From b63c9011148c28e3dbedb2ee67515d1d95dde9cb Mon Sep 17 00:00:00 2001 From: "mengmeng.meng" Date: Tue, 30 Sep 2025 17:04:03 +0800 Subject: [PATCH 1/8] go case update --- .../cross_directory/config.json | 40 +++++++++++++++++++ .../cross/cross_01/cross_01.go | 18 +++++++++ .../cross/cross_01/go.mod | 3 ++ .../cross_directory_011_T_a.go | 23 +++++++++++ .../cross_directory_011_T/go.mod | 7 ++++ .../cross/cross_01/cross_01.go | 18 +++++++++ .../cross/cross_01/go.mod | 3 ++ .../cross_directory_012_F_a.go | 23 +++++++++++ .../cross_directory_012_F/go.mod | 7 ++++ .../cross/other/cross_01/cross_01.go | 18 +++++++++ .../cross/other/cross_01/go.mod | 3 ++ .../cross_directory_013_T_a.go | 23 +++++++++++ .../cross_directory_013_T/go.mod | 7 ++++ .../cross/other/cross_01/cross_01.go | 18 +++++++++ .../cross/other/cross_01/go.mod | 3 ++ .../cross_directory_014_F_a.go | 23 +++++++++++ .../cross_directory_014_F/go.mod | 7 ++++ .../cross/cross_directory_015_T.go | 33 +++++++++++++++ .../cross/cross_init/cross_init.go | 15 +++++++ .../cross_directory_015_T/go.mod | 3 ++ .../cross/cross_directory_016_F.go | 31 ++++++++++++++ .../cross/cross_init/cross_init.go | 16 ++++++++ .../cross_directory_016_F/go.mod | 3 ++ .../cross/cross_directory_017_T.go | 38 ++++++++++++++++++ .../cross/cross_init/cross_init_01.go | 21 ++++++++++ .../cross/cross_init/cross_init_02.go | 20 ++++++++++ .../cross_directory_017_T/go.mod | 3 ++ .../cross/cross_directory_018_F.go | 40 +++++++++++++++++++ .../cross/cross_init/cross_init_01.go | 21 ++++++++++ .../cross/cross_init/cross_init_02.go | 20 ++++++++++ .../cross_directory_018_F/go.mod | 3 ++ .../cross/cross_directory_019_T.go | 38 ++++++++++++++++++ .../cross/cross_init/cross_init_01.go | 23 +++++++++++ .../cross/cross_init/cross_init_02.go | 20 ++++++++++ .../cross_directory_019_T/go.mod | 3 ++ .../cross/cross_directory_020_F.go | 38 ++++++++++++++++++ .../cross/cross_init/cross_init_01.go | 23 +++++++++++ .../cross/cross_init/cross_init_02.go | 20 ++++++++++ .../cross_directory_020_F/go.mod | 3 ++ .../cross_directory_021_T/cross/cross.go | 20 ++++++++++ .../cross_directory_021_T/go.mod | 3 ++ .../main_dir/cross_directory_021_T_a.go | 24 +++++++++++ .../main_dir/cross_directory_021_T_b.go | 25 ++++++++++++ .../other/cross/cross.go | 19 +++++++++ .../cross_directory_022_F/cross/cross.go | 20 ++++++++++ .../cross_directory_022_F/go.mod | 3 ++ .../main_dir/cross_directory_022_F_a.go | 24 +++++++++++ .../main_dir/cross_directory_022_F_b.go | 25 ++++++++++++ .../other/cross/cross.go | 19 +++++++++ .../cross/cross_01/cross_01.go | 14 +++++++ .../cross/cross_directory_023_T.go | 31 ++++++++++++++ .../cross_directory_023_T/go.mod | 3 ++ .../cross/cross_01/cross_01.go | 14 +++++++ .../cross/cross_directory_024_F.go | 33 +++++++++++++++ .../cross_directory_024_F/go.mod | 3 ++ .../cross/cross_01/pkg.go | 23 +++++++++++ .../cross/cross_directory_025_T.go | 32 +++++++++++++++ .../cross_directory_025_T/go.mod | 3 ++ .../cross/cross_01/pkg.go | 23 +++++++++++ .../cross/cross_directory_026_F.go | 32 +++++++++++++++ .../cross_directory_026_F/go.mod | 3 ++ .../cross_directory_027_T/cross_01/pkg.go | 23 +++++++++++ .../cross_directory_027_T/cross_02/pkg.go | 22 ++++++++++ .../cross_directory_027_T.go | 27 +++++++++++++ .../cross_directory_027_T/go.mod | 3 ++ .../cross_directory_028_F/cross_01/pkg.go | 23 +++++++++++ .../cross_directory_028_F/cross_02/pkg.go | 22 ++++++++++ .../cross_directory_028_F.go | 27 +++++++++++++ .../cross_directory_028_F/go.mod | 3 ++ .../cross/cross_directory_029_T.go | 37 +++++++++++++++++ .../cross_directory_029_T/cross/go.mod | 3 ++ .../cross_directory_029_T/cross/pkg/pkg.go | 18 +++++++++ .../cross/cross_directory_030_F.go | 37 +++++++++++++++++ .../cross_directory_030_F/cross/go.mod | 3 ++ .../cross_directory_030_F/cross/pkg/pkg.go | 18 +++++++++ .../cross_module/config.json | 4 ++ .../cross_module_005_T_a/main.go | 32 +++++++++++++++ .../cross_module_005_T_b/main.go | 31 ++++++++++++++ .../cross_module/cross_module_005_T/go.mod | 3 ++ .../cross_module_006_F_a/main.go | 34 ++++++++++++++++ .../cross_module_006_F_b/main.go | 31 ++++++++++++++ .../cross_module/cross_module_006_F/go.mod | 3 ++ .../if_return_nil_001_T.go | 8 ++-- .../if_return_nil_002_F.go | 11 ++--- .../if_return_tuple_001_T.go | 2 + .../multiple_return_struct_001_F.go | 11 ++--- .../multiple_return_struct_002_T.go | 15 +++---- .../named_return_004_T/named_return_004_T.go | 2 +- 88 files changed, 1506 insertions(+), 22 deletions(-) create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/cross_01.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross_directory_011_T_a/cross_directory_011_T_a.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/cross_01.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross_directory_012_F_a/cross_directory_012_F_a.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/cross_01.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross_directory_013_T_a/cross_directory_013_T_a.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/cross_01.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross_directory_014_F_a/cross_directory_014_F_a.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_directory_015_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_init.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_directory_016_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_init.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_directory_017_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_init_01.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_init_02.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_directory_018_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_init_01.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_init_02.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_directory_019_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_init_01.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_init_02.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_directory_020_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_init_01.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_init_02.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/cross/cross.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_a.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_b.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/other/cross/cross.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/cross/cross.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_a.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_b.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/other/cross/cross.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_01/cross_01.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_directory_023_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_01/cross_01.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_directory_024_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_01/pkg.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_directory_025_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_01/pkg.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_directory_026_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_01/pkg.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_02/pkg.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_01/pkg.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_02/pkg.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_directory_029_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/pkg/pkg.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_directory_030_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/pkg/pkg.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/main.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/main.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/main.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/main.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/go.mod diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/config.json b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/config.json index 99274d08..fe5011e6 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/config.json +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/config.json @@ -25,6 +25,46 @@ { "compose": "(cross_directory_009_T/cross/cross_directory_009_T.go || cross_directory_009_T/cross/cross_init/cross_directory_init_009_T.go) && !(cross_directory_010_F/cross/cross_directory_010_F.go || cross_directory_010_F/cross/cross_init/cross_directory_init_010_F.go)", "scene": "跨package5" + }, + { + "compose": "(cross_directory_011_T/cross/cross_01/cross_01.go || cross_directory_011_T/cross_directory_011_T_a/cross_directory_011_T_a.go) && !(cross_directory_012_F/cross/cross_01/cross_01.go || cross_directory_012_F/cross_directory_012_F_a/cross_directory_012_F_a.go)", + "scene": "replace包层级调用链1" + }, + { + "compose": "(cross_directory_013_T/cross/other/cross_01/cross_01.go || cross_directory_013_T/cross_directory_013_T_a/cross_directory_013_T_a.go) && !(cross_directory_014_F/cross/other/cross_01/cross_01.go || cross_directory_014_F/cross_directory_014_F_a/cross_directory_014_F_a.go)", + "scene": "replace包层级调用链2" + }, + { + "compose": "(cross_directory_015_T/cross/cross_init/cross_init.go || cross_directory_015_T/cross/cross_directory_015_T.go) && !(cross_directory_016_F/cross/cross_init/cross_init.go || cross_directory_016_F/cross/cross_directory_016_F.go)", + "scene": "init函数自动执行" + }, + { + "compose": "(cross_directory_017_T/cross/cross_init/cross_init_01.go || cross_directory_017_T/cross/cross_init/cross_init_02.go || cross_directory_017_T/cross/cross_directory_017_T.go) && !(cross_directory_018_F/cross/cross_init/cross_init_01.go || cross_directory_018_F/cross/cross_init/cross_init_02.go || cross_directory_018_F/cross/cross_directory_018_F.go)", + "scene": "多init函数顺序执行1" + }, + { + "compose": "(cross_directory_019_T/cross/cross_init/cross_init_01.go || cross_directory_019_T/cross/cross_init/cross_init_02.go || cross_directory_019_T/cross/cross_directory_019_T.go) && !(cross_directory_020_F/cross/cross_init/cross_init_01.go || cross_directory_020_F/cross/cross_init/cross_init_02.go || cross_directory_020_F/cross/cross_directory_020_F.go)", + "scene": "多init函数顺序执行2" + }, + { + "compose": "(cross_directory_021_T/cross/cross.go || cross_directory_021_T/main_dir/cross_directory_021_T_a.go || cross_directory_021_T/main_dir/cross_directory_021_T_b.go || cross_directory_021_T/other/cross/cross.go) && !(cross_directory_022_F/cross/cross.go || cross_directory_022_F/main_dir/cross_directory_022_F_a.go || cross_directory_022_F/main_dir/cross_directory_022_F_b.go || cross_directory_022_F/other/cross/cross.go)", + "scene": "同名包导入区分" + }, + { + "compose": "(cross_directory_023_T/cross/cross_directory_023_T.go || cross_directory_023_T/cross/cross_01/cross_01.go) && !(cross_directory_024_F/cross/cross_directory_024_F.go || cross_directory_024_F/cross/cross_01/cross_01.go)", + "scene": "可见性校验" + }, + { + "compose": "(cross_directory_025_T/cross/cross_01/pkg.go || cross_directory_025_T/cross/cross_directory_025_T.go) && !(cross_directory_026_F/cross/cross_01/pkg.go || cross_directory_026_F/cross/cross_directory_026_F.go)", + "scene": "导入路径与包名解耦" + }, + { + "compose": "(cross_directory_027_T/cross_01/pkg.go || cross_directory_027_T/cross_02/pkg.go || cross_directory_027_T/cross_directory_027_T.go) && !(cross_directory_028_F/cross_01/pkg.go || cross_directory_028_F/cross_02/pkg.go || cross_directory_028_F/cross_directory_028_F.go)", + "scene": "同名包路径区分" + }, + { + "compose": "(cross_directory_029_T/cross/pkg/pkg.go || cross_directory_029_T/cross/cross_directory_029_T.go) && !(cross_directory_030_F/cross/pkg/pkg.go || cross_directory_030_F/cross/cross_directory_030_F.go)", + "scene": "识别导入根目录" } ] } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/cross_01.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/cross_01.go new file mode 100644 index 00000000..b455ccf6 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/cross_01.go @@ -0,0 +1,18 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = replace包层级调用链 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/cross_01 +// evaluation information end + +package cross_01 +import "os/exec" + +func SayHello(taint_src string) { + __taint_sink(taint_src) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/go.mod new file mode 100644 index 00000000..2c7edc9e --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/go.mod @@ -0,0 +1,3 @@ +module cross/cross_01 + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross_directory_011_T_a/cross_directory_011_T_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross_directory_011_T_a/cross_directory_011_T_a.go new file mode 100644 index 00000000..45d4f8fc --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross_directory_011_T_a/cross_directory_011_T_a.go @@ -0,0 +1,23 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = replace包层级调用链 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross_directory_011_T_a/cross_directory_011_T_a +// evaluation information end + +// 这里有两个go.mod文件 cross_directory_011_T文件夹下的go.mod文件是负责"指路"(replace指令),当看到 import "cross/cross_01" 时 +// 不要去其他地方寻找 应该去本地的 ./cross/cross_01 目录找,cross_01文件夹下的go.mod文件是"亮明身份",告诉go模块 我确实是你要找的文件。 +// 执行跨模块文件时需先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T +// 再执行go run cross_directory_011_T_a/cross_directory_011_T_a.go +package main +import "cross/cross_01" + +func cross_directory_011_T_a(__taint_src string) { + cross_01.SayHello(__taint_src) +} + +func main() { + __taint_src := "taint_src_value" + cross_directory_011_T_a(__taint_src) +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/go.mod new file mode 100644 index 00000000..bb2fdd71 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/go.mod @@ -0,0 +1,7 @@ +module cross_directory_011_T + +go 1.20 + +replace cross/cross_01 => ./cross/cross_01 + +require cross/cross_01 v0.0.0-00010101000000-000000000000 // indirect diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/cross_01.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/cross_01.go new file mode 100644 index 00000000..ef1ae756 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/cross_01.go @@ -0,0 +1,18 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = replace包层级调用链 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/cross_01 +// evaluation information end + +package cross_01 +import "os/exec" + +func SayHello(taint_src string) { + __taint_sink("_") +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/go.mod new file mode 100644 index 00000000..2c7edc9e --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/go.mod @@ -0,0 +1,3 @@ +module cross/cross_01 + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross_directory_012_F_a/cross_directory_012_F_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross_directory_012_F_a/cross_directory_012_F_a.go new file mode 100644 index 00000000..b367fa07 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross_directory_012_F_a/cross_directory_012_F_a.go @@ -0,0 +1,23 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = replace包层级调用链 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross_directory_012_F_a/cross_directory_012_F_a +// evaluation information end + +// 这里有两个go.mod文件 cross_directory_012_F文件夹下的go.mod文件是负责"指路"(replace指令),当看到 import "cross/cross_01" 时 +// 不要去其他地方寻找 应该去本地的 ./cross/cross_01 目录找,cross_01文件夹下的go.mod文件是"亮明身份",告诉go模块 我确实是你要找的文件。 +// 执行跨模块文件时需先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F +// 再执行go run cross_directory_012_F_a/cross_directory_012_F_a.go +package main +import "cross/cross_01" + +func cross_directory_012_F_a(__taint_src string) { + cross_01.SayHello(__taint_src) +} + +func main() { + __taint_src := "taint_src_value" + cross_directory_012_F_a(__taint_src) +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/go.mod new file mode 100644 index 00000000..1158d2fa --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/go.mod @@ -0,0 +1,7 @@ +module cross_directory_012_F + +go 1.20 + +replace cross/cross_01 => ./cross/cross_01 + +require cross/cross_01 v0.0.0-00010101000000-000000000000 diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/cross_01.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/cross_01.go new file mode 100644 index 00000000..7e7f5a58 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/cross_01.go @@ -0,0 +1,18 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = replace包层级调用链 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/cross_01 +// evaluation information end + +package cross_01 +import "os/exec" + +func SayHello(taint_src string) { + __taint_sink(taint_src) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/go.mod new file mode 100644 index 00000000..35cbddd5 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/go.mod @@ -0,0 +1,3 @@ +module cross/other/cross_01 + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross_directory_013_T_a/cross_directory_013_T_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross_directory_013_T_a/cross_directory_013_T_a.go new file mode 100644 index 00000000..37afef42 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross_directory_013_T_a/cross_directory_013_T_a.go @@ -0,0 +1,23 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = replace包层级调用链 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross_directory_013_T_a/cross_directory_013_T_a +// evaluation information end + +// 这里有两个go.mod文件 cross_directory_013_T文件夹下的go.mod文件是负责"指路"(replace指令),当看到 import "cross/other/cross_01" 时 +// 不要去其他地方寻找 应该去本地的 .cross/other/cross_01 目录找,cross_01文件夹下的go.mod文件是"亮明身份",告诉go模块 我确实是你要找的文件。 +// 执行跨模块文件时需先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T +// 再执行go run cross_directory_013_T_a/cross_directory_013_T_a.go +package main +import "cross/other/cross_01" + +func cross_directory_013_T_a(__taint_src string) { + cross_01.SayHello(__taint_src) +} + +func main() { + __taint_src := "taint_src_value" + cross_directory_013_T_a(__taint_src) +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/go.mod new file mode 100644 index 00000000..80d03798 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/go.mod @@ -0,0 +1,7 @@ +module cross_directory_013_T + +go 1.20 + +replace cross/other/cross_01 => ./cross/other/cross_01 + +require cross/other/cross_01 v0.0.0-00010101000000-000000000000 // indirect diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/cross_01.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/cross_01.go new file mode 100644 index 00000000..a32fd396 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/cross_01.go @@ -0,0 +1,18 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = replace包层级调用链 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/cross_01 +// evaluation information end + +package cross_01 +import "os/exec" + +func SayHello(taint_src string) { + __taint_sink("_") +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/go.mod new file mode 100644 index 00000000..35cbddd5 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/go.mod @@ -0,0 +1,3 @@ +module cross/other/cross_01 + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross_directory_014_F_a/cross_directory_014_F_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross_directory_014_F_a/cross_directory_014_F_a.go new file mode 100644 index 00000000..0d2d958a --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross_directory_014_F_a/cross_directory_014_F_a.go @@ -0,0 +1,23 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = replace包层级调用链 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross_directory_014_F_a/cross_directory_014_F_a +// evaluation information end + +// 这里有两个go.mod文件 cross_directory_014_F文件夹下的go.mod文件是负责"指路"(replace指令),当看到 import "cross/other/cross_01" 时 +// 不要去其他地方寻找 应该去本地的 .cross/other/cross_01 目录找,cross_01文件夹下的go.mod文件是"亮明身份",告诉go模块 我确实是你要找的文件。 +// 执行跨模块文件时需先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F +// 再执行go run cross_directory_014_F_a/cross_directory_014_F_a.go +package main +import "cross/other/cross_01" + +func cross_directory_014_F_a(__taint_src string) { + cross_01.SayHello(__taint_src) +} + +func main() { + __taint_src := "taint_src_value" + cross_directory_014_F_a(__taint_src) +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/go.mod new file mode 100644 index 00000000..6bb8be51 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/go.mod @@ -0,0 +1,7 @@ +module cross_directory_014_F + +go 1.20 + +replace cross/other/cross_01 => ./cross/other/cross_01 + +require cross/other/cross_01 v0.0.0-00010101000000-000000000000 // indirect diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_directory_015_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_directory_015_T.go new file mode 100644 index 00000000..9cee3fb3 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_directory_015_T.go @@ -0,0 +1,33 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = init函数自动执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_directory_015_T +// evaluation information end + + +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross +// 再执行go run cross_directory_015_T.go + +package main + +import ( + "cross_directory_015_T/cross/cross_init" + "os/exec" +) + +// Go语言支持包中定义init函数,在这个包被首次初始化(import)时,会自动触发这个包的init函数 + +func cross_directory_015_T() { + // 看cross_init.Status是否被init处理过 + __taint_sink(cross_init.Status) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } + +func main() { + cross_directory_015_T() +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_init.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_init.go new file mode 100644 index 00000000..0a9a9b2e --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_init.go @@ -0,0 +1,15 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = init函数自动执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_init +// evaluation information end + +package cross_init + +var Status string + +func init() { + Status = "taint_src_value" +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/go.mod new file mode 100644 index 00000000..af303122 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/go.mod @@ -0,0 +1,3 @@ +module cross_directory_015_T + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_directory_016_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_directory_016_F.go new file mode 100644 index 00000000..647b6736 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_directory_016_F.go @@ -0,0 +1,31 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = init函数自动执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_directory_016_F +// evaluation information end + + +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross +// 再执行go run cross_directory_016_F.go + +package main + +import ( + "cross_directory_016_F/cross/cross_init" + "os/exec" +) + + +func cross_directory_016_F() { + __taint_sink(cross_init.Status) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } + +func main() { + cross_directory_016_F() +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_init.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_init.go new file mode 100644 index 00000000..e278acc3 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_init.go @@ -0,0 +1,16 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = init函数自动执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_init +// evaluation information end + +package cross_init + +var Status string + +func init() { + Status = "init processed" +} + diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/go.mod new file mode 100644 index 00000000..021168fc --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/go.mod @@ -0,0 +1,3 @@ +module cross_directory_016_F + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_directory_017_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_directory_017_T.go new file mode 100644 index 00000000..bd8dae04 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_directory_017_T.go @@ -0,0 +1,38 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_directory_017_T +// evaluation information end + + +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross +// 再执行go run cross_directory_017_T.go + +package main + +import ( + "cross_directory_017_T/cross/cross_init" + "os/exec" +) + +// Go语言支持同一个包中有多个init函数,这些init可以在同一个文件也可以在不同文件中。 +// init函数之间的执行是有顺序的,不同文件中则按文件排序顺序、同一文件则按init声明从上之下的顺序 +// init函数是先执行的,所有init函数执行完后才会执行自定义函数 + +func cross_directory_017_T(__taint_src string) { + cross_init.In_init_after(__taint_src) + + // 若正确处理,Status的值应该是"1234taint_src_value" + __taint_sink(cross_init.Status) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } + +func main() { + __taint_src := "taint_src_value" + cross_directory_017_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_init_01.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_init_01.go new file mode 100644 index 00000000..072d683e --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_init_01.go @@ -0,0 +1,21 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_init_01 +// evaluation information end + +package cross_init + +func init() { + Status = "1" +} + +func init() { + Status += "2" +} + +func In_init_after(taint_src string) { + Status += taint_src +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_init_02.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_init_02.go new file mode 100644 index 00000000..f398fa4d --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_init_02.go @@ -0,0 +1,20 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_init_02 +// evaluation information end + + +package cross_init + +var Status string + +func init() { + Status += "3" +} + +func init() { + Status += "4" +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/go.mod new file mode 100644 index 00000000..5242c6b6 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/go.mod @@ -0,0 +1,3 @@ +module cross_directory_017_T + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_directory_018_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_directory_018_F.go new file mode 100644 index 00000000..d7e54642 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_directory_018_F.go @@ -0,0 +1,40 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_directory_018_F +// evaluation information end + + +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross +// 再执行go run cross_directory_018_F.go + +package main + +import ( + "cross_directory_018_F/cross/cross_init" + "os/exec" + "fmt" +) + +// Go语言支持同一个包中有多个init函数,这些init可以在同一个文件也可以在不同文件中。 +// init函数之间的执行是有顺序的,不同文件中则按文件排序顺序、同一文件则按init声明从上之下的顺序 +// init函数是先执行的,所有init函数执行完后才会执行自定义函数 + +func cross_directory_018_F(__taint_src string) { + cross_init.In_init_after("abc") + + // 若正确处理,Status的值应该是"1234abc" + __taint_sink(cross_init.Status) +} + +func __taint_sink(o interface{}) { + fmt.Println("o 的值:", o) + _ = exec.Command("sh", "-c", o.(string)).Run() + } + +func main() { + __taint_src := "taint_src_value" + cross_directory_018_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_init_01.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_init_01.go new file mode 100644 index 00000000..ebd1fa84 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_init_01.go @@ -0,0 +1,21 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_init_01 +// evaluation information end + +package cross_init + +func init() { + Status = "1" +} + +func init() { + Status += "2" +} + +func In_init_after(taint_src string) { + Status += taint_src +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_init_02.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_init_02.go new file mode 100644 index 00000000..67676c1a --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_init_02.go @@ -0,0 +1,20 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_init_02 +// evaluation information end + + +package cross_init + +var Status string + +func init() { + Status += "3" +} + +func init() { + Status += "4" +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/go.mod new file mode 100644 index 00000000..894d75bf --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/go.mod @@ -0,0 +1,3 @@ +module cross_directory_018_F + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_directory_019_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_directory_019_T.go new file mode 100644 index 00000000..c3b26266 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_directory_019_T.go @@ -0,0 +1,38 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_directory_019_T +// evaluation information end + + +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross +// 再执行go run cross_directory_019_T.go + +package main + +import ( + "cross_directory_019_T/cross/cross_init" + "os/exec" + "fmt" +) + +// Go语言支持同一个包中有多个init函数,这些init可以在同一个文件也可以在不同文件中。 +// 当这个包被import时,所有包中的init函数都会被执行 + +func cross_directory_019_T(__taint_src int) { + cross_init.In_init_after(__taint_src) + + // 若正确处理,pkg.Status的值应该是20 + __taint_sink(cross_init.Status) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() + } + +func main() { + __taint_src := 10 + cross_directory_019_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_init_01.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_init_01.go new file mode 100644 index 00000000..7299b644 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_init_01.go @@ -0,0 +1,23 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_init_01 +// evaluation information end + +package cross_init + + +func init() { + Status += 1 +} + +func init() { + Status += 2 +} + + +func In_init_after(taint_src int) { + Status += taint_src +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_init_02.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_init_02.go new file mode 100644 index 00000000..02500234 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_init_02.go @@ -0,0 +1,20 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_init_02 +// evaluation information end + + +package cross_init + +var Status int = 0 + +func init() { + Status += 3 +} + +func init() { + Status += 4 +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/go.mod new file mode 100644 index 00000000..e6689719 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/go.mod @@ -0,0 +1,3 @@ +module cross_directory_019_T + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_directory_020_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_directory_020_F.go new file mode 100644 index 00000000..928788d3 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_directory_020_F.go @@ -0,0 +1,38 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_directory_020_F +// evaluation information end + + +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross +// 再执行go run cross_directory_020_F.go + +package main + +import ( + "cross_directory_020_F/cross/cross_init" + "os/exec" + "fmt" +) + +// Go语言支持同一个包中有多个init函数,这些init可以在同一个文件也可以在不同文件中。 +// 当这个包被import时,所有包中的init函数都会被执行 + +func cross_directory_020_F(__taint_src int) { + cross_init.In_init_after(0) + + // 若正确处理,pkg.Status的值应该是10 + __taint_sink(cross_init.Status) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() + } + +func main() { + __taint_src := 10 + cross_directory_020_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_init_01.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_init_01.go new file mode 100644 index 00000000..fc4a5d8c --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_init_01.go @@ -0,0 +1,23 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_init_01 +// evaluation information end + +package cross_init + + +func init() { + Status += 1 +} + +func init() { + Status += 2 +} + + +func In_init_after(taint_src int) { + Status += taint_src +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_init_02.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_init_02.go new file mode 100644 index 00000000..514443cd --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_init_02.go @@ -0,0 +1,20 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_init_02 +// evaluation information end + + +package cross_init + +var Status int = 0 + +func init() { + Status += 3 +} + +func init() { + Status += 4 +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/go.mod new file mode 100644 index 00000000..57f04550 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/go.mod @@ -0,0 +1,3 @@ +module cross_directory_020_F + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/cross/cross.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/cross/cross.go new file mode 100644 index 00000000..ed7c7653 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/cross/cross.go @@ -0,0 +1,20 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包导入区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/cross/cross +// evaluation information end + +package cross +import "os/exec" + +func SayHello(taint_src string) { + __taint_sink(taint_src) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } + + \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/go.mod new file mode 100644 index 00000000..6e69eece --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/go.mod @@ -0,0 +1,3 @@ +module cross_directory_021_T + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_a.go new file mode 100644 index 00000000..89e7017e --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_a.go @@ -0,0 +1,24 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包导入区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_a +// evaluation information end + + +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T +// 再执行go run main_dir/cross_directory_021_T_a.go + +package main +import "cross_directory_021_T/cross" + +var __taint_src = "taint_src_value" + +func init() { + cross.SayHello(__taint_src) +} + +func main() { + return +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_b.go new file mode 100644 index 00000000..aea52e21 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_b.go @@ -0,0 +1,25 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包导入区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_b +// evaluation information end + + +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T +// 再执行go run main_dir/cross_directory_021_T_b.go + + +package main +import "cross_directory_021_T/other/cross" + +var __taint_src = "taint_src_value" + +func init() { + cross.SayHello(__taint_src) +} + +func main() { + return +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/other/cross/cross.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/other/cross/cross.go new file mode 100644 index 00000000..dd2c5154 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/other/cross/cross.go @@ -0,0 +1,19 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包导入区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/other/cross/cross +// evaluation information end + + +package cross +import "os/exec" + +func SayHello(taint_src string) { + __taint_sink(taint_src) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/cross/cross.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/cross/cross.go new file mode 100644 index 00000000..388d6b04 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/cross/cross.go @@ -0,0 +1,20 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包导入区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/cross/cross +// evaluation information end + +package cross +import "os/exec" + +func SayHello(taint_src string) { + __taint_sink(taint_src) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } + + \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/go.mod new file mode 100644 index 00000000..fadb9201 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/go.mod @@ -0,0 +1,3 @@ +module cross_directory_022_F + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_a.go new file mode 100644 index 00000000..6084bd12 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_a.go @@ -0,0 +1,24 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包导入区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_a +// evaluation information end + + +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F +// 再执行go run main_dir/cross_directory_022_F_a.go + +package main +import "cross_directory_022_F/cross" + +var __taint_src = "_" + +func init() { + cross.SayHello(__taint_src) +} + +func main() { + return +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_b.go new file mode 100644 index 00000000..2975edc8 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_b.go @@ -0,0 +1,25 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包导入区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_b +// evaluation information end + + +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F +// 再执行go run main_dir/cross_directory_022_F_b.go + + +package main +import "cross_directory_022_F/other/cross" + +var __taint_src = "abc" + +func init() { + cross.SayHello(__taint_src) +} + +func main() { + return +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/other/cross/cross.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/other/cross/cross.go new file mode 100644 index 00000000..3878d3c1 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/other/cross/cross.go @@ -0,0 +1,19 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包导入区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/other/cross/cross +// evaluation information end + + +package cross +import "os/exec" + +func SayHello(taint_src string) { + __taint_sink(taint_src) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_01/cross_01.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_01/cross_01.go new file mode 100644 index 00000000..7d1cbfcc --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_01/cross_01.go @@ -0,0 +1,14 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 可见性校验 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_01/cross_01 +// evaluation information end + + +package cross_01 + +var status string = "private" + +var Status string = "taint_src_value" diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_directory_023_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_directory_023_T.go new file mode 100644 index 00000000..a6408015 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_directory_023_T.go @@ -0,0 +1,31 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 可见性校验 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_directory_023_T +// evaluation information end + +// 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T +// 再执行 go run cross/cross_directory_023_T.go +package main +import ( + "fmt" + "cross_directory_023_T/cross/cross_01" + "os/exec" +) + +// Go语言中,一个包内只有大写开头的Symbol能够被导出(对外部可见) +// 考察特性:YASA是否会错误地将小写的(非public的)Symbol错误的import过来 + +func cross_directory_023_T() { + __taint_sink(cross_01.Status) //Status大写 应该被正确import过来 +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() + } + +func main() { + cross_directory_023_T() +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/go.mod new file mode 100644 index 00000000..d97f3000 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/go.mod @@ -0,0 +1,3 @@ +module cross_directory_023_T + +go 1.20 diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_01/cross_01.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_01/cross_01.go new file mode 100644 index 00000000..ccd8f5ef --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_01/cross_01.go @@ -0,0 +1,14 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 可见性校验 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_01/cross_01 +// evaluation information end + + +package cross_01 + +var status string = "private" + +var Status string = "taint_src_value" diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_directory_024_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_directory_024_F.go new file mode 100644 index 00000000..d6696875 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_directory_024_F.go @@ -0,0 +1,33 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 可见性校验 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_directory_024_F +// evaluation information end + + +// 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F +// 再执行 go run cross/cross_directory_024_F.go + +package main +import ( + "fmt" + "cross_directory_024_F/cross/cross_01" + "os/exec" +) + +// Go语言中,一个包内只有大写开头的Symbol能够被导出(对外部可见) +// 考察特性:YASA是否会错误地将小写的(非public的)Symbol错误的import过来 + +func cross_directory_024_F() { + __taint_sink(cross_01.status) //status小写 若正确处理,无法获取到cross_01.status +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() + } + +func main() { + cross_directory_024_F() +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/go.mod new file mode 100644 index 00000000..501fc33c --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/go.mod @@ -0,0 +1,3 @@ +module cross_directory_024_F + +go 1.20 diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_01/pkg.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_01/pkg.go new file mode 100644 index 00000000..ec0d6ff2 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_01/pkg.go @@ -0,0 +1,23 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 导入路径与包名解耦 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_01/pkg +// evaluation information end + + +package pkg + +var status string + +type Person struct { + Name string + Age int +} + +func (p Person) Swimming(taint_src string) string { + status = taint_src + return status +} + diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_directory_025_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_directory_025_T.go new file mode 100644 index 00000000..0efc1354 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_directory_025_T.go @@ -0,0 +1,32 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 导入路径与包名解耦 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_directory_025_T +// evaluation information end + +// 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T +// 再执行 go run cross/cross_directory_025_T.go +package main +import ( + "fmt" + "cross_directory_025_T/cross/cross_01" + "os/exec" +) + +// Go语言中,import路径从第二项开始的每项一定是目录名,包括最后一项(并非包名)。 +// 然而,导入后,使用的符号值是包名。比如这边,import cross_01,使用的却是pkg + +func cross_directory_025_T(__taint_src string) { + __taint_sink(pkg.Person{}.Swimming(__taint_src)) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() + } + +func main() { + __taint_src := "taint_src_value" + cross_directory_025_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/go.mod new file mode 100644 index 00000000..e34eb465 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/go.mod @@ -0,0 +1,3 @@ +module cross_directory_026_F + +go 1.20 diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_01/pkg.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_01/pkg.go new file mode 100644 index 00000000..2b6ef6a6 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_01/pkg.go @@ -0,0 +1,23 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 导入路径与包名解耦 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_01/pkg +// evaluation information end + + +package pkg + +var status string + +type Person struct { + Name string + Age int +} + +func (p Person) Swimming(taint_src string) string { + status = taint_src + return status +} + diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_directory_026_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_directory_026_F.go new file mode 100644 index 00000000..45f76968 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_directory_026_F.go @@ -0,0 +1,32 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 导入路径与包名解耦 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_directory_026_F +// evaluation information end + +// 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F +// 再执行 go run cross/cross_directory_026_F.go +package main +import ( + "fmt" + "cross_directory_026_F/cross/cross_01" + "os/exec" +) + +// Go语言中,import路径从第二项开始的每项一定是目录名,包括最后一项(并非包名)。 +// 然而,导入后,使用的符号值是包名。比如这边,import cross_01,使用的却是pkg + +func cross_directory_026_F(__taint_src string) { + __taint_sink(pkg.Person{}.Swimming("_")) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() + } + +func main() { + __taint_src := "taint_src_value" + cross_directory_026_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/go.mod new file mode 100644 index 00000000..e34eb465 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/go.mod @@ -0,0 +1,3 @@ +module cross_directory_026_F + +go 1.20 diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_01/pkg.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_01/pkg.go new file mode 100644 index 00000000..faff8662 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_01/pkg.go @@ -0,0 +1,23 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包路径区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_01/pkg +// evaluation information end + + +package pkg +import "os/exec" + +var dir string + +func Fun(__taint_src string) { + dir = __taint_src + __taint_sink(dir) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } + diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_02/pkg.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_02/pkg.go new file mode 100644 index 00000000..93cb3b03 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_02/pkg.go @@ -0,0 +1,22 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包路径区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_02/pkg +// evaluation information end + + +package pkg +import "os/exec" + +var dir string + +func Fun(__taint_src string) { + dir = "abc" + __taint_sink(dir) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T.go new file mode 100644 index 00000000..cd0337c8 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T.go @@ -0,0 +1,27 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包路径区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T +// evaluation information end + + +// 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T +// 再执行 go run cross_directory_027_T.go + +package main +import "cross_directory_027_T/cross_01" + +// Go语言中,一个包以文件结构路径唯一标识。允许同名包。 +// 旧版YASA以包名作为key来进行包管理,导致同名包丢失。 + +// 考察特性:YASA-Go的**包管理逻辑**(this.packageManager),是否能够区分并保存同名包 +func cross_directory_027_T(__taint_src string) { + pkg.Fun(__taint_src) +} + +func main() { + __taint_src := "taint_src_value" + cross_directory_027_T(__taint_src) +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/go.mod new file mode 100644 index 00000000..40b6f045 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/go.mod @@ -0,0 +1,3 @@ +module cross_directory_027_T + +go 1.20 diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_01/pkg.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_01/pkg.go new file mode 100644 index 00000000..6918a841 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_01/pkg.go @@ -0,0 +1,23 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包路径区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_01/pkg +// evaluation information end + + +package pkg +import "os/exec" + +var dir string + +func Fun(__taint_src string) { + dir = __taint_src + __taint_sink(dir) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } + diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_02/pkg.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_02/pkg.go new file mode 100644 index 00000000..ec8871c2 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_02/pkg.go @@ -0,0 +1,22 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包路径区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_02/pkg +// evaluation information end + + +package pkg +import "os/exec" + +var dir string + +func Fun(__taint_src string) { + dir = "abc" + __taint_sink(dir) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F.go new file mode 100644 index 00000000..94464552 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F.go @@ -0,0 +1,27 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 同名包路径区分 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F +// evaluation information end + + +// 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F +// 再执行 go run cross_directory_028_F.go + +package main +import "cross_directory_028_F/cross_02" + +// Go语言中,一个包以文件结构路径唯一标识。允许同名包。 +// 旧版YASA以包名作为key来进行包管理,导致同名包丢失。 + +// 考察特性:YASA-Go的**包管理逻辑**(this.packageManager),是否能够区分并保存同名包 +func cross_directory_028_F(__taint_src string) { + pkg.Fun(__taint_src) +} + +func main() { + __taint_src := "taint_src_value" + cross_directory_028_F(__taint_src) +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/go.mod new file mode 100644 index 00000000..eafff194 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/go.mod @@ -0,0 +1,3 @@ +module cross_directory_028_F + +go 1.20 diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_directory_029_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_directory_029_T.go new file mode 100644 index 00000000..ecb175c9 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_directory_029_T.go @@ -0,0 +1,37 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 识别导入根目录 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_directory_029_T +// evaluation information end + + +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross +// 再执行go run cross_directory_029_T.go + +package main + +import ( + "rainy/pkg" + "os/exec" +) + +// Go语言中的import: import 项目名(代表根目录)/目录名1/目录名2/目录名3 +// 所谓的根目录 指 go.mod所在的目录 +// 考察特性:是否支持识别go项目的根目录,从根目录开始解析并找到import语句 + + +func cross_directory_029_T(__taint_src string) { + value := pkg.Person{}.Skiing(__taint_src)// 看这些符号值能不能被解析出来 + __taint_sink(value) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } + +func main() { + __taint_src := "taint_src_value" + cross_directory_029_T(__taint_src) +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/go.mod new file mode 100644 index 00000000..c88bf90c --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/go.mod @@ -0,0 +1,3 @@ +module rainy + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/pkg/pkg.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/pkg/pkg.go new file mode 100644 index 00000000..e045d59c --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/pkg/pkg.go @@ -0,0 +1,18 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 识别导入根目录 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/pkg/pkg +// evaluation information end + +package pkg + +type Person struct { + Name string + Age int +} + +func (p Person) Skiing(__taint_src string) string{ + return __taint_src +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_directory_030_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_directory_030_F.go new file mode 100644 index 00000000..d38927ac --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_directory_030_F.go @@ -0,0 +1,37 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 识别导入根目录 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_directory_030_F +// evaluation information end + + +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross +// 再执行go run cross_directory_030_F.go + +package main + +import ( + "rainy/pkg" + "os/exec" +) + +// Go语言中的import: import 项目名(代表根目录)/目录名1/目录名2/目录名3 +// 所谓的根目录 指 go.mod所在的目录 +// 考察特性:是否支持识别go项目的根目录,从根目录开始解析并找到import语句 + + +func cross_directory_030_F(__taint_src string) { + value := pkg.Person{}.Skiing("_")// 看这些符号值能不能被解析出来 + __taint_sink(value) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } + +func main() { + __taint_src := "taint_src_value" + cross_directory_030_F(__taint_src) +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/go.mod new file mode 100644 index 00000000..c88bf90c --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/go.mod @@ -0,0 +1,3 @@ +module rainy + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/pkg/pkg.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/pkg/pkg.go new file mode 100644 index 00000000..529a3242 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/pkg/pkg.go @@ -0,0 +1,18 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 识别导入根目录 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/pkg/pkg +// evaluation information end + +package pkg + +type Person struct { + Name string + Age int +} + +func (p Person) Skiing(__taint_src string) string{ + return __taint_src +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/config.json b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/config.json index 95611ba3..718396d0 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/config.json +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/config.json @@ -13,6 +13,10 @@ { "compose": "(cross_module_003_T/cross_module_003_T_a/cross_module_003_T_a.go || cross_module_003_T/cross_module_003_T_b/cross_module_003_T_b.go) && !(cross_module_004_F/cross_module_004_F_a/cross_module_004_F_a.go || cross_module_004_F/cross_module_004_F_b/cross_module_004_F_b.go)", "scene": "跨module-别名" + }, + { + "compose": "(cross_module_005_T/cross_module_005_T_a/main.go || cross_module_005_T/cross_module_005_T_b/main.go) && !(cross_module_006_F/cross_module_006_F_a/main.go || cross_module_006_F/cross_module_006_F_b/main.go)", + "scene": "多Main包模块化管理" } ] } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/main.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/main.go new file mode 100644 index 00000000..f433d0e1 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/main.go @@ -0,0 +1,32 @@ + +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 +// scene introduction = 多Main包模块化管理 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/main +// evaluation information end + + +// 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T +// 在执行 go run ./cross_module_005_T_a +package main +import "os/exec" + +// Go语言中,允许多个main包和main函数(只要不在同一个目录) +// 考察特性:YASA是否能否对多个main包和main函数的情况正确包管理和找到main函数 + +func cross_module_005_T_a(__taint_src string) { + __taint_sink(__taint_src) +} + + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } + + +func main() { + __taint_src := "taint_src_value_main1" + cross_module_005_T_a(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/main.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/main.go new file mode 100644 index 00000000..17ed5ca1 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/main.go @@ -0,0 +1,31 @@ + +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 +// scene introduction = 多Main包模块化管理 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/main +// evaluation information end + +// 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T +// 在执行 go run ./cross_module_005_T_b +package main +import "os/exec" + +// Go语言中,允许多个main包和main函数(只要不在同一个目录) +// 考察特性:YASA是否能否对多个main包和main函数的情况正确包管理和找到main函数 + +func cross_module_005_T_b(__taint_src string) { + __taint_sink(__taint_src) +} + + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } + + +func main() { + __taint_src := "taint_src_value_main2" + cross_module_005_T_b(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/go.mod new file mode 100644 index 00000000..7934c85a --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/go.mod @@ -0,0 +1,3 @@ +module cross_module_005_T + +go 1.14 diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/main.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/main.go new file mode 100644 index 00000000..c615ed9b --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/main.go @@ -0,0 +1,34 @@ + +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 +// scene introduction = 多Main包模块化管理 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/main +// evaluation information end + + +// 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F +// 在执行 go run ./cross_module_006_F_a +package main +import "os/exec" + +// Go语言中,允许多个main包和main函数(只要不在同一个目录) +// 考察特性:YASA是否能否对多个main包和main函数的情况正确包管理和找到main函数 + +func cross_module_006_F_a(__taint_src string) { + __taint_sink("this is main1") +} + + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } + + +func main() { + __taint_src := "taint_src_value_main1" + cross_module_006_F_a(__taint_src) +} + + diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/main.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/main.go new file mode 100644 index 00000000..fb30b34d --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/main.go @@ -0,0 +1,31 @@ + +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 +// scene introduction = 多Main包模块化管理 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/main +// evaluation information end + +// 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F +// 在执行 go run ./cross_module_006_F_b +package main +import "os/exec" + +// Go语言中,允许多个main包和main函数(只要不在同一个目录) +// 考察特性:YASA是否能否对多个main包和main函数的情况正确包管理和找到main函数 + +func cross_module_006_F_b(__taint_src string) { + __taint_sink("this is main2") +} + + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } + + +func main() { + __taint_src := "taint_src_value_main2" + cross_module_006_F_b(__taint_src) +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/go.mod new file mode 100644 index 00000000..e21c91bd --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/go.mod @@ -0,0 +1,3 @@ +module cross_module_006_F + +go 1.14 diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_001_T/if_return_nil_001_T.go b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_001_T/if_return_nil_001_T.go index dd00b2a2..88d20fb6 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_001_T/if_return_nil_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_001_T/if_return_nil_001_T.go @@ -18,7 +18,7 @@ type S struct { id int } -func Func1(__taint_src string) (*S, string) { +func Func1(__taint_src string) (*S) { s1 := &S{ name: __taint_src, id: 98, @@ -26,14 +26,14 @@ func Func1(__taint_src string) (*S, string) { err := "nil" if err != "nil" { - return nil, err + return nil } - return s1, "abc" + return s1 } func if_return_nil_001_T(__taint_src string) { - res, _ := Func1(__taint_src) + res := Func1(__taint_src) __taint_sink(res) } diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_002_F/if_return_nil_002_F.go b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_002_F/if_return_nil_002_F.go index b6729530..31919a39 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_002_F/if_return_nil_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_002_F/if_return_nil_002_F.go @@ -12,28 +12,29 @@ import ( "os/exec" ) +// 旧版中,对nil没有进行处理限制,允许将nil值转换成返回值类型(S),且允许对nil进行memberAccess读取 type S struct { name string id int } -func Func1(__taint_src string) (*S, string) { +func Func1(__taint_src string) (*S) { s1 := &S{ name: __taint_src, id: 98, } - err := "abc" + err := "error" if err != "nil" { - return nil, err + return nil } - return s1, "abc" + return s1 } func if_return_nil_002_F(__taint_src string) { - res, _ := Func1(__taint_src) + res := Func1(__taint_src) __taint_sink(res) } diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_tuple_001_T/if_return_tuple_001_T.go b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_tuple_001_T/if_return_tuple_001_T.go index f7da7dd2..1652393e 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_tuple_001_T/if_return_tuple_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_tuple_001_T/if_return_tuple_001_T.go @@ -19,6 +19,8 @@ func callee(taint string) (string, string) { func if_return_tuple_001_T(__taint_src string) { a,b := callee(__taint_src) _ = a + // 老版本对于tuple的decl逻辑混乱,结果:a中只有"a",b中只有"b" + // 根本原因是ProcessVariableDecl语句时,if判断的优先级有误 __taint_sink(b) } diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_001_F/multiple_return_struct_001_F.go b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_001_F/multiple_return_struct_001_F.go index 7e28d99d..254a7f31 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_001_F/multiple_return_struct_001_F.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_001_F/multiple_return_struct_001_F.go @@ -11,24 +11,25 @@ package main import ( "fmt" "os/exec" + "database/sql" ) type Request struct { Name string - prop string + prop sql.DB } func multiple_return_struct_001_F(__taint_src string) { req := Request{} - a := "_" - req.prop, _ = processData(__taint_src, a) + req.prop, _ = processData(__taint_src, "_") __taint_sink(req) } -func processData(s string, i interface{}) (string, interface{}) { - return "abc", i +func processData(s string, i string) (sql.DB, string) { + var db sql.DB + return db , i } func __taint_sink(o interface{}) { diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_002_T/multiple_return_struct_002_T.go b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_002_T/multiple_return_struct_002_T.go index f49e93a3..f88c189b 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_002_T/multiple_return_struct_002_T.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_002_T/multiple_return_struct_002_T.go @@ -11,24 +11,25 @@ package main import ( "fmt" "os/exec" + "database/sql" ) +// req.prop, _ = c.Cookie() uast4Go会将这句翻译成variableDecl,导致taint无法写入到req对象中 type Request struct { Name string - prop string + prop sql.DB } -func multiple_return_struct_002_T(__taint_src string) { +func multiple_return_struct_002_T(__taint_src sql.DB) { req := Request{} - a := "_" - req.prop, _ = processData(__taint_src, a) + req.prop, _ = processData(__taint_src, "_") __taint_sink(req) } -func processData(s string, i interface{}) (string, interface{}) { - return s, i +func processData(s sql.DB, i string) (sql.DB, string) { + return s , i } func __taint_sink(o interface{}) { @@ -36,6 +37,6 @@ func __taint_sink(o interface{}) { } func main() { - __taint_src := "taint_src_value" + var __taint_src sql.DB multiple_return_struct_002_T(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_004_T/named_return_004_T.go b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_004_T/named_return_004_T.go index 7a7b8b93..56de69c5 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_004_T/named_return_004_T.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_004_T/named_return_004_T.go @@ -19,7 +19,7 @@ func named_return_004_T(__taint_src interface{}) { func processData(s interface{}, i interface{}) (ret interface{}) { ret = "_" - return s + return s // 主要区别位于这里,在具名返回值的情况下 裸返回return默认返回ret。