From b63c9011148c28e3dbedb2ee67515d1d95dde9cb Mon Sep 17 00:00:00 2001 From: "mengmeng.meng" Date: Tue, 30 Sep 2025 17:04:03 +0800 Subject: [PATCH 1/7] go case update --- .../cross_directory/config.json | 40 +++++++++++++++++++ .../cross/cross_01/cross_01.go | 18 +++++++++ .../cross/cross_01/go.mod | 3 ++ .../cross_directory_011_T_a.go | 23 +++++++++++ .../cross_directory_011_T/go.mod | 7 ++++ .../cross/cross_01/cross_01.go | 18 +++++++++ .../cross/cross_01/go.mod | 3 ++ .../cross_directory_012_F_a.go | 23 +++++++++++ .../cross_directory_012_F/go.mod | 7 ++++ .../cross/other/cross_01/cross_01.go | 18 +++++++++ .../cross/other/cross_01/go.mod | 3 ++ .../cross_directory_013_T_a.go | 23 +++++++++++ .../cross_directory_013_T/go.mod | 7 ++++ .../cross/other/cross_01/cross_01.go | 18 +++++++++ .../cross/other/cross_01/go.mod | 3 ++ .../cross_directory_014_F_a.go | 23 +++++++++++ .../cross_directory_014_F/go.mod | 7 ++++ .../cross/cross_directory_015_T.go | 33 +++++++++++++++ .../cross/cross_init/cross_init.go | 15 +++++++ .../cross_directory_015_T/go.mod | 3 ++ .../cross/cross_directory_016_F.go | 31 ++++++++++++++ .../cross/cross_init/cross_init.go | 16 ++++++++ .../cross_directory_016_F/go.mod | 3 ++ .../cross/cross_directory_017_T.go | 38 ++++++++++++++++++ .../cross/cross_init/cross_init_01.go | 21 ++++++++++ .../cross/cross_init/cross_init_02.go | 20 ++++++++++ .../cross_directory_017_T/go.mod | 3 ++ .../cross/cross_directory_018_F.go | 40 +++++++++++++++++++ .../cross/cross_init/cross_init_01.go | 21 ++++++++++ .../cross/cross_init/cross_init_02.go | 20 ++++++++++ .../cross_directory_018_F/go.mod | 3 ++ .../cross/cross_directory_019_T.go | 38 ++++++++++++++++++ .../cross/cross_init/cross_init_01.go | 23 +++++++++++ .../cross/cross_init/cross_init_02.go | 20 ++++++++++ .../cross_directory_019_T/go.mod | 3 ++ .../cross/cross_directory_020_F.go | 38 ++++++++++++++++++ .../cross/cross_init/cross_init_01.go | 23 +++++++++++ .../cross/cross_init/cross_init_02.go | 20 ++++++++++ .../cross_directory_020_F/go.mod | 3 ++ .../cross_directory_021_T/cross/cross.go | 20 ++++++++++ .../cross_directory_021_T/go.mod | 3 ++ .../main_dir/cross_directory_021_T_a.go | 24 +++++++++++ .../main_dir/cross_directory_021_T_b.go | 25 ++++++++++++ .../other/cross/cross.go | 19 +++++++++ .../cross_directory_022_F/cross/cross.go | 20 ++++++++++ .../cross_directory_022_F/go.mod | 3 ++ .../main_dir/cross_directory_022_F_a.go | 24 +++++++++++ .../main_dir/cross_directory_022_F_b.go | 25 ++++++++++++ .../other/cross/cross.go | 19 +++++++++ .../cross/cross_01/cross_01.go | 14 +++++++ .../cross/cross_directory_023_T.go | 31 ++++++++++++++ .../cross_directory_023_T/go.mod | 3 ++ .../cross/cross_01/cross_01.go | 14 +++++++ .../cross/cross_directory_024_F.go | 33 +++++++++++++++ .../cross_directory_024_F/go.mod | 3 ++ .../cross/cross_01/pkg.go | 23 +++++++++++ .../cross/cross_directory_025_T.go | 32 +++++++++++++++ .../cross_directory_025_T/go.mod | 3 ++ .../cross/cross_01/pkg.go | 23 +++++++++++ .../cross/cross_directory_026_F.go | 32 +++++++++++++++ .../cross_directory_026_F/go.mod | 3 ++ .../cross_directory_027_T/cross_01/pkg.go | 23 +++++++++++ .../cross_directory_027_T/cross_02/pkg.go | 22 ++++++++++ .../cross_directory_027_T.go | 27 +++++++++++++ .../cross_directory_027_T/go.mod | 3 ++ .../cross_directory_028_F/cross_01/pkg.go | 23 +++++++++++ .../cross_directory_028_F/cross_02/pkg.go | 22 ++++++++++ .../cross_directory_028_F.go | 27 +++++++++++++ .../cross_directory_028_F/go.mod | 3 ++ .../cross/cross_directory_029_T.go | 37 +++++++++++++++++ .../cross_directory_029_T/cross/go.mod | 3 ++ .../cross_directory_029_T/cross/pkg/pkg.go | 18 +++++++++ .../cross/cross_directory_030_F.go | 37 +++++++++++++++++ .../cross_directory_030_F/cross/go.mod | 3 ++ .../cross_directory_030_F/cross/pkg/pkg.go | 18 +++++++++ .../cross_module/config.json | 4 ++ .../cross_module_005_T_a/main.go | 32 +++++++++++++++ .../cross_module_005_T_b/main.go | 31 ++++++++++++++ .../cross_module/cross_module_005_T/go.mod | 3 ++ .../cross_module_006_F_a/main.go | 34 ++++++++++++++++ .../cross_module_006_F_b/main.go | 31 ++++++++++++++ .../cross_module/cross_module_006_F/go.mod | 3 ++ .../if_return_nil_001_T.go | 8 ++-- .../if_return_nil_002_F.go | 11 ++--- .../if_return_tuple_001_T.go | 2 + .../multiple_return_struct_001_F.go | 11 ++--- .../multiple_return_struct_002_T.go | 15 +++---- .../named_return_004_T/named_return_004_T.go | 2 +- 88 files changed, 1506 insertions(+), 22 deletions(-) create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/cross_01.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross_directory_011_T_a/cross_directory_011_T_a.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/cross_01.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross_directory_012_F_a/cross_directory_012_F_a.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/cross_01.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross_directory_013_T_a/cross_directory_013_T_a.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/cross_01.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross_directory_014_F_a/cross_directory_014_F_a.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_directory_015_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_init.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_directory_016_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_init.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_directory_017_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_init_01.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_init_02.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_directory_018_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_init_01.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_init_02.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_directory_019_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_init_01.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_init_02.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_directory_020_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_init_01.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_init_02.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/cross/cross.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_a.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_b.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/other/cross/cross.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/cross/cross.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_a.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_b.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/other/cross/cross.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_01/cross_01.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_directory_023_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_01/cross_01.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_directory_024_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_01/pkg.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_directory_025_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_01/pkg.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_directory_026_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_01/pkg.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_02/pkg.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_01/pkg.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_02/pkg.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_directory_029_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/pkg/pkg.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_directory_030_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/pkg/pkg.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/main.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/main.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/main.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/main.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/go.mod diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/config.json b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/config.json index 99274d08..fe5011e6 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/config.json +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/config.json @@ -25,6 +25,46 @@ { "compose": "(cross_directory_009_T/cross/cross_directory_009_T.go || cross_directory_009_T/cross/cross_init/cross_directory_init_009_T.go) && !(cross_directory_010_F/cross/cross_directory_010_F.go || cross_directory_010_F/cross/cross_init/cross_directory_init_010_F.go)", "scene": "跨package5" + }, + { + "compose": "(cross_directory_011_T/cross/cross_01/cross_01.go || cross_directory_011_T/cross_directory_011_T_a/cross_directory_011_T_a.go) && !(cross_directory_012_F/cross/cross_01/cross_01.go || cross_directory_012_F/cross_directory_012_F_a/cross_directory_012_F_a.go)", + "scene": "replace包层级调用链1" + }, + { + "compose": "(cross_directory_013_T/cross/other/cross_01/cross_01.go || cross_directory_013_T/cross_directory_013_T_a/cross_directory_013_T_a.go) && !(cross_directory_014_F/cross/other/cross_01/cross_01.go || cross_directory_014_F/cross_directory_014_F_a/cross_directory_014_F_a.go)", + "scene": "replace包层级调用链2" + }, + { + "compose": "(cross_directory_015_T/cross/cross_init/cross_init.go || cross_directory_015_T/cross/cross_directory_015_T.go) && !(cross_directory_016_F/cross/cross_init/cross_init.go || cross_directory_016_F/cross/cross_directory_016_F.go)", + "scene": "init函数自动执行" + }, + { + "compose": "(cross_directory_017_T/cross/cross_init/cross_init_01.go || cross_directory_017_T/cross/cross_init/cross_init_02.go || cross_directory_017_T/cross/cross_directory_017_T.go) && !(cross_directory_018_F/cross/cross_init/cross_init_01.go || cross_directory_018_F/cross/cross_init/cross_init_02.go || cross_directory_018_F/cross/cross_directory_018_F.go)", + "scene": "多init函数顺序执行1" + }, + { + "compose": "(cross_directory_019_T/cross/cross_init/cross_init_01.go || cross_directory_019_T/cross/cross_init/cross_init_02.go || cross_directory_019_T/cross/cross_directory_019_T.go) && !(cross_directory_020_F/cross/cross_init/cross_init_01.go || cross_directory_020_F/cross/cross_init/cross_init_02.go || cross_directory_020_F/cross/cross_directory_020_F.go)", + "scene": "多init函数顺序执行2" + }, + { + "compose": "(cross_directory_021_T/cross/cross.go || cross_directory_021_T/main_dir/cross_directory_021_T_a.go || cross_directory_021_T/main_dir/cross_directory_021_T_b.go || cross_directory_021_T/other/cross/cross.go) && !(cross_directory_022_F/cross/cross.go || cross_directory_022_F/main_dir/cross_directory_022_F_a.go || cross_directory_022_F/main_dir/cross_directory_022_F_b.go || cross_directory_022_F/other/cross/cross.go)", + "scene": "同名包导入区分" + }, + { + "compose": "(cross_directory_023_T/cross/cross_directory_023_T.go || cross_directory_023_T/cross/cross_01/cross_01.go) && !(cross_directory_024_F/cross/cross_directory_024_F.go || cross_directory_024_F/cross/cross_01/cross_01.go)", + "scene": "可见性校验" + }, + { + "compose": "(cross_directory_025_T/cross/cross_01/pkg.go || cross_directory_025_T/cross/cross_directory_025_T.go) && !(cross_directory_026_F/cross/cross_01/pkg.go || cross_directory_026_F/cross/cross_directory_026_F.go)", + "scene": "导入路径与包名解耦" + }, + { + "compose": "(cross_directory_027_T/cross_01/pkg.go || cross_directory_027_T/cross_02/pkg.go || cross_directory_027_T/cross_directory_027_T.go) && !(cross_directory_028_F/cross_01/pkg.go || cross_directory_028_F/cross_02/pkg.go || cross_directory_028_F/cross_directory_028_F.go)", + "scene": "同名包路径区分" + }, + { + "compose": "(cross_directory_029_T/cross/pkg/pkg.go || cross_directory_029_T/cross/cross_directory_029_T.go) && !(cross_directory_030_F/cross/pkg/pkg.go || cross_directory_030_F/cross/cross_directory_030_F.go)", + "scene": "识别导入根目录" } ] } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/cross_01.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/cross_01.go new file mode 100644 index 00000000..b455ccf6 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/cross_01.go @@ -0,0 +1,18 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = replace包层级调用链 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/cross_01 +// evaluation information end + +package cross_01 +import "os/exec" + +func SayHello(taint_src string) { + __taint_sink(taint_src) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/go.mod new file mode 100644 index 00000000..2c7edc9e --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/go.mod @@ -0,0 +1,3 @@ +module cross/cross_01 + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross_directory_011_T_a/cross_directory_011_T_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross_directory_011_T_a/cross_directory_011_T_a.go new file mode 100644 index 00000000..45d4f8fc --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross_directory_011_T_a/cross_directory_011_T_a.go @@ -0,0 +1,23 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = replace包层级调用链 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross_directory_011_T_a/cross_directory_011_T_a +// evaluation information end + +// 这里有两个go.mod文件 cross_directory_011_T文件夹下的go.mod文件是负责"指路"(replace指令),当看到 import "cross/cross_01" 时 +// 不要去其他地方寻找 应该去本地的 ./cross/cross_01 目录找,cross_01文件夹下的go.mod文件是"亮明身份",告诉go模块 我确实是你要找的文件。 +// 执行跨模块文件时需先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T +// 再执行go run cross_directory_011_T_a/cross_directory_011_T_a.go +package main +import "cross/cross_01" + +func cross_directory_011_T_a(__taint_src string) { + cross_01.SayHello(__taint_src) +} + +func main() { + __taint_src := "taint_src_value" + cross_directory_011_T_a(__taint_src) +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/go.mod new file mode 100644 index 00000000..bb2fdd71 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/go.mod @@ -0,0 +1,7 @@ +module cross_directory_011_T + +go 1.20 + +replace cross/cross_01 => ./cross/cross_01 + +require cross/cross_01 v0.0.0-00010101000000-000000000000 // indirect diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/cross_01.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/cross_01.go new file mode 100644 index 00000000..ef1ae756 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/cross_01.go @@ -0,0 +1,18 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = replace包层级调用链 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/cross_01 +// evaluation information end + +package cross_01 +import "os/exec" + +func SayHello(taint_src string) { + __taint_sink("_") +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/go.mod new file mode 100644 index 00000000..2c7edc9e --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/go.mod @@ -0,0 +1,3 @@ +module cross/cross_01 + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross_directory_012_F_a/cross_directory_012_F_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross_directory_012_F_a/cross_directory_012_F_a.go new file mode 100644 index 00000000..b367fa07 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross_directory_012_F_a/cross_directory_012_F_a.go @@ -0,0 +1,23 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = replace包层级调用链 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross_directory_012_F_a/cross_directory_012_F_a +// evaluation information end + +// 这里有两个go.mod文件 cross_directory_012_F文件夹下的go.mod文件是负责"指路"(replace指令),当看到 import "cross/cross_01" 时 +// 不要去其他地方寻找 应该去本地的 ./cross/cross_01 目录找,cross_01文件夹下的go.mod文件是"亮明身份",告诉go模块 我确实是你要找的文件。 +// 执行跨模块文件时需先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F +// 再执行go run cross_directory_012_F_a/cross_directory_012_F_a.go +package main +import "cross/cross_01" + +func cross_directory_012_F_a(__taint_src string) { + cross_01.SayHello(__taint_src) +} + +func main() { + __taint_src := "taint_src_value" + cross_directory_012_F_a(__taint_src) +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/go.mod new file mode 100644 index 00000000..1158d2fa --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/go.mod @@ -0,0 +1,7 @@ +module cross_directory_012_F + +go 1.20 + +replace cross/cross_01 => ./cross/cross_01 + +require cross/cross_01 v0.0.0-00010101000000-000000000000 diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/cross_01.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/cross_01.go new file mode 100644 index 00000000..7e7f5a58 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/cross_01.go @@ -0,0 +1,18 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = replace包层级调用链 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/cross_01 +// evaluation information end + +package cross_01 +import "os/exec" + +func SayHello(taint_src string) { + __taint_sink(taint_src) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/go.mod new file mode 100644 index 00000000..35cbddd5 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/go.mod @@ -0,0 +1,3 @@ +module cross/other/cross_01 + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross_directory_013_T_a/cross_directory_013_T_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross_directory_013_T_a/cross_directory_013_T_a.go new file mode 100644 index 00000000..37afef42 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross_directory_013_T_a/cross_directory_013_T_a.go @@ -0,0 +1,23 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = replace包层级调用链 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross_directory_013_T_a/cross_directory_013_T_a +// evaluation information end + +// 这里有两个go.mod文件 cross_directory_013_T文件夹下的go.mod文件是负责"指路"(replace指令),当看到 import "cross/other/cross_01" 时 +// 不要去其他地方寻找 应该去本地的 .cross/other/cross_01 目录找,cross_01文件夹下的go.mod文件是"亮明身份",告诉go模块 我确实是你要找的文件。 +// 执行跨模块文件时需先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T +// 再执行go run cross_directory_013_T_a/cross_directory_013_T_a.go +package main +import "cross/other/cross_01" + +func cross_directory_013_T_a(__taint_src string) { + cross_01.SayHello(__taint_src) +} + +func main() { + __taint_src := "taint_src_value" + cross_directory_013_T_a(__taint_src) +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/go.mod new file mode 100644 index 00000000..80d03798 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/go.mod @@ -0,0 +1,7 @@ +module cross_directory_013_T + +go 1.20 + +replace cross/other/cross_01 => ./cross/other/cross_01 + +require cross/other/cross_01 v0.0.0-00010101000000-000000000000 // indirect diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/cross_01.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/cross_01.go new file mode 100644 index 00000000..a32fd396 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/cross_01.go @@ -0,0 +1,18 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = replace包层级调用链 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/cross_01 +// evaluation information end + +package cross_01 +import "os/exec" + +func SayHello(taint_src string) { + __taint_sink("_") +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/go.mod new file mode 100644 index 00000000..35cbddd5 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/go.mod @@ -0,0 +1,3 @@ +module cross/other/cross_01 + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross_directory_014_F_a/cross_directory_014_F_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross_directory_014_F_a/cross_directory_014_F_a.go new file mode 100644 index 00000000..0d2d958a --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross_directory_014_F_a/cross_directory_014_F_a.go @@ -0,0 +1,23 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = replace包层级调用链 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross_directory_014_F_a/cross_directory_014_F_a +// evaluation information end + +// 这里有两个go.mod文件 cross_directory_014_F文件夹下的go.mod文件是负责"指路"(replace指令),当看到 import "cross/other/cross_01" 时 +// 不要去其他地方寻找 应该去本地的 .cross/other/cross_01 目录找,cross_01文件夹下的go.mod文件是"亮明身份",告诉go模块 我确实是你要找的文件。 +// 执行跨模块文件时需先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F +// 再执行go run cross_directory_014_F_a/cross_directory_014_F_a.go +package main +import "cross/other/cross_01" + +func cross_directory_014_F_a(__taint_src string) { + cross_01.SayHello(__taint_src) +} + +func main() { + __taint_src := "taint_src_value" + cross_directory_014_F_a(__taint_src) +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/go.mod new file mode 100644 index 00000000..6bb8be51 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/go.mod @@ -0,0 +1,7 @@ +module cross_directory_014_F + +go 1.20 + +replace cross/other/cross_01 => ./cross/other/cross_01 + +require cross/other/cross_01 v0.0.0-00010101000000-000000000000 // indirect diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_directory_015_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_directory_015_T.go new file mode 100644 index 00000000..9cee3fb3 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_directory_015_T.go @@ -0,0 +1,33 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = init函数自动执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_directory_015_T +// evaluation information end + + +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross +// 再执行go run cross_directory_015_T.go + +package main + +import ( + "cross_directory_015_T/cross/cross_init" + "os/exec" +) + +// Go语言支持包中定义init函数,在这个包被首次初始化(import)时,会自动触发这个包的init函数 + +func cross_directory_015_T() { + // 看cross_init.Status是否被init处理过 + __taint_sink(cross_init.Status) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } + +func main() { + cross_directory_015_T() +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_init.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_init.go new file mode 100644 index 00000000..0a9a9b2e --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_init.go @@ -0,0 +1,15 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = init函数自动执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_init +// evaluation information end + +package cross_init + +var Status string + +func init() { + Status = "taint_src_value" +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/go.mod new file mode 100644 index 00000000..af303122 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/go.mod @@ -0,0 +1,3 @@ +module cross_directory_015_T + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_directory_016_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_directory_016_F.go new file mode 100644 index 00000000..647b6736 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_directory_016_F.go @@ -0,0 +1,31 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = init函数自动执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_directory_016_F +// evaluation information end + + +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross +// 再执行go run cross_directory_016_F.go + +package main + +import ( + "cross_directory_016_F/cross/cross_init" + "os/exec" +) + + +func cross_directory_016_F() { + __taint_sink(cross_init.Status) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } + +func main() { + cross_directory_016_F() +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_init.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_init.go new file mode 100644 index 00000000..e278acc3 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_init.go @@ -0,0 +1,16 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = init函数自动执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_init +// evaluation information end + +package cross_init + +var Status string + +func init() { + Status = "init processed" +} + diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/go.mod new file mode 100644 index 00000000..021168fc --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/go.mod @@ -0,0 +1,3 @@ +module cross_directory_016_F + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_directory_017_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_directory_017_T.go new file mode 100644 index 00000000..bd8dae04 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_directory_017_T.go @@ -0,0 +1,38 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_directory_017_T +// evaluation information end + + +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross +// 再执行go run cross_directory_017_T.go + +package main + +import ( + "cross_directory_017_T/cross/cross_init" + "os/exec" +) + +// Go语言支持同一个包中有多个init函数,这些init可以在同一个文件也可以在不同文件中。 +// init函数之间的执行是有顺序的,不同文件中则按文件排序顺序、同一文件则按init声明从上之下的顺序 +// init函数是先执行的,所有init函数执行完后才会执行自定义函数 + +func cross_directory_017_T(__taint_src string) { + cross_init.In_init_after(__taint_src) + + // 若正确处理,Status的值应该是"1234taint_src_value" + __taint_sink(cross_init.Status) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } + +func main() { + __taint_src := "taint_src_value" + cross_directory_017_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_init_01.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_init_01.go new file mode 100644 index 00000000..072d683e --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_init_01.go @@ -0,0 +1,21 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_init_01 +// evaluation information end + +package cross_init + +func init() { + Status = "1" +} + +func init() { + Status += "2" +} + +func In_init_after(taint_src string) { + Status += taint_src +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_init_02.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_init_02.go new file mode 100644 index 00000000..f398fa4d --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_init_02.go @@ -0,0 +1,20 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_init_02 +// evaluation information end + + +package cross_init + +var Status string + +func init() { + Status += "3" +} + +func init() { + Status += "4" +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/go.mod new file mode 100644 index 00000000..5242c6b6 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/go.mod @@ -0,0 +1,3 @@ +module cross_directory_017_T + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_directory_018_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_directory_018_F.go new file mode 100644 index 00000000..d7e54642 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_directory_018_F.go @@ -0,0 +1,40 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_directory_018_F +// evaluation information end + + +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross +// 再执行go run cross_directory_018_F.go + +package main + +import ( + "cross_directory_018_F/cross/cross_init" + "os/exec" + "fmt" +) + +// Go语言支持同一个包中有多个init函数,这些init可以在同一个文件也可以在不同文件中。 +// init函数之间的执行是有顺序的,不同文件中则按文件排序顺序、同一文件则按init声明从上之下的顺序 +// init函数是先执行的,所有init函数执行完后才会执行自定义函数 + +func cross_directory_018_F(__taint_src string) { + cross_init.In_init_after("abc") + + // 若正确处理,Status的值应该是"1234abc" + __taint_sink(cross_init.Status) +} + +func __taint_sink(o interface{}) { + fmt.Println("o 的值:", o) + _ = exec.Command("sh", "-c", o.(string)).Run() + } + +func main() { + __taint_src := "taint_src_value" + cross_directory_018_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_init_01.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_init_01.go new file mode 100644 index 00000000..ebd1fa84 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_init_01.go @@ -0,0 +1,21 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_init_01 +// evaluation information end + +package cross_init + +func init() { + Status = "1" +} + +func init() { + Status += "2" +} + +func In_init_after(taint_src string) { + Status += taint_src +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_init_02.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_init_02.go new file mode 100644 index 00000000..67676c1a --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_init_02.go @@ -0,0 +1,20 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_init_02 +// evaluation information end + + +package cross_init + +var Status string + +func init() { + Status += "3" +} + +func init() { + Status += "4" +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/go.mod new file mode 100644 index 00000000..894d75bf --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/go.mod @@ -0,0 +1,3 @@ +module cross_directory_018_F + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_directory_019_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_directory_019_T.go new file mode 100644 index 00000000..c3b26266 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_directory_019_T.go @@ -0,0 +1,38 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_directory_019_T +// evaluation information end + + +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross +// 再执行go run cross_directory_019_T.go + +package main + +import ( + "cross_directory_019_T/cross/cross_init" + "os/exec" + "fmt" +) + +// Go语言支持同一个包中有多个init函数,这些init可以在同一个文件也可以在不同文件中。 +// 当这个包被import时,所有包中的init函数都会被执行 + +func cross_directory_019_T(__taint_src int) { + cross_init.In_init_after(__taint_src) + + // 若正确处理,pkg.Status的值应该是20 + __taint_sink(cross_init.Status) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() + } + +func main() { + __taint_src := 10 + cross_directory_019_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_init_01.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_init_01.go new file mode 100644 index 00000000..7299b644 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_init_01.go @@ -0,0 +1,23 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_init_01 +// evaluation information end + +package cross_init + + +func init() { + Status += 1 +} + +func init() { + Status += 2 +} + + +func In_init_after(taint_src int) { + Status += taint_src +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_init_02.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_init_02.go new file mode 100644 index 00000000..02500234 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_init_02.go @@ -0,0 +1,20 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_init_02 +// evaluation information end + + +package cross_init + +var Status int = 0 + +func init() { + Status += 3 +} + +func init() { + Status += 4 +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/go.mod new file mode 100644 index 00000000..e6689719 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/go.mod @@ -0,0 +1,3 @@ +module cross_directory_019_T + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_directory_020_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_directory_020_F.go new file mode 100644 index 00000000..928788d3 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_directory_020_F.go @@ -0,0 +1,38 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_directory_020_F +// evaluation information end + + +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross +// 再执行go run cross_directory_020_F.go + +package main + +import ( + "cross_directory_020_F/cross/cross_init" + "os/exec" + "fmt" +) + +// Go语言支持同一个包中有多个init函数,这些init可以在同一个文件也可以在不同文件中。 +// 当这个包被import时,所有包中的init函数都会被执行 + +func cross_directory_020_F(__taint_src int) { + cross_init.In_init_after(0) + + // 若正确处理,pkg.Status的值应该是10 + __taint_sink(cross_init.Status) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() + } + +func main() { + __taint_src := 10 + cross_directory_020_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_init_01.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_init_01.go new file mode 100644 index 00000000..fc4a5d8c --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_init_01.go @@ -0,0 +1,23 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_init_01 +// evaluation information end + +package cross_init + + +func init() { + Status += 1 +} + +func init() { + Status += 2 +} + + +func In_init_after(taint_src int) { + Status += taint_src +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_init_02.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_init_02.go new file mode 100644 index 00000000..514443cd --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_init_02.go @@ -0,0 +1,20 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_init_02 +// evaluation information end + + +package cross_init + +var Status int = 0 + +func init() { + Status += 3 +} + +func init() { + Status += 4 +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/go.mod new file mode 100644 index 00000000..57f04550 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/go.mod @@ -0,0 +1,3 @@ +module cross_directory_020_F + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/cross/cross.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/cross/cross.go new file mode 100644 index 00000000..ed7c7653 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/cross/cross.go @@ -0,0 +1,20 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包导入区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/cross/cross +// evaluation information end + +package cross +import "os/exec" + +func SayHello(taint_src string) { + __taint_sink(taint_src) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } + + \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/go.mod new file mode 100644 index 00000000..6e69eece --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/go.mod @@ -0,0 +1,3 @@ +module cross_directory_021_T + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_a.go new file mode 100644 index 00000000..89e7017e --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_a.go @@ -0,0 +1,24 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包导入区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_a +// evaluation information end + + +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T +// 再执行go run main_dir/cross_directory_021_T_a.go + +package main +import "cross_directory_021_T/cross" + +var __taint_src = "taint_src_value" + +func init() { + cross.SayHello(__taint_src) +} + +func main() { + return +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_b.go new file mode 100644 index 00000000..aea52e21 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_b.go @@ -0,0 +1,25 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包导入区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_b +// evaluation information end + + +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T +// 再执行go run main_dir/cross_directory_021_T_b.go + + +package main +import "cross_directory_021_T/other/cross" + +var __taint_src = "taint_src_value" + +func init() { + cross.SayHello(__taint_src) +} + +func main() { + return +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/other/cross/cross.