error/assert_statement/assert_statement_002_F/assert_statement_002_F.go new file mode 100644 index 00000000..d710bed4 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/exception_error/assert_statement/assert_statement_002_F/assert_statement_002_F.go @@ -0,0 +1,32 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->异常与错误处理->断言 +// scene introduction = 类型断言 +// level = 2 +// bind_url = completeness/single_app_tracing/exception_error/assert_statement/assert_statement_002_F/assert_statement_002_F +// evaluation information end + +package main + +import ( + "os/exec" +) + +func assert_statement_002_F(__taint_src interface{}) { + // 场景特点:对接口变量进行错误的类型断言,导致断言失败 + _, ok := __taint_src.(int) + if !ok { + _ = 0 // 断言失败时使用安全值 + } + + __taint_sink("safe_value") +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := "taint_src_value" + assert_statement_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/exception_error/assert_statement/config.json b/sast-go/cases/completeness/single_app_tracing/exception_error/assert_statement/config.json new file mode 100644 index 00000000..1f18c719 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/exception_error/assert_statement/config.json @@ -0,0 +1,18 @@ +{ + "assert_statement": [ + { + "evaluation_item": "完整度->单应用跟踪完整度->异常与错误处理->断言", + "scene_levels": [ + { + "level": "2", + "scene_list": [ + { + "compose": "!assert_statement_001_T/assert_statement_001_T.go && assert_statement_002_F/assert_statement_002_F.go", + "scene": "类型断言" + } + ] + } + ] + } + ] +} diff --git a/sast-go/cases/completeness/single_app_tracing/exception_error/exception_throw/config.json b/sast-go/cases/completeness/single_app_tracing/exception_error/exception_throw/config.json index 21cc11fd..c94a2488 100644 --- a/sast-go/cases/completeness/single_app_tracing/exception_error/exception_throw/config.json +++ b/sast-go/cases/completeness/single_app_tracing/exception_error/exception_throw/config.json @@ -8,11 +8,15 @@ "scene_list": [ { "compose": "exception_throw_001_T/exception_throw_001_T.go && !exception_throw_002_F/exception_throw_002_F.go", - "scene": "异常抛出" + "scene": "异常抛出->函数内抛出" + }, + { + "compose": "exception_throw_003_T/exception_throw_003_T.go && !exception_throw_004_F/exception_throw_004_F.go", + "scene": "异常抛出->自定义异常抛出" } ] } ] } ] -} \ No newline at end of file +} diff --git a/sast-go/cases/completeness/single_app_tracing/exception_error/exception_throw/exception_throw_001_T/exception_throw_001_T.go b/sast-go/cases/completeness/single_app_tracing/exception_error/exception_throw/exception_throw_001_T/exception_throw_001_T.go index 9bc58492..975088ed 100644 --- a/sast-go/cases/completeness/single_app_tracing/exception_error/exception_throw/exception_throw_001_T/exception_throw_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/exception_error/exception_throw/exception_throw_001_T/exception_throw_001_T.go @@ -1,15 +1,15 @@ -package main -import "os/exec" - - // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->异常与错误处理->异常抛出与捕获 -// scene introduction = 异常抛出 +// scene introduction = 异常抛出->函数内抛出 // level = 2+ // bind_url = completeness/single_app_tracing/exception_error/exception_throw/exception_throw_001_T/exception_throw_001_T // evaluation information end +package main + +import "os/exec" + func exception_throw_001_T(__taint_src string) { defer func() { if r := recover(); r != nil { @@ -22,9 +22,9 @@ func exception_throw_001_T(__taint_src string) { func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } +} func main() { - __taint_src := "taint_src_value" - exception_throw_001_T(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + exception_throw_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/exception_error/exception_throw/exception_throw_002_F/exception_throw_002_F.go b/sast-go/cases/completeness/single_app_tracing/exception_error/exception_throw/exception_throw_002_F/exception_throw_002_F.go index 86b6479c..37146941 100644 --- a/sast-go/cases/completeness/single_app_tracing/exception_error/exception_throw/exception_throw_002_F/exception_throw_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/exception_error/exception_throw/exception_throw_002_F/exception_throw_002_F.go @@ -1,15 +1,15 @@ -package main -import "os/exec" - - // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->异常与错误处理->异常抛出与捕获 -// scene introduction = 异常抛出 +// scene introduction = 异常抛出->函数内抛出 // level = 2+ // bind_url = completeness/single_app_tracing/exception_error/exception_throw/exception_throw_002_F/exception_throw_002_F // evaluation information end +package main + +import "os/exec" + func exception_throw_002_F(__taint_src string) { defer func() { if r := recover(); r != nil { @@ -23,9 +23,9 @@ func exception_throw_002_F(__taint_src string) { func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } +} func main() { - __taint_src := "taint_src_value" - exception_throw_002_F(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + exception_throw_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/exception_error/exception_throw/exception_throw_003_T/exception_throw_003_T.go b/sast-go/cases/completeness/single_app_tracing/exception_error/exception_throw/exception_throw_003_T/exception_throw_003_T.go new file mode 100644 index 00000000..2bb742f8 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/exception_error/exception_throw/exception_throw_003_T/exception_throw_003_T.go @@ -0,0 +1,48 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->异常与错误处理->异常抛出与捕获 +// scene introduction = 异常抛出->自定义异常抛出 +// level = 2+ +// bind_url = completeness/single_app_tracing/exception_error/exception_throw/exception_throw_003_T/exception_throw_003_T +// date = 2025-11-27 10:52:11 +// evaluation information end + +package main + +import ( + "os/exec" +) + +// 场景特点:定义自定义异常类型 +type CustomError struct { + message string +} + +func (e *CustomError) Error() string { + return e.message +} + +func exception_throw_003_T(__taint_src string) { + defer func() { + if r := recover(); r != nil { + var cmdStr string = r.(*CustomError).message + __taint_sink(cmdStr) + } + }() + + throwCustomError(__taint_src) +} + +func throwCustomError(__taint_src string) { + // 场景特点:抛出自定义异常 + panic(&CustomError{message: __taint_src}) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := "taint_src_value" + exception_throw_003_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/exception_error/exception_throw/exception_throw_004_F/exception_throw_004_F.go b/sast-go/cases/completeness/single_app_tracing/exception_error/exception_throw/exception_throw_004_F/exception_throw_004_F.go new file mode 100644 index 00000000..b65db7ff --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/exception_error/exception_throw/exception_throw_004_F/exception_throw_004_F.go @@ -0,0 +1,52 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->异常与错误处理->异常抛出与捕获 +// scene introduction = 异常抛出->自定义异常抛出 +// level = 2+ +// date = 2025-11-27 10:52:11 +// bind_url = completeness/single_app_tracing/exception_error/exception_throw/exception_throw_004_F/exception_throw_004_F +// evaluation information end + +package main + +import ( + "os/exec" +) + +// 场景特点:定义自定义异常类型 +type CustomError struct { + message string +} + +func (e *CustomError) Error() string { + return e.message +} + +func exception_throw_004_T(__taint_src string) { + defer func() { + if r := recover(); r != nil { + defer func() { + if r := recover(); r != nil { + var cmdStr string = r.(*CustomError).message + __taint_sink(cmdStr) + } + }() + } + }() + + throwCustomError(__taint_src) +} + +func throwCustomError(__taint_src string) { + // 场景特点:抛出不相关的自定义异常 + panic(&CustomError{message: "unrelated_value"}) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := "taint_src_value" + exception_throw_004_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/assign_expression_001_T/assign_expression_001_T.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/assign_001_T/assign_001_T.go similarity index 75% rename from sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/assign_expression_001_T/assign_expression_001_T.go rename to sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/assign_001_T/assign_001_T.go index 92c7d2e0..febd022a 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/assign_expression_001_T/assign_expression_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/assign_001_T/assign_001_T.go @@ -4,13 +4,14 @@ // evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 // scene introduction = 赋值表达式 // level = 2 -// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/assign_expression_001_T/assign_expression_001_T +// date = 2025-11-20 15:05:13 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/assign_001_T/assign_001_T // evaluation information end package main import "os/exec" -func assign_expression_001_T(__taint_src string) { +func assign_001_T(__taint_src string) { result := __taint_src __taint_sink(result) } @@ -21,5 +22,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - assign_expression_001_T(__taint_src) + assign_001_T(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/assign_expression_002_F/assign_expression_002_F.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/assign_002_F/assign_002_F.go similarity index 69% rename from sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/assign_expression_002_F/assign_expression_002_F.go rename to sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/assign_002_F/assign_002_F.go index d6d98122..5f526d3a 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/assign_expression_002_F/assign_expression_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/assign_002_F/assign_002_F.go @@ -1,25 +1,26 @@ - // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 // scene introduction = 赋值表达式 // level = 2 -// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/assign_expression_002_F/assign_expression_002_F +// date = 2025-11-20 15:05:13 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/assign_002_F/assign_002_F // evaluation information end package main + import "os/exec" -func assign_expression_002_F(__taint_src string) { +func assign_002_F(__taint_src string) { result := "_" __taint_sink(result) } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } +} func main() { - __taint_src := "taint_src_value" - assign_expression_002_F(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + assign_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_add_001_T/binary_expression_add_001_T.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_001_T/binary_001_T.go similarity index 68% rename from sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_add_001_T/binary_expression_add_001_T.go rename to sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_001_T/binary_001_T.go index 32ebdf09..c9259ce4 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_add_001_T/binary_expression_add_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_001_T/binary_001_T.go @@ -1,25 +1,26 @@ - // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 // scene introduction = 二元运算->加 // level = 2 -// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_add_001_T/binary_expression_add_001_T +// date = 2025-11-20 15:05:13 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_001_T/binary_001_T // evaluation information end package main + import "os/exec" -func binary_expression_add_001_T(__taint_src string) { +func binary_001_T(__taint_src string) { result := __taint_src + "_" __taint_sink(result) } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } +} func main() { - __taint_src := "taint_src_value" - binary_expression_add_001_T(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + binary_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_add_002_F/binary_expression_add_002_F.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_002_F/binary_002_F.go similarity index 69% rename from sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_add_002_F/binary_expression_add_002_F.go rename to sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_002_F/binary_002_F.go index 05922e95..e36afbe4 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_add_002_F/binary_expression_add_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_002_F/binary_002_F.go @@ -1,16 +1,17 @@ - // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 // scene introduction = 二元运算->加 // level = 2 -// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_add_002_F/binary_expression_add_002_F +// date = 2025-11-20 15:05:13 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_002_F/binary_002_F // evaluation information end package main + import "os/exec" -func binary_expression_add_002_F(__taint_src string) { +func binary_002_F(__taint_src string) { result := __taint_src + "_" result = "aa" __taint_sink(result) @@ -18,9 +19,9 @@ func binary_expression_add_002_F(__taint_src string) { func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } +} func main() { - __taint_src := "taint_src_value" - binary_expression_add_002_F(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + binary_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_003_T/binary_003_T.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_003_T/binary_003_T.go new file mode 100644 index 00000000..02c7bfa9 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_003_T/binary_003_T.go @@ -0,0 +1,29 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 +// scene introduction = 二元运算->减 +// level = 2 +// date = 2025-11-20 15:14:45 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_003_T/binary_003_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func binary_003_T(__taint_src int) { + result := __taint_src - 1 + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := 10 + binary_003_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_004_F/binary_004_F.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_004_F/binary_004_F.go new file mode 100644 index 00000000..fed98d4c --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_004_F/binary_004_F.go @@ -0,0 +1,30 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 +// scene introduction = 二元运算->减 +// level = 2 +// date = 2025-11-20 15:14:45 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_004_F/binary_004_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func binary_004_F(__taint_src int) { + result := __taint_src - 1 + result = 20 + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := 10 + binary_004_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_005_T/binary_005_T.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_005_T/binary_005_T.go new file mode 100644 index 00000000..159ff939 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_005_T/binary_005_T.go @@ -0,0 +1,29 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 +// scene introduction = 二元运算->乘 +// level = 2 +// date = 2025-11-20 15:14:45 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_005_T/binary_005_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func binary_005_T(__taint_src int) { + result := __taint_src * 1 + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := 5 + binary_005_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_006_F/binary_006_F.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_006_F/binary_006_F.go new file mode 100644 index 00000000..8245a948 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_006_F/binary_006_F.go @@ -0,0 +1,30 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 +// scene introduction = 二元运算->乘 +// level = 2 +// date = 2025-11-20 15:14:45 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_006_F/binary_006_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func binary_006_F(__taint_src int) { + result := __taint_src * 1 + result = 20 + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := 10 + binary_006_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_007_T/binary_007_T.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_007_T/binary_007_T.go new file mode 100644 index 00000000..ca4193fb --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_007_T/binary_007_T.go @@ -0,0 +1,28 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 +// scene introduction = 二元运算->除 +// level = 2 +// date = 2025-11-20 15:14:45 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_007_T/binary_007_T +// evaluation information end + +package main +import ( +"fmt" +"os/exec" +) + +func binary_007_T(__taint_src int) { + result := __taint_src / 2 + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := 10 + binary_007_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_008_F/binary_008_F.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_008_F/binary_008_F.go new file mode 100644 index 00000000..322e450d --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_008_F/binary_008_F.go @@ -0,0 +1,30 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 +// scene introduction = 二元运算->除 +// level = 2 +// date = 2025-11-20 15:14:45 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_008_F/binary_008_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func binary_008_F(__taint_src int) { + result := __taint_src / 2 + result = 20 + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := 10 + binary_008_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_009_T/binary_009_T.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_009_T/binary_009_T.go new file mode 100644 index 00000000..4c3ca0d9 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_009_T/binary_009_T.go @@ -0,0 +1,29 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 +// scene introduction = 二元运算->取模 +// level = 2 +// date = 2025-11-20 15:14:45 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_009_T/binary_009_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func binary_009_T(__taint_src int) { + result := __taint_src % 2 + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := 10 + binary_009_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_010_F/binary_010_F.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_010_F/binary_010_F.go new file mode 100644 index 00000000..2d29dfb8 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_010_F/binary_010_F.go @@ -0,0 +1,30 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 +// scene introduction = 二元运算->取模 +// level = 2 +// date = 2025-11-20 15:14:45 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_010_F/binary_010_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func binary_010_F(__taint_src int) { + result := __taint_src % 2 + result = 20 + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := 10 + binary_010_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_add_assignment_001_T/binary_expression_add_assignment_001_T.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_011_T/binary_011_T.go similarity index 59% rename from sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_add_assignment_001_T/binary_expression_add_assignment_001_T.go rename to sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_011_T/binary_011_T.go index c27571ce..d8c943b6 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_add_assignment_001_T/binary_expression_add_assignment_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_011_T/binary_011_T.go @@ -1,26 +1,27 @@ - // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 // scene introduction = 二元运算->加等 // level = 2 -// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_add_assignment_001_T/binary_expression_add_assignment_001_T +// date = 2025-11-20 15:05:13 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_011_T/binary_011_T // evaluation information end package main + import "os/exec" -func binary_expression_add_assignment_002_F(__taint_src string) { - result := "_" - result += __taint_src +func binary_011_T(__taint_src int) { + result := __taint_src + result += 1 __taint_sink(result) } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } +} func main() { - __taint_src := "taint_src_value" - binary_expression_add_assignment_002_F(__taint_src) -} \ No newline at end of file + __taint_src := 10 + binary_011_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_add_assignment_002_F/binary_expression_add_assignment_002_F.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_012_F/binary_012_F.go similarity index 57% rename from sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_add_assignment_002_F/binary_expression_add_assignment_002_F.go rename to sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_012_F/binary_012_F.go index 5937137d..eedae0a6 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_add_assignment_002_F/binary_expression_add_assignment_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_012_F/binary_012_F.go @@ -1,26 +1,28 @@ - // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 // scene introduction = 二元运算->加等 // level = 2 -// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_add_assignment_002_F/binary_expression_add_assignment_002_F +// date = 2025-11-20 15:05:13 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_012_F/binary_012_F // evaluation information end package main + import "os/exec" -func binary_expression_add_assignment_002_F(__taint_src string) { - result := "_" - result += __taint_src - __taint_sink("aa") +func binary_012_F(__taint_src int) { + result := __taint_src + result += 1 + result = 20 + __taint_sink(result) } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } +} func main() { - __taint_src := "taint_src_value" - binary_expression_add_assignment_002_F(__taint_src) -} \ No newline at end of file + __taint_src := 10 + binary_012_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_013_T/binary_013_T.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_013_T/binary_013_T.go new file mode 100644 index 00000000..4fcd0702 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_013_T/binary_013_T.go @@ -0,0 +1,27 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 +// scene introduction = 二元运算->减等 +// level = 2 +// date = 2025-11-20 15:54:57 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_013_T/binary_013_T +// evaluation information end + +package main + +import "os/exec" + +func binary_013_T(__taint_src int) { + result := __taint_src + result -= 1 + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := 10 + binary_013_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_014_F/binary_014_F.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_014_F/binary_014_F.go new file mode 100644 index 00000000..6ccc479f --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_014_F/binary_014_F.go @@ -0,0 +1,28 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 +// scene introduction = 二元运算->减等 +// level = 2 +// date = 2025-11-20 15:54:57 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_014_F/binary_014_F +// evaluation information end + +package main + +import "os/exec" + +func binary_014_F(__taint_src int) { + result := __taint_src + result -= 1 + result = 20 + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := 10 + binary_014_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_015_T/binary_015_T.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_015_T/binary_015_T.go new file mode 100644 index 00000000..cfea99d8 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_015_T/binary_015_T.go @@ -0,0 +1,27 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 +// scene introduction = 二元运算->乘等 +// level = 2 +// date = 2025-11-20 15:54:57 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_015_T/binary_015_T +// evaluation information end + +package main + +import "os/exec" + +func binary_015_T(__taint_src int) { + result := __taint_src + result *= 2 + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := 10 + binary_015_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_016_F/binary_016_F.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_016_F/binary_016_F.go new file mode 100644 index 00000000..7b7162b1 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_016_F/binary_016_F.go @@ -0,0 +1,28 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 +// scene introduction = 二元运算->乘等 +// level = 2 +// date = 2025-11-20 15:54:57 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_016_F/binary_016_F +// evaluation information end + +package main + +import "os/exec" + +func binary_016_F(__taint_src int) { + result := __taint_src + result *= 1 + result = 20 + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := 10 + binary_016_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_017_T/binary_017_T.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_017_T/binary_017_T.go new file mode 100644 index 00000000..46b40c68 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_017_T/binary_017_T.go @@ -0,0 +1,27 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 +// scene introduction = 二元运算->除等 +// level = 2 +// date = 2025-11-20 15:54:57 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_017_T/binary_017_T +// evaluation information end + +package main + +import "os/exec" + +func binary_017_T(__taint_src int) { + result := __taint_src + result /= 2 + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := 10 + binary_017_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_018_F/binary_018_F.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_018_F/binary_018_F.go new file mode 100644 index 00000000..0908f40f --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_018_F/binary_018_F.go @@ -0,0 +1,28 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 +// scene introduction = 二元运算->除等 +// level = 2 +// date = 2025-11-20 15:54:57 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_018_F/binary_018_F +// evaluation information end + +package main + +import "os/exec" + +func binary_018_F(__taint_src int) { + result := __taint_src + result /= 2 + result = 20 + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := 10 + binary_018_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_019_T/binary_019_T.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_019_T/binary_019_T.go new file mode 100644 index 00000000..940deecb --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_019_T/binary_019_T.go @@ -0,0 +1,27 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 +// scene introduction = 二元运算->模等 +// level = 2 +// date = 2025-11-20 15:54:57 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_019_T/binary_019_T +// evaluation information end + +package main + +import "os/exec" + +func binary_019_T(__taint_src int) { + result := __taint_src + result %= 2 + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := 10 + binary_019_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_020_F/binary_020_F.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_020_F/binary_020_F.go new file mode 100644 index 00000000..cb66704d --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_020_F/binary_020_F.go @@ -0,0 +1,28 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 +// scene introduction = 二元运算->模等 +// level = 2 +// date = 2025-11-20 15:54:57 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_020_F/binary_020_F +// evaluation information end + +package main + +import "os/exec" + +func binary_020_F(__taint_src int) { + result := __taint_src + result %= 2 + result = 20 + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := 10 + binary_020_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_and_001_T/bitwise_expression_and_001_T.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_001_T/bitwise_001_T.go similarity index 70% rename from sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_and_001_T/bitwise_expression_and_001_T.go rename to sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_001_T/bitwise_001_T.go index c645df50..5916fde7 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_and_001_T/bitwise_expression_and_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_001_T/bitwise_001_T.go @@ -1,28 +1,29 @@ - // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 // scene introduction = 位操作->与 // level = 2 -// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_and_001_T/bitwise_expression_and_001_T +// date = 2025-11-20 15:05:13 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/bitwise_001_T/bitwise_001_T // evaluation information end package main + import ( - "os/exec" "fmt" + "os/exec" ) -func bitwise_expression_and_001_T(__taint_src int) { +func bitwise_001_T(__taint_src int) { result := __taint_src & 1 __taint_sink(result) } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() - } +} func main() { - __taint_src := 3 - bitwise_expression_and_001_T(__taint_src) -} \ No newline at end of file + __taint_src := 10 + bitwise_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_and_002_F/bitwise_expression_and_002_F.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_002_F/bitwise_002_F.go similarity index 66% rename from sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_and_002_F/bitwise_expression_and_002_F.go rename to sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_002_F/bitwise_002_F.go index 0d5daa98..08f892e6 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_and_002_F/bitwise_expression_and_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_002_F/bitwise_002_F.go @@ -1,29 +1,30 @@ - // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 // scene introduction = 位操作->与 // level = 2 -// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_and_002_F/bitwise_expression_and_002_F +// date = 2025-11-20 15:05:13 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/bitwise_002_F/bitwise_002_F // evaluation information end package main + import ( - "os/exec" "fmt" + "os/exec" ) -func bitwise_expression_and_002_F(__taint_src int) { +func bitwise_002_F(__taint_src int) { result := __taint_src & 1 - _ = result - __taint_sink("aa") + result = 20 + __taint_sink(result) } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() - } +} func main() { - __taint_src := 123 - bitwise_expression_and_002_F(__taint_src) -} \ No newline at end of file + __taint_src := 10 + bitwise_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_or_001_T/bitwise_expression_or_001_T.