但uast4Go在处理具名返回值时存在bug,导致此处的return s被覆盖成return ret } func __taint_sink(o interface{}) { From 6821149f69a94df2298b6fc0d466ac92c040d9b4 Mon Sep 17 00:00:00 2001 From: "mengmeng.meng" Date: Tue, 30 Sep 2025 20:10:22 +0800 Subject: [PATCH 2/8] go case update 4 --- .../cross_directory/config.json | 20 +++++++++---------- ...cross_01.go => cross_directory_011_T_b.go} | 4 ++-- .../cross_directory_011_T_a.go | 2 +- ...cross_01.go => cross_directory_012_F_b.go} | 4 ++-- .../cross_directory_012_F_a.go | 2 +- ...cross_01.go => cross_directory_013_T_b.go} | 4 ++-- .../cross_directory_013_T_a.go | 2 +- ...cross_01.go => cross_directory_014_F_b.go} | 4 ++-- .../cross_directory_014_F_a.go | 2 +- ..._init.go => cross_directory_init_015_T.go} | 2 +- .../cross/cross_directory_016_F.go | 1 - ..._init.go => cross_directory_init_016_F.go} | 2 +- .../cross/cross_directory_017_T.go | 1 - ..._01.go => cross_directory_init_017_T_a.go} | 2 +- ..._02.go => cross_directory_init_017_T_b.go} | 2 +- .../cross/cross_directory_018_F.go | 2 -- ..._01.go => cross_directory_init_018_F_a.go} | 2 +- ..._02.go => cross_directory_init_018_F_b.go} | 2 +- ..._01.go => cross_directory_init_019_T_a.go} | 2 +- ..._02.go => cross_directory_init_019_T_b.go} | 2 +- ..._01.go => cross_directory_init_020_F_a.go} | 2 +- ..._02.go => cross_directory_init_020_F_b.go} | 2 +- .../{cross.go => cross_same_name_021_T.go} | 4 ++-- .../main_dir/cross_directory_021_T_a.go | 2 +- .../main_dir/cross_directory_021_T_b.go | 2 +- .../{cross.go => cross_same_name_021_T.go} | 5 ++--- .../{cross.go => cross_same_name_022_F.go} | 4 ++-- .../main_dir/cross_directory_022_F_a.go | 2 +- .../main_dir/cross_directory_022_F_b.go | 2 +- .../{cross.go => cross_same_name_022_F.go} | 4 ++-- ...cross_01.go => cross_directory_023_T_a.go} | 2 +- ...cross_01.go => cross_directory_024_F_a.go} | 2 +- .../{pkg.go => cross_directory_025_T_a.go} | 4 ++-- .../cross/cross_directory_025_T.go | 4 ++-- .../cross_directory_025_T/go.mod | 2 +- .../{pkg.go => cross_directory_026_F_a.go} | 4 ++-- .../cross/cross_directory_026_F.go | 2 +- .../{pkg.go => cross_same_name_027_T.go} | 4 ++-- .../{pkg.go => cross_same_name_027_T.go} | 4 ++-- .../cross_directory_027_T.go | 2 +- .../{pkg.go => cross_same_name_028_F.go} | 4 ++-- .../{pkg.go => cross_same_name_028_F.go} | 5 ++--- .../cross_directory_028_F.go | 2 +- .../cross_directory_029_T_a.go} | 4 ++-- .../cross/cross_directory_029_T.go | 5 ++--- .../cross_directory_030_F_a.go} | 4 ++-- .../cross/cross_directory_030_F.go | 5 ++--- .../cross_module/config.json | 2 +- .../{main.go => cross_module_005_T.go} | 3 +-- .../{main.go => cross_module_005_T.go} | 2 +- .../{main.go => cross_module_006_F.go} | 3 +-- .../{main.go => cross_module_006_F.go} | 3 +-- 52 files changed, 77 insertions(+), 88 deletions(-) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/{cross_01.go => cross_directory_011_T_b.go} (90%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/{cross_01.go => cross_directory_012_F_b.go} (90%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/{cross_01.go => cross_directory_013_T_b.go} (89%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/{cross_01.go => cross_directory_014_F_b.go} (89%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/{cross_init.go => cross_directory_init_015_T.go} (93%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/{cross_init.go => cross_directory_init_016_F.go} (93%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/{cross_init_01.go => cross_directory_init_017_T_a.go} (94%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/{cross_init_02.go => cross_directory_init_017_T_b.go} (93%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/{cross_init_01.go => cross_directory_init_018_F_a.go} (94%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/{cross_init_02.go => cross_directory_init_018_F_b.go} (93%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/{cross_init_01.go => cross_directory_init_019_T_a.go} (94%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/{cross_init_02.go => cross_directory_init_019_T_b.go} (93%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/{cross_init_01.go => cross_directory_init_020_F_a.go} (94%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/{cross_init_02.go => cross_directory_init_020_F_b.go} (93%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/cross/{cross.go => cross_same_name_021_T.go} (81%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/other/cross/{cross.go => cross_same_name_021_T.go} (91%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/cross/{cross.go => cross_same_name_022_F.go} (81%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/other/cross/{cross.go => cross_same_name_022_F.go} (91%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_01/{cross_01.go => cross_directory_023_T_a.go} (94%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_01/{cross_01.go => cross_directory_024_F_a.go} (94%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_01/{pkg.go => cross_directory_025_T_a.go} (90%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_01/{pkg.go => cross_directory_026_F_a.go} (90%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_01/{pkg.go => cross_same_name_027_T.go} (81%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_02/{pkg.go => cross_same_name_027_T.go} (81%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_01/{pkg.go => cross_same_name_028_F.go} (81%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_02/{pkg.go => cross_same_name_028_F.go} (81%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/{pkg/pkg.go => cross_01/cross_directory_029_T_a.go} (77%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/{pkg/pkg.go => cross_01/cross_directory_030_F_a.go} (77%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/{main.go => cross_module_005_T.go} (98%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/{main.go => cross_module_005_T.go} (98%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/{main.go => cross_module_006_F.go} (98%) rename sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/{main.go => cross_module_006_F.go} (98%) diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/config.json b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/config.json index fe5011e6..a3fd6923 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/config.json +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/config.json @@ -27,43 +27,43 @@ "scene": "跨package5" }, { - "compose": "(cross_directory_011_T/cross/cross_01/cross_01.go || cross_directory_011_T/cross_directory_011_T_a/cross_directory_011_T_a.go) && !(cross_directory_012_F/cross/cross_01/cross_01.go || cross_directory_012_F/cross_directory_012_F_a/cross_directory_012_F_a.go)", + "compose": "(cross_directory_011_T/cross/cross_01/cross_directory_011_T_b.go || cross_directory_011_T/cross_directory_011_T_a/cross_directory_011_T_a.go) && !(cross_directory_012_F/cross/cross_01/cross_directory_012_F_b.go || cross_directory_012_F/cross_directory_012_F_a/cross_directory_012_F_a.go)", "scene": "replace包层级调用链1" }, { - "compose": "(cross_directory_013_T/cross/other/cross_01/cross_01.go || cross_directory_013_T/cross_directory_013_T_a/cross_directory_013_T_a.go) && !(cross_directory_014_F/cross/other/cross_01/cross_01.go || cross_directory_014_F/cross_directory_014_F_a/cross_directory_014_F_a.go)", + "compose": "(cross_directory_013_T/cross/other/cross_01/cross_directory_013_T_b.go || cross_directory_013_T/cross_directory_013_T_a/cross_directory_013_T_a.go) && !(cross_directory_014_F/cross/other/cross_01/cross_directory_014_F_b.go || cross_directory_014_F/cross_directory_014_F_a/cross_directory_014_F_a.go)", "scene": "replace包层级调用链2" }, { - "compose": "(cross_directory_015_T/cross/cross_init/cross_init.go || cross_directory_015_T/cross/cross_directory_015_T.go) && !(cross_directory_016_F/cross/cross_init/cross_init.go || cross_directory_016_F/cross/cross_directory_016_F.go)", + "compose": "(cross_directory_015_T/cross/cross_init/cross_directory_init_015_T.go || cross_directory_015_T/cross/cross_directory_015_T.go) && !(cross_directory_016_F/cross/cross_init/cross_directory_init_016_F.go || cross_directory_016_F/cross/cross_directory_016_F.go)", "scene": "init函数自动执行" }, { - "compose": "(cross_directory_017_T/cross/cross_init/cross_init_01.go || cross_directory_017_T/cross/cross_init/cross_init_02.go || cross_directory_017_T/cross/cross_directory_017_T.go) && !(cross_directory_018_F/cross/cross_init/cross_init_01.go || cross_directory_018_F/cross/cross_init/cross_init_02.go || cross_directory_018_F/cross/cross_directory_018_F.go)", + "compose": "(cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_a.go || cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_b.go || cross_directory_017_T/cross/cross_directory_017_T.go) && !(cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_a.go || cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_b.go || cross_directory_018_F/cross/cross_directory_018_F.go)", "scene": "多init函数顺序执行1" }, { - "compose": "(cross_directory_019_T/cross/cross_init/cross_init_01.go || cross_directory_019_T/cross/cross_init/cross_init_02.go || cross_directory_019_T/cross/cross_directory_019_T.go) && !(cross_directory_020_F/cross/cross_init/cross_init_01.go || cross_directory_020_F/cross/cross_init/cross_init_02.go || cross_directory_020_F/cross/cross_directory_020_F.go)", + "compose": "(cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_a.go || cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_b.go || cross_directory_019_T/cross/cross_directory_019_T.go) && !(cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_a.go || cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_b.go || cross_directory_020_F/cross/cross_directory_020_F.go)", "scene": "多init函数顺序执行2" }, { - "compose": "(cross_directory_021_T/cross/cross.go || cross_directory_021_T/main_dir/cross_directory_021_T_a.go || cross_directory_021_T/main_dir/cross_directory_021_T_b.go || cross_directory_021_T/other/cross/cross.go) && !(cross_directory_022_F/cross/cross.go || cross_directory_022_F/main_dir/cross_directory_022_F_a.go || cross_directory_022_F/main_dir/cross_directory_022_F_b.go || cross_directory_022_F/other/cross/cross.go)", + "compose": "(cross_directory_021_T/cross/cross_same_name_021_T.go || cross_directory_021_T/main_dir/cross_directory_021_T_a.go || cross_directory_021_T/main_dir/cross_directory_021_T_b.go || cross_directory_021_T/other/cross/cross_same_name_021_T.go) && !(cross_directory_022_F/cross/cross_same_name_022_F.go || cross_directory_022_F/main_dir/cross_directory_022_F_a.go || cross_directory_022_F/main_dir/cross_directory_022_F_b.go || cross_directory_022_F/other/cross/cross_same_name_022_F.go)", "scene": "同名包导入区分" }, { - "compose": "(cross_directory_023_T/cross/cross_directory_023_T.go || cross_directory_023_T/cross/cross_01/cross_01.go) && !(cross_directory_024_F/cross/cross_directory_024_F.go || cross_directory_024_F/cross/cross_01/cross_01.go)", + "compose": "(cross_directory_023_T/cross/cross_directory_023_T.go || cross_directory_023_T/cross/cross_01/cross_directory_023_T_a.go) && !(cross_directory_024_F/cross/cross_directory_024_F.go || cross_directory_024_F/cross/cross_01/cross_directory_024_F_a.go)", "scene": "可见性校验" }, { - "compose": "(cross_directory_025_T/cross/cross_01/pkg.go || cross_directory_025_T/cross/cross_directory_025_T.go) && !(cross_directory_026_F/cross/cross_01/pkg.go || cross_directory_026_F/cross/cross_directory_026_F.go)", + "compose": "(cross_directory_025_T/cross/cross_01/cross_directory_025_T_a.go || cross_directory_025_T/cross/cross_directory_025_T.go) && !(cross_directory_026_F/cross/cross_01/cross_directory_026_F_a.go || cross_directory_026_F/cross/cross_directory_026_F.go)", "scene": "导入路径与包名解耦" }, { - "compose": "(cross_directory_027_T/cross_01/pkg.go || cross_directory_027_T/cross_02/pkg.go || cross_directory_027_T/cross_directory_027_T.go) && !(cross_directory_028_F/cross_01/pkg.go || cross_directory_028_F/cross_02/pkg.go || cross_directory_028_F/cross_directory_028_F.go)", + "compose": "(cross_directory_027_T/cross_01/cross_same_name_027_T.go || cross_directory_027_T/cross_02/cross_same_name_027_T.go || cross_directory_027_T/cross_directory_027_T.go) && !(cross_directory_028_F/cross_01/cross_same_name_028_F.go || cross_directory_028_F/cross_02/cross_same_name_028_F.go || cross_directory_028_F/cross_directory_028_F.go)", "scene": "同名包路径区分" }, { - "compose": "(cross_directory_029_T/cross/pkg/pkg.go || cross_directory_029_T/cross/cross_directory_029_T.go) && !(cross_directory_030_F/cross/pkg/pkg.go || cross_directory_030_F/cross/cross_directory_030_F.go)", + "compose": "(cross_directory_029_T/cross/cross_01/cross_directory_029_T_a.go || cross_directory_029_T/cross/cross_directory_029_T.go) && !(cross_directory_030_F/cross/cross_01/cross_directory_030_F_a.go || cross_directory_030_F/cross/cross_directory_030_F.go)", "scene": "识别导入根目录" } ] diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/cross_01.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/cross_directory_011_T_b.go similarity index 90% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/cross_01.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/cross_directory_011_T_b.go index b455ccf6..cf7daea6 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/cross_01.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/cross_directory_011_T_b.go @@ -3,10 +3,10 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = replace包层级调用链 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/cross_01 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross/cross_01/cross_directory_011_T_b // evaluation information end -package cross_01 +package cross_directory_011_T_b import "os/exec" func SayHello(taint_src string) { diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross_directory_011_T_a/cross_directory_011_T_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross_directory_011_T_a/cross_directory_011_T_a.go index 45d4f8fc..b39f0ded 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross_directory_011_T_a/cross_directory_011_T_a.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_011_T/cross_directory_011_T_a/cross_directory_011_T_a.go @@ -14,7 +14,7 @@ package main import "cross/cross_01" func cross_directory_011_T_a(__taint_src string) { - cross_01.SayHello(__taint_src) + cross_directory_011_T_b.SayHello(__taint_src) } func main() { diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/cross_01.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/cross_directory_012_F_b.go similarity index 90% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/cross_01.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/cross_directory_012_F_b.go index ef1ae756..4dfdba1c 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/cross_01.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/cross_directory_012_F_b.go @@ -3,10 +3,10 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = replace包层级调用链 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/cross_01 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross/cross_01/cross_directory_012_F_b // evaluation information end -package cross_01 +package cross_directory_012_F_b import "os/exec" func SayHello(taint_src string) { diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross_directory_012_F_a/cross_directory_012_F_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross_directory_012_F_a/cross_directory_012_F_a.go index b367fa07..c3e493ea 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross_directory_012_F_a/cross_directory_012_F_a.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_012_F/cross_directory_012_F_a/cross_directory_012_F_a.go @@ -14,7 +14,7 @@ package main import "cross/cross_01" func cross_directory_012_F_a(__taint_src string) { - cross_01.SayHello(__taint_src) + cross_directory_012_F_b.SayHello(__taint_src) } func main() { diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/cross_01.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/cross_directory_013_T_b.go similarity index 89% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/cross_01.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/cross_directory_013_T_b.go index 7e7f5a58..8e708924 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/cross_01.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/cross_directory_013_T_b.go @@ -3,10 +3,10 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = replace包层级调用链 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/cross_01 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross/other/cross_01/cross_directory_013_T_b // evaluation information end -package cross_01 +package cross_directory_013_T_b import "os/exec" func SayHello(taint_src string) { diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross_directory_013_T_a/cross_directory_013_T_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross_directory_013_T_a/cross_directory_013_T_a.go index 37afef42..56b2b1d8 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross_directory_013_T_a/cross_directory_013_T_a.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_013_T/cross_directory_013_T_a/cross_directory_013_T_a.go @@ -14,7 +14,7 @@ package main import "cross/other/cross_01" func cross_directory_013_T_a(__taint_src string) { - cross_01.SayHello(__taint_src) + cross_directory_013_T_b.SayHello(__taint_src) } func main() { diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/cross_01.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/cross_directory_014_F_b.go similarity index 89% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/cross_01.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/cross_directory_014_F_b.go index a32fd396..f6820707 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/cross_01.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/cross_directory_014_F_b.go @@ -3,10 +3,10 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = replace包层级调用链 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/cross_01 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross/other/cross_01/cross_directory_014_F_b // evaluation information end -package cross_01 +package cross_directory_014_F_b import "os/exec" func SayHello(taint_src string) { diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross_directory_014_F_a/cross_directory_014_F_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross_directory_014_F_a/cross_directory_014_F_a.go index 0d2d958a..bc2831d0 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross_directory_014_F_a/cross_directory_014_F_a.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_014_F/cross_directory_014_F_a/cross_directory_014_F_a.go @@ -14,7 +14,7 @@ package main import "cross/other/cross_01" func cross_directory_014_F_a(__taint_src string) { - cross_01.SayHello(__taint_src) + cross_directory_014_F_b.SayHello(__taint_src) } func main() { diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_init.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_init_015_T.go similarity index 93% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_init.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_init_015_T.go index 0a9a9b2e..bf03d380 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_init.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_init_015_T.go @@ -3,7 +3,7 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = init函数自动执行 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_init +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_init_015_T // evaluation information end package cross_init diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_directory_016_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_directory_016_F.go index 647b6736..e9a8db5c 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_directory_016_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_directory_016_F.go @@ -17,7 +17,6 @@ import ( "os/exec" ) - func cross_directory_016_F() { __taint_sink(cross_init.Status) } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_init.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_init_016_F.go similarity index 93% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_init.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_init_016_F.go index e278acc3..eaa2c78b 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_init.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_init_016_F.go @@ -3,7 +3,7 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = init函数自动执行 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_init +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_init_016_F // evaluation information end package cross_init diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_directory_017_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_directory_017_T.go index bd8dae04..6bc80bc8 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_directory_017_T.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_directory_017_T.go @@ -16,7 +16,6 @@ import ( "cross_directory_017_T/cross/cross_init" "os/exec" ) - // Go语言支持同一个包中有多个init函数,这些init可以在同一个文件也可以在不同文件中。 // init函数之间的执行是有顺序的,不同文件中则按文件排序顺序、同一文件则按init声明从上之下的顺序 // init函数是先执行的,所有init函数执行完后才会执行自定义函数 diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_init_01.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_a.go similarity index 94% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_init_01.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_a.go index 072d683e..0fe1b61b 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_init_01.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_a.go @@ -3,7 +3,7 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 多init函数顺序执行 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_init_01 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_a // evaluation information end package cross_init diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_init_02.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_b.go similarity index 93% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_init_02.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_b.go index f398fa4d..ddb482df 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_init_02.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_b.go @@ -3,7 +3,7 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 多init函数顺序执行 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_init_02 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_b // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_directory_018_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_directory_018_F.go index d7e54642..b5df0404 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_directory_018_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_directory_018_F.go @@ -15,7 +15,6 @@ package main import ( "cross_directory_018_F/cross/cross_init" "os/exec" - "fmt" ) // Go语言支持同一个包中有多个init函数,这些init可以在同一个文件也可以在不同文件中。 @@ -30,7 +29,6 @@ func cross_directory_018_F(__taint_src string) { } func __taint_sink(o interface{}) { - fmt.Println("o 的值:", o) _ = exec.Command("sh", "-c", o.(string)).Run() } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_init_01.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_a.go similarity index 94% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_init_01.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_a.go index ebd1fa84..31f1e6dc 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_init_01.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_a.go @@ -3,7 +3,7 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 多init函数顺序执行 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_init_01 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_a // evaluation information end package cross_init diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_init_02.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_b.go similarity index 93% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_init_02.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_b.go index 67676c1a..65925e45 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_init_02.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_b.go @@ -3,7 +3,7 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 多init函数顺序执行 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_init_02 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_b // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_init_01.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_a.go similarity index 94% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_init_01.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_a.go index 7299b644..9af94950 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_init_01.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_a.go @@ -3,7 +3,7 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 多init函数顺序执行 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_init_01 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_a // evaluation information end package cross_init diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_init_02.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_b.go similarity index 93% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_init_02.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_b.go index 02500234..3f659e0c 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_init_02.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_b.go @@ -3,7 +3,7 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 多init函数顺序执行 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_init_02 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_b // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_init_01.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_a.go similarity index 94% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_init_01.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_a.go index fc4a5d8c..3075f559 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_init_01.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_a.go @@ -3,7 +3,7 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 多init函数顺序执行 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_init_01 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_a // evaluation information end package cross_init diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_init_02.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_b.go similarity index 93% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_init_02.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_b.go index 514443cd..6e2287f9 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_init_02.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_b.go @@ -3,7 +3,7 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 多init函数顺序执行 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_init_02 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_b // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/cross/cross.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/cross/cross_same_name_021_T.go similarity index 81% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/cross/cross.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/cross/cross_same_name_021_T.go index ed7c7653..e85ff593 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/cross/cross.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/cross/cross_same_name_021_T.go @@ -3,10 +3,10 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 同名包导入区分 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/cross/cross +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/cross/cross_same_name_021_T // evaluation information end -package cross +package cross_same_name_021_T import "os/exec" func SayHello(taint_src string) { diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_a.go index 89e7017e..00dbc022 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_a.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_a.go @@ -16,7 +16,7 @@ import "cross_directory_021_T/cross" var __taint_src = "taint_src_value" func init() { - cross.SayHello(__taint_src) + cross_same_name_021_T.SayHello(__taint_src) } func main() { diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_b.go index aea52e21..22301eb1 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_b.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/main_dir/cross_directory_021_T_b.go @@ -17,7 +17,7 @@ import "cross_directory_021_T/other/cross" var __taint_src = "taint_src_value" func init() { - cross.SayHello(__taint_src) + cross_same_name_021_T.SayHello(__taint_src) } func main() { diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/other/cross/cross.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/other/cross/cross_same_name_021_T.go similarity index 91% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/other/cross/cross.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/other/cross/cross_same_name_021_T.go index dd2c5154..a861ccef 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/other/cross/cross.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/other/cross/cross_same_name_021_T.go @@ -3,13 +3,12 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 同名包导入区分 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/other/cross/cross +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_021_T/other/cross/cross_same_name_021_T // evaluation information end -package cross +package cross_same_name_021_T import "os/exec" - func SayHello(taint_src string) { __taint_sink(taint_src) } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/cross/cross.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/cross/cross_same_name_022_F.go similarity index 81% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/cross/cross.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/cross/cross_same_name_022_F.go index 388d6b04..18c85d90 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/cross/cross.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/cross/cross_same_name_022_F.go @@ -3,10 +3,10 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 同名包导入区分 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/cross/cross +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/cross/cross_same_name_022_F // evaluation information end -package cross +package cross_same_name_022_F import "os/exec" func SayHello(taint_src string) { diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_a.go index 6084bd12..b948b04a 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_a.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_a.go @@ -16,7 +16,7 @@ import "cross_directory_022_F/cross" var __taint_src = "_" func init() { - cross.SayHello(__taint_src) + cross_same_name_022_F.SayHello(__taint_src) } func main() { diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_b.go index 2975edc8..bb0eecaf 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_b.