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/other/cross/cross.go new file mode 100644 index 00000000..dd2c5154 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/other/cross/cross.go @@ -0,0 +1,19 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包导入区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/other/cross/cross +// evaluation information end + + +package cross +import "os/exec" + +func SayHello(taint_src string) { + __taint_sink(taint_src) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/cross/cross.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/cross/cross.go new file mode 100644 index 00000000..388d6b04 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/cross/cross.go @@ -0,0 +1,20 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包导入区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/cross/cross +// evaluation information end + +package cross +import "os/exec" + +func SayHello(taint_src string) { + __taint_sink(taint_src) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } + + \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/go.mod new file mode 100644 index 00000000..fadb9201 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/go.mod @@ -0,0 +1,3 @@ +module cross_directory_022_F + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_a.go new file mode 100644 index 00000000..6084bd12 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_a.go @@ -0,0 +1,24 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包导入区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_a +// evaluation information end + + +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F +// 再执行go run main_dir/cross_directory_022_F_a.go + +package main +import "cross_directory_022_F/cross" + +var __taint_src = "_" + +func init() { + cross.SayHello(__taint_src) +} + +func main() { + return +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_b.go new file mode 100644 index 00000000..2975edc8 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_b.go @@ -0,0 +1,25 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包导入区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_b +// evaluation information end + + +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F +// 再执行go run main_dir/cross_directory_022_F_b.go + + +package main +import "cross_directory_022_F/other/cross" + +var __taint_src = "abc" + +func init() { + cross.SayHello(__taint_src) +} + +func main() { + return +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/other/cross/cross.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/other/cross/cross.go new file mode 100644 index 00000000..3878d3c1 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/other/cross/cross.go @@ -0,0 +1,19 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包导入区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/other/cross/cross +// evaluation information end + + +package cross +import "os/exec" + +func SayHello(taint_src string) { + __taint_sink(taint_src) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_01/cross_01.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_01/cross_01.go new file mode 100644 index 00000000..7d1cbfcc --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_01/cross_01.go @@ -0,0 +1,14 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 可见性校验 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_01/cross_01 +// evaluation information end + + +package cross_01 + +var status string = "private" + +var Status string = "taint_src_value" diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_directory_023_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_directory_023_T.go new file mode 100644 index 00000000..a6408015 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_directory_023_T.go @@ -0,0 +1,31 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 可见性校验 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_directory_023_T +// evaluation information end + +// 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T +// 再执行 go run cross/cross_directory_023_T.go +package main +import ( + "fmt" + "cross_directory_023_T/cross/cross_01" + "os/exec" +) + +// Go语言中,一个包内只有大写开头的Symbol能够被导出(对外部可见) +// 考察特性:YASA是否会错误地将小写的(非public的)Symbol错误的import过来 + +func cross_directory_023_T() { + __taint_sink(cross_01.Status) //Status大写 应该被正确import过来 +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() + } + +func main() { + cross_directory_023_T() +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/go.mod new file mode 100644 index 00000000..d97f3000 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/go.mod @@ -0,0 +1,3 @@ +module cross_directory_023_T + +go 1.20 diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_01/cross_01.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_01/cross_01.go new file mode 100644 index 00000000..ccd8f5ef --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_01/cross_01.go @@ -0,0 +1,14 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 可见性校验 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_01/cross_01 +// evaluation information end + + +package cross_01 + +var status string = "private" + +var Status string = "taint_src_value" diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_directory_024_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_directory_024_F.go new file mode 100644 index 00000000..d6696875 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_directory_024_F.go @@ -0,0 +1,33 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 可见性校验 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_directory_024_F +// evaluation information end + + +// 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F +// 再执行 go run cross/cross_directory_024_F.go + +package main +import ( + "fmt" + "cross_directory_024_F/cross/cross_01" + "os/exec" +) + +// Go语言中,一个包内只有大写开头的Symbol能够被导出(对外部可见) +// 考察特性:YASA是否会错误地将小写的(非public的)Symbol错误的import过来 + +func cross_directory_024_F() { + __taint_sink(cross_01.status) //status小写 若正确处理,无法获取到cross_01.status +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() + } + +func main() { + cross_directory_024_F() +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/go.mod new file mode 100644 index 00000000..501fc33c --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/go.mod @@ -0,0 +1,3 @@ +module cross_directory_024_F + +go 1.20 diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_01/pkg.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_01/pkg.go new file mode 100644 index 00000000..ec0d6ff2 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_01/pkg.go @@ -0,0 +1,23 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 导入路径与包名解耦 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_01/pkg +// evaluation information end + + +package pkg + +var status string + +type Person struct { + Name string + Age int +} + +func (p Person) Swimming(taint_src string) string { + status = taint_src + return status +} + diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_directory_025_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_directory_025_T.go new file mode 100644 index 00000000..0efc1354 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_directory_025_T.go @@ -0,0 +1,32 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 导入路径与包名解耦 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_directory_025_T +// evaluation information end + +// 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T +// 再执行 go run cross/cross_directory_025_T.go +package main +import ( + "fmt" + "cross_directory_025_T/cross/cross_01" + "os/exec" +) + +// Go语言中,import路径从第二项开始的每项一定是目录名,包括最后一项(并非包名)。 +// 然而,导入后,使用的符号值是包名。比如这边,import cross_01,使用的却是pkg + +func cross_directory_025_T(__taint_src string) { + __taint_sink(pkg.Person{}.Swimming(__taint_src)) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() + } + +func main() { + __taint_src := "taint_src_value" + cross_directory_025_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/go.mod new file mode 100644 index 00000000..e34eb465 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/go.mod @@ -0,0 +1,3 @@ +module cross_directory_026_F + +go 1.20 diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_01/pkg.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_01/pkg.go new file mode 100644 index 00000000..2b6ef6a6 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_01/pkg.go @@ -0,0 +1,23 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 导入路径与包名解耦 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_01/pkg +// evaluation information end + + +package pkg + +var status string + +type Person struct { + Name string + Age int +} + +func (p Person) Swimming(taint_src string) string { + status = taint_src + return status +} + diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_directory_026_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_directory_026_F.go new file mode 100644 index 00000000..45f76968 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_directory_026_F.go @@ -0,0 +1,32 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 导入路径与包名解耦 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_directory_026_F +// evaluation information end + +// 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F +// 再执行 go run cross/cross_directory_026_F.go +package main +import ( + "fmt" + "cross_directory_026_F/cross/cross_01" + "os/exec" +) + +// Go语言中,import路径从第二项开始的每项一定是目录名,包括最后一项(并非包名)。 +// 然而,导入后,使用的符号值是包名。比如这边,import cross_01,使用的却是pkg + +func cross_directory_026_F(__taint_src string) { + __taint_sink(pkg.Person{}.Swimming("_")) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() + } + +func main() { + __taint_src := "taint_src_value" + cross_directory_026_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/go.mod new file mode 100644 index 00000000..e34eb465 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/go.mod @@ -0,0 +1,3 @@ +module cross_directory_026_F + +go 1.20 diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_01/pkg.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_01/pkg.go new file mode 100644 index 00000000..faff8662 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_01/pkg.go @@ -0,0 +1,23 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包路径区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_01/pkg +// evaluation information end + + +package pkg +import "os/exec" + +var dir string + +func Fun(__taint_src string) { + dir = __taint_src + __taint_sink(dir) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } + diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_02/pkg.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_02/pkg.go new file mode 100644 index 00000000..93cb3b03 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_02/pkg.go @@ -0,0 +1,22 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包路径区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_02/pkg +// evaluation information end + + +package pkg +import "os/exec" + +var dir string + +func Fun(__taint_src string) { + dir = "abc" + __taint_sink(dir) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T.go new file mode 100644 index 00000000..cd0337c8 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T.go @@ -0,0 +1,27 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包路径区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T +// evaluation information end + + +// 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T +// 再执行 go run cross_directory_027_T.go + +package main +import "cross_directory_027_T/cross_01" + +// Go语言中,一个包以文件结构路径唯一标识。允许同名包。 +// 旧版YASA以包名作为key来进行包管理,导致同名包丢失。 + +// 考察特性:YASA-Go的**包管理逻辑**(this.packageManager),是否能够区分并保存同名包 +func cross_directory_027_T(__taint_src string) { + pkg.Fun(__taint_src) +} + +func main() { + __taint_src := "taint_src_value" + cross_directory_027_T(__taint_src) +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/go.mod new file mode 100644 index 00000000..40b6f045 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/go.mod @@ -0,0 +1,3 @@ +module cross_directory_027_T + +go 1.20 diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_01/pkg.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_01/pkg.go new file mode 100644 index 00000000..6918a841 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_01/pkg.go @@ -0,0 +1,23 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包路径区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_01/pkg +// evaluation information end + + +package pkg +import "os/exec" + +var dir string + +func Fun(__taint_src string) { + dir = __taint_src + __taint_sink(dir) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } + diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_02/pkg.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_02/pkg.go new file mode 100644 index 00000000..ec8871c2 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_02/pkg.go @@ -0,0 +1,22 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包路径区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_02/pkg +// evaluation information end + + +package pkg +import "os/exec" + +var dir string + +func Fun(__taint_src string) { + dir = "abc" + __taint_sink(dir) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F.go new file mode 100644 index 00000000..94464552 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F.go @@ -0,0 +1,27 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包路径区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F +// evaluation information end + + +// 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F +// 再执行 go run cross_directory_028_F.go + +package main +import "cross_directory_028_F/cross_02" + +// Go语言中,一个包以文件结构路径唯一标识。允许同名包。 +// 旧版YASA以包名作为key来进行包管理,导致同名包丢失。 + +// 考察特性:YASA-Go的**包管理逻辑**(this.packageManager),是否能够区分并保存同名包 +func cross_directory_028_F(__taint_src string) { + pkg.Fun(__taint_src) +} + +func main() { + __taint_src := "taint_src_value" + cross_directory_028_F(__taint_src) +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/go.mod new file mode 100644 index 00000000..eafff194 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/go.mod @@ -0,0 +1,3 @@ +module cross_directory_028_F + +go 1.20 diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_directory_029_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_directory_029_T.go new file mode 100644 index 00000000..ecb175c9 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_directory_029_T.go @@ -0,0 +1,37 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 识别导入根目录 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_directory_029_T +// evaluation information end + + +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross +// 再执行go run cross_directory_029_T.go + +package main + +import ( + "rainy/pkg" + "os/exec" +) + +// Go语言中的import: import 项目名(代表根目录)/目录名1/目录名2/目录名3 +// 所谓的根目录 指 go.mod所在的目录 +// 考察特性:是否支持识别go项目的根目录,从根目录开始解析并找到import语句 + + +func cross_directory_029_T(__taint_src string) { + value := pkg.Person{}.Skiing(__taint_src)// 看这些符号值能不能被解析出来 + __taint_sink(value) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } + +func main() { + __taint_src := "taint_src_value" + cross_directory_029_T(__taint_src) +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/go.mod new file mode 100644 index 00000000..c88bf90c --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/go.mod @@ -0,0 +1,3 @@ +module rainy + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/pkg/pkg.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/pkg/pkg.go new file mode 100644 index 00000000..e045d59c --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/pkg/pkg.go @@ -0,0 +1,18 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 识别导入根目录 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/pkg/pkg +// evaluation information end + +package pkg + +type Person struct { + Name string + Age int +} + +func (p Person) Skiing(__taint_src string) string{ + return __taint_src +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_directory_030_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_directory_030_F.go new file mode 100644 index 00000000..d38927ac --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_directory_030_F.go @@ -0,0 +1,37 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 识别导入根目录 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_directory_030_F +// evaluation information end + + +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross +// 再执行go run cross_directory_030_F.go + +package main + +import ( + "rainy/pkg" + "os/exec" +) + +// Go语言中的import: import 项目名(代表根目录)/目录名1/目录名2/目录名3 +// 所谓的根目录 指 go.mod所在的目录 +// 考察特性:是否支持识别go项目的根目录,从根目录开始解析并找到import语句 + + +func cross_directory_030_F(__taint_src string) { + value := pkg.Person{}.Skiing("_")// 看这些符号值能不能被解析出来 + __taint_sink(value) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } + +func main() { + __taint_src := "taint_src_value" + cross_directory_030_F(__taint_src) +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/go.mod new file mode 100644 index 00000000..c88bf90c --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/go.mod @@ -0,0 +1,3 @@ +module rainy + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/pkg/pkg.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/pkg/pkg.go new file mode 100644 index 00000000..529a3242 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/pkg/pkg.go @@ -0,0 +1,18 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 识别导入根目录 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/pkg/pkg +// evaluation information end + +package pkg + +type Person struct { + Name string + Age int +} + +func (p Person) Skiing(__taint_src string) string{ + return __taint_src +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/config.json b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/config.json index 95611ba3..718396d0 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/config.json +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/config.json @@ -13,6 +13,10 @@ { "compose": "(cross_module_003_T/cross_module_003_T_a/cross_module_003_T_a.go || cross_module_003_T/cross_module_003_T_b/cross_module_003_T_b.go) && !(cross_module_004_F/cross_module_004_F_a/cross_module_004_F_a.go || cross_module_004_F/cross_module_004_F_b/cross_module_004_F_b.go)", "scene": "跨module-别名" + }, + { + "compose": "(cross_module_005_T/cross_module_005_T_a/main.go || cross_module_005_T/cross_module_005_T_b/main.go) && !(cross_module_006_F/cross_module_006_F_a/main.go || cross_module_006_F/cross_module_006_F_b/main.go)", + "scene": "多Main包模块化管理" } ] } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/main.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/main.go new file mode 100644 index 00000000..f433d0e1 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/main.go @@ -0,0 +1,32 @@ + +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 +// scene introduction = 多Main包模块化管理 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/main +// evaluation information end + + +// 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T +// 在执行 go run ./cross_module_005_T_a +package main +import "os/exec" + +// Go语言中,允许多个main包和main函数(只要不在同一个目录) +// 考察特性:YASA是否能否对多个main包和main函数的情况正确包管理和找到main函数 + +func cross_module_005_T_a(__taint_src string) { + __taint_sink(__taint_src) +} + + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } + + +func main() { + __taint_src := "taint_src_value_main1" + cross_module_005_T_a(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/main.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/main.go new file mode 100644 index 00000000..17ed5ca1 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/main.go @@ -0,0 +1,31 @@ + +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 +// scene introduction = 多Main包模块化管理 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/main +// evaluation information end + +// 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T +// 在执行 go run ./cross_module_005_T_b +package main +import "os/exec" + +// Go语言中,允许多个main包和main函数(只要不在同一个目录) +// 考察特性:YASA是否能否对多个main包和main函数的情况正确包管理和找到main函数 + +func cross_module_005_T_b(__taint_src string) { + __taint_sink(__taint_src) +} + + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } + + +func main() { + __taint_src := "taint_src_value_main2" + cross_module_005_T_b(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/go.mod new file mode 100644 index 00000000..7934c85a --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/go.mod @@ -0,0 +1,3 @@ +module cross_module_005_T + +go 1.14 diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/main.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/main.go new file mode 100644 index 00000000..c615ed9b --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/main.go @@ -0,0 +1,34 @@ + +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 +// scene introduction = 多Main包模块化管理 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/main +// evaluation information end + + +// 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F +// 在执行 go run ./cross_module_006_F_a +package main +import "os/exec" + +// Go语言中,允许多个main包和main函数(只要不在同一个目录) +// 考察特性:YASA是否能否对多个main包和main函数的情况正确包管理和找到main函数 + +func cross_module_006_F_a(__taint_src string) { + __taint_sink("this is main1") +} + + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } + + +func main() { + __taint_src := "taint_src_value_main1" + cross_module_006_F_a(__taint_src) +} + + diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/main.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/main.go new file mode 100644 index 00000000..fb30b34d --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/main.go @@ -0,0 +1,31 @@ + +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 +// scene introduction = 多Main包模块化管理 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/main +// evaluation information end + +// 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F +// 在执行 go run ./cross_module_006_F_b +package main +import "os/exec" + +// Go语言中,允许多个main包和main函数(只要不在同一个目录) +// 考察特性:YASA是否能否对多个main包和main函数的情况正确包管理和找到main函数 + +func cross_module_006_F_b(__taint_src string) { + __taint_sink("this is main2") +} + + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } + + +func main() { + __taint_src := "taint_src_value_main2" + cross_module_006_F_b(__taint_src) +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/go.mod new file mode 100644 index 00000000..e21c91bd --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/go.mod @@ -0,0 +1,3 @@ +module cross_module_006_F + +go 1.14 diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_001_T/if_return_nil_001_T.go b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_001_T/if_return_nil_001_T.go index dd00b2a2..88d20fb6 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_001_T/if_return_nil_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_001_T/if_return_nil_001_T.go @@ -18,7 +18,7 @@ type S struct { id int } -func Func1(__taint_src string) (*S, string) { +func Func1(__taint_src string) (*S) { s1 := &S{ name: __taint_src, id: 98, @@ -26,14 +26,14 @@ func Func1(__taint_src string) (*S, string) { err := "nil" if err != "nil" { - return nil, err + return nil } - return s1, "abc" + return s1 } func if_return_nil_001_T(__taint_src string) { - res, _ := Func1(__taint_src) + res := Func1(__taint_src) __taint_sink(res) } diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_002_F/if_return_nil_002_F.go b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_002_F/if_return_nil_002_F.go index b6729530..31919a39 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_002_F/if_return_nil_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_002_F/if_return_nil_002_F.go @@ -12,28 +12,29 @@ import ( "os/exec" ) +// 旧版中,对nil没有进行处理限制,允许将nil值转换成返回值类型(S),且允许对nil进行memberAccess读取 type S struct { name string id int } -func Func1(__taint_src string) (*S, string) { +func Func1(__taint_src string) (*S) { s1 := &S{ name: __taint_src, id: 98, } - err := "abc" + err := "error" if err != "nil" { - return nil, err + return nil } - return s1, "abc" + return s1 } func if_return_nil_002_F(__taint_src string) { - res, _ := Func1(__taint_src) + res := Func1(__taint_src) __taint_sink(res) } diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_tuple_001_T/if_return_tuple_001_T.go b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_tuple_001_T/if_return_tuple_001_T.go index f7da7dd2..1652393e 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_tuple_001_T/if_return_tuple_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_tuple_001_T/if_return_tuple_001_T.go @@ -19,6 +19,8 @@ func callee(taint string) (string, string) { func if_return_tuple_001_T(__taint_src string) { a,b := callee(__taint_src) _ = a + // 老版本对于tuple的decl逻辑混乱,结果:a中只有"a",b中只有"b" + // 根本原因是ProcessVariableDecl语句时,if判断的优先级有误 __taint_sink(b) } diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_001_F/multiple_return_struct_001_F.go b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_001_F/multiple_return_struct_001_F.go index 7e28d99d..254a7f31 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_001_F/multiple_return_struct_001_F.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_001_F/multiple_return_struct_001_F.go @@ -11,24 +11,25 @@ package main import ( "fmt" "os/exec" + "database/sql" ) type Request struct { Name string - prop string + prop sql.DB } func multiple_return_struct_001_F(__taint_src string) { req := Request{} - a := "_" - req.prop, _ = processData(__taint_src, a) + req.prop, _ = processData(__taint_src, "_") __taint_sink(req) } -func processData(s string, i interface{}) (string, interface{}) { - return "abc", i +func processData(s string, i string) (sql.DB, string) { + var db sql.DB + return db , i } func __taint_sink(o interface{}) { diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_002_T/multiple_return_struct_002_T.go b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_002_T/multiple_return_struct_002_T.go index f49e93a3..f88c189b 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_002_T/multiple_return_struct_002_T.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_002_T/multiple_return_struct_002_T.go @@ -11,24 +11,25 @@ package main import ( "fmt" "os/exec" + "database/sql" ) +// req.prop, _ = c.Cookie() uast4Go会将这句翻译成variableDecl,导致taint无法写入到req对象中 type Request struct { Name string - prop string + prop sql.DB } -func multiple_return_struct_002_T(__taint_src string) { +func multiple_return_struct_002_T(__taint_src sql.DB) { req := Request{} - a := "_" - req.prop, _ = processData(__taint_src, a) + req.prop, _ = processData(__taint_src, "_") __taint_sink(req) } -func processData(s string, i interface{}) (string, interface{}) { - return s, i +func processData(s sql.DB, i string) (sql.DB, string) { + return s , i } func __taint_sink(o interface{}) { @@ -36,6 +37,6 @@ func __taint_sink(o interface{}) { } func main() { - __taint_src := "taint_src_value" + var __taint_src sql.DB multiple_return_struct_002_T(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_004_T/named_return_004_T.go b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_004_T/named_return_004_T.go index 7a7b8b93..56de69c5 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_004_T/named_return_004_T.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_004_T/named_return_004_T.go @@ -19,7 +19,7 @@ func named_return_004_T(__taint_src interface{}) { func processData(s interface{}, i interface{}) (ret interface{}) { ret = "_" - return s + return s // 主要区别位于这里,在具名返回值的情况下 裸返回return默认返回ret。但uast4Go在处理具名返回值时存在bug,导致此处的return s被覆盖成return ret } func __taint_sink(o interface{}) { From 6821149f69a94df2298b6fc0d466ac92c040d9b4 Mon Sep 17 00:00:00 2001 From: "mengmeng.meng" Date: Tue, 30 Sep 2025 20:10:22 +0800 Subject: [PATCH 2/7] go case update 4 --- .../cross_directory/config.json | 20 +++++++++---------- ...cross_01.go => cross_directory_011_T_b.go} | 4 ++-- .../cross_directory_011_T_a.go | 2 +- ...cross_01.go => cross_directory_012_F_b.go} | 4 ++-- .../cross_directory_012_F_a.go | 2 +- ...cross_01.go => cross_directory_013_T_b.go} | 4 ++-- .../cross_directory_013_T_a.go | 2 +- ...cross_01.go => cross_directory_014_F_b.go} | 4 ++-- .../cross_directory_014_F_a.go | 2 +- ..._init.go => cross_directory_init_015_T.go} | 2 +- .../cross/cross_directory_016_F.go | 1 - ..._init.go => cross_directory_init_016_F.go} | 2 +- .../cross/cross_directory_017_T.go | 1 - ..._01.go => cross_directory_init_017_T_a.go} | 2 +- ..._02.go => cross_directory_init_017_T_b.go} | 2 +- .../cross/cross_directory_018_F.go | 2 -- ..._01.go => cross_directory_init_018_F_a.go} | 2 +- ..._02.go => cross_directory_init_018_F_b.go} | 2 +- ..._01.go => cross_directory_init_019_T_a.go} | 2 +- ..._02.go => cross_directory_init_019_T_b.go} | 2 +- ..._01.go => cross_directory_init_020_F_a.go} | 2 +- ..._02.go => cross_directory_init_020_F_b.go} | 2 +- .../{cross.go => cross_same_name_021_T.go} | 4 ++-- .../main_dir/cross_directory_021_T_a.go | 2 +- .../main_dir/cross_directory_021_T_b.go | 2 +- .../{cross.go => cross_same_name_021_T.go} | 5 ++--- .../{cross.go => cross_same_name_022_F.go} | 4 ++-- .../main_dir/cross_directory_022_F_a.go | 2 +- .../main_dir/cross_directory_022_F_b.go | 2 +- .../{cross.go => cross_same_name_022_F.go} | 4 ++-- ...cross_01.go => cross_directory_023_T_a.go} | 2 +- ...cross_01.go => cross_directory_024_F_a.go} | 2 +- .../{pkg.go => cross_directory_025_T_a.go} | 4 ++-- .../cross/cross_directory_025_T.go | 4 ++-- .../cross_directory_025_T/go.mod | 2 +- .../{pkg.go => cross_directory_026_F_a.go} | 4 ++-- .../cross/cross_directory_026_F.go | 2 +- .../{pkg.go => cross_same_name_027_T.go} | 4 ++-- .../{pkg.go => cross_same_name_027_T.go} | 4 ++-- .../cross_directory_027_T.go | 2 +- .../{pkg.go => cross_same_name_028_F.go} | 4 ++-- .../{pkg.go => cross_same_name_028_F.go} | 5 ++--- .../cross_directory_028_F.go | 2 +- .../cross_directory_029_T_a.go} | 4 ++-- .../cross/cross_directory_029_T.go | 5 ++--- .../cross_directory_030_F_a.go} | 4 ++-- .../cross/cross_directory_030_F.go | 5 ++--- .../cross_module/config.json | 2 +- .../{main.go => cross_module_005_T.go} | 3 +-- .../{main.go => cross_module_005_T.go} | 2 +- .../{main.go => cross_module_006_F.go} | 3 +-- .../{main.go => cross_module_006_F.go} | 3 +-- 52 files changed, 77 insertions(+), 88 deletions(-) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/{cross_01.go => cross_directory_011_T_b.go} (90%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/{cross_01.go => cross_directory_012_F_b.go} (90%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/{cross_01.go => cross_directory_013_T_b.go} (89%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/{cross_01.go => cross_directory_014_F_b.go} (89%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/{cross_init.go => cross_directory_init_015_T.go} (93%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/{cross_init.go => cross_directory_init_016_F.go} (93%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/{cross_init_01.go => cross_directory_init_017_T_a.go} (94%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/{cross_init_02.go => cross_directory_init_017_T_b.go} (93%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/{cross_init_01.go => cross_directory_init_018_F_a.go} (94%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/{cross_init_02.go => cross_directory_init_018_F_b.go} (93%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/{cross_init_01.go => cross_directory_init_019_T_a.go} (94%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/{cross_init_02.go => cross_directory_init_019_T_b.go} (93%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/{cross_init_01.go => cross_directory_init_020_F_a.go} (94%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/{cross_init_02.go => cross_directory_init_020_F_b.go} (93%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/cross/{cross.go => cross_same_name_021_T.go} (81%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/other/cross/{cross.go => cross_same_name_021_T.go} (91%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/cross/{cross.go => cross_same_name_022_F.go} (81%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/other/cross/{cross.go => cross_same_name_022_F.go} (91%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_01/{cross_01.go => cross_directory_023_T_a.go} (94%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_01/{cross_01.go => cross_directory_024_F_a.go} (94%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_01/{pkg.go => cross_directory_025_T_a.go} (90%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_01/{pkg.go => cross_directory_026_F_a.go} (90%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_01/{pkg.go => cross_same_name_027_T.go} (81%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_02/{pkg.go => cross_same_name_027_T.go} (81%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_01/{pkg.go => cross_same_name_028_F.go} (81%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_02/{pkg.go => cross_same_name_028_F.go} (81%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/{pkg/pkg.go => cross_01/cross_directory_029_T_a.go} (77%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/{pkg/pkg.go => cross_01/cross_directory_030_F_a.go} (77%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/{main.go => cross_module_005_T.go} (98%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/{main.go => cross_module_005_T.go} (98%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/{main.go => cross_module_006_F.go} (98%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/{main.go => cross_module_006_F.go} (98%) diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/config.json b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/config.json index fe5011e6..a3fd6923 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/config.json +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/config.json @@ -27,43 +27,43 @@ "scene": "跨package5" }, { - "compose": "(cross_directory_011_T/cross/cross_01/cross_01.go || cross_directory_011_T/cross_directory_011_T_a/cross_directory_011_T_a.go) && !(cross_directory_012_F/cross/cross_01/cross_01.go || cross_directory_012_F/cross_directory_012_F_a/cross_directory_012_F_a.go)", + "compose": "(cross_directory_011_T/cross/cross_01/cross_directory_011_T_b.go || cross_directory_011_T/cross_directory_011_T_a/cross_directory_011_T_a.go) && !