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_003_T/bitwise_003_T.go similarity index 70% rename from sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_or_001_T/bitwise_expression_or_001_T.go rename to sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_003_T/bitwise_003_T.go index 0b633b10..31990846 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_or_001_T/bitwise_expression_or_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_003_T/bitwise_003_T.go @@ -1,28 +1,29 @@ - // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 // scene introduction = 位操作->或 // level = 2 -// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_or_001_T/bitwise_expression_or_001_T +// date = 2025-11-20 15:05:13 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/bitwise_003_T/bitwise_003_T // evaluation information end package main + import ( - "os/exec" "fmt" + "os/exec" ) -func bitwise_expression_or_001_T(__taint_src int) { +func bitwise_003_T(__taint_src int) { result := __taint_src | 1 __taint_sink(result) } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() - } +} func main() { - __taint_src := 123 - bitwise_expression_or_001_T(__taint_src) -} \ No newline at end of file + __taint_src := 10 + bitwise_003_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_or_002_F/bitwise_expression_or_002_F.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_004_F/bitwise_004_F.go similarity index 66% rename from sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_or_002_F/bitwise_expression_or_002_F.go rename to sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_004_F/bitwise_004_F.go index f810a913..cfc8b464 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_or_002_F/bitwise_expression_or_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_004_F/bitwise_004_F.go @@ -1,29 +1,30 @@ - // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 // scene introduction = 位操作->或 // level = 2 -// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_or_002_F/bitwise_expression_or_002_F +// date = 2025-11-20 15:05:13 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/bitwise_004_F/bitwise_004_F // evaluation information end package main + import ( - "os/exec" "fmt" + "os/exec" ) -func bitwise_expression_or_002_F(__taint_src int) { +func bitwise_004_F(__taint_src int) { result := __taint_src | 1 - _ = result - __taint_sink("aa") + result = 20 + __taint_sink(result) } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() - } +} func main() { - __taint_src := 123 - bitwise_expression_or_002_F(__taint_src) -} \ No newline at end of file + __taint_src := 10 + bitwise_004_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_xor_001_T/bitwise_expression_xor_001_T.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_005_T/bitwise_005_T.go similarity index 70% rename from sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_xor_001_T/bitwise_expression_xor_001_T.go rename to sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_005_T/bitwise_005_T.go index 8b46d8da..3962c529 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_xor_001_T/bitwise_expression_xor_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_005_T/bitwise_005_T.go @@ -1,28 +1,29 @@ - // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 // scene introduction = 位操作->异或 // level = 2 -// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_xor_001_T/bitwise_expression_xor_001_T +// date = 2025-11-20 15:05:13 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/bitwise_005_T/bitwise_005_T // evaluation information end package main + import ( - "os/exec" "fmt" + "os/exec" ) -func bitwise_expression_xor_001_T(__taint_src int) { +func bitwise_005_T(__taint_src int) { result := __taint_src ^ 1 __taint_sink(result) } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() - } +} func main() { - __taint_src := 123 - bitwise_expression_xor_001_T(__taint_src) -} \ No newline at end of file + __taint_src := 10 + bitwise_005_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_xor_002_F/bitwise_expression_xor_002_F.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_006_F/bitwise_006_F.go similarity index 66% rename from sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_xor_002_F/bitwise_expression_xor_002_F.go rename to sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_006_F/bitwise_006_F.go index b2dc0f6a..432420a5 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_xor_002_F/bitwise_expression_xor_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_006_F/bitwise_006_F.go @@ -1,29 +1,30 @@ - // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 // scene introduction = 位操作->异或 // level = 2 -// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_xor_002_F/bitwise_expression_xor_002_F +// date = 2025-11-20 15:05:13 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/bitwise_006_F/bitwise_006_F // evaluation information end package main + import ( - "os/exec" "fmt" + "os/exec" ) -func bitwise_expression_xor_002_F(__taint_src int) { +func bitwise_006_F(__taint_src int) { result := __taint_src ^ 1 - _ = result - __taint_sink("aa") + result = 20 + __taint_sink(result) } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() - } +} func main() { - __taint_src := 123 - bitwise_expression_xor_002_F(__taint_src) -} \ No newline at end of file + __taint_src := 10 + bitwise_006_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_not_001_T/bitwise_expression_not_001_T.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_007_T/bitwise_007_T.go similarity index 70% rename from sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_not_001_T/bitwise_expression_not_001_T.go rename to sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_007_T/bitwise_007_T.go index 8c902222..67d6dbe5 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_not_001_T/bitwise_expression_not_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_007_T/bitwise_007_T.go @@ -1,28 +1,29 @@ - // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 // scene introduction = 位操作->按位取反 // level = 2 -// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_not_001_T/bitwise_expression_not_001_T +// date = 2025-11-20 15:05:13 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/bitwise_007_T/bitwise_007_T // evaluation information end package main + import ( - "os/exec" "fmt" + "os/exec" ) -func bitwise_expression_not_001_T(__taint_src int) { +func bitwise_007_T(__taint_src int) { result := ^__taint_src __taint_sink(result) } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() - } +} func main() { - __taint_src := 123 - bitwise_expression_not_001_T(__taint_src) -} \ No newline at end of file + __taint_src := 10 + bitwise_007_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_not_002_F/bitwise_expression_not_002_F.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_008_F/bitwise_008_F.go similarity index 66% rename from sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_not_002_F/bitwise_expression_not_002_F.go rename to sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_008_F/bitwise_008_F.go index 1ce2f802..d90d0a3d 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_not_002_F/bitwise_expression_not_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_008_F/bitwise_008_F.go @@ -1,29 +1,30 @@ - // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 // scene introduction = 位操作->按位取反 // level = 2 -// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_not_002_F/bitwise_expression_not_002_F +// date = 2025-11-20 15:05:13 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/bitwise_008_F/bitwise_008_F // evaluation information end package main + import ( - "os/exec" "fmt" + "os/exec" ) -func bitwise_expression_not_002_F(__taint_src int) { +func bitwise_008_F(__taint_src int) { result := ^__taint_src - _ = result - __taint_sink("aa") + result = 20 + __taint_sink(result) } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() - } +} func main() { - __taint_src := 123 - bitwise_expression_not_002_F(__taint_src) -} \ No newline at end of file + __taint_src := 10 + bitwise_008_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_lsh_001_T/bitwise_expression_lsh_001_T.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_009_T/bitwise_009_T.go similarity index 70% rename from sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_lsh_001_T/bitwise_expression_lsh_001_T.go rename to sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_009_T/bitwise_009_T.go index 6e4be052..e5347fad 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_lsh_001_T/bitwise_expression_lsh_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_009_T/bitwise_009_T.go @@ -1,28 +1,29 @@ - // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 // scene introduction = 位操作->左移 // level = 2 -// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_lsh_001_T/bitwise_expression_lsh_001_T +// date = 2025-11-20 15:05:13 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/bitwise_009_T/bitwise_009_T // evaluation information end package main + import ( - "os/exec" "fmt" + "os/exec" ) -func bitwise_expression_lsh_001_T(__taint_src int) { +func bitwise_009_T(__taint_src int) { result := __taint_src << 1 __taint_sink(result) } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() - } +} func main() { - __taint_src := 123 - bitwise_expression_lsh_001_T(__taint_src) -} \ No newline at end of file + __taint_src := 10 + bitwise_009_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_lsh_002_F/bitwise_expression_lsh_002_F.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_010_F/bitwise_010_F.go similarity index 66% rename from sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_lsh_002_F/bitwise_expression_lsh_002_F.go rename to sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_010_F/bitwise_010_F.go index e7ae98d7..b3451614 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_lsh_002_F/bitwise_expression_lsh_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_010_F/bitwise_010_F.go @@ -1,29 +1,30 @@ - // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 // scene introduction = 位操作->左移 // level = 2 -// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_lsh_002_F/bitwise_expression_lsh_002_F +// date = 2025-11-20 15:05:13 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/bitwise_010_F/bitwise_010_F // evaluation information end package main + import ( - "os/exec" "fmt" + "os/exec" ) -func bitwise_expression_lsh_002_F(__taint_src int) { +func bitwise_010_F(__taint_src int) { result := __taint_src << 1 - _ = result - __taint_sink("aa") + result = -1 + __taint_sink(result) } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() - } +} func main() { - __taint_src := 123 - bitwise_expression_lsh_002_F(__taint_src) -} \ No newline at end of file + __taint_src := 10 + bitwise_010_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_rsh_001_T/bitwise_expression_rsh_001_T.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_011_T/bitwise_011_T.go similarity index 70% rename from sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_rsh_001_T/bitwise_expression_rsh_001_T.go rename to sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_011_T/bitwise_011_T.go index 6c8ab0e3..752b565e 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_rsh_001_T/bitwise_expression_rsh_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_011_T/bitwise_011_T.go @@ -1,28 +1,29 @@ - // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 // scene introduction = 位操作->右移 // level = 2 -// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_rsh_001_T/bitwise_expression_rsh_001_T +// date = 2025-11-20 15:05:13 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/bitwise_011_T/bitwise_011_T // evaluation information end package main + import ( - "os/exec" "fmt" + "os/exec" ) -func bitwise_expression_rsh_001_T(__taint_src int) { +func bitwise_011_T(__taint_src int) { result := __taint_src >> 1 __taint_sink(result) } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() - } +} func main() { - __taint_src := 123 - bitwise_expression_rsh_001_T(__taint_src) -} \ No newline at end of file + __taint_src := 10 + bitwise_011_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_012_F/bitwise_012_F.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_012_F/bitwise_012_F.go new file mode 100644 index 00000000..31c131ce --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_012_F/bitwise_012_F.go @@ -0,0 +1,30 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 +// scene introduction = 位操作->右移 +// level = 2 +// date = 2025-11-20 15:05:13 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/bitwise_012_F/bitwise_012_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func bitwise_012_F(__taint_src int) { + result := __taint_src >> 10 + result = 20 + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := 123 + bitwise_012_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_rsh_002_F/bitwise_expression_rsh_002_F.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_rsh_002_F/bitwise_expression_rsh_002_F.go deleted file mode 100644 index 461f1970..00000000 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_rsh_002_F/bitwise_expression_rsh_002_F.go +++ /dev/null @@ -1,29 +0,0 @@ - -// evaluation information start -// real case = false -// evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 -// scene introduction = 位操作->右移 -// level = 2 -// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_rsh_002_F/bitwise_expression_rsh_002_F -// evaluation information end - -package main -import ( - "os/exec" - "fmt" -) - -func bitwise_expression_rsh_002_F(__taint_src int) { - result := __taint_src >> 1 - _ = result - __taint_sink("aa") -} - -func __taint_sink(o interface{}) { - _ = exec.Command("sh", "-c",fmt.Sprintf("%v", o)).Run() - } - -func main() { - __taint_src := 123 - bitwise_expression_rsh_002_F(__taint_src) -} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/config.json b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/config.json index d002ab23..78268aff 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/config.json +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/config.json @@ -7,56 +7,116 @@ "level": "2", "scene_list": [ { - "compose": "assign_expression_001_T/assign_expression_001_T.go && !assign_expression_002_F/assign_expression_002_F.go", + "compose": "assign_001_T/assign_001_T.go && !assign_002_F/assign_002_F.go", "scene": "赋值表达式" }, { - "compose": "binary_expression_add_001_T/binary_expression_add_001_T.go && !binary_expression_add_002_F/binary_expression_add_002_F.go", + "compose": "binary_001_T/binary_001_T.go && !binary_002_F/binary_002_F.go", "scene": "二元运算->加" }, { - "compose": "binary_expression_add_assignment_001_T/binary_expression_add_assignment_001_T.go && !binary_expression_add_assignment_002_F/binary_expression_add_assignment_002_F.go", + "compose": "binary_003_T/binary_003_T.go && !binary_004_F/binary_004_F.go", + "scene": "二元运算->减" + }, + { + "compose": "binary_005_T/binary_005_T.go && !binary_006_F/binary_006_F.go", + "scene": "二元运算->乘" + }, + { + "compose": "binary_007_T/binary_007_T.go && !binary_008_F/binary_008_F.go", + "scene": "二元运算->除" + }, + { + "compose": "binary_009_T/binary_009_T.go && !binary_010_F/binary_010_F.go", + "scene": "二元运算->取模" + }, + { + "compose": "binary_011_T/binary_011_T.go && !binary_012_F/binary_012_F.go", "scene": "二元运算->加等" }, { - "compose": "bitwise_expression_and_001_T/bitwise_expression_and_001_T.go && !bitwise_expression_and_002_F/bitwise_expression_and_002_F.go", - "scene": "位操作->与" + "compose": "binary_013_T/binary_013_T.go && !binary_014_F/binary_014_F.go", + "scene": "二元运算->减等" }, { - "compose": "bitwise_expression_lsh_001_T/bitwise_expression_lsh_001_T.go && !bitwise_expression_lsh_002_F/bitwise_expression_lsh_002_F.go", - "scene": "位操作->左移" + "compose": "binary_015_T/binary_015_T.go && !binary_016_F/binary_016_F.go", + "scene": "二元运算->乘等" }, { - "compose": "bitwise_expression_not_001_T/bitwise_expression_not_001_T.go && !bitwise_expression_not_002_F/bitwise_expression_not_002_F.go", - "scene": "位操作->按位取反" + "compose": "binary_017_T/binary_017_T.go && !binary_018_F/binary_018_F.go", + "scene": "二元运算->除等" }, { - "compose": "bitwise_expression_or_001_T/bitwise_expression_or_001_T.go && !bitwise_expression_or_002_F/bitwise_expression_or_002_F.go", - "scene": "位操作->或" + "compose": "binary_019_T/binary_019_T.go && !binary_020_F/binary_020_F.go", + "scene": "二元运算->模等" }, { - "compose": "bitwise_expression_rsh_001_T/bitwise_expression_rsh_001_T.go && !bitwise_expression_rsh_002_F/bitwise_expression_rsh_002_F.go", - "scene": "位操作->右移" + "compose": "bitwise_001_T/bitwise_001_T.go && !bitwise_002_F/bitwise_002_F.go", + "scene": "位操作->与" + }, + { + "compose": "bitwise_003_T/bitwise_003_T.go && !bitwise_004_F/bitwise_004_F.go", + "scene": "位操作->或" }, { - "compose": "bitwise_expression_xor_001_T/bitwise_expression_xor_001_T.go && !bitwise_expression_xor_002_F/bitwise_expression_xor_002_F.go", + "compose": "bitwise_005_T/bitwise_005_T.go && !bitwise_006_F/bitwise_006_F.go", "scene": "位操作->异或" }, { - "compose": "logic_expression_and_001_T/logic_expression_and_001_T.go && !logic_expression_and_002_F/logic_expression_and_002_F.go", + "compose": "bitwise_007_T/bitwise_007_T.go && !bitwise_008_F/bitwise_008_F.go", + "scene": "位操作->按位取反" + }, + { + "compose": "bitwise_009_T/bitwise_009_T.go && !bitwise_010_F/bitwise_010_F.go", + "scene": "位操作->左移" + }, + { + "compose": "bitwise_011_T/bitwise_011_T.go && !bitwise_012_F/bitwise_012_F.go", + "scene": "位操作->右移" + }, + { + "compose": "logic_001_T/logic_001_T.go && !logic_002_F/logic_002_F.go", "scene": "逻辑表达式->与表达式" }, { - "compose": "logic_expression_or_001_T/logic_expression_or_001_T.go && !logic_expression_or_002_F/logic_expression_or_002_F.go", + "compose": "logic_003_T/logic_003_T.go && !logic_004_F/logic_004_F.go", "scene": "逻辑表达式->或表达式" }, { - "compose": "relation_expression_equal_001_T/relation_expression_equal_001_T.go && !relation_expression_equal_002_F/relation_expression_equal_002_F.go", + "compose": "relation_001_T/relation_001_T.go && !relation_002_F/relation_002_F.go", "scene": "关系操作->等于" + }, + { + "compose": "relation_003_T/relation_003_T.go && !relation_004_F/relation_004_F.go", + "scene": "关系操作->不等于" + }, + { + "compose": "relation_005_T/relation_005_T.go && !relation_006_F/relation_006_F.go", + "scene": "关系操作->大于" + }, + { + "compose": "relation_007_T/relation_007_T.go && !relation_008_F/relation_008_F.go", + "scene": "关系操作->小于" + }, + { + "compose": "relation_009_T/relation_009_T.go && !relation_010_F/relation_010_F.go", + "scene": "关系操作->大于等于" + }, + { + "compose": "relation_011_T/relation_011_T.go && !relation_012_F/relation_012_F.go", + "scene": "关系操作->小于等于" + }, + { + "compose": "increment_001_T/increment_001_T.go && !increment_002_F/increment_002_F.go", + "scene": "自增运算" + }, + { + "compose": "decrement_001_T/decrement_001_T.go && !decrement_002_F/decrement_002_F.go", + "scene": "自减运算" } ] } ] } ] -} \ No newline at end of file +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/logic_expression_and_001_T/logic_expression_and_001_T.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/logic_001_T/logic_001_T.go similarity index 75% rename from sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/logic_expression_and_001_T/logic_expression_and_001_T.go rename to sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/logic_001_T/logic_001_T.go index 0676fa4c..17a5e855 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/logic_expression_and_001_T/logic_expression_and_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/logic_001_T/logic_001_T.go @@ -4,7 +4,8 @@ // evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 // scene introduction = 逻辑表达式->与表达式 // level = 2 -// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/logic_expression_and_001_T/logic_expression_and_001_T +// date = 2025-11-20 15:05:13 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/logic_001_T/logic_001_T // evaluation information end package main @@ -13,7 +14,7 @@ import ( "fmt" ) -func logic_expression_and_001_T(__taint_src bool) { +func logic_001_T(__taint_src bool) { result := __taint_src && true __taint_sink(result) } @@ -24,5 +25,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := true - logic_expression_and_001_T(__taint_src) + logic_001_T(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/logic_expression_and_002_F/logic_expression_and_002_F.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/logic_002_F/logic_002_F.go similarity index 70% rename from sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/logic_expression_and_002_F/logic_expression_and_002_F.go rename to sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/logic_002_F/logic_002_F.go index 6c002989..61eda4df 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/logic_expression_and_002_F/logic_expression_and_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/logic_002_F/logic_002_F.go @@ -1,29 +1,30 @@ - // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 // scene introduction = 逻辑表达式->与表达式 // level = 2 -// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/logic_expression_and_002_F/logic_expression_and_002_F +// date = 2025-11-20 15:05:13 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/logic_002_F/logic_002_F // evaluation information end package main + import ( - "os/exec" "fmt" + "os/exec" ) -func logic_expression_and_002_F(__taint_src bool) { +func logic_002_F(__taint_src bool) { result := __taint_src && false - result = false + result = true __taint_sink(result) } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() - } +} func main() { - __taint_src := false - logic_expression_and_002_F(__taint_src) -} \ No newline at end of file + __taint_src := true + logic_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/logic_expression_or_001_T/logic_expression_or_001_T.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/logic_003_T/logic_003_T.go similarity index 76% rename from sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/logic_expression_or_001_T/logic_expression_or_001_T.go rename to sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/logic_003_T/logic_003_T.go index 95961d7e..75513756 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/logic_expression_or_001_T/logic_expression_or_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/logic_003_T/logic_003_T.go @@ -4,7 +4,8 @@ // evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 // scene introduction = 逻辑表达式->或表达式 // level = 2 -// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/logic_expression_or_001_T/logic_expression_or_001_T +// date = 2025-11-20 15:05:13 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/logic_003_T/logic_003_T // evaluation information end package main @@ -13,7 +14,7 @@ import ( "fmt" ) -func logic_expression_or_001_T(__taint_src bool) { +func logic_003_T(__taint_src bool) { result := false || __taint_src __taint_sink(result) } @@ -24,5 +25,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := true - logic_expression_or_001_T(__taint_src) + logic_003_T(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/logic_expression_or_002_F/logic_expression_or_002_F.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/logic_004_F/logic_004_F.go similarity index 72% rename from sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/logic_expression_or_002_F/logic_expression_or_002_F.go rename to sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/logic_004_F/logic_004_F.go index 783f546b..61ef30f4 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/logic_expression_or_002_F/logic_expression_or_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/logic_004_F/logic_004_F.go @@ -1,19 +1,20 @@ - // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 // scene introduction = 逻辑表达式->或表达式 // level = 2 -// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/logic_expression_or_002_F/logic_expression_or_002_F +// date = 2025-11-20 15:05:13 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/logic_004_F/logic_004_F // evaluation information end package main + import ( - "os/exec" "fmt" + "os/exec" ) -func logic_expression_or_002_F(__taint_src bool) { +func logic_004_F(__taint_src bool) { result := false || __taint_src result = false __taint_sink(result) @@ -21,9 +22,9 @@ func logic_expression_or_002_F(__taint_src bool) { func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() - } +} func main() { - __taint_src := false - logic_expression_or_002_F(__taint_src) -} \ No newline at end of file + __taint_src := true + logic_004_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/relation_expression_equal_001_T/relation_expression_equal_001_T.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/relation_001_T/relation_001_T.go similarity index 74% rename from sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/relation_expression_equal_001_T/relation_expression_equal_001_T.go rename to sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/relation_001_T/relation_001_T.go index e0395f7e..e7c33703 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/relation_expression_equal_001_T/relation_expression_equal_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/relation_001_T/relation_001_T.go @@ -4,7 +4,8 @@ // evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 // scene introduction = 关系操作->等于 // level = 2 -// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/relation_expression_equal_001_T/relation_expression_equal_001_T +// date = 2025-11-20 15:05:13 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/relation_001_T/relation_001_T // evaluation information end package main @@ -13,7 +14,7 @@ import ( "fmt" ) -func relation_expression_equal_001_T(__taint_src string) { +func relation_001_T(__taint_src string) { result := __taint_src == "__taint_src" __taint_sink(result) } @@ -24,5 +25,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - relation_expression_equal_001_T(__taint_src) + relation_001_T(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/relation_expression_equal_002_F/relation_expression_equal_002_F.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/relation_002_F/relation_002_F.go similarity index 74% rename from sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/relation_expression_equal_002_F/relation_expression_equal_002_F.go rename to sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/relation_002_F/relation_002_F.go index a0747480..0fe7e880 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/relation_expression_equal_002_F/relation_expression_equal_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/relation_002_F/relation_002_F.go @@ -4,7 +4,8 @@ // evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 // scene introduction = 关系操作->等于 // level = 2 -// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/relation_expression_equal_002_F/relation_expression_equal_002_F +// date = 2025-11-20 15:05:13 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/relation_002_F/relation_002_F // evaluation information end package main @@ -13,7 +14,7 @@ import ( "fmt" ) -func relation_expression_equal_002_F(__taint_src string) { +func relation_002_F(__taint_src string) { result := __taint_src == "__taint_src" result = false __taint_sink(result) @@ -25,5 +26,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - relation_expression_equal_002_F(__taint_src) + relation_002_F(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/expression/type_cast/config.json b/sast-go/cases/completeness/single_app_tracing/expression/type_cast/config.json index 586b2d68..8243be27 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/type_cast/config.json +++ b/sast-go/cases/completeness/single_app_tracing/expression/type_cast/config.json @@ -13,10 +13,18 @@ { "compose": "type_cast_003_T/type_cast_003_T.go && !type_cast_004_F/type_cast_004_F.go", "scene": "类型断言" + }, + { + "compose": "type_cast_005_T/type_cast_005_T.go && !type_cast_006_F/type_cast_006_F.go", + "scene": "字符串到数值转换" + }, + { + "compose": "type_cast_007_T/type_cast_007_T.go && !type_cast_008_F/type_cast_008_F.go", + "scene": "指针类型转换" } ] } ] } ] -} \ No newline at end of file +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_001_T/type_cast_001_T.go b/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_001_T/type_cast_001_T.go index 7972c267..546f5fa3 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_001_T/type_cast_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_001_T/type_cast_001_T.go @@ -1,16 +1,16 @@ - // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->表达式->类型转换 // scene introduction = 显式类型转换 // level = 2 -// bind_url = completeness/single_app_tracing/expression/type_cast/type_cast_001_T +// bind_url = completeness/single_app_tracing/expression/type_cast/type_cast_001_T/type_cast_001_T // evaluation information end package main + import ( - "os/exec" "fmt" + "os/exec" ) func type_cast_001_T(__taint_src int) { @@ -20,9 +20,9 @@ func type_cast_001_T(__taint_src int) { func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() - } +} func main() { - __taint_src := 123 - type_cast_001_T(__taint_src) -} \ No newline at end of file + __taint_src := 123 + type_cast_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_002_F/type_cast_002_F.go b/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_002_F/type_cast_002_F.go index 74585ad5..2dc53444 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_002_F/type_cast_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_002_F/type_cast_002_F.go @@ -1,4 +1,3 @@ - // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->表达式->类型转换 @@ -8,9 +7,10 @@ // evaluation information end package main + import ( - "os/exec" "fmt" + "os/exec" ) func type_cast_002_F(__taint_src int) { @@ -21,9 +21,9 @@ func type_cast_002_F(__taint_src int) { func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() - } +} func main() { - __taint_src := 13 - type_cast_002_F(__taint_src) -} \ No newline at end of file + __taint_src := 13 + type_cast_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_003_T/type_cast_003_T.go b/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_003_T/type_cast_003_T.go index b165d89e..7def7d09 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_003_T/type_cast_003_T.