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/main_dir/cross_directory_022_F_b.go @@ -17,7 +17,7 @@ import "cross_directory_022_F/other/cross" var __taint_src = "abc" func init() { - cross.SayHello(__taint_src) + cross_same_name_022_F.SayHello(__taint_src) } func main() { diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/other/cross/cross.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/other/cross/cross_same_name_022_F.go similarity index 91% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/other/cross/cross.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/other/cross/cross_same_name_022_F.go index 3878d3c1..79b1c443 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/other/cross/cross.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/other/cross/cross_same_name_022_F.go @@ -3,11 +3,11 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 同名包导入区分 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/other/cross/cross +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_022_F/other/cross/cross_same_name_022_F // evaluation information end -package cross +package cross_same_name_022_F import "os/exec" func SayHello(taint_src string) { diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_01/cross_01.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_01/cross_directory_023_T_a.go similarity index 94% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_01/cross_01.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_01/cross_directory_023_T_a.go index 7d1cbfcc..b90bb7da 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_01/cross_01.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_01/cross_directory_023_T_a.go @@ -3,7 +3,7 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 可见性校验 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_01/cross_01 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_01/cross_directory_023_T_a // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_01/cross_01.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_01/cross_directory_024_F_a.go similarity index 94% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_01/cross_01.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_01/cross_directory_024_F_a.go index ccd8f5ef..e0de314f 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_01/cross_01.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_01/cross_directory_024_F_a.go @@ -3,7 +3,7 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 可见性校验 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_01/cross_01 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_01/cross_directory_024_F_a // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_01/pkg.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_01/cross_directory_025_T_a.go similarity index 90% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_01/pkg.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_01/cross_directory_025_T_a.go index ec0d6ff2..49240120 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_01/pkg.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_01/cross_directory_025_T_a.go @@ -3,11 +3,11 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 导入路径与包名解耦 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_01/pkg +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_01/cross_directory_025_T_a // evaluation information end -package pkg +package cross_directory_025_T_a var status string diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_directory_025_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_directory_025_T.go index 0efc1354..3d216b90 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_directory_025_T.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/cross/cross_directory_025_T.go @@ -16,10 +16,10 @@ import ( ) // Go语言中,import路径从第二项开始的每项一定是目录名,包括最后一项(并非包名)。 -// 然而,导入后,使用的符号值是包名。比如这边,import cross_01,使用的却是pkg +// 然而,导入后,使用的符号值是包名。比如这边,import cross_01,使用的却是cross_directory_025_T_a func cross_directory_025_T(__taint_src string) { - __taint_sink(pkg.Person{}.Swimming(__taint_src)) + __taint_sink(cross_directory_025_T_a.Person{}.Swimming(__taint_src)) } func __taint_sink(o interface{}) { diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/go.mod index e34eb465..23b5d919 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/go.mod +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_025_T/go.mod @@ -1,3 +1,3 @@ -module cross_directory_026_F +module cross_directory_025_T go 1.20 diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_01/pkg.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_01/cross_directory_026_F_a.go similarity index 90% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_01/pkg.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_01/cross_directory_026_F_a.go index 2b6ef6a6..6837a63a 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_01/pkg.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_01/cross_directory_026_F_a.go @@ -3,11 +3,11 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 导入路径与包名解耦 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_01/pkg +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_01/cross_directory_026_F_a // evaluation information end -package pkg +package cross_directory_026_F_a var status string diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_directory_026_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_directory_026_F.go index 45f76968..203557cd 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_directory_026_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_026_F/cross/cross_directory_026_F.go @@ -19,7 +19,7 @@ import ( // 然而,导入后,使用的符号值是包名。比如这边,import cross_01,使用的却是pkg func cross_directory_026_F(__taint_src string) { - __taint_sink(pkg.Person{}.Swimming("_")) + __taint_sink(cross_directory_026_F_a.Person{}.Swimming("_")) } func __taint_sink(o interface{}) { diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_01/pkg.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_01/cross_same_name_027_T.go similarity index 81% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_01/pkg.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_01/cross_same_name_027_T.go index faff8662..c027d647 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_01/pkg.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_01/cross_same_name_027_T.go @@ -3,11 +3,11 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 同名包路径区分 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_01/pkg +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_01/cross_same_name_027_T // evaluation information end -package pkg +package cross_same_name_027_T import "os/exec" var dir string diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_02/pkg.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_02/cross_same_name_027_T.go similarity index 81% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_02/pkg.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_02/cross_same_name_027_T.go index 93cb3b03..ec4aa3c7 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_02/pkg.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_02/cross_same_name_027_T.go @@ -3,11 +3,11 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 同名包路径区分 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_02/pkg +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_02/cross_same_name_027_T // evaluation information end -package pkg +package cross_same_name_027_T import "os/exec" var dir string diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T.go index cd0337c8..98dd3859 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T.go @@ -18,7 +18,7 @@ import "cross_directory_027_T/cross_01" // 考察特性:YASA-Go的**包管理逻辑**(this.packageManager),是否能够区分并保存同名包 func cross_directory_027_T(__taint_src string) { - pkg.Fun(__taint_src) + cross_same_name_027_T.Fun(__taint_src) } func main() { diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_01/pkg.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_01/cross_same_name_028_F.go similarity index 81% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_01/pkg.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_01/cross_same_name_028_F.go index 6918a841..3b064e08 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_01/pkg.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_01/cross_same_name_028_F.go @@ -3,11 +3,11 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 同名包路径区分 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_01/pkg +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_01/cross_same_name_028_F // evaluation information end -package pkg +package cross_same_name_028_F import "os/exec" var dir string diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_02/pkg.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_02/cross_same_name_028_F.go similarity index 81% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_02/pkg.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_02/cross_same_name_028_F.go index ec8871c2..cf574b2d 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_02/pkg.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_02/cross_same_name_028_F.go @@ -3,13 +3,12 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 同名包路径区分 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_02/pkg +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_02/cross_same_name_028_F // evaluation information end -package pkg +package cross_same_name_028_F import "os/exec" - var dir string func Fun(__taint_src string) { diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F.go index 94464552..e8a5474c 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F.go @@ -18,7 +18,7 @@ import "cross_directory_028_F/cross_02" // 考察特性:YASA-Go的**包管理逻辑**(this.packageManager),是否能够区分并保存同名包 func cross_directory_028_F(__taint_src string) { - pkg.Fun(__taint_src) + cross_same_name_028_F.Fun(__taint_src) } func main() { diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/pkg/pkg.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_01/cross_directory_029_T_a.go similarity index 77% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/pkg/pkg.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_01/cross_directory_029_T_a.go index e045d59c..13aa02e0 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/pkg/pkg.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_01/cross_directory_029_T_a.go @@ -3,10 +3,10 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 识别导入根目录 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/pkg/pkg +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_01/cross_directory_029_T_a // evaluation information end -package pkg +package cross_directory_029_T_a type Person struct { Name string diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_directory_029_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_directory_029_T.go index ecb175c9..687bf49f 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_directory_029_T.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_directory_029_T.go @@ -13,17 +13,16 @@ package main import ( - "rainy/pkg" + "rainy/cross_01" "os/exec" ) - // Go语言中的import: import 项目名(代表根目录)/目录名1/目录名2/目录名3 // 所谓的根目录 指 go.mod所在的目录 // 考察特性:是否支持识别go项目的根目录,从根目录开始解析并找到import语句 func cross_directory_029_T(__taint_src string) { - value := pkg.Person{}.Skiing(__taint_src)// 看这些符号值能不能被解析出来 + value := cross_directory_029_T_a.Person{}.Skiing(__taint_src)// 看这些符号值能不能被解析出来 __taint_sink(value) } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/pkg/pkg.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_01/cross_directory_030_F_a.go similarity index 77% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/pkg/pkg.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_01/cross_directory_030_F_a.go index 529a3242..13969309 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/pkg/pkg.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_01/cross_directory_030_F_a.go @@ -3,10 +3,10 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 识别导入根目录 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/pkg/pkg +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_01/cross_directory_030_F_a // evaluation information end -package pkg +package cross_directory_030_F_a type Person struct { Name string diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_directory_030_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_directory_030_F.go index d38927ac..9a82e327 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_directory_030_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_directory_030_F.go @@ -13,17 +13,16 @@ package main import ( - "rainy/pkg" + "rainy/cross_01" "os/exec" ) - // Go语言中的import: import 项目名(代表根目录)/目录名1/目录名2/目录名3 // 所谓的根目录 指 go.mod所在的目录 // 考察特性:是否支持识别go项目的根目录,从根目录开始解析并找到import语句 func cross_directory_030_F(__taint_src string) { - value := pkg.Person{}.Skiing("_")// 看这些符号值能不能被解析出来 + value := cross_directory_030_F_a.Person{}.Skiing("_")// 看这些符号值能不能被解析出来 __taint_sink(value) } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/config.json b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/config.json index 718396d0..65b4f607 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/config.json +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/config.json @@ -15,7 +15,7 @@ "scene": "跨module-别名" }, { - "compose": "(cross_module_005_T/cross_module_005_T_a/main.go || cross_module_005_T/cross_module_005_T_b/main.go) && !(cross_module_006_F/cross_module_006_F_a/main.go || cross_module_006_F/cross_module_006_F_b/main.go)", + "compose": "(cross_module_005_T/cross_module_005_T_a/cross_module_005_T.go || cross_module_005_T/cross_module_005_T_b/cross_module_005_T.go) && !(cross_module_006_F/cross_module_006_F_a/cross_module_006_F.go || cross_module_006_F/cross_module_006_F_b/cross_module_006_F.go)", "scene": "多Main包模块化管理" } ] diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/main.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/cross_module_005_T.go similarity index 98% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/main.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/cross_module_005_T.go index f433d0e1..d1ea46e3 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/main.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/cross_module_005_T.go @@ -4,7 +4,7 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 // scene introduction = 多Main包模块化管理 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/main +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/cross_module_005_T // evaluation information end @@ -12,7 +12,6 @@ // 在执行 go run ./cross_module_005_T_a package main import "os/exec" - // Go语言中,允许多个main包和main函数(只要不在同一个目录) // 考察特性:YASA是否能否对多个main包和main函数的情况正确包管理和找到main函数 diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/main.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/cross_module_005_T.go similarity index 98% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/main.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/cross_module_005_T.go index 17ed5ca1..9ae457ce 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/main.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/cross_module_005_T.go @@ -4,7 +4,7 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 // scene introduction = 多Main包模块化管理 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/main +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/cross_module_005_T // evaluation information end // 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/main.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/cross_module_006_F.go similarity index 98% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/main.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/cross_module_006_F.go index c615ed9b..a5ca8671 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/main.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/cross_module_006_F.go @@ -4,7 +4,7 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 // scene introduction = 多Main包模块化管理 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/main +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/cross_module_006_F // evaluation information end @@ -12,7 +12,6 @@ // 在执行 go run ./cross_module_006_F_a package main import "os/exec" - // Go语言中,允许多个main包和main函数(只要不在同一个目录) // 考察特性:YASA是否能否对多个main包和main函数的情况正确包管理和找到main函数 diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/main.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/cross_module_006_F.go similarity index 98% rename from sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/main.go rename to sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/cross_module_006_F.go index fb30b34d..473fac13 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/main.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/cross_module_006_F.go @@ -4,14 +4,13 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 // scene introduction = 多Main包模块化管理 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/main +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/cross_module_006_F // evaluation information end // 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F // 在执行 go run ./cross_module_006_F_b package main import "os/exec" - // Go语言中,允许多个main包和main函数(只要不在同一个目录) // 考察特性:YASA是否能否对多个main包和main函数的情况正确包管理和找到main函数 From 34f8591f008ec3ffb6e670b1fba521be3a59fb12 Mon Sep 17 00:00:00 2001 From: "mengmeng.meng" Date: Tue, 30 Sep 2025 21:47:30 +0800 Subject: [PATCH 3/8] go case update 6 --- .../array_index_no_solver_005_T.go | 11 +++--- .../cross_directory/config.json | 12 ------ .../cross/cross_directory_015_T.go | 33 ---------------- .../cross_init/cross_directory_init_015_T.go | 15 -------- .../cross_directory_015_T/go.mod | 3 -- .../cross/cross_directory_016_F.go | 30 --------------- .../cross_init/cross_directory_init_016_F.go | 16 -------- .../cross_directory_016_F/go.mod | 3 -- .../cross/cross_directory_017_T.go | 37 ------------------ .../cross_directory_init_017_T_a.go | 21 ---------- .../cross_directory_init_017_T_b.go | 20 ---------- .../cross_directory_017_T/go.mod | 3 -- .../cross/cross_directory_018_F.go | 38 ------------------- .../cross_directory_init_018_F_a.go | 21 ---------- .../cross_directory_init_018_F_b.go | 20 ---------- .../cross_directory_018_F/go.mod | 3 -- .../cross/cross_directory_019_T.go | 38 ------------------- .../cross_directory_init_019_T_a.go | 23 ----------- .../cross_directory_init_019_T_b.go | 20 ---------- .../cross_directory_019_T/go.mod | 3 -- .../cross/cross_directory_020_F.go | 38 ------------------- .../cross_directory_init_020_F_a.go | 23 ----------- .../cross_directory_init_020_F_b.go | 20 ---------- .../cross_directory_020_F/go.mod | 3 -- .../cross/cross_directory_023_T.go | 7 ++-- .../cross/cross_directory_024_F.go | 8 ++-- .../cross_directory_027_T.go | 8 ++-- .../cross_directory_028_F.go | 8 ++-- .../cross_module_005_T.go | 14 +++---- .../cross_module_005_T.go | 12 +++--- .../cross_module_006_F.go | 16 +++----- .../cross_module_006_F.go | 15 ++++---- .../if_return_tuple_001_T.go | 13 +++---- .../multiple_return_struct_001_F.go | 25 ++++++------ .../multiple_return_struct_002_T.go | 26 ++++++------- 35 files changed, 72 insertions(+), 534 deletions(-) delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_directory_015_T.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_init_015_T.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/go.mod delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_directory_016_F.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_init_016_F.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/go.mod delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_directory_017_T.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_a.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_b.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/go.mod delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_directory_018_F.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_a.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_b.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/go.mod delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_directory_019_T.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_a.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_b.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/go.mod delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_directory_020_F.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_a.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_b.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/go.mod diff --git a/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_005_T/array_index_no_solver_005_T.go b/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_005_T/array_index_no_solver_005_T.go index d2acfe5e..48ee4532 100644 --- a/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_005_T/array_index_no_solver_005_T.go +++ b/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_005_T/array_index_no_solver_005_T.go @@ -1,4 +1,3 @@ - // evaluation information start // real case = true // evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) @@ -7,8 +6,8 @@ // bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/array_index_no_solver_005_T/array_index_no_solver_005_T // evaluation information end -// YASA中现在处理memberAccess时,以property的符号字面量作为key进行存取。导致精度损失。 package main + import "os/exec" func array_index_no_solver_005_T(__taint_src string) { @@ -23,8 +22,8 @@ func array_index_no_solver_005_T(__taint_src string) { func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } +} func main() { - __taint_src := "taint_src_value" - array_index_no_solver_005_T(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + array_index_no_solver_005_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/config.json b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/config.json index a3fd6923..e74b9ab4 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/config.json +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/config.json @@ -34,18 +34,6 @@ "compose": "(cross_directory_013_T/cross/other/cross_01/cross_directory_013_T_b.go || cross_directory_013_T/cross_directory_013_T_a/cross_directory_013_T_a.go) && !(cross_directory_014_F/cross/other/cross_01/cross_directory_014_F_b.go || cross_directory_014_F/cross_directory_014_F_a/cross_directory_014_F_a.go)", "scene": "replace包层级调用链2" }, - { - "compose": "(cross_directory_015_T/cross/cross_init/cross_directory_init_015_T.go || cross_directory_015_T/cross/cross_directory_015_T.go) && !(cross_directory_016_F/cross/cross_init/cross_directory_init_016_F.go || cross_directory_016_F/cross/cross_directory_016_F.go)", - "scene": "init函数自动执行" - }, - { - "compose": "(cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_a.go || cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_b.go || cross_directory_017_T/cross/cross_directory_017_T.go) && !(cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_a.go || cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_b.go || cross_directory_018_F/cross/cross_directory_018_F.go)", - "scene": "多init函数顺序执行1" - }, - { - "compose": "(cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_a.go || cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_b.go || cross_directory_019_T/cross/cross_directory_019_T.go) && !(cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_a.go || cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_b.go || cross_directory_020_F/cross/cross_directory_020_F.go)", - "scene": "多init函数顺序执行2" - }, { "compose": "(cross_directory_021_T/cross/cross_same_name_021_T.go || cross_directory_021_T/main_dir/cross_directory_021_T_a.go || cross_directory_021_T/main_dir/cross_directory_021_T_b.go || cross_directory_021_T/other/cross/cross_same_name_021_T.go) && !(cross_directory_022_F/cross/cross_same_name_022_F.go || cross_directory_022_F/main_dir/cross_directory_022_F_a.go || cross_directory_022_F/main_dir/cross_directory_022_F_b.go || cross_directory_022_F/other/cross/cross_same_name_022_F.go)", "scene": "同名包导入区分" diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_directory_015_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_directory_015_T.go deleted file mode 100644 index 9cee3fb3..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_directory_015_T.go +++ /dev/null @@ -1,33 +0,0 @@ -// evaluation information start -// real case = true -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = init函数自动执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_directory_015_T -// evaluation information end - - -// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross -// 再执行go run cross_directory_015_T.go - -package main - -import ( - "cross_directory_015_T/cross/cross_init" - "os/exec" -) - -// Go语言支持包中定义init函数,在这个包被首次初始化(import)时,会自动触发这个包的init函数 - -func cross_directory_015_T() { - // 看cross_init.Status是否被init处理过 - __taint_sink(cross_init.Status) -} - -func __taint_sink(o interface{}) { - _ = exec.Command("sh", "-c", o.(string)).Run() - } - -func main() { - cross_directory_015_T() -} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_init_015_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_init_015_T.go deleted file mode 100644 index bf03d380..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_init_015_T.go +++ /dev/null @@ -1,15 +0,0 @@ -// evaluation information start -// real case = true -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = init函数自动执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_init_015_T -// evaluation information end - -package cross_init - -var Status string - -func init() { - Status = "taint_src_value" -} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/go.mod deleted file mode 100644 index af303122..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/go.mod +++ /dev/null @@ -1,3 +0,0 @@ -module cross_directory_015_T - -go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_directory_016_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_directory_016_F.go deleted file mode 100644 index e9a8db5c..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_directory_016_F.go +++ /dev/null @@ -1,30 +0,0 @@ -// evaluation information start -// real case = false -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = init函数自动执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_directory_016_F -// evaluation information end - - -// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross -// 再执行go run cross_directory_016_F.go - -package main - -import ( - "cross_directory_016_F/cross/cross_init" - "os/exec" -) - -func cross_directory_016_F() { - __taint_sink(cross_init.Status) -} - -func __taint_sink(o interface{}) { - _ = exec.Command("sh", "-c", o.(string)).Run() - } - -func main() { - cross_directory_016_F() -} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_init_016_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_init_016_F.go deleted file mode 100644 index eaa2c78b..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_init_016_F.go +++ /dev/null @@ -1,16 +0,0 @@ -// evaluation information start -// real case = false -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = init函数自动执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_init_016_F -// evaluation information end - -package cross_init - -var Status string - -func init() { - Status = "init processed" -} - diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/go.mod deleted file mode 100644 index 021168fc..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/go.mod +++ /dev/null @@ -1,3 +0,0 @@ -module cross_directory_016_F - -go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_directory_017_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_directory_017_T.go deleted file mode 100644 index 6bc80bc8..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_directory_017_T.go +++ /dev/null @@ -1,37 +0,0 @@ -// evaluation information start -// real case = true -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 多init函数顺序执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_directory_017_T -// evaluation information end - - -// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross -// 再执行go run cross_directory_017_T.go - -package main - -import ( - "cross_directory_017_T/cross/cross_init" - "os/exec" -) -// Go语言支持同一个包中有多个init函数,这些init可以在同一个文件也可以在不同文件中。 -// init函数之间的执行是有顺序的,不同文件中则按文件排序顺序、同一文件则按init声明从上之下的顺序 -// init函数是先执行的,所有init函数执行完后才会执行自定义函数 - -func cross_directory_017_T(__taint_src string) { - cross_init.In_init_after(__taint_src) - - // 若正确处理,Status的值应该是"1234taint_src_value" - __taint_sink(cross_init.Status) -} - -func __taint_sink(o interface{}) { - _ = exec.Command("sh", "-c", o.(string)).Run() - } - -func main() { - __taint_src := "taint_src_value" - cross_directory_017_T(__taint_src) -} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_a.go deleted file mode 100644 index 0fe1b61b..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_a.go +++ /dev/null @@ -1,21 +0,0 @@ -// evaluation information start -// real case = true -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 多init函数顺序执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_a -// evaluation information end - -package cross_init - -func init() { - Status = "1" -} - -func init() { - Status += "2" -} - -func In_init_after(taint_src string) { - Status += taint_src -} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_b.go deleted file mode 100644 index ddb482df..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_b.go +++ /dev/null @@ -1,20 +0,0 @@ -// evaluation information start -// real case = true -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 多init函数顺序执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_b -// evaluation information end - - -package cross_init - -var Status string - -func init() { - Status += "3" -} - -func init() { - Status += "4" -} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/go.mod deleted file mode 100644 index 5242c6b6..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/go.mod +++ /dev/null @@ -1,3 +0,0 @@ -module cross_directory_017_T - -go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_directory_018_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_directory_018_F.go deleted file mode 100644 index b5df0404..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_directory_018_F.go +++ /dev/null @@ -1,38 +0,0 @@ -// evaluation information start -// real case = false -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 多init函数顺序执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_directory_018_F -// evaluation information end - - -// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross -// 再执行go run cross_directory_018_F.go - -package main - -import ( - "cross_directory_018_F/cross/cross_init" - "os/exec" -) - -// Go语言支持同一个包中有多个init函数,这些init可以在同一个文件也可以在不同文件中。 -// init函数之间的执行是有顺序的,不同文件中则按文件排序顺序、同一文件则按init声明从上之下的顺序 -// init函数是先执行的,所有init函数执行完后才会执行自定义函数 - -func cross_directory_018_F(__taint_src string) { - cross_init.In_init_after("abc") - - // 若正确处理,Status的值应该是"1234abc" - __taint_sink(cross_init.Status) -} - -func __taint_sink(o interface{}) { - _ = exec.Command("sh", "-c", o.