(cross_directory_012_F/cross/cross_01/cross_directory_012_F_b.go || cross_directory_012_F/cross_directory_012_F_a/cross_directory_012_F_a.go)", "scene": "replace包层级调用链1" }, { - "compose": "(cross_directory_013_T/cross/other/cross_01/cross_01.go || cross_directory_013_T/cross_directory_013_T_a/cross_directory_013_T_a.go) && !(cross_directory_014_F/cross/other/cross_01/cross_01.go || cross_directory_014_F/cross_directory_014_F_a/cross_directory_014_F_a.go)", + "compose": "(cross_directory_013_T/cross/other/cross_01/cross_directory_013_T_b.go || cross_directory_013_T/cross_directory_013_T_a/cross_directory_013_T_a.go) && !(cross_directory_014_F/cross/other/cross_01/cross_directory_014_F_b.go || cross_directory_014_F/cross_directory_014_F_a/cross_directory_014_F_a.go)", "scene": "replace包层级调用链2" }, { - "compose": "(cross_directory_015_T/cross/cross_init/cross_init.go || cross_directory_015_T/cross/cross_directory_015_T.go) && !(cross_directory_016_F/cross/cross_init/cross_init.go || cross_directory_016_F/cross/cross_directory_016_F.go)", + "compose": "(cross_directory_015_T/cross/cross_init/cross_directory_init_015_T.go || cross_directory_015_T/cross/cross_directory_015_T.go) && !(cross_directory_016_F/cross/cross_init/cross_directory_init_016_F.go || cross_directory_016_F/cross/cross_directory_016_F.go)", "scene": "init函数自动执行" }, { - "compose": "(cross_directory_017_T/cross/cross_init/cross_init_01.go || cross_directory_017_T/cross/cross_init/cross_init_02.go || cross_directory_017_T/cross/cross_directory_017_T.go) && !(cross_directory_018_F/cross/cross_init/cross_init_01.go || cross_directory_018_F/cross/cross_init/cross_init_02.go || cross_directory_018_F/cross/cross_directory_018_F.go)", + "compose": "(cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_a.go || cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_b.go || cross_directory_017_T/cross/cross_directory_017_T.go) && !(cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_a.go || cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_b.go || cross_directory_018_F/cross/cross_directory_018_F.go)", "scene": "多init函数顺序执行1" }, { - "compose": "(cross_directory_019_T/cross/cross_init/cross_init_01.go || cross_directory_019_T/cross/cross_init/cross_init_02.go || cross_directory_019_T/cross/cross_directory_019_T.go) && !(cross_directory_020_F/cross/cross_init/cross_init_01.go || cross_directory_020_F/cross/cross_init/cross_init_02.go || cross_directory_020_F/cross/cross_directory_020_F.go)", + "compose": "(cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_a.go || cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_b.go || cross_directory_019_T/cross/cross_directory_019_T.go) && !(cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_a.go || cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_b.go || cross_directory_020_F/cross/cross_directory_020_F.go)", "scene": "多init函数顺序执行2" }, { - "compose": "(cross_directory_021_T/cross/cross.go || cross_directory_021_T/main_dir/cross_directory_021_T_a.go || cross_directory_021_T/main_dir/cross_directory_021_T_b.go || cross_directory_021_T/other/cross/cross.go) && !(cross_directory_022_F/cross/cross.go || cross_directory_022_F/main_dir/cross_directory_022_F_a.go || cross_directory_022_F/main_dir/cross_directory_022_F_b.go || cross_directory_022_F/other/cross/cross.go)", + "compose": "(cross_directory_021_T/cross/cross_same_name_021_T.go || cross_directory_021_T/main_dir/cross_directory_021_T_a.go || cross_directory_021_T/main_dir/cross_directory_021_T_b.go || cross_directory_021_T/other/cross/cross_same_name_021_T.go) && !(cross_directory_022_F/cross/cross_same_name_022_F.go || cross_directory_022_F/main_dir/cross_directory_022_F_a.go || cross_directory_022_F/main_dir/cross_directory_022_F_b.go || cross_directory_022_F/other/cross/cross_same_name_022_F.go)", "scene": "同名包导入区分" }, { - "compose": "(cross_directory_023_T/cross/cross_directory_023_T.go || cross_directory_023_T/cross/cross_01/cross_01.go) && !(cross_directory_024_F/cross/cross_directory_024_F.go || cross_directory_024_F/cross/cross_01/cross_01.go)", + "compose": "(cross_directory_023_T/cross/cross_directory_023_T.go || cross_directory_023_T/cross/cross_01/cross_directory_023_T_a.go) && !(cross_directory_024_F/cross/cross_directory_024_F.go || cross_directory_024_F/cross/cross_01/cross_directory_024_F_a.go)", "scene": "可见性校验" }, { - "compose": "(cross_directory_025_T/cross/cross_01/pkg.go || cross_directory_025_T/cross/cross_directory_025_T.go) && !(cross_directory_026_F/cross/cross_01/pkg.go || cross_directory_026_F/cross/cross_directory_026_F.go)", + "compose": "(cross_directory_025_T/cross/cross_01/cross_directory_025_T_a.go || cross_directory_025_T/cross/cross_directory_025_T.go) && !(cross_directory_026_F/cross/cross_01/cross_directory_026_F_a.go || cross_directory_026_F/cross/cross_directory_026_F.go)", "scene": "导入路径与包名解耦" }, { - "compose": "(cross_directory_027_T/cross_01/pkg.go || cross_directory_027_T/cross_02/pkg.go || cross_directory_027_T/cross_directory_027_T.go) && !(cross_directory_028_F/cross_01/pkg.go || cross_directory_028_F/cross_02/pkg.go || cross_directory_028_F/cross_directory_028_F.go)", + "compose": "(cross_directory_027_T/cross_01/cross_same_name_027_T.go || cross_directory_027_T/cross_02/cross_same_name_027_T.go || cross_directory_027_T/cross_directory_027_T.go) && !(cross_directory_028_F/cross_01/cross_same_name_028_F.go || cross_directory_028_F/cross_02/cross_same_name_028_F.go || cross_directory_028_F/cross_directory_028_F.go)", "scene": "同名包路径区分" }, { - "compose": "(cross_directory_029_T/cross/pkg/pkg.go || cross_directory_029_T/cross/cross_directory_029_T.go) && !(cross_directory_030_F/cross/pkg/pkg.go || cross_directory_030_F/cross/cross_directory_030_F.go)", + "compose": "(cross_directory_029_T/cross/cross_01/cross_directory_029_T_a.go || cross_directory_029_T/cross/cross_directory_029_T.go) && !(cross_directory_030_F/cross/cross_01/cross_directory_030_F_a.go || cross_directory_030_F/cross/cross_directory_030_F.go)", "scene": "识别导入根目录" } ] diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/cross_01.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/cross_directory_011_T_b.go similarity index 90% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/cross_01.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/cross_directory_011_T_b.go index b455ccf6..cf7daea6 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/cross_01.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/cross_directory_011_T_b.go @@ -3,10 +3,10 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = replace包层级调用链 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/cross_01 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/cross_directory_011_T_b // evaluation information end -package cross_01 +package cross_directory_011_T_b import "os/exec" func SayHello(taint_src string) { diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross_directory_011_T_a/cross_directory_011_T_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross_directory_011_T_a/cross_directory_011_T_a.go index 45d4f8fc..b39f0ded 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross_directory_011_T_a/cross_directory_011_T_a.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross_directory_011_T_a/cross_directory_011_T_a.go @@ -14,7 +14,7 @@ package main import "cross/cross_01" func cross_directory_011_T_a(__taint_src string) { - cross_01.SayHello(__taint_src) + cross_directory_011_T_b.SayHello(__taint_src) } func main() { diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/cross_01.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/cross_directory_012_F_b.go similarity index 90% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/cross_01.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/cross_directory_012_F_b.go index ef1ae756..4dfdba1c 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/cross_01.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/cross_directory_012_F_b.go @@ -3,10 +3,10 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = replace包层级调用链 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/cross_01 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/cross_directory_012_F_b // evaluation information end -package cross_01 +package cross_directory_012_F_b import "os/exec" func SayHello(taint_src string) { diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross_directory_012_F_a/cross_directory_012_F_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross_directory_012_F_a/cross_directory_012_F_a.go index b367fa07..c3e493ea 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross_directory_012_F_a/cross_directory_012_F_a.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross_directory_012_F_a/cross_directory_012_F_a.go @@ -14,7 +14,7 @@ package main import "cross/cross_01" func cross_directory_012_F_a(__taint_src string) { - cross_01.SayHello(__taint_src) + cross_directory_012_F_b.SayHello(__taint_src) } func main() { diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/cross_01.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/cross_directory_013_T_b.go similarity index 89% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/cross_01.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/cross_directory_013_T_b.go index 7e7f5a58..8e708924 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/cross_01.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/cross_directory_013_T_b.go @@ -3,10 +3,10 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = replace包层级调用链 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/cross_01 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/cross_directory_013_T_b // evaluation information end -package cross_01 +package cross_directory_013_T_b import "os/exec" func SayHello(taint_src string) { diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross_directory_013_T_a/cross_directory_013_T_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross_directory_013_T_a/cross_directory_013_T_a.go index 37afef42..56b2b1d8 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross_directory_013_T_a/cross_directory_013_T_a.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross_directory_013_T_a/cross_directory_013_T_a.go @@ -14,7 +14,7 @@ package main import "cross/other/cross_01" func cross_directory_013_T_a(__taint_src string) { - cross_01.SayHello(__taint_src) + cross_directory_013_T_b.SayHello(__taint_src) } func main() { diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/cross_01.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/cross_directory_014_F_b.go similarity index 89% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/cross_01.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/cross_directory_014_F_b.go index a32fd396..f6820707 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/cross_01.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/cross_directory_014_F_b.go @@ -3,10 +3,10 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = replace包层级调用链 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/cross_01 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/cross_directory_014_F_b // evaluation information end -package cross_01 +package cross_directory_014_F_b import "os/exec" func SayHello(taint_src string) { diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross_directory_014_F_a/cross_directory_014_F_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross_directory_014_F_a/cross_directory_014_F_a.go index 0d2d958a..bc2831d0 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross_directory_014_F_a/cross_directory_014_F_a.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross_directory_014_F_a/cross_directory_014_F_a.go @@ -14,7 +14,7 @@ package main import "cross/other/cross_01" func cross_directory_014_F_a(__taint_src string) { - cross_01.SayHello(__taint_src) + cross_directory_014_F_b.SayHello(__taint_src) } func main() { diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_init.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_init_015_T.go similarity index 93% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_init.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_init_015_T.go index 0a9a9b2e..bf03d380 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_init.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_init_015_T.go @@ -3,7 +3,7 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = init函数自动执行 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_init +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_init_015_T // evaluation information end package cross_init diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_directory_016_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_directory_016_F.go index 647b6736..e9a8db5c 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_directory_016_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_directory_016_F.go @@ -17,7 +17,6 @@ import ( "os/exec" ) - func cross_directory_016_F() { __taint_sink(cross_init.Status) } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_init.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_init_016_F.go similarity index 93% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_init.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_init_016_F.go index e278acc3..eaa2c78b 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_init.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_init_016_F.go @@ -3,7 +3,7 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = init函数自动执行 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_init +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_init_016_F // evaluation information end package cross_init diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_directory_017_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_directory_017_T.go index bd8dae04..6bc80bc8 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_directory_017_T.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_directory_017_T.go @@ -16,7 +16,6 @@ import ( "cross_directory_017_T/cross/cross_init" "os/exec" ) - // Go语言支持同一个包中有多个init函数,这些init可以在同一个文件也可以在不同文件中。 // init函数之间的执行是有顺序的,不同文件中则按文件排序顺序、同一文件则按init声明从上之下的顺序 // init函数是先执行的,所有init函数执行完后才会执行自定义函数 diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_init_01.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_a.go similarity index 94% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_init_01.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_a.go index 072d683e..0fe1b61b 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_init_01.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_a.go @@ -3,7 +3,7 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 多init函数顺序执行 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_init_01 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_a // evaluation information end package cross_init diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_init_02.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_b.go similarity index 93% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_init_02.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_b.go index f398fa4d..ddb482df 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_init_02.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_b.go @@ -3,7 +3,7 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 多init函数顺序执行 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_init_02 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_b // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_directory_018_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_directory_018_F.go index d7e54642..b5df0404 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_directory_018_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_directory_018_F.go @@ -15,7 +15,6 @@ package main import ( "cross_directory_018_F/cross/cross_init" "os/exec" - "fmt" ) // Go语言支持同一个包中有多个init函数,这些init可以在同一个文件也可以在不同文件中。 @@ -30,7 +29,6 @@ func cross_directory_018_F(__taint_src string) { } func __taint_sink(o interface{}) { - fmt.Println("o 的值:", o) _ = exec.Command("sh", "-c", o.(string)).Run() } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_init_01.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_a.go similarity index 94% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_init_01.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_a.go index ebd1fa84..31f1e6dc 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_init_01.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_a.go @@ -3,7 +3,7 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 多init函数顺序执行 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_init_01 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_a // evaluation information end package cross_init diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_init_02.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_b.go similarity index 93% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_init_02.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_b.go index 67676c1a..65925e45 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_init_02.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_b.go @@ -3,7 +3,7 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 多init函数顺序执行 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_init_02 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_b // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_init_01.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_a.go similarity index 94% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_init_01.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_a.go index 7299b644..9af94950 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_init_01.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_a.go @@ -3,7 +3,7 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 多init函数顺序执行 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_init_01 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_a // evaluation information end package cross_init diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_init_02.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_b.go similarity index 93% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_init_02.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_b.go index 02500234..3f659e0c 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_init_02.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_b.go @@ -3,7 +3,7 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 多init函数顺序执行 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_init_02 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_b // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_init_01.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_a.go similarity index 94% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_init_01.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_a.go index fc4a5d8c..3075f559 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_init_01.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_a.go @@ -3,7 +3,7 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 多init函数顺序执行 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_init_01 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_a // evaluation information end package cross_init diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_init_02.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_b.go similarity index 93% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_init_02.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_b.go index 514443cd..6e2287f9 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_init_02.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_b.go @@ -3,7 +3,7 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 多init函数顺序执行 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_init_02 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_b // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/cross/cross.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/cross/cross_same_name_021_T.go similarity index 81% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/cross/cross.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/cross/cross_same_name_021_T.go index ed7c7653..e85ff593 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/cross/cross.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/cross/cross_same_name_021_T.go @@ -3,10 +3,10 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 同名包导入区分 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/cross/cross +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/cross/cross_same_name_021_T // evaluation information end -package cross +package cross_same_name_021_T import "os/exec" func SayHello(taint_src string) { diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_a.go index 89e7017e..00dbc022 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_a.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_a.go @@ -16,7 +16,7 @@ import "cross_directory_021_T/cross" var __taint_src = "taint_src_value" func init() { - cross.SayHello(__taint_src) + cross_same_name_021_T.SayHello(__taint_src) } func main() { diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_b.go index aea52e21..22301eb1 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_b.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_b.go @@ -17,7 +17,7 @@ import "cross_directory_021_T/other/cross" var __taint_src = "taint_src_value" func init() { - cross.SayHello(__taint_src) + cross_same_name_021_T.SayHello(__taint_src) } func main() { diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/other/cross/cross.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/other/cross/cross_same_name_021_T.go similarity index 91% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/other/cross/cross.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/other/cross/cross_same_name_021_T.go index dd2c5154..a861ccef 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/other/cross/cross.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/other/cross/cross_same_name_021_T.go @@ -3,13 +3,12 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 同名包导入区分 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/other/cross/cross +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/other/cross/cross_same_name_021_T // evaluation information end -package cross +package cross_same_name_021_T import "os/exec" - func SayHello(taint_src string) { __taint_sink(taint_src) } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/cross/cross.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/cross/cross_same_name_022_F.go similarity index 81% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/cross/cross.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/cross/cross_same_name_022_F.go index 388d6b04..18c85d90 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/cross/cross.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/cross/cross_same_name_022_F.go @@ -3,10 +3,10 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 同名包导入区分 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/cross/cross +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/cross/cross_same_name_022_F // evaluation information end -package cross +package cross_same_name_022_F import "os/exec" func SayHello(taint_src string) { diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_a.go index 6084bd12..b948b04a 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_a.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_a.go @@ -16,7 +16,7 @@ import "cross_directory_022_F/cross" var __taint_src = "_" func init() { - cross.SayHello(__taint_src) + cross_same_name_022_F.SayHello(__taint_src) } func main() { diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_b.go index 2975edc8..bb0eecaf 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_b.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_b.go @@ -17,7 +17,7 @@ import "cross_directory_022_F/other/cross" var __taint_src = "abc" func init() { - cross.SayHello(__taint_src) + cross_same_name_022_F.SayHello(__taint_src) } func main() { diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/other/cross/cross.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/other/cross/cross_same_name_022_F.go similarity index 91% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/other/cross/cross.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/other/cross/cross_same_name_022_F.go index 3878d3c1..79b1c443 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/other/cross/cross.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/other/cross/cross_same_name_022_F.go @@ -3,11 +3,11 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 同名包导入区分 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/other/cross/cross +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/other/cross/cross_same_name_022_F // evaluation information end -package cross +package cross_same_name_022_F import "os/exec" func SayHello(taint_src string) { diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_01/cross_01.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_01/cross_directory_023_T_a.go similarity index 94% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_01/cross_01.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_01/cross_directory_023_T_a.go index 7d1cbfcc..b90bb7da 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_01/cross_01.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_01/cross_directory_023_T_a.go @@ -3,7 +3,7 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 可见性校验 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_01/cross_01 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_01/cross_directory_023_T_a // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_01/cross_01.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_01/cross_directory_024_F_a.go similarity index 94% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_01/cross_01.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_01/cross_directory_024_F_a.go index ccd8f5ef..e0de314f 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_01/cross_01.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_01/cross_directory_024_F_a.go @@ -3,7 +3,7 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 可见性校验 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_01/cross_01 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_01/cross_directory_024_F_a // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_01/pkg.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_01/cross_directory_025_T_a.go similarity index 90% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_01/pkg.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_01/cross_directory_025_T_a.go index ec0d6ff2..49240120 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_01/pkg.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_01/cross_directory_025_T_a.go @@ -3,11 +3,11 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 导入路径与包名解耦 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_01/pkg +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_01/cross_directory_025_T_a // evaluation information end -package pkg +package cross_directory_025_T_a var status string diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_directory_025_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_directory_025_T.go index 0efc1354..3d216b90 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_directory_025_T.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_directory_025_T.go @@ -16,10 +16,10 @@ import ( ) // Go语言中,import路径从第二项开始的每项一定是目录名,包括最后一项(并非包名)。 -// 然而,导入后,使用的符号值是包名。比如这边,import cross_01,使用的却是pkg +// 然而,导入后,使用的符号值是包名。比如这边,import cross_01,使用的却是cross_directory_025_T_a func cross_directory_025_T(__taint_src string) { - __taint_sink(pkg.Person{}.Swimming(__taint_src)) + __taint_sink(cross_directory_025_T_a.Person{}.Swimming(__taint_src)) } func __taint_sink(o interface{}) { diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/go.mod index e34eb465..23b5d919 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/go.mod +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/go.mod @@ -1,3 +1,3 @@ -module cross_directory_026_F +module cross_directory_025_T go 1.20 diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_01/pkg.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_01/cross_directory_026_F_a.go similarity index 90% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_01/pkg.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_01/cross_directory_026_F_a.go index 2b6ef6a6..6837a63a 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_01/pkg.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_01/cross_directory_026_F_a.go @@ -3,11 +3,11 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 导入路径与包名解耦 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_01/pkg +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_01/cross_directory_026_F_a // evaluation information end -package pkg +package cross_directory_026_F_a var status string diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_directory_026_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_directory_026_F.go index 45f76968..203557cd 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_directory_026_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_directory_026_F.go @@ -19,7 +19,7 @@ import ( // 然而,导入后,使用的符号值是包名。比如这边,import cross_01,使用的却是pkg func cross_directory_026_F(__taint_src string) { - __taint_sink(pkg.Person{}.Swimming("_")) + __taint_sink(cross_directory_026_F_a.Person{}.Swimming("_")) } func __taint_sink(o interface{}) { diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_01/pkg.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_01/cross_same_name_027_T.go similarity index 81% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_01/pkg.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_01/cross_same_name_027_T.go index faff8662..c027d647 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_01/pkg.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_01/cross_same_name_027_T.go @@ -3,11 +3,11 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 同名包路径区分 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_01/pkg +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_01/cross_same_name_027_T // evaluation information end -package pkg +package cross_same_name_027_T import "os/exec" var dir string diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_02/pkg.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_02/cross_same_name_027_T.go similarity index 81% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_02/pkg.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_02/cross_same_name_027_T.go index 93cb3b03..ec4aa3c7 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_02/pkg.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_02/cross_same_name_027_T.go @@ -3,11 +3,11 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 同名包路径区分 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_02/pkg +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_02/cross_same_name_027_T // evaluation information end -package pkg +package cross_same_name_027_T import "os/exec" var dir string diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T.go index cd0337c8..98dd3859 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T.go @@ -18,7 +18,7 @@ import "cross_directory_027_T/cross_01" // 考察特性:YASA-Go的**包管理逻辑**(this.packageManager),是否能够区分并保存同名包 func cross_directory_027_T(__taint_src string) { - pkg.Fun(__taint_src) + cross_same_name_027_T.Fun(__taint_src) } func main() { diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_01/pkg.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_01/cross_same_name_028_F.go similarity index 81% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_01/pkg.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_01/cross_same_name_028_F.go index 6918a841..3b064e08 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_01/pkg.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_01/cross_same_name_028_F.go @@ -3,11 +3,11 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 同名包路径区分 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_01/pkg +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_01/cross_same_name_028_F // evaluation information end -package pkg +package cross_same_name_028_F import "os/exec" var dir string diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_02/pkg.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_02/cross_same_name_028_F.go similarity index 81% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_02/pkg.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_02/cross_same_name_028_F.go index ec8871c2..cf574b2d 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_02/pkg.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_02/cross_same_name_028_F.go @@ -3,13 +3,12 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 同名包路径区分 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_02/pkg +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_02/cross_same_name_028_F // evaluation information end -package pkg +package cross_same_name_028_F import "os/exec" - var dir string func Fun(__taint_src string) { diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F.go index 94464552..e8a5474c 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F.go @@ -18,7 +18,7 @@ import "cross_directory_028_F/cross_02" // 考察特性:YASA-Go的**包管理逻辑**(this.packageManager),是否能够区分并保存同名包 func cross_directory_028_F(__taint_src string) { - pkg.Fun(__taint_src) + cross_same_name_028_F.Fun(__taint_src) } func main() { diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/pkg/pkg.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_01/cross_directory_029_T_a.go similarity index 77% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/pkg/pkg.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_01/cross_directory_029_T_a.go index e045d59c..13aa02e0 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/pkg/pkg.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_01/cross_directory_029_T_a.go @@ -3,10 +3,10 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 识别导入根目录 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/pkg/pkg +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_01/cross_directory_029_T_a // evaluation information end -package pkg +package cross_directory_029_T_a type Person struct { Name string diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_directory_029_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_directory_029_T.go index ecb175c9..687bf49f 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_directory_029_T.