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_003_T/type_cast_003_T.go @@ -1,4 +1,3 @@ - // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->表达式->类型转换 @@ -8,6 +7,7 @@ // evaluation information end package main + import "os/exec" func type_cast_003_T(__taint_src interface{}) { @@ -18,9 +18,9 @@ func type_cast_003_T(__taint_src interface{}) { func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } +} func main() { - __taint_src := "taint_src_value" - type_cast_003_T(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + type_cast_003_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_004_F/type_cast_004_F.go b/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_004_F/type_cast_004_F.go index 4ea2a3b1..02a78084 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_004_F/type_cast_004_F.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_004_F/type_cast_004_F.go @@ -1,4 +1,3 @@ - // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->表达式->类型转换 @@ -8,6 +7,7 @@ // evaluation information end package main + import "os/exec" func type_cast_004_F(__taint_src interface{}) { @@ -18,9 +18,9 @@ func type_cast_004_F(__taint_src interface{}) { func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } +} func main() { - __taint_src := "taint_src_value" - type_cast_004_F(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + type_cast_004_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_005_T/type_cast_005_T.go b/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_005_T/type_cast_005_T.go new file mode 100644 index 00000000..58821f28 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_005_T/type_cast_005_T.go @@ -0,0 +1,31 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->表达式->类型转换 +// scene introduction = 字符串到数值转换 +// level = 2 +// date = 2025-11-20 19:27:07 +// bind_url = completeness/single_app_tracing/expression/type_cast/type_cast_005_T/type_cast_005_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" + "strconv" +) + +func type_cast_005_T(__taint_src string) { + // 场景特点:字符串转换为整数类型 + result, _ := strconv.Atoi(__taint_src) + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "123" + type_cast_005_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_006_F/type_cast_006_F.go b/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_006_F/type_cast_006_F.go new file mode 100644 index 00000000..aaaa1e42 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_006_F/type_cast_006_F.go @@ -0,0 +1,32 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->表达式->类型转换 +// scene introduction = 字符串到数值转换 +// level = 2 +// date = 2025-11-20 19:27:07 +// bind_url = completeness/single_app_tracing/expression/type_cast/type_cast_006_F/type_cast_006_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" + "strconv" +) + +func type_cast_006_F(__taint_src string) { + // 场景特点:字符串转换后重新赋值 + result, _ := strconv.Atoi(__taint_src) + result = 456 + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "123" + type_cast_006_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_007_T/type_cast_007_T.go b/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_007_T/type_cast_007_T.go new file mode 100644 index 00000000..e385fa25 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_007_T/type_cast_007_T.go @@ -0,0 +1,30 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->表达式->类型转换 +// scene introduction = 指针类型转换 +// level = 2 +// date = 2025-11-20 19:27:07 +// bind_url = completeness/single_app_tracing/expression/type_cast/type_cast_007_T/type_cast_007_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func type_cast_007_T(__taint_src *string) { + // 场景特点:指针类型转换为接口类型 + var result interface{} = __taint_src + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "tainted_string" + type_cast_007_T(&__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_008_F/type_cast_008_F.go b/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_008_F/type_cast_008_F.go new file mode 100644 index 00000000..3754fcb1 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_008_F/type_cast_008_F.go @@ -0,0 +1,31 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->表达式->类型转换 +// scene introduction = 指针类型转换 +// level = 2 +// date = 2025-11-20 19:27:07 +// bind_url = completeness/single_app_tracing/expression/type_cast/type_cast_008_F/type_cast_008_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func type_cast_008_F(__taint_src *string) { + // 场景特点:指针类型转换后重新赋值 + var result interface{} = __taint_src + result = "safe_value" + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "tainted_string" + type_cast_008_F(&__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/anonymous_function_closure/closure_function_001_F/closure_function_001_F.go b/sast-go/cases/completeness/single_app_tracing/function_call/anonymous_function_closure/closure_function_001_F/closure_function_001_F.go index f7597c64..12aeef24 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/anonymous_function_closure/closure_function_001_F/closure_function_001_F.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/anonymous_function_closure/closure_function_001_F/closure_function_001_F.go @@ -4,7 +4,7 @@ // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->匿名函数/闭包 // scene introduction = 一阶闭包 // level = 2 -// bind_url = completeness/single_app_tracing/function_call/anonymous_function_closure/closure_function_001_F +// bind_url = completeness/single_app_tracing/function_call/anonymous_function_closure/closure_function_001_F/closure_function_001_F // evaluation information end package main diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/argument_passing/config.json b/sast-go/cases/completeness/single_app_tracing/function_call/argument_passing/config.json index 0a87a77f..6c3bdd7d 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/argument_passing/config.json +++ b/sast-go/cases/completeness/single_app_tracing/function_call/argument_passing/config.json @@ -31,4 +31,4 @@ ] } ] -} \ No newline at end of file +} diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_002_T/chained_call_002_T.go b/sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_001_T/chained_call_001_T.go similarity index 80% rename from sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_002_T/chained_call_002_T.go rename to sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_001_T/chained_call_001_T.go index 8ca6f9b3..2391f913 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_002_T/chained_call_002_T.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_001_T/chained_call_001_T.go @@ -1,16 +1,16 @@ - // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->链式调用 // scene introduction = 链式调用 // level = 2 -// bind_url = completeness/single_app_tracing/function_call/chained_call/chained_call_002_T/chained_call_002_T +// bind_url = completeness/single_app_tracing/function_call/chained_call/chained_call_001_T/chained_call_001_T // evaluation information end package main + import "os/exec" -func chained_call_002_T(__taint_src string) { +func chained_call_001_T(__taint_src string) { new(A).setName("_").clearName().setName(__taint_src).process() } @@ -34,9 +34,9 @@ func (a *A) process() { func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } +} func main() { - __taint_src := "taint_src_value" - chained_call_002_T(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + chained_call_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_001_F/chained_call_001_F.go b/sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_002_F/chained_call_002_F.go similarity index 80% rename from sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_001_F/chained_call_001_F.go rename to sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_002_F/chained_call_002_F.go index 70ebba6e..c0cc5331 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_001_F/chained_call_001_F.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_002_F/chained_call_002_F.go @@ -1,16 +1,16 @@ - // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->链式调用 // scene introduction = 链式调用 // level = 2 -// bind_url = completeness/single_app_tracing/function_call/chained_call/chained_call_001_F/chained_call_001_F +// bind_url = completeness/single_app_tracing/function_call/chained_call/chained_call_002_F/chained_call_002_F // evaluation information end package main + import "os/exec" -func chained_call_001_F(__taint_src string) { +func chained_call_002_F(__taint_src string) { new(A).setName(__taint_src).clearName().setName("_").process() } @@ -34,9 +34,9 @@ func (a *A) process() { func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } +} func main() { - __taint_src := "taint_src_value" - chained_call_001_F(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + chained_call_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_004_T/chained_call_004_T.go b/sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_003_T/chained_call_003_T.go similarity index 81% rename from sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_004_T/chained_call_004_T.go rename to sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_003_T/chained_call_003_T.go index 39fa760a..d5b950aa 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_004_T/chained_call_004_T.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_003_T/chained_call_003_T.go @@ -1,16 +1,16 @@ - // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->链式调用 // scene introduction = 链式调用 // level = 2 -// bind_url = completeness/single_app_tracing/function_call/chained_call/chained_call_004_T/chained_call_004_T +// bind_url = completeness/single_app_tracing/function_call/chained_call/chained_call_003_T/chained_call_003_T // evaluation information end package main + import "os/exec" -func chained_call_004_T(__taint_src string) { +func chained_call_003_T(__taint_src string) { NewB().SetName(__taint_src).SetOther().Process() } @@ -42,9 +42,9 @@ func (b *B) Process() { func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } +} func main() { - __taint_src := "taint_src_value" - chained_call_004_T(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + chained_call_003_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_003_F/chained_call_003_F.go b/sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_004_F/chained_call_004_F.go similarity index 82% rename from sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_003_F/chained_call_003_F.go rename to sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_004_F/chained_call_004_F.go index e7d6db6c..f415ceb0 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_003_F/chained_call_003_F.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_004_F/chained_call_004_F.go @@ -1,16 +1,16 @@ - // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->链式调用 // scene introduction = 链式调用 // level = 2 -// bind_url = completeness/single_app_tracing/function_call/chained_call/chained_call_003_F/chained_call_003_F +// bind_url = completeness/single_app_tracing/function_call/chained_call/chained_call_004_F/chained_call_004_F // evaluation information end package main + import "os/exec" -func chained_call_003_F(__taint_src string) { +func chained_call_004_F(__taint_src string) { NewB().SetName(__taint_src).ClearName().SetOther().Process() } @@ -43,9 +43,9 @@ func (b *B) Process() { func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } +} func main() { - __taint_src := "taint_src_value" - chained_call_003_F(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + chained_call_004_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/chained_call/config.json b/sast-go/cases/completeness/single_app_tracing/function_call/chained_call/config.json index 838088e5..e6eb2cc2 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/chained_call/config.json +++ b/sast-go/cases/completeness/single_app_tracing/function_call/chained_call/config.json @@ -7,11 +7,11 @@ "level": "2", "scene_list": [ { - "compose": "!chained_call_001_F/chained_call_001_F.go && chained_call_002_T/chained_call_002_T.go", + "compose": "chained_call_001_T/chained_call_001_T.go && !chained_call_002_F/chained_call_002_F.go", "scene": "链式调用" }, { - "compose": "!chained_call_003_F/chained_call_003_F.go && chained_call_004_T/chained_call_004_T.go", + "compose": "chained_call_003_T/chained_call_003_T.go && !chained_call_004_F/chained_call_004_F.go", "scene": "链式调用2" } ] @@ -19,4 +19,4 @@ ] } ] -} \ No newline at end of file +} diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/higher_order_function/higher_order_function_002_T/higher_order_function_002_T.go b/sast-go/cases/completeness/single_app_tracing/function_call/higher_order_function/higher_order_function_002_T/higher_order_function_002_T.go index 6a5d01df..c257af0a 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/higher_order_function/higher_order_function_002_T/higher_order_function_002_T.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/higher_order_function/higher_order_function_002_T/higher_order_function_002_T.go @@ -4,7 +4,7 @@ // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->高阶函数 // scene introduction = 一阶 // level = 2 -// bind_url = completeness/single_app_tracing/function_call/higher_order_function/higher_order_function_002_F/higher_order_function_002_F +// bind_url = completeness/single_app_tracing/function_call/higher_order_function/higher_order_function_002_T/higher_order_function_002_T // evaluation information end package main diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_001_T/if_return_nil_001_T.go b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_001_T/if_return_nil_001_T.go index dd00b2a2..88d20fb6 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_001_T/if_return_nil_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_001_T/if_return_nil_001_T.go @@ -18,7 +18,7 @@ type S struct { id int } -func Func1(__taint_src string) (*S, string) { +func Func1(__taint_src string) (*S) { s1 := &S{ name: __taint_src, id: 98, @@ -26,14 +26,14 @@ func Func1(__taint_src string) (*S, string) { err := "nil" if err != "nil" { - return nil, err + return nil } - return s1, "abc" + return s1 } func if_return_nil_001_T(__taint_src string) { - res, _ := Func1(__taint_src) + res := Func1(__taint_src) __taint_sink(res) } diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_002_F/if_return_nil_002_F.go b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_002_F/if_return_nil_002_F.go index b6729530..31919a39 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_002_F/if_return_nil_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_002_F/if_return_nil_002_F.go @@ -12,28 +12,29 @@ import ( "os/exec" ) +// 旧版中,对nil没有进行处理限制,允许将nil值转换成返回值类型(S),且允许对nil进行memberAccess读取 type S struct { name string id int } -func Func1(__taint_src string) (*S, string) { +func Func1(__taint_src string) (*S) { s1 := &S{ name: __taint_src, id: 98, } - err := "abc" + err := "error" if err != "nil" { - return nil, err + return nil } - return s1, "abc" + return s1 } func if_return_nil_002_F(__taint_src string) { - res, _ := Func1(__taint_src) + res := Func1(__taint_src) __taint_sink(res) } diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_tuple_001_T/if_return_tuple_001_T.go b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_tuple_001_T/if_return_tuple_001_T.go index f7da7dd2..d1ef8431 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_tuple_001_T/if_return_tuple_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_tuple_001_T/if_return_tuple_001_T.go @@ -7,6 +7,7 @@ // evaluation information end package main + import "os/exec" func callee(taint string) (string, string) { @@ -17,16 +18,16 @@ func callee(taint string) (string, string) { } func if_return_tuple_001_T(__taint_src string) { - a,b := callee(__taint_src) + a, b := callee(__taint_src) _ = a __taint_sink(b) } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } +} func main() { - __taint_src := "taint_src_value" - if_return_tuple_001_T(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + if_return_tuple_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_001_F/multiple_return_struct_001_F.go b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_001_F/multiple_return_struct_001_F.go index 7e28d99d..1f5cbefa 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_001_F/multiple_return_struct_001_F.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_001_F/multiple_return_struct_001_F.go @@ -1,13 +1,12 @@ - // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->返回值传递 -// scene introduction = 多返回值传递给结构体 +// scene introduction = 多返回值传递给结构体 // level = 2 // bind_url = completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_001_F/multiple_return_struct_001_F // evaluation information end - package main + import ( "fmt" "os/exec" @@ -33,9 +32,8 @@ func processData(s string, i interface{}) (string, interface{}) { func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%+v", o)).Run() - } - +} func main() { - __taint_src := "taint_src_value" - multiple_return_struct_001_F(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + multiple_return_struct_001_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_002_T/multiple_return_struct_002_T.go b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_002_T/multiple_return_struct_002_T.go index f49e93a3..6e731c40 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_002_T/multiple_return_struct_002_T.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_002_T/multiple_return_struct_002_T.go @@ -1,13 +1,12 @@ - // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->返回值传递 -// scene introduction = 多返回值传递给结构体 +// scene introduction = 多返回值传递给结构体 // level = 2 // bind_url = completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_002_T/multiple_return_struct_002_T // evaluation information end - package main + import ( "fmt" "os/exec" @@ -33,9 +32,9 @@ func processData(s string, i interface{}) (string, interface{}) { func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%+v", o)).Run() - } +} func main() { - __taint_src := "taint_src_value" - multiple_return_struct_002_T(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + multiple_return_struct_002_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_004_T/named_return_004_T.go b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_004_T/named_return_004_T.go index 7a7b8b93..56de69c5 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_004_T/named_return_004_T.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_004_T/named_return_004_T.go @@ -19,7 +19,7 @@ func named_return_004_T(__taint_src interface{}) { func processData(s interface{}, i interface{}) (ret interface{}) { ret = "_" - return s + return s // 主要区别位于这里,在具名返回值的情况下 裸返回return默认返回ret。但uast4Go在处理具名返回值时存在bug,导致此处的return s被覆盖成return ret } func __taint_sink(o interface{}) { diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/abstract_class/call_implement_method_001_T/call_implement_method_001_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/abstract_class/call_implement_method_001_T/call_implement_method_001_T.go new file mode 100644 index 00000000..10b58f74 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/abstract_class/call_implement_method_001_T/call_implement_method_001_T.go @@ -0,0 +1,48 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->接口与类->抽象类的实现类 +// scene introduction = 实现类方法调用 +// level = 2 +// date = 2025-11-19 15:52:00 +// bind_url = completeness/single_app_tracing/interface_class/abstract_class/call_implement_method_001_T/call_implement_method_001_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +// 定义抽象接口 +type AbstractShape interface { + ProcessData(data string) string +} + +// 实现类 +type Circle struct { + name string +} + +func (c *Circle) ProcessData(data string) string { + // 场景特点:实现类方法处理输入数据并返回 + c.name = data + return c.name +} + +func call_implement_method_001_T(__taint_src string) { + shape := &Circle{} + + // 调用实现类实现的抽象方法 + result := shape.ProcessData(__taint_src) + taint_sink(result) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + call_implement_method_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/abstract_class/call_implement_method_002_F/call_implement_method_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/abstract_class/call_implement_method_002_F/call_implement_method_002_F.go new file mode 100644 index 00000000..defd56dc --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/abstract_class/call_implement_method_002_F/call_implement_method_002_F.go @@ -0,0 +1,48 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->接口与类->抽象类的实现类 +// scene introduction = 实现类方法调用 +// level = 2 +// date = 2025-11-19 15:52:00 +// bind_url = completeness/single_app_tracing/interface_class/abstract_class/call_implement_method_002_F/call_implement_method_002_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +// 定义抽象接口 +type AbstractShape interface { + ProcessData(data string) string +} + +// 实现类 +type Circle struct { + name string +} + +func (c *Circle) ProcessData(data string) string { + // 场景特点:实现类方法处理输入数据,但返回安全值 + c.name = data + return "safe_value" // 返回安全值而非处理后的数据 +} + +func call_implement_method_002_F(__taint_src string) { + shape := &Circle{} + + // 调用实现类实现的抽象方法 + result := shape.ProcessData(__taint_src) + taint_sink(result) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + call_implement_method_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/abstract_class/config.json b/sast-go/cases/completeness/single_app_tracing/interface_class/abstract_class/config.json index e69de29b..2abdd275 100644 --- a/sast-go/cases/completeness/single_app_tracing/interface_class/abstract_class/config.json +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/abstract_class/config.json @@ -0,0 +1,26 @@ +{ + "abstract_class": [ + { + "evaluation_item": "完整度->单应用跟踪完整度->接口与类->抽象类的实现类", + "scene_levels": [ + { + "level": "2", + "scene_list": [ + { + "compose": "create_implement_object_001_T/create_implement_object_001_T.go && !create_implement_object_002_F/create_implement_object_002_F.go", + "scene": "创建实现类对象" + }, + { + "compose": "write_implement_field_001_T/write_implement_field_001_T.go && !write_implement_field_002_F/write_implement_field_002_F.go", + "scene": "实现类字段写入" + }, + { + "compose": "call_implement_method_001_T/call_implement_method_001_T.go && !call_implement_method_002_F/call_implement_method_002_F.go", + "scene": "实现类方法调用" + } + ] + } + ] + } + ] +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/abstract_class/create_implement_object_001_T/create_implement_object_001_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/abstract_class/create_implement_object_001_T/create_implement_object_001_T.go new file mode 100644 index 00000000..47b3c677 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/abstract_class/create_implement_object_001_T/create_implement_object_001_T.go @@ -0,0 +1,52 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->接口与类->抽象类的实现类 +// scene introduction = 创建实现类对象 +// level = 2 +// date = 2025-11-19 14:32:00 +// bind_url = completeness/single_app_tracing/interface_class/abstract_class/create_implement_object_001_T/create_implement_object_001_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +// 定义抽象接口 +type AbstractShape interface { + GetName() string + SetName(name string) +} + +// 实现类 +type Circle struct { + name string +} + +func (c *Circle) GetName() string { + return c.name +} + +func (c *Circle) SetName(name string) { + c.name = name +} + +func create_implement_object_001_T(__taint_src string) { + // 场景特点:通过抽象类引用创建实现类实例 + var shape AbstractShape + shape = &Circle{ + name: __taint_src, + } + taint_sink(shape.GetName()) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + create_implement_object_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/abstract_class/create_implement_object_002_F/create_implement_object_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/abstract_class/create_implement_object_002_F/create_implement_object_002_F.go new file mode 100644 index 00000000..23a1e197 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/abstract_class/create_implement_object_002_F/create_implement_object_002_F.go @@ -0,0 +1,51 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->接口与类->抽象类的实现类 +// scene introduction = 创建实现类对象 +// level = 2 +// date = 2025-11-19 14:32:00 +// bind_url = completeness/single_app_tracing/interface_class/abstract_class/create_implement_object_002_F/create_implement_object_002_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +// 定义抽象接口 +type AbstractShape interface { + GetName() string + SetName(name string) +} + +// 实现类 +type Circle struct { + name string +} + +func (c *Circle) GetName() string { + return c.name +} + +func (c *Circle) SetName(name string) { + c.name = name +} + +func create_implement_object_002_F(__taint_src string) { + // 场景特点:通过抽象类引用创建实现类实例,但数据流中断 + shape := AbstractShape(&Circle{ + name: "safe_value", // 使用安全值而非污点源 + }) + taint_sink(shape.GetName()) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + create_implement_object_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/abstract_class/write_implement_field_001_T/write_implement_field_001_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/abstract_class/write_implement_field_001_T/write_implement_field_001_T.go new file mode 100644 index 00000000..3a9f5ce8 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/abstract_class/write_implement_field_001_T/write_implement_field_001_T.go @@ -0,0 +1,53 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->接口与类->抽象类的实现类 +// scene introduction = 实现类字段写入 +// level = 2 +// date = 2025-11-19 15:52:00 +// bind_url = completeness/single_app_tracing/interface_class/abstract_class/write_implement_field_001_T/write_implement_field_001_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +// 定义抽象接口 +type AbstractShape interface { + GetName() string + SetName(name string) +} + +// 实现类 +type Circle struct { + Name string // 导出字段 +} + +func (c *Circle) GetName() string { + return c.Name +} + +func (c *Circle) SetName(name string) { + c.Name = name +} + +func write_implement_field_001_T(__taint_src string) { + // 场景特点:向实现类对象的导出字段赋值 + shape := &Circle{} + + // 通过类型断言获取具体类型并写入字段 + shape.Name = __taint_src + + taint_sink(shape.GetName()) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + write_implement_field_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/abstract_class/write_implement_field_002_F/write_implement_field_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/abstract_class/write_implement_field_002_F/write_implement_field_002_F.go new file mode 100644 index 00000000..78ed1e06 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/abstract_class/write_implement_field_002_F/write_implement_field_002_F.go @@ -0,0 +1,53 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->接口与类->抽象类的实现类 +// scene introduction = 实现类字段写入 +// level = 2 +// date = 2025-11-19 15:52:00 +// bind_url = completeness/single_app_tracing/interface_class/abstract_class/write_implement_field_002_F/write_implement_field_002_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +// 定义抽象接口 +type AbstractShape interface { + GetName() string + SetName(name string) +} + +// 实现类 +type Circle struct { + Name string // 导出字段 +} + +func (c *Circle) GetName() string { + return c.Name +} + +func (c *Circle) SetName(name string) { + c.Name = name +} + +func write_implement_field_002_F(__taint_src string) { + // 场景特点:向实现类对象的导出字段赋值,但数据流中断 + shape := &Circle{} + + // 向实现类对象的导出字段写入安全值 + shape.Name = "safe_value" // 使用安全值而非污点源 + + taint_sink(shape.GetName()) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + write_implement_field_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/call_anonymous_object_method_001_T/call_anonymous_object_method_001_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/call_anonymous_object_method_001_T/call_anonymous_object_method_001_T.go new file mode 100644 index 00000000..d2a11838 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/call_anonymous_object_method_001_T/call_anonymous_object_method_001_T.go @@ -0,0 +1,39 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->接口与类->匿名对象 +// scene introduction = 调用匿名对象方法 +// level = 2 +// date = 2025-11-19 15:44:00 +// bind_url = completeness/single_app_tracing/interface_class/anonymous_object/call_anonymous_object_method_001_T/call_anonymous_object_method_001_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func call_anonymous_object_method_005_T(__taint_src string) { + // 场景特点:匿名对象定义方法并调用返回污染数据 + obj := struct { + getName func() string + }{ + getName: func() string { + return __taint_src + }, + } + + // 场景特点:调用匿名对象的方法获取返回值 + result := obj.getName() + taint_sink(result) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + call_anonymous_object_method_005_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/call_anonymous_object_method_002_F/call_anonymous_object_method_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/call_anonymous_object_method_002_F/call_anonymous_object_method_002_F.go new file mode 100644 index 00000000..adc76a0b --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/call_anonymous_object_method_002_F/call_anonymous_object_method_002_F.go @@ -0,0 +1,39 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->接口与类->匿名对象 +// scene introduction = 调用匿名对象方法 +// level = 2 +// date = 2025-11-19 15:44:00 +// bind_url = completeness/single_app_tracing/interface_class/anonymous_object/call_anonymous_object_method_002_F/call_anonymous_object_method_002_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func call_anonymous_object_method_006_F(__taint_src string) { + // 场景特点:匿名对象定义方法并调用返回安全数据 + obj := struct { + getName func() string + }{ + getName: func() string { + return "safe_value" + }, + } + + // 场景特点:调用匿名对象的方法获取安全返回值 + result := obj.getName() + taint_sink(result) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + call_anonymous_object_method_006_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/config.json b/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/config.json index e69de29b..a1478546 100644 --- a/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/config.json +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/config.json @@ -0,0 +1,26 @@ +{ + "anonymous_object": [ + { + "evaluation_item": "完整度->单应用跟踪完整度->接口与类->匿名对象", + "scene_levels": [ + { + "level": "2", + "scene_list": [ + { + "compose": "create_anonymous_object_001_T/create_anonymous_object_001_T.go && !create_anonymous_object_002_F/create_anonymous_object_002_F.go", + "scene": "创建匿名对象" + }, + { + "compose": "write_anonymous_object_field_001_T/write_anonymous_object_field_001_T.go && !write_anonymous_object_field_002_F/write_anonymous_object_field_002_F.go", + "scene": "写入匿名对象字段" + }, + { + "compose": "call_anonymous_object_method_001_T/call_anonymous_object_method_001_T.go && !call_anonymous_object_method_002_F/call_anonymous_object_method_002_F.go", + "scene": "调用匿名对象方法" + } + ] + } + ] + } + ] +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/create_anonymous_object_001_T/create_anonymous_object_001_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/create_anonymous_object_001_T/create_anonymous_object_001_T.go new file mode 100644 index 00000000..4576673a --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/create_anonymous_object_001_T/create_anonymous_object_001_T.go @@ -0,0 +1,34 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->接口与类->匿名对象 +// scene introduction = 创建匿名对象 +// level = 2 +// date = 2025-11-19 15:38:00 +// bind_url = completeness/single_app_tracing/interface_class/anonymous_object/create_anonymous_object_001_T/create_anonymous_object_001_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func create_anonymous_object_001_T(__taint_src string) { + // 场景特点:使用结构体字面量创建匿名对象 + person := struct { + name string + }{ + name: __taint_src, + } + taint_sink(person.name) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + create_anonymous_object_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/create_anonymous_object_002_F/create_anonymous_object_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/create_anonymous_object_002_F/create_anonymous_object_002_F.go new file mode 100644 index 00000000..b99caa76 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/create_anonymous_object_002_F/create_anonymous_object_002_F.go @@ -0,0 +1,34 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->接口与类->匿名对象 +// scene introduction = 创建匿名对象 +// level = 2 +// date = 2025-11-19 15:38:00 +// bind_url = completeness/single_app_tracing/interface_class/anonymous_object/create_anonymous_object_002_F/create_anonymous_object_002_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func create_anonymous_object_002_F(__taint_src string) { + // 场景特点:使用结构体字面量创建匿名对象但使用安全值 + person := struct { + name string + }{ + name: "safe_value", + } + taint_sink(person.name) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + create_anonymous_object_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/write_anonymous_object_field_001_T/write_anonymous_object_field_001_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/write_anonymous_object_field_001_T/write_anonymous_object_field_001_T.go new file mode 100644 index 00000000..63b5688c --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/write_anonymous_object_field_001_T/write_anonymous_object_field_001_T.go @@ -0,0 +1,37 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->接口与类->匿名对象 +// scene introduction = 写入匿名对象字段 +// level = 2 +// date = 2025-11-19 15:44:00 +// bind_url = completeness/single_app_tracing/interface_class/anonymous_object/write_anonymous_object_field_001_T/write_anonymous_object_field_001_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func write_anonymous_object_field_003_T(__taint_src string) { + // 场景特点:向匿名对象的字段写入污染数据 + person := struct { + name string + }{ + name: "initial", + } + + // 场景特点:直接给匿名对象字段赋值 + person.name = __taint_src + taint_sink(person.name) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + write_anonymous_object_field_003_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/write_anonymous_object_field_002_F/write_anonymous_object_field_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/write_anonymous_object_field_002_F/write_anonymous_object_field_002_F.go new file mode 100644 index 00000000..7fa11388 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/write_anonymous_object_field_002_F/write_anonymous_object_field_002_F.go @@ -0,0 +1,37 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->接口与类->匿名对象 +// scene introduction = 写入匿名对象字段 +// level = 2 +// date = 2025-11-19 15:44:00 +// bind_url = completeness/single_app_tracing/interface_class/anonymous_object/write_anonymous_object_field_002_F/write_anonymous_object_field_002_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func write_anonymous_object_field_004_F(__taint_src string) { + // 场景特点:向匿名对象的字段写入安全数据 + person := struct { + name string + }{ + name: "initial", + } + + // 场景特点:直接给匿名对象字段赋安全值 + person.name = "safe_value" + taint_sink(person.name) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + write_anonymous_object_field_004_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/anonymous_struct_field_001_T/anonymous_struct_field_001_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/anonymous_struct_field_001_T/anonymous_struct_field_001_T.go new file mode 100644 index 00000000..427cfd6f --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/anonymous_struct_field_001_T/anonymous_struct_field_001_T.go @@ -0,0 +1,34 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +// scene introduction = 匿名结构体字段访问 +// level = 2 +// bind_url = completeness/single_app_tracing/interface_class/complex_object/anonymous_struct_field_001_T/anonymous_struct_field_001_T +// date: 2025-11-17 14:38:00 +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func anonymous_struct_field_001_T(__taint_src string) { + // 场景特点:访问匿名结构体的字段 + person := struct { + name string + }{ + name: __taint_src, + } + taint_sink(person.name) // 直接访问匿名结构体的字段 +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + anonymous_struct_field_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/anonymous_struct_field_002_F/anonymous_struct_field_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/anonymous_struct_field_002_F/anonymous_struct_field_002_F.go new file mode 100644 index 00000000..966ed0e0 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/anonymous_struct_field_002_F/anonymous_struct_field_002_F.go @@ -0,0 +1,34 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +// scene introduction = 匿名结构体字段访问 +// level = 2 +// bind_url = completeness/single_app_tracing/interface_class/complex_object/anonymous_struct_field_002_F/anonymous_struct_field_002_F +// date: 2025-11-17 14:38:00 +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func anonymous_struct_field_002_F(__taint_src string) { + // 场景特点:访问匿名结构体的字段但使用安全值 + person := struct { + name string + }{ + name: "safe_value", + } + taint_sink(person.name) // 直接访问匿名结构体的字段 +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + anonymous_struct_field_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/config.json b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/config.json index e69de29b..d887085f 100644 --- a/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/config.json +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/config.json @@ -0,0 +1,51 @@ +{ + "complex_object": [ + { + "evaluation_item": "完整度->单应用跟踪完整度->接口与类->复杂对象", + "scene_levels": [ + { + "level": "2", + "scene_list": [ + { + "compose": "nested_struct_create_001_T/nested_struct_create_001_T.go && !nested_struct_create_002_F/nested_struct_create_002_F.go", + "scene": "嵌套结构体创建" + }, + { + "compose": "struct_pointer_field_001_T/struct_pointer_field_001_T.go && !struct_pointer_field_002_F/struct_pointer_field_002_F.go", + "scene": "结构体指针字段访问" + }, + { + "compose": "interface_field_access_001_T/interface_field_access_001_T.go && !interface_field_access_002_F/interface_field_access_002_F.go", + "scene": "接口类型字段访问" + }, + { + "compose": "nested_pointer_field_001_T/nested_pointer_field_001_T.go && !nested_pointer_field_002_F/nested_pointer_field_002_F.go", + "scene": "结构体嵌套指针字段" + }, + { + "compose": "anonymous_struct_field_001_T/anonymous_struct_field_001_T.go && !anonymous_struct_field_002_F/anonymous_struct_field_002_F.go", + "scene": "匿名结构体字段访问" + }, + { + "compose": "struct_tag_field_001_T/struct_tag_field_001_T.go && !struct_tag_field_002_F/struct_tag_field_002_F.go", + "scene": "结构体标签字段处理" + } + ] + }, + { + "level": "2+", + "scene_list":[ + { + "compose": "deep_nested_field_read_001_T/deep_nested_field_read_001_T.go && !deep_nested_field_read_002_F/deep_nested_field_read_002_F.go", + "scene": "多层嵌套字段读取" + }, + { + "compose": "deep_nested_field_write_001_T/deep_nested_field_write_001_T.go && !deep_nested_field_write_002_F/deep_nested_field_write_002_F.go", + "scene": "多层嵌套字段写入" + } + ] + } + ] + } + ] +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/deep_nested_field_read_001_T/deep_nested_field_read_001_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/deep_nested_field_read_001_T/deep_nested_field_read_001_T.go new file mode 100644 index 00000000..a300acca --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/deep_nested_field_read_001_T/deep_nested_field_read_001_T.go @@ -0,0 +1,62 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +// scene introduction = 多层嵌套字段读取 +// level = 2+ +// date = 2025-11-17 14:32:00 +// bind_url = completeness/single_app_tracing/interface_class/complex_object/deep_nested_field_read_001_T/deep_nested_field_read_001_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type Street struct { + name string + no int +} + +type Address struct { + city string + street Street +} + +type Person struct { + name string + address Address +} + +type Company struct { + name string + manager Person +} + +func deep_nested_field_read_001_T(__taint_src string) { + // 场景特点:读取四层嵌套结构体的最深层字段 + comp := Company{ + name: "TechCorp", + manager: Person{ + name: "John", + address: Address{ + city: "Beijing", + street: Street{ + name: __taint_src, + no: 100, + }, + }, + }, + } + taint_sink(comp.manager.address.street.name) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + deep_nested_field_read_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/deep_nested_field_read_002_F/deep_nested_field_read_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/deep_nested_field_read_002_F/deep_nested_field_read_002_F.go new file mode 100644 index 00000000..0e4d24f6 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/deep_nested_field_read_002_F/deep_nested_field_read_002_F.go @@ -0,0 +1,62 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +// scene introduction = 多层嵌套字段读取 +// level = 2+ +// date = 2025-11-17 14:32:00 +// bind_url = completeness/single_app_tracing/interface_class/complex_object/deep_nested_field_read_002_F/deep_nested_field_read_002_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type Street struct { + name string + no int +} + +type Address struct { + city string + street Street +} + +type Person struct { + name string + address Address +} + +type Company struct { + name string + manager Person +} + +func deep_nested_field_read_002_F(__taint_src string) { + // 场景特点:读取四层嵌套结构体的最深层字段但使用安全值 + comp := Company{ + name: "TechCorp", + manager: Person{ + name: "John", + address: Address{ + city: "Beijing", + street: Street{ + name: "safe_value", + no: 100, + }, + }, + }, + } + taint_sink(comp.manager.address.street.name) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + deep_nested_field_read_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/deep_nested_field_write_001_T/deep_nested_field_write_001_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/deep_nested_field_write_001_T/deep_nested_field_write_001_T.go new file mode 100644 index 00000000..0a39d13a --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/deep_nested_field_write_001_T/deep_nested_field_write_001_T.go @@ -0,0 +1,56 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +// scene introduction = 多层嵌套字段写入 +// level = 2+ +// date = 2025-11-17 14:33:00 +// bind_url = completeness/single_app_tracing/interface_class/complex_object/deep_nested_field_write_001_T/deep_nested_field_write_001_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type Street struct { + name string + no int +} + +type Address struct { + city string + street Street +} + +type Person struct { + name string + address Address +} + +type Company struct { + name string + manager Person +} + +func deep_nested_field_write_001_T(__taint_src string) { + // 场景特点:向四层嵌套结构体的最深层字段赋值 + var comp Company + comp.name = "TechCorp" + comp.manager.name = "John" + comp.manager.address.city = "Beijing" + comp.manager.address.street.name = __taint_src + comp.manager.address.street.no = 100 + + taint_sink(comp.manager.address.street.name) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + deep_nested_field_write_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/deep_nested_field_write_002_F/deep_nested_field_write_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/deep_nested_field_write_002_F/deep_nested_field_write_002_F.go new file mode 100644 index 00000000..6410267f --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/deep_nested_field_write_002_F/deep_nested_field_write_002_F.go @@ -0,0 +1,56 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +// scene introduction = 多层嵌套字段写入 +// level = 2+ +// date = 2025-11-17 14:33:00 +// bind_url = completeness/single_app_tracing/interface_class/complex_object/deep_nested_field_write_002_F/deep_nested_field_write_002_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type Street struct { + name string + no int +} + +type Address struct { + city string + street Street +} + +type Person struct { + name string + address Address +} + +type Company struct { + name string + manager Person +} + +func deep_nested_field_write_002_F(__taint_src string) { + // 场景特点:向四层嵌套结构体的最深层字段赋值但使用安全值 + var comp Company + comp.name = "TechCorp" + comp.manager.name = "John" + comp.manager.address.city = "Beijing" + comp.manager.address.street.name = "safe_value" + comp.manager.address.street.no = 100 + + taint_sink(comp.manager.address.street.name) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + deep_nested_field_write_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/interface_field_access_001_T/interface_field_access_001_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/interface_field_access_001_T/interface_field_access_001_T.go new file mode 100644 index 00000000..db596083 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/interface_field_access_001_T/interface_field_access_001_T.go @@ -0,0 +1,47 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +// scene introduction = 接口类型字段访问 +// level = 2 +// date = 2025-11-17 14:36:00 +// bind_url = completeness/single_app_tracing/interface_class/complex_object/interface_field_access_001_T/interface_field_access_001_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type DataHolder interface { + GetData() string +} + +type MyData struct { + data string +} + +func (m MyData) GetData() string { + return m.data +} + +type Container struct { + holder DataHolder +} + +func interface_field_access_001_T(__taint_src string) { + // 场景特点:通过接口类型访问底层结构体字段 + data := MyData{data: __taint_src} + container := Container{holder: data} + taint_sink(container.holder.GetData()) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + interface_field_access_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/interface_field_access_002_F/interface_field_access_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/interface_field_access_002_F/interface_field_access_002_F.go new file mode 100644 index 00000000..7ddb06fb --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/interface_field_access_002_F/interface_field_access_002_F.go @@ -0,0 +1,47 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +// scene introduction = 接口类型字段访问 +// level = 2 +// date = 2025-11-17 14:36:00 +// bind_url = completeness/single_app_tracing/interface_class/complex_object/interface_field_access_002_F/interface_field_access_002_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type DataHolder interface { + GetData() string +} + +type MyData struct { + data string +} + +func (m MyData) GetData() string { + return m.data +} + +type Container struct { + holder DataHolder +} + +func interface_field_access_002_F(__taint_src string) { + // 场景特点:通过接口类型访问底层结构体字段但使用安全值 + data := MyData{data: "safe_value"} + container := Container{holder: data} + taint_sink(container.holder.GetData()) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + interface_field_access_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/nested_pointer_field_001_T/nested_pointer_field_001_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/nested_pointer_field_001_T/nested_pointer_field_001_T.go new file mode 100644 index 00000000..b44d0be4 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/nested_pointer_field_001_T/nested_pointer_field_001_T.go @@ -0,0 +1,48 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +// scene introduction = 结构体嵌套指针字段 +// level = 2 +// date = 2025-11-17 14:37:00 +// bind_url = completeness/single_app_tracing/interface_class/complex_object/nested_pointer_field_001_T/nested_pointer_field_001_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type Contact struct { + phone *string + email string +} + +type Person struct { + name string + contact Contact +} + +func nested_pointer_field_001_T(__taint_src string) { + // 场景特点:访问嵌套结构体中的指针字段 + phone := __taint_src + contact := Contact{ + phone: &phone, + email: "test@example.com", + } + person := Person{ + name: "John", + contact: contact, + } + taint_sink(*person.contact.phone) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + nested_pointer_field_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/nested_pointer_field_002_F/nested_pointer_field_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/nested_pointer_field_002_F/nested_pointer_field_002_F.go new file mode 100644 index 00000000..f11b9af0 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/nested_pointer_field_002_F/nested_pointer_field_002_F.go @@ -0,0 +1,48 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +// scene introduction = 结构体嵌套指针字段 +// level = 2 +// date = 2025-11-17 14:37:00 +// bind_url = completeness/single_app_tracing/interface_class/complex_object/nested_pointer_field_002_F/nested_pointer_field_002_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type Contact struct { + phone *string + email string +} + +type Person struct { + name string + contact Contact +} + +func nested_pointer_field_002_F(__taint_src string) { + // 场景特点:访问嵌套结构体中的指针字段但使用安全值 + phone := "safe_value" + contact := Contact{ + phone: &phone, + email: "test@example.com", + } + person := Person{ + name: "John", + contact: contact, + } + taint_sink(*person.contact.phone) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + nested_pointer_field_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/nested_struct_create_001_T/nested_struct_create_001_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/nested_struct_create_001_T/nested_struct_create_001_T.go new file mode 100644 index 00000000..d8cda4ff --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/nested_struct_create_001_T/nested_struct_create_001_T.go @@ -0,0 +1,54 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +// scene introduction = 嵌套结构体创建 +// level = 2 +// date = 2025-11-17 14:30:00 +// bind_url = completeness/single_app_tracing/interface_class/complex_object/nested_struct_create_001_T/nested_struct_create_001_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type Address struct { + city string + street string +} + +type Person struct { + name string + address Address +} + +type Company struct { + name string + manager Person +} + +func nested_struct_create_001_T(__taint_src string) { + // 场景特点:创建多层嵌套结构体并初始化最内层字段 + comp := Company{ + name: "TechCorp", + manager: Person{ + name: __taint_src, + address: Address{ + city: "Beijing", + street: "Main St", + }, + }, + } + taint_sink(comp.manager.name) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + nested_struct_create_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/nested_struct_create_002_F/nested_struct_create_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/nested_struct_create_002_F/nested_struct_create_002_F.go new file mode 100644 index 00000000..a6e0c7df --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/nested_struct_create_002_F/nested_struct_create_002_F.go @@ -0,0 +1,54 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +// scene introduction = 嵌套结构体创建 +// level = 2 +// date = 2025-11-17 14:30:00 +// bind_url = completeness/single_app_tracing/interface_class/complex_object/nested_struct_create_002_F/nested_struct_create_002_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type Address struct { + city string + street string +} + +type Person struct { + name string + address Address +} + +type Company struct { + name string + manager Person +} + +func nested_struct_create_002_F(__taint_src string) { + // 场景特点:创建多层嵌套结构体但使用安全值初始化 + comp := Company{ + name: "TechCorp", + manager: Person{ + name: "safe_value", + address: Address{ + city: "Beijing", + street: "Main St", + }, + }, + } + taint_sink(comp.manager.name) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + nested_struct_create_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/struct_pointer_field_001_T/struct_pointer_field_001_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/struct_pointer_field_001_T/struct_pointer_field_001_T.go new file mode 100644 index 00000000..fe015fb3 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/struct_pointer_field_001_T/struct_pointer_field_001_T.go @@ -0,0 +1,47 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +// scene introduction = 结构体指针字段访问 +// level = 2 +// date = 2025-11-17 14:31:00 +// bind_url = completeness/single_app_tracing/interface_class/complex_object/struct_pointer_field_001_T/struct_pointer_field_001_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type Address struct { + city string + street string +} + +type Person struct { + name string + address *Address +} + +func struct_pointer_field_001_T(__taint_src string) { + // 场景特点:通过指针访问嵌套结构体字段 + addr := &Address{ + city: __taint_src, + street: "Main St", + } + person := Person{ + name: "John", + address: addr, + } + taint_sink(person.address.city) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + struct_pointer_field_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/struct_pointer_field_002_F/struct_pointer_field_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/struct_pointer_field_002_F/struct_pointer_field_002_F.go new file mode 100644 index 00000000..0e10e0c0 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/struct_pointer_field_002_F/struct_pointer_field_002_F.go @@ -0,0 +1,47 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +// scene introduction = 结构体指针字段访问 +// level = 2 +// date = 2025-11-17 14:31:00 +// bind_url = completeness/single_app_tracing/interface_class/complex_object/struct_pointer_field_002_F/struct_pointer_field_002_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type Address struct { + city string + street string +} + +type Person struct { + name string + address *Address +} + +func struct_pointer_field_002_F(__taint_src string) { + // 场景特点:通过指针访问嵌套结构体字段但使用安全值 + addr := &Address{ + city: "safe_value", + street: "Main St", + } + person := Person{ + name: "John", + address: addr, + } + taint_sink(person.address.city) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + struct_pointer_field_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/struct_tag_field_001_T/struct_tag_field_001_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/struct_tag_field_001_T/struct_tag_field_001_T.go new file mode 100644 index 00000000..0e08552e --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/struct_tag_field_001_T/struct_tag_field_001_T.go @@ -0,0 +1,45 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +// scene introduction = 结构体标签字段处理 +// level = 2 +// date = 2025-11-17 14:39:00 +// bind_url = completeness/single_app_tracing/interface_class/complex_object/struct_tag_field_001_T/struct_tag_field_001_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" + "reflect" +) + +type Person struct { + Name string `json:"name"` // 带标签的字段 + Age int `json:"age"` +} + +func struct_tag_field_001_T(__taint_src string) { + // 场景特点:通过反射访问带标签的结构体字段 + person := Person{ + Name: __taint_src, + Age: 25, + } + + // 使用反射获取字段值 + v := reflect.ValueOf(person) + field := v.FieldByName("Name") + if field.IsValid() { + taint_sink(field.String()) + } +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + struct_tag_field_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/struct_tag_field_002_F/struct_tag_field_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/struct_tag_field_002_F/struct_tag_field_002_F.go new file mode 100644 index 00000000..a0b314b3 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/struct_tag_field_002_F/struct_tag_field_002_F.go @@ -0,0 +1,45 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +// scene introduction = 结构体标签字段处理 +// level = 2 +// date = 2025-11-17 14:39:00 +// bind_url = completeness/single_app_tracing/interface_class/complex_object/struct_tag_field_002_F/struct_tag_field_002_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" + "reflect" +) + +type Person struct { + Name string `json:"name"` // 带标签的字段 + Age int `json:"age"` +} + +func struct_tag_field_002_F(__taint_src string) { + // 场景特点:通过反射访问带标签的结构体字段但使用安全值 + person := Person{ + Name: "safe_value", + Age: 25, + } + + // 使用反射获取字段值 + v := reflect.ValueOf(person) + field := v.FieldByName("Name") + if field.IsValid() { + taint_sink(field.String()) + } +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + struct_tag_field_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/config.json b/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/config.json index e69ba0d0..de7e8aa3 100644 --- a/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/config.json +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/config.json @@ -1,18 +1,26 @@ { "interface_implementation": [ { - "evaluation_item": "完整度->单应用跟踪完整度->接口与类->简单对象", + "evaluation_item": "完整度->单应用跟踪完整度->接口与类->接口的实现", "scene_levels": [ { "level": "2", "scene_list": [ { - "compose": "interface_class_001_T/interface_class_001_T.go && !interface_class_002_F/interface_class_002_F.go", + "compose": "struct_injection_interface_001_T/struct_injection_interface_001_T.go && !struct_injection_interface_002_F/struct_injection_interface_002_F.go", "scene": "结构体注入接口" + }, + { + "compose": "direct_assignment_001_T/direct_assignment_002_T.go && !direct_assignment_002_F/direct_assignment_002_F.go", + "scene": "接口直接赋值" + }, + { + "compose": "field_assignment_001_T/field_assignment_001_T.go && !field_assignment_002_F/field_assignment_002_F.go", + "scene": "接口字段赋值" } ] } ] } ] -} \ No newline at end of file +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/direct_assignment_001_T/direct_assignment_002_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/direct_assignment_001_T/direct_assignment_002_T.go new file mode 100644 index 00000000..e8fc870d --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/direct_assignment_001_T/direct_assignment_002_T.go @@ -0,0 +1,44 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->接口与类->接口的实现 +// scene introduction = 接口直接赋值 +// level = 2 +// bind_url = completeness/single_app_tracing/interface_class/interface_implementation/direct_assignment_001_T/direct_assignment_002_T +// evaluation information end + +package main + +import "os/exec" + +func interface_direct_assignment_003_T(__taint_src string) { + // 场景特点:接口类型变量直接赋值为实现类实例 + var testInterface IIctest + testImpl := &IctestImpl{} + testInterface = testImpl + + // 通过接口调用方法,污点数据直接传递 + result, _ := testInterface.test(__taint_src) + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +// IIctest 定义了测试接口 +type IIctest interface { + test(taint_src string) (interface{}, error) +} + +// IctestImpl 是 IIctest 的实现 +type IctestImpl struct{} + +// test 实现接口方法,直接返回污点数据 +func (s *IctestImpl) test(taint_src string) (interface{}, error) { + return taint_src, nil +} + +func main() { + __taint_src := "taint_src_value" + interface_direct_assignment_003_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/direct_assignment_002_F/direct_assignment_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/direct_assignment_002_F/direct_assignment_002_F.go new file mode 100644 index 00000000..4a73bae7 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/direct_assignment_002_F/direct_assignment_002_F.go @@ -0,0 +1,44 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->接口与类->接口的实现 +// scene introduction = 接口直接赋值 +// level = 2 +// bind_url = completeness/single_app_tracing/interface_class/interface_implementation/direct_assignment_002_F/direct_assignment_002_F +// evaluation information end + +package main + +import "os/exec" + +func interface_direct_assignment_004_F(__taint_src string) { + // 场景特点:接口类型变量直接赋值为实现类实例 + var testInterface IIctest + testImpl := &IctestImpl{} + testInterface = testImpl + + // 通过接口调用方法,但传入固定字符串而非污点数据 + result, _ := testInterface.test("safe_string") + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +// IIctest 定义了测试接口 +type IIctest interface { + test(taint_src string) (interface{}, error) +} + +// IctestImpl 是 IIctest 的实现 +type IctestImpl struct{} + +// test 实现接口方法,直接返回传入数据 +func (s *IctestImpl) test(taint_src string) (interface{}, error) { + return taint_src, nil +} + +func main() { + __taint_src := "taint_src_value" + interface_direct_assignment_004_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/field_assignment_001_T/field_assignment_001_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/field_assignment_001_T/field_assignment_001_T.go new file mode 100644 index 00000000..d837ff8a --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/field_assignment_001_T/field_assignment_001_T.go @@ -0,0 +1,49 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->接口与类->接口的实现 +// scene introduction = 接口字段赋值 +// level = 2 +// bind_url = completeness/single_app_tracing/interface_class/interface_implementation/field_assignment_001_T/field_assignment_001_T +// evaluation information end + +package main + +import "os/exec" + +func interface_field_assignment_011_T(__taint_src string) { + // 场景特点:将接口类型字段赋值为实现类实例 + container := &Container{} + testImpl := &IctestImpl{} + container.testInterface = testImpl + + // 通过结构体字段调用接口方法,污点数据直接传递 + result, _ := container.testInterface.test(__taint_src) + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +// IIctest 定义了测试接口 +type IIctest interface { + test(taint_src string) (interface{}, error) +} + +// IctestImpl 是 IIctest 的实现 +type IctestImpl struct{} + +// test 实现接口方法,直接返回污点数据 +func (s *IctestImpl) test(taint_src string) (interface{}, error) { + return taint_src, nil +} + +// Container 包含接口类型字段 +type Container struct { + testInterface IIctest +} + +func main() { + __taint_src := "taint_src_value" + interface_field_assignment_011_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/field_assignment_002_F/field_assignment_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/field_assignment_002_F/field_assignment_002_F.go new file mode 100644 index 00000000..1ab9a845 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/field_assignment_002_F/field_assignment_002_F.go @@ -0,0 +1,49 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->接口与类->接口的实现 +// scene introduction = 接口字段赋值 +// level = 2 +// bind_url = completeness/single_app_tracing/interface_class/interface_implementation/field_assignment_002_F/field_assignment_002_F +// evaluation information end + +package main + +import "os/exec" + +func interface_field_assignment_012_F(__taint_src string) { + // 场景特点:将接口类型字段赋值为实现类实例 + container := &Container{} + testImpl := &IctestImpl{} + container.testInterface = testImpl + + // 通过结构体字段调用接口方法,但传入固定字符串而非污点数据 + result, _ := container.testInterface.test("safe_string") + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +// IIctest 定义了测试接口 +type IIctest interface { + test(taint_src string) (interface{}, error) +} + +// IctestImpl 是 IIctest 的实现 +type IctestImpl struct{} + +// test 实现接口方法,直接返回传入数据 +func (s *IctestImpl) test(taint_src string) (interface{}, error) { + return taint_src, nil +} + +// Container 包含接口类型字段 +type Container struct { + testInterface IIctest +} + +func main() { + __taint_src := "taint_src_value" + interface_field_assignment_012_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/interface_class_001_T/interface_class_001_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/struct_injection_interface_001_T/struct_injection_interface_001_T.go similarity index 74% rename from sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/interface_class_001_T/interface_class_001_T.go rename to sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/struct_injection_interface_001_T/struct_injection_interface_001_T.go index 2d6155b1..5ac6d320 100644 --- a/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/interface_class_001_T/interface_class_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/struct_injection_interface_001_T/struct_injection_interface_001_T.go @@ -1,15 +1,16 @@ // evaluation information start // real case = true -// evaluation item = 完整度->单应用跟踪完整度->接口与类->简单对象 +// evaluation item = 完整度->单应用跟踪完整度->接口与类->接口的实现 // scene introduction = 结构体注入接口 // level = 2 -// bind_url = completeness/single_app_tracing/interface_class/interface_implementation/interface_class_001_T/interface_class_001_T +// bind_url = completeness/single_app_tracing/interface_class/interface_implementation/struct_injection_interface_001_T/struct_injection_interface_001_T // evaluation information end package main + import "os/exec" -func interface_class_001_T(__taint_src string) { +func struct_injection_interface_001_T(__taint_src string) { // 创建 IctestImpl 实例 testSvc := &IctestImpl{} @@ -30,7 +31,7 @@ type IIctest interface { test(taint_src string) (interface{}, error) } -//IctestAPI 是业务门面,对外暴露统一 API,内部依赖 IIctest 实现 +// IctestAPI 是业务门面,对外暴露统一 API,内部依赖 IIctest 实现 type IctestAPI struct { _test_svc IIctest } @@ -42,7 +43,7 @@ func NewIctestAPI(testSvc IIctest) *IctestAPI { } } -// GetTest 通过接口调用底层实现,将输入原样返回(导致污点传播) +// GetTest 通过接口调用底层实现,将输入原样返回(导致污点传播) func (e *IctestAPI) GetTest(taint_src string) (interface{}, error) { return e._test_svc.test(taint_src) } @@ -50,7 +51,7 @@ func (e *IctestAPI) GetTest(taint_src string) (interface{}, error) { // IctestImpl 是 IIctest 的默认实现 type IctestImpl struct{} -//test 实现 IIctest 接口,直接将 taint_src 返回,不做任何校验 +// test 实现 IIctest 接口,直接将 taint_src 返回,不做任何校验 func (s *IctestImpl) test(taint_src string) (interface{}, error) { // 污点数据未经处理直接返回 return taint_src, nil @@ -58,5 +59,5 @@ func (s *IctestImpl) test(taint_src string) (interface{}, error) { func main() { __taint_src := "taint_src_value" - interface_class_001_T(__taint_src) -} \ No newline at end of file + struct_injection_interface_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/interface_class_002_F/interface_class_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/struct_injection_interface_002_F/struct_injection_interface_002_F.go similarity index 63% rename from sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/interface_class_002_F/interface_class_002_F.go rename to sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/struct_injection_interface_002_F/struct_injection_interface_002_F.go index fae163ef..3fbd6b35 100644 --- a/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/interface_class_002_F/interface_class_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/struct_injection_interface_002_F/struct_injection_interface_002_F.go @@ -1,15 +1,16 @@ // evaluation information start // real case = false -// evaluation item = 完整度->单应用跟踪完整度->接口与类->简单对象 +// evaluation item = 完整度->单应用跟踪完整度->接口与类->接口的实现 // scene introduction = 结构体注入接口 // level = 2 -// bind_url = completeness/single_app_tracing/interface_class/interface_implementation/interface_class_002_F/interface_class_002_F +// bind_url = completeness/single_app_tracing/interface_class/interface_implementation/struct_injection_interface_002_F/struct_injection_interface_002_F // evaluation information end package main + import "os/exec" -func interface_class_002_F(__taint_src string) { +func struct_injection_interface_002_F(__taint_src string) { //创建 IctestImpl 实例 testSvc := &IctestImpl{} @@ -20,43 +21,43 @@ func interface_class_002_F(__taint_src string) { result, _ := testAPI.GetTest("aa") __taint_sink(result) } - + func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } +} -//IIctest 定义了业务层接口,用于演示接口与实现的解耦 +// IIctest 定义了业务层接口,用于演示接口与实现的解耦 type IIctest interface { test(taint_src string) (interface{}, error) } -//IctestAPI 是业务门面,对外暴露统一 API,内部依赖 IIctest 实现 +// IctestAPI 是业务门面,对外暴露统一 API,内部依赖 IIctest 实现 type IctestAPI struct { _test_svc IIctest } -//NewIctestAPI 构造器,注入 IIctest 实现 +// NewIctestAPI 构造器,注入 IIctest 实现 func NewIctestAPI(testSvc IIctest) *IctestAPI { return &IctestAPI{ _test_svc: testSvc, } } -//GetTest 通过接口调用底层实现,将输入原样返回 +// GetTest 通过接口调用底层实现,将输入原样返回 func (e *IctestAPI) GetTest(taint_src string) (interface{}, error) { return e._test_svc.test(taint_src) } -//IctestImpl 是 IIctest 的默认实现 +// IctestImpl 是 IIctest 的默认实现 type IctestImpl struct{} -//test 实现 IIctest 接口,直接将 传入的值 返回,不做任何校验 +// test 实现 IIctest 接口,直接将 传入的值 返回,不做任何校验 func (s *IctestImpl) test(taint_src string) (interface{}, error) { //污点数据未经处理直接返回 return taint_src, nil } func main() { - __taint_src := "taint_src_value" - interface_class_002_F(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + struct_injection_interface_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/config.json b/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/config.json index e69de29b..ec361311 100644 --- a/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/config.json +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/config.json @@ -0,0 +1,30 @@ +{ + "simple_object": [ + { + "evaluation_item": "完整度->单应用跟踪完整度->接口与类->简单对象", + "scene_levels": [ + { + "level": "2", + "scene_list": [ + { + "compose": "create_object_001_T/create_object_001_T.go && !create_object_002_F/create_object_002_F.go", + "scene": "创建对象->结构体初始化" + }, + { + "compose": "create_object_003_T/create_object_003_T.go && !create_object_004_F/create_object_004_F.go", + "scene": "创建对象->new分配" + }, + { + "compose": "write_object_property_001_T/write_object_property_001_T.go && !write_object_property_002_F/write_object_property_002_F.go", + "scene": "写入对象属性->直接赋值" + }, + { + "compose": "write_object_property_003_T/write_object_property_003_T.go && !write_object_property_004_F/write_object_property_004_F.go", + "scene": "写入对象属性->指针赋值" + } + ] + } + ] + } + ] +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/create_object_001_T/create_object_001_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/create_object_001_T/create_object_001_T.go new file mode 100644 index 00000000..781621ef --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/create_object_001_T/create_object_001_T.go @@ -0,0 +1,38 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->接口与类->简单对象 +// scene introduction = 创建对象->结构体初始化 +// level = 2 +// date = 2025-11-14 18:40:00 +// bind_url = completeness/single_app_tracing/interface_class/simple_object/create_object_001_T/create_object_001_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type Person struct { + name string + age int +} + +func create_object_001_T(__taint_src string) { + // 场景特点:使用字面值初始化结构体 + p := Person{ + name: __taint_src, + age: 25, + } + taint_sink(p.name) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + create_object_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/create_object_002_F/create_object_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/create_object_002_F/create_object_002_F.go new file mode 100644 index 00000000..e2b4a568 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/create_object_002_F/create_object_002_F.go @@ -0,0 +1,38 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->接口与类->简单对象 +// scene introduction = 创建对象->结构体初始化 +// level = 2 +// date = 2025-11-14 18:40:00 +// bind_url = completeness/single_app_tracing/interface_class/simple_object/create_object_002_F/create_object_002_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type Person struct { + name string + age int +} + +func create_object_002_F(__taint_src string) { + // 场景特点:使用字面值初始化结构体但使用安全值 + p := Person{ + name: "safe_value", + age: 25, + } + taint_sink(p.name) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + create_object_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/create_object_003_T/create_object_003_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/create_object_003_T/create_object_003_T.go new file mode 100644 index 00000000..e3bb52f6 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/create_object_003_T/create_object_003_T.go @@ -0,0 +1,37 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->接口与类->简单对象 +// scene introduction = 创建对象->new分配 +// level = 2 +// date = 2025-11-14 18:40:00 +// bind_url = completeness/single_app_tracing/interface_class/simple_object/create_object_003_T/create_object_003_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type Person struct { + name string + age int +} + +func create_object_003_T(__taint_src string) { + // 场景特点:使用new关键字创建结构体实例 + p := new(Person) + p.name = __taint_src + p.age = 25 + taint_sink(p.name) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + create_object_003_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/create_object_004_F/create_object_004_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/create_object_004_F/create_object_004_F.go new file mode 100644 index 00000000..bef9e412 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/create_object_004_F/create_object_004_F.go @@ -0,0 +1,37 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->接口与类->简单对象 +// scene introduction = 创建对象->new分配 +// level = 2 +// date = 2025-11-14 18:40:00 +// bind_url = completeness/single_app_tracing/interface_class/simple_object/create_object_004_F/create_object_004_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type Person struct { + name string + age int +} + +func create_object_004_F(__taint_src string) { + // 场景特点:使用new关键字创建结构体实例但使用安全值 + p := new(Person) + p.name = "safe_value" + p.age = 25 + taint_sink(p.name) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + create_object_004_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/write_object_property_001_T/write_object_property_001_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/write_object_property_001_T/write_object_property_001_T.go new file mode 100644 index 00000000..9de9e607 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/write_object_property_001_T/write_object_property_001_T.go @@ -0,0 +1,37 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->接口与类->简单对象 +// scene introduction = 写入对象属性->直接赋值 +// level = 2 +// date = 2025-11-14 18:40:00 +// bind_url = completeness/single_app_tracing/interface_class/simple_object/write_object_property_001_T/write_object_property_001_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type Person struct { + name string + age int +} + +func write_object_property_001_T(__taint_src string) { + // 场景特点:给结构体字段直接赋值 + var p Person + p.name = __taint_src + p.age = 25 + taint_sink(p.name) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + write_object_property_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/write_object_property_002_F/write_object_property_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/write_object_property_002_F/write_object_property_002_F.go new file mode 100644 index 00000000..e230d4c4 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/write_object_property_002_F/write_object_property_002_F.go @@ -0,0 +1,37 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->接口与类->简单对象 +// scene introduction = 写入对象属性->直接赋值 +// level = 2 +// date = 2025-11-14 18:40:00 +// bind_url = completeness/single_app_tracing/interface_class/simple_object/write_object_property_002_F/write_object_property_002_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type Person struct { + name string + age int +} + +func write_object_property_002_F(__taint_src string) { + // 场景特点:给结构体字段直接赋值但使用安全值 + var p Person + p.name = "safe_value" + p.age = 25 + taint_sink(p.name) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + write_object_property_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/write_object_property_003_T/write_object_property_003_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/write_object_property_003_T/write_object_property_003_T.go new file mode 100644 index 00000000..28fdda1b --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/write_object_property_003_T/write_object_property_003_T.go @@ -0,0 +1,37 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->接口与类->简单对象 +// scene introduction = 写入对象属性->指针赋值 +// level = 2 +// date = 2025-11-14 18:40:00 +// bind_url = completeness/single_app_tracing/interface_class/simple_object/write_object_property_003_T/write_object_property_003_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type Person struct { + name string + age int +} + +func write_object_property_003_T(__taint_src string) { + // 场景特点:给指针结构体字段赋值 + p := &Person{} + p.name = __taint_src + p.age = 25 + taint_sink(p.name) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + write_object_property_003_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/write_object_property_004_F/write_object_property_004_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/write_object_property_004_F/write_object_property_004_F.go new file mode 100644 index 00000000..459eaa09 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/write_object_property_004_F/write_object_property_004_F.go @@ -0,0 +1,37 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->接口与类->简单对象 +// scene introduction = 写入对象属性->指针赋值 +// level = 2 +// date = 2025-11-14 18:40:00 +// bind_url = completeness/single_app_tracing/interface_class/simple_object/write_object_property_004_F/write_object_property_004_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type Person struct { + name string + age int +} + +func write_object_property_004_F(__taint_src string) { + // 场景特点:给指针结构体字段赋值但使用安全值 + p := &Person{} + p.name = "safe_value" + p.age = 25 + taint_sink(p.name) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + write_object_property_004_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/config.json b/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/config.json index e69de29b..44350462 100644 --- a/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/config.json +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/config.json @@ -0,0 +1,26 @@ +{ + "subclass": [ + { + "evaluation_item": "完整度->单应用跟踪完整度->接口与类->子类对象", + "scene_levels": [ + { + "level": "2", + "scene_list": [ + { + "compose": "object_creation_001_T/object_creation_001_T.go && !object_creation_002_F/object_creation_002_F.go", + "scene": "子类对象创建" + }, + { + "compose": "field_write_001_T/field_write_001_T.go && !field_write_002_F/field_write_002_F.go", + "scene": "子类字段写入" + }, + { + "compose": "method_call_001_T/method_call_001_T.go && !method_call_002_F/method_call_002_F.go", + "scene": "子类方法调用" + } + ] + } + ] + } + ] +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/field_write_001_T/field_write_001_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/field_write_001_T/field_write_001_T.go new file mode 100644 index 00000000..06f5ac00 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/field_write_001_T/field_write_001_T.go @@ -0,0 +1,41 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->接口与类->子类对象 +// scene introduction = 子类字段写入 +// level = 2 +// date = 2025-11-18 14:15:00 +// bind_url = completeness/single_app_tracing/interface_class/subclass/field_write_001_T/field_write_001_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type Base struct { + id int +} + +type SubClass struct { + name string + Base +} + +func subclass_field_write_005_T(__taint_src string) { + // 场景特点:给子类结构体字段直接赋值 + var s SubClass + s.id = 1 + s.name = __taint_src + taint_sink(s.name) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + subclass_field_write_005_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/field_write_002_F/field_write_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/field_write_002_F/field_write_002_F.go new file mode 100644 index 00000000..c4237940 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/field_write_002_F/field_write_002_F.go @@ -0,0 +1,41 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->接口与类->子类对象 +// scene introduction = 子类字段写入 +// level = 2 +// date = 2025-11-18 14:15:00 +// bind_url = completeness/single_app_tracing/interface_class/subclass/field_write_002_F/field_write_002_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type Base struct { + id int +} + +type SubClass struct { + name string + Base +} + +func subclass_field_write_006_F(__taint_src string) { + // 场景特点:给子类结构体字段直接赋值但使用安全值 + var s SubClass + s.id = 1 + s.name = "safe_value" + taint_sink(s.name) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + subclass_field_write_006_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/method_call_001_T/method_call_001_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/method_call_001_T/method_call_001_T.go new file mode 100644 index 00000000..64f5618f --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/method_call_001_T/method_call_001_T.go @@ -0,0 +1,50 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->接口与类->子类对象 +// scene introduction = 子类方法调用 +// level = 2 +// date = 2025-11-18 14:15:00 +// bind_url = completeness/single_app_tracing/interface_class/subclass/method_call_001_T/method_call_001_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type Base struct { + id int +} + +func (b Base) GetID() int { + return b.id +} + +type SubClass struct { + name string + Base +} + +func (s SubClass) GetName() string { + return s.name +} + +func subclass_method_call_007_T(__taint_src string) { + // 场景特点:调用子类的实例方法获取字段值 + s := SubClass{ + Base: Base{id: 1}, + name: __taint_src, + } + taint_sink(s.GetName()) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + subclass_method_call_007_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/method_call_002_F/method_call_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/method_call_002_F/method_call_002_F.go new file mode 100644 index 00000000..1b56ee59 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/method_call_002_F/method_call_002_F.go @@ -0,0 +1,50 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->接口与类->子类对象 +// scene introduction = 子类方法调用 +// level = 2 +// date = 2025-11-18 14:15:00 +// bind_url = completeness/single_app_tracing/interface_class/subclass/method_call_002_F/method_call_002_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type Base struct { + id int +} + +func (b Base) GetID() int { + return b.id +} + +type SubClass struct { + name string + Base +} + +func (s SubClass) GetName() string { + return s.name +} + +func subclass_method_call_008_F(__taint_src string) { + // 场景特点:调用子类的实例方法获取字段值但使用安全值 + s := SubClass{ + Base: Base{id: 1}, + name: "safe_value", + } + taint_sink(s.GetName()) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + subclass_method_call_008_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/object_creation_001_T/object_creation_001_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/object_creation_001_T/object_creation_001_T.go new file mode 100644 index 00000000..e462c3c0 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/object_creation_001_T/object_creation_001_T.go @@ -0,0 +1,41 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->接口与类->子类对象 +// scene introduction = 子类对象创建 +// level = 2 +// bind_url = completeness/single_app_tracing/interface_class/subclass/object_creation_001_T/object_creation_001_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type Base struct { + id int +} + +type SubClass struct { + name string + Base +} + +func object_creation_001_T(__taint_src string) { + // 场景特点:使用字面值初始化子类结构体 + s := SubClass{ + Base: Base{id: 1}, + name: __taint_src, + } + taint_sink(s.name) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + object_creation_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/object_creation_002_F/object_creation_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/object_creation_002_F/object_creation_002_F.go new file mode 100644 index 00000000..567d9e82 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/object_creation_002_F/object_creation_002_F.go @@ -0,0 +1,42 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->接口与类->子类对象 +// scene introduction = 子类对象创建 +// level = 2 +// date = 2025-11-18 14:15:00 +// bind_url = completeness/single_app_tracing/interface_class/subclass/object_creation_002_F/object_creation_002_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type Base struct { + id int +} + +type SubClass struct { + name string + Base +} + +func subclass_object_creation_002_F(__taint_src string) { + // 场景特点:使用字面值初始化子类结构体但使用安全值 + s := SubClass{ + Base: Base{id: 1}, + name: "safe_value", + } + taint_sink(s.name) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + subclass_object_creation_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/variable_scope/public/config.json b/sast-go/cases/completeness/single_app_tracing/variable_scope/public/config.json new file mode 100644 index 00000000..93342ae5 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/variable_scope/public/config.json @@ -0,0 +1,22 @@ +{ + "public": [ + { + "evaluation_item": "完整度->单应用跟踪完整度->变量作用域->public变量", + "scene_levels": [ + { + "level": "2", + "scene_list": [ + { + "compose": "public_var_assign_001_T/public_var_assign_001_T.go && !public_var_assign_002_F/public_var_assign_002_F.go", + "scene": "Public变量赋值" + }, + { + "compose": "(public_var_cross_package_001_T/public_var_cross_package_001_T.go || public_var_cross_package_001_T/mypackage/public_var_cross_package_001_T_a.go) && !