(string)).Run() - } - -func main() { - __taint_src := "taint_src_value" - cross_directory_018_F(__taint_src) -} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_a.go deleted file mode 100644 index 31f1e6dc..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_a.go +++ /dev/null @@ -1,21 +0,0 @@ -// evaluation information start -// real case = false -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 多init函数顺序执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_a -// evaluation information end - -package cross_init - -func init() { - Status = "1" -} - -func init() { - Status += "2" -} - -func In_init_after(taint_src string) { - Status += taint_src -} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_b.go deleted file mode 100644 index 65925e45..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_b.go +++ /dev/null @@ -1,20 +0,0 @@ -// evaluation information start -// real case = false -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 多init函数顺序执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_b -// evaluation information end - - -package cross_init - -var Status string - -func init() { - Status += "3" -} - -func init() { - Status += "4" -} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/go.mod deleted file mode 100644 index 894d75bf..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/go.mod +++ /dev/null @@ -1,3 +0,0 @@ -module cross_directory_018_F - -go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_directory_019_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_directory_019_T.go deleted file mode 100644 index c3b26266..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_directory_019_T.go +++ /dev/null @@ -1,38 +0,0 @@ -// evaluation information start -// real case = true -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 多init函数顺序执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_directory_019_T -// evaluation information end - - -// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross -// 再执行go run cross_directory_019_T.go - -package main - -import ( - "cross_directory_019_T/cross/cross_init" - "os/exec" - "fmt" -) - -// Go语言支持同一个包中有多个init函数,这些init可以在同一个文件也可以在不同文件中。 -// 当这个包被import时,所有包中的init函数都会被执行 - -func cross_directory_019_T(__taint_src int) { - cross_init.In_init_after(__taint_src) - - // 若正确处理,pkg.Status的值应该是20 - __taint_sink(cross_init.Status) -} - -func __taint_sink(o interface{}) { - _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() - } - -func main() { - __taint_src := 10 - cross_directory_019_T(__taint_src) -} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_a.go deleted file mode 100644 index 9af94950..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_a.go +++ /dev/null @@ -1,23 +0,0 @@ -// evaluation information start -// real case = true -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 多init函数顺序执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_a -// evaluation information end - -package cross_init - - -func init() { - Status += 1 -} - -func init() { - Status += 2 -} - - -func In_init_after(taint_src int) { - Status += taint_src -} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_b.go deleted file mode 100644 index 3f659e0c..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_b.go +++ /dev/null @@ -1,20 +0,0 @@ -// evaluation information start -// real case = true -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 多init函数顺序执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_b -// evaluation information end - - -package cross_init - -var Status int = 0 - -func init() { - Status += 3 -} - -func init() { - Status += 4 -} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/go.mod deleted file mode 100644 index e6689719..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/go.mod +++ /dev/null @@ -1,3 +0,0 @@ -module cross_directory_019_T - -go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_directory_020_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_directory_020_F.go deleted file mode 100644 index 928788d3..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_directory_020_F.go +++ /dev/null @@ -1,38 +0,0 @@ -// evaluation information start -// real case = false -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 多init函数顺序执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_directory_020_F -// evaluation information end - - -// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross -// 再执行go run cross_directory_020_F.go - -package main - -import ( - "cross_directory_020_F/cross/cross_init" - "os/exec" - "fmt" -) - -// Go语言支持同一个包中有多个init函数,这些init可以在同一个文件也可以在不同文件中。 -// 当这个包被import时,所有包中的init函数都会被执行 - -func cross_directory_020_F(__taint_src int) { - cross_init.In_init_after(0) - - // 若正确处理,pkg.Status的值应该是10 - __taint_sink(cross_init.Status) -} - -func __taint_sink(o interface{}) { - _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() - } - -func main() { - __taint_src := 10 - cross_directory_020_F(__taint_src) -} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_a.go deleted file mode 100644 index 3075f559..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_a.go +++ /dev/null @@ -1,23 +0,0 @@ -// evaluation information start -// real case = false -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 多init函数顺序执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_a -// evaluation information end - -package cross_init - - -func init() { - Status += 1 -} - -func init() { - Status += 2 -} - - -func In_init_after(taint_src int) { - Status += taint_src -} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_b.go deleted file mode 100644 index 6e2287f9..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_b.go +++ /dev/null @@ -1,20 +0,0 @@ -// evaluation information start -// real case = false -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 多init函数顺序执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_b -// evaluation information end - - -package cross_init - -var Status int = 0 - -func init() { - Status += 3 -} - -func init() { - Status += 4 -} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/go.mod deleted file mode 100644 index 57f04550..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/go.mod +++ /dev/null @@ -1,3 +0,0 @@ -module cross_directory_020_F - -go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_directory_023_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_directory_023_T.go index a6408015..7bea4cfa 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_directory_023_T.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_directory_023_T.go @@ -9,14 +9,15 @@ // 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T // 再执行 go run cross/cross_directory_023_T.go package main + import ( - "fmt" "cross_directory_023_T/cross/cross_01" + "fmt" "os/exec" ) // Go语言中,一个包内只有大写开头的Symbol能够被导出(对外部可见) -// 考察特性:YASA是否会错误地将小写的(非public的)Symbol错误的import过来 +// 考察特性:@@@@是否会错误地将小写的(非public的)Symbol错误的import过来 func cross_directory_023_T() { __taint_sink(cross_01.Status) //Status大写 应该被正确import过来 @@ -24,7 +25,7 @@ func cross_directory_023_T() { func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() - } +} func main() { cross_directory_023_T() diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_directory_024_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_directory_024_F.go index d6696875..d29bcef0 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_directory_024_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_directory_024_F.go @@ -6,19 +6,19 @@ // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_directory_024_F // evaluation information end - // 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F // 再执行 go run cross/cross_directory_024_F.go package main + import ( - "fmt" "cross_directory_024_F/cross/cross_01" + "fmt" "os/exec" ) // Go语言中,一个包内只有大写开头的Symbol能够被导出(对外部可见) -// 考察特性:YASA是否会错误地将小写的(非public的)Symbol错误的import过来 +// 考察特性:@@@@是否会错误地将小写的(非public的)Symbol错误的import过来 func cross_directory_024_F() { __taint_sink(cross_01.status) //status小写 若正确处理,无法获取到cross_01.status @@ -26,7 +26,7 @@ func cross_directory_024_F() { func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() - } +} func main() { cross_directory_024_F() diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T.go index 98dd3859..10f8b3f9 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T.go @@ -6,17 +6,15 @@ // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T // evaluation information end - // 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T // 再执行 go run cross_directory_027_T.go package main -import "cross_directory_027_T/cross_01" // Go语言中,一个包以文件结构路径唯一标识。允许同名包。 -// 旧版YASA以包名作为key来进行包管理,导致同名包丢失。 +// 旧版@@@@以包名作为key来进行包管理,导致同名包丢失。 -// 考察特性:YASA-Go的**包管理逻辑**(this.packageManager),是否能够区分并保存同名包 +// 考察特性:@@@@-Go的**包管理逻辑**(this.packageManager),是否能够区分并保存同名包 func cross_directory_027_T(__taint_src string) { cross_same_name_027_T.Fun(__taint_src) } @@ -24,4 +22,4 @@ func cross_directory_027_T(__taint_src string) { func main() { __taint_src := "taint_src_value" cross_directory_027_T(__taint_src) -} \ No newline at end of file +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F.go index e8a5474c..94561a49 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F.go @@ -6,17 +6,15 @@ // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F // evaluation information end - // 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F // 再执行 go run cross_directory_028_F.go package main -import "cross_directory_028_F/cross_02" // Go语言中,一个包以文件结构路径唯一标识。允许同名包。 -// 旧版YASA以包名作为key来进行包管理,导致同名包丢失。 +// --以包名作为key来进行包管理,导致同名包丢失。 -// 考察特性:YASA-Go的**包管理逻辑**(this.packageManager),是否能够区分并保存同名包 +// 考察特性:---的**包管理逻辑**(this.packageManager),是否能够区分并保存同名包 func cross_directory_028_F(__taint_src string) { cross_same_name_028_F.Fun(__taint_src) } @@ -24,4 +22,4 @@ func cross_directory_028_F(__taint_src string) { func main() { __taint_src := "taint_src_value" cross_directory_028_F(__taint_src) -} \ No newline at end of file +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/cross_module_005_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/cross_module_005_T.go index d1ea46e3..2d0acbb6 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/cross_module_005_T.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/cross_module_005_T.go @@ -1,4 +1,3 @@ - // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 @@ -7,25 +6,24 @@ // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/cross_module_005_T // evaluation information end - // 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T // 在执行 go run ./cross_module_005_T_a package main + import "os/exec" + // Go语言中,允许多个main包和main函数(只要不在同一个目录) -// 考察特性:YASA是否能否对多个main包和main函数的情况正确包管理和找到main函数 +// 考察特性:@@@@是否能否对多个main包和main函数的情况正确包管理和找到main函数 func cross_module_005_T_a(__taint_src string) { __taint_sink(__taint_src) } - func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } - +} func main() { - __taint_src := "taint_src_value_main1" - cross_module_005_T_a(__taint_src) + __taint_src := "taint_src_value_main1" + cross_module_005_T_a(__taint_src) } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/cross_module_005_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/cross_module_005_T.go index 9ae457ce..cf8c5383 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/cross_module_005_T.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/cross_module_005_T.go @@ -1,4 +1,3 @@ - // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 @@ -10,22 +9,21 @@ // 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T // 在执行 go run ./cross_module_005_T_b package main + import "os/exec" // Go语言中,允许多个main包和main函数(只要不在同一个目录) -// 考察特性:YASA是否能否对多个main包和main函数的情况正确包管理和找到main函数 +// 考察特性:---是否能否对多个main包和main函数的情况正确包管理和找到main函数 func cross_module_005_T_b(__taint_src string) { __taint_sink(__taint_src) } - func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } - +} func main() { - __taint_src := "taint_src_value_main2" - cross_module_005_T_b(__taint_src) + __taint_src := "taint_src_value_main2" + cross_module_005_T_b(__taint_src) } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/cross_module_006_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/cross_module_006_F.go index a5ca8671..2fe34b71 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/cross_module_006_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/cross_module_006_F.go @@ -1,4 +1,3 @@ - // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 @@ -7,27 +6,24 @@ // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/cross_module_006_F // evaluation information end - // 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F // 在执行 go run ./cross_module_006_F_a package main + import "os/exec" + // Go语言中,允许多个main包和main函数(只要不在同一个目录) -// 考察特性:YASA是否能否对多个main包和main函数的情况正确包管理和找到main函数 +// 考察特性:@@@@是否能否对多个main包和main函数的情况正确包管理和找到main函数 func cross_module_006_F_a(__taint_src string) { __taint_sink("this is main1") } - func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } - +} func main() { - __taint_src := "taint_src_value_main1" - cross_module_006_F_a(__taint_src) + __taint_src := "taint_src_value_main1" + cross_module_006_F_a(__taint_src) } - - diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/cross_module_006_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/cross_module_006_F.go index 473fac13..59ffeed6 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/cross_module_006_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/cross_module_006_F.go @@ -1,4 +1,3 @@ - // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨模块 @@ -10,21 +9,21 @@ // 先cd sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F // 在执行 go run ./cross_module_006_F_b package main + import "os/exec" + // Go语言中,允许多个main包和main函数(只要不在同一个目录) -// 考察特性:YASA是否能否对多个main包和main函数的情况正确包管理和找到main函数 +// 考察特性:@@@@是否能否对多个main包和main函数的情况正确包管理和找到main函数 func cross_module_006_F_b(__taint_src string) { __taint_sink("this is main2") } - func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } - +} func main() { - __taint_src := "taint_src_value_main2" - cross_module_006_F_b(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value_main2" + cross_module_006_F_b(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_tuple_001_T/if_return_tuple_001_T.go b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_tuple_001_T/if_return_tuple_001_T.go index 1652393e..d1ef8431 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_tuple_001_T/if_return_tuple_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_tuple_001_T/if_return_tuple_001_T.go @@ -7,6 +7,7 @@ // evaluation information end package main + import "os/exec" func callee(taint string) (string, string) { @@ -17,18 +18,16 @@ func callee(taint string) (string, string) { } func if_return_tuple_001_T(__taint_src string) { - a,b := callee(__taint_src) + a, b := callee(__taint_src) _ = a - // 老版本对于tuple的decl逻辑混乱,结果:a中只有"a",b中只有"b" - // 根本原因是ProcessVariableDecl语句时,if判断的优先级有误 __taint_sink(b) } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } +} func main() { - __taint_src := "taint_src_value" - if_return_tuple_001_T(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + if_return_tuple_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_001_F/multiple_return_struct_001_F.go b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_001_F/multiple_return_struct_001_F.go index 254a7f31..1f5cbefa 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_001_F/multiple_return_struct_001_F.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_001_F/multiple_return_struct_001_F.go @@ -1,42 +1,39 @@ - // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->返回值传递 -// scene introduction = 多返回值传递给结构体 +// scene introduction = 多返回值传递给结构体 // level = 2 // bind_url = completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_001_F/multiple_return_struct_001_F // evaluation information end - package main + import ( "fmt" "os/exec" - "database/sql" ) type Request struct { Name string - prop sql.DB + prop string } func multiple_return_struct_001_F(__taint_src string) { req := Request{} + a := "_" - req.prop, _ = processData(__taint_src, "_") + req.prop, _ = processData(__taint_src, a) __taint_sink(req) } -func processData(s string, i string) (sql.DB, string) { - var db sql.DB - return db , i +func processData(s string, i interface{}) (string, interface{}) { + return "abc", i } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%+v", o)).Run() - } - +} func main() { - __taint_src := "taint_src_value" - multiple_return_struct_001_F(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + multiple_return_struct_001_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_002_T/multiple_return_struct_002_T.go b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_002_T/multiple_return_struct_002_T.go index f88c189b..6e731c40 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_002_T/multiple_return_struct_002_T.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_002_T/multiple_return_struct_002_T.go @@ -1,42 +1,40 @@ - // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->返回值传递 -// scene introduction = 多返回值传递给结构体 +// scene introduction = 多返回值传递给结构体 // level = 2 // bind_url = completeness/single_app_tracing/function_call/return_value_passing/multiple_return_struct_002_T/multiple_return_struct_002_T // evaluation information end - package main + import ( "fmt" "os/exec" - "database/sql" ) -// req.prop, _ = c.Cookie() uast4Go会将这句翻译成variableDecl,导致taint无法写入到req对象中 type Request struct { Name string - prop sql.DB + prop string } -func multiple_return_struct_002_T(__taint_src sql.DB) { +func multiple_return_struct_002_T(__taint_src string) { req := Request{} + a := "_" - req.prop, _ = processData(__taint_src, "_") + req.prop, _ = processData(__taint_src, a) __taint_sink(req) } -func processData(s sql.DB, i string) (sql.DB, string) { - return s , i +func processData(s string, i interface{}) (string, interface{}) { + return s, i } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%+v", o)).Run() - } +} func main() { - var __taint_src sql.DB - multiple_return_struct_002_T(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + multiple_return_struct_002_T(__taint_src) +} From 33c7f404e87697a31be6ce28f402bfb9a77c5438 Mon Sep 17 00:00:00 2001 From: "mengmeng.meng" Date: Tue, 30 Sep 2025 21:49:16 +0800 Subject: [PATCH 4/8] go case update 7 --- .../named_return_004_T/named_return_004_T.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_004_T/named_return_004_T.go b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_004_T/named_return_004_T.go index 56de69c5..228f3137 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_004_T/named_return_004_T.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_004_T/named_return_004_T.go @@ -1,4 +1,3 @@ - // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->返回值传递 @@ -8,6 +7,7 @@ // evaluation information end package main + import "os/exec" func named_return_004_T(__taint_src interface{}) { @@ -19,14 +19,14 @@ func named_return_004_T(__taint_src interface{}) { func processData(s interface{}, i interface{}) (ret interface{}) { ret = "_" - return s // 主要区别位于这里,在具名返回值的情况下 裸返回return默认返回ret。但uast4Go在处理具名返回值时存在bug,导致此处的return s被覆盖成return ret + return s } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } +} func main() { - __taint_src := "taint_src_value" - named_return_004_T(__taint_src) + __taint_src := "taint_src_value" + named_return_004_T(__taint_src) } \ No newline at end of file From 38864280f2e7dd2230cf2cde82b8463966a3ea1a Mon Sep 17 00:00:00 2001 From: "mengmeng.meng" Date: Tue, 30 Sep 2025 21:52:46 +0800 Subject: [PATCH 5/8] go case update 8 --- .../cross/cross_directory_023_T.go | 1 - .../cross/cross_directory_024_F.go | 1 - .../cross_directory_027_T.go | 1 - .../cross_directory_028_F.go | 1 - .../cross/cross_directory_029_T.go | 11 ++++------- .../cross/cross_directory_030_F.go | 11 ++++------- .../cross_module_005_T_a/cross_module_005_T.go | 1 - .../cross_module_005_T_b/cross_module_005_T.go | 1 - .../cross_module_006_F_a/cross_module_006_F.go | 1 - .../cross_module_006_F_b/cross_module_006_F.go | 1 - .../if_return_nil_002_F/if_return_nil_002_F.go | 17 +++++++++-------- 11 files changed, 17 insertions(+), 30 deletions(-) diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_directory_023_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_directory_023_T.go index 7bea4cfa..9aca414a 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_directory_023_T.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_directory_023_T.go @@ -17,7 +17,6 @@ import ( ) // Go语言中,一个包内只有大写开头的Symbol能够被导出(对外部可见) -// 考察特性:@@@@是否会错误地将小写的(非public的)Symbol错误的import过来 func cross_directory_023_T() { __taint_sink(cross_01.Status) //Status大写 应该被正确import过来 diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_directory_024_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_directory_024_F.go index d29bcef0..0007746f 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_directory_024_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_directory_024_F.go @@ -18,7 +18,6 @@ import ( ) // Go语言中,一个包内只有大写开头的Symbol能够被导出(对外部可见) -// 考察特性:@@@@是否会错误地将小写的(非public的)Symbol错误的import过来 func cross_directory_024_F() { __taint_sink(cross_01.status) //status小写 若正确处理,无法获取到cross_01.status diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T.go index 10f8b3f9..dc295dde 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T.go @@ -14,7 +14,6 @@ package main // Go语言中,一个包以文件结构路径唯一标识。允许同名包。 // 旧版@@@@以包名作为key来进行包管理,导致同名包丢失。 -// 考察特性:@@@@-Go的**包管理逻辑**(this.packageManager),是否能够区分并保存同名包 func cross_directory_027_T(__taint_src string) { cross_same_name_027_T.Fun(__taint_src) } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F.go index 94561a49..35f585fe 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F.go @@ -14,7 +14,6 @@ package main // Go语言中,一个包以文件结构路径唯一标识。允许同名包。 // --以包名作为key来进行包管理,导致同名包丢失。 -// 考察特性:---的**包管理逻辑**(this.packageManager),是否能够区分并保存同名包 func cross_directory_028_F(__taint_src string) { cross_same_name_028_F.Fun(__taint_src) } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_directory_029_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_directory_029_T.go index 687bf49f..9308a70a 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_directory_029_T.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_directory_029_T.go @@ -6,31 +6,28 @@ // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_directory_029_T // evaluation information end - // 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross // 再执行go run cross_directory_029_T.go package main import ( - "rainy/cross_01" "os/exec" ) + // Go语言中的import: import 项目名(代表根目录)/目录名1/目录名2/目录名3 // 所谓的根目录 指 go.mod所在的目录 -// 考察特性:是否支持识别go项目的根目录,从根目录开始解析并找到import语句 - func cross_directory_029_T(__taint_src string) { - value := cross_directory_029_T_a.Person{}.Skiing(__taint_src)// 看这些符号值能不能被解析出来 + value := cross_directory_029_T_a.Person{}.Skiing(__taint_src) // 看这些符号值能不能被解析出来 __taint_sink(value) } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } +} func main() { __taint_src := "taint_src_value" cross_directory_029_T(__taint_src) -} \ No newline at end of file +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_directory_030_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_directory_030_F.go index 9a82e327..351c5b8d 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_directory_030_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_directory_030_F.go @@ -6,31 +6,28 @@ // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_directory_030_F // evaluation information end - // 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross // 再执行go run cross_directory_030_F.go package main import ( - "rainy/cross_01" "os/exec" ) + // Go语言中的import: import 项目名(代表根目录)/目录名1/目录名2/目录名3 // 所谓的根目录 指 go.mod所在的目录 -// 考察特性:是否支持识别go项目的根目录,从根目录开始解析并找到import语句 - func cross_directory_030_F(__taint_src string) { - value := cross_directory_030_F_a.Person{}.Skiing("_")// 看这些符号值能不能被解析出来 + value := cross_directory_030_F_a.Person{}.Skiing("_") // 看这些符号值能不能被解析出来 __taint_sink(value) } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } +} func main() { __taint_src := "taint_src_value" cross_directory_030_F(__taint_src) -} \ No newline at end of file +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/cross_module_005_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/cross_module_005_T.go index 2d0acbb6..a478d2d3 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/cross_module_005_T.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/cross_module_005_T.go @@ -13,7 +13,6 @@ package main import "os/exec" // Go语言中,允许多个main包和main函数(只要不在同一个目录) -// 考察特性:@@@@是否能否对多个main包和main函数的情况正确包管理和找到main函数 func cross_module_005_T_a(__taint_src string) { __taint_sink(__taint_src) diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/cross_module_005_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/cross_module_005_T.go index cf8c5383..74a01821 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/cross_module_005_T.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/cross_module_005_T.go @@ -13,7 +13,6 @@ package main import "os/exec" // Go语言中,允许多个main包和main函数(只要不在同一个目录) -// 考察特性:---是否能否对多个main包和main函数的情况正确包管理和找到main函数 func cross_module_005_T_b(__taint_src string) { __taint_sink(__taint_src) diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/cross_module_006_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/cross_module_006_F.go index 2fe34b71..5d9e18be 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/cross_module_006_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/cross_module_006_F.go @@ -13,7 +13,6 @@ package main import "os/exec" // Go语言中,允许多个main包和main函数(只要不在同一个目录) -// 考察特性:@@@@是否能否对多个main包和main函数的情况正确包管理和找到main函数 func cross_module_006_F_a(__taint_src string) { __taint_sink("this is main1") diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/cross_module_006_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/cross_module_006_F.go index 59ffeed6..2372f916 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/cross_module_006_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/cross_module_006_F.go @@ -13,7 +13,6 @@ package main import "os/exec" // Go语言中,允许多个main包和main函数(只要不在同一个目录) -// 考察特性:@@@@是否能否对多个main包和main函数的情况正确包管理和找到main函数 func cross_module_006_F_b(__taint_src string) { __taint_sink("this is main2") diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_002_F/if_return_nil_002_F.go b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_002_F/if_return_nil_002_F.go index 31919a39..d8efac32 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_002_F/if_return_nil_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_002_F/if_return_nil_002_F.go @@ -1,25 +1,26 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->返回值传递 -// scene introduction = 条件返回nil +// scene introduction = 条件返回nil // level = 2 // bind_url = completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_002_F/if_return_nil_002_F // evaluation information end package main + import ( "fmt" "os/exec" ) -// 旧版中,对nil没有进行处理限制,允许将nil值转换成返回值类型(S),且允许对nil进行memberAccess读取 +// 允许将nil值转换成返回值类型(S),且允许对nil进行memberAccess读取 type S struct { name string id int } -func Func1(__taint_src string) (*S) { +func Func1(__taint_src string) *S { s1 := &S{ name: __taint_src, id: 98, @@ -29,7 +30,7 @@ func Func1(__taint_src string) (*S) { if err != "nil" { return nil } - + return s1 } @@ -40,9 +41,9 @@ func if_return_nil_002_F(__taint_src string) { func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%+v", o)).Run() - } +} func main() { - __taint_src := "taint_src_value" - if_return_nil_002_F(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + if_return_nil_002_F(__taint_src) +} From a14224bde9053e0642a2d806a836740adbef63f8 Mon Sep 17 00:00:00 2001 From: "mengmeng.meng" Date: Fri, 31 Oct 2025 17:24:17 +0800 Subject: [PATCH 6/8] go case update --- .../cross/cross_directory_015_T.go | 31 ++++++++++++++++++ .../cross_directory_export_015_T.go | 11 +++++++ .../cross_init/cross_directory_init_015_T.go | 14 ++++++++ .../cross_directory_015_T/go.mod | 3 ++ .../cross/cross_directory_016_F.go | 23 +++++++++++++ .../cross_directory_export_016_F.go | 11 +++++++ .../cross_init/cross_directory_init_016_F.go | 14 ++++++++ .../cross_directory_016_F/go.mod | 3 ++ .../cross/cross_directory_017_T.go | 32 +++++++++++++++++++ .../cross_directory_export_017_T.go | 11 +++++++ .../cross_directory_init_017_T_a.go | 17 ++++++++++ .../cross_directory_init_017_T_b.go | 19 +++++++++++ .../cross_directory_017_T/go.mod | 3 ++ .../cross/cross_directory_018_F.go | 32 +++++++++++++++++++ .../cross_directory_export_018_F.go | 11 +++++++ .../cross_directory_init_018_F_a.go | 18 +++++++++++ .../cross_directory_init_018_F_b.go | 19 +++++++++++ .../cross_directory_018_F/go.mod | 3 ++ .../cross/cross_directory_019_T.go | 31 ++++++++++++++++++ .../cross_directory_export_019_T.go | 11 +++++++ .../cross_directory_init_019_T_a.go | 17 ++++++++++ .../cross_directory_init_019_T_b.go | 18 +++++++++++ .../cross_directory_019_T/go.mod | 3 ++ .../cross/cross_directory_020_F.go | 32 +++++++++++++++++++ .../cross_directory_export_020_F.go | 11 +++++++ .../cross_directory_init_020_F_a.go | 17 ++++++++++ .../cross_directory_init_020_F_b.go | 18 +++++++++++ .../cross_directory_020_F/go.mod | 3 ++ .../cross/cross_directory_023_T.go | 1 + .../cross/cross_directory_024_F.go | 2 +- .../cross_directory_027_T.go | 1 + .../cross_directory_028_F.go | 5 ++- .../cross/cross_directory_029_T.go | 11 ++++--- .../cross/cross_directory_030_F.go | 11 ++++--- .../cross_module_005_T.go | 1 + .../cross_module_005_T.go | 1 + .../cross_module_006_F.go | 1 + .../cross_module_006_F.go | 1 + .../if_return_nil_002_F.go | 17 +++++----- .../named_return_004_T/named_return_004_T.go | 10 +++--- 40 files changed, 474 insertions(+), 24 deletions(-) create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_directory_015_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_export_015_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_init_015_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_directory_016_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_export_016_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_init_016_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_directory_017_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_export_017_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_a.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_b.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_directory_018_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_export_018_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_a.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_b.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_directory_019_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_export_019_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_a.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_b.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_directory_020_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_export_020_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_a.