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_directory_029_T.go @@ -13,17 +13,16 @@ package main import ( - "rainy/pkg" + "rainy/cross_01" "os/exec" ) - // Go语言中的import: import 项目名(代表根目录)/目录名1/目录名2/目录名3 // 所谓的根目录 指 go.mod所在的目录 // 考察特性:是否支持识别go项目的根目录,从根目录开始解析并找到import语句 func cross_directory_029_T(__taint_src string) { - value := pkg.Person{}.Skiing(__taint_src)// 看这些符号值能不能被解析出来 + value := cross_directory_029_T_a.Person{}.Skiing(__taint_src)// 看这些符号值能不能被解析出来 __taint_sink(value) } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/pkg/pkg.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_01/cross_directory_030_F_a.go similarity index 77% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/pkg/pkg.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_01/cross_directory_030_F_a.go index 529a3242..13969309 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/pkg/pkg.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_01/cross_directory_030_F_a.go @@ -3,10 +3,10 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 识别导入根目录 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/pkg/pkg +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_01/cross_directory_030_F_a // evaluation information end -package pkg +package cross_directory_030_F_a type Person struct { Name string diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_directory_030_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_directory_030_F.go index d38927ac..9a82e327 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_directory_030_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_directory_030_F.go @@ -13,17 +13,16 @@ package main import ( - "rainy/pkg" + "rainy/cross_01" "os/exec" ) - // Go语言中的import: import 项目名(代表根目录)/目录名1/目录名2/目录名3 // 所谓的根目录 指 go.mod所在的目录 // 考察特性:是否支持识别go项目的根目录,从根目录开始解析并找到import语句 func cross_directory_030_F(__taint_src string) { - value := pkg.Person{}.Skiing("_")// 看这些符号值能不能被解析出来 + value := cross_directory_030_F_a.Person{}.Skiing("_")// 看这些符号值能不能被解析出来 __taint_sink(value) } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/config.json b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/config.json index 718396d0..65b4f607 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/config.json +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/config.json @@ -15,7 +15,7 @@ "scene": "跨module-别名" }, { - "compose": "(cross_module_005_T/cross_module_005_T_a/main.go || cross_module_005_T/cross_module_005_T_b/main.go) && !(cross_module_006_F/cross_module_006_F_a/main.go || cross_module_006_F/cross_module_006_F_b/main.go)", + "compose": "(cross_module_005_T/cross_module_005_T_a/cross_module_005_T.go || cross_module_005_T/cross_module_005_T_b/cross_module_005_T.go) && !(cross_module_006_F/cross_module_006_F_a/cross_module_006_F.go || cross_module_006_F/cross_module_006_F_b/cross_module_006_F.go)", "scene": "多Main包模块化管理" } ] diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/main.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/cross_module_005_T.go similarity index 98% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/main.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/cross_module_005_T.go index f433d0e1..d1ea46e3 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/main.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/cross_module_005_T.go @@ -4,7 +4,7 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 // scene introduction = 多Main包模块化管理 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/main +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/cross_module_005_T // evaluation information end @@ -12,7 +12,6 @@ // 在执行 go run ./cross_module_005_T_a package main import "os/exec" - // Go语言中,允许多个main包和main函数(只要不在同一个目录) // 考察特性:YASA是否能否对多个main包和main函数的情况正确包管理和找到main函数 diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/main.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/cross_module_005_T.go similarity index 98% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/main.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/cross_module_005_T.go index 17ed5ca1..9ae457ce 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/main.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/cross_module_005_T.go @@ -4,7 +4,7 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 // scene introduction = 多Main包模块化管理 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/main +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/cross_module_005_T // evaluation information end // 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/main.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/cross_module_006_F.go similarity index 98% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/main.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/cross_module_006_F.go index c615ed9b..a5ca8671 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/main.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/cross_module_006_F.go @@ -4,7 +4,7 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 // scene introduction = 多Main包模块化管理 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/main +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/cross_module_006_F // evaluation information end @@ -12,7 +12,6 @@ // 在执行 go run ./cross_module_006_F_a package main import "os/exec" - // Go语言中,允许多个main包和main函数(只要不在同一个目录) // 考察特性:YASA是否能否对多个main包和main函数的情况正确包管理和找到main函数 diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/main.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/cross_module_006_F.go similarity index 98% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/main.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/cross_module_006_F.go index fb30b34d..473fac13 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/main.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/cross_module_006_F.go @@ -4,14 +4,13 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 // scene introduction = 多Main包模块化管理 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/main +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/cross_module_006_F // evaluation information end // 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F // 在执行 go run ./cross_module_006_F_b package main import "os/exec" - // Go语言中,允许多个main包和main函数(只要不在同一个目录) // 考察特性:YASA是否能否对多个main包和main函数的情况正确包管理和找到main函数 From 34f8591f008ec3ffb6e670b1fba521be3a59fb12 Mon Sep 17 00:00:00 2001 From: "mengmeng.meng" Date: Tue, 30 Sep 2025 21:47:30 +0800 Subject: [PATCH 3/7] go case update 6 --- .../array_index_no_solver_005_T.go | 11 +++--- .../cross_directory/config.json | 12 ------ .../cross/cross_directory_015_T.go | 33 ---------------- .../cross_init/cross_directory_init_015_T.go | 15 -------- .../cross_directory_015_T/go.mod | 3 -- .../cross/cross_directory_016_F.go | 30 --------------- .../cross_init/cross_directory_init_016_F.go | 16 -------- .../cross_directory_016_F/go.mod | 3 -- .../cross/cross_directory_017_T.go | 37 ------------------ .../cross_directory_init_017_T_a.go | 21 ---------- .../cross_directory_init_017_T_b.go | 20 ---------- .../cross_directory_017_T/go.mod | 3 -- .../cross/cross_directory_018_F.go | 38 ------------------- .../cross_directory_init_018_F_a.go | 21 ---------- .../cross_directory_init_018_F_b.go | 20 ---------- .../cross_directory_018_F/go.mod | 3 -- .../cross/cross_directory_019_T.go | 38 ------------------- .../cross_directory_init_019_T_a.go | 23 ----------- .../cross_directory_init_019_T_b.go | 20 ---------- .../cross_directory_019_T/go.mod | 3 -- .../cross/cross_directory_020_F.go | 38 ------------------- .../cross_directory_init_020_F_a.go | 23 ----------- .../cross_directory_init_020_F_b.go | 20 ---------- .../cross_directory_020_F/go.mod | 3 -- .../cross/cross_directory_023_T.go | 7 ++-- .../cross/cross_directory_024_F.go | 8 ++-- .../cross_directory_027_T.go | 8 ++-- .../cross_directory_028_F.go | 8 ++-- .../cross_module_005_T.go | 14 +++---- .../cross_module_005_T.go | 12 +++--- .../cross_module_006_F.go | 16 +++----- .../cross_module_006_F.go | 15 ++++---- .../if_return_tuple_001_T.go | 13 +++---- .../multiple_return_struct_001_F.go | 25 ++++++------ .../multiple_return_struct_002_T.go | 26 ++++++------- 35 files changed, 72 insertions(+), 534 deletions(-) delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_directory_015_T.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_init_015_T.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/go.mod delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_directory_016_F.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_init_016_F.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/go.mod delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_directory_017_T.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_a.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_b.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/go.mod delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_directory_018_F.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_a.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_b.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/go.mod delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_directory_019_T.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_a.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_b.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/go.mod delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_directory_020_F.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_a.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_b.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/go.mod diff --git a/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_005_T/array_index_no_solver_005_T.go b/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_005_T/array_index_no_solver_005_T.go index d2acfe5e..48ee4532 100644 --- a/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_005_T/array_index_no_solver_005_T.go +++ b/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_005_T/array_index_no_solver_005_T.go @@ -1,4 +1,3 @@ - // evaluation information start // real case = true // evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) @@ -7,8 +6,8 @@ // bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_005_T/array_index_no_solver_005_T // evaluation information end -// YASA中现在处理memberAccess时,以property的符号字面量作为key进行存取。导致精度损失。 package main + import "os/exec" func array_index_no_solver_005_T(__taint_src string) { @@ -23,8 +22,8 @@ func array_index_no_solver_005_T(__taint_src string) { func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } +} func main() { - __taint_src := "taint_src_value" - array_index_no_solver_005_T(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + array_index_no_solver_005_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/config.json b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/config.json index a3fd6923..e74b9ab4 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/config.json +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/config.json @@ -34,18 +34,6 @@ "compose": "(cross_directory_013_T/cross/other/cross_01/cross_directory_013_T_b.go || cross_directory_013_T/cross_directory_013_T_a/cross_directory_013_T_a.go) && !(cross_directory_014_F/cross/other/cross_01/cross_directory_014_F_b.go || cross_directory_014_F/cross_directory_014_F_a/cross_directory_014_F_a.go)", "scene": "replace包层级调用链2" }, - { - "compose": "(cross_directory_015_T/cross/cross_init/cross_directory_init_015_T.go || cross_directory_015_T/cross/cross_directory_015_T.go) && !(cross_directory_016_F/cross/cross_init/cross_directory_init_016_F.go || cross_directory_016_F/cross/cross_directory_016_F.go)", - "scene": "init函数自动执行" - }, - { - "compose": "(cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_a.go || cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_b.go || cross_directory_017_T/cross/cross_directory_017_T.go) && !(cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_a.go || cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_b.go || cross_directory_018_F/cross/cross_directory_018_F.go)", - "scene": "多init函数顺序执行1" - }, - { - "compose": "(cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_a.go || cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_b.go || cross_directory_019_T/cross/cross_directory_019_T.go) && !(cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_a.go || cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_b.go || cross_directory_020_F/cross/cross_directory_020_F.go)", - "scene": "多init函数顺序执行2" - }, { "compose": "(cross_directory_021_T/cross/cross_same_name_021_T.go || cross_directory_021_T/main_dir/cross_directory_021_T_a.go || cross_directory_021_T/main_dir/cross_directory_021_T_b.go || cross_directory_021_T/other/cross/cross_same_name_021_T.go) && !(cross_directory_022_F/cross/cross_same_name_022_F.go || cross_directory_022_F/main_dir/cross_directory_022_F_a.go || cross_directory_022_F/main_dir/cross_directory_022_F_b.go || cross_directory_022_F/other/cross/cross_same_name_022_F.go)", "scene": "同名包导入区分" diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_directory_015_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_directory_015_T.go deleted file mode 100644 index 9cee3fb3..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_directory_015_T.go +++ /dev/null @@ -1,33 +0,0 @@ -// evaluation information start -// real case = true -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = init函数自动执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_directory_015_T -// evaluation information end - - -// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross -// 再执行go run cross_directory_015_T.go - -package main - -import ( - "cross_directory_015_T/cross/cross_init" - "os/exec" -) - -// Go语言支持包中定义init函数,在这个包被首次初始化(import)时,会自动触发这个包的init函数 - -func cross_directory_015_T() { - // 看cross_init.Status是否被init处理过 - __taint_sink(cross_init.Status) -} - -func __taint_sink(o interface{}) { - _ = exec.Command("sh", "-c", o.(string)).Run() - } - -func main() { - cross_directory_015_T() -} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_init_015_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_init_015_T.go deleted file mode 100644 index bf03d380..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_init_015_T.go +++ /dev/null @@ -1,15 +0,0 @@ -// evaluation information start -// real case = true -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = init函数自动执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_init_015_T -// evaluation information end - -package cross_init - -var Status string - -func init() { - Status = "taint_src_value" -} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/go.mod deleted file mode 100644 index af303122..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/go.mod +++ /dev/null @@ -1,3 +0,0 @@ -module cross_directory_015_T - -go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_directory_016_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_directory_016_F.go deleted file mode 100644 index e9a8db5c..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_directory_016_F.go +++ /dev/null @@ -1,30 +0,0 @@ -// evaluation information start -// real case = false -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = init函数自动执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_directory_016_F -// evaluation information end - - -// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross -// 再执行go run cross_directory_016_F.go - -package main - -import ( - "cross_directory_016_F/cross/cross_init" - "os/exec" -) - -func cross_directory_016_F() { - __taint_sink(cross_init.Status) -} - -func __taint_sink(o interface{}) { - _ = exec.Command("sh", "-c", o.(string)).Run() - } - -func main() { - cross_directory_016_F() -} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_init_016_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_init_016_F.go deleted file mode 100644 index eaa2c78b..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_init_016_F.go +++ /dev/null @@ -1,16 +0,0 @@ -// evaluation information start -// real case = false -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = init函数自动执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_init_016_F -// evaluation information end - -package cross_init - -var Status string - -func init() { - Status = "init processed" -} - diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/go.mod deleted file mode 100644 index 021168fc..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/go.mod +++ /dev/null @@ -1,3 +0,0 @@ -module cross_directory_016_F - -go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_directory_017_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_directory_017_T.go deleted file mode 100644 index 6bc80bc8..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_directory_017_T.go +++ /dev/null @@ -1,37 +0,0 @@ -// evaluation information start -// real case = true -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 多init函数顺序执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_directory_017_T -// evaluation information end - - -// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross -// 再执行go run cross_directory_017_T.go - -package main - -import ( - "cross_directory_017_T/cross/cross_init" - "os/exec" -) -// Go语言支持同一个包中有多个init函数,这些init可以在同一个文件也可以在不同文件中。 -// init函数之间的执行是有顺序的,不同文件中则按文件排序顺序、同一文件则按init声明从上之下的顺序 -// init函数是先执行的,所有init函数执行完后才会执行自定义函数 - -func cross_directory_017_T(__taint_src string) { - cross_init.In_init_after(__taint_src) - - // 若正确处理,Status的值应该是"1234taint_src_value" - __taint_sink(cross_init.Status) -} - -func __taint_sink(o interface{}) { - _ = exec.Command("sh", "-c", o.(string)).Run() - } - -func main() { - __taint_src := "taint_src_value" - cross_directory_017_T(__taint_src) -} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_a.go deleted file mode 100644 index 0fe1b61b..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_a.go +++ /dev/null @@ -1,21 +0,0 @@ -// evaluation information start -// real case = true -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 多init函数顺序执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_a -// evaluation information end - -package cross_init - -func init() { - Status = "1" -} - -func init() { - Status += "2" -} - -func In_init_after(taint_src string) { - Status += taint_src -} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_b.go deleted file mode 100644 index ddb482df..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_b.go +++ /dev/null @@ -1,20 +0,0 @@ -// evaluation information start -// real case = true -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 多init函数顺序执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_b -// evaluation information end - - -package cross_init - -var Status string - -func init() { - Status += "3" -} - -func init() { - Status += "4" -} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/go.mod deleted file mode 100644 index 5242c6b6..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/go.mod +++ /dev/null @@ -1,3 +0,0 @@ -module cross_directory_017_T - -go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_directory_018_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_directory_018_F.go deleted file mode 100644 index b5df0404..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_directory_018_F.go +++ /dev/null @@ -1,38 +0,0 @@ -// evaluation information start -// real case = false -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 多init函数顺序执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_directory_018_F -// evaluation information end - - -// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross -// 再执行go run cross_directory_018_F.go - -package main - -import ( - "cross_directory_018_F/cross/cross_init" - "os/exec" -) - -// Go语言支持同一个包中有多个init函数,这些init可以在同一个文件也可以在不同文件中。 -// init函数之间的执行是有顺序的,不同文件中则按文件排序顺序、同一文件则按init声明从上之下的顺序 -// init函数是先执行的,所有init函数执行完后才会执行自定义函数 - -func cross_directory_018_F(__taint_src string) { - cross_init.In_init_after("abc") - - // 若正确处理,Status的值应该是"1234abc" - __taint_sink(cross_init.Status) -} - -func __taint_sink(o interface{}) { - _ = exec.Command("sh", "-c", o.(string)).Run() - } - -func main() { - __taint_src := "taint_src_value" - cross_directory_018_F(__taint_src) -} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_a.go deleted file mode 100644 index 31f1e6dc..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_a.go +++ /dev/null @@ -1,21 +0,0 @@ -// evaluation information start -// real case = false -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 多init函数顺序执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_a -// evaluation information end - -package cross_init - -func init() { - Status = "1" -} - -func init() { - Status += "2" -} - -func In_init_after(taint_src string) { - Status += taint_src -} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_b.go deleted file mode 100644 index 65925e45..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_b.go +++ /dev/null @@ -1,20 +0,0 @@ -// evaluation information start -// real case = false -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 多init函数顺序执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_b -// evaluation information end - - -package cross_init - -var Status string - -func init() { - Status += "3" -} - -func init() { - Status += "4" -} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/go.mod deleted file mode 100644 index 894d75bf..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/go.mod +++ /dev/null @@ -1,3 +0,0 @@ -module cross_directory_018_F - -go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_directory_019_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_directory_019_T.go deleted file mode 100644 index c3b26266..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_directory_019_T.go +++ /dev/null @@ -1,38 +0,0 @@ -// evaluation information start -// real case = true -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 多init函数顺序执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_directory_019_T -// evaluation information end - - -// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross -// 再执行go run cross_directory_019_T.go - -package main - -import ( - "cross_directory_019_T/cross/cross_init" - "os/exec" - "fmt" -) - -// Go语言支持同一个包中有多个init函数,这些init可以在同一个文件也可以在不同文件中。 -// 当这个包被import时,所有包中的init函数都会被执行 - -func cross_directory_019_T(__taint_src int) { - cross_init.In_init_after(__taint_src) - - // 若正确处理,pkg.Status的值应该是20 - __taint_sink(cross_init.Status) -} - -func __taint_sink(o interface{}) { - _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() - } - -func main() { - __taint_src := 10 - cross_directory_019_T(__taint_src) -} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_a.go deleted file mode 100644 index 9af94950..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_a.go +++ /dev/null @@ -1,23 +0,0 @@ -// evaluation information start -// real case = true -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 多init函数顺序执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_a -// evaluation information end - -package cross_init - - -func init() { - Status += 1 -} - -func init() { - Status += 2 -} - - -func In_init_after(taint_src int) { - Status += taint_src -} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_b.go deleted file mode 100644 index 3f659e0c..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_b.go +++ /dev/null @@ -1,20 +0,0 @@ -// evaluation information start -// real case = true -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 多init函数顺序执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_b -// evaluation information end - - -package cross_init - -var Status int = 0 - -func init() { - Status += 3 -} - -func init() { - Status += 4 -} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/go.mod deleted file mode 100644 index e6689719..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/go.mod +++ /dev/null @@ -1,3 +0,0 @@ -module cross_directory_019_T - -go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_directory_020_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_directory_020_F.go deleted file mode 100644 index 928788d3..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_directory_020_F.go +++ /dev/null @@ -1,38 +0,0 @@ -// evaluation information start -// real case = false -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 多init函数顺序执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_directory_020_F -// evaluation information end - - -// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross -// 再执行go run cross_directory_020_F.go - -package main - -import ( - "cross_directory_020_F/cross/cross_init" - "os/exec" - "fmt" -) - -// Go语言支持同一个包中有多个init函数,这些init可以在同一个文件也可以在不同文件中。 -// 当这个包被import时,所有包中的init函数都会被执行 - -func cross_directory_020_F(__taint_src int) { - cross_init.In_init_after(0) - - // 若正确处理,pkg.Status的值应该是10 - __taint_sink(cross_init.Status) -} - -func __taint_sink(o interface{}) { - _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() - } - -func main() { - __taint_src := 10 - cross_directory_020_F(__taint_src) -} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_a.go deleted file mode 100644 index 3075f559..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_a.go +++ /dev/null @@ -1,23 +0,0 @@ -// evaluation information start -// real case = false -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 多init函数顺序执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_a -// evaluation information end - -package cross_init - - -func init() { - Status += 1 -} - -func init() { - Status += 2 -} - - -func In_init_after(taint_src int) { - Status += taint_src -} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_b.go deleted file mode 100644 index 6e2287f9..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_b.go +++ /dev/null @@ -1,20 +0,0 @@ -// evaluation information start -// real case = false -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 多init函数顺序执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_b -// evaluation information end - - -package cross_init - -var Status int = 0 - -func init() { - Status += 3 -} - -func init() { - Status += 4 -} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/go.mod deleted file mode 100644 index 57f04550..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/go.mod +++ /dev/null @@ -1,3 +0,0 @@ -module cross_directory_020_F - -go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_directory_023_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_directory_023_T.go index a6408015..7bea4cfa 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_directory_023_T.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_directory_023_T.go @@ -9,14 +9,15 @@ // 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T // 再执行 go run cross/cross_directory_023_T.go package main + import ( - "fmt" "cross_directory_023_T/cross/cross_01" + "fmt" "os/exec" ) // Go语言中,一个包内只有大写开头的Symbol能够被导出(对外部可见) -// 考察特性:YASA是否会错误地将小写的(非public的)Symbol错误的import过来 +// 考察特性:@@@@是否会错误地将小写的(非public的)Symbol错误的import过来 func cross_directory_023_T() { __taint_sink(cross_01.Status) //Status大写 应该被正确import过来 @@ -24,7 +25,7 @@ func cross_directory_023_T() { func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() - } +} func main() { cross_directory_023_T() diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_directory_024_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_directory_024_F.go index d6696875..d29bcef0 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_directory_024_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_directory_024_F.go @@ -6,19 +6,19 @@ // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_directory_024_F // evaluation information end - // 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F // 再执行 go run cross/cross_directory_024_F.go package main + import ( - "fmt" "cross_directory_024_F/cross/cross_01" + "fmt" "os/exec" ) // Go语言中,一个包内只有大写开头的Symbol能够被导出(对外部可见) -// 考察特性:YASA是否会错误地将小写的(非public的)Symbol错误的import过来 +// 考察特性:@@@@是否会错误地将小写的(非public的)Symbol错误的import过来 func cross_directory_024_F() { __taint_sink(cross_01.status) //status小写 若正确处理,无法获取到cross_01.status @@ -26,7 +26,7 @@ func cross_directory_024_F() { func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() - } +} func main() { cross_directory_024_F() diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T.go index 98dd3859..10f8b3f9 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T.go @@ -6,17 +6,15 @@ // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T // evaluation information end - // 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T // 再执行 go run cross_directory_027_T.go package main -import "cross_directory_027_T/cross_01" // Go语言中,一个包以文件结构路径唯一标识。允许同名包。 -// 旧版YASA以包名作为key来进行包管理,导致同名包丢失。 +// 旧版@@@@以包名作为key来进行包管理,导致同名包丢失。 -// 考察特性:YASA-Go的**包管理逻辑**(this.packageManager),是否能够区分并保存同名包 +// 考察特性:@@@@-Go的**包管理逻辑**(this.packageManager),是否能够区分并保存同名包 func cross_directory_027_T(__taint_src string) { cross_same_name_027_T.Fun(__taint_src) } @@ -24,4 +22,4 @@ func cross_directory_027_T(__taint_src string) { func main() { __taint_src := "taint_src_value" cross_directory_027_T(__taint_src) -} \ No newline at end of file +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F.go index e8a5474c..94561a49 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F.go @@ -6,17 +6,15 @@ // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F // evaluation information end - // 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F // 再执行 go run cross_directory_028_F.go package main -import "cross_directory_028_F/cross_02" // Go语言中,一个包以文件结构路径唯一标识。允许同名包。 -// 旧版YASA以包名作为key来进行包管理,导致同名包丢失。 +// --以包名作为key来进行包管理,导致同名包丢失。 -// 考察特性:YASA-Go的**包管理逻辑**(this.packageManager),是否能够区分并保存同名包 +// 考察特性:---的**包管理逻辑**(this.packageManager),是否能够区分并保存同名包 func cross_directory_028_F(__taint_src string) { cross_same_name_028_F.Fun(__taint_src) } @@ -24,4 +22,4 @@ func cross_directory_028_F(__taint_src string) { func main() { __taint_src := "taint_src_value" cross_directory_028_F(__taint_src) -} \ No newline at end of file +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/cross_module_005_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/cross_module_005_T.go index d1ea46e3..2d0acbb6 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/cross_module_005_T.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/cross_module_005_T.go @@ -1,4 +1,3 @@ - // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 @@ -7,25 +6,24 @@ // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/cross_module_005_T // evaluation information end - // 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T // 在执行 go run ./cross_module_005_T_a package main + import "os/exec" + // Go语言中,允许多个main包和main函数(只要不在同一个目录) -// 考察特性:YASA是否能否对多个main包和main函数的情况正确包管理和找到main函数 +// 考察特性:@@@@是否能否对多个main包和main函数的情况正确包管理和找到main函数 func cross_module_005_T_a(__taint_src string) { __taint_sink(__taint_src) } - func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } - +} func main() { - __taint_src := "taint_src_value_main1" - cross_module_005_T_a(__taint_src) + __taint_src := "taint_src_value_main1" + cross_module_005_T_a(__taint_src) } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/cross_module_005_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/cross_module_005_T.go index 9ae457ce..cf8c5383 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/cross_module_005_T.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/cross_module_005_T.go @@ -1,4 +1,3 @@ - // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 @@ -10,22 +9,21 @@ // 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T // 在执行 go run ./cross_module_005_T_b package main + import "os/exec" // Go语言中,允许多个main包和main函数(只要不在同一个目录) -// 考察特性:YASA是否能否对多个main包和main函数的情况正确包管理和找到main函数 +// 考察特性:---是否能否对多个main包和main函数的情况正确包管理和找到main函数 func cross_module_005_T_b(__taint_src string) { __taint_sink(__taint_src) } - func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } - +} func main() { - __taint_src := "taint_src_value_main2" - cross_module_005_T_b(__taint_src) + __taint_src := "taint_src_value_main2" + cross_module_005_T_b(__taint_src) } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/cross_module_006_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/cross_module_006_F.go index a5ca8671..2fe34b71 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/cross_module_006_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/cross_module_006_F.go @@ -1,4 +1,3 @@ - // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 @@ -7,27 +6,24 @@ // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/cross_module_006_F // evaluation information end - // 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F // 在执行 go run ./cross_module_006_F_a package main + import "os/exec" + // Go语言中,允许多个main包和main函数(只要不在同一个目录) -// 考察特性:YASA是否能否对多个main包和main函数的情况正确包管理和找到main函数 +// 考察特性:@@@@是否能否对多个main包和main函数的情况正确包管理和找到main函数 func cross_module_006_F_a(__taint_src string) { __taint_sink("this is main1") } - func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } - +} func main() { - __taint_src := "taint_src_value_main1" - cross_module_006_F_a(__taint_src) + __taint_src := "taint_src_value_main1" + cross_module_006_F_a(__taint_src) } - - diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/cross_module_006_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/cross_module_006_F.go index 473fac13..59ffeed6 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/cross_module_006_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/cross_module_006_F.go @@ -1,4 +1,3 @@ - // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 @@ -10,21 +9,21 @@ // 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F // 在执行 go run ./cross_module_006_F_b package main + import "os/exec" + // Go语言中,允许多个main包和main函数(只要不在同一个目录) -// 考察特性:YASA是否能否对多个main包和main函数的情况正确包管理和找到main函数 +// 考察特性:@@@@是否能否对多个main包和main函数的情况正确包管理和找到main函数 func cross_module_006_F_b(__taint_src string) { __taint_sink("this is main2") } - func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } - +} func main() { - __taint_src := "taint_src_value_main2" - cross_module_006_F_b(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value_main2" + cross_module_006_F_b(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_tuple_001_T/if_return_tuple_001_T.go b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_tuple_001_T/if_return_tuple_001_T.go index 1652393e..d1ef8431 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_tuple_001_T/if_return_tuple_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_tuple_001_T/if_return_tuple_001_T.go @@ -7,6 +7,7 @@ // evaluation information end package main + import "os/exec" func callee(taint string) (string, string) { @@ -17,18 +18,16 @@ func callee(taint string) (string, string) { } func if_return_tuple_001_T(__taint_src string) { - a,b := callee(__taint_src) + a, b := callee(__taint_src) _ = a - // 老版本对于tuple的decl逻辑混乱,结果:a中只有"a",b中只有"b" - // 根本原因是ProcessVariableDecl语句时,if判断的优先级有误 __taint_sink(b) } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } +} func main() { - __taint_src := "taint_src_value" - if_return_tuple_001_T(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + if_return_tuple_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_001_F/multiple_return_struct_001_F.go b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_001_F/multiple_return_struct_001_F.go index 254a7f31..1f5cbefa 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_001_F/multiple_return_struct_001_F.