(public_var_cross_package_002_F/public_var_cross_package_002_F.go || public_var_cross_package_002_F/mypackage/public_var_cross_package_002_F_a.go)", + "scene": "Public变量跨包访问" + } + ] + } + ] + } + ] +} diff --git a/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_assign_001_T/public_var_assign_001_T.go b/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_assign_001_T/public_var_assign_001_T.go new file mode 100644 index 00000000..4218279f --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_assign_001_T/public_var_assign_001_T.go @@ -0,0 +1,33 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->变量作用域->public变量 +// scene introduction = Public变量赋值 +// level = 2 +// bind_url = completeness/single_app_tracing/variable_scope/public/public_var_assign_001_T/public_var_assign_001_T +// date = 2025-12-01 15:25:25 +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +// Public变量(首字母大写) +var PublicVar string + +func publicVarAssign_001_T(__taint_src string) { + // 场景特点:为public变量赋值 + PublicVar = __taint_src + __taint_sink(PublicVar) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + publicVarAssign_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_assign_002_F/public_var_assign_002_F.go b/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_assign_002_F/public_var_assign_002_F.go new file mode 100644 index 00000000..80103897 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_assign_002_F/public_var_assign_002_F.go @@ -0,0 +1,33 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->变量作用域->public变量 +// scene introduction = Public变量赋值 +// level = 2 +// bind_url = completeness/single_app_tracing/variable_scope/public/public_var_assign_002_F/public_var_assign_002_F +// date = 2025-12-01 15:25:25 +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +// Public变量(首字母大写) +var PublicVar string + +func publicVarAssign_002_F(__taint_src string) { + // 场景特点:为public变量赋值,但不是污点数据 + PublicVar = "_" + __taint_sink(PublicVar) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + publicVarAssign_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_cross_package_001_T/mypackage/public_var_cross_package_001_T_a.go b/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_cross_package_001_T/mypackage/public_var_cross_package_001_T_a.go new file mode 100644 index 00000000..033b9285 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_cross_package_001_T/mypackage/public_var_cross_package_001_T_a.go @@ -0,0 +1,19 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->变量作用域->public变量 +// scene introduction = Public变量跨包访问 +// level = 2 +// bind_url = completeness/single_app_tracing/variable_scope/public/public_var_cross_package_001_T/mypackage/public_var_cross_package_001_T_a +// date = 2025-12-01 15:25:25 +// evaluation information end + +package mypackage + +// Public变量(首字母大写,导出变量) +var PublicVar string + +// 为public变量赋值的函数 +func SetPublicVar(__taint_src string) { + // 场景特点:在不同包中为public变量赋值 + PublicVar = __taint_src +} diff --git a/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_cross_package_001_T/public_var_cross_package_001_T.go b/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_cross_package_001_T/public_var_cross_package_001_T.go new file mode 100644 index 00000000..0052c090 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_cross_package_001_T/public_var_cross_package_001_T.go @@ -0,0 +1,28 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->变量作用域->public变量 +// scene introduction = Public变量跨包访问 +// level = 2 +// bind_url = completeness/single_app_tracing/variable_scope/public/public_var_cross_package_001_T/public_var_cross_package_001_T +// date = 2025-12-01 15:25:25 +// evaluation information end + +package main + +import ( + "ant-application-security-testing-benchmark/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_cross_package_001_T/mypackage" + "fmt" + "os/exec" +) + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + // 场景特点:在不同包中为public变量赋值 + mypackage.SetPublicVar(__taint_src) + // 场景特点:在主包中访问不同包的public变量 + __taint_sink(mypackage.PublicVar) +} diff --git a/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_cross_package_002_F/mypackage/public_var_cross_package_002_F_a.go b/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_cross_package_002_F/mypackage/public_var_cross_package_002_F_a.go new file mode 100644 index 00000000..6ccb4f72 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_cross_package_002_F/mypackage/public_var_cross_package_002_F_a.go @@ -0,0 +1,19 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->变量作用域->public变量 +// scene introduction = Public变量跨包访问 +// level = 2 +// bind_url = completeness/single_app_tracing/variable_scope/public/public_var_cross_package_002_F/mypackage/public_var_cross_package_002_F_a +// date = 2025-12-01 15:25:25 +// evaluation information end + +package mypackage + +// Public变量(首字母大写,导出变量) +var PublicVar string + +// 为public变量赋值的函数 +func SetPublicVar(__taint_src string) { + // 场景特点:在不同包中为public变量赋值,但不是污点数据 + PublicVar = "_" +} diff --git a/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_cross_package_002_F/public_var_cross_package_002_F.go b/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_cross_package_002_F/public_var_cross_package_002_F.go new file mode 100644 index 00000000..f5f2af1f --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_cross_package_002_F/public_var_cross_package_002_F.go @@ -0,0 +1,28 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->变量作用域->public变量 +// scene introduction = Public变量跨包访问 +// level = 2 +// bind_url = completeness/single_app_tracing/variable_scope/public/public_var_cross_package_002_F/public_var_cross_package_002_F +// date = 2025-12-01 15:25:25 +// evaluation information end + +package main + +import ( + "ant-application-security-testing-benchmark/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_cross_package_002_F/mypackage" + "fmt" + "os/exec" +) + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + // 场景特点:在不同包中为public变量赋值 + mypackage.SetPublicVar(__taint_src) + // 场景特点:在主包中访问不同包的public变量,但污点数据未传播到该变量 + __taint_sink(mypackage.PublicVar) +} diff --git a/sast-go/cases/completeness/single_app_tracing/variable_scope/static_variable/config.json b/sast-go/cases/completeness/single_app_tracing/variable_scope/static_variable/config.json deleted file mode 100644 index e69de29b..00000000 diff --git a/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/config.json b/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/config.json index fc55d65f..a00c0a08 100644 --- a/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/config.json +++ b/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/config.json @@ -33,6 +33,14 @@ { "compose": "return_value_passing_003_T.py && !return_value_passing_004_F.py", "scene": "返回值传递->多层函数嵌套传递" + }, + { + "compose": "return_value_passing_005_T.py && !return_value_passing_006_F.py", + "scene": "返回值传递->迭代器" + }, + { + "compose": "return_value_passing_007_T.py && !return_value_passing_008_F.py", + "scene": "返回值传递->多返回值解包" } ] } diff --git a/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_005_T.py b/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_005_T.py new file mode 100644 index 00000000..e4d7aa9f --- /dev/null +++ b/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_005_T.py @@ -0,0 +1,25 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->上下文敏感分析->参数/返回值传递 +# scene introduction = 返回值传递->迭代器返回值传递 +# level = 2 +# bind_url = accuracy/context_sensitive/argument_return_value_passing/return_value_passing_005_T +# evaluation information end +import os + +def return_value_passing_005_T(taint_src): + def create_iterator(): + # 创建包含污染值的迭代器 + return iter([taint_src, 'safe_value', 'another_value']) + + iterator = create_iterator() # 返回迭代器对象 + first_item = next(iterator) # 获取迭代器的第一个元素 + taint_sink(first_item) # 传递污染值 + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + return_value_passing_005_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_006_F.py b/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_006_F.py new file mode 100644 index 00000000..a61de824 --- /dev/null +++ b/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_006_F.py @@ -0,0 +1,25 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->上下文敏感分析->参数/返回值传递 +# scene introduction = 返回值传递->迭代器返回值传递 +# level = 2 +# bind_url = accuracy/context_sensitive/argument_return_value_passing/return_value_passing_006_F +# evaluation information end +import os + +def return_value_passing_006_F(taint_src): + def create_iterator(): + # 创建只包含安全值的迭代器 + return iter(['safe_value', 'another_value', 'third_value']) + + iterator = create_iterator() # 返回迭代器对象 + first_item = next(iterator) # 获取迭代器的第一个元素 + taint_sink(first_item) # 传递安全值 + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + return_value_passing_006_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_007_T.py b/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_007_T.py new file mode 100644 index 00000000..3bb2e89f --- /dev/null +++ b/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_007_T.py @@ -0,0 +1,25 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->上下文敏感分析->参数/返回值传递 +# scene introduction = 返回值传递->多返回值解包传递 +# level = 2 +# bind_url = accuracy/context_sensitive/argument_return_value_passing/return_value_passing_007_T +# evaluation information end +import os + +def return_value_passing_007_T(taint_src): + def get_multiple_values(): + # 函数返回多个值,其中包含污点数据 + return taint_src, 'safe_value', 'another_safe' + + # 多返回值解包,第一个值是污点 + tainted_value, safe_value1, safe_value2 = get_multiple_values() + taint_sink(tainted_value) # 传递污点值 + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + return_value_passing_007_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_008_F.py b/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_008_F.py new file mode 100644 index 00000000..8cfb06a9 --- /dev/null +++ b/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_008_F.py @@ -0,0 +1,25 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->上下文敏感分析->参数/返回值传递 +# scene introduction = 返回值传递->多返回值解包传递 +# level = 2 +# bind_url = accuracy/context_sensitive/argument_return_value_passing/return_value_passing_008_F +# evaluation information end +import os + +def return_value_passing_008_F(taint_src): + def get_multiple_values(): + # 函数返回多个值,但都不包含污点数据 + return 'safe_value1', 'safe_value2', 'safe_value3' + + # 多返回值解包,所有值都是安全的 + safe_value1, safe_value2, safe_value3 = get_multiple_values() + taint_sink(safe_value1) # 传递安全值,不应检出漏洞 + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + return_value_passing_008_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/field_sensitive/class/config.json b/sast-python3/case/accuracy/field_sensitive/class/config.json index 5492944a..8c4d0787 100644 --- a/sast-python3/case/accuracy/field_sensitive/class/config.json +++ b/sast-python3/case/accuracy/field_sensitive/class/config.json @@ -25,6 +25,10 @@ { "compose": "inheritance_001_T.py && !inheritance_002_F.py", "scene": "继承覆盖父类字段" + }, + { + "compose": "dynamic_field_001_T.py && !dynamic_field_002_F.py", + "scene": "动态参数" } ] }, diff --git a/sast-python3/case/accuracy/field_sensitive/class/dynamic_field_001_T.py b/sast-python3/case/accuracy/field_sensitive/class/dynamic_field_001_T.py new file mode 100644 index 00000000..9da0c513 --- /dev/null +++ b/sast-python3/case/accuracy/field_sensitive/class/dynamic_field_001_T.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象的不同字段 +# scene introduction = 动态参数->动态字段名 +# level = 3 +# bind_url = accuracy/field_sensitive/class/dynamic_field_001_T +# evaluation information end +import os + +def dynamic_field_001_T(taint_src): + class DynamicClass: + def __init__(self, taint_src): + # 使用setattr动态设置字段 + setattr(self, 'dynamic_field', taint_src) + self.normal_field = '_' + + obj = DynamicClass(taint_src) + # 通过动态字段名访问 + taint_sink(obj.dynamic_field) + + +def taint_sink(o): + os.system(o) + + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + dynamic_field_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/field_sensitive/class/dynamic_field_002_F.py b/sast-python3/case/accuracy/field_sensitive/class/dynamic_field_002_F.py new file mode 100644 index 00000000..c9996c9a --- /dev/null +++ b/sast-python3/case/accuracy/field_sensitive/class/dynamic_field_002_F.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象的不同字段 +# scene introduction = 动态参数->动态字段名 +# level = 3 +# bind_url = accuracy/field_sensitive/class/dynamic_field_002_F +# evaluation information end +import os + +def dynamic_field_002_F(taint_src): + class DynamicClass: + def __init__(self, taint_src): + # 使用setattr动态设置字段为安全值 + setattr(self, 'dynamic_field', '_') + self.tainted_field = taint_src + + obj = DynamicClass(taint_src) + # 访问的是安全的动态字段,而非污染的字段 + taint_sink(obj.dynamic_field) # 传递安全值,不应检出漏洞 + + +def taint_sink(o): + os.system(o) + + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + dynamic_field_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/field_sensitive/class/field_len_006_F.py b/sast-python3/case/accuracy/field_sensitive/class/field_len_006_F.py index 2b6b8be2..3bdf56d8 100644 --- a/sast-python3/case/accuracy/field_sensitive/class/field_len_006_F.py +++ b/sast-python3/case/accuracy/field_sensitive/class/field_len_006_F.py @@ -4,7 +4,7 @@ # evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象的不同字段 # scene introduction = 路径长度 # level = 3+ -# bind_url = accuracy/field_sensitive/class/field_len_006_T +# bind_url = accuracy/field_sensitive/class/field_len_006_F # evaluation information end import os diff --git a/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/config.json b/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/config.json index be1d8beb..0046a8f2 100644 --- a/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/config.json +++ b/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/config.json @@ -17,6 +17,14 @@ { "compose": "map_mc_001_T.py && !map_mc_002_F.py", "scene": "字典键路径->嵌套" + }, + { + "compose": "list_slice_001_T.py && !list_slice_002_F.py", + "scene": "字典键路径->切片后访问" + }, + { + "compose": "map_mc_005_T.py && !map_mc_006_F.py", + "scene": "字典键路径->get方法链" } ] }, diff --git a/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/list_slice_001_T.py b/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/list_slice_001_T.py new file mode 100644 index 00000000..8a9029d2 --- /dev/null +++ b/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/list_slice_001_T.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->对象敏感与域敏感分析->区分多维字典/列表/数组的不同元素 +# scene introduction = 列表索引->切片后访问 +# level = 4 +# bind_url = accuracy/field_sensitive/multidimensional_collection/list_slice_001_T +# evaluation information end +import os + + +def list_slice_001_T(taint_src): + # 二维列表结构 + arr = [[taint_src, "safe"], ["safe", "safe"]] + # 使用切片后访问:先切片再索引访问 + result = arr[0:1][0][0] # 切片[0:1]得到[[taint_src, "safe"]],然后[0][0]访问taint_src + taint_sink(result) + + +def taint_sink(o): + os.system(o) + + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + list_slice_001_T(taint_src) diff --git a/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/list_slice_002_F.py b/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/list_slice_002_F.py new file mode 100644 index 00000000..0763c7ed --- /dev/null +++ b/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/list_slice_002_F.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->对象敏感与域敏感分析->区分多维字典/列表/数组的不同元素 +# scene introduction = 列表索引->切片后访问 +# level = 4 +# bind_url = accuracy/field_sensitive/multidimensional_collection/list_slice_002_F +# evaluation information end +import os + + +def list_slice_002_F(taint_src): + # 二维列表结构 + arr = [[taint_src, "safe"], ["safe", "safe"]] + # 使用切片后访问安全元素:不同切片位置的安全数据 + result = arr[1:2][0][0] # 切片[1:2]得到[["safe", "safe"]],然后[0][0]访问safe + taint_sink(result) + + +def taint_sink(o): + os.system(o) + + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + list_slice_002_F(taint_src) diff --git a/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/map_mc_005_T.py b/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/map_mc_005_T.py new file mode 100644 index 00000000..6ea92f47 --- /dev/null +++ b/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/map_mc_005_T.py @@ -0,0 +1,26 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->对象敏感与域敏感分析->区分多维字典/列表/数组的不同元素 +# scene introduction = 字典键路径->get方法链 +# level = 4 +# bind_url = accuracy/field_sensitive/multidimensional_collection/map_mc_005_T +# evaluation information end +import os + + +def map_mc_005_T(taint_src): + d = {"a": {"b": {"c": taint_src}}, "x": {"y": {"z": "safe"}}} + # 使用get方法链式访问嵌套字典 + result = d.get("a", {}).get("b", {}).get("c") + taint_sink(result) # 应该检测到污染 + + +def taint_sink(o): + os.system(o) + + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + map_mc_005_T(taint_src) diff --git a/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/map_mc_006_F.py b/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/map_mc_006_F.py new file mode 100644 index 00000000..a762f536 --- /dev/null +++ b/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/map_mc_006_F.py @@ -0,0 +1,26 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->对象敏感与域敏感分析->区分多维字典/列表/数组的不同元素 +# scene introduction = 字典键路径->get方法链 +# level = 4 +# bind_url = accuracy/field_sensitive/multidimensional_collection/map_mc_006_F +# evaluation information end +import os + + +def map_mc_006_F(taint_src): + d = {"a": {"b": {"c": taint_src}}, "x": {"y": {"z": "safe"}}} + # 使用get方法链式访问安全路径 + result = d.get("x", {}).get("y", {}).get("z") + taint_sink(result) # 不应该检测到污染 + + +def taint_sink(o): + os.system(o) + + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + map_mc_006_F(taint_src) diff --git a/sast-python3/case/accuracy/flow_sensitive/asynchronous/async_concurrent_001_T.py b/sast-python3/case/accuracy/flow_sensitive/asynchronous/async_concurrent_001_T.py new file mode 100644 index 00000000..f7fe0023 --- /dev/null +++ b/sast-python3/case/accuracy/flow_sensitive/asynchronous/async_concurrent_001_T.py @@ -0,0 +1,45 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->流敏感分析->异步执行 +# scene introduction = 异步执行->并发执行 +# level = 4 +# bind_url = accuracy/flow_sensitive/asynchronous/async_concurrent_001_T +# evaluation information end +import os +import asyncio + + +async def async_concurrent_001_T(taint_src): + # 使用asyncio.gather并发执行多个异步函数 + results = await asyncio.gather( + async_func1(taint_src), # 污染函数 - 直接返回污点数据 + async_func2("safe"), # 安全函数 + ) + + # 从并发结果中访问污染数据 + taint_sink(results[0]) # results[0] 包含污染数据 + + +async def async_func1(data): + await asyncio.sleep(0.01) + # 直接返回污点数据,确保污点传播清晰可见 + return data + + +async def async_func2(data): + await asyncio.sleep(0.01) + return data + + +def taint_sink(o): + os.system(o) + + +async def main(taint_src): + await async_concurrent_001_T(taint_src) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + asyncio.run(main(taint_src)) diff --git a/sast-python3/case/accuracy/flow_sensitive/asynchronous/async_concurrent_002_F.py b/sast-python3/case/accuracy/flow_sensitive/asynchronous/async_concurrent_002_F.py new file mode 100644 index 00000000..dc3d7a48 --- /dev/null +++ b/sast-python3/case/accuracy/flow_sensitive/asynchronous/async_concurrent_002_F.py @@ -0,0 +1,44 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->流敏感分析->异步执行 +# scene introduction = 异步执行->并发执行 +# level = 4 +# bind_url = accuracy/flow_sensitive/asynchronous/async_concurrent_002_F +# evaluation information end +import os +import asyncio + + +async def async_concurrent_002_F(taint_src): + # 使用asyncio.gather并发执行多个异步函数 + results = await asyncio.gather( + async_func1(taint_src), # 污染函数 + async_func2("safe"), # 安全函数 + ) + + # 从并发结果中访问安全数据 + taint_sink(results[1]) # results[1] 是安全数据,不应检测到污染 + + +async def async_func1(data): + await asyncio.sleep(0.01) + return data + + +async def async_func2(data): + await asyncio.sleep(0.01) + return data + + +def taint_sink(o): + os.system(o) + + +async def main(taint_src): + await async_concurrent_002_F(taint_src) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + asyncio.run(main(taint_src)) diff --git a/sast-python3/case/accuracy/flow_sensitive/asynchronous/async_generator_001_T.py b/sast-python3/case/accuracy/flow_sensitive/asynchronous/async_generator_001_T.py new file mode 100644 index 00000000..fcebb3b9 --- /dev/null +++ b/sast-python3/case/accuracy/flow_sensitive/asynchronous/async_generator_001_T.py @@ -0,0 +1,37 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->流敏感分析->异步执行 +# scene introduction = 异步执行->生成器 +# level = 4 +# bind_url = accuracy/flow_sensitive/asynchronous/async_generator_001_T +# evaluation information end +import os +import asyncio + + +async def async_generator_001_T(taint_src): + # 异步生成器函数 - 直接yield污染数据 + async def generate_data(): + yield taint_src # 直接yield污染数据 + return # 确保生成器结束,避免StopAsyncIteration + + # 获取异步生成器对象 + gen = generate_data() + + # 直接await获取第一个yield的值(最纯粹的异步生成器测试) + first_item = await gen.__anext__() + taint_sink(first_item) # 直接处理生成器yield的数据 + + +def taint_sink(o): + os.system(o) + + +async def main(taint_src): + await async_generator_001_T(taint_src) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + asyncio.run(main(taint_src)) diff --git a/sast-python3/case/accuracy/flow_sensitive/asynchronous/async_generator_002_F.py b/sast-python3/case/accuracy/flow_sensitive/asynchronous/async_generator_002_F.py new file mode 100644 index 00000000..e4d9a845 --- /dev/null +++ b/sast-python3/case/accuracy/flow_sensitive/asynchronous/async_generator_002_F.py @@ -0,0 +1,37 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->流敏感分析->异步执行 +# scene introduction = 异步执行->生成器 +# level = 4 +# bind_url = accuracy/flow_sensitive/asynchronous/async_generator_002_F +# evaluation information end +import os +import asyncio + + +async def async_generator_002_F(taint_src): + # 异步生成器函数 - 直接yield安全数据 + async def generate_data(): + yield "safe_data" # 直接yield安全数据 + return # 确保生成器结束,避免StopAsyncIteration + + # 获取异步生成器对象 + gen = generate_data() + + # 直接await获取第一个yield的值(最纯粹的异步生成器测试) + first_item = await gen.__anext__() + taint_sink(first_item) # 直接处理生成器yield的安全数据 + + +def taint_sink(o): + os.system(o) + + +async def main(taint_src): + await async_generator_002_F(taint_src) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + asyncio.run(main(taint_src)) diff --git a/sast-python3/case/accuracy/flow_sensitive/asynchronous/config.json b/sast-python3/case/accuracy/flow_sensitive/asynchronous/config.json index d6b49b53..9c6e3b81 100644 --- a/sast-python3/case/accuracy/flow_sensitive/asynchronous/config.json +++ b/sast-python3/case/accuracy/flow_sensitive/asynchronous/config.json @@ -13,6 +13,14 @@ { "compose": "asynchronous_chain_001_T.py && !asynchronous_chain_002_F.py", "scene": "异步函数链" + }, + { + "compose": "async_concurrent_001_T.py && !async_concurrent_002_F.py", + "scene": "异步执行->并发执行" + }, + { + "compose": "async_generator_001_T.py && !async_generator_002_F.py", + "scene": "异步执行->生成器" } ] } diff --git a/sast-python3/case/accuracy/flow_sensitive/loop_stmt/config.json b/sast-python3/case/accuracy/flow_sensitive/loop_stmt/config.json index 15b2e08b..432a2b11 100644 --- a/sast-python3/case/accuracy/flow_sensitive/loop_stmt/config.json +++ b/sast-python3/case/accuracy/flow_sensitive/loop_stmt/config.json @@ -13,6 +13,14 @@ { "compose": "for_zip_001_T.py && !for_zip_002_F.py", "scene": "for_zip" + }, + { + "compose": "nested_loop_for_in_001_T.py && !nested_loop_for_in_002_F.py", + "scene": " 循环语句->嵌套循环" + }, + { + "compose": "while_loop_001_T.py && !while_loop_002_F.py", + "scene": "循环语句->while循环" } ] } diff --git a/sast-python3/case/accuracy/flow_sensitive/loop_stmt/nested_loop_for_in_001_T.py b/sast-python3/case/accuracy/flow_sensitive/loop_stmt/nested_loop_for_in_001_T.py new file mode 100644 index 00000000..bb0663a5 --- /dev/null +++ b/sast-python3/case/accuracy/flow_sensitive/loop_stmt/nested_loop_for_in_001_T.py @@ -0,0 +1,25 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->流敏感分析->循环语句 +# scene introduction = 循环语句->嵌套循环 +# level = 2+ +# bind_url = accuracy/flow_sensitive/loop_stmt/nested_loop_for_in_001_T +# evaluation information end +import os + + +def nested_loop_for_in_001_T(taint_src): + # 嵌套循环中的污点传播 + for outer in [taint_src]: + for inner in ["safe"]: + taint_sink(outer) # 外层循环变量(污染数据) + + +def taint_sink(o): + os.system(o) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + nested_loop_for_in_001_T(taint_src) diff --git a/sast-python3/case/accuracy/flow_sensitive/loop_stmt/nested_loop_for_in_002_F.py b/sast-python3/case/accuracy/flow_sensitive/loop_stmt/nested_loop_for_in_002_F.py new file mode 100644 index 00000000..57891212 --- /dev/null +++ b/sast-python3/case/accuracy/flow_sensitive/loop_stmt/nested_loop_for_in_002_F.py @@ -0,0 +1,25 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->流敏感分析->循环语句 +# scene introduction = 循环语句->嵌套循环 +# level = 2+ +# bind_url = accuracy/flow_sensitive/loop_stmt/nested_loop_for_in_002_F +# evaluation information end +import os + + +def nested_loop_for_in_002_F(taint_src): + # 嵌套循环中的安全数据处理 + for outer in [taint_src]: + for inner in ["safe"]: + taint_sink(inner) # 内层循环变量(安全数据) + + +def taint_sink(o): + os.system(o) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + nested_loop_for_in_002_F(taint_src) diff --git a/sast-python3/case/accuracy/flow_sensitive/loop_stmt/while_loop_001_T.py b/sast-python3/case/accuracy/flow_sensitive/loop_stmt/while_loop_001_T.py new file mode 100644 index 00000000..c0819c36 --- /dev/null +++ b/sast-python3/case/accuracy/flow_sensitive/loop_stmt/while_loop_001_T.py @@ -0,0 +1,26 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->流敏感分析->循环语句 +# scene introduction = 循环语句->while循环 +# level = 2+ +# bind_url = accuracy/flow_sensitive/loop_stmt/while_loop_001_T +# evaluation information end +import os + + +def while_loop_001_T(taint_src): + # while循环中的污点传播 + i = 0 + while i < 1: + taint_sink(taint_src) # 循环体内的污点 + i += 1 + + +def taint_sink(o): + os.system(o) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + while_loop_001_T(taint_src) diff --git a/sast-python3/case/accuracy/flow_sensitive/loop_stmt/while_loop_002_F.py b/sast-python3/case/accuracy/flow_sensitive/loop_stmt/while_loop_002_F.py new file mode 100644 index 00000000..7c8fc682 --- /dev/null +++ b/sast-python3/case/accuracy/flow_sensitive/loop_stmt/while_loop_002_F.py @@ -0,0 +1,26 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->流敏感分析->循环语句 +# scene introduction = 循环语句->while循环 +# level = 2+ +# bind_url = accuracy/flow_sensitive/loop_stmt/while_loop_002_F +# evaluation information end +import os + + +def while_loop_002_F(taint_src): + # while循环中的安全数据处理 + i = 0 + while i < 1: + taint_sink("safe_data") # 循环体内的安全数据 + i += 1 + + +def taint_sink(o): + os.system(o) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + while_loop_002_F(taint_src) diff --git a/sast-python3/case/accuracy/object_sensitive/class/config.json b/sast-python3/case/accuracy/object_sensitive/class/config.json index ea509a89..edce7d08 100644 --- a/sast-python3/case/accuracy/object_sensitive/class/config.json +++ b/sast-python3/case/accuracy/object_sensitive/class/config.json @@ -13,10 +13,14 @@ { "compose": "constructor_object_sensitive_003_T.py && !constructor_object_sensitive_004_F.py", "scene": "接口/类->继承对象" + }, + { + "compose": "dynamic_attribute_object_sensitive_001_T.py && !dynamic_attribute_object_sensitive_002_F.py", + "scene": "接口/类->动态属性对象" } ] } ] } ] -} \ No newline at end of file +} diff --git a/sast-python3/case/accuracy/object_sensitive/class/constructor_object_sensitive_005_T.py b/sast-python3/case/accuracy/object_sensitive/class/constructor_object_sensitive_005_T.py new file mode 100644 index 00000000..302991cd --- /dev/null +++ b/sast-python3/case/accuracy/object_sensitive/class/constructor_object_sensitive_005_T.py @@ -0,0 +1,28 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象 +# scene introduction = 接口/类->类定义位置 +# level = 2 +# bind_url = accuracy/object_sensitive/class/constructor_object_sensitive_005_T +# evaluation information end +import os + +class A: + def __init__(self): + self.data = taint_src + +def constructor_object_sensitive_005_T(taint_src): + + obj = A() + taint_sink(obj.data) + + +def taint_sink(o): + os.system(o) + + +if __name__ == '__main__': + taint_src = "taint_src_value" + constructor_object_sensitive_005_T(taint_src) + diff --git a/sast-python3/case/accuracy/object_sensitive/class/constructor_object_sensitive_006_F.py b/sast-python3/case/accuracy/object_sensitive/class/constructor_object_sensitive_006_F.py new file mode 100644 index 00000000..3a005198 --- /dev/null +++ b/sast-python3/case/accuracy/object_sensitive/class/constructor_object_sensitive_006_F.py @@ -0,0 +1,28 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象 +# scene introduction = 接口/类->类定义位置 +# level = 2 +# bind_url = accuracy/object_sensitive/class/constructor_object_sensitive_006_F +# evaluation information end +import os + +class A: + def __init__(self): + self.data = '_' + +def constructor_object_sensitive_006_F(taint_src): + + obj = A() + taint_sink(obj.data) + + +def taint_sink(o): + os.system(o) + + +if __name__ == '__main__': + taint_src = "taint_src_value" + constructor_object_sensitive_006_F(taint_src) + diff --git a/sast-python3/case/accuracy/object_sensitive/class/dynamic_attribute_object_sensitive_001_T.py b/sast-python3/case/accuracy/object_sensitive/class/dynamic_attribute_object_sensitive_001_T.py new file mode 100644 index 00000000..9b2aa320 --- /dev/null +++ b/sast-python3/case/accuracy/object_sensitive/class/dynamic_attribute_object_sensitive_001_T.py @@ -0,0 +1,34 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象 +# scene introduction = 接口/类->动态属性对象 +# level = 2 +# bind_url = accuracy/object_sensitive/class/dynamic_attribute_object_sensitive_001_T +# evaluation information end +# 区分"动态属性对象",动态属性赋值 +import os + + +def dynamic_attribute_object_sensitive_001_T(taint_src): + class DynamicObject: + def __init__(self, name): + self.name = name # 只初始化基础属性 + + # 创建对象并动态添加污染属性 + obj = DynamicObject("test_obj") + obj.dynamic_data = taint_src # 动态添加污染属性 + + # 直接传递对象给sink + taint_sink(obj) + + +def taint_sink(o): + # 在sink函数内部访问动态属性 + os.system(o.dynamic_data) + + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + dynamic_attribute_object_sensitive_001_T(taint_src) diff --git a/sast-python3/case/accuracy/object_sensitive/class/dynamic_attribute_object_sensitive_002_F.py b/sast-python3/case/accuracy/object_sensitive/class/dynamic_attribute_object_sensitive_002_F.py new file mode 100644 index 00000000..c0e4c148 --- /dev/null +++ b/sast-python3/case/accuracy/object_sensitive/class/dynamic_attribute_object_sensitive_002_F.py @@ -0,0 +1,34 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象 +# scene introduction = 接口/类->动态属性对象 +# level = 2 +# bind_url = accuracy/object_sensitive/class/dynamic_attribute_object_sensitive_002_F +# evaluation information end +# 区分"动态属性对象",动态属性赋值 +import os + + +def dynamic_attribute_object_sensitive_002_F(taint_src): + class DynamicObject: + def __init__(self, name): + self.name = name # 只初始化基础属性 + + # 创建对象并动态添加安全属性 + obj = DynamicObject("test_obj") + obj.dynamic_data = "_" # 动态添加安全属性 + + # 直接传递对象给sink + taint_sink(obj) + + +def taint_sink(o): + # 在sink函数内部访问动态属性 + os.system(o.dynamic_data) + + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + dynamic_attribute_object_sensitive_002_F(taint_src) diff --git a/sast-python3/case/accuracy/path_sensitive/exception_throw/config.json b/sast-python3/case/accuracy/path_sensitive/exception_throw/config.json index 56cb8880..6e594420 100644 --- a/sast-python3/case/accuracy/path_sensitive/exception_throw/config.json +++ b/sast-python3/case/accuracy/path_sensitive/exception_throw/config.json @@ -9,6 +9,22 @@ { "compose": "exception_throw_001_T.py && !exception_throw_002_F.py && exception_throw_003_T.py", "scene": "1" + }, + { + "compose": "exception_finally_throw_001_T.py && !exception_finally_throw_002_F.py", + "scene": "异常抛出-finally块执行" + }, + { + "compose": "exception_multiple_except_001_T.py && !exception_multiple_except_002_F.py", + "scene": "异常抛出-多个except分支" + }, + { + "compose": "exception_else_001_T.py && !exception_else_002_F.py", + "scene": "异常抛出-else块执行" + }, + { + "compose": "exception_args_001_T.py && !exception_args_002_F.py", + "scene": "异常抛出-多参数异常对象" } ] } diff --git a/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_args_001_T.py b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_args_001_T.py new file mode 100644 index 00000000..62eeb4d3 --- /dev/null +++ b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_args_001_T.