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_b.go create mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/go.mod diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_directory_015_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_directory_015_T.go new file mode 100644 index 00000000..23de2576 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_directory_015_T.go @@ -0,0 +1,31 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = init函数自动执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_directory_015_T +// evaluation information end + +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross +// 再执行go run cross_directory_015_T.go +package main +import ( + "cross_directory_015_T/cross/cross_init" + "os/exec" + "fmt" +) + +// Go语言支持包中定义init函数,在这个包被首次初始化(import)时,会自动触发这个包的init函数 +func cross_directory_015_T() { + // 看cross_init.Status是否被init处理过 + __taint_sink(cross_init.Status) +} + +func __taint_sink(o interface{}) { + fmt.Println("o 的值:", o) + _ = exec.Command("sh", "-c", o.(string)).Run() + } + +func main() { + cross_directory_015_T() +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_export_015_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_export_015_T.go new file mode 100644 index 00000000..3a1f8c66 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_export_015_T.go @@ -0,0 +1,11 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = init函数自动执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_export_015_T +// evaluation information end + +package cross_init + +var Taint_src = "taint_src_value" \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_init_015_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_init_015_T.go new file mode 100644 index 00000000..c3034416 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_init_015_T.go @@ -0,0 +1,14 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = init函数自动执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_init_015_T +// evaluation information end + +package cross_init + +var Status string +func init() { + Status = Taint_src +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/go.mod new file mode 100644 index 00000000..af303122 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/go.mod @@ -0,0 +1,3 @@ +module cross_directory_015_T + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_directory_016_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_directory_016_F.go new file mode 100644 index 00000000..320f9aa8 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_directory_016_F.go @@ -0,0 +1,23 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = init函数自动执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_directory_016_F +// evaluation information end +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross +// 再执行go run cross_directory_016_F.go +package main +import ( + "cross_directory_016_F/cross/cross_init" + "os/exec" +) +func cross_directory_016_F() { + __taint_sink(cross_init.Status) +} +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } +func main() { + cross_directory_016_F() +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_export_016_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_export_016_F.go new file mode 100644 index 00000000..efdc3922 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_export_016_F.go @@ -0,0 +1,11 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = init函数自动执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_export_016_F +// evaluation information end + +package cross_init + +var Taint_src = "taint_src_value" \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_init_016_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_init_016_F.go new file mode 100644 index 00000000..d3d82891 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_init_016_F.go @@ -0,0 +1,14 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = init函数自动执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_init_016_F +// evaluation information end +package cross_init + +var Status string +func init() { + Status = Taint_src + Status = "_" +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/go.mod new file mode 100644 index 00000000..021168fc --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/go.mod @@ -0,0 +1,3 @@ +module cross_directory_016_F + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_directory_017_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_directory_017_T.go new file mode 100644 index 00000000..23107ad2 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_directory_017_T.go @@ -0,0 +1,32 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_directory_017_T +// evaluation information end + +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross +// 再执行go run cross_directory_017_T.go + +package main +import ( + "cross_directory_017_T/cross/cross_init" + "os/exec" +) + +// Go语言支持同一个包中有多个init函数,这些init可以在同一个文件也可以在不同文件中。 +// init函数之间的执行是有顺序的,不同文件中则按文件排序顺序、同一文件则按init声明从上之下的顺序 +// init函数是先执行的,所有init函数执行完后才会执行自定义函数 +func cross_directory_017_T() { + // 若正确处理,Status的值应该是"taint_src_value234" + __taint_sink(cross_init.Status) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } + +func main() { + cross_directory_017_T() +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_export_017_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_export_017_T.go new file mode 100644 index 00000000..905898d5 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_export_017_T.go @@ -0,0 +1,11 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_export_017_T +// evaluation information end + +package cross_init + +var Taint_src = "taint_src_value" \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_a.go new file mode 100644 index 00000000..5ca360f3 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_a.go @@ -0,0 +1,17 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_a +// evaluation information end + +package cross_init + +func init() { + Status = Taint_src +} + +func init() { + Status += "2" +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_b.go new file mode 100644 index 00000000..77796bc2 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_b.go @@ -0,0 +1,19 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_b +// evaluation information end + +package cross_init + +var Status string + +func init() { + Status += "3" +} + +func init() { + Status += "4" +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/go.mod new file mode 100644 index 00000000..5242c6b6 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/go.mod @@ -0,0 +1,3 @@ +module cross_directory_017_T + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_directory_018_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_directory_018_F.go new file mode 100644 index 00000000..fdd680cf --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_directory_018_F.go @@ -0,0 +1,32 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_directory_018_F +// evaluation information end + +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross +// 再执行go run cross_directory_018_F.go + +package main +import ( + "cross_directory_018_F/cross/cross_init" + "os/exec" +) + +// Go语言支持同一个包中有多个init函数,这些init可以在同一个文件也可以在不同文件中。 +// init函数之间的执行是有顺序的,不同文件中则按文件排序顺序、同一文件则按init声明从上之下的顺序 +// init函数是先执行的,所有init函数执行完后才会执行自定义函数 +func cross_directory_018_F() { + // 若正确处理,Status的值应该是"_234" + __taint_sink(cross_init.Status) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() + } + +func main() { + cross_directory_018_F() +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_export_018_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_export_018_F.go new file mode 100644 index 00000000..62300bcd --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_export_018_F.go @@ -0,0 +1,11 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_export_018_F +// evaluation information end + +package cross_init + +var Taint_src = "taint_src_value" \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_a.go new file mode 100644 index 00000000..b0222b25 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_a.go @@ -0,0 +1,18 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_a +// evaluation information end + +package cross_init + +func init() { + Status = Taint_src + Status = "_" +} + +func init() { + Status += "2" +} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_b.go new file mode 100644 index 00000000..81456e89 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_b.go @@ -0,0 +1,19 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_b +// evaluation information end + +package cross_init + +var Status string + +func init() { + Status += "3" +} + +func init() { + Status += "4" +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/go.mod new file mode 100644 index 00000000..894d75bf --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/go.mod @@ -0,0 +1,3 @@ +module cross_directory_018_F + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_directory_019_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_directory_019_T.go new file mode 100644 index 00000000..12b89b68 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_directory_019_T.go @@ -0,0 +1,31 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_directory_019_T +// evaluation information end +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross +// 再执行go run cross_directory_019_T.go + +package main +import ( + "cross_directory_019_T/cross/cross_init" + "os/exec" + "fmt" +) + +// Go语言支持同一个包中有多个init函数,这些init可以在同一个文件也可以在不同文件中。 +// 当这个包被import时,所有包中的init函数都会被执行 +func cross_directory_019_T() { + // 若正确处理,pkg.Status的值应该是20 + __taint_sink(cross_init.Status) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() + } + +func main() { + cross_directory_019_T() +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_export_019_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_export_019_T.go new file mode 100644 index 00000000..842bae46 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_export_019_T.go @@ -0,0 +1,11 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_export_019_T +// evaluation information end + +package cross_init + +var Taint_src = 10 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_a.go new file mode 100644 index 00000000..7d94ba88 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_a.go @@ -0,0 +1,17 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_a +// evaluation information end + +package cross_init + +func init() { + Status += Taint_src +} + +func init() { + Status += 2 +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_b.go new file mode 100644 index 00000000..a0cb564d --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_b.go @@ -0,0 +1,18 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_b +// evaluation information end + +package cross_init + +var Status int = 1 + +func init() { + Status += 3 +} +func init() { + Status += 4 +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/go.mod new file mode 100644 index 00000000..e6689719 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/go.mod @@ -0,0 +1,3 @@ +module cross_directory_019_T + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_directory_020_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_directory_020_F.go new file mode 100644 index 00000000..490498fc --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_directory_020_F.go @@ -0,0 +1,32 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_directory_020_F +// evaluation information end + +// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross +// 再执行go run cross_directory_020_F.go + +package main +import ( + "cross_directory_020_F/cross/cross_init" + "os/exec" + "fmt" +) + +// Go语言支持同一个包中有多个init函数,这些init可以在同一个文件也可以在不同文件中。 +// 当这个包被import时,所有包中的init函数都会被执行 +func cross_directory_020_F() { + // 若正确处理,pkg.Status的值应该是0 + __taint_sink(cross_init.Status) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() + } + +func main() { + cross_directory_020_F() +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_export_020_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_export_020_F.go new file mode 100644 index 00000000..f9f1aa96 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_export_020_F.go @@ -0,0 +1,11 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_export_020_F +// evaluation information end + +package cross_init + +var Taint_src = 10 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_a.go new file mode 100644 index 00000000..c3cc9146 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_a.go @@ -0,0 +1,17 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_a +// evaluation information end + +package cross_init + +func init() { + Status += Taint_src +} + +func init() { + Status += 2 +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_b.go new file mode 100644 index 00000000..cfcac003 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_b.go @@ -0,0 +1,18 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 +// scene introduction = 多init函数顺序执行 +// level = 2 +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_b +// evaluation information end + +package cross_init + +var Status int = 1 + +func init() { + Status += 3 +} +func init() { + Status = 0 +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/go.mod new file mode 100644 index 00000000..57f04550 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/go.mod @@ -0,0 +1,3 @@ +module cross_directory_020_F + +go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_directory_023_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_directory_023_T.go index 9aca414a..7bea4cfa 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_directory_023_T.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_023_T/cross/cross_directory_023_T.go @@ -17,6 +17,7 @@ import ( ) // Go语言中,一个包内只有大写开头的Symbol能够被导出(对外部可见) +// 考察特性:@@@@是否会错误地将小写的(非public的)Symbol错误的import过来 func cross_directory_023_T() { __taint_sink(cross_01.Status) //Status大写 应该被正确import过来 diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_directory_024_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_directory_024_F.go index 0007746f..76c4b5d5 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_directory_024_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_024_F/cross/cross_directory_024_F.go @@ -12,12 +12,12 @@ package main import ( - "cross_directory_024_F/cross/cross_01" "fmt" "os/exec" ) // Go语言中,一个包内只有大写开头的Symbol能够被导出(对外部可见) +// 考察特性:@@@@是否会错误地将小写的(非public的)Symbol错误的import过来 func cross_directory_024_F() { __taint_sink(cross_01.status) //status小写 若正确处理,无法获取到cross_01.status diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T.go index dc295dde..10f8b3f9 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_027_T/cross_directory_027_T.go @@ -14,6 +14,7 @@ package main // Go语言中,一个包以文件结构路径唯一标识。允许同名包。 // 旧版@@@@以包名作为key来进行包管理,导致同名包丢失。 +// 考察特性:@@@@-Go的**包管理逻辑**(this.packageManager),是否能够区分并保存同名包 func cross_directory_027_T(__taint_src string) { cross_same_name_027_T.Fun(__taint_src) } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F.go index 35f585fe..f3f38c67 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_028_F/cross_directory_028_F.go @@ -11,9 +11,12 @@ package main +import cross_same_name_028_F "cross_directory_028_F/cross_02" + // Go语言中,一个包以文件结构路径唯一标识。允许同名包。 -// --以包名作为key来进行包管理,导致同名包丢失。 +// 旧版@@以包名作为key来进行包管理,导致同名包丢失。 +// 考察特性:@@-Go的**包管理逻辑**(this.packageManager),是否能够区分并保存同名包 func cross_directory_028_F(__taint_src string) { cross_same_name_028_F.Fun(__taint_src) } diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_directory_029_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_directory_029_T.go index 9308a70a..687bf49f 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_directory_029_T.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_directory_029_T.go @@ -6,28 +6,31 @@ // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross/cross_directory_029_T // evaluation information end + // 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_029_T/cross // 再执行go run cross_directory_029_T.go package main import ( + "rainy/cross_01" "os/exec" ) - // Go语言中的import: import 项目名(代表根目录)/目录名1/目录名2/目录名3 // 所谓的根目录 指 go.mod所在的目录 +// 考察特性:是否支持识别go项目的根目录,从根目录开始解析并找到import语句 + func cross_directory_029_T(__taint_src string) { - value := cross_directory_029_T_a.Person{}.Skiing(__taint_src) // 看这些符号值能不能被解析出来 + value := cross_directory_029_T_a.Person{}.Skiing(__taint_src)// 看这些符号值能不能被解析出来 __taint_sink(value) } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() -} + } func main() { __taint_src := "taint_src_value" cross_directory_029_T(__taint_src) -} +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_directory_030_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_directory_030_F.go index 351c5b8d..9a82e327 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_directory_030_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_directory_030_F.go @@ -6,28 +6,31 @@ // bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross/cross_directory_030_F // evaluation information end + // 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_030_F/cross // 再执行go run cross_directory_030_F.go package main import ( + "rainy/cross_01" "os/exec" ) - // Go语言中的import: import 项目名(代表根目录)/目录名1/目录名2/目录名3 // 所谓的根目录 指 go.mod所在的目录 +// 考察特性:是否支持识别go项目的根目录,从根目录开始解析并找到import语句 + func cross_directory_030_F(__taint_src string) { - value := cross_directory_030_F_a.Person{}.Skiing("_") // 看这些符号值能不能被解析出来 + value := cross_directory_030_F_a.Person{}.Skiing("_")// 看这些符号值能不能被解析出来 __taint_sink(value) } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() -} + } func main() { __taint_src := "taint_src_value" cross_directory_030_F(__taint_src) -} +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/cross_module_005_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/cross_module_005_T.go index a478d2d3..a74b8beb 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/cross_module_005_T.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_a/cross_module_005_T.go @@ -13,6 +13,7 @@ package main import "os/exec" // Go语言中,允许多个main包和main函数(只要不在同一个目录) +// 考察特性:@@是否能否对多个main包和main函数的情况正确包管理和找到main函数 func cross_module_005_T_a(__taint_src string) { __taint_sink(__taint_src) diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/cross_module_005_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/cross_module_005_T.go index 74a01821..0b996094 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/cross_module_005_T.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_005_T/cross_module_005_T_b/cross_module_005_T.go @@ -13,6 +13,7 @@ package main import "os/exec" // Go语言中,允许多个main包和main函数(只要不在同一个目录) +// 考察特性:@@是否能否对多个main包和main函数的情况正确包管理和找到main函数 func cross_module_005_T_b(__taint_src string) { __taint_sink(__taint_src) diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/cross_module_006_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/cross_module_006_F.go index 5d9e18be..a1d349cf 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/cross_module_006_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_a/cross_module_006_F.go @@ -13,6 +13,7 @@ package main import "os/exec" // Go语言中,允许多个main包和main函数(只要不在同一个目录) +// 考察特性:@@是否能否对多个main包和main函数的情况正确包管理和找到main函数 func cross_module_006_F_a(__taint_src string) { __taint_sink("this is main1") diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/cross_module_006_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/cross_module_006_F.go index 2372f916..b6f93e06 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/cross_module_006_F.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_module/cross_module_006_F/cross_module_006_F_b/cross_module_006_F.go @@ -13,6 +13,7 @@ package main import "os/exec" // Go语言中,允许多个main包和main函数(只要不在同一个目录) +// 考察特性:@@是否能否对多个main包和main函数的情况正确包管理和找到main函数 func cross_module_006_F_b(__taint_src string) { __taint_sink("this is main2") diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_002_F/if_return_nil_002_F.go b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_002_F/if_return_nil_002_F.go index d8efac32..31919a39 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_002_F/if_return_nil_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_002_F/if_return_nil_002_F.go @@ -1,26 +1,25 @@ // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->返回值传递 -// scene introduction = 条件返回nil +// scene introduction = 条件返回nil // level = 2 // bind_url = completeness/single_app_tracing/function_call/return_value_passing/if_return_nil_002_F/if_return_nil_002_F // evaluation information end package main - import ( "fmt" "os/exec" ) -// 允许将nil值转换成返回值类型(S),且允许对nil进行memberAccess读取 +// 旧版中,对nil没有进行处理限制,允许将nil值转换成返回值类型(S),且允许对nil进行memberAccess读取 type S struct { name string id int } -func Func1(__taint_src string) *S { +func Func1(__taint_src string) (*S) { s1 := &S{ name: __taint_src, id: 98, @@ -30,7 +29,7 @@ func Func1(__taint_src string) *S { if err != "nil" { return nil } - + return s1 } @@ -41,9 +40,9 @@ func if_return_nil_002_F(__taint_src string) { func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%+v", o)).Run() -} + } func main() { - __taint_src := "taint_src_value" - if_return_nil_002_F(__taint_src) -} + __taint_src := "taint_src_value" + if_return_nil_002_F(__taint_src) +} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_004_T/named_return_004_T.go b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_004_T/named_return_004_T.go index 228f3137..56de69c5 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_004_T/named_return_004_T.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/return_value_passing/named_return_004_T/named_return_004_T.go @@ -1,3 +1,4 @@ + // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->返回值传递 @@ -7,7 +8,6 @@ // evaluation information end package main - import "os/exec" func named_return_004_T(__taint_src interface{}) { @@ -19,14 +19,14 @@ func named_return_004_T(__taint_src interface{}) { func processData(s interface{}, i interface{}) (ret interface{}) { ret = "_" - return s + return s // 主要区别位于这里,在具名返回值的情况下 裸返回return默认返回ret。但uast4Go在处理具名返回值时存在bug,导致此处的return s被覆盖成return ret } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() -} + } func main() { - __taint_src := "taint_src_value" - named_return_004_T(__taint_src) + __taint_src := "taint_src_value" + named_return_004_T(__taint_src) } \ No newline at end of file From e77995d8026a49afceb846468f7b4e2f4959811b Mon Sep 17 00:00:00 2001 From: "mengmeng.meng" Date: Tue, 11 Nov 2025 10:19:44 +0800 Subject: [PATCH 7/8] python 3 case update --- .../argument_return_value_passing/config.json | 8 ++++ .../return_value_passing_005_T.py | 25 +++++++++++ .../return_value_passing_006_F.py | 25 +++++++++++ .../return_value_passing_007_T.py | 25 +++++++++++ .../return_value_passing_008_F.py | 25 +++++++++++ .../field_sensitive/class/config.json | 4 ++ .../class/dynamic_field_001_T.py | 30 +++++++++++++ .../class/dynamic_field_002_F.py | 30 +++++++++++++ .../field_sensitive/class/field_len_006_F.py | 2 +- .../multidimensional_collection/config.json | 8 ++++ .../list_slice_001_T.py | 27 +++++++++++ .../list_slice_002_F.py | 27 +++++++++++ .../map_mc_005_T.py | 26 +++++++++++ .../map_mc_006_F.py | 26 +++++++++++ .../asynchronous/async_concurrent_001_T.py | 45 +++++++++++++++++++ .../asynchronous/async_concurrent_002_F.py | 44 ++++++++++++++++++ .../asynchronous/async_generator_001_T.py | 37 +++++++++++++++ .../asynchronous/async_generator_002_F.py | 37 +++++++++++++++ .../flow_sensitive/asynchronous/config.json | 8 ++++ .../flow_sensitive/loop_stmt/config.json | 8 ++++ .../loop_stmt/nested_loop_for_in_001_T.py | 25 +++++++++++ .../loop_stmt/nested_loop_for_in_002_F.py | 25 +++++++++++ .../loop_stmt/while_loop_001_T.py | 26 +++++++++++ .../loop_stmt/while_loop_002_F.py | 26 +++++++++++ .../object_sensitive/class/config.json | 6 ++- .../constructor_object_sensitive_005_T.py | 28 ++++++++++++ .../constructor_object_sensitive_006_F.py | 28 ++++++++++++ ...ynamic_attribute_object_sensitive_001_T.py | 34 ++++++++++++++ ...ynamic_attribute_object_sensitive_002_F.py | 34 ++++++++++++++ .../exception_throw/config.json | 16 +++++++ .../exception_throw/exception_args_001_T.py | 27 +++++++++++ .../exception_throw/exception_args_002_F.py | 27 +++++++++++ .../exception_throw/exception_else_001_T.py | 28 ++++++++++++ .../exception_throw/exception_else_002_F.py | 29 ++++++++++++ .../exception_finally_throw_001_T.py | 28 ++++++++++++ .../exception_finally_throw_002_F.py | 29 ++++++++++++ .../exception_multiple_except_001_T.py | 31 +++++++++++++ .../exception_multiple_except_002_F.py | 32 +++++++++++++ .../explicit_jump_control/break_004_F.py | 2 +- .../explicit_jump_control/config.json | 4 ++ .../continue_nested_001_T.py | 27 +++++++++++ .../continue_nested_002_F.py | 28 ++++++++++++ .../other/ellipsis/ellipsis_002_F.py | 2 +- .../other/ellipsis/ellipsis_004_F.py | 2 +- .../single_app_tracing/alias/alias_001_T.py | 2 +- .../single_app_tracing/alias/alias_006_F.py | 2 +- .../class/complex_object/config.json | 12 +++++ .../multi_level_inheritance_001_T.py | 39 ++++++++++++++++ .../multi_level_inheritance_002_F.py | 39 ++++++++++++++++ .../multiple_inheritance_001_T.py | 38 ++++++++++++++++ .../multiple_inheritance_002_F.py | 38 ++++++++++++++++ .../no_init_child_class_001_T.py | 35 +++++++++++++++ .../no_init_child_class_002_F.py | 35 +++++++++++++++ .../control_flow/assert/assert_002_F.py | 2 +- .../conditional_matchStar_004_F.py | 2 +- .../conditional_match_004_F.py | 2 +- .../loop_stmt/while_else_002_F.py | 2 +- .../cross_file/config.json | 4 ++ .../dynamic_import_001_T_a.py | 11 +++++ .../dynamic_import_001_T_b.py | 29 ++++++++++++ .../dynamic_import_002_F_a.py | 11 +++++ .../dynamic_import_002_F_b.py | 29 ++++++++++++ .../datatype/array/array_extend_001_T.py | 30 +++++++++++++ .../datatype/array/array_extend_002_F.py | 30 +++++++++++++ .../datatype/array/config.json | 4 ++ .../bytearray/bytearray_extend_001_T.py | 30 +++++++++++++ .../bytearray/bytearray_extend_002_F.py | 30 +++++++++++++ .../bytearray/bytearray_slice_001_T.py | 28 ++++++++++++ .../bytearray/bytearray_slice_002_F.py | 28 ++++++++++++ .../datatype/bytearray/config.json | 8 ++++ .../datatype/collections/config.json | 4 ++ .../datatype/collections/set_006_F.py | 2 +- .../datatype/collections/set_remove_001_T.py | 27 +++++++++++ .../datatype/collections/set_remove_002_F.py | 27 +++++++++++ .../datatype/list/config.json | 20 +++++++++ .../datatype/list/list_concat_001_T.py | 31 +++++++++++++ .../datatype/list/list_concat_002_F.py | 29 ++++++++++++ .../datatype/list/list_extend_001_T.py | 30 +++++++++++++ .../datatype/list/list_extend_002_F.py | 29 ++++++++++++ .../datatype/list/list_insert_001_T.py | 28 ++++++++++++ .../datatype/list/list_insert_002_F.py | 27 +++++++++++ .../datatype/list/list_pop_001_T.py | 28 ++++++++++++ .../datatype/list/list_pop_002_F.py | 27 +++++++++++ .../datatype/list/list_remove_001_T.py | 27 +++++++++++ .../datatype/list/list_remove_002_F.py | 27 +++++++++++ .../datatype/map/config.json | 4 ++ .../datatype/map/map_pop_001_T.py | 26 +++++++++++ .../datatype/map/map_pop_002_F.py | 27 +++++++++++ .../datatype/primitives/bool_002_F.py | 5 ++- .../datatype/tuple/config.json | 16 +++++++ .../datatype/tuple/tuple_002_F.py | 2 +- .../datatype/tuple/tuple_004_F.py | 2 +- .../datatype/tuple/tuple_concat_001_T.py | 33 ++++++++++++++ .../datatype/tuple/tuple_concat_002_F.py | 30 +++++++++++++ .../datatype/tuple/tuple_index_001_T.py | 30 +++++++++++++ .../datatype/tuple/tuple_index_002_F.py | 27 +++++++++++ .../datatype/tuple/tuple_repeat_001_T.py | 30 +++++++++++++ .../datatype/tuple/tuple_repeat_002_F.py | 27 +++++++++++ .../datatype/tuple/tuple_slice_001_T.py | 30 +++++++++++++ .../datatype/tuple/tuple_slice_002_F.py | 27 +++++++++++ .../exception_throw/exception_catch_001_T.py | 2 +- .../binary_expression_mult_002_F.py | 2 +- .../binary_expression_sub_002_F.py | 2 +- .../logical_or_002_F.py | 2 +- .../expression/lambda_expression/config.json | 4 ++ .../lambda_multi_params_001_T.py | 30 +++++++++++++ .../lambda_multi_params_002_F.py | 27 +++++++++++ .../del_expression_006_F.py | 2 +- .../del_expression_008_F.py | 2 +- .../list_comprehension_002_F.py | 2 +- .../map_comprehension_002_F.py | 2 +- .../set_comprehension_001_T.py | 4 +- .../type_cast/bool_conversion_002_F.py | 2 +- .../expression/type_cast/type_cast_002_F.py | 2 +- .../generator_function/yieldFrom_001_T.py | 2 +- .../generator_function/yieldFrom_003_T.py | 2 +- 116 files changed, 2269 insertions(+), 30 deletions(-) create mode 100644 sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_005_T.py create mode 100644 sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_006_F.py create mode 100644 sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_007_T.py create mode 100644 sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_008_F.py create mode 100644 sast-python3/case/accuracy/field_sensitive/class/dynamic_field_001_T.py create mode 100644 sast-python3/case/accuracy/field_sensitive/class/dynamic_field_002_F.py create mode 100644 sast-python3/case/accuracy/field_sensitive/multidimensional_collection/list_slice_001_T.py create mode 100644 sast-python3/case/accuracy/field_sensitive/multidimensional_collection/list_slice_002_F.py create mode 100644 sast-python3/case/accuracy/field_sensitive/multidimensional_collection/map_mc_005_T.py create mode 100644 sast-python3/case/accuracy/field_sensitive/multidimensional_collection/map_mc_006_F.py create mode 100644 sast-python3/case/accuracy/flow_sensitive/asynchronous/async_concurrent_001_T.py create mode 100644 sast-python3/case/accuracy/flow_sensitive/asynchronous/async_concurrent_002_F.py create mode 100644 sast-python3/case/accuracy/flow_sensitive/asynchronous/async_generator_001_T.py create mode 100644 sast-python3/case/accuracy/flow_sensitive/asynchronous/async_generator_002_F.py create mode 100644 sast-python3/case/accuracy/flow_sensitive/loop_stmt/nested_loop_for_in_001_T.py create mode 100644 sast-python3/case/accuracy/flow_sensitive/loop_stmt/nested_loop_for_in_002_F.py create mode 100644 sast-python3/case/accuracy/flow_sensitive/loop_stmt/while_loop_001_T.py create mode 100644 sast-python3/case/accuracy/flow_sensitive/loop_stmt/while_loop_002_F.py create mode 100644 sast-python3/case/accuracy/object_sensitive/class/constructor_object_sensitive_005_T.py create mode 100644 sast-python3/case/accuracy/object_sensitive/class/constructor_object_sensitive_006_F.py create mode 100644 sast-python3/case/accuracy/object_sensitive/class/dynamic_attribute_object_sensitive_001_T.py create mode 100644 sast-python3/case/accuracy/object_sensitive/class/dynamic_attribute_object_sensitive_002_F.py create mode 100644 sast-python3/case/accuracy/path_sensitive/exception_throw/exception_args_001_T.py create mode 100644 sast-python3/case/accuracy/path_sensitive/exception_throw/exception_args_002_F.py create mode 100644 sast-python3/case/accuracy/path_sensitive/exception_throw/exception_else_001_T.py create mode 100644 sast-python3/case/accuracy/path_sensitive/exception_throw/exception_else_002_F.py create mode 100644 sast-python3/case/accuracy/path_sensitive/exception_throw/exception_finally_throw_001_T.py create mode 100644 sast-python3/case/accuracy/path_sensitive/exception_throw/exception_finally_throw_002_F.py create mode 100644 sast-python3/case/accuracy/path_sensitive/exception_throw/exception_multiple_except_001_T.py create mode 100644 sast-python3/case/accuracy/path_sensitive/exception_throw/exception_multiple_except_002_F.py create mode 100644 sast-python3/case/accuracy/path_sensitive/explicit_jump_control/continue_nested_001_T.py create mode 100644 sast-python3/case/accuracy/path_sensitive/explicit_jump_control/continue_nested_002_F.py create mode 100644 sast-python3/case/completeness/single_app_tracing/class/complex_object/multi_level_inheritance_001_T.py create mode 100644 sast-python3/case/completeness/single_app_tracing/class/complex_object/multi_level_inheritance_002_F.py create mode 100644 sast-python3/case/completeness/single_app_tracing/class/complex_object/multiple_inheritance_001_T.py create mode 100644 sast-python3/case/completeness/single_app_tracing/class/complex_object/multiple_inheritance_002_F.py create mode 100644 sast-python3/case/completeness/single_app_tracing/class/complex_object/no_init_child_class_001_T.py create mode 100644 sast-python3/case/completeness/single_app_tracing/class/complex_object/no_init_child_class_002_F.py create mode 100644 sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_001_T/dynamic_import_001_T_a.py create mode 100644 sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_001_T/dynamic_import_001_T_b.py create mode 100644 sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_002_F/dynamic_import_002_F_a.py create mode 100644 sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_002_F/dynamic_import_002_F_b.