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_001_F/multiple_return_struct_001_F.go @@ -1,42 +1,39 @@ - // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->返回值传递 -// scene introduction = 多返回值传递给结构体 +// scene introduction = 多返回值传递给结构体 // level = 2 // bind_url = completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_001_F/multiple_return_struct_001_F // evaluation information end - package main + import ( "fmt" "os/exec" - "database/sql" ) type Request struct { Name string - prop sql.DB + prop string } func multiple_return_struct_001_F(__taint_src string) { req := Request{} + a := "_" - req.prop, _ = processData(__taint_src, "_") + req.prop, _ = processData(__taint_src, a) __taint_sink(req) } -func processData(s string, i string) (sql.DB, string) { - var db sql.DB - return db , i +func processData(s string, i interface{}) (string, interface{}) { + return "abc", i } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%+v", o)).Run() - } - +} func main() { - __taint_src := "taint_src_value" - multiple_return_struct_001_F(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + multiple_return_struct_001_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_002_T/multiple_return_struct_002_T.go b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_002_T/multiple_return_struct_002_T.go index f88c189b..6e731c40 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_002_T/multiple_return_struct_002_T.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_002_T/multiple_return_struct_002_T.go @@ -1,42 +1,40 @@ - // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->返回值传递 -// scene introduction = 多返回值传递给结构体 +// scene introduction = 多返回值传递给结构体 // level = 2 // bind_url = completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_002_T/multiple_return_struct_002_T // evaluation information end - package main + import ( "fmt" "os/exec" - "database/sql" ) -// req.prop, _ = c.Cookie() uast4Go会将这句翻译成variableDecl,导致taint无法写入到req对象中 type Request struct { Name string - prop sql.DB + prop string } -func multiple_return_struct_002_T(__taint_src sql.DB) { +func multiple_return_struct_002_T(__taint_src string) { req := Request{} + a := "_" - req.prop, _ = processData(__taint_src, "_") + req.prop, _ = processData(__taint_src, a) __taint_sink(req) } -func processData(s sql.DB, i string) (sql.DB, string) { - return s , i +func processData(s string, i interface{}) (string, interface{}) { + return s, i } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%+v", o)).Run() - } +} func main() { - var __taint_src sql.DB - multiple_return_struct_002_T(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + multiple_return_struct_002_T(__taint_src) +} From 33c7f404e87697a31be6ce28f402bfb9a77c5438 Mon Sep 17 00:00:00 2001 From: "mengmeng.meng" Date: Tue, 30 Sep 2025 21:49:16 +0800 Subject: [PATCH 4/7] go case update 7 --- .../named_return_004_T/named_return_004_T.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_004_T/named_return_004_T.go b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_004_T/named_return_004_T.go index 56de69c5..228f3137 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_004_T/named_return_004_T.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_004_T/named_return_004_T.go @@ -1,4 +1,3 @@ - // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->返回值传递 @@ -8,6 +7,7 @@ // evaluation information end package main + import "os/exec" func named_return_004_T(__taint_src interface{}) { @@ -19,14 +19,14 @@ func named_return_004_T(__taint_src interface{}) { func processData(s interface{}, i interface{}) (ret interface{}) { ret = "_" - return s // 主要区别位于这里,在具名返回值的情况下 裸返回return默认返回ret。但uast4Go在处理具名返回值时存在bug,导致此处的return s被覆盖成return ret + return s } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } +} func main() { - __taint_src := "taint_src_value" - named_return_004_T(__taint_src) + __taint_src := "taint_src_value" + named_return_004_T(__taint_src) } \ No newline at end of file From 38864280f2e7dd2230cf2cde82b8463966a3ea1a Mon Sep 17 00:00:00 2001 From: "mengmeng.meng" Date: Tue, 30 Sep 2025 21:52:46 +0800 Subject: [PATCH 5/7] go case update 8 --- .../cross/cross_directory_023_T.go | 1 - .../cross/cross_directory_024_F.go | 1 - .../cross_directory_027_T.go | 1 - .../cross_directory_028_F.go | 1 - .../cross/cross_directory_029_T.go | 11 ++++------- .../cross/cross_directory_030_F.go | 11 ++++------- .../cross_module_005_T_a/cross_module_005_T.go | 1 - .../cross_module_005_T_b/cross_module_005_T.go | 1 - .../cross_module_006_F_a/cross_module_006_F.go | 1 - .../cross_module_006_F_b/cross_module_006_F.go | 1 - .../if_return_nil_002_F/if_return_nil_002_F.go | 17 +++++++++-------- 11 files changed, 17 insertions(+), 30 deletions(-) diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_directory_023_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_directory_023_T.go index 7bea4cfa..9aca414a 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_directory_023_T.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_directory_023_T.go @@ -17,7 +17,6 @@ import ( ) // Go语言中,一个包内只有大写开头的Symbol能够被导出(对外部可见) -// 考察特性:@@@@是否会错误地将小写的(非public的)Symbol错误的import过来 func cross_directory_023_T() { __taint_sink(cross_01.Status) //Status大写 应该被正确import过来 diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_directory_024_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_directory_024_F.go index d29bcef0..0007746f 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_directory_024_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_directory_024_F.go @@ -18,7 +18,6 @@ import ( ) // Go语言中,一个包内只有大写开头的Symbol能够被导出(对外部可见) -// 考察特性:@@@@是否会错误地将小写的(非public的)Symbol错误的import过来 func cross_directory_024_F() { __taint_sink(cross_01.status) //status小写 若正确处理,无法获取到cross_01.status diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T.go index 10f8b3f9..dc295dde 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T.go @@ -14,7 +14,6 @@ package main // Go语言中,一个包以文件结构路径唯一标识。允许同名包。 // 旧版@@@@以包名作为key来进行包管理,导致同名包丢失。 -// 考察特性:@@@@-Go的**包管理逻辑**(this.packageManager),是否能够区分并保存同名包 func cross_directory_027_T(__taint_src string) { cross_same_name_027_T.Fun(__taint_src) } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F.go index 94561a49..35f585fe 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F.go @@ -14,7 +14,6 @@ package main // Go语言中,一个包以文件结构路径唯一标识。允许同名包。 // --以包名作为key来进行包管理,导致同名包丢失。 -// 考察特性:---的**包管理逻辑**(this.packageManager),是否能够区分并保存同名包 func cross_directory_028_F(__taint_src string) { cross_same_name_028_F.Fun(__taint_src) } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_directory_029_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_directory_029_T.go index 687bf49f..9308a70a 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_directory_029_T.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_directory_029_T.go @@ -6,31 +6,28 @@ // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_directory_029_T // evaluation information end - // 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross // 再执行go run cross_directory_029_T.go package main import ( - "rainy/cross_01" "os/exec" ) + // Go语言中的import: import 项目名(代表根目录)/目录名1/目录名2/目录名3 // 所谓的根目录 指 go.mod所在的目录 -// 考察特性:是否支持识别go项目的根目录,从根目录开始解析并找到import语句 - func cross_directory_029_T(__taint_src string) { - value := cross_directory_029_T_a.Person{}.Skiing(__taint_src)// 看这些符号值能不能被解析出来 + value := cross_directory_029_T_a.Person{}.Skiing(__taint_src) // 看这些符号值能不能被解析出来 __taint_sink(value) } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } +} func main() { __taint_src := "taint_src_value" cross_directory_029_T(__taint_src) -} \ No newline at end of file +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_directory_030_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_directory_030_F.go index 9a82e327..351c5b8d 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_directory_030_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_directory_030_F.go @@ -6,31 +6,28 @@ // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_directory_030_F // evaluation information end - // 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross // 再执行go run cross_directory_030_F.go package main import ( - "rainy/cross_01" "os/exec" ) + // Go语言中的import: import 项目名(代表根目录)/目录名1/目录名2/目录名3 // 所谓的根目录 指 go.mod所在的目录 -// 考察特性:是否支持识别go项目的根目录,从根目录开始解析并找到import语句 - func cross_directory_030_F(__taint_src string) { - value := cross_directory_030_F_a.Person{}.Skiing("_")// 看这些符号值能不能被解析出来 + value := cross_directory_030_F_a.Person{}.Skiing("_") // 看这些符号值能不能被解析出来 __taint_sink(value) } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } +} func main() { __taint_src := "taint_src_value" cross_directory_030_F(__taint_src) -} \ No newline at end of file +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/cross_module_005_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/cross_module_005_T.go index 2d0acbb6..a478d2d3 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/cross_module_005_T.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/cross_module_005_T.go @@ -13,7 +13,6 @@ package main import "os/exec" // Go语言中,允许多个main包和main函数(只要不在同一个目录) -// 考察特性:@@@@是否能否对多个main包和main函数的情况正确包管理和找到main函数 func cross_module_005_T_a(__taint_src string) { __taint_sink(__taint_src) diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/cross_module_005_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/cross_module_005_T.go index cf8c5383..74a01821 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/cross_module_005_T.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/cross_module_005_T.go @@ -13,7 +13,6 @@ package main import "os/exec" // Go语言中,允许多个main包和main函数(只要不在同一个目录) -// 考察特性:---是否能否对多个main包和main函数的情况正确包管理和找到main函数 func cross_module_005_T_b(__taint_src string) { __taint_sink(__taint_src) diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/cross_module_006_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/cross_module_006_F.go index 2fe34b71..5d9e18be 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/cross_module_006_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/cross_module_006_F.go @@ -13,7 +13,6 @@ package main import "os/exec" // Go语言中,允许多个main包和main函数(只要不在同一个目录) -// 考察特性:@@@@是否能否对多个main包和main函数的情况正确包管理和找到main函数 func cross_module_006_F_a(__taint_src string) { __taint_sink("this is main1") diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/cross_module_006_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/cross_module_006_F.go index 59ffeed6..2372f916 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/cross_module_006_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/cross_module_006_F.go @@ -13,7 +13,6 @@ package main import "os/exec" // Go语言中,允许多个main包和main函数(只要不在同一个目录) -// 考察特性:@@@@是否能否对多个main包和main函数的情况正确包管理和找到main函数 func cross_module_006_F_b(__taint_src string) { __taint_sink("this is main2") diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_002_F/if_return_nil_002_F.go b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_002_F/if_return_nil_002_F.go index 31919a39..d8efac32 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_002_F/if_return_nil_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_002_F/if_return_nil_002_F.go @@ -1,25 +1,26 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->返回值传递 -// scene introduction = 条件返回nil +// scene introduction = 条件返回nil // level = 2 // bind_url = completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_002_F/if_return_nil_002_F // evaluation information end package main + import ( "fmt" "os/exec" ) -// 旧版中,对nil没有进行处理限制,允许将nil值转换成返回值类型(S),且允许对nil进行memberAccess读取 +// 允许将nil值转换成返回值类型(S),且允许对nil进行memberAccess读取 type S struct { name string id int } -func Func1(__taint_src string) (*S) { +func Func1(__taint_src string) *S { s1 := &S{ name: __taint_src, id: 98, @@ -29,7 +30,7 @@ func Func1(__taint_src string) (*S) { if err != "nil" { return nil } - + return s1 } @@ -40,9 +41,9 @@ func if_return_nil_002_F(__taint_src string) { func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%+v", o)).Run() - } +} func main() { - __taint_src := "taint_src_value" - if_return_nil_002_F(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + if_return_nil_002_F(__taint_src) +} From a14224bde9053e0642a2d806a836740adbef63f8 Mon Sep 17 00:00:00 2001 From: "mengmeng.meng" Date: Fri, 31 Oct 2025 17:24:17 +0800 Subject: [PATCH 6/7] go case update --- .../cross/cross_directory_015_T.go | 31 ++++++++++++++++++ .../cross_directory_export_015_T.go | 11 +++++++ .../cross_init/cross_directory_init_015_T.go | 14 ++++++++ .../cross_directory_015_T/go.mod | 3 ++ .../cross/cross_directory_016_F.go | 23 +++++++++++++ .../cross_directory_export_016_F.go | 11 +++++++ .../cross_init/cross_directory_init_016_F.go | 14 ++++++++ .../cross_directory_016_F/go.mod | 3 ++ .../cross/cross_directory_017_T.go | 32 +++++++++++++++++++ .../cross_directory_export_017_T.go | 11 +++++++ .../cross_directory_init_017_T_a.go | 17 ++++++++++ .../cross_directory_init_017_T_b.go | 19 +++++++++++ .../cross_directory_017_T/go.mod | 3 ++ .../cross/cross_directory_018_F.go | 32 +++++++++++++++++++ .../cross_directory_export_018_F.go | 11 +++++++ .../cross_directory_init_018_F_a.go | 18 +++++++++++ .../cross_directory_init_018_F_b.go | 19 +++++++++++ .../cross_directory_018_F/go.mod | 3 ++ .../cross/cross_directory_019_T.go | 31 ++++++++++++++++++ .../cross_directory_export_019_T.go | 11 +++++++ .../cross_directory_init_019_T_a.go | 17 ++++++++++ .../cross_directory_init_019_T_b.go | 18 +++++++++++ .../cross_directory_019_T/go.mod | 3 ++ .../cross/cross_directory_020_F.go | 32 +++++++++++++++++++ .../cross_directory_export_020_F.go | 11 +++++++ .../cross_directory_init_020_F_a.go | 17 ++++++++++ .../cross_directory_init_020_F_b.go | 18 +++++++++++ .../cross_directory_020_F/go.mod | 3 ++ .../cross/cross_directory_023_T.go | 1 + .../cross/cross_directory_024_F.go | 2 +- .../cross_directory_027_T.go | 1 + .../cross_directory_028_F.go | 5 ++- .../cross/cross_directory_029_T.go | 11 ++++--- .../cross/cross_directory_030_F.go | 11 ++++--- .../cross_module_005_T.go | 1 + .../cross_module_005_T.go | 1 + .../cross_module_006_F.go | 1 + .../cross_module_006_F.go | 1 + .../if_return_nil_002_F.go | 17 +++++----- .../named_return_004_T/named_return_004_T.go | 10 +++--- 40 files changed, 474 insertions(+), 24 deletions(-) create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_directory_015_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_export_015_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_init_015_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_directory_016_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_export_016_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_init_016_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_directory_017_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_export_017_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_a.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_b.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_directory_018_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_export_018_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_a.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_b.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_directory_019_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_export_019_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_a.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_b.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_directory_020_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_export_020_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_a.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_b.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/go.mod diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_directory_015_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_directory_015_T.go new file mode 100644 index 00000000..23de2576 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_directory_015_T.go @@ -0,0 +1,31 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = init函数自动执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_directory_015_T +// evaluation information end + +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross +// 再执行go run cross_directory_015_T.go +package main +import ( + "cross_directory_015_T/cross/cross_init" + "os/exec" + "fmt" +) + +// Go语言支持包中定义init函数,在这个包被首次初始化(import)时,会自动触发这个包的init函数 +func cross_directory_015_T() { + // 看cross_init.Status是否被init处理过 + __taint_sink(cross_init.Status) +} + +func __taint_sink(o interface{}) { + fmt.Println("o 的值:", o) + _ = exec.Command("sh", "-c", o.(string)).Run() + } + +func main() { + cross_directory_015_T() +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_export_015_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_export_015_T.go new file mode 100644 index 00000000..3a1f8c66 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_export_015_T.go @@ -0,0 +1,11 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = init函数自动执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_export_015_T +// evaluation information end + +package cross_init + +var Taint_src = "taint_src_value" \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_init_015_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_init_015_T.go new file mode 100644 index 00000000..c3034416 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_init_015_T.go @@ -0,0 +1,14 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = init函数自动执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_init_015_T +// evaluation information end + +package cross_init + +var Status string +func init() { + Status = Taint_src +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/go.mod new file mode 100644 index 00000000..af303122 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/go.mod @@ -0,0 +1,3 @@ +module cross_directory_015_T + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_directory_016_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_directory_016_F.go new file mode 100644 index 00000000..320f9aa8 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_directory_016_F.go @@ -0,0 +1,23 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = init函数自动执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_directory_016_F +// evaluation information end +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross +// 再执行go run cross_directory_016_F.go +package main +import ( + "cross_directory_016_F/cross/cross_init" + "os/exec" +) +func cross_directory_016_F() { + __taint_sink(cross_init.Status) +} +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } +func main() { + cross_directory_016_F() +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_export_016_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_export_016_F.go new file mode 100644 index 00000000..efdc3922 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_export_016_F.go @@ -0,0 +1,11 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = init函数自动执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_export_016_F +// evaluation information end + +package cross_init + +var Taint_src = "taint_src_value" \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_init_016_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_init_016_F.go new file mode 100644 index 00000000..d3d82891 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_init_016_F.go @@ -0,0 +1,14 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = init函数自动执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_init_016_F +// evaluation information end +package cross_init + +var Status string +func init() { + Status = Taint_src + Status = "_" +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/go.mod new file mode 100644 index 00000000..021168fc --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/go.mod @@ -0,0 +1,3 @@ +module cross_directory_016_F + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_directory_017_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_directory_017_T.go new file mode 100644 index 00000000..23107ad2 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_directory_017_T.go @@ -0,0 +1,32 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_directory_017_T +// evaluation information end + +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross +// 再执行go run cross_directory_017_T.go + +package main +import ( + "cross_directory_017_T/cross/cross_init" + "os/exec" +) + +// Go语言支持同一个包中有多个init函数,这些init可以在同一个文件也可以在不同文件中。 +// init函数之间的执行是有顺序的,不同文件中则按文件排序顺序、同一文件则按init声明从上之下的顺序 +// init函数是先执行的,所有init函数执行完后才会执行自定义函数 +func cross_directory_017_T() { + // 若正确处理,Status的值应该是"taint_src_value234" + __taint_sink(cross_init.Status) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } + +func main() { + cross_directory_017_T() +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_export_017_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_export_017_T.go new file mode 100644 index 00000000..905898d5 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_export_017_T.go @@ -0,0 +1,11 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_export_017_T +// evaluation information end + +package cross_init + +var Taint_src = "taint_src_value" \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_a.go new file mode 100644 index 00000000..5ca360f3 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_a.go @@ -0,0 +1,17 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_a +// evaluation information end + +package cross_init + +func init() { + Status = Taint_src +} + +func init() { + Status += "2" +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_b.go new file mode 100644 index 00000000..77796bc2 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_b.go @@ -0,0 +1,19 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_b +// evaluation information end + +package cross_init + +var Status string + +func init() { + Status += "3" +} + +func init() { + Status += "4" +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/go.mod new file mode 100644 index 00000000..5242c6b6 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/go.mod @@ -0,0 +1,3 @@ +module cross_directory_017_T + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_directory_018_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_directory_018_F.go new file mode 100644 index 00000000..fdd680cf --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_directory_018_F.go @@ -0,0 +1,32 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_directory_018_F +// evaluation information end + +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross +// 再执行go run cross_directory_018_F.go + +package main +import ( + "cross_directory_018_F/cross/cross_init" + "os/exec" +) + +// Go语言支持同一个包中有多个init函数,这些init可以在同一个文件也可以在不同文件中。 +// init函数之间的执行是有顺序的,不同文件中则按文件排序顺序、同一文件则按init声明从上之下的顺序 +// init函数是先执行的,所有init函数执行完后才会执行自定义函数 +func cross_directory_018_F() { + // 若正确处理,Status的值应该是"_234" + __taint_sink(cross_init.Status) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } + +func main() { + cross_directory_018_F() +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_export_018_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_export_018_F.go new file mode 100644 index 00000000..62300bcd --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_export_018_F.go @@ -0,0 +1,11 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_export_018_F +// evaluation information end + +package cross_init + +var Taint_src = "taint_src_value" \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_a.go new file mode 100644 index 00000000..b0222b25 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_a.go @@ -0,0 +1,18 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_a +// evaluation information end + +package cross_init + +func init() { + Status = Taint_src + Status = "_" +} + +func init() { + Status += "2" +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_b.go new file mode 100644 index 00000000..81456e89 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_b.go @@ -0,0 +1,19 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_b +// evaluation information end + +package cross_init + +var Status string + +func init() { + Status += "3" +} + +func init() { + Status += "4" +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/go.mod new file mode 100644 index 00000000..894d75bf --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/go.mod @@ -0,0 +1,3 @@ +module cross_directory_018_F + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_directory_019_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_directory_019_T.go new file mode 100644 index 00000000..12b89b68 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_directory_019_T.go @@ -0,0 +1,31 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_directory_019_T +// evaluation information end +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross +// 再执行go run cross_directory_019_T.go + +package main +import ( + "cross_directory_019_T/cross/cross_init" + "os/exec" + "fmt" +) + +// Go语言支持同一个包中有多个init函数,这些init可以在同一个文件也可以在不同文件中。 +// 当这个包被import时,所有包中的init函数都会被执行 +func cross_directory_019_T() { + // 若正确处理,pkg.Status的值应该是20 + __taint_sink(cross_init.Status) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() + } + +func main() { + cross_directory_019_T() +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_export_019_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_export_019_T.go new file mode 100644 index 00000000..842bae46 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_export_019_T.go @@ -0,0 +1,11 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_export_019_T +// evaluation information end + +package cross_init + +var Taint_src = 10 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_a.go new file mode 100644 index 00000000..7d94ba88 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_a.go @@ -0,0 +1,17 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_a +// evaluation information end + +package cross_init + +func init() { + Status += Taint_src +} + +func init() { + Status += 2 +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_b.go new file mode 100644 index 00000000..a0cb564d --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_b.go @@ -0,0 +1,18 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_b +// evaluation information end + +package cross_init + +var Status int = 1 + +func init() { + Status += 3 +} +func init() { + Status += 4 +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/go.mod new file mode 100644 index 00000000..e6689719 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/go.mod @@ -0,0 +1,3 @@ +module cross_directory_019_T + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_directory_020_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_directory_020_F.go new file mode 100644 index 00000000..490498fc --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_directory_020_F.go @@ -0,0 +1,32 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_directory_020_F +// evaluation information end + +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross +// 再执行go run cross_directory_020_F.go + +package main +import ( + "cross_directory_020_F/cross/cross_init" + "os/exec" + "fmt" +) + +// Go语言支持同一个包中有多个init函数,这些init可以在同一个文件也可以在不同文件中。 +// 当这个包被import时,所有包中的init函数都会被执行 +func cross_directory_020_F() { + // 若正确处理,pkg.Status的值应该是0 + __taint_sink(cross_init.Status) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() + } + +func main() { + cross_directory_020_F() +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_export_020_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_export_020_F.go new file mode 100644 index 00000000..f9f1aa96 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_export_020_F.go @@ -0,0 +1,11 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_export_020_F +// evaluation information end + +package cross_init + +var Taint_src = 10 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_a.go new file mode 100644 index 00000000..c3cc9146 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_a.go @@ -0,0 +1,17 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_a +// evaluation information end + +package cross_init + +func init() { + Status += Taint_src +} + +func init() { + Status += 2 +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_b.go new file mode 100644 index 00000000..cfcac003 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_b.go @@ -0,0 +1,18 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_b +// evaluation information end + +package cross_init + +var Status int = 1 + +func init() { + Status += 3 +} +func init() { + Status = 0 +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/go.mod new file mode 100644 index 00000000..57f04550 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/go.mod @@ -0,0 +1,3 @@ +module cross_directory_020_F + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_directory_023_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_directory_023_T.go index 9aca414a..7bea4cfa 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_directory_023_T.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_directory_023_T.go @@ -17,6 +17,7 @@ import ( ) // Go语言中,一个包内只有大写开头的Symbol能够被导出(对外部可见) +// 考察特性:@@@@是否会错误地将小写的(非public的)Symbol错误的import过来 func cross_directory_023_T() { __taint_sink(cross_01.Status) //Status大写 应该被正确import过来 diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_directory_024_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_directory_024_F.go index 0007746f..76c4b5d5 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_directory_024_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_directory_024_F.go @@ -12,12 +12,12 @@ package main import ( - "cross_directory_024_F/cross/cross_01" "fmt" "os/exec" ) // Go语言中,一个包内只有大写开头的Symbol能够被导出(对外部可见) +// 考察特性:@@@@是否会错误地将小写的(非public的)Symbol错误的import过来 func cross_directory_024_F() { __taint_sink(cross_01.status) //status小写 若正确处理,无法获取到cross_01.status diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T.go index dc295dde..10f8b3f9 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T.go @@ -14,6 +14,7 @@ package main // Go语言中,一个包以文件结构路径唯一标识。允许同名包。 // 旧版@@@@以包名作为key来进行包管理,导致同名包丢失。 +// 考察特性:@@@@-Go的**包管理逻辑**(this.packageManager),是否能够区分并保存同名包 func cross_directory_027_T(__taint_src string) { cross_same_name_027_T.Fun(__taint_src) } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F.go index 35f585fe..f3f38c67 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F.go @@ -11,9 +11,12 @@ package main +import cross_same_name_028_F "cross_directory_028_F/cross_02" + // Go语言中,一个包以文件结构路径唯一标识。允许同名包。 -// --以包名作为key来进行包管理,导致同名包丢失。 +// 旧版@@以包名作为key来进行包管理,导致同名包丢失。 +// 考察特性:@@-Go的**包管理逻辑**(this.packageManager),是否能够区分并保存同名包 func cross_directory_028_F(__taint_src string) { cross_same_name_028_F.Fun(__taint_src) } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_directory_029_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_directory_029_T.go index 9308a70a..687bf49f 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_directory_029_T.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_directory_029_T.go @@ -6,28 +6,31 @@ // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_directory_029_T // evaluation information end + // 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross // 再执行go run cross_directory_029_T.go package main import ( + "rainy/cross_01" "os/exec" ) - // Go语言中的import: import 项目名(代表根目录)/目录名1/目录名2/目录名3 // 所谓的根目录 指 go.mod所在的目录 +// 考察特性:是否支持识别go项目的根目录,从根目录开始解析并找到import语句 + func cross_directory_029_T(__taint_src string) { - value := cross_directory_029_T_a.Person{}.Skiing(__taint_src) // 看这些符号值能不能被解析出来 + value := cross_directory_029_T_a.Person{}.Skiing(__taint_src)// 看这些符号值能不能被解析出来 __taint_sink(value) } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() -} + } func main() { __taint_src := "taint_src_value" cross_directory_029_T(__taint_src) -} +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_directory_030_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_directory_030_F.go index 351c5b8d..9a82e327 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_directory_030_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_directory_030_F.go @@ -6,28 +6,31 @@ // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_directory_030_F // evaluation information end + // 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross // 再执行go run cross_directory_030_F.go package main import ( + "rainy/cross_01" "os/exec" ) - // Go语言中的import: import 项目名(代表根目录)/目录名1/目录名2/目录名3 // 所谓的根目录 指 go.mod所在的目录 +// 考察特性:是否支持识别go项目的根目录,从根目录开始解析并找到import语句 + func cross_directory_030_F(__taint_src string) { - value := cross_directory_030_F_a.Person{}.Skiing("_") // 看这些符号值能不能被解析出来 + value := cross_directory_030_F_a.Person{}.Skiing("_")// 看这些符号值能不能被解析出来 __taint_sink(value) } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() -} + } func main() { __taint_src := "taint_src_value" cross_directory_030_F(__taint_src) -} +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/cross_module_005_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/cross_module_005_T.go index a478d2d3..a74b8beb 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/cross_module_005_T.