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->路径敏感分析->异常抛出和捕获 +# scene introduction = 异常抛出-多参数异常对象 +# level = 3 +# bind_url = accuracy/path_sensitive/exception_throw/exception_args_001_T +# evaluation information end +import os + +def exception_args_001_T(taint_src): + try: + # 创建多参数异常,第二个参数是污点 + raise Exception("Error message", taint_src, "_") + except Exception as e: + # 获取异常的所有参数 + args = e.args + # args[1] 是污点数据 + taint_sink(args[1]) # 应该检出 - 异常参数中的污点数据 + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + exception_args_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_args_002_F.py b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_args_002_F.py new file mode 100644 index 00000000..dd538e00 --- /dev/null +++ b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_args_002_F.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->路径敏感分析->异常抛出和捕获 +# scene introduction = 异常抛出-多参数异常对象 +# level = 3 +# bind_url = accuracy/path_sensitive/exception_throw/exception_args_002_F +# evaluation information end +import os + +def exception_args_002_F(taint_src): + try: + # 创建多参数异常,但污点数据不在被访问的位置 + raise Exception("Error message", "_", taint_src) + except Exception as e: + # 获取异常的所有参数 + args = e.args + # args[1] 是安全数据,args[2] 是污点但不被访问 + taint_sink(args[1]) # 不应检出 - 访问的是安全参数 + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + exception_args_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_else_001_T.py b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_else_001_T.py new file mode 100644 index 00000000..de50da55 --- /dev/null +++ b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_else_001_T.py @@ -0,0 +1,28 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->路径敏感分析->异常抛出和捕获 +# scene introduction = 异常抛出-else块执行 +# level = 3 +# bind_url = accuracy/path_sensitive/exception_throw/exception_else_001_T +# evaluation information end +import os + +def exception_else_001_T(taint_src): + try: + # 正常执行,不抛出异常 + normal_data = "_" + except Exception as e: + # 不会执行到except块 + pass + else: + # 无异常时执行else块 + taint_sink(taint_src) # 应该检出 - else块中的污点传递 + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + exception_else_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_else_002_F.py b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_else_002_F.py new file mode 100644 index 00000000..a3b4edea --- /dev/null +++ b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_else_002_F.py @@ -0,0 +1,29 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->路径敏感分析->异常抛出和捕获 +# scene introduction = 异常抛出-else块执行 +# level = 3 +# bind_url = accuracy/path_sensitive/exception_throw/exception_else_002_F +# evaluation information end +import os + +def exception_else_002_F(taint_src): + try: + # 正常执行,不抛出异常 + normal_data = "_" + except Exception as e: + # 不会执行到except块 + pass + else: + # 无异常时执行else块,但传递安全数据 + safe_data = "_" + taint_sink(safe_data) # 不应检出 - else块中传递安全数据 + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + exception_else_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_finally_throw_001_T.py b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_finally_throw_001_T.py new file mode 100644 index 00000000..56a28008 --- /dev/null +++ b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_finally_throw_001_T.py @@ -0,0 +1,28 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->路径敏感分析->异常抛出和捕获 +# scene introduction = 异常抛出-finally块执行 +# level = 3 +# bind_url = accuracy/path_sensitive/exception_throw/exception_finally_throw_001_T +# evaluation information end +import os + +def exception_finally_throw_001_T(taint_src): + try: + # try块正常执行,无异常抛出 + pass + except Exception as e: + # 不会执行到except块 + pass + finally: + # finally块总会执行,处理污点数据 + taint_sink(taint_src) # 应该检出 - finally块中的污点传递 + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + exception_finally_throw_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_finally_throw_002_F.py b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_finally_throw_002_F.py new file mode 100644 index 00000000..00913fc7 --- /dev/null +++ b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_finally_throw_002_F.py @@ -0,0 +1,29 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->路径敏感分析->异常抛出和捕获 +# scene introduction = 异常抛出-finally块执行 +# level = 3 +# bind_url = accuracy/path_sensitive/exception_throw/exception_finally_throw_002_F +# evaluation information end +import os + +def exception_finally_throw_002_F(taint_src): + try: + # try块正常执行,无异常抛出 + pass + except Exception as e: + # 不会执行到except块 + pass + finally: + # finally块总会执行,但传递安全数据 + safe_data = "_" + taint_sink(safe_data) # 不应检出 - finally块中传递安全数据 + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + exception_finally_throw_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_multiple_except_001_T.py b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_multiple_except_001_T.py new file mode 100644 index 00000000..d29158bb --- /dev/null +++ b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_multiple_except_001_T.py @@ -0,0 +1,31 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->路径敏感分析->异常抛出和捕获 +# scene introduction = 异常抛出-多个except分支 +# level = 3 +# bind_url = accuracy/path_sensitive/exception_throw/exception_multiple_except_001_T +# evaluation information end +import os + +def exception_multiple_except_001_T(taint_src): + try: + # 抛出ValueError异常 + raise ValueError(taint_src) + except ValueError as e: + # 匹配到ValueError,执行这个分支 + taint_sink(taint_src) # 应该检出 - 同一分支传递污点数据 + except TypeError as e: + # 不会执行到这个分支 + pass + except Exception as e: + # 不会执行到这个分支(ValueError已匹配) + pass + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + exception_multiple_except_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_multiple_except_002_F.py b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_multiple_except_002_F.py new file mode 100644 index 00000000..9435f323 --- /dev/null +++ b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_multiple_except_002_F.py @@ -0,0 +1,32 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->路径敏感分析->异常抛出和捕获 +# scene introduction = 异常抛出-多个except分支 +# level = 3 +# bind_url = accuracy/path_sensitive/exception_throw/exception_multiple_except_002_F +# evaluation information end +import os + +def exception_multiple_except_002_F(taint_src): + try: + # 抛出ValueError异常 + raise ValueError(taint_src) + except ValueError as e: + # 匹配到ValueError,执行这个分支(与正例相同路径) + safe_data = "_" + taint_sink(safe_data) # 不应检出 - 同一分支传递安全数据 + except TypeError as e: + # 不会执行到这个分支 + pass + except Exception as e: + # 不会执行到这个分支(ValueError已匹配) + pass + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + exception_multiple_except_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/break_004_F.py b/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/break_004_F.py index b0120aa3..36951e45 100644 --- a/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/break_004_F.py +++ b/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/break_004_F.py @@ -4,7 +4,7 @@ # evaluation item = 准确度->路径敏感分析->跳转语句 # scene introduction = break-嵌套循环 # level = 4+ -# bind_url = accuracy/path_sensitive/explicit_jump_control/break_003_F +# bind_url = accuracy/path_sensitive/explicit_jump_control/break_004_F # evaluation information end import os diff --git a/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/config.json b/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/config.json index 18fd4082..1bf785ad 100644 --- a/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/config.json +++ b/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/config.json @@ -18,6 +18,10 @@ "compose": "continue_001_T.py && !continue_002_F.py", "scene": "continue" }, + { + "compose": "continue_nested_001_T.py && !continue_nested_002_F.py", + "scene": "continue-嵌套循环" + }, { "compose": "return_001_T.py && !return_002_F.py", "scene": "return" diff --git a/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/continue_nested_001_T.py b/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/continue_nested_001_T.py new file mode 100644 index 00000000..5a2a0ef3 --- /dev/null +++ b/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/continue_nested_001_T.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->路径敏感分析->跳转语句 +# scene introduction = continue-嵌套循环 +# level = 4+ +# bind_url = accuracy/path_sensitive/explicit_jump_control/continue_nested_001_T +# evaluation information end +import os + +def continue_nested_001_T(taint_src): + res = "" + for i in range(3): + for j in range(3): + if i == 1 and j == 0: + res = taint_src + continue # 跳过内层循环本次迭代,但内层循环继续 + # continue跳过后,i=1, j>0时执行这里 + taint_sink(res) # 应该检出 - i=1, j>0时res有污点 + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + continue_nested_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/continue_nested_002_F.py b/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/continue_nested_002_F.py new file mode 100644 index 00000000..5f99d2e9 --- /dev/null +++ b/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/continue_nested_002_F.py @@ -0,0 +1,28 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->路径敏感分析->跳转语句 +# scene introduction = continue-嵌套循环 +# level = 4+ +# bind_url = accuracy/path_sensitive/explicit_jump_control/continue_nested_002_F +# evaluation information end +import os + +def continue_nested_002_F(taint_src): + res = "" + for i in range(3): + for j in range(3): + if i == 1 and j == 0: + res = taint_src # 设置污点数据 + continue # 跳过内层循环本次迭代 + # continue跳过后执行这里,但传递安全数据 + safe_data = "safe_value" + taint_sink(safe_data) # 不应检出 - 传递安全数据 + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + continue_nested_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/other/ellipsis/ellipsis_002_F.py b/sast-python3/case/completeness/other/ellipsis/ellipsis_002_F.py index 44b50a8b..c7348e42 100644 --- a/sast-python3/case/completeness/other/ellipsis/ellipsis_002_F.py +++ b/sast-python3/case/completeness/other/ellipsis/ellipsis_002_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->其他->ellipsis # scene introduction = 占位符 # level = 2+ diff --git a/sast-python3/case/completeness/other/ellipsis/ellipsis_004_F.py b/sast-python3/case/completeness/other/ellipsis/ellipsis_004_F.py index f8266341..806b1236 100644 --- a/sast-python3/case/completeness/other/ellipsis/ellipsis_004_F.py +++ b/sast-python3/case/completeness/other/ellipsis/ellipsis_004_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->其他->ellipsis # scene introduction = 切片占位 # level = 2+ diff --git a/sast-python3/case/completeness/single_app_tracing/alias/alias_001_T.py b/sast-python3/case/completeness/single_app_tracing/alias/alias_001_T.py index 980808e2..722bc6c7 100644 --- a/sast-python3/case/completeness/single_app_tracing/alias/alias_001_T.py +++ b/sast-python3/case/completeness/single_app_tracing/alias/alias_001_T.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = false +# real case = true # evaluation item = 完整度->单应用跟踪完整度->别名 # scene introduction = 别名问题 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/alias/alias_006_F.py b/sast-python3/case/completeness/single_app_tracing/alias/alias_006_F.py index 5c303f7f..d5dd07e8 100644 --- a/sast-python3/case/completeness/single_app_tracing/alias/alias_006_F.py +++ b/sast-python3/case/completeness/single_app_tracing/alias/alias_006_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->别名 # scene introduction = 列表元素别名 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/class/complex_object/config.json b/sast-python3/case/completeness/single_app_tracing/class/complex_object/config.json index 9a023627..e840f3cd 100644 --- a/sast-python3/case/completeness/single_app_tracing/class/complex_object/config.json +++ b/sast-python3/case/completeness/single_app_tracing/class/complex_object/config.json @@ -34,6 +34,18 @@ { "compose": "inject_data_new_005_T.py && !inject_data_new_006_F.py", "scene": "运行时动态创建实例" + }, + { + "compose": "multi_level_inheritance_001_T.py && !multi_level_inheritance_002_F.py", + "scene": "多级继承" + }, + { + "compose": "multiple_inheritance_001_T.py && !multiple_inheritance_002_F.py", + "scene": "多重继承" + }, + { + "compose": "no_init_child_class_001_T.py && !no_init_child_class_002_F.py", + "scene": "父类init函数自动调用" } ] } diff --git a/sast-python3/case/completeness/single_app_tracing/class/complex_object/multi_level_inheritance_001_T.py b/sast-python3/case/completeness/single_app_tracing/class/complex_object/multi_level_inheritance_001_T.py new file mode 100644 index 00000000..3b2019c9 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/class/complex_object/multi_level_inheritance_001_T.py @@ -0,0 +1,39 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +# scene introduction = 多级继承 +# level = 2+ +# bind_url = completeness/single_app_tracing/class/complex_object/multi_level_inheritance_001_T +# evaluation information end + +import os + +def multi_level_inheritance_001_T(taint_src): + class C: + def __init__(self, data): + self.data_c = data # 最底层存储数据 + + class B(C): + def __init__(self, data): + super().__init__(data) # 调用C的构造函数 + self.data_b = "_B" # 添加B自己的数据 + + class A(B): + def __init__(self, data): + super().__init__(data) # 调用B的构造函数 → 调用C的构造函数 + self.data_a = "_A" # 添加A自己的数据 + + def get_combined_data(self): + return self.data_c + self.data_b + self.data_a + + obj = A(taint_src) # 污染数据进入继承链 + taint_sink(obj.get_combined_data()) + + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + multi_level_inheritance_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/class/complex_object/multi_level_inheritance_002_F.py b/sast-python3/case/completeness/single_app_tracing/class/complex_object/multi_level_inheritance_002_F.py new file mode 100644 index 00000000..959c4bf8 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/class/complex_object/multi_level_inheritance_002_F.py @@ -0,0 +1,39 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +# scene introduction = 多级继承 +# level = 2+ +# bind_url = completeness/single_app_tracing/class/complex_object/multi_level_inheritance_002_F +# evaluation information end + +import os + +def multi_level_inheritance_002_F(taint_src): + class C: + def __init__(self, data): + self.data_c = data # 最底层存储数据 + + class B(C): + def __init__(self, data): + super().__init__(data) # 调用C的构造函数 + self.data_b = "_B" # 添加B自己的数据 + + class A(B): + def __init__(self, data): + super().__init__(data) # 调用B的构造函数 → 调用C的构造函数 + self.data_a = "_A" # 添加A自己的数据 + + def get_combined_data(self): + return self.data_c + self.data_b + self.data_a + + obj = A("_") + taint_sink(obj.get_combined_data()) + + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + multi_level_inheritance_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/class/complex_object/multiple_inheritance_001_T.py b/sast-python3/case/completeness/single_app_tracing/class/complex_object/multiple_inheritance_001_T.py new file mode 100644 index 00000000..d148b44b --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/class/complex_object/multiple_inheritance_001_T.py @@ -0,0 +1,38 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +# scene introduction = 多重继承 +# level = 2+ +# bind_url = completeness/single_app_tracing/class/complex_object/multiple_inheritance_001_T +# evaluation information end + +import os + +def multiple_inheritance_001_T(taint_src): + class A: + def __init__(self, data): + self.data_a = data + + class B: + def __init__(self, data): + self.data_b = data + + class C(A, B): + def __init__(self, data): + A.__init__(self, data) + B.__init__(self, data) + + def get_result(self): + return self.data_a + self.data_b + + obj = C(taint_src) + taint_sink(obj.get_result()) + + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + multiple_inheritance_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/class/complex_object/multiple_inheritance_002_F.py b/sast-python3/case/completeness/single_app_tracing/class/complex_object/multiple_inheritance_002_F.py new file mode 100644 index 00000000..f89688d8 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/class/complex_object/multiple_inheritance_002_F.py @@ -0,0 +1,38 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +# scene introduction = 多重继承 +# level = 2+ +# bind_url = completeness/single_app_tracing/class/complex_object/multiple_inheritance_002_F +# evaluation information end + +import os + +def multiple_inheritance_002_F(taint_src): + class A: + def __init__(self, data): + self.data_a = data + + class B: + def __init__(self, data): + self.data_b = data + + class C(A, B): + def __init__(self, data): + A.__init__(self, data) + B.__init__(self, data) + + def get_result(self): + return self.data_a + self.data_b + + obj = C("_") + taint_sink(obj.get_result()) + + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + multiple_inheritance_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/class/complex_object/no_init_child_class_001_T.py b/sast-python3/case/completeness/single_app_tracing/class/complex_object/no_init_child_class_001_T.py new file mode 100644 index 00000000..08c5a190 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/class/complex_object/no_init_child_class_001_T.py @@ -0,0 +1,35 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +# scene introduction = 父类init函数自动调用 +# level = 2+ +# bind_url = completeness/single_app_tracing/class/complex_object/no_init_child_class_001_T +# evaluation information end + +import os + +def no_init_child_class_001_T(taint_src): + class Parent: + def __init__(self, data): + # 父类构造函数直接接收外部数据 + self.data = data + + class Child(Parent): + # 子类没有定义__init__方法,会自动调用父类的__init__ + def process_data(self): + # 子类方法处理从父类继承的污染数据 + return self.data + + # 创建子类实例时,自动调用Parent.__init__(taint_src) + obj = Child(taint_src) + + # 通过子类方法访问继承的污染属性 + taint_sink(obj.process_data()) + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + no_init_child_class_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/class/complex_object/no_init_child_class_002_F.py b/sast-python3/case/completeness/single_app_tracing/class/complex_object/no_init_child_class_002_F.py new file mode 100644 index 00000000..8e044ce5 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/class/complex_object/no_init_child_class_002_F.py @@ -0,0 +1,35 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +# scene introduction = 父类init函数自动调用 +# level = 2+ +# bind_url = completeness/single_app_tracing/class/complex_object/no_init_child_class_002_F +# evaluation information end + +import os + +def no_init_child_class_002_F(taint_src): + class Parent: + def __init__(self, data): + # 父类构造函数直接接收外部数据 + self.data = data + + class Child(Parent): + # 子类没有定义__init__方法,会自动调用父类的__init__ + def process_data(self): + # 子类方法处理从父类继承的污染数据 + return self.data + + # 创建子类实例时,自动调用Parent.__init__(taint_src) + obj = Child("_") + + # 通过子类方法访问继承的污染属性 + taint_sink(obj.process_data()) + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + no_init_child_class_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/control_flow/assert/assert_002_F.py b/sast-python3/case/completeness/single_app_tracing/control_flow/assert/assert_002_F.py index cbc5312e..49f0d25f 100644 --- a/sast-python3/case/completeness/single_app_tracing/control_flow/assert/assert_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/control_flow/assert/assert_002_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->流程控制语句->断言 # scene introduction = 验证输入值 # level = 2+ diff --git a/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_matchStar_004_F.py b/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_matchStar_004_F.py index 54a2ead6..6280e33f 100644 --- a/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_matchStar_004_F.py +++ b/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_matchStar_004_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->流程控制语句->条件语句 # scene introduction = 星号匹配->字典嵌套 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_004_F.py b/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_004_F.py index d5abbb6c..9a3dfc4a 100644 --- a/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_004_F.py +++ b/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_004_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->流程控制语句->条件语句 # scene introduction = match_or # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/control_flow/loop_stmt/while_else_002_F.py b/sast-python3/case/completeness/single_app_tracing/control_flow/loop_stmt/while_else_002_F.py index 22e68435..1c9c7447 100644 --- a/sast-python3/case/completeness/single_app_tracing/control_flow/loop_stmt/while_else_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/control_flow/loop_stmt/while_else_002_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->流程控制语句->循环结构 # scene introduction = while_else # level = 4 diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/config.json b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/config.json index 0a31dc30..91732d2b 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/config.json +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/config.json @@ -25,6 +25,10 @@ { "compose": "(cross_file_009_T/cross_file_009_T_a.py || cross_file_009_T/cross_file_009_T_b.py) && !(cross_file_010_F/cross_file_010_F_a.py || cross_file_010_F/cross_file_010_F_b.py)", "scene": "同级目录相对导入" + }, + { + "compose": "(dynamic_import_001_T/dynamic_import_001_T_a.py || dynamic_import_001_T/dynamic_import_001_T_b.py) && !(dynamic_import_002_F/dynamic_import_002_F_a.py || dynamic_import_002_F/dynamic_import_002_F_b.py)", + "scene": "动态导入" } ] } diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_001_T/dynamic_import_001_T_a.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_001_T/dynamic_import_001_T_a.py new file mode 100644 index 00000000..294c933c --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_001_T/dynamic_import_001_T_a.py @@ -0,0 +1,11 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨文件 +# scene introduction = 动态导入-函数调用 +# level = 2 +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_001_T/dynamic_import_001_T_a +# evaluation information end + +def get_taint_data(taint_src): + return f"dynamic_{taint_src}" \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_001_T/dynamic_import_001_T_b.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_001_T/dynamic_import_001_T_b.py new file mode 100644 index 00000000..b66e850a --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_001_T/dynamic_import_001_T_b.py @@ -0,0 +1,29 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨文件 +# scene introduction = 动态导入-函数调用 +# level = 2 +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_001_T/dynamic_import_001_T_b +# evaluation information end + +import os + +def dynamic_import_001_T_b(taint_src): + # 动态导入模块 + module_name = "dynamic_import_001_T_a" + imported_module = __import__(module_name) + + # 调用动态导入模块中的函数 + result = imported_module.get_taint_data(taint_src) + + # 验证动态导入后的数据传递 + taint_sink(result) + +def taint_sink(o): + os.system(str(o)) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + dynamic_import_001_T_b(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_002_F/dynamic_import_002_F_a.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_002_F/dynamic_import_002_F_a.py new file mode 100644 index 00000000..d4126f82 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_002_F/dynamic_import_002_F_a.py @@ -0,0 +1,11 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨文件 +# scene introduction = 动态导入-安全数据调用 +# level = 2 +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_002_F/dynamic_import_002_F_a +# evaluation information end + +def get_safe_data(taint_src): + return "safe_data" # 返回安全数据,不是污点数据 \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_002_F/dynamic_import_002_F_b.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_002_F/dynamic_import_002_F_b.py new file mode 100644 index 00000000..5b68b94c --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_002_F/dynamic_import_002_F_b.py @@ -0,0 +1,29 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨文件 +# scene introduction = 动态导入-安全数据调用 +# level = 2 +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_002_F/dynamic_import_002_F_b +# evaluation information end + +import os + +def dynamic_import_002_F_b(taint_src): + # 动态导入模块(与正例相同的路径) + module_name = "dynamic_import_002_F_a" + imported_module = __import__(module_name) + + # 调用动态导入模块中的函数,但获取安全数据 + result = imported_module.get_safe_data(taint_src) + + # 验证动态导入后的安全数据传递 + taint_sink(result) # 不应检出 - 传递的是安全数据 + +def taint_sink(o): + os.system(str(o)) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + dynamic_import_002_F_b(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/array/array_extend_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/array/array_extend_001_T.py new file mode 100644 index 00000000..1d724c2f --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/array/array_extend_001_T.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->数组 +# scene introduction = extend操作 +# level = 2+ +# bind_url = completeness/single_app_tracing/datatype/array/array_extend_001_T +# evaluation information end + +import os +import array + +def array_extend_001_T(taint_src): + # 创建初始数组 + arr = array.array('u', ['a', 'b']) + + tainted_arr = array.array('u', [taint_src[0]]) + + # 执行extend操作 + arr.extend(tainted_arr) + + # 传递给sink + taint_sink(arr) + +def taint_sink(o): + os.system(''.join(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + array_extend_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/array/array_extend_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/array/array_extend_002_F.py new file mode 100644 index 00000000..db1f941e --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/array/array_extend_002_F.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->数组 +# scene introduction = extend操作 +# level = 2+ +# bind_url = completeness/single_app_tracing/datatype/array/array_extend_002_F +# evaluation information end + +import os +import array + +def array_extend_002_F(taint_src): + # 创建初始数组 + arr = array.array('u', ['a', 'b']) + + clean_arr = array.array('u', ['x']) + + # 执行extend操作 + arr.extend(clean_arr) + + # 传递给sink + taint_sink(arr) + +def taint_sink(o): + os.system(''.join(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + array_extend_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/array/config.json b/sast-python3/case/completeness/single_app_tracing/datatype/array/config.json index b0980d40..de7db0ac 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/array/config.json +++ b/sast-python3/case/completeness/single_app_tracing/datatype/array/config.json @@ -23,6 +23,10 @@ "compose": "array_003_T.py && !array_004_F.py", "scene": "append操作" }, + { + "compose": "array_extend_001_T.py && !array_extend_002_F.py", + "scene": "extend操作" + }, { "compose": "extslice_001_T.py && !extslice_002_F.py", "scene": "多维切片" diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_extend_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_extend_001_T.py new file mode 100644 index 00000000..1723eeaf --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_extend_001_T.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->可变字节序列 +# scene introduction = bytearray扩展操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/bytearray/bytearray_extend_001_T +# evaluation information end + +import os + +def bytearray_extend_001_T(taint_src): + # 创建初始的干净bytearray + ba = bytearray("clean_data", 'utf-8') + + # 创建包含污点数据的bytes + tainted_bytes = bytearray(taint_src, 'utf-8') + + # 使用extend操作扩展污点数据 + ba.extend(tainted_bytes) + + # 将扩展后的bytearray传递给sink,期望引擎识别出污点数据 + taint_sink(ba) + +def taint_sink(o): + os.system(bytes(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + bytearray_extend_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_extend_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_extend_002_F.py new file mode 100644 index 00000000..0795b803 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_extend_002_F.