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/array/array_extend_001_T.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/array/array_extend_002_F.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_extend_001_T.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_extend_002_F.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_slice_001_T.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_slice_002_F.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/collections/set_remove_001_T.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/collections/set_remove_002_F.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/list/list_concat_001_T.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/list/list_concat_002_F.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/list/list_extend_001_T.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/list/list_extend_002_F.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/list/list_insert_001_T.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/list/list_insert_002_F.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/list/list_pop_001_T.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/list/list_pop_002_F.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/list/list_remove_001_T.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/list/list_remove_002_F.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/map/map_pop_001_T.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/map/map_pop_002_F.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_concat_001_T.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_concat_002_F.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_index_001_T.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_index_002_F.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_repeat_001_T.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_repeat_002_F.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_slice_001_T.py create mode 100644 sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_slice_002_F.py create mode 100644 sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/lambda_multi_params_001_T.py create mode 100644 sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/lambda_multi_params_002_F.py diff --git a/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/config.json b/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/config.json index fc55d65f..a00c0a08 100644 --- a/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/config.json +++ b/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/config.json @@ -33,6 +33,14 @@ { "compose": "return_value_passing_003_T.py && !return_value_passing_004_F.py", "scene": "返回值传递->多层函数嵌套传递" + }, + { + "compose": "return_value_passing_005_T.py && !return_value_passing_006_F.py", + "scene": "返回值传递->迭代器" + }, + { + "compose": "return_value_passing_007_T.py && !return_value_passing_008_F.py", + "scene": "返回值传递->多返回值解包" } ] } diff --git a/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_005_T.py b/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_005_T.py new file mode 100644 index 00000000..e4d7aa9f --- /dev/null +++ b/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_005_T.py @@ -0,0 +1,25 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->上下文敏感分析->参数/返回值传递 +# scene introduction = 返回值传递->迭代器返回值传递 +# level = 2 +# bind_url = accuracy/context_sensitive/argument_return_value_passing/return_value_passing_005_T +# evaluation information end +import os + +def return_value_passing_005_T(taint_src): + def create_iterator(): + # 创建包含污染值的迭代器 + return iter([taint_src, 'safe_value', 'another_value']) + + iterator = create_iterator() # 返回迭代器对象 + first_item = next(iterator) # 获取迭代器的第一个元素 + taint_sink(first_item) # 传递污染值 + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + return_value_passing_005_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_006_F.py b/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_006_F.py new file mode 100644 index 00000000..a61de824 --- /dev/null +++ b/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_006_F.py @@ -0,0 +1,25 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->上下文敏感分析->参数/返回值传递 +# scene introduction = 返回值传递->迭代器返回值传递 +# level = 2 +# bind_url = accuracy/context_sensitive/argument_return_value_passing/return_value_passing_006_F +# evaluation information end +import os + +def return_value_passing_006_F(taint_src): + def create_iterator(): + # 创建只包含安全值的迭代器 + return iter(['safe_value', 'another_value', 'third_value']) + + iterator = create_iterator() # 返回迭代器对象 + first_item = next(iterator) # 获取迭代器的第一个元素 + taint_sink(first_item) # 传递安全值 + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + return_value_passing_006_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_007_T.py b/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_007_T.py new file mode 100644 index 00000000..3bb2e89f --- /dev/null +++ b/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_007_T.py @@ -0,0 +1,25 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->上下文敏感分析->参数/返回值传递 +# scene introduction = 返回值传递->多返回值解包传递 +# level = 2 +# bind_url = accuracy/context_sensitive/argument_return_value_passing/return_value_passing_007_T +# evaluation information end +import os + +def return_value_passing_007_T(taint_src): + def get_multiple_values(): + # 函数返回多个值,其中包含污点数据 + return taint_src, 'safe_value', 'another_safe' + + # 多返回值解包,第一个值是污点 + tainted_value, safe_value1, safe_value2 = get_multiple_values() + taint_sink(tainted_value) # 传递污点值 + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + return_value_passing_007_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_008_F.py b/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_008_F.py new file mode 100644 index 00000000..8cfb06a9 --- /dev/null +++ b/sast-python3/case/accuracy/context_sensitive/argument_return_value_passing/return_value_passing_008_F.py @@ -0,0 +1,25 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->上下文敏感分析->参数/返回值传递 +# scene introduction = 返回值传递->多返回值解包传递 +# level = 2 +# bind_url = accuracy/context_sensitive/argument_return_value_passing/return_value_passing_008_F +# evaluation information end +import os + +def return_value_passing_008_F(taint_src): + def get_multiple_values(): + # 函数返回多个值,但都不包含污点数据 + return 'safe_value1', 'safe_value2', 'safe_value3' + + # 多返回值解包,所有值都是安全的 + safe_value1, safe_value2, safe_value3 = get_multiple_values() + taint_sink(safe_value1) # 传递安全值,不应检出漏洞 + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + return_value_passing_008_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/field_sensitive/class/config.json b/sast-python3/case/accuracy/field_sensitive/class/config.json index 5492944a..8c4d0787 100644 --- a/sast-python3/case/accuracy/field_sensitive/class/config.json +++ b/sast-python3/case/accuracy/field_sensitive/class/config.json @@ -25,6 +25,10 @@ { "compose": "inheritance_001_T.py && !inheritance_002_F.py", "scene": "继承覆盖父类字段" + }, + { + "compose": "dynamic_field_001_T.py && !dynamic_field_002_F.py", + "scene": "动态参数" } ] }, diff --git a/sast-python3/case/accuracy/field_sensitive/class/dynamic_field_001_T.py b/sast-python3/case/accuracy/field_sensitive/class/dynamic_field_001_T.py new file mode 100644 index 00000000..9da0c513 --- /dev/null +++ b/sast-python3/case/accuracy/field_sensitive/class/dynamic_field_001_T.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象的不同字段 +# scene introduction = 动态参数->动态字段名 +# level = 3 +# bind_url = accuracy/field_sensitive/class/dynamic_field_001_T +# evaluation information end +import os + +def dynamic_field_001_T(taint_src): + class DynamicClass: + def __init__(self, taint_src): + # 使用setattr动态设置字段 + setattr(self, 'dynamic_field', taint_src) + self.normal_field = '_' + + obj = DynamicClass(taint_src) + # 通过动态字段名访问 + taint_sink(obj.dynamic_field) + + +def taint_sink(o): + os.system(o) + + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + dynamic_field_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/field_sensitive/class/dynamic_field_002_F.py b/sast-python3/case/accuracy/field_sensitive/class/dynamic_field_002_F.py new file mode 100644 index 00000000..c9996c9a --- /dev/null +++ b/sast-python3/case/accuracy/field_sensitive/class/dynamic_field_002_F.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象的不同字段 +# scene introduction = 动态参数->动态字段名 +# level = 3 +# bind_url = accuracy/field_sensitive/class/dynamic_field_002_F +# evaluation information end +import os + +def dynamic_field_002_F(taint_src): + class DynamicClass: + def __init__(self, taint_src): + # 使用setattr动态设置字段为安全值 + setattr(self, 'dynamic_field', '_') + self.tainted_field = taint_src + + obj = DynamicClass(taint_src) + # 访问的是安全的动态字段,而非污染的字段 + taint_sink(obj.dynamic_field) # 传递安全值,不应检出漏洞 + + +def taint_sink(o): + os.system(o) + + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + dynamic_field_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/field_sensitive/class/field_len_006_F.py b/sast-python3/case/accuracy/field_sensitive/class/field_len_006_F.py index 2b6b8be2..3bdf56d8 100644 --- a/sast-python3/case/accuracy/field_sensitive/class/field_len_006_F.py +++ b/sast-python3/case/accuracy/field_sensitive/class/field_len_006_F.py @@ -4,7 +4,7 @@ # evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象的不同字段 # scene introduction = 路径长度 # level = 3+ -# bind_url = accuracy/field_sensitive/class/field_len_006_T +# bind_url = accuracy/field_sensitive/class/field_len_006_F # evaluation information end import os diff --git a/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/config.json b/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/config.json index be1d8beb..0046a8f2 100644 --- a/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/config.json +++ b/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/config.json @@ -17,6 +17,14 @@ { "compose": "map_mc_001_T.py && !map_mc_002_F.py", "scene": "字典键路径->嵌套" + }, + { + "compose": "list_slice_001_T.py && !list_slice_002_F.py", + "scene": "字典键路径->切片后访问" + }, + { + "compose": "map_mc_005_T.py && !map_mc_006_F.py", + "scene": "字典键路径->get方法链" } ] }, diff --git a/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/list_slice_001_T.py b/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/list_slice_001_T.py new file mode 100644 index 00000000..8a9029d2 --- /dev/null +++ b/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/list_slice_001_T.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->对象敏感与域敏感分析->区分多维字典/列表/数组的不同元素 +# scene introduction = 列表索引->切片后访问 +# level = 4 +# bind_url = accuracy/field_sensitive/multidimensional_collection/list_slice_001_T +# evaluation information end +import os + + +def list_slice_001_T(taint_src): + # 二维列表结构 + arr = [[taint_src, "safe"], ["safe", "safe"]] + # 使用切片后访问:先切片再索引访问 + result = arr[0:1][0][0] # 切片[0:1]得到[[taint_src, "safe"]],然后[0][0]访问taint_src + taint_sink(result) + + +def taint_sink(o): + os.system(o) + + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + list_slice_001_T(taint_src) diff --git a/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/list_slice_002_F.py b/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/list_slice_002_F.py new file mode 100644 index 00000000..0763c7ed --- /dev/null +++ b/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/list_slice_002_F.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->对象敏感与域敏感分析->区分多维字典/列表/数组的不同元素 +# scene introduction = 列表索引->切片后访问 +# level = 4 +# bind_url = accuracy/field_sensitive/multidimensional_collection/list_slice_002_F +# evaluation information end +import os + + +def list_slice_002_F(taint_src): + # 二维列表结构 + arr = [[taint_src, "safe"], ["safe", "safe"]] + # 使用切片后访问安全元素:不同切片位置的安全数据 + result = arr[1:2][0][0] # 切片[1:2]得到[["safe", "safe"]],然后[0][0]访问safe + taint_sink(result) + + +def taint_sink(o): + os.system(o) + + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + list_slice_002_F(taint_src) diff --git a/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/map_mc_005_T.py b/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/map_mc_005_T.py new file mode 100644 index 00000000..6ea92f47 --- /dev/null +++ b/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/map_mc_005_T.py @@ -0,0 +1,26 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->对象敏感与域敏感分析->区分多维字典/列表/数组的不同元素 +# scene introduction = 字典键路径->get方法链 +# level = 4 +# bind_url = accuracy/field_sensitive/multidimensional_collection/map_mc_005_T +# evaluation information end +import os + + +def map_mc_005_T(taint_src): + d = {"a": {"b": {"c": taint_src}}, "x": {"y": {"z": "safe"}}} + # 使用get方法链式访问嵌套字典 + result = d.get("a", {}).get("b", {}).get("c") + taint_sink(result) # 应该检测到污染 + + +def taint_sink(o): + os.system(o) + + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + map_mc_005_T(taint_src) diff --git a/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/map_mc_006_F.py b/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/map_mc_006_F.py new file mode 100644 index 00000000..a762f536 --- /dev/null +++ b/sast-python3/case/accuracy/field_sensitive/multidimensional_collection/map_mc_006_F.py @@ -0,0 +1,26 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->对象敏感与域敏感分析->区分多维字典/列表/数组的不同元素 +# scene introduction = 字典键路径->get方法链 +# level = 4 +# bind_url = accuracy/field_sensitive/multidimensional_collection/map_mc_006_F +# evaluation information end +import os + + +def map_mc_006_F(taint_src): + d = {"a": {"b": {"c": taint_src}}, "x": {"y": {"z": "safe"}}} + # 使用get方法链式访问安全路径 + result = d.get("x", {}).get("y", {}).get("z") + taint_sink(result) # 不应该检测到污染 + + +def taint_sink(o): + os.system(o) + + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + map_mc_006_F(taint_src) diff --git a/sast-python3/case/accuracy/flow_sensitive/asynchronous/async_concurrent_001_T.py b/sast-python3/case/accuracy/flow_sensitive/asynchronous/async_concurrent_001_T.py new file mode 100644 index 00000000..f7fe0023 --- /dev/null +++ b/sast-python3/case/accuracy/flow_sensitive/asynchronous/async_concurrent_001_T.py @@ -0,0 +1,45 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->流敏感分析->异步执行 +# scene introduction = 异步执行->并发执行 +# level = 4 +# bind_url = accuracy/flow_sensitive/asynchronous/async_concurrent_001_T +# evaluation information end +import os +import asyncio + + +async def async_concurrent_001_T(taint_src): + # 使用asyncio.gather并发执行多个异步函数 + results = await asyncio.gather( + async_func1(taint_src), # 污染函数 - 直接返回污点数据 + async_func2("safe"), # 安全函数 + ) + + # 从并发结果中访问污染数据 + taint_sink(results[0]) # results[0] 包含污染数据 + + +async def async_func1(data): + await asyncio.sleep(0.01) + # 直接返回污点数据,确保污点传播清晰可见 + return data + + +async def async_func2(data): + await asyncio.sleep(0.01) + return data + + +def taint_sink(o): + os.system(o) + + +async def main(taint_src): + await async_concurrent_001_T(taint_src) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + asyncio.run(main(taint_src)) diff --git a/sast-python3/case/accuracy/flow_sensitive/asynchronous/async_concurrent_002_F.py b/sast-python3/case/accuracy/flow_sensitive/asynchronous/async_concurrent_002_F.py new file mode 100644 index 00000000..dc3d7a48 --- /dev/null +++ b/sast-python3/case/accuracy/flow_sensitive/asynchronous/async_concurrent_002_F.py @@ -0,0 +1,44 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->流敏感分析->异步执行 +# scene introduction = 异步执行->并发执行 +# level = 4 +# bind_url = accuracy/flow_sensitive/asynchronous/async_concurrent_002_F +# evaluation information end +import os +import asyncio + + +async def async_concurrent_002_F(taint_src): + # 使用asyncio.gather并发执行多个异步函数 + results = await asyncio.gather( + async_func1(taint_src), # 污染函数 + async_func2("safe"), # 安全函数 + ) + + # 从并发结果中访问安全数据 + taint_sink(results[1]) # results[1] 是安全数据,不应检测到污染 + + +async def async_func1(data): + await asyncio.sleep(0.01) + return data + + +async def async_func2(data): + await asyncio.sleep(0.01) + return data + + +def taint_sink(o): + os.system(o) + + +async def main(taint_src): + await async_concurrent_002_F(taint_src) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + asyncio.run(main(taint_src)) diff --git a/sast-python3/case/accuracy/flow_sensitive/asynchronous/async_generator_001_T.py b/sast-python3/case/accuracy/flow_sensitive/asynchronous/async_generator_001_T.py new file mode 100644 index 00000000..fcebb3b9 --- /dev/null +++ b/sast-python3/case/accuracy/flow_sensitive/asynchronous/async_generator_001_T.py @@ -0,0 +1,37 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->流敏感分析->异步执行 +# scene introduction = 异步执行->生成器 +# level = 4 +# bind_url = accuracy/flow_sensitive/asynchronous/async_generator_001_T +# evaluation information end +import os +import asyncio + + +async def async_generator_001_T(taint_src): + # 异步生成器函数 - 直接yield污染数据 + async def generate_data(): + yield taint_src # 直接yield污染数据 + return # 确保生成器结束,避免StopAsyncIteration + + # 获取异步生成器对象 + gen = generate_data() + + # 直接await获取第一个yield的值(最纯粹的异步生成器测试) + first_item = await gen.__anext__() + taint_sink(first_item) # 直接处理生成器yield的数据 + + +def taint_sink(o): + os.system(o) + + +async def main(taint_src): + await async_generator_001_T(taint_src) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + asyncio.run(main(taint_src)) diff --git a/sast-python3/case/accuracy/flow_sensitive/asynchronous/async_generator_002_F.py b/sast-python3/case/accuracy/flow_sensitive/asynchronous/async_generator_002_F.py new file mode 100644 index 00000000..e4d9a845 --- /dev/null +++ b/sast-python3/case/accuracy/flow_sensitive/asynchronous/async_generator_002_F.py @@ -0,0 +1,37 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->流敏感分析->异步执行 +# scene introduction = 异步执行->生成器 +# level = 4 +# bind_url = accuracy/flow_sensitive/asynchronous/async_generator_002_F +# evaluation information end +import os +import asyncio + + +async def async_generator_002_F(taint_src): + # 异步生成器函数 - 直接yield安全数据 + async def generate_data(): + yield "safe_data" # 直接yield安全数据 + return # 确保生成器结束,避免StopAsyncIteration + + # 获取异步生成器对象 + gen = generate_data() + + # 直接await获取第一个yield的值(最纯粹的异步生成器测试) + first_item = await gen.__anext__() + taint_sink(first_item) # 直接处理生成器yield的安全数据 + + +def taint_sink(o): + os.system(o) + + +async def main(taint_src): + await async_generator_002_F(taint_src) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + asyncio.run(main(taint_src)) diff --git a/sast-python3/case/accuracy/flow_sensitive/asynchronous/config.json b/sast-python3/case/accuracy/flow_sensitive/asynchronous/config.json index d6b49b53..9c6e3b81 100644 --- a/sast-python3/case/accuracy/flow_sensitive/asynchronous/config.json +++ b/sast-python3/case/accuracy/flow_sensitive/asynchronous/config.json @@ -13,6 +13,14 @@ { "compose": "asynchronous_chain_001_T.py && !asynchronous_chain_002_F.py", "scene": "异步函数链" + }, + { + "compose": "async_concurrent_001_T.py && !async_concurrent_002_F.py", + "scene": "异步执行->并发执行" + }, + { + "compose": "async_generator_001_T.py && !async_generator_002_F.py", + "scene": "异步执行->生成器" } ] } diff --git a/sast-python3/case/accuracy/flow_sensitive/loop_stmt/config.json b/sast-python3/case/accuracy/flow_sensitive/loop_stmt/config.json index 15b2e08b..432a2b11 100644 --- a/sast-python3/case/accuracy/flow_sensitive/loop_stmt/config.json +++ b/sast-python3/case/accuracy/flow_sensitive/loop_stmt/config.json @@ -13,6 +13,14 @@ { "compose": "for_zip_001_T.py && !for_zip_002_F.py", "scene": "for_zip" + }, + { + "compose": "nested_loop_for_in_001_T.py && !nested_loop_for_in_002_F.py", + "scene": " 循环语句->嵌套循环" + }, + { + "compose": "while_loop_001_T.py && !while_loop_002_F.py", + "scene": "循环语句->while循环" } ] } diff --git a/sast-python3/case/accuracy/flow_sensitive/loop_stmt/nested_loop_for_in_001_T.py b/sast-python3/case/accuracy/flow_sensitive/loop_stmt/nested_loop_for_in_001_T.py new file mode 100644 index 00000000..bb0663a5 --- /dev/null +++ b/sast-python3/case/accuracy/flow_sensitive/loop_stmt/nested_loop_for_in_001_T.py @@ -0,0 +1,25 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->流敏感分析->循环语句 +# scene introduction = 循环语句->嵌套循环 +# level = 2+ +# bind_url = accuracy/flow_sensitive/loop_stmt/nested_loop_for_in_001_T +# evaluation information end +import os + + +def nested_loop_for_in_001_T(taint_src): + # 嵌套循环中的污点传播 + for outer in [taint_src]: + for inner in ["safe"]: + taint_sink(outer) # 外层循环变量(污染数据) + + +def taint_sink(o): + os.system(o) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + nested_loop_for_in_001_T(taint_src) diff --git a/sast-python3/case/accuracy/flow_sensitive/loop_stmt/nested_loop_for_in_002_F.py b/sast-python3/case/accuracy/flow_sensitive/loop_stmt/nested_loop_for_in_002_F.py new file mode 100644 index 00000000..57891212 --- /dev/null +++ b/sast-python3/case/accuracy/flow_sensitive/loop_stmt/nested_loop_for_in_002_F.py @@ -0,0 +1,25 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->流敏感分析->循环语句 +# scene introduction = 循环语句->嵌套循环 +# level = 2+ +# bind_url = accuracy/flow_sensitive/loop_stmt/nested_loop_for_in_002_F +# evaluation information end +import os + + +def nested_loop_for_in_002_F(taint_src): + # 嵌套循环中的安全数据处理 + for outer in [taint_src]: + for inner in ["safe"]: + taint_sink(inner) # 内层循环变量(安全数据) + + +def taint_sink(o): + os.system(o) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + nested_loop_for_in_002_F(taint_src) diff --git a/sast-python3/case/accuracy/flow_sensitive/loop_stmt/while_loop_001_T.py b/sast-python3/case/accuracy/flow_sensitive/loop_stmt/while_loop_001_T.py new file mode 100644 index 00000000..c0819c36 --- /dev/null +++ b/sast-python3/case/accuracy/flow_sensitive/loop_stmt/while_loop_001_T.py @@ -0,0 +1,26 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->流敏感分析->循环语句 +# scene introduction = 循环语句->while循环 +# level = 2+ +# bind_url = accuracy/flow_sensitive/loop_stmt/while_loop_001_T +# evaluation information end +import os + + +def while_loop_001_T(taint_src): + # while循环中的污点传播 + i = 0 + while i < 1: + taint_sink(taint_src) # 循环体内的污点 + i += 1 + + +def taint_sink(o): + os.system(o) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + while_loop_001_T(taint_src) diff --git a/sast-python3/case/accuracy/flow_sensitive/loop_stmt/while_loop_002_F.py b/sast-python3/case/accuracy/flow_sensitive/loop_stmt/while_loop_002_F.py new file mode 100644 index 00000000..7c8fc682 --- /dev/null +++ b/sast-python3/case/accuracy/flow_sensitive/loop_stmt/while_loop_002_F.py @@ -0,0 +1,26 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->流敏感分析->循环语句 +# scene introduction = 循环语句->while循环 +# level = 2+ +# bind_url = accuracy/flow_sensitive/loop_stmt/while_loop_002_F +# evaluation information end +import os + + +def while_loop_002_F(taint_src): + # while循环中的安全数据处理 + i = 0 + while i < 1: + taint_sink("safe_data") # 循环体内的安全数据 + i += 1 + + +def taint_sink(o): + os.system(o) + + +if __name__ == "__main__": + taint_src = "taint_src_value" + while_loop_002_F(taint_src) diff --git a/sast-python3/case/accuracy/object_sensitive/class/config.json b/sast-python3/case/accuracy/object_sensitive/class/config.json index ea509a89..edce7d08 100644 --- a/sast-python3/case/accuracy/object_sensitive/class/config.json +++ b/sast-python3/case/accuracy/object_sensitive/class/config.json @@ -13,10 +13,14 @@ { "compose": "constructor_object_sensitive_003_T.py && !constructor_object_sensitive_004_F.py", "scene": "接口/类->继承对象" + }, + { + "compose": "dynamic_attribute_object_sensitive_001_T.py && !dynamic_attribute_object_sensitive_002_F.py", + "scene": "接口/类->动态属性对象" } ] } ] } ] -} \ No newline at end of file +} diff --git a/sast-python3/case/accuracy/object_sensitive/class/constructor_object_sensitive_005_T.py b/sast-python3/case/accuracy/object_sensitive/class/constructor_object_sensitive_005_T.py new file mode 100644 index 00000000..302991cd --- /dev/null +++ b/sast-python3/case/accuracy/object_sensitive/class/constructor_object_sensitive_005_T.py @@ -0,0 +1,28 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象 +# scene introduction = 接口/类->类定义位置 +# level = 2 +# bind_url = accuracy/object_sensitive/class/constructor_object_sensitive_005_T +# evaluation information end +import os + +class A: + def __init__(self): + self.data = taint_src + +def constructor_object_sensitive_005_T(taint_src): + + obj = A() + taint_sink(obj.data) + + +def taint_sink(o): + os.system(o) + + +if __name__ == '__main__': + taint_src = "taint_src_value" + constructor_object_sensitive_005_T(taint_src) + diff --git a/sast-python3/case/accuracy/object_sensitive/class/constructor_object_sensitive_006_F.py b/sast-python3/case/accuracy/object_sensitive/class/constructor_object_sensitive_006_F.py new file mode 100644 index 00000000..3a005198 --- /dev/null +++ b/sast-python3/case/accuracy/object_sensitive/class/constructor_object_sensitive_006_F.py @@ -0,0 +1,28 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象 +# scene introduction = 接口/类->类定义位置 +# level = 2 +# bind_url = accuracy/object_sensitive/class/constructor_object_sensitive_006_F +# evaluation information end +import os + +class A: + def __init__(self): + self.data = '_' + +def constructor_object_sensitive_006_F(taint_src): + + obj = A() + taint_sink(obj.data) + + +def taint_sink(o): + os.system(o) + + +if __name__ == '__main__': + taint_src = "taint_src_value" + constructor_object_sensitive_006_F(taint_src) + diff --git a/sast-python3/case/accuracy/object_sensitive/class/dynamic_attribute_object_sensitive_001_T.py b/sast-python3/case/accuracy/object_sensitive/class/dynamic_attribute_object_sensitive_001_T.py new file mode 100644 index 00000000..9b2aa320 --- /dev/null +++ b/sast-python3/case/accuracy/object_sensitive/class/dynamic_attribute_object_sensitive_001_T.py @@ -0,0 +1,34 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象 +# scene introduction = 接口/类->动态属性对象 +# level = 2 +# bind_url = accuracy/object_sensitive/class/dynamic_attribute_object_sensitive_001_T +# evaluation information end +# 区分"动态属性对象",动态属性赋值 +import os + + +def dynamic_attribute_object_sensitive_001_T(taint_src): + class DynamicObject: + def __init__(self, name): + self.name = name # 只初始化基础属性 + + # 创建对象并动态添加污染属性 + obj = DynamicObject("test_obj") + obj.dynamic_data = taint_src # 动态添加污染属性 + + # 直接传递对象给sink + taint_sink(obj) + + +def taint_sink(o): + # 在sink函数内部访问动态属性 + os.system(o.dynamic_data) + + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + dynamic_attribute_object_sensitive_001_T(taint_src) diff --git a/sast-python3/case/accuracy/object_sensitive/class/dynamic_attribute_object_sensitive_002_F.py b/sast-python3/case/accuracy/object_sensitive/class/dynamic_attribute_object_sensitive_002_F.py new file mode 100644 index 00000000..c0e4c148 --- /dev/null +++ b/sast-python3/case/accuracy/object_sensitive/class/dynamic_attribute_object_sensitive_002_F.py @@ -0,0 +1,34 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->对象敏感与域敏感分析->区分不同类对象 +# scene introduction = 接口/类->动态属性对象 +# level = 2 +# bind_url = accuracy/object_sensitive/class/dynamic_attribute_object_sensitive_002_F +# evaluation information end +# 区分"动态属性对象",动态属性赋值 +import os + + +def dynamic_attribute_object_sensitive_002_F(taint_src): + class DynamicObject: + def __init__(self, name): + self.name = name # 只初始化基础属性 + + # 创建对象并动态添加安全属性 + obj = DynamicObject("test_obj") + obj.dynamic_data = "_" # 动态添加安全属性 + + # 直接传递对象给sink + taint_sink(obj) + + +def taint_sink(o): + # 在sink函数内部访问动态属性 + os.system(o.dynamic_data) + + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + dynamic_attribute_object_sensitive_002_F(taint_src) diff --git a/sast-python3/case/accuracy/path_sensitive/exception_throw/config.json b/sast-python3/case/accuracy/path_sensitive/exception_throw/config.json index 56cb8880..6e594420 100644 --- a/sast-python3/case/accuracy/path_sensitive/exception_throw/config.json +++ b/sast-python3/case/accuracy/path_sensitive/exception_throw/config.json @@ -9,6 +9,22 @@ { "compose": "exception_throw_001_T.py && !exception_throw_002_F.py && exception_throw_003_T.py", "scene": "1" + }, + { + "compose": "exception_finally_throw_001_T.py && !exception_finally_throw_002_F.py", + "scene": "异常抛出-finally块执行" + }, + { + "compose": "exception_multiple_except_001_T.py && !exception_multiple_except_002_F.py", + "scene": "异常抛出-多个except分支" + }, + { + "compose": "exception_else_001_T.py && !exception_else_002_F.py", + "scene": "异常抛出-else块执行" + }, + { + "compose": "exception_args_001_T.py && !exception_args_002_F.py", + "scene": "异常抛出-多参数异常对象" } ] } diff --git a/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_args_001_T.py b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_args_001_T.py new file mode 100644 index 00000000..62eeb4d3 --- /dev/null +++ b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_args_001_T.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->路径敏感分析->异常抛出和捕获 +# scene introduction = 异常抛出-多参数异常对象 +# level = 3 +# bind_url = accuracy/path_sensitive/exception_throw/exception_args_001_T +# evaluation information end +import os + +def exception_args_001_T(taint_src): + try: + # 创建多参数异常,第二个参数是污点 + raise Exception("Error message", taint_src, "_") + except Exception as e: + # 获取异常的所有参数 + args = e.args + # args[1] 是污点数据 + taint_sink(args[1]) # 应该检出 - 异常参数中的污点数据 + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + exception_args_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_args_002_F.py b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_args_002_F.py new file mode 100644 index 00000000..dd538e00 --- /dev/null +++ b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_args_002_F.