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/cross_module_005_T.go @@ -13,6 +13,7 @@ package main import "os/exec" // Go语言中,允许多个main包和main函数(只要不在同一个目录) +// 考察特性:@@是否能否对多个main包和main函数的情况正确包管理和找到main函数 func cross_module_005_T_a(__taint_src string) { __taint_sink(__taint_src) diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/cross_module_005_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/cross_module_005_T.go index 74a01821..0b996094 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/cross_module_005_T.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/cross_module_005_T.go @@ -13,6 +13,7 @@ package main import "os/exec" // Go语言中,允许多个main包和main函数(只要不在同一个目录) +// 考察特性:@@是否能否对多个main包和main函数的情况正确包管理和找到main函数 func cross_module_005_T_b(__taint_src string) { __taint_sink(__taint_src) diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/cross_module_006_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/cross_module_006_F.go index 5d9e18be..a1d349cf 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/cross_module_006_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/cross_module_006_F.go @@ -13,6 +13,7 @@ package main import "os/exec" // Go语言中,允许多个main包和main函数(只要不在同一个目录) +// 考察特性:@@是否能否对多个main包和main函数的情况正确包管理和找到main函数 func cross_module_006_F_a(__taint_src string) { __taint_sink("this is main1") diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/cross_module_006_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/cross_module_006_F.go index 2372f916..b6f93e06 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/cross_module_006_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/cross_module_006_F.go @@ -13,6 +13,7 @@ package main import "os/exec" // Go语言中,允许多个main包和main函数(只要不在同一个目录) +// 考察特性:@@是否能否对多个main包和main函数的情况正确包管理和找到main函数 func cross_module_006_F_b(__taint_src string) { __taint_sink("this is main2") diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_002_F/if_return_nil_002_F.go b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_002_F/if_return_nil_002_F.go index d8efac32..31919a39 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_002_F/if_return_nil_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_002_F/if_return_nil_002_F.go @@ -1,26 +1,25 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->返回值传递 -// scene introduction = 条件返回nil +// scene introduction = 条件返回nil // level = 2 // bind_url = completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_002_F/if_return_nil_002_F // evaluation information end package main - import ( "fmt" "os/exec" ) -// 允许将nil值转换成返回值类型(S),且允许对nil进行memberAccess读取 +// 旧版中,对nil没有进行处理限制,允许将nil值转换成返回值类型(S),且允许对nil进行memberAccess读取 type S struct { name string id int } -func Func1(__taint_src string) *S { +func Func1(__taint_src string) (*S) { s1 := &S{ name: __taint_src, id: 98, @@ -30,7 +29,7 @@ func Func1(__taint_src string) *S { if err != "nil" { return nil } - + return s1 } @@ -41,9 +40,9 @@ func if_return_nil_002_F(__taint_src string) { func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%+v", o)).Run() -} + } func main() { - __taint_src := "taint_src_value" - if_return_nil_002_F(__taint_src) -} + __taint_src := "taint_src_value" + if_return_nil_002_F(__taint_src) +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_004_T/named_return_004_T.go b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_004_T/named_return_004_T.go index 228f3137..56de69c5 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_004_T/named_return_004_T.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_004_T/named_return_004_T.go @@ -1,3 +1,4 @@ + // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->返回值传递 @@ -7,7 +8,6 @@ // evaluation information end package main - import "os/exec" func named_return_004_T(__taint_src interface{}) { @@ -19,14 +19,14 @@ func named_return_004_T(__taint_src interface{}) { func processData(s interface{}, i interface{}) (ret interface{}) { ret = "_" - return s + return s // 主要区别位于这里,在具名返回值的情况下 裸返回return默认返回ret。但uast4Go在处理具名返回值时存在bug,导致此处的return s被覆盖成return ret } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() -} + } func main() { - __taint_src := "taint_src_value" - named_return_004_T(__taint_src) + __taint_src := "taint_src_value" + named_return_004_T(__taint_src) } \ No newline at end of file From e77995d8026a49afceb846468f7b4e2f4959811b Mon Sep 17 00:00:00 2001 From: "mengmeng.meng" Date: Tue, 11 Nov 2025 10:19:44 +0800 Subject: [PATCH 7/7] python 3 case update --- .../argument_return_value_passing/config.json | 8 ++++ .../return_value_passing_005_T.py | 25 +++++++++++ .../return_value_passing_006_F.py | 25 +++++++++++ .../return_value_passing_007_T.py | 25 +++++++++++ .../return_value_passing_008_F.py | 25 +++++++++++ .../field_sensitive/class/config.json | 4 ++ .../class/dynamic_field_001_T.py | 30 +++++++++++++ .../class/dynamic_field_002_F.py | 30 +++++++++++++ .../field_sensitive/class/field_len_006_F.py | 2 +- .../multidimensional_collection/config.json | 8 ++++ .../list_slice_001_T.py | 27 +++++++++++ .../list_slice_002_F.py | 27 +++++++++++ .../map_mc_005_T.py | 26 +++++++++++ .../map_mc_006_F.py | 26 +++++++++++ .../asynchronous/async_concurrent_001_T.py | 45 +++++++++++++++++++ .../asynchronous/async_concurrent_002_F.py | 44 ++++++++++++++++++ .../asynchronous/async_generator_001_T.py | 37 +++++++++++++++ .../asynchronous/async_generator_002_F.py | 37 +++++++++++++++ .../flow_sensitive/asynchronous/config.json | 8 ++++ .../flow_sensitive/loop_stmt/config.json | 8 ++++ .../loop_stmt/nested_loop_for_in_001_T.py | 25 +++++++++++ .../loop_stmt/nested_loop_for_in_002_F.py | 25 +++++++++++ .../loop_stmt/while_loop_001_T.py | 26 +++++++++++ .../loop_stmt/while_loop_002_F.py | 26 +++++++++++ .../object_sensitive/class/config.json | 6 ++- .../constructor_object_sensitive_005_T.py | 28 ++++++++++++ .../constructor_object_sensitive_006_F.py | 28 ++++++++++++ ...ynamic_attribute_object_sensitive_001_T.py | 34 ++++++++++++++ ...ynamic_attribute_object_sensitive_002_F.py | 34 ++++++++++++++ .../exception_throw/config.json | 16 +++++++ .../exception_throw/exception_args_001_T.py | 27 +++++++++++ .../exception_throw/exception_args_002_F.py | 27 +++++++++++ .../exception_throw/exception_else_001_T.py | 28 ++++++++++++ .../exception_throw/exception_else_002_F.py | 29 ++++++++++++ .../exception_finally_throw_001_T.py | 28 ++++++++++++ .../exception_finally_throw_002_F.py | 29 ++++++++++++ .../exception_multiple_except_001_T.py | 31 +++++++++++++ .../exception_multiple_except_002_F.py | 32 +++++++++++++ .../explicit_jump_control/break_004_F.py | 2 +- .../explicit_jump_control/config.json | 4 ++ .../continue_nested_001_T.py | 27 +++++++++++ .../continue_nested_002_F.py | 28 ++++++++++++ .../other/ellipsis/ellipsis_002_F.py | 2 +- .../other/ellipsis/ellipsis_004_F.py | 2 +- .../single_app_tracing/alias/alias_001_T.py | 2 +- .../single_app_tracing/alias/alias_006_F.py | 2 +- .../class/complex_object/config.json | 12 +++++ .../multi_level_inheritance_001_T.py | 39 ++++++++++++++++ .../multi_level_inheritance_002_F.py | 39 ++++++++++++++++ .../multiple_inheritance_001_T.py | 38 ++++++++++++++++ .../multiple_inheritance_002_F.py | 38 ++++++++++++++++ .../no_init_child_class_001_T.py | 35 +++++++++++++++ .../no_init_child_class_002_F.py | 35 +++++++++++++++ .../control_flow/assert/assert_002_F.py | 2 +- .../conditional_matchStar_004_F.py | 2 +- .../conditional_match_004_F.py | 2 +- .../loop_stmt/while_else_002_F.py | 2 +- .../cross_file/config.json | 4 ++ .../dynamic_import_001_T_a.py | 11 +++++ .../dynamic_import_001_T_b.py | 29 ++++++++++++ .../dynamic_import_002_F_a.py | 11 +++++ .../dynamic_import_002_F_b.py | 29 ++++++++++++ .../datatype/array/array_extend_001_T.py | 30 +++++++++++++ .../datatype/array/array_extend_002_F.py | 30 +++++++++++++ .../datatype/array/config.json | 4 ++ .../bytearray/bytearray_extend_001_T.py | 30 +++++++++++++ .../bytearray/bytearray_extend_002_F.py | 30 +++++++++++++ .../bytearray/bytearray_slice_001_T.py | 28 ++++++++++++ .../bytearray/bytearray_slice_002_F.py | 28 ++++++++++++ .../datatype/bytearray/config.json | 8 ++++ .../datatype/collections/config.json | 4 ++ .../datatype/collections/set_006_F.py | 2 +- .../datatype/collections/set_remove_001_T.py | 27 +++++++++++ .../datatype/collections/set_remove_002_F.py | 27 +++++++++++ .../datatype/list/config.json | 20 +++++++++ .../datatype/list/list_concat_001_T.py | 31 +++++++++++++ .../datatype/list/list_concat_002_F.py | 29 ++++++++++++ .../datatype/list/list_extend_001_T.py | 30 +++++++++++++ .../datatype/list/list_extend_002_F.py | 29 ++++++++++++ .../datatype/list/list_insert_001_T.py | 28 ++++++++++++ .../datatype/list/list_insert_002_F.py | 27 +++++++++++ .../datatype/list/list_pop_001_T.py | 28 ++++++++++++ .../datatype/list/list_pop_002_F.py | 27 +++++++++++ .../datatype/list/list_remove_001_T.py | 27 +++++++++++ .../datatype/list/list_remove_002_F.py | 27 +++++++++++ .../datatype/map/config.json | 4 ++ .../datatype/map/map_pop_001_T.py | 26 +++++++++++ .../datatype/map/map_pop_002_F.py | 27 +++++++++++ .../datatype/primitives/bool_002_F.py | 5 ++- .../datatype/tuple/config.json | 16 +++++++ .../datatype/tuple/tuple_002_F.py | 2 +- .../datatype/tuple/tuple_004_F.py | 2 +- .../datatype/tuple/tuple_concat_001_T.py | 33 ++++++++++++++ .../datatype/tuple/tuple_concat_002_F.py | 30 +++++++++++++ .../datatype/tuple/tuple_index_001_T.py | 30 +++++++++++++ .../datatype/tuple/tuple_index_002_F.py | 27 +++++++++++ .../datatype/tuple/tuple_repeat_001_T.py | 30 +++++++++++++ .../datatype/tuple/tuple_repeat_002_F.py | 27 +++++++++++ .../datatype/tuple/tuple_slice_001_T.py | 30 +++++++++++++ .../datatype/tuple/tuple_slice_002_F.py | 27 +++++++++++ .../exception_throw/exception_catch_001_T.py | 2 +- .../binary_expression_mult_002_F.py | 2 +- .../binary_expression_sub_002_F.py | 2 +- .../logical_or_002_F.py | 2 +- .../expression/lambda_expression/config.json | 4 ++ .../lambda_multi_params_001_T.py | 30 +++++++++++++ .../lambda_multi_params_002_F.py | 27 +++++++++++ .../del_expression_006_F.py | 2 +- .../del_expression_008_F.py | 2 +- .../list_comprehension_002_F.py | 2 +- .../map_comprehension_002_F.py | 2 +- .../set_comprehension_001_T.py | 4 +- .../type_cast/bool_conversion_002_F.py | 2 +- .../expression/type_cast/type_cast_002_F.py | 2 +- .../generator_function/yieldFrom_001_T.py | 2 +- .../generator_function/yieldFrom_003_T.py | 2 +- 116 files changed, 2269 insertions(+), 30 deletions(-) create mode 100644 sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_005_T.py create mode 100644 sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_006_F.py create mode 100644 sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_007_T.py create mode 100644 sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_008_F.py create mode 100644 sast-python3/case/accuracy/field_sensitive/class/dynamic_field_001_T.py create mode 100644 sast-python3/case/accuracy/field_sensitive/class/dynamic_field_002_F.py create mode 100644 sast-python3/case/accuracy/field_sensitive/multidimensional_collection/list_slice_001_T.py create mode 100644 sast-python3/case/accuracy/field_sensitive/multidimensional_collection/list_slice_002_F.py create mode 100644 sast-python3/case/accuracy/field_sensitive/multidimensional_collection/map_mc_005_T.py create mode 100644 sast-python3/case/accuracy/field_sensitive/multidimensional_collection/map_mc_006_F.py create mode 100644 sast-python3/case/accuracy/flow_sensitive/asynchronous/async_concurrent_001_T.py create mode 100644 sast-python3/case/accuracy/flow_sensitive/asynchronous/async_concurrent_002_F.py create mode 100644 sast-python3/case/accuracy/flow_sensitive/asynchronous/async_generator_001_T.py create mode 100644 sast-python3/case/accuracy/flow_sensitive/asynchronous/async_generator_002_F.py create mode 100644 sast-python3/case/accuracy/flow_sensitive/loop_stmt/nested_loop_for_in_001_T.py create mode 100644 sast-python3/case/accuracy/flow_sensitive/loop_stmt/nested_loop_for_in_002_F.py create mode 100644 sast-python3/case/accuracy/flow_sensitive/loop_stmt/while_loop_001_T.py create mode 100644 sast-python3/case/accuracy/flow_sensitive/loop_stmt/while_loop_002_F.py create mode 100644 sast-python3/case/accuracy/object_sensitive/class/constructor_object_sensitive_005_T.py create mode 100644 sast-python3/case/accuracy/object_sensitive/class/constructor_object_sensitive_006_F.py create mode 100644 sast-python3/case/accuracy/object_sensitive/class/dynamic_attribute_object_sensitive_001_T.py create mode 100644 sast-python3/case/accuracy/object_sensitive/class/dynamic_attribute_object_sensitive_002_F.py create mode 100644 sast-python3/case/accuracy/path_sensitive/exception_throw/exception_args_001_T.py create mode 100644 sast-python3/case/accuracy/path_sensitive/exception_throw/exception_args_002_F.py create mode 100644 sast-python3/case/accuracy/path_sensitive/exception_throw/exception_else_001_T.py create mode 100644 sast-python3/case/accuracy/path_sensitive/exception_throw/exception_else_002_F.py create mode 100644 sast-python3/case/accuracy/path_sensitive/exception_throw/exception_finally_throw_001_T.py create mode 100644 sast-python3/case/accuracy/path_sensitive/exception_throw/exception_finally_throw_002_F.py create mode 100644 sast-python3/case/accuracy/path_sensitive/exception_throw/exception_multiple_except_001_T.py create mode 100644 sast-python3/case/accuracy/path_sensitive/exception_throw/exception_multiple_except_002_F.py create mode 100644 sast-python3/case/accuracy/path_sensitive/explicit_jump_control/continue_nested_001_T.py create mode 100644 sast-python3/case/accuracy/path_sensitive/explicit_jump_control/continue_nested_002_F.py create mode 100644 sast-python3/case/completeness/single_app_tracing/class/complex_object/multi_level_inheritance_001_T.py create mode 100644 sast-python3/case/completeness/single_app_tracing/class/complex_object/multi_level_inheritance_002_F.py create mode 100644 sast-python3/case/completeness/single_app_tracing/class/complex_object/multiple_inheritance_001_T.py create mode 100644 sast-python3/case/completeness/single_app_tracing/class/complex_object/multiple_inheritance_002_F.py create mode 100644 sast-python3/case/completeness/single_app_tracing/class/complex_object/no_init_child_class_001_T.py create mode 100644 sast-python3/case/completeness/single_app_tracing/class/complex_object/no_init_child_class_002_F.py create mode 100644 sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_001_T/dynamic_import_001_T_a.py create mode 100644 sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_001_T/dynamic_import_001_T_b.py create mode 100644 sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_002_F/dynamic_import_002_F_a.py create mode 100644 sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_002_F/dynamic_import_002_F_b.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/array/array_extend_001_T.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/array/array_extend_002_F.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_extend_001_T.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_extend_002_F.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_slice_001_T.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_slice_002_F.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/collections/set_remove_001_T.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/collections/set_remove_002_F.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/list/list_concat_001_T.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/list/list_concat_002_F.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/list/list_extend_001_T.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/list/list_extend_002_F.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/list/list_insert_001_T.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/list/list_insert_002_F.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/list/list_pop_001_T.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/list/list_pop_002_F.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/list/list_remove_001_T.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/list/list_remove_002_F.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/map/map_pop_001_T.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/map/map_pop_002_F.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_concat_001_T.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_concat_002_F.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_index_001_T.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_index_002_F.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_repeat_001_T.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_repeat_002_F.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_slice_001_T.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_slice_002_F.py create mode 100644 sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/lambda_multi_params_001_T.py create mode 100644 sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/lambda_multi_params_002_F.py diff --git a/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/config.json b/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/config.json index fc55d65f..a00c0a08 100644 --- a/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/config.json +++ b/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/config.json @@ -33,6 +33,14 @@ { "compose": "return_value_passing_003_T.py && !return_value_passing_004_F.py", "scene": "返回值传递->多层函数嵌套传递" + }, + { + "compose": "return_value_passing_005_T.py && !return_value_passing_006_F.py", + "scene": "返回值传递->迭代器" + }, + { + "compose": "return_value_passing_007_T.py && !return_value_passing_008_F.py", + "scene": "返回值传递->多返回值解包" } ] } diff --git a/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_005_T.py b/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_005_T.py new file mode 100644 index 00000000..e4d7aa9f --- /dev/null +++ b/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_005_T.py @@ -0,0 +1,25 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->上下文敏感分析->参数/返回值传递 +# scene introduction = 返回值传递->迭代器返回值传递 +# level = 2 +# bind_url = accuracy/context_sensitive/argument_return_value_passing/return_value_passing_005_T +# evaluation information end +import os + +def return_value_passing_005_T(taint_src): + def create_iterator(): + # 创建包含污染值的迭代器 + return iter([taint_src, 'safe_value', 'another_value']) + + iterator = create_iterator() # 返回迭代器对象 + first_item = next(iterator) # 获取迭代器的第一个元素 + taint_sink(first_item) # 传递污染值 + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + return_value_passing_005_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_006_F.py b/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_006_F.py new file mode 100644 index 00000000..a61de824 --- /dev/null +++ b/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_006_F.py @@ -0,0 +1,25 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->上下文敏感分析->参数/返回值传递 +# scene introduction = 返回值传递->迭代器返回值传递 +# level = 2 +# bind_url = accuracy/context_sensitive/argument_return_value_passing/return_value_passing_006_F +# evaluation information end +import os + +def return_value_passing_006_F(taint_src): + def create_iterator(): + # 创建只包含安全值的迭代器 + return iter(['safe_value', 'another_value', 'third_value']) + + iterator = create_iterator() # 返回迭代器对象 + first_item = next(iterator) # 获取迭代器的第一个元素 + taint_sink(first_item) # 传递安全值 + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + return_value_passing_006_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_007_T.py b/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_007_T.py new file mode 100644 index 00000000..3bb2e89f --- /dev/null +++ b/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_007_T.py @@ -0,0 +1,25 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->上下文敏感分析->参数/返回值传递 +# scene introduction = 返回值传递->多返回值解包传递 +# level = 2 +# bind_url = accuracy/context_sensitive/argument_return_value_passing/return_value_passing_007_T +# evaluation information end +import os + +def return_value_passing_007_T(taint_src): + def get_multiple_values(): + # 函数返回多个值,其中包含污点数据 + return taint_src, 'safe_value', 'another_safe' + + # 多返回值解包,第一个值是污点 + tainted_value, safe_value1, safe_value2 = get_multiple_values() + taint_sink(tainted_value) # 传递污点值 + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + return_value_passing_007_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_008_F.py b/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_008_F.py new file mode 100644 index 00000000..8cfb06a9 --- /dev/null +++ b/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_008_F.py @@ -0,0 +1,25 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->上下文敏感分析->参数/返回值传递 +# scene introduction = 返回值传递->多返回值解包传递 +# level = 2 +# bind_url = accuracy/context_sensitive/argument_return_value_passing/return_value_passing_008_F +# evaluation information end +import os + +def return_value_passing_008_F(taint_src): + def get_multiple_values(): + # 函数返回多个值,但都不包含污点数据 + return 'safe_value1', 'safe_value2', 'safe_value3' + + # 多返回值解包,所有值都是安全的 + safe_value1, safe_value2, safe_value3 = get_multiple_values() + taint_sink(safe_value1) # 传递安全值,不应检出漏洞 + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + return_value_passing_008_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/field_sensitive/class/config.json b/sast-python3/case/accuracy/field_sensitive/class/config.json index 5492944a..8c4d0787 100644 --- a/sast-python3/case/accuracy/field_sensitive/class/config.json +++ b/sast-python3/case/accuracy/field_sensitive/class/config.json @@ -25,6 +25,10 @@ { "compose": "inheritance_001_T.py && !inheritance_002_F.py", "scene": "继承覆盖父类字段" + }, + { + "compose": "dynamic_field_001_T.py && !dynamic_field_002_F.py", + "scene": "动态参数" } ] }, diff --git a/sast-python3/case/accuracy/field_sensitive/class/dynamic_field_001_T.py b/sast-python3/case/accuracy/field_sensitive/class/dynamic_field_001_T.py new file mode 100644 index 00000000..9da0c513 --- /dev/null +++ b/sast-python3/case/accuracy/field_sensitive/class/dynamic_field_001_T.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象的不同字段 +# scene introduction = 动态参数->动态字段名 +# level = 3 +# bind_url = accuracy/field_sensitive/class/dynamic_field_001_T +# evaluation information end +import os + +def dynamic_field_001_T(taint_src): + class DynamicClass: + def __init__(self, taint_src): + # 使用setattr动态设置字段 + setattr(self, 'dynamic_field', taint_src) + self.normal_field = '_' + + obj = DynamicClass(taint_src) + # 通过动态字段名访问 + taint_sink(obj.dynamic_field) + + +def taint_sink(o): + os.system(o) + + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + dynamic_field_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/field_sensitive/class/dynamic_field_002_F.py b/sast-python3/case/accuracy/field_sensitive/class/dynamic_field_002_F.py new file mode 100644 index 00000000..c9996c9a --- /dev/null +++ b/sast-python3/case/accuracy/field_sensitive/class/dynamic_field_002_F.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象的不同字段 +# scene introduction = 动态参数->动态字段名 +# level = 3 +# bind_url = accuracy/field_sensitive/class/dynamic_field_002_F +# evaluation information end +import os + +def dynamic_field_002_F(taint_src): + class DynamicClass: + def __init__(self, taint_src): + # 使用setattr动态设置字段为安全值 + setattr(self, 'dynamic_field', '_') + self.tainted_field = taint_src + + obj = DynamicClass(taint_src) + # 访问的是安全的动态字段,而非污染的字段 + taint_sink(obj.dynamic_field) # 传递安全值,不应检出漏洞 + + +def taint_sink(o): + os.system(o) + + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + dynamic_field_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/field_sensitive/class/field_len_006_F.py b/sast-python3/case/accuracy/field_sensitive/class/field_len_006_F.py index 2b6b8be2..3bdf56d8 100644 --- a/sast-python3/case/accuracy/field_sensitive/class/field_len_006_F.py +++ b/sast-python3/case/accuracy/field_sensitive/class/field_len_006_F.py @@ -4,7 +4,7 @@ # evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象的不同字段 # scene introduction = 路径长度 # level = 3+ -# bind_url = accuracy/field_sensitive/class/field_len_006_T +# bind_url = accuracy/field_sensitive/class/field_len_006_F # evaluation information end import os diff --git a/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/config.json b/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/config.json index be1d8beb..0046a8f2 100644 --- a/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/config.json +++ b/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/config.json @@ -17,6 +17,14 @@ { "compose": "map_mc_001_T.py && !map_mc_002_F.py", "scene": "字典键路径->嵌套" + }, + { + "compose": "list_slice_001_T.py && !list_slice_002_F.py", + "scene": "字典键路径->切片后访问" + }, + { + "compose": "map_mc_005_T.py && !map_mc_006_F.py", + "scene": "字典键路径->get方法链" } ] }, diff --git a/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/list_slice_001_T.py b/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/list_slice_001_T.py new file mode 100644 index 00000000..8a9029d2 --- /dev/null +++ b/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/list_slice_001_T.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->对象敏感与域敏感分析->区分多维字典/列表/数组的不同元素 +# scene introduction = 列表索引->切片后访问 +# level = 4 +# bind_url = accuracy/field_sensitive/multidimensional_collection/list_slice_001_T +# evaluation information end +import os + + +def list_slice_001_T(taint_src): + # 二维列表结构 + arr = [[taint_src, "safe"], ["safe", "safe"]] + # 使用切片后访问:先切片再索引访问 + result = arr[0:1][0][0] # 切片[0:1]得到[[taint_src, "safe"]],然后[0][0]访问taint_src + taint_sink(result) + + +def taint_sink(o): + os.system(o) + + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + list_slice_001_T(taint_src) diff --git a/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/list_slice_002_F.py b/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/list_slice_002_F.py new file mode 100644 index 00000000..0763c7ed --- /dev/null +++ b/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/list_slice_002_F.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->对象敏感与域敏感分析->区分多维字典/列表/数组的不同元素 +# scene introduction = 列表索引->切片后访问 +# level = 4 +# bind_url = accuracy/field_sensitive/multidimensional_collection/list_slice_002_F +# evaluation information end +import os + + +def list_slice_002_F(taint_src): + # 二维列表结构 + arr = [[taint_src, "safe"], ["safe", "safe"]] + # 使用切片后访问安全元素:不同切片位置的安全数据 + result = arr[1:2][0][0] # 切片[1:2]得到[["safe", "safe"]],然后[0][0]访问safe + taint_sink(result) + + +def taint_sink(o): + os.system(o) + + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + list_slice_002_F(taint_src) diff --git a/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/map_mc_005_T.py b/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/map_mc_005_T.py new file mode 100644 index 00000000..6ea92f47 --- /dev/null +++ b/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/map_mc_005_T.py @@ -0,0 +1,26 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->对象敏感与域敏感分析->区分多维字典/列表/数组的不同元素 +# scene introduction = 字典键路径->get方法链 +# level = 4 +# bind_url = accuracy/field_sensitive/multidimensional_collection/map_mc_005_T +# evaluation information end +import os + + +def map_mc_005_T(taint_src): + d = {"a": {"b": {"c": taint_src}}, "x": {"y": {"z": "safe"}}} + # 使用get方法链式访问嵌套字典 + result = d.get("a", {}).get("b", {}).get("c") + taint_sink(result) # 应该检测到污染 + + +def taint_sink(o): + os.system(o) + + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + map_mc_005_T(taint_src) diff --git a/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/map_mc_006_F.py b/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/map_mc_006_F.py new file mode 100644 index 00000000..a762f536 --- /dev/null +++ b/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/map_mc_006_F.py @@ -0,0 +1,26 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->对象敏感与域敏感分析->区分多维字典/列表/数组的不同元素 +# scene introduction = 字典键路径->get方法链 +# level = 4 +# bind_url = accuracy/field_sensitive/multidimensional_collection/map_mc_006_F +# evaluation information end +import os + + +def map_mc_006_F(taint_src): + d = {"a": {"b": {"c": taint_src}}, "x": {"y": {"z": "safe"}}} + # 使用get方法链式访问安全路径 + result = d.get("x", {}).get("y", {}).get("z") + taint_sink(result) # 不应该检测到污染 + + +def taint_sink(o): + os.system(o) + + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + map_mc_006_F(taint_src) diff --git a/sast-python3/case/accuracy/flow_sensitive/asynchronous/async_concurrent_001_T.py b/sast-python3/case/accuracy/flow_sensitive/asynchronous/async_concurrent_001_T.py new file mode 100644 index 00000000..f7fe0023 --- /dev/null +++ b/sast-python3/case/accuracy/flow_sensitive/asynchronous/async_concurrent_001_T.py @@ -0,0 +1,45 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->流敏感分析->异步执行 +# scene introduction = 异步执行->并发执行 +# level = 4 +# bind_url = accuracy/flow_sensitive/asynchronous/async_concurrent_001_T +# evaluation information end +import os +import asyncio + + +async def async_concurrent_001_T(taint_src): + # 使用asyncio.gather并发执行多个异步函数 + results = await asyncio.gather( + async_func1(taint_src), # 污染函数 - 直接返回污点数据 + async_func2("safe"), # 安全函数 + ) + + # 从并发结果中访问污染数据 + taint_sink(results[0]) # results[0] 包含污染数据 + + +async def async_func1(data): + await asyncio.sleep(0.01) + # 直接返回污点数据,确保污点传播清晰可见 + return data + + +async def async_func2(data): + await asyncio.sleep(0.01) + return data + + +def taint_sink(o): + os.system(o) + + +async def main(taint_src): + await async_concurrent_001_T(taint_src) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + asyncio.run(main(taint_src)) diff --git a/sast-python3/case/accuracy/flow_sensitive/asynchronous/async_concurrent_002_F.py b/sast-python3/case/accuracy/flow_sensitive/asynchronous/async_concurrent_002_F.py new file mode 100644 index 00000000..dc3d7a48 --- /dev/null +++ b/sast-python3/case/accuracy/flow_sensitive/asynchronous/async_concurrent_002_F.py @@ -0,0 +1,44 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->流敏感分析->异步执行 +# scene introduction = 异步执行->并发执行 +# level = 4 +# bind_url = accuracy/flow_sensitive/asynchronous/async_concurrent_002_F +# evaluation information end +import os +import asyncio + + +async def async_concurrent_002_F(taint_src): + # 使用asyncio.gather并发执行多个异步函数 + results = await asyncio.gather( + async_func1(taint_src), # 污染函数 + async_func2("safe"), # 安全函数 + ) + + # 从并发结果中访问安全数据 + taint_sink(results[1]) # results[1] 是安全数据,不应检测到污染 + + +async def async_func1(data): + await asyncio.sleep(0.01) + return data + + +async def async_func2(data): + await asyncio.sleep(0.01) + return data + + +def taint_sink(o): + os.system(o) + + +async def main(taint_src): + await async_concurrent_002_F(taint_src) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + asyncio.run(main(taint_src)) diff --git a/sast-python3/case/accuracy/flow_sensitive/asynchronous/async_generator_001_T.py b/sast-python3/case/accuracy/flow_sensitive/asynchronous/async_generator_001_T.py new file mode 100644 index 00000000..fcebb3b9 --- /dev/null +++ b/sast-python3/case/accuracy/flow_sensitive/asynchronous/async_generator_001_T.py @@ -0,0 +1,37 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->流敏感分析->异步执行 +# scene introduction = 异步执行->生成器 +# level = 4 +# bind_url = accuracy/flow_sensitive/asynchronous/async_generator_001_T +# evaluation information end +import os +import asyncio + + +async def async_generator_001_T(taint_src): + # 异步生成器函数 - 直接yield污染数据 + async def generate_data(): + yield taint_src # 直接yield污染数据 + return # 确保生成器结束,避免StopAsyncIteration + + # 获取异步生成器对象 + gen = generate_data() + + # 直接await获取第一个yield的值(最纯粹的异步生成器测试) + first_item = await gen.__anext__() + taint_sink(first_item) # 直接处理生成器yield的数据 + + +def taint_sink(o): + os.system(o) + + +async def main(taint_src): + await async_generator_001_T(taint_src) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + asyncio.run(main(taint_src)) diff --git a/sast-python3/case/accuracy/flow_sensitive/asynchronous/async_generator_002_F.py b/sast-python3/case/accuracy/flow_sensitive/asynchronous/async_generator_002_F.py new file mode 100644 index 00000000..e4d9a845 --- /dev/null +++ b/sast-python3/case/accuracy/flow_sensitive/asynchronous/async_generator_002_F.py @@ -0,0 +1,37 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->流敏感分析->异步执行 +# scene introduction = 异步执行->生成器 +# level = 4 +# bind_url = accuracy/flow_sensitive/asynchronous/async_generator_002_F +# evaluation information end +import os +import asyncio + + +async def async_generator_002_F(taint_src): + # 异步生成器函数 - 直接yield安全数据 + async def generate_data(): + yield "safe_data" # 直接yield安全数据 + return # 确保生成器结束,避免StopAsyncIteration + + # 获取异步生成器对象 + gen = generate_data() + + # 直接await获取第一个yield的值(最纯粹的异步生成器测试) + first_item = await gen.