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->可变字节序列 +# scene introduction = bytearray扩展操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/bytearray/bytearray_extend_002_F +# evaluation information end + +import os + +def bytearray_extend_002_F(taint_src): + # 创建初始的干净bytearray + ba = bytearray("clean_data", 'utf-8') + + # 创建干净的bytes数据 + clean_bytes = bytearray("more_clean_data", 'utf-8') + + # 使用extend操作扩展干净数据 + ba.extend(clean_bytes) + + # 将扩展后的bytearray传递给sink,期望引擎不识别为污点数据 + taint_sink(ba) + +def taint_sink(o): + os.system(bytes(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + bytearray_extend_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_slice_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_slice_001_T.py new file mode 100644 index 00000000..97e22b2d --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_slice_001_T.py @@ -0,0 +1,28 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->可变字节序列 +# scene introduction = bytearray切片操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/bytearray/bytearray_slice_001_T +# evaluation information end + +import os + +def bytearray_slice_001_T(taint_src): + # 创建包含污点数据的bytearray + clean_part = "clean_data_" + ba = bytearray(clean_part + taint_src, 'utf-8') + + # 通过切片操作提取包含污点数据的部分 + tainted_slice = ba[len(clean_part):len(clean_part) + len(taint_src)] + + # 将切片结果传递给sink,期望引擎识别出污点数据 + taint_sink(tainted_slice) + +def taint_sink(o): + os.system(bytes(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + bytearray_slice_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_slice_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_slice_002_F.py new file mode 100644 index 00000000..d1da54b8 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_slice_002_F.py @@ -0,0 +1,28 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->可变字节序列 +# scene introduction = bytearray切片操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/bytearray/bytearray_slice_002_F +# evaluation information end + +import os + +def bytearray_slice_002_F(taint_src): + # 创建只包含干净数据的bytearray + clean_data = "clean_data_only" + ba = bytearray(clean_data, 'utf-8') + + # 通过切片操作提取部分数据 + clean_slice = ba[0:5] # 提取"clean" + + # 将切片结果传递给sink,期望引擎不识别为污点数据 + taint_sink(clean_slice) + +def taint_sink(o): + os.system(bytes(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + bytearray_slice_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/config.json b/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/config.json index 8ef1d3f0..55de22a5 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/config.json +++ b/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/config.json @@ -9,6 +9,14 @@ { "compose": "bytearray_001_T.py && !bytearray_002_F.py", "scene": "构造函数形式" + }, + { + "compose": "bytearray_slice_001_T.py && !bytearray_slice_002_F.py", + "scene": "切片操作" + }, + { + "compose": "bytearray_extend_001_T.py && !bytearray_extend_002_F.py", + "scene": "扩展操作" } ] } diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/collections/config.json b/sast-python3/case/completeness/single_app_tracing/datatype/collections/config.json index 10037be8..19166444 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/collections/config.json +++ b/sast-python3/case/completeness/single_app_tracing/datatype/collections/config.json @@ -26,6 +26,10 @@ { "compose": "set_007_T.py && !set_008_F.py", "scene": "差集操作" + }, + { + "compose": "set_remove_001_T.py && !set_remove_002_F.py", + "scene": "set元素删除操作" } ] } diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/collections/set_006_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/collections/set_006_F.py index c370ab3c..2e2f4df6 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/collections/set_006_F.py +++ b/sast-python3/case/completeness/single_app_tracing/datatype/collections/set_006_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->集合 # scene introduction = 交集-并集 # level = 2+ diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/collections/set_remove_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/collections/set_remove_001_T.py new file mode 100644 index 00000000..ae6ef758 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/collections/set_remove_001_T.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->集合 +# scene introduction = set元素删除操作 +# level = 2+ +# bind_url = completeness/single_app_tracing/datatype/collections/set_remove_001_T +# evaluation information end + +import os + +def set_remove_001_T(taint_src): + # 创建包含污点数据的set + s = {taint_src, 'clean1', 'clean2'} + + # 从set中删除污点元素 + s.remove('clean1') + + # 将删除后的set传递给sink + taint_sink(s) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + set_remove_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/collections/set_remove_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/collections/set_remove_002_F.py new file mode 100644 index 00000000..5526a7c3 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/collections/set_remove_002_F.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->集合 +# scene introduction = set元素删除操作 +# level = 2+ +# bind_url = completeness/single_app_tracing/datatype/collections/set_remove_002_F +# evaluation information end + +import os + +def set_remove_002_F(taint_src): + # 创建只包含干净数据的set + s = {taint_src, 'clean2', 'clean3'} + + # 从set中删除干净元素 + s.remove(taint_src) + + # 将删除后的set传递给sink + taint_sink(s) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + set_remove_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/config.json b/sast-python3/case/completeness/single_app_tracing/datatype/list/config.json index 9595fa87..1607d8cd 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/list/config.json +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/config.json @@ -18,6 +18,26 @@ "compose": "list_005_T.py && !list_006_F.py", "scene": "append操作" }, + { + "compose": "list_extend_001_T.py && !list_extend_002_F.py", + "scene": "extend操作" + }, + { + "compose": "list_insert_001_T.py && !list_insert_002_F.py", + "scene": "insert操作" + }, + { + "compose": "list_remove_001_T.py && !list_remove_002_F.py", + "scene": "remove操作" + }, + { + "compose": "list_pop_001_T.py && !list_pop_002_F.py", + "scene": "pop操作" + }, + { + "compose": "list_concat_001_T.py && !list_concat_002_F.py", + "scene": "连接操作" + }, { "compose": "list_007_T.py && !list_008_F.py", "scene": "泛型容器类型" diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_concat_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_concat_001_T.py new file mode 100644 index 00000000..cd4ae1d8 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_concat_001_T.py @@ -0,0 +1,31 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->列表 +# scene introduction = 连接操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/list/list_concat_001_T +# evaluation information end + +import os + +def list_concat_001_T(taint_src): + + # 创建包含污点数据的列表 + lst2 = [taint_src, 'clean3'] + + # 创建初始列表 + lst1 = ['clean1', 'clean2'] + + # 执行连接操作(+运算符) + result = lst2 + lst1 + + # 传递给sink + taint_sink(result) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + list_concat_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_concat_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_concat_002_F.py new file mode 100644 index 00000000..962e2bcb --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_concat_002_F.py @@ -0,0 +1,29 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->列表 +# scene introduction = 连接操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/list/list_concat_002_F +# evaluation information end + +import os + +def list_concat_002_F(taint_src): + # 创建初始列表 + lst1 = ['clean1', 'clean2'] + + lst2 = ['clean3', 'clean4'] + + # 执行连接操作(+运算符) + result = lst1 + lst2 + + # 传递给sink + taint_sink(result) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + list_concat_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_extend_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_extend_001_T.py new file mode 100644 index 00000000..2d5fc1de --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_extend_001_T.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->列表 +# scene introduction = extend操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/list/list_extend_001_T +# evaluation information end + +import os + +def list_extend_001_T(taint_src): + # 创建初始列表 + tainted_list = [taint_src] + + # 创建初始列表 + lst = ['clean1', 'clean2'] + + # 执行extend操作,将污点数据扩展到干净列表 + tainted_list.extend(lst) + + # 传递给sink + taint_sink(tainted_list) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + list_extend_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_extend_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_extend_002_F.py new file mode 100644 index 00000000..bcdf9616 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_extend_002_F.py @@ -0,0 +1,29 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->列表 +# scene introduction = extend操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/list/list_extend_002_F +# evaluation information end + +import os + +def list_extend_002_F(taint_src): + # 创建初始列表 + lst = ['clean1', 'clean2'] + + tainted_list = ['clean3'] + + # 执行extend操作 + tainted_list.extend(lst) + + # 传递给sink + taint_sink(tainted_list) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + list_extend_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_insert_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_insert_001_T.py new file mode 100644 index 00000000..3c98cdc5 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_insert_001_T.py @@ -0,0 +1,28 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->列表 +# scene introduction = insert操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/list/list_insert_001_T +# evaluation information end + +import os + +def list_insert_001_T(taint_src): + + # 创建初始列表 + lst = ['clean1', 'clean2'] + + # 在指定位置插入数据 + lst.insert(0, taint_src) + + # 传递给sink + taint_sink(lst) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + list_insert_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_insert_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_insert_002_F.py new file mode 100644 index 00000000..7dcbb275 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_insert_002_F.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->列表 +# scene introduction = insert操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/list/list_insert_002_F +# evaluation information end + +import os + +def list_insert_002_F(taint_src): + # 创建初始列表 + lst = ['clean1', 'clean2'] + + # 在指定位置插入干净数据 + lst.insert(0, 'clean3') + + # 传递给sink + taint_sink(lst) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + list_insert_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_pop_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_pop_001_T.py new file mode 100644 index 00000000..c704f15b --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_pop_001_T.py @@ -0,0 +1,28 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->列表 +# scene introduction = pop操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/list/list_pop_001_T +# evaluation information end + +import os + +def list_pop_001_T(taint_src): + + # 创建包含污点数据的列表,污点元素在首位 + lst = [taint_src, 'clean1', 'clean2'] + + # 弹出指定位置的元素(污点元素) + popped = lst.pop(0) + + # 将弹出的元素传递给sink + taint_sink(popped) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + list_pop_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_pop_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_pop_002_F.py new file mode 100644 index 00000000..a26784ab --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_pop_002_F.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->列表 +# scene introduction = pop操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/list/list_pop_002_F +# evaluation information end + +import os + +def list_pop_002_F(taint_src): + # 创建包含干净数据的列表 + lst = ['clean1', taint_src, 'clean3'] + + # 弹出指定位置的元素(干净元素) + popped = lst.pop(0) + + # 将弹出的元素传递给sink + taint_sink(popped) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + list_pop_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_remove_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_remove_001_T.py new file mode 100644 index 00000000..afb527e2 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_remove_001_T.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->列表 +# scene introduction = remove操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/list/list_remove_001_T +# evaluation information end + +import os + +def list_remove_001_T(taint_src): + # 创建包含污点数据的列表 + lst = ['clean1', taint_src, 'clean3'] + + # 删除污点元素 + lst.remove('clean1') + + # 传递给sink + taint_sink(lst) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + list_remove_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_remove_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_remove_002_F.py new file mode 100644 index 00000000..ae3e1d75 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_remove_002_F.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->列表 +# scene introduction = remove操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/list/list_remove_002_F +# evaluation information end + +import os + +def list_remove_002_F(taint_src): + # 创建包含干净数据的列表 + lst = ['clean1', taint_src, 'clean3'] + + # 删除干净元素 + lst.remove(taint_src) + + # 传递给sink + taint_sink(lst) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + list_remove_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/map/config.json b/sast-python3/case/completeness/single_app_tracing/datatype/map/config.json index 14e75f4c..adf9ce94 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/map/config.json +++ b/sast-python3/case/completeness/single_app_tracing/datatype/map/config.json @@ -14,6 +14,10 @@ "compose": "map_003_T.py && !map_004_F.py", "scene": "字典/映射(Map)对象2" }, + { + "compose": "map_pop_001_T.py && !map_pop_002_F.py", + "scene": "pop操作" + }, { "compose": "map_009_T.py && !map_010_F.py", "scene": "泛型映射" diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/map/map_pop_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/map/map_pop_001_T.py new file mode 100644 index 00000000..9a7b70db --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/map/map_pop_001_T.py @@ -0,0 +1,26 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字典 +# scene introduction = pop操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/map/map_pop_001_T +# evaluation information end + +import os + +def map_pop_001_T(taint_src): + # 创建包含污点数据的字典 + m = {"key1": taint_src, "key2": "clean"} + + # 弹出指定键的值(污点值) + popped_value = m.pop("key1") + # 将弹出的值传递给sink + taint_sink(popped_value) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + map_pop_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/map/map_pop_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/map/map_pop_002_F.py new file mode 100644 index 00000000..39f081f4 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/map/map_pop_002_F.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字典 +# scene introduction = pop操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/map/map_pop_002_F +# evaluation information end + +import os + +def map_pop_002_F(taint_src): + # 创建包含干净数据的字典 + m = {"key1": "clean1", "key2": taint_src} + + # 弹出指定键的值(干净值) + popped_value = m.pop("key1") + + # 将弹出的值传递给sink + taint_sink(popped_value) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + map_pop_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/primitives/bool_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/primitives/bool_002_F.py index 2a745afc..60730f1b 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/primitives/bool_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/datatype/primitives/bool_002_F.py @@ -9,11 +9,12 @@ import os def bool_002_F(taint_src): - taint_sink(taint_src) + tainted_bool = False + taint_sink(tainted_bool) def taint_sink(o): os.system(str(o)) if __name__ == "__main__": - taint_src = False + taint_src = True bool_002_F(taint_src) diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/config.json b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/config.json index 2da4fcba..55aa7b93 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/config.json +++ b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/config.json @@ -18,6 +18,22 @@ { "compose": "tuple_003_T.py && !tuple_004_F.py", "scene": "解包操作" + }, + { + "compose": "tuple_index_001_T.py && !tuple_index_002_F.py", + "scene": "元组索引访问" + }, + { + "compose": "tuple_slice_001_T.py && !tuple_slice_002_F.py", + "scene": "元组切片操作" + }, + { + "compose": "tuple_concat_001_T.py && !tuple_concat_002_F.py", + "scene": "元组连接操作" + }, + { + "compose": "tuple_repeat_001_T.py && !tuple_repeat_002_F.py", + "scene": "元组重复操作" } ] } diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_002_F.py index c68c8549..71285384 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_002_F.py @@ -1,5 +1,5 @@ # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->元组 # scene introduction = 元组字面量 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_004_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_004_F.py index 9bb62c89..70b06d89 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_004_F.py +++ b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_004_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->元组 # scene introduction = 解包操作 # level = 2+ diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_concat_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_concat_001_T.py new file mode 100644 index 00000000..ed29c9b8 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_concat_001_T.py @@ -0,0 +1,33 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->元组 +# scene introduction = 元组连接操作 +# level = 2+ +# bind_url = completeness/single_app_tracing/datatype/tuple/tuple_concat_001_T +# evaluation information end + +import os + +def tuple_concat_001_T(taint_src): + # 直接使用污点数据 + tainted_data = taint_src + + # 创建包含污点数据的元组 + t1 = (tainted_data,) + + # 创建干净的元组 + t2 = ("clean1", "clean2") + + # 执行连接操作 + result = t1 + t2 + + # 传递给sink + taint_sink(result) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + tuple_concat_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_concat_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_concat_002_F.py new file mode 100644 index 00000000..b498d758 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_concat_002_F.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->元组 +# scene introduction = 元组连接操作 +# level = 2+ +# bind_url = completeness/single_app_tracing/datatype/tuple/tuple_concat_002_F +# evaluation information end + +import os + +def tuple_concat_002_F(taint_src): + # 创建干净的元组 + t1 = ("clean1",) + + # 创建干净的元组 + t2 = ("clean2", "clean3") + + # 执行连接操作 + result = t1 + t2 + + # 传递给sink + taint_sink(result) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + tuple_concat_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_index_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_index_001_T.py new file mode 100644 index 00000000..7e7af560 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_index_001_T.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->元组 +# scene introduction = 元组索引访问 +# level = 2+ +# bind_url = completeness/single_app_tracing/datatype/tuple/tuple_index_001_T +# evaluation information end + +import os + +def tuple_index_001_T(taint_src): + # 直接使用污点数据 + tainted_data = taint_src + + # 创建包含污点数据的元组 + t = (tainted_data, "clean1", "clean2") + + # 访问第一个元素 + first_item = t[0] + + # 传递给sink + taint_sink(first_item) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + tuple_index_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_index_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_index_002_F.py new file mode 100644 index 00000000..94cca3c8 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_index_002_F.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->元组 +# scene introduction = 元组索引访问 +# level = 2+ +# bind_url = completeness/single_app_tracing/datatype/tuple/tuple_index_002_F +# evaluation information end + +import os + +def tuple_index_002_F(taint_src): + # 创建包含干净数据的元组 + t = ("clean1", taint_src, "clean3") + + # 访问第一个元素 + first_item = t[0] + + # 传递给sink + taint_sink(first_item) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + tuple_index_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_repeat_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_repeat_001_T.py new file mode 100644 index 00000000..b6b9ea45 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_repeat_001_T.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->元组 +# scene introduction = 元组重复操作 +# level = 2+ +# bind_url = completeness/single_app_tracing/datatype/tuple/tuple_repeat_001_T +# evaluation information end + +import os + +def tuple_repeat_001_T(taint_src): + # 直接使用污点数据 + tainted_data = taint_src + + # 创建包含污点数据的元组 + t = (tainted_data,) + + # 执行重复操作 + result = t * 3 + + # 传递给sink + taint_sink(result) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + tuple_repeat_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_repeat_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_repeat_002_F.py new file mode 100644 index 00000000..0725a43a --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_repeat_002_F.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->元组 +# scene introduction = 元组重复操作 +# level = 2+ +# bind_url = completeness/single_app_tracing/datatype/tuple/tuple_repeat_002_F +# evaluation information end + +import os + +def tuple_repeat_002_F(taint_src): + # 创建干净的元组 + t = ("clean1",) + + # 执行重复操作 + result = t * 3 + + # 传递给sink + taint_sink(result) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + tuple_repeat_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_slice_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_slice_001_T.py new file mode 100644 index 00000000..c77d5fc5 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_slice_001_T.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->元组 +# scene introduction = 元组切片操作 +# level = 2+ +# bind_url = completeness/single_app_tracing/datatype/tuple/tuple_slice_001_T +# evaluation information end + +import os + +def tuple_slice_001_T(taint_src): + # 直接使用污点数据 + tainted_data = taint_src + + # 创建包含污点数据的元组 + t = ("clean1", tainted_data, "clean2") + + # 执行切片操作,获取包含污点的部分 + slice_result = t[1:2] + + # 传递给sink + taint_sink(slice_result) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + tuple_slice_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_slice_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_slice_002_F.py new file mode 100644 index 00000000..0e5a8db7 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_slice_002_F.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->元组 +# scene introduction = 元组切片操作 +# level = 2+ +# bind_url = completeness/single_app_tracing/datatype/tuple/tuple_slice_002_F +# evaluation information end + +import os + +def tuple_slice_002_F(taint_src): + # 创建包含干净数据的元组 + t = (taint_src, "clean2", "clean3") + + # 执行切片操作 + slice_result = t[1:2] + + # 传递给sink + taint_sink(slice_result) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + tuple_slice_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_catch_001_T.py b/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_catch_001_T.py index 6d365d92..b2de8416 100644 --- a/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_catch_001_T.py +++ b/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_catch_001_T.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = false +# real case = true # evaluation item = 完整度->单应用跟踪完整度->异常与错误处理->异常抛出与捕获 # scene introduction = exception_catch # level = 2+ diff --git a/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_mult_002_F.py b/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_mult_002_F.py index 325f5b9b..1e9661ec 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_mult_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_mult_002_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 # scene introduction = 二元运算->乘 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_sub_002_F.py b/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_sub_002_F.py index e6b60637..47f380fc 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_sub_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_sub_002_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 # scene introduction = 二元运算->减 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/expression/conditional_expression/logical_or_002_F.py b/sast-python3/case/completeness/single_app_tracing/expression/conditional_expression/logical_or_002_F.py index 9843bf64..df509edb 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/conditional_expression/logical_or_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/conditional_expression/logical_or_002_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->条件表达式 # scene introduction = 逻辑或 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/config.json b/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/config.json index 79def60c..a4c2401f 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/config.json +++ b/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/config.json @@ -9,6 +9,10 @@ { "compose": "lambda_expression_001_T.py && !lambda_expression_002_F.py", "scene": "lambda关键字" + }, + { + "compose": "lambda_multi_params_001_T.py && !lambda_multi_params_002_F.py", + "scene": "多参数lambda表达式" } ] } diff --git a/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/lambda_multi_params_001_T.py b/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/lambda_multi_params_001_T.py new file mode 100644 index 00000000..36483aa5 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/lambda_multi_params_001_T.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->表达式->Lambda表达式 +# scene introduction = 多参数lambda表达式 +# level = 2 +# bind_url = completeness/single_app_tracing/expression/lambda_expression/lambda_multi_params_001_T +# evaluation information end + +import os + +def lambda_multi_params_001_T(taint_src): + # 直接使用污点数据 + tainted_data = taint_src + + # 创建多参数lambda函数 + lambda_func = lambda x, y, z: x + y + z + + # 调用lambda函数,第一个参数是污点数据 + result = lambda_func(tainted_data, "_clean", "_clean") + + # 传递给sink + taint_sink(result) + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + lambda_multi_params_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/lambda_multi_params_002_F.py b/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/lambda_multi_params_002_F.py new file mode 100644 index 00000000..5269bb5f --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/lambda_multi_params_002_F.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->表达式->Lambda表达式 +# scene introduction = 多参数lambda表达式 +# level = 2 +# bind_url = completeness/single_app_tracing/expression/lambda_expression/lambda_multi_params_002_F +# evaluation information end + +import os + +def lambda_multi_params_002_F(taint_src): + # 创建多参数lambda函数 + lambda_func = lambda x, y, z: x + y + z + + # 调用lambda函数,两个参数都是干净数据 + result = lambda_func("clean1", "clean2", "clean3") + + # 传递给sink函数,一个参数是污点数据 + taint_sink(result) + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + lambda_multi_params_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_006_F.py b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_006_F.py index 2bfe9d32..3fc521d2 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_006_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_006_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 # scene introduction = del运算符->字典键值对 # level = 2+ diff --git a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_008_F.py b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_008_F.py index 6f389dad..5a3ed68e 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_008_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_008_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 # scene introduction = del运算符->切片 # level = 2+ diff --git a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/list_comprehension_002_F.py b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/list_comprehension_002_F.py index 915ab6d2..7683fdd8 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/list_comprehension_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/list_comprehension_002_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 # scene introduction = 列表推导式 # level = 3 diff --git a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/map_comprehension_002_F.py b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/map_comprehension_002_F.py index f5457289..b53c3e6c 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/map_comprehension_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/map_comprehension_002_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 # scene introduction = 字典推导式 # level = 3 diff --git a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/set_comprehension_001_T.py b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/set_comprehension_001_T.py index a14703bc..fce29dd4 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/set_comprehension_001_T.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/set_comprehension_001_T.py @@ -10,8 +10,8 @@ import os # 调整内容 def set_comprehension_001_T(taint_src): - # 使用集合推导式生成一个包含偶数的集合 - s = {x for x in range(5) if x % taint_src == 0} # 只保留偶数 + # 使用集合推导式,将污点源 taint_src 直接作为集合中的元素(突出集合推导式直接包含污点源) + s = {taint_src for _ in range(1)} # 集合推导式中直接将污点源作为元素输出 taint_sink(s) def taint_sink(o): diff --git a/sast-python3/case/completeness/single_app_tracing/expression/type_cast/bool_conversion_002_F.py b/sast-python3/case/completeness/single_app_tracing/expression/type_cast/bool_conversion_002_F.py index 7ed8477c..704ee846 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/type_cast/bool_conversion_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/type_cast/bool_conversion_002_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->类型转换 # scene introduction = 布尔转换 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/expression/type_cast/type_cast_002_F.py b/sast-python3/case/completeness/single_app_tracing/expression/type_cast/type_cast_002_F.py index a67d8524..ece12278 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/type_cast/type_cast_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/type_cast/type_cast_002_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->类型转换 # scene introduction = 隐式类型转换 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/function_call/generator_function/yieldFrom_001_T.py b/sast-python3/case/completeness/single_app_tracing/function_call/generator_function/yieldFrom_001_T.py index a06a687e..041c1456 100644 --- a/sast-python3/case/completeness/single_app_tracing/function_call/generator_function/yieldFrom_001_T.py +++ b/sast-python3/case/completeness/single_app_tracing/function_call/generator_function/yieldFrom_001_T.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = false +# real case = true # evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->生成器函数 # scene introduction = yield_from # level = 2+ diff --git a/sast-python3/case/completeness/single_app_tracing/function_call/generator_function/yieldFrom_003_T.py b/sast-python3/case/completeness/single_app_tracing/function_call/generator_function/yieldFrom_003_T.py index 4c5e9377..e6ed90da 100644 --- a/sast-python3/case/completeness/single_app_tracing/function_call/generator_function/yieldFrom_003_T.py +++ b/sast-python3/case/completeness/single_app_tracing/function_call/generator_function/yieldFrom_003_T.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = false +# real case = true # evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->生成器函数 # scene introduction = yield_from # level = 2+