__anext__() + taint_sink(first_item) # 直接处理生成器yield的安全数据 + + +def taint_sink(o): + os.system(o) + + +async def main(taint_src): + await async_generator_002_F(taint_src) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + asyncio.run(main(taint_src)) diff --git a/sast-python3/case/accuracy/flow_sensitive/asynchronous/config.json b/sast-python3/case/accuracy/flow_sensitive/asynchronous/config.json index d6b49b53..9c6e3b81 100644 --- a/sast-python3/case/accuracy/flow_sensitive/asynchronous/config.json +++ b/sast-python3/case/accuracy/flow_sensitive/asynchronous/config.json @@ -13,6 +13,14 @@ { "compose": "asynchronous_chain_001_T.py && !asynchronous_chain_002_F.py", "scene": "异步函数链" + }, + { + "compose": "async_concurrent_001_T.py && !async_concurrent_002_F.py", + "scene": "异步执行->并发执行" + }, + { + "compose": "async_generator_001_T.py && !async_generator_002_F.py", + "scene": "异步执行->生成器" } ] } diff --git a/sast-python3/case/accuracy/flow_sensitive/loop_stmt/config.json b/sast-python3/case/accuracy/flow_sensitive/loop_stmt/config.json index 15b2e08b..432a2b11 100644 --- a/sast-python3/case/accuracy/flow_sensitive/loop_stmt/config.json +++ b/sast-python3/case/accuracy/flow_sensitive/loop_stmt/config.json @@ -13,6 +13,14 @@ { "compose": "for_zip_001_T.py && !for_zip_002_F.py", "scene": "for_zip" + }, + { + "compose": "nested_loop_for_in_001_T.py && !nested_loop_for_in_002_F.py", + "scene": " 循环语句->嵌套循环" + }, + { + "compose": "while_loop_001_T.py && !while_loop_002_F.py", + "scene": "循环语句->while循环" } ] } diff --git a/sast-python3/case/accuracy/flow_sensitive/loop_stmt/nested_loop_for_in_001_T.py b/sast-python3/case/accuracy/flow_sensitive/loop_stmt/nested_loop_for_in_001_T.py new file mode 100644 index 00000000..bb0663a5 --- /dev/null +++ b/sast-python3/case/accuracy/flow_sensitive/loop_stmt/nested_loop_for_in_001_T.py @@ -0,0 +1,25 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->流敏感分析->循环语句 +# scene introduction = 循环语句->嵌套循环 +# level = 2+ +# bind_url = accuracy/flow_sensitive/loop_stmt/nested_loop_for_in_001_T +# evaluation information end +import os + + +def nested_loop_for_in_001_T(taint_src): + # 嵌套循环中的污点传播 + for outer in [taint_src]: + for inner in ["safe"]: + taint_sink(outer) # 外层循环变量(污染数据) + + +def taint_sink(o): + os.system(o) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + nested_loop_for_in_001_T(taint_src) diff --git a/sast-python3/case/accuracy/flow_sensitive/loop_stmt/nested_loop_for_in_002_F.py b/sast-python3/case/accuracy/flow_sensitive/loop_stmt/nested_loop_for_in_002_F.py new file mode 100644 index 00000000..57891212 --- /dev/null +++ b/sast-python3/case/accuracy/flow_sensitive/loop_stmt/nested_loop_for_in_002_F.py @@ -0,0 +1,25 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->流敏感分析->循环语句 +# scene introduction = 循环语句->嵌套循环 +# level = 2+ +# bind_url = accuracy/flow_sensitive/loop_stmt/nested_loop_for_in_002_F +# evaluation information end +import os + + +def nested_loop_for_in_002_F(taint_src): + # 嵌套循环中的安全数据处理 + for outer in [taint_src]: + for inner in ["safe"]: + taint_sink(inner) # 内层循环变量(安全数据) + + +def taint_sink(o): + os.system(o) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + nested_loop_for_in_002_F(taint_src) diff --git a/sast-python3/case/accuracy/flow_sensitive/loop_stmt/while_loop_001_T.py b/sast-python3/case/accuracy/flow_sensitive/loop_stmt/while_loop_001_T.py new file mode 100644 index 00000000..c0819c36 --- /dev/null +++ b/sast-python3/case/accuracy/flow_sensitive/loop_stmt/while_loop_001_T.py @@ -0,0 +1,26 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->流敏感分析->循环语句 +# scene introduction = 循环语句->while循环 +# level = 2+ +# bind_url = accuracy/flow_sensitive/loop_stmt/while_loop_001_T +# evaluation information end +import os + + +def while_loop_001_T(taint_src): + # while循环中的污点传播 + i = 0 + while i < 1: + taint_sink(taint_src) # 循环体内的污点 + i += 1 + + +def taint_sink(o): + os.system(o) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + while_loop_001_T(taint_src) diff --git a/sast-python3/case/accuracy/flow_sensitive/loop_stmt/while_loop_002_F.py b/sast-python3/case/accuracy/flow_sensitive/loop_stmt/while_loop_002_F.py new file mode 100644 index 00000000..7c8fc682 --- /dev/null +++ b/sast-python3/case/accuracy/flow_sensitive/loop_stmt/while_loop_002_F.py @@ -0,0 +1,26 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->流敏感分析->循环语句 +# scene introduction = 循环语句->while循环 +# level = 2+ +# bind_url = accuracy/flow_sensitive/loop_stmt/while_loop_002_F +# evaluation information end +import os + + +def while_loop_002_F(taint_src): + # while循环中的安全数据处理 + i = 0 + while i < 1: + taint_sink("safe_data") # 循环体内的安全数据 + i += 1 + + +def taint_sink(o): + os.system(o) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + while_loop_002_F(taint_src) diff --git a/sast-python3/case/accuracy/object_sensitive/class/config.json b/sast-python3/case/accuracy/object_sensitive/class/config.json index ea509a89..edce7d08 100644 --- a/sast-python3/case/accuracy/object_sensitive/class/config.json +++ b/sast-python3/case/accuracy/object_sensitive/class/config.json @@ -13,10 +13,14 @@ { "compose": "constructor_object_sensitive_003_T.py && !constructor_object_sensitive_004_F.py", "scene": "接口/类->继承对象" + }, + { + "compose": "dynamic_attribute_object_sensitive_001_T.py && !dynamic_attribute_object_sensitive_002_F.py", + "scene": "接口/类->动态属性对象" } ] } ] } ] -} \ No newline at end of file +} diff --git a/sast-python3/case/accuracy/object_sensitive/class/constructor_object_sensitive_005_T.py b/sast-python3/case/accuracy/object_sensitive/class/constructor_object_sensitive_005_T.py new file mode 100644 index 00000000..302991cd --- /dev/null +++ b/sast-python3/case/accuracy/object_sensitive/class/constructor_object_sensitive_005_T.py @@ -0,0 +1,28 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象 +# scene introduction = 接口/类->类定义位置 +# level = 2 +# bind_url = accuracy/object_sensitive/class/constructor_object_sensitive_005_T +# evaluation information end +import os + +class A: + def __init__(self): + self.data = taint_src + +def constructor_object_sensitive_005_T(taint_src): + + obj = A() + taint_sink(obj.data) + + +def taint_sink(o): + os.system(o) + + +if __name__ == '__main__': + taint_src = "taint_src_value" + constructor_object_sensitive_005_T(taint_src) + diff --git a/sast-python3/case/accuracy/object_sensitive/class/constructor_object_sensitive_006_F.py b/sast-python3/case/accuracy/object_sensitive/class/constructor_object_sensitive_006_F.py new file mode 100644 index 00000000..3a005198 --- /dev/null +++ b/sast-python3/case/accuracy/object_sensitive/class/constructor_object_sensitive_006_F.py @@ -0,0 +1,28 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象 +# scene introduction = 接口/类->类定义位置 +# level = 2 +# bind_url = accuracy/object_sensitive/class/constructor_object_sensitive_006_F +# evaluation information end +import os + +class A: + def __init__(self): + self.data = '_' + +def constructor_object_sensitive_006_F(taint_src): + + obj = A() + taint_sink(obj.data) + + +def taint_sink(o): + os.system(o) + + +if __name__ == '__main__': + taint_src = "taint_src_value" + constructor_object_sensitive_006_F(taint_src) + diff --git a/sast-python3/case/accuracy/object_sensitive/class/dynamic_attribute_object_sensitive_001_T.py b/sast-python3/case/accuracy/object_sensitive/class/dynamic_attribute_object_sensitive_001_T.py new file mode 100644 index 00000000..9b2aa320 --- /dev/null +++ b/sast-python3/case/accuracy/object_sensitive/class/dynamic_attribute_object_sensitive_001_T.py @@ -0,0 +1,34 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象 +# scene introduction = 接口/类->动态属性对象 +# level = 2 +# bind_url = accuracy/object_sensitive/class/dynamic_attribute_object_sensitive_001_T +# evaluation information end +# 区分"动态属性对象",动态属性赋值 +import os + + +def dynamic_attribute_object_sensitive_001_T(taint_src): + class DynamicObject: + def __init__(self, name): + self.name = name # 只初始化基础属性 + + # 创建对象并动态添加污染属性 + obj = DynamicObject("test_obj") + obj.dynamic_data = taint_src # 动态添加污染属性 + + # 直接传递对象给sink + taint_sink(obj) + + +def taint_sink(o): + # 在sink函数内部访问动态属性 + os.system(o.dynamic_data) + + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + dynamic_attribute_object_sensitive_001_T(taint_src) diff --git a/sast-python3/case/accuracy/object_sensitive/class/dynamic_attribute_object_sensitive_002_F.py b/sast-python3/case/accuracy/object_sensitive/class/dynamic_attribute_object_sensitive_002_F.py new file mode 100644 index 00000000..c0e4c148 --- /dev/null +++ b/sast-python3/case/accuracy/object_sensitive/class/dynamic_attribute_object_sensitive_002_F.py @@ -0,0 +1,34 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象 +# scene introduction = 接口/类->动态属性对象 +# level = 2 +# bind_url = accuracy/object_sensitive/class/dynamic_attribute_object_sensitive_002_F +# evaluation information end +# 区分"动态属性对象",动态属性赋值 +import os + + +def dynamic_attribute_object_sensitive_002_F(taint_src): + class DynamicObject: + def __init__(self, name): + self.name = name # 只初始化基础属性 + + # 创建对象并动态添加安全属性 + obj = DynamicObject("test_obj") + obj.dynamic_data = "_" # 动态添加安全属性 + + # 直接传递对象给sink + taint_sink(obj) + + +def taint_sink(o): + # 在sink函数内部访问动态属性 + os.system(o.dynamic_data) + + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + dynamic_attribute_object_sensitive_002_F(taint_src) diff --git a/sast-python3/case/accuracy/path_sensitive/exception_throw/config.json b/sast-python3/case/accuracy/path_sensitive/exception_throw/config.json index 56cb8880..6e594420 100644 --- a/sast-python3/case/accuracy/path_sensitive/exception_throw/config.json +++ b/sast-python3/case/accuracy/path_sensitive/exception_throw/config.json @@ -9,6 +9,22 @@ { "compose": "exception_throw_001_T.py && !exception_throw_002_F.py && exception_throw_003_T.py", "scene": "1" + }, + { + "compose": "exception_finally_throw_001_T.py && !exception_finally_throw_002_F.py", + "scene": "异常抛出-finally块执行" + }, + { + "compose": "exception_multiple_except_001_T.py && !exception_multiple_except_002_F.py", + "scene": "异常抛出-多个except分支" + }, + { + "compose": "exception_else_001_T.py && !exception_else_002_F.py", + "scene": "异常抛出-else块执行" + }, + { + "compose": "exception_args_001_T.py && !exception_args_002_F.py", + "scene": "异常抛出-多参数异常对象" } ] } diff --git a/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_args_001_T.py b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_args_001_T.py new file mode 100644 index 00000000..62eeb4d3 --- /dev/null +++ b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_args_001_T.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->路径敏感分析->异常抛出和捕获 +# scene introduction = 异常抛出-多参数异常对象 +# level = 3 +# bind_url = accuracy/path_sensitive/exception_throw/exception_args_001_T +# evaluation information end +import os + +def exception_args_001_T(taint_src): + try: + # 创建多参数异常,第二个参数是污点 + raise Exception("Error message", taint_src, "_") + except Exception as e: + # 获取异常的所有参数 + args = e.args + # args[1] 是污点数据 + taint_sink(args[1]) # 应该检出 - 异常参数中的污点数据 + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + exception_args_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_args_002_F.py b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_args_002_F.py new file mode 100644 index 00000000..dd538e00 --- /dev/null +++ b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_args_002_F.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->路径敏感分析->异常抛出和捕获 +# scene introduction = 异常抛出-多参数异常对象 +# level = 3 +# bind_url = accuracy/path_sensitive/exception_throw/exception_args_002_F +# evaluation information end +import os + +def exception_args_002_F(taint_src): + try: + # 创建多参数异常,但污点数据不在被访问的位置 + raise Exception("Error message", "_", taint_src) + except Exception as e: + # 获取异常的所有参数 + args = e.args + # args[1] 是安全数据,args[2] 是污点但不被访问 + taint_sink(args[1]) # 不应检出 - 访问的是安全参数 + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + exception_args_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_else_001_T.py b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_else_001_T.py new file mode 100644 index 00000000..de50da55 --- /dev/null +++ b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_else_001_T.py @@ -0,0 +1,28 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->路径敏感分析->异常抛出和捕获 +# scene introduction = 异常抛出-else块执行 +# level = 3 +# bind_url = accuracy/path_sensitive/exception_throw/exception_else_001_T +# evaluation information end +import os + +def exception_else_001_T(taint_src): + try: + # 正常执行,不抛出异常 + normal_data = "_" + except Exception as e: + # 不会执行到except块 + pass + else: + # 无异常时执行else块 + taint_sink(taint_src) # 应该检出 - else块中的污点传递 + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + exception_else_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_else_002_F.py b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_else_002_F.py new file mode 100644 index 00000000..a3b4edea --- /dev/null +++ b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_else_002_F.py @@ -0,0 +1,29 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->路径敏感分析->异常抛出和捕获 +# scene introduction = 异常抛出-else块执行 +# level = 3 +# bind_url = accuracy/path_sensitive/exception_throw/exception_else_002_F +# evaluation information end +import os + +def exception_else_002_F(taint_src): + try: + # 正常执行,不抛出异常 + normal_data = "_" + except Exception as e: + # 不会执行到except块 + pass + else: + # 无异常时执行else块,但传递安全数据 + safe_data = "_" + taint_sink(safe_data) # 不应检出 - else块中传递安全数据 + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + exception_else_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_finally_throw_001_T.py b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_finally_throw_001_T.py new file mode 100644 index 00000000..56a28008 --- /dev/null +++ b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_finally_throw_001_T.py @@ -0,0 +1,28 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->路径敏感分析->异常抛出和捕获 +# scene introduction = 异常抛出-finally块执行 +# level = 3 +# bind_url = accuracy/path_sensitive/exception_throw/exception_finally_throw_001_T +# evaluation information end +import os + +def exception_finally_throw_001_T(taint_src): + try: + # try块正常执行,无异常抛出 + pass + except Exception as e: + # 不会执行到except块 + pass + finally: + # finally块总会执行,处理污点数据 + taint_sink(taint_src) # 应该检出 - finally块中的污点传递 + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + exception_finally_throw_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_finally_throw_002_F.py b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_finally_throw_002_F.py new file mode 100644 index 00000000..00913fc7 --- /dev/null +++ b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_finally_throw_002_F.py @@ -0,0 +1,29 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->路径敏感分析->异常抛出和捕获 +# scene introduction = 异常抛出-finally块执行 +# level = 3 +# bind_url = accuracy/path_sensitive/exception_throw/exception_finally_throw_002_F +# evaluation information end +import os + +def exception_finally_throw_002_F(taint_src): + try: + # try块正常执行,无异常抛出 + pass + except Exception as e: + # 不会执行到except块 + pass + finally: + # finally块总会执行,但传递安全数据 + safe_data = "_" + taint_sink(safe_data) # 不应检出 - finally块中传递安全数据 + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + exception_finally_throw_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_multiple_except_001_T.py b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_multiple_except_001_T.py new file mode 100644 index 00000000..d29158bb --- /dev/null +++ b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_multiple_except_001_T.py @@ -0,0 +1,31 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->路径敏感分析->异常抛出和捕获 +# scene introduction = 异常抛出-多个except分支 +# level = 3 +# bind_url = accuracy/path_sensitive/exception_throw/exception_multiple_except_001_T +# evaluation information end +import os + +def exception_multiple_except_001_T(taint_src): + try: + # 抛出ValueError异常 + raise ValueError(taint_src) + except ValueError as e: + # 匹配到ValueError,执行这个分支 + taint_sink(taint_src) # 应该检出 - 同一分支传递污点数据 + except TypeError as e: + # 不会执行到这个分支 + pass + except Exception as e: + # 不会执行到这个分支(ValueError已匹配) + pass + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + exception_multiple_except_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_multiple_except_002_F.py b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_multiple_except_002_F.py new file mode 100644 index 00000000..9435f323 --- /dev/null +++ b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_multiple_except_002_F.py @@ -0,0 +1,32 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->路径敏感分析->异常抛出和捕获 +# scene introduction = 异常抛出-多个except分支 +# level = 3 +# bind_url = accuracy/path_sensitive/exception_throw/exception_multiple_except_002_F +# evaluation information end +import os + +def exception_multiple_except_002_F(taint_src): + try: + # 抛出ValueError异常 + raise ValueError(taint_src) + except ValueError as e: + # 匹配到ValueError,执行这个分支(与正例相同路径) + safe_data = "_" + taint_sink(safe_data) # 不应检出 - 同一分支传递安全数据 + except TypeError as e: + # 不会执行到这个分支 + pass + except Exception as e: + # 不会执行到这个分支(ValueError已匹配) + pass + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + exception_multiple_except_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/break_004_F.py b/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/break_004_F.py index b0120aa3..36951e45 100644 --- a/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/break_004_F.py +++ b/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/break_004_F.py @@ -4,7 +4,7 @@ # evaluation item = 准确度->路径敏感分析->跳转语句 # scene introduction = break-嵌套循环 # level = 4+ -# bind_url = accuracy/path_sensitive/explicit_jump_control/break_003_F +# bind_url = accuracy/path_sensitive/explicit_jump_control/break_004_F # evaluation information end import os diff --git a/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/config.json b/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/config.json index 18fd4082..1bf785ad 100644 --- a/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/config.json +++ b/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/config.json @@ -18,6 +18,10 @@ "compose": "continue_001_T.py && !continue_002_F.py", "scene": "continue" }, + { + "compose": "continue_nested_001_T.py && !continue_nested_002_F.py", + "scene": "continue-嵌套循环" + }, { "compose": "return_001_T.py && !return_002_F.py", "scene": "return" diff --git a/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/continue_nested_001_T.py b/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/continue_nested_001_T.py new file mode 100644 index 00000000..5a2a0ef3 --- /dev/null +++ b/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/continue_nested_001_T.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->路径敏感分析->跳转语句 +# scene introduction = continue-嵌套循环 +# level = 4+ +# bind_url = accuracy/path_sensitive/explicit_jump_control/continue_nested_001_T +# evaluation information end +import os + +def continue_nested_001_T(taint_src): + res = "" + for i in range(3): + for j in range(3): + if i == 1 and j == 0: + res = taint_src + continue # 跳过内层循环本次迭代,但内层循环继续 + # continue跳过后,i=1, j>0时执行这里 + taint_sink(res) # 应该检出 - i=1, j>0时res有污点 + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + continue_nested_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/continue_nested_002_F.py b/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/continue_nested_002_F.py new file mode 100644 index 00000000..5f99d2e9 --- /dev/null +++ b/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/continue_nested_002_F.py @@ -0,0 +1,28 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->路径敏感分析->跳转语句 +# scene introduction = continue-嵌套循环 +# level = 4+ +# bind_url = accuracy/path_sensitive/explicit_jump_control/continue_nested_002_F +# evaluation information end +import os + +def continue_nested_002_F(taint_src): + res = "" + for i in range(3): + for j in range(3): + if i == 1 and j == 0: + res = taint_src # 设置污点数据 + continue # 跳过内层循环本次迭代 + # continue跳过后执行这里,但传递安全数据 + safe_data = "safe_value" + taint_sink(safe_data) # 不应检出 - 传递安全数据 + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + continue_nested_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/other/ellipsis/ellipsis_002_F.py b/sast-python3/case/completeness/other/ellipsis/ellipsis_002_F.py index 44b50a8b..c7348e42 100644 --- a/sast-python3/case/completeness/other/ellipsis/ellipsis_002_F.py +++ b/sast-python3/case/completeness/other/ellipsis/ellipsis_002_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->其他->ellipsis # scene introduction = 占位符 # level = 2+ diff --git a/sast-python3/case/completeness/other/ellipsis/ellipsis_004_F.py b/sast-python3/case/completeness/other/ellipsis/ellipsis_004_F.py index f8266341..806b1236 100644 --- a/sast-python3/case/completeness/other/ellipsis/ellipsis_004_F.py +++ b/sast-python3/case/completeness/other/ellipsis/ellipsis_004_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->其他->ellipsis # scene introduction = 切片占位 # level = 2+ diff --git a/sast-python3/case/completeness/single_app_tracing/alias/alias_001_T.py b/sast-python3/case/completeness/single_app_tracing/alias/alias_001_T.py index 980808e2..722bc6c7 100644 --- a/sast-python3/case/completeness/single_app_tracing/alias/alias_001_T.py +++ b/sast-python3/case/completeness/single_app_tracing/alias/alias_001_T.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = false +# real case = true # evaluation item = 完整度->单应用跟踪完整度->别名 # scene introduction = 别名问题 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/alias/alias_006_F.py b/sast-python3/case/completeness/single_app_tracing/alias/alias_006_F.py index 5c303f7f..d5dd07e8 100644 --- a/sast-python3/case/completeness/single_app_tracing/alias/alias_006_F.py +++ b/sast-python3/case/completeness/single_app_tracing/alias/alias_006_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->别名 # scene introduction = 列表元素别名 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/class/complex_object/config.json b/sast-python3/case/completeness/single_app_tracing/class/complex_object/config.json index 9a023627..e840f3cd 100644 --- a/sast-python3/case/completeness/single_app_tracing/class/complex_object/config.json +++ b/sast-python3/case/completeness/single_app_tracing/class/complex_object/config.json @@ -34,6 +34,18 @@ { "compose": "inject_data_new_005_T.py && !inject_data_new_006_F.py", "scene": "运行时动态创建实例" + }, + { + "compose": "multi_level_inheritance_001_T.py && !multi_level_inheritance_002_F.py", + "scene": "多级继承" + }, + { + "compose": "multiple_inheritance_001_T.py && !multiple_inheritance_002_F.py", + "scene": "多重继承" + }, + { + "compose": "no_init_child_class_001_T.py && !no_init_child_class_002_F.py", + "scene": "父类init函数自动调用" } ] } diff --git a/sast-python3/case/completeness/single_app_tracing/class/complex_object/multi_level_inheritance_001_T.py b/sast-python3/case/completeness/single_app_tracing/class/complex_object/multi_level_inheritance_001_T.py new file mode 100644 index 00000000..3b2019c9 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/class/complex_object/multi_level_inheritance_001_T.py @@ -0,0 +1,39 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +# scene introduction = 多级继承 +# level = 2+ +# bind_url = completeness/single_app_tracing/class/complex_object/multi_level_inheritance_001_T +# evaluation information end + +import os + +def multi_level_inheritance_001_T(taint_src): + class C: + def __init__(self, data): + self.data_c = data # 最底层存储数据 + + class B(C): + def __init__(self, data): + super().__init__(data) # 调用C的构造函数 + self.data_b = "_B" # 添加B自己的数据 + + class A(B): + def __init__(self, data): + super().__init__(data) # 调用B的构造函数 → 调用C的构造函数 + self.data_a = "_A" # 添加A自己的数据 + + def get_combined_data(self): + return self.data_c + self.data_b + self.data_a + + obj = A(taint_src) # 污染数据进入继承链 + taint_sink(obj.get_combined_data()) + + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + multi_level_inheritance_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/class/complex_object/multi_level_inheritance_002_F.py b/sast-python3/case/completeness/single_app_tracing/class/complex_object/multi_level_inheritance_002_F.py new file mode 100644 index 00000000..959c4bf8 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/class/complex_object/multi_level_inheritance_002_F.py @@ -0,0 +1,39 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +# scene introduction = 多级继承 +# level = 2+ +# bind_url = completeness/single_app_tracing/class/complex_object/multi_level_inheritance_002_F +# evaluation information end + +import os + +def multi_level_inheritance_002_F(taint_src): + class C: + def __init__(self, data): + self.data_c = data # 最底层存储数据 + + class B(C): + def __init__(self, data): + super().__init__(data) # 调用C的构造函数 + self.data_b = "_B" # 添加B自己的数据 + + class A(B): + def __init__(self, data): + super().__init__(data) # 调用B的构造函数 → 调用C的构造函数 + self.data_a = "_A" # 添加A自己的数据 + + def get_combined_data(self): + return self.data_c + self.data_b + self.data_a + + obj = A("_") + taint_sink(obj.get_combined_data()) + + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + multi_level_inheritance_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/class/complex_object/multiple_inheritance_001_T.py b/sast-python3/case/completeness/single_app_tracing/class/complex_object/multiple_inheritance_001_T.py new file mode 100644 index 00000000..d148b44b --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/class/complex_object/multiple_inheritance_001_T.py @@ -0,0 +1,38 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +# scene introduction = 多重继承 +# level = 2+ +# bind_url = completeness/single_app_tracing/class/complex_object/multiple_inheritance_001_T +# evaluation information end + +import os + +def multiple_inheritance_001_T(taint_src): + class A: + def __init__(self, data): + self.data_a = data + + class B: + def __init__(self, data): + self.data_b = data + + class C(A, B): + def __init__(self, data): + A.__init__(self, data) + B.__init__(self, data) + + def get_result(self): + return self.data_a + self.data_b + + obj = C(taint_src) + taint_sink(obj.get_result()) + + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + multiple_inheritance_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/class/complex_object/multiple_inheritance_002_F.py b/sast-python3/case/completeness/single_app_tracing/class/complex_object/multiple_inheritance_002_F.py new file mode 100644 index 00000000..f89688d8 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/class/complex_object/multiple_inheritance_002_F.py @@ -0,0 +1,38 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +# scene introduction = 多重继承 +# level = 2+ +# bind_url = completeness/single_app_tracing/class/complex_object/multiple_inheritance_002_F +# evaluation information end + +import os + +def multiple_inheritance_002_F(taint_src): + class A: + def __init__(self, data): + self.data_a = data + + class B: + def __init__(self, data): + self.data_b = data + + class C(A, B): + def __init__(self, data): + A.__init__(self, data) + B.__init__(self, data) + + def get_result(self): + return self.data_a + self.data_b + + obj = C("_") + taint_sink(obj.get_result()) + + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + multiple_inheritance_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/class/complex_object/no_init_child_class_001_T.py b/sast-python3/case/completeness/single_app_tracing/class/complex_object/no_init_child_class_001_T.py new file mode 100644 index 00000000..08c5a190 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/class/complex_object/no_init_child_class_001_T.py @@ -0,0 +1,35 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +# scene introduction = 父类init函数自动调用 +# level = 2+ +# bind_url = completeness/single_app_tracing/class/complex_object/no_init_child_class_001_T +# evaluation information end + +import os + +def no_init_child_class_001_T(taint_src): + class Parent: + def __init__(self, data): + # 父类构造函数直接接收外部数据 + self.data = data + + class Child(Parent): + # 子类没有定义__init__方法,会自动调用父类的__init__ + def process_data(self): + # 子类方法处理从父类继承的污染数据 + return self.data + + # 创建子类实例时,自动调用Parent.__init__(taint_src) + obj = Child(taint_src) + + # 通过子类方法访问继承的污染属性 + taint_sink(obj.process_data()) + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + no_init_child_class_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/class/complex_object/no_init_child_class_002_F.py b/sast-python3/case/completeness/single_app_tracing/class/complex_object/no_init_child_class_002_F.py new file mode 100644 index 00000000..8e044ce5 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/class/complex_object/no_init_child_class_002_F.py @@ -0,0 +1,35 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +# scene introduction = 父类init函数自动调用 +# level = 2+ +# bind_url = completeness/single_app_tracing/class/complex_object/no_init_child_class_002_F +# evaluation information end + +import os + +def no_init_child_class_002_F(taint_src): + class Parent: + def __init__(self, data): + # 父类构造函数直接接收外部数据 + self.data = data + + class Child(Parent): + # 子类没有定义__init__方法,会自动调用父类的__init__ + def process_data(self): + # 子类方法处理从父类继承的污染数据 + return self.data + + # 创建子类实例时,自动调用Parent.__init__(taint_src) + obj = Child("_") + + # 通过子类方法访问继承的污染属性 + taint_sink(obj.process_data()) + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + no_init_child_class_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/control_flow/assert/assert_002_F.py b/sast-python3/case/completeness/single_app_tracing/control_flow/assert/assert_002_F.py index cbc5312e..49f0d25f 100644 --- a/sast-python3/case/completeness/single_app_tracing/control_flow/assert/assert_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/control_flow/assert/assert_002_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->流程控制语句->断言 # scene introduction = 验证输入值 # level = 2+ diff --git a/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_matchStar_004_F.py b/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_matchStar_004_F.py index 54a2ead6..6280e33f 100644 --- a/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_matchStar_004_F.py +++ b/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_matchStar_004_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->流程控制语句->条件语句 # scene introduction = 星号匹配->字典嵌套 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_004_F.py b/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_004_F.py index d5abbb6c..9a3dfc4a 100644 --- a/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_004_F.py +++ b/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_004_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->流程控制语句->条件语句 # scene introduction = match_or # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/control_flow/loop_stmt/while_else_002_F.py b/sast-python3/case/completeness/single_app_tracing/control_flow/loop_stmt/while_else_002_F.py index 22e68435..1c9c7447 100644 --- a/sast-python3/case/completeness/single_app_tracing/control_flow/loop_stmt/while_else_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/control_flow/loop_stmt/while_else_002_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->流程控制语句->循环结构 # scene introduction = while_else # level = 4 diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/config.json b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/config.json index 0a31dc30..91732d2b 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/config.json +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/config.json @@ -25,6 +25,10 @@ { "compose": "(cross_file_009_T/cross_file_009_T_a.py || cross_file_009_T/cross_file_009_T_b.py) && !(cross_file_010_F/cross_file_010_F_a.py || cross_file_010_F/cross_file_010_F_b.py)", "scene": "同级目录相对导入" + }, + { + "compose": "(dynamic_import_001_T/dynamic_import_001_T_a.py || dynamic_import_001_T/dynamic_import_001_T_b.py) && !(dynamic_import_002_F/dynamic_import_002_F_a.py || dynamic_import_002_F/dynamic_import_002_F_b.py)", + "scene": "动态导入" } ] } diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_001_T/dynamic_import_001_T_a.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_001_T/dynamic_import_001_T_a.py new file mode 100644 index 00000000..294c933c --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_001_T/dynamic_import_001_T_a.py @@ -0,0 +1,11 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨文件 +# scene introduction = 动态导入-函数调用 +# level = 2 +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_001_T/dynamic_import_001_T_a +# evaluation information end + +def get_taint_data(taint_src): + return f"dynamic_{taint_src}" \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_001_T/dynamic_import_001_T_b.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_001_T/dynamic_import_001_T_b.py new file mode 100644 index 00000000..b66e850a --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_001_T/dynamic_import_001_T_b.py @@ -0,0 +1,29 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨文件 +# scene introduction = 动态导入-函数调用 +# level = 2 +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_001_T/dynamic_import_001_T_b +# evaluation information end + +import os + +def dynamic_import_001_T_b(taint_src): + # 动态导入模块 + module_name = "dynamic_import_001_T_a" + imported_module = __import__(module_name) + + # 调用动态导入模块中的函数 + result = imported_module.get_taint_data(taint_src) + + # 验证动态导入后的数据传递 + taint_sink(result) + +def taint_sink(o): + os.system(str(o)) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + dynamic_import_001_T_b(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_002_F/dynamic_import_002_F_a.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_002_F/dynamic_import_002_F_a.py new file mode 100644 index 00000000..d4126f82 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_002_F/dynamic_import_002_F_a.py @@ -0,0 +1,11 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨文件 +# scene introduction = 动态导入-安全数据调用 +# level = 2 +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_002_F/dynamic_import_002_F_a +# evaluation information end + +def get_safe_data(taint_src): + return "safe_data" # 返回安全数据,不是污点数据 \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_002_F/dynamic_import_002_F_b.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_002_F/dynamic_import_002_F_b.py new file mode 100644 index 00000000..5b68b94c --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_002_F/dynamic_import_002_F_b.py @@ -0,0 +1,29 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨文件 +# scene introduction = 动态导入-安全数据调用 +# level = 2 +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_002_F/dynamic_import_002_F_b +# evaluation information end + +import os + +def dynamic_import_002_F_b(taint_src): + # 动态导入模块(与正例相同的路径) + module_name = "dynamic_import_002_F_a" + imported_module = __import__(module_name) + + # 调用动态导入模块中的函数,但获取安全数据 + result = imported_module.get_safe_data(taint_src) + + # 验证动态导入后的安全数据传递 + taint_sink(result) # 不应检出 - 传递的是安全数据 + +def taint_sink(o): + os.system(str(o)) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + dynamic_import_002_F_b(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/array/array_extend_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/array/array_extend_001_T.py new file mode 100644 index 00000000..1d724c2f --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/array/array_extend_001_T.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->数组 +# scene introduction = extend操作 +# level = 2+ +# bind_url = completeness/single_app_tracing/datatype/array/array_extend_001_T +# evaluation information end + +import os +import array + +def array_extend_001_T(taint_src): + # 创建初始数组 + arr = array.array('u', ['a', 'b']) + + tainted_arr = array.array('u', [taint_src[0]]) + + # 执行extend操作 + arr.extend(tainted_arr) + + # 传递给sink + taint_sink(arr) + +def taint_sink(o): + os.system(''.join(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + array_extend_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/array/array_extend_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/array/array_extend_002_F.py new file mode 100644 index 00000000..db1f941e --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/array/array_extend_002_F.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->数组 +# scene introduction = extend操作 +# level = 2+ +# bind_url = completeness/single_app_tracing/datatype/array/array_extend_002_F +# evaluation information end + +import os +import array + +def array_extend_002_F(taint_src): + # 创建初始数组 + arr = array.array('u', ['a', 'b']) + + clean_arr = array.array('u', ['x']) + + # 执行extend操作 + arr.extend(clean_arr) + + # 传递给sink + taint_sink(arr) + +def taint_sink(o): + os.system(''.join(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + array_extend_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/array/config.json b/sast-python3/case/completeness/single_app_tracing/datatype/array/config.json index b0980d40..de7db0ac 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/array/config.json +++ b/sast-python3/case/completeness/single_app_tracing/datatype/array/config.json @@ -23,6 +23,10 @@ "compose": "array_003_T.py && !array_004_F.py", "scene": "append操作" }, + { + "compose": "array_extend_001_T.py && !array_extend_002_F.py", + "scene": "extend操作" + }, { "compose": "extslice_001_T.py && !extslice_002_F.py", "scene": "多维切片" diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_extend_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_extend_001_T.py new file mode 100644 index 00000000..1723eeaf --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_extend_001_T.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->可变字节序列 +# scene introduction = bytearray扩展操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/bytearray/bytearray_extend_001_T +# evaluation information end + +import os + +def bytearray_extend_001_T(taint_src): + # 创建初始的干净bytearray + ba = bytearray("clean_data", 'utf-8') + + # 创建包含污点数据的bytes + tainted_bytes = bytearray(taint_src, 'utf-8') + + # 使用extend操作扩展污点数据 + ba.extend(tainted_bytes) + + # 将扩展后的bytearray传递给sink,期望引擎识别出污点数据 + taint_sink(ba) + +def taint_sink(o): + os.system(bytes(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + bytearray_extend_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_extend_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_extend_002_F.py new file mode 100644 index 00000000..0795b803 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_extend_002_F.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->可变字节序列 +# scene introduction = bytearray扩展操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/bytearray/bytearray_extend_002_F +# evaluation information end + +import os + +def bytearray_extend_002_F(taint_src): + # 创建初始的干净bytearray + ba = bytearray("clean_data", 'utf-8') + + # 创建干净的bytes数据 + clean_bytes = bytearray("more_clean_data", 'utf-8') + + # 使用extend操作扩展干净数据 + ba.extend(clean_bytes) + + # 将扩展后的bytearray传递给sink,期望引擎不识别为污点数据 + taint_sink(ba) + +def taint_sink(o): + os.system(bytes(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + bytearray_extend_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_slice_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_slice_001_T.py new file mode 100644 index 00000000..97e22b2d --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_slice_001_T.py @@ -0,0 +1,28 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->可变字节序列 +# scene introduction = bytearray切片操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/bytearray/bytearray_slice_001_T +# evaluation information end + +import os + +def bytearray_slice_001_T(taint_src): + # 创建包含污点数据的bytearray + clean_part = "clean_data_" + ba = bytearray(clean_part + taint_src, 'utf-8') + + # 通过切片操作提取包含污点数据的部分 + tainted_slice = ba[len(clean_part):len(clean_part) + len(taint_src)] + + # 将切片结果传递给sink,期望引擎识别出污点数据 + taint_sink(tainted_slice) + +def taint_sink(o): + os.system(bytes(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + bytearray_slice_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_slice_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_slice_002_F.py new file mode 100644 index 00000000..d1da54b8 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_slice_002_F.py @@ -0,0 +1,28 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->可变字节序列 +# scene introduction = bytearray切片操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/bytearray/bytearray_slice_002_F +# evaluation information end + +import os + +def bytearray_slice_002_F(taint_src): + # 创建只包含干净数据的bytearray + clean_data = "clean_data_only" + ba = bytearray(clean_data, 'utf-8') + + # 通过切片操作提取部分数据 + clean_slice = ba[0:5] # 提取"clean" + + # 将切片结果传递给sink,期望引擎不识别为污点数据 + taint_sink(clean_slice) + +def taint_sink(o): + os.system(bytes(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + bytearray_slice_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/config.json b/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/config.json index 8ef1d3f0..55de22a5 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/config.json +++ b/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/config.json @@ -9,6 +9,14 @@ { "compose": "bytearray_001_T.py && !bytearray_002_F.py", "scene": "构造函数形式" + }, + { + "compose": "bytearray_slice_001_T.py && !bytearray_slice_002_F.py", + "scene": "切片操作" + }, + { + "compose": "bytearray_extend_001_T.py && !bytearray_extend_002_F.py", + "scene": "扩展操作" } ] } diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/collections/config.json b/sast-python3/case/completeness/single_app_tracing/datatype/collections/config.json index 10037be8..19166444 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/collections/config.json +++ b/sast-python3/case/completeness/single_app_tracing/datatype/collections/config.json @@ -26,6 +26,10 @@ { "compose": "set_007_T.py && !set_008_F.py", "scene": "差集操作" + }, + { + "compose": "set_remove_001_T.py && !set_remove_002_F.py", + "scene": "set元素删除操作" } ] } diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/collections/set_006_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/collections/set_006_F.py index c370ab3c..2e2f4df6 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/collections/set_006_F.py +++ b/sast-python3/case/completeness/single_app_tracing/datatype/collections/set_006_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->集合 # scene introduction = 交集-并集 # level = 2+ diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/collections/set_remove_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/collections/set_remove_001_T.py new file mode 100644 index 00000000..ae6ef758 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/collections/set_remove_001_T.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->集合 +# scene introduction = set元素删除操作 +# level = 2+ +# bind_url = completeness/single_app_tracing/datatype/collections/set_remove_001_T +# evaluation information end + +import os + +def set_remove_001_T(taint_src): + # 创建包含污点数据的set + s = {taint_src, 'clean1', 'clean2'} + + # 从set中删除污点元素 + s.remove('clean1') + + # 将删除后的set传递给sink + taint_sink(s) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + set_remove_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/collections/set_remove_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/collections/set_remove_002_F.py new file mode 100644 index 00000000..5526a7c3 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/collections/set_remove_002_F.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->集合 +# scene introduction = set元素删除操作 +# level = 2+ +# bind_url = completeness/single_app_tracing/datatype/collections/set_remove_002_F +# evaluation information end + +import os + +def set_remove_002_F(taint_src): + # 创建只包含干净数据的set + s = {taint_src, 'clean2', 'clean3'} + + # 从set中删除干净元素 + s.remove(taint_src) + + # 将删除后的set传递给sink + taint_sink(s) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + set_remove_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/config.json b/sast-python3/case/completeness/single_app_tracing/datatype/list/config.json index 9595fa87..1607d8cd 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/list/config.json +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/config.json @@ -18,6 +18,26 @@ "compose": "list_005_T.py && !list_006_F.py", "scene": "append操作" }, + { + "compose": "list_extend_001_T.py && !list_extend_002_F.py", + "scene": "extend操作" + }, + { + "compose": "list_insert_001_T.py && !list_insert_002_F.py", + "scene": "insert操作" + }, + { + "compose": "list_remove_001_T.py && !list_remove_002_F.py", + "scene": "remove操作" + }, + { + "compose": "list_pop_001_T.py && !list_pop_002_F.py", + "scene": "pop操作" + }, + { + "compose": "list_concat_001_T.py && !list_concat_002_F.py", + "scene": "连接操作" + }, { "compose": "list_007_T.py && !list_008_F.py", "scene": "泛型容器类型" diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_concat_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_concat_001_T.py new file mode 100644 index 00000000..cd4ae1d8 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_concat_001_T.py @@ -0,0 +1,31 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->列表 +# scene introduction = 连接操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/list/list_concat_001_T +# evaluation information end + +import os + +def list_concat_001_T(taint_src): + + # 创建包含污点数据的列表 + lst2 = [taint_src, 'clean3'] + + # 创建初始列表 + lst1 = ['clean1', 'clean2'] + + # 执行连接操作(+运算符) + result = lst2 + lst1 + + # 传递给sink + taint_sink(result) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + list_concat_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_concat_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_concat_002_F.py new file mode 100644 index 00000000..962e2bcb --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_concat_002_F.py @@ -0,0 +1,29 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->列表 +# scene introduction = 连接操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/list/list_concat_002_F +# evaluation information end + +import os + +def list_concat_002_F(taint_src): + # 创建初始列表 + lst1 = ['clean1', 'clean2'] + + lst2 = ['clean3', 'clean4'] + + # 执行连接操作(+运算符) + result = lst1 + lst2 + + # 传递给sink + taint_sink(result) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + list_concat_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_extend_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_extend_001_T.py new file mode 100644 index 00000000..2d5fc1de --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_extend_001_T.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->列表 +# scene introduction = extend操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/list/list_extend_001_T +# evaluation information end + +import os + +def list_extend_001_T(taint_src): + # 创建初始列表 + tainted_list = [taint_src] + + # 创建初始列表 + lst = ['clean1', 'clean2'] + + # 执行extend操作,将污点数据扩展到干净列表 + tainted_list.extend(lst) + + # 传递给sink + taint_sink(tainted_list) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + list_extend_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_extend_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_extend_002_F.py new file mode 100644 index 00000000..bcdf9616 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_extend_002_F.py @@ -0,0 +1,29 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->列表 +# scene introduction = extend操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/list/list_extend_002_F +# evaluation information end + +import os + +def list_extend_002_F(taint_src): + # 创建初始列表 + lst = ['clean1', 'clean2'] + + tainted_list = ['clean3'] + + # 执行extend操作 + tainted_list.extend(lst) + + # 传递给sink + taint_sink(tainted_list) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + list_extend_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_insert_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_insert_001_T.py new file mode 100644 index 00000000..3c98cdc5 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_insert_001_T.py @@ -0,0 +1,28 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->列表 +# scene introduction = insert操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/list/list_insert_001_T +# evaluation information end + +import os + +def list_insert_001_T(taint_src): + + # 创建初始列表 + lst = ['clean1', 'clean2'] + + # 在指定位置插入数据 + lst.insert(0, taint_src) + + # 传递给sink + taint_sink(lst) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + list_insert_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_insert_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_insert_002_F.py new file mode 100644 index 00000000..7dcbb275 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_insert_002_F.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->列表 +# scene introduction = insert操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/list/list_insert_002_F +# evaluation information end + +import os + +def list_insert_002_F(taint_src): + # 创建初始列表 + lst = ['clean1', 'clean2'] + + # 在指定位置插入干净数据 + lst.insert(0, 'clean3') + + # 传递给sink + taint_sink(lst) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + list_insert_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_pop_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_pop_001_T.py new file mode 100644 index 00000000..c704f15b --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_pop_001_T.py @@ -0,0 +1,28 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->列表 +# scene introduction = pop操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/list/list_pop_001_T +# evaluation information end + +import os + +def list_pop_001_T(taint_src): + + # 创建包含污点数据的列表,污点元素在首位 + lst = [taint_src, 'clean1', 'clean2'] + + # 弹出指定位置的元素(污点元素) + popped = lst.pop(0) + + # 将弹出的元素传递给sink + taint_sink(popped) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + list_pop_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_pop_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_pop_002_F.py new file mode 100644 index 00000000..a26784ab --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_pop_002_F.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->列表 +# scene introduction = pop操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/list/list_pop_002_F +# evaluation information end + +import os + +def list_pop_002_F(taint_src): + # 创建包含干净数据的列表 + lst = ['clean1', taint_src, 'clean3'] + + # 弹出指定位置的元素(干净元素) + popped = lst.pop(0) + + # 将弹出的元素传递给sink + taint_sink(popped) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + list_pop_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_remove_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_remove_001_T.py new file mode 100644 index 00000000..afb527e2 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_remove_001_T.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->列表 +# scene introduction = remove操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/list/list_remove_001_T +# evaluation information end + +import os + +def list_remove_001_T(taint_src): + # 创建包含污点数据的列表 + lst = ['clean1', taint_src, 'clean3'] + + # 删除污点元素 + lst.remove('clean1') + + # 传递给sink + taint_sink(lst) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + list_remove_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_remove_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_remove_002_F.py new file mode 100644 index 00000000..ae3e1d75 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_remove_002_F.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->列表 +# scene introduction = remove操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/list/list_remove_002_F +# evaluation information end + +import os + +def list_remove_002_F(taint_src): + # 创建包含干净数据的列表 + lst = ['clean1', taint_src, 'clean3'] + + # 删除干净元素 + lst.remove(taint_src) + + # 传递给sink + taint_sink(lst) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + list_remove_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/map/config.json b/sast-python3/case/completeness/single_app_tracing/datatype/map/config.json index 14e75f4c..adf9ce94 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/map/config.json +++ b/sast-python3/case/completeness/single_app_tracing/datatype/map/config.json @@ -14,6 +14,10 @@ "compose": "map_003_T.py && !map_004_F.py", "scene": "字典/映射(Map)对象2" }, + { + "compose": "map_pop_001_T.py && !map_pop_002_F.py", + "scene": "pop操作" + }, { "compose": "map_009_T.py && !map_010_F.py", "scene": "泛型映射" diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/map/map_pop_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/map/map_pop_001_T.py new file mode 100644 index 00000000..9a7b70db --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/map/map_pop_001_T.py @@ -0,0 +1,26 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字典 +# scene introduction = pop操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/map/map_pop_001_T +# evaluation information end + +import os + +def map_pop_001_T(taint_src): + # 创建包含污点数据的字典 + m = {"key1": taint_src, "key2": "clean"} + + # 弹出指定键的值(污点值) + popped_value = m.pop("key1") + # 将弹出的值传递给sink + taint_sink(popped_value) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + map_pop_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/map/map_pop_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/map/map_pop_002_F.py new file mode 100644 index 00000000..39f081f4 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/map/map_pop_002_F.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字典 +# scene introduction = pop操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/map/map_pop_002_F +# evaluation information end + +import os + +def map_pop_002_F(taint_src): + # 创建包含干净数据的字典 + m = {"key1": "clean1", "key2": taint_src} + + # 弹出指定键的值(干净值) + popped_value = m.pop("key1") + + # 将弹出的值传递给sink + taint_sink(popped_value) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + map_pop_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/primitives/bool_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/primitives/bool_002_F.py index 2a745afc..60730f1b 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/primitives/bool_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/datatype/primitives/bool_002_F.py @@ -9,11 +9,12 @@ import os def bool_002_F(taint_src): - taint_sink(taint_src) + tainted_bool = False + taint_sink(tainted_bool) def taint_sink(o): os.system(str(o)) if __name__ == "__main__": - taint_src = False + taint_src = True bool_002_F(taint_src) diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/config.json b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/config.json index 2da4fcba..55aa7b93 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/config.json +++ b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/config.json @@ -18,6 +18,22 @@ { "compose": "tuple_003_T.py && !tuple_004_F.py", "scene": "解包操作" + }, + { + "compose": "tuple_index_001_T.py && !tuple_index_002_F.py", + "scene": "元组索引访问" + }, + { + "compose": "tuple_slice_001_T.py && !tuple_slice_002_F.py", + "scene": "元组切片操作" + }, + { + "compose": "tuple_concat_001_T.py && !tuple_concat_002_F.py", + "scene": "元组连接操作" + }, + { + "compose": "tuple_repeat_001_T.py && !tuple_repeat_002_F.py", + "scene": "元组重复操作" } ] } diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_002_F.py index c68c8549..71285384 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_002_F.py @@ -1,5 +1,5 @@ # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->元组 # scene introduction = 元组字面量 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_004_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_004_F.py index 9bb62c89..70b06d89 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_004_F.py +++ b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_004_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->元组 # scene introduction = 解包操作 # level = 2+ diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_concat_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_concat_001_T.py new file mode 100644 index 00000000..ed29c9b8 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_concat_001_T.py @@ -0,0 +1,33 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->元组 +# scene introduction = 元组连接操作 +# level = 2+ +# bind_url = completeness/single_app_tracing/datatype/tuple/tuple_concat_001_T +# evaluation information end + +import os + +def tuple_concat_001_T(taint_src): + # 直接使用污点数据 + tainted_data = taint_src + + # 创建包含污点数据的元组 + t1 = (tainted_data,) + + # 创建干净的元组 + t2 = ("clean1", "clean2") + + # 执行连接操作 + result = t1 + t2 + + # 传递给sink + taint_sink(result) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + tuple_concat_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_concat_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_concat_002_F.py new file mode 100644 index 00000000..b498d758 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_concat_002_F.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->元组 +# scene introduction = 元组连接操作 +# level = 2+ +# bind_url = completeness/single_app_tracing/datatype/tuple/tuple_concat_002_F +# evaluation information end + +import os + +def tuple_concat_002_F(taint_src): + # 创建干净的元组 + t1 = ("clean1",) + + # 创建干净的元组 + t2 = ("clean2", "clean3") + + # 执行连接操作 + result = t1 + t2 + + # 传递给sink + taint_sink(result) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + tuple_concat_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_index_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_index_001_T.py new file mode 100644 index 00000000..7e7af560 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_index_001_T.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->元组 +# scene introduction = 元组索引访问 +# level = 2+ +# bind_url = completeness/single_app_tracing/datatype/tuple/tuple_index_001_T +# evaluation information end + +import os + +def tuple_index_001_T(taint_src): + # 直接使用污点数据 + tainted_data = taint_src + + # 创建包含污点数据的元组 + t = (tainted_data, "clean1", "clean2") + + # 访问第一个元素 + first_item = t[0] + + # 传递给sink + taint_sink(first_item) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + tuple_index_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_index_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_index_002_F.py new file mode 100644 index 00000000..94cca3c8 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_index_002_F.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->元组 +# scene introduction = 元组索引访问 +# level = 2+ +# bind_url = completeness/single_app_tracing/datatype/tuple/tuple_index_002_F +# evaluation information end + +import os + +def tuple_index_002_F(taint_src): + # 创建包含干净数据的元组 + t = ("clean1", taint_src, "clean3") + + # 访问第一个元素 + first_item = t[0] + + # 传递给sink + taint_sink(first_item) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + tuple_index_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_repeat_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_repeat_001_T.py new file mode 100644 index 00000000..b6b9ea45 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_repeat_001_T.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->元组 +# scene introduction = 元组重复操作 +# level = 2+ +# bind_url = completeness/single_app_tracing/datatype/tuple/tuple_repeat_001_T +# evaluation information end + +import os + +def tuple_repeat_001_T(taint_src): + # 直接使用污点数据 + tainted_data = taint_src + + # 创建包含污点数据的元组 + t = (tainted_data,) + + # 执行重复操作 + result = t * 3 + + # 传递给sink + taint_sink(result) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + tuple_repeat_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_repeat_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_repeat_002_F.py new file mode 100644 index 00000000..0725a43a --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_repeat_002_F.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->元组 +# scene introduction = 元组重复操作 +# level = 2+ +# bind_url = completeness/single_app_tracing/datatype/tuple/tuple_repeat_002_F +# evaluation information end + +import os + +def tuple_repeat_002_F(taint_src): + # 创建干净的元组 + t = ("clean1",) + + # 执行重复操作 + result = t * 3 + + # 传递给sink + taint_sink(result) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + tuple_repeat_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_slice_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_slice_001_T.py new file mode 100644 index 00000000..c77d5fc5 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_slice_001_T.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->元组 +# scene introduction = 元组切片操作 +# level = 2+ +# bind_url = completeness/single_app_tracing/datatype/tuple/tuple_slice_001_T +# evaluation information end + +import os + +def tuple_slice_001_T(taint_src): + # 直接使用污点数据 + tainted_data = taint_src + + # 创建包含污点数据的元组 + t = ("clean1", tainted_data, "clean2") + + # 执行切片操作,获取包含污点的部分 + slice_result = t[1:2] + + # 传递给sink + taint_sink(slice_result) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + tuple_slice_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_slice_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_slice_002_F.py new file mode 100644 index 00000000..0e5a8db7 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_slice_002_F.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->元组 +# scene introduction = 元组切片操作 +# level = 2+ +# bind_url = completeness/single_app_tracing/datatype/tuple/tuple_slice_002_F +# evaluation information end + +import os + +def tuple_slice_002_F(taint_src): + # 创建包含干净数据的元组 + t = (taint_src, "clean2", "clean3") + + # 执行切片操作 + slice_result = t[1:2] + + # 传递给sink + taint_sink(slice_result) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + tuple_slice_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_catch_001_T.py b/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_catch_001_T.py index 6d365d92..b2de8416 100644 --- a/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_catch_001_T.py +++ b/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_catch_001_T.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = false +# real case = true # evaluation item = 完整度->单应用跟踪完整度->异常与错误处理->异常抛出与捕获 # scene introduction = exception_catch # level = 2+ diff --git a/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_mult_002_F.py b/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_mult_002_F.py index 325f5b9b..1e9661ec 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_mult_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_mult_002_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 # scene introduction = 二元运算->乘 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_sub_002_F.py b/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_sub_002_F.py index e6b60637..47f380fc 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_sub_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_sub_002_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 # scene introduction = 二元运算->减 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/expression/conditional_expression/logical_or_002_F.py b/sast-python3/case/completeness/single_app_tracing/expression/conditional_expression/logical_or_002_F.py index 9843bf64..df509edb 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/conditional_expression/logical_or_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/conditional_expression/logical_or_002_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->条件表达式 # scene introduction = 逻辑或 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/config.json b/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/config.json index 79def60c..a4c2401f 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/config.json +++ b/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/config.json @@ -9,6 +9,10 @@ { "compose": "lambda_expression_001_T.py && !lambda_expression_002_F.py", "scene": "lambda关键字" + }, + { + "compose": "lambda_multi_params_001_T.py && !lambda_multi_params_002_F.py", + "scene": "多参数lambda表达式" } ] } diff --git a/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/lambda_multi_params_001_T.py b/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/lambda_multi_params_001_T.py new file mode 100644 index 00000000..36483aa5 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/lambda_multi_params_001_T.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->表达式->Lambda表达式 +# scene introduction = 多参数lambda表达式 +# level = 2 +# bind_url = completeness/single_app_tracing/expression/lambda_expression/lambda_multi_params_001_T +# evaluation information end + +import os + +def lambda_multi_params_001_T(taint_src): + # 直接使用污点数据 + tainted_data = taint_src + + # 创建多参数lambda函数 + lambda_func = lambda x, y, z: x + y + z + + # 调用lambda函数,第一个参数是污点数据 + result = lambda_func(tainted_data, "_clean", "_clean") + + # 传递给sink + taint_sink(result) + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + lambda_multi_params_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/lambda_multi_params_002_F.py b/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/lambda_multi_params_002_F.py new file mode 100644 index 00000000..5269bb5f --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/lambda_multi_params_002_F.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->表达式->Lambda表达式 +# scene introduction = 多参数lambda表达式 +# level = 2 +# bind_url = completeness/single_app_tracing/expression/lambda_expression/lambda_multi_params_002_F +# evaluation information end + +import os + +def lambda_multi_params_002_F(taint_src): + # 创建多参数lambda函数 + lambda_func = lambda x, y, z: x + y + z + + # 调用lambda函数,两个参数都是干净数据 + result = lambda_func("clean1", "clean2", "clean3") + + # 传递给sink函数,一个参数是污点数据 + taint_sink(result) + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + lambda_multi_params_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_006_F.py b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_006_F.py index 2bfe9d32..3fc521d2 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_006_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_006_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 # scene introduction = del运算符->字典键值对 # level = 2+ diff --git a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_008_F.py b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_008_F.py index 6f389dad..5a3ed68e 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_008_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_008_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 # scene introduction = del运算符->切片 # level = 2+ diff --git a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/list_comprehension_002_F.py b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/list_comprehension_002_F.py index 915ab6d2..7683fdd8 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/list_comprehension_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/list_comprehension_002_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 # scene introduction = 列表推导式 # level = 3 diff --git a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/map_comprehension_002_F.py b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/map_comprehension_002_F.py index f5457289..b53c3e6c 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/map_comprehension_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/map_comprehension_002_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 # scene introduction = 字典推导式 # level = 3 diff --git a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/set_comprehension_001_T.py b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/set_comprehension_001_T.py index a14703bc..fce29dd4 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/set_comprehension_001_T.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/set_comprehension_001_T.py @@ -10,8 +10,8 @@ import os # 调整内容 def set_comprehension_001_T(taint_src): - # 使用集合推导式生成一个包含偶数的集合 - s = {x for x in range(5) if x % taint_src == 0} # 只保留偶数 + # 使用集合推导式,将污点源 taint_src 直接作为集合中的元素(突出集合推导式直接包含污点源) + s = {taint_src for _ in range(1)} # 集合推导式中直接将污点源作为元素输出 taint_sink(s) def taint_sink(o): diff --git a/sast-python3/case/completeness/single_app_tracing/expression/type_cast/bool_conversion_002_F.py b/sast-python3/case/completeness/single_app_tracing/expression/type_cast/bool_conversion_002_F.py index 7ed8477c..704ee846 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/type_cast/bool_conversion_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/type_cast/bool_conversion_002_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->类型转换 # scene introduction = 布尔转换 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/expression/type_cast/type_cast_002_F.py b/sast-python3/case/completeness/single_app_tracing/expression/type_cast/type_cast_002_F.py index a67d8524..ece12278 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/type_cast/type_cast_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/type_cast/type_cast_002_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->类型转换 # scene introduction = 隐式类型转换 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/function_call/generator_function/yieldFrom_001_T.py b/sast-python3/case/completeness/single_app_tracing/function_call/generator_function/yieldFrom_001_T.py index a06a687e..041c1456 100644 --- a/sast-python3/case/completeness/single_app_tracing/function_call/generator_function/yieldFrom_001_T.py +++ b/sast-python3/case/completeness/single_app_tracing/function_call/generator_function/yieldFrom_001_T.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = false +# real case = true # evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->生成器函数 # scene introduction = yield_from # level = 2+ diff --git a/sast-python3/case/completeness/single_app_tracing/function_call/generator_function/yieldFrom_003_T.py b/sast-python3/case/completeness/single_app_tracing/function_call/generator_function/yieldFrom_003_T.py index 4c5e9377..e6ed90da 100644 --- a/sast-python3/case/completeness/single_app_tracing/function_call/generator_function/yieldFrom_003_T.py +++ b/sast-python3/case/completeness/single_app_tracing/function_call/generator_function/yieldFrom_003_T.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = false +# real case = true # evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->生成器函数 # scene introduction = yield_from # level = 2+