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->路径敏感分析->异常抛出和捕获 +# scene introduction = 异常抛出-多参数异常对象 +# level = 3 +# bind_url = accuracy/path_sensitive/exception_throw/exception_args_002_F +# evaluation information end +import os + +def exception_args_002_F(taint_src): + try: + # 创建多参数异常,但污点数据不在被访问的位置 + raise Exception("Error message", "_", taint_src) + except Exception as e: + # 获取异常的所有参数 + args = e.args + # args[1] 是安全数据,args[2] 是污点但不被访问 + taint_sink(args[1]) # 不应检出 - 访问的是安全参数 + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + exception_args_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_else_001_T.py b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_else_001_T.py new file mode 100644 index 00000000..de50da55 --- /dev/null +++ b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_else_001_T.py @@ -0,0 +1,28 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->路径敏感分析->异常抛出和捕获 +# scene introduction = 异常抛出-else块执行 +# level = 3 +# bind_url = accuracy/path_sensitive/exception_throw/exception_else_001_T +# evaluation information end +import os + +def exception_else_001_T(taint_src): + try: + # 正常执行,不抛出异常 + normal_data = "_" + except Exception as e: + # 不会执行到except块 + pass + else: + # 无异常时执行else块 + taint_sink(taint_src) # 应该检出 - else块中的污点传递 + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + exception_else_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_else_002_F.py b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_else_002_F.py new file mode 100644 index 00000000..a3b4edea --- /dev/null +++ b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_else_002_F.py @@ -0,0 +1,29 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->路径敏感分析->异常抛出和捕获 +# scene introduction = 异常抛出-else块执行 +# level = 3 +# bind_url = accuracy/path_sensitive/exception_throw/exception_else_002_F +# evaluation information end +import os + +def exception_else_002_F(taint_src): + try: + # 正常执行,不抛出异常 + normal_data = "_" + except Exception as e: + # 不会执行到except块 + pass + else: + # 无异常时执行else块,但传递安全数据 + safe_data = "_" + taint_sink(safe_data) # 不应检出 - else块中传递安全数据 + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + exception_else_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_finally_throw_001_T.py b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_finally_throw_001_T.py new file mode 100644 index 00000000..56a28008 --- /dev/null +++ b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_finally_throw_001_T.py @@ -0,0 +1,28 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->路径敏感分析->异常抛出和捕获 +# scene introduction = 异常抛出-finally块执行 +# level = 3 +# bind_url = accuracy/path_sensitive/exception_throw/exception_finally_throw_001_T +# evaluation information end +import os + +def exception_finally_throw_001_T(taint_src): + try: + # try块正常执行,无异常抛出 + pass + except Exception as e: + # 不会执行到except块 + pass + finally: + # finally块总会执行,处理污点数据 + taint_sink(taint_src) # 应该检出 - finally块中的污点传递 + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + exception_finally_throw_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_finally_throw_002_F.py b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_finally_throw_002_F.py new file mode 100644 index 00000000..00913fc7 --- /dev/null +++ b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_finally_throw_002_F.py @@ -0,0 +1,29 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->路径敏感分析->异常抛出和捕获 +# scene introduction = 异常抛出-finally块执行 +# level = 3 +# bind_url = accuracy/path_sensitive/exception_throw/exception_finally_throw_002_F +# evaluation information end +import os + +def exception_finally_throw_002_F(taint_src): + try: + # try块正常执行,无异常抛出 + pass + except Exception as e: + # 不会执行到except块 + pass + finally: + # finally块总会执行,但传递安全数据 + safe_data = "_" + taint_sink(safe_data) # 不应检出 - finally块中传递安全数据 + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + exception_finally_throw_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_multiple_except_001_T.py b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_multiple_except_001_T.py new file mode 100644 index 00000000..d29158bb --- /dev/null +++ b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_multiple_except_001_T.py @@ -0,0 +1,31 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->路径敏感分析->异常抛出和捕获 +# scene introduction = 异常抛出-多个except分支 +# level = 3 +# bind_url = accuracy/path_sensitive/exception_throw/exception_multiple_except_001_T +# evaluation information end +import os + +def exception_multiple_except_001_T(taint_src): + try: + # 抛出ValueError异常 + raise ValueError(taint_src) + except ValueError as e: + # 匹配到ValueError,执行这个分支 + taint_sink(taint_src) # 应该检出 - 同一分支传递污点数据 + except TypeError as e: + # 不会执行到这个分支 + pass + except Exception as e: + # 不会执行到这个分支(ValueError已匹配) + pass + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + exception_multiple_except_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_multiple_except_002_F.py b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_multiple_except_002_F.py new file mode 100644 index 00000000..9435f323 --- /dev/null +++ b/sast-python3/case/accuracy/path_sensitive/exception_throw/exception_multiple_except_002_F.py @@ -0,0 +1,32 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->路径敏感分析->异常抛出和捕获 +# scene introduction = 异常抛出-多个except分支 +# level = 3 +# bind_url = accuracy/path_sensitive/exception_throw/exception_multiple_except_002_F +# evaluation information end +import os + +def exception_multiple_except_002_F(taint_src): + try: + # 抛出ValueError异常 + raise ValueError(taint_src) + except ValueError as e: + # 匹配到ValueError,执行这个分支(与正例相同路径) + safe_data = "_" + taint_sink(safe_data) # 不应检出 - 同一分支传递安全数据 + except TypeError as e: + # 不会执行到这个分支 + pass + except Exception as e: + # 不会执行到这个分支(ValueError已匹配) + pass + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + exception_multiple_except_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/break_004_F.py b/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/break_004_F.py index b0120aa3..36951e45 100644 --- a/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/break_004_F.py +++ b/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/break_004_F.py @@ -4,7 +4,7 @@ # evaluation item = 准确度->路径敏感分析->跳转语句 # scene introduction = break-嵌套循环 # level = 4+ -# bind_url = accuracy/path_sensitive/explicit_jump_control/break_003_F +# bind_url = accuracy/path_sensitive/explicit_jump_control/break_004_F # evaluation information end import os diff --git a/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/config.json b/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/config.json index 18fd4082..1bf785ad 100644 --- a/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/config.json +++ b/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/config.json @@ -18,6 +18,10 @@ "compose": "continue_001_T.py && !continue_002_F.py", "scene": "continue" }, + { + "compose": "continue_nested_001_T.py && !continue_nested_002_F.py", + "scene": "continue-嵌套循环" + }, { "compose": "return_001_T.py && !return_002_F.py", "scene": "return" diff --git a/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/continue_nested_001_T.py b/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/continue_nested_001_T.py new file mode 100644 index 00000000..5a2a0ef3 --- /dev/null +++ b/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/continue_nested_001_T.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 准确度->路径敏感分析->跳转语句 +# scene introduction = continue-嵌套循环 +# level = 4+ +# bind_url = accuracy/path_sensitive/explicit_jump_control/continue_nested_001_T +# evaluation information end +import os + +def continue_nested_001_T(taint_src): + res = "" + for i in range(3): + for j in range(3): + if i == 1 and j == 0: + res = taint_src + continue # 跳过内层循环本次迭代,但内层循环继续 + # continue跳过后,i=1, j>0时执行这里 + taint_sink(res) # 应该检出 - i=1, j>0时res有污点 + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + continue_nested_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/continue_nested_002_F.py b/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/continue_nested_002_F.py new file mode 100644 index 00000000..5f99d2e9 --- /dev/null +++ b/sast-python3/case/accuracy/path_sensitive/explicit_jump_control/continue_nested_002_F.py @@ -0,0 +1,28 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 准确度->路径敏感分析->跳转语句 +# scene introduction = continue-嵌套循环 +# level = 4+ +# bind_url = accuracy/path_sensitive/explicit_jump_control/continue_nested_002_F +# evaluation information end +import os + +def continue_nested_002_F(taint_src): + res = "" + for i in range(3): + for j in range(3): + if i == 1 and j == 0: + res = taint_src # 设置污点数据 + continue # 跳过内层循环本次迭代 + # continue跳过后执行这里,但传递安全数据 + safe_data = "safe_value" + taint_sink(safe_data) # 不应检出 - 传递安全数据 + +def taint_sink(o): + os.system(o) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + continue_nested_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/other/ellipsis/ellipsis_002_F.py b/sast-python3/case/completeness/other/ellipsis/ellipsis_002_F.py index 44b50a8b..c7348e42 100644 --- a/sast-python3/case/completeness/other/ellipsis/ellipsis_002_F.py +++ b/sast-python3/case/completeness/other/ellipsis/ellipsis_002_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->其他->ellipsis # scene introduction = 占位符 # level = 2+ diff --git a/sast-python3/case/completeness/other/ellipsis/ellipsis_004_F.py b/sast-python3/case/completeness/other/ellipsis/ellipsis_004_F.py index f8266341..806b1236 100644 --- a/sast-python3/case/completeness/other/ellipsis/ellipsis_004_F.py +++ b/sast-python3/case/completeness/other/ellipsis/ellipsis_004_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->其他->ellipsis # scene introduction = 切片占位 # level = 2+ diff --git a/sast-python3/case/completeness/single_app_tracing/alias/alias_001_T.py b/sast-python3/case/completeness/single_app_tracing/alias/alias_001_T.py index 980808e2..722bc6c7 100644 --- a/sast-python3/case/completeness/single_app_tracing/alias/alias_001_T.py +++ b/sast-python3/case/completeness/single_app_tracing/alias/alias_001_T.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = false +# real case = true # evaluation item = 完整度->单应用跟踪完整度->别名 # scene introduction = 别名问题 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/alias/alias_006_F.py b/sast-python3/case/completeness/single_app_tracing/alias/alias_006_F.py index 5c303f7f..d5dd07e8 100644 --- a/sast-python3/case/completeness/single_app_tracing/alias/alias_006_F.py +++ b/sast-python3/case/completeness/single_app_tracing/alias/alias_006_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->别名 # scene introduction = 列表元素别名 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/class/complex_object/config.json b/sast-python3/case/completeness/single_app_tracing/class/complex_object/config.json index 9a023627..e840f3cd 100644 --- a/sast-python3/case/completeness/single_app_tracing/class/complex_object/config.json +++ b/sast-python3/case/completeness/single_app_tracing/class/complex_object/config.json @@ -34,6 +34,18 @@ { "compose": "inject_data_new_005_T.py && !inject_data_new_006_F.py", "scene": "运行时动态创建实例" + }, + { + "compose": "multi_level_inheritance_001_T.py && !multi_level_inheritance_002_F.py", + "scene": "多级继承" + }, + { + "compose": "multiple_inheritance_001_T.py && !multiple_inheritance_002_F.py", + "scene": "多重继承" + }, + { + "compose": "no_init_child_class_001_T.py && !no_init_child_class_002_F.py", + "scene": "父类init函数自动调用" } ] } diff --git a/sast-python3/case/completeness/single_app_tracing/class/complex_object/multi_level_inheritance_001_T.py b/sast-python3/case/completeness/single_app_tracing/class/complex_object/multi_level_inheritance_001_T.py new file mode 100644 index 00000000..3b2019c9 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/class/complex_object/multi_level_inheritance_001_T.py @@ -0,0 +1,39 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +# scene introduction = 多级继承 +# level = 2+ +# bind_url = completeness/single_app_tracing/class/complex_object/multi_level_inheritance_001_T +# evaluation information end + +import os + +def multi_level_inheritance_001_T(taint_src): + class C: + def __init__(self, data): + self.data_c = data # 最底层存储数据 + + class B(C): + def __init__(self, data): + super().__init__(data) # 调用C的构造函数 + self.data_b = "_B" # 添加B自己的数据 + + class A(B): + def __init__(self, data): + super().__init__(data) # 调用B的构造函数 → 调用C的构造函数 + self.data_a = "_A" # 添加A自己的数据 + + def get_combined_data(self): + return self.data_c + self.data_b + self.data_a + + obj = A(taint_src) # 污染数据进入继承链 + taint_sink(obj.get_combined_data()) + + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + multi_level_inheritance_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/class/complex_object/multi_level_inheritance_002_F.py b/sast-python3/case/completeness/single_app_tracing/class/complex_object/multi_level_inheritance_002_F.py new file mode 100644 index 00000000..959c4bf8 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/class/complex_object/multi_level_inheritance_002_F.py @@ -0,0 +1,39 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +# scene introduction = 多级继承 +# level = 2+ +# bind_url = completeness/single_app_tracing/class/complex_object/multi_level_inheritance_002_F +# evaluation information end + +import os + +def multi_level_inheritance_002_F(taint_src): + class C: + def __init__(self, data): + self.data_c = data # 最底层存储数据 + + class B(C): + def __init__(self, data): + super().__init__(data) # 调用C的构造函数 + self.data_b = "_B" # 添加B自己的数据 + + class A(B): + def __init__(self, data): + super().__init__(data) # 调用B的构造函数 → 调用C的构造函数 + self.data_a = "_A" # 添加A自己的数据 + + def get_combined_data(self): + return self.data_c + self.data_b + self.data_a + + obj = A("_") + taint_sink(obj.get_combined_data()) + + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + multi_level_inheritance_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/class/complex_object/multiple_inheritance_001_T.py b/sast-python3/case/completeness/single_app_tracing/class/complex_object/multiple_inheritance_001_T.py new file mode 100644 index 00000000..d148b44b --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/class/complex_object/multiple_inheritance_001_T.py @@ -0,0 +1,38 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +# scene introduction = 多重继承 +# level = 2+ +# bind_url = completeness/single_app_tracing/class/complex_object/multiple_inheritance_001_T +# evaluation information end + +import os + +def multiple_inheritance_001_T(taint_src): + class A: + def __init__(self, data): + self.data_a = data + + class B: + def __init__(self, data): + self.data_b = data + + class C(A, B): + def __init__(self, data): + A.__init__(self, data) + B.__init__(self, data) + + def get_result(self): + return self.data_a + self.data_b + + obj = C(taint_src) + taint_sink(obj.get_result()) + + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + multiple_inheritance_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/class/complex_object/multiple_inheritance_002_F.py b/sast-python3/case/completeness/single_app_tracing/class/complex_object/multiple_inheritance_002_F.py new file mode 100644 index 00000000..f89688d8 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/class/complex_object/multiple_inheritance_002_F.py @@ -0,0 +1,38 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +# scene introduction = 多重继承 +# level = 2+ +# bind_url = completeness/single_app_tracing/class/complex_object/multiple_inheritance_002_F +# evaluation information end + +import os + +def multiple_inheritance_002_F(taint_src): + class A: + def __init__(self, data): + self.data_a = data + + class B: + def __init__(self, data): + self.data_b = data + + class C(A, B): + def __init__(self, data): + A.__init__(self, data) + B.__init__(self, data) + + def get_result(self): + return self.data_a + self.data_b + + obj = C("_") + taint_sink(obj.get_result()) + + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + multiple_inheritance_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/class/complex_object/no_init_child_class_001_T.py b/sast-python3/case/completeness/single_app_tracing/class/complex_object/no_init_child_class_001_T.py new file mode 100644 index 00000000..08c5a190 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/class/complex_object/no_init_child_class_001_T.py @@ -0,0 +1,35 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +# scene introduction = 父类init函数自动调用 +# level = 2+ +# bind_url = completeness/single_app_tracing/class/complex_object/no_init_child_class_001_T +# evaluation information end + +import os + +def no_init_child_class_001_T(taint_src): + class Parent: + def __init__(self, data): + # 父类构造函数直接接收外部数据 + self.data = data + + class Child(Parent): + # 子类没有定义__init__方法,会自动调用父类的__init__ + def process_data(self): + # 子类方法处理从父类继承的污染数据 + return self.data + + # 创建子类实例时,自动调用Parent.__init__(taint_src) + obj = Child(taint_src) + + # 通过子类方法访问继承的污染属性 + taint_sink(obj.process_data()) + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + no_init_child_class_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/class/complex_object/no_init_child_class_002_F.py b/sast-python3/case/completeness/single_app_tracing/class/complex_object/no_init_child_class_002_F.py new file mode 100644 index 00000000..8e044ce5 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/class/complex_object/no_init_child_class_002_F.py @@ -0,0 +1,35 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +# scene introduction = 父类init函数自动调用 +# level = 2+ +# bind_url = completeness/single_app_tracing/class/complex_object/no_init_child_class_002_F +# evaluation information end + +import os + +def no_init_child_class_002_F(taint_src): + class Parent: + def __init__(self, data): + # 父类构造函数直接接收外部数据 + self.data = data + + class Child(Parent): + # 子类没有定义__init__方法,会自动调用父类的__init__ + def process_data(self): + # 子类方法处理从父类继承的污染数据 + return self.data + + # 创建子类实例时,自动调用Parent.__init__(taint_src) + obj = Child("_") + + # 通过子类方法访问继承的污染属性 + taint_sink(obj.process_data()) + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + no_init_child_class_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/control_flow/assert/assert_002_F.py b/sast-python3/case/completeness/single_app_tracing/control_flow/assert/assert_002_F.py index cbc5312e..49f0d25f 100644 --- a/sast-python3/case/completeness/single_app_tracing/control_flow/assert/assert_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/control_flow/assert/assert_002_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->流程控制语句->断言 # scene introduction = 验证输入值 # level = 2+ diff --git a/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_matchStar_004_F.py b/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_matchStar_004_F.py index 54a2ead6..6280e33f 100644 --- a/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_matchStar_004_F.py +++ b/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_matchStar_004_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->流程控制语句->条件语句 # scene introduction = 星号匹配->字典嵌套 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_004_F.py b/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_004_F.py index d5abbb6c..9a3dfc4a 100644 --- a/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_004_F.py +++ b/sast-python3/case/completeness/single_app_tracing/control_flow/conditional_stmt/conditional_match_004_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->流程控制语句->条件语句 # scene introduction = match_or # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/control_flow/loop_stmt/while_else_002_F.py b/sast-python3/case/completeness/single_app_tracing/control_flow/loop_stmt/while_else_002_F.py index 22e68435..1c9c7447 100644 --- a/sast-python3/case/completeness/single_app_tracing/control_flow/loop_stmt/while_else_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/control_flow/loop_stmt/while_else_002_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->流程控制语句->循环结构 # scene introduction = while_else # level = 4 diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/config.json b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/config.json index 0a31dc30..91732d2b 100644 --- a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/config.json +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/config.json @@ -25,6 +25,10 @@ { "compose": "(cross_file_009_T/cross_file_009_T_a.py || cross_file_009_T/cross_file_009_T_b.py) && !(cross_file_010_F/cross_file_010_F_a.py || cross_file_010_F/cross_file_010_F_b.py)", "scene": "同级目录相对导入" + }, + { + "compose": "(dynamic_import_001_T/dynamic_import_001_T_a.py || dynamic_import_001_T/dynamic_import_001_T_b.py) && !(dynamic_import_002_F/dynamic_import_002_F_a.py || dynamic_import_002_F/dynamic_import_002_F_b.py)", + "scene": "动态导入" } ] } diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_001_T/dynamic_import_001_T_a.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_001_T/dynamic_import_001_T_a.py new file mode 100644 index 00000000..294c933c --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_001_T/dynamic_import_001_T_a.py @@ -0,0 +1,11 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨文件 +# scene introduction = 动态导入-函数调用 +# level = 2 +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_001_T/dynamic_import_001_T_a +# evaluation information end + +def get_taint_data(taint_src): + return f"dynamic_{taint_src}" \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_001_T/dynamic_import_001_T_b.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_001_T/dynamic_import_001_T_b.py new file mode 100644 index 00000000..b66e850a --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_001_T/dynamic_import_001_T_b.py @@ -0,0 +1,29 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨文件 +# scene introduction = 动态导入-函数调用 +# level = 2 +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_001_T/dynamic_import_001_T_b +# evaluation information end + +import os + +def dynamic_import_001_T_b(taint_src): + # 动态导入模块 + module_name = "dynamic_import_001_T_a" + imported_module = __import__(module_name) + + # 调用动态导入模块中的函数 + result = imported_module.get_taint_data(taint_src) + + # 验证动态导入后的数据传递 + taint_sink(result) + +def taint_sink(o): + os.system(str(o)) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + dynamic_import_001_T_b(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_002_F/dynamic_import_002_F_a.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_002_F/dynamic_import_002_F_a.py new file mode 100644 index 00000000..d4126f82 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_002_F/dynamic_import_002_F_a.py @@ -0,0 +1,11 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨文件 +# scene introduction = 动态导入-安全数据调用 +# level = 2 +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_002_F/dynamic_import_002_F_a +# evaluation information end + +def get_safe_data(taint_src): + return "safe_data" # 返回安全数据,不是污点数据 \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_002_F/dynamic_import_002_F_b.py b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_002_F/dynamic_import_002_F_b.py new file mode 100644 index 00000000..5b68b94c --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_002_F/dynamic_import_002_F_b.py @@ -0,0 +1,29 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨文件 +# scene introduction = 动态导入-安全数据调用 +# level = 2 +# bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_file/dynamic_import_002_F/dynamic_import_002_F_b +# evaluation information end + +import os + +def dynamic_import_002_F_b(taint_src): + # 动态导入模块(与正例相同的路径) + module_name = "dynamic_import_002_F_a" + imported_module = __import__(module_name) + + # 调用动态导入模块中的函数,但获取安全数据 + result = imported_module.get_safe_data(taint_src) + + # 验证动态导入后的安全数据传递 + taint_sink(result) # 不应检出 - 传递的是安全数据 + +def taint_sink(o): + os.system(str(o)) + +# 示例调用 +if __name__ == "__main__": + taint_src = "taint_src_value" + dynamic_import_002_F_b(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/array/array_extend_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/array/array_extend_001_T.py new file mode 100644 index 00000000..1d724c2f --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/array/array_extend_001_T.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->数组 +# scene introduction = extend操作 +# level = 2+ +# bind_url = completeness/single_app_tracing/datatype/array/array_extend_001_T +# evaluation information end + +import os +import array + +def array_extend_001_T(taint_src): + # 创建初始数组 + arr = array.array('u', ['a', 'b']) + + tainted_arr = array.array('u', [taint_src[0]]) + + # 执行extend操作 + arr.extend(tainted_arr) + + # 传递给sink + taint_sink(arr) + +def taint_sink(o): + os.system(''.join(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + array_extend_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/array/array_extend_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/array/array_extend_002_F.py new file mode 100644 index 00000000..db1f941e --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/array/array_extend_002_F.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->数组 +# scene introduction = extend操作 +# level = 2+ +# bind_url = completeness/single_app_tracing/datatype/array/array_extend_002_F +# evaluation information end + +import os +import array + +def array_extend_002_F(taint_src): + # 创建初始数组 + arr = array.array('u', ['a', 'b']) + + clean_arr = array.array('u', ['x']) + + # 执行extend操作 + arr.extend(clean_arr) + + # 传递给sink + taint_sink(arr) + +def taint_sink(o): + os.system(''.join(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + array_extend_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/array/config.json b/sast-python3/case/completeness/single_app_tracing/datatype/array/config.json index b0980d40..de7db0ac 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/array/config.json +++ b/sast-python3/case/completeness/single_app_tracing/datatype/array/config.json @@ -23,6 +23,10 @@ "compose": "array_003_T.py && !array_004_F.py", "scene": "append操作" }, + { + "compose": "array_extend_001_T.py && !array_extend_002_F.py", + "scene": "extend操作" + }, { "compose": "extslice_001_T.py && !extslice_002_F.py", "scene": "多维切片" diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_extend_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_extend_001_T.py new file mode 100644 index 00000000..1723eeaf --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_extend_001_T.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->可变字节序列 +# scene introduction = bytearray扩展操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/bytearray/bytearray_extend_001_T +# evaluation information end + +import os + +def bytearray_extend_001_T(taint_src): + # 创建初始的干净bytearray + ba = bytearray("clean_data", 'utf-8') + + # 创建包含污点数据的bytes + tainted_bytes = bytearray(taint_src, 'utf-8') + + # 使用extend操作扩展污点数据 + ba.extend(tainted_bytes) + + # 将扩展后的bytearray传递给sink,期望引擎识别出污点数据 + taint_sink(ba) + +def taint_sink(o): + os.system(bytes(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + bytearray_extend_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_extend_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_extend_002_F.py new file mode 100644 index 00000000..0795b803 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_extend_002_F.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->可变字节序列 +# scene introduction = bytearray扩展操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/bytearray/bytearray_extend_002_F +# evaluation information end + +import os + +def bytearray_extend_002_F(taint_src): + # 创建初始的干净bytearray + ba = bytearray("clean_data", 'utf-8') + + # 创建干净的bytes数据 + clean_bytes = bytearray("more_clean_data", 'utf-8') + + # 使用extend操作扩展干净数据 + ba.extend(clean_bytes) + + # 将扩展后的bytearray传递给sink,期望引擎不识别为污点数据 + taint_sink(ba) + +def taint_sink(o): + os.system(bytes(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + bytearray_extend_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_slice_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_slice_001_T.py new file mode 100644 index 00000000..97e22b2d --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_slice_001_T.py @@ -0,0 +1,28 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->可变字节序列 +# scene introduction = bytearray切片操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/bytearray/bytearray_slice_001_T +# evaluation information end + +import os + +def bytearray_slice_001_T(taint_src): + # 创建包含污点数据的bytearray + clean_part = "clean_data_" + ba = bytearray(clean_part + taint_src, 'utf-8') + + # 通过切片操作提取包含污点数据的部分 + tainted_slice = ba[len(clean_part):len(clean_part) + len(taint_src)] + + # 将切片结果传递给sink,期望引擎识别出污点数据 + taint_sink(tainted_slice) + +def taint_sink(o): + os.system(bytes(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + bytearray_slice_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_slice_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_slice_002_F.py new file mode 100644 index 00000000..d1da54b8 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/bytearray_slice_002_F.py @@ -0,0 +1,28 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->可变字节序列 +# scene introduction = bytearray切片操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/bytearray/bytearray_slice_002_F +# evaluation information end + +import os + +def bytearray_slice_002_F(taint_src): + # 创建只包含干净数据的bytearray + clean_data = "clean_data_only" + ba = bytearray(clean_data, 'utf-8') + + # 通过切片操作提取部分数据 + clean_slice = ba[0:5] # 提取"clean" + + # 将切片结果传递给sink,期望引擎不识别为污点数据 + taint_sink(clean_slice) + +def taint_sink(o): + os.system(bytes(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + bytearray_slice_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/config.json b/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/config.json index 8ef1d3f0..55de22a5 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/config.json +++ b/sast-python3/case/completeness/single_app_tracing/datatype/bytearray/config.json @@ -9,6 +9,14 @@ { "compose": "bytearray_001_T.py && !bytearray_002_F.py", "scene": "构造函数形式" + }, + { + "compose": "bytearray_slice_001_T.py && !bytearray_slice_002_F.py", + "scene": "切片操作" + }, + { + "compose": "bytearray_extend_001_T.py && !bytearray_extend_002_F.py", + "scene": "扩展操作" } ] } diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/collections/config.json b/sast-python3/case/completeness/single_app_tracing/datatype/collections/config.json index 10037be8..19166444 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/collections/config.json +++ b/sast-python3/case/completeness/single_app_tracing/datatype/collections/config.json @@ -26,6 +26,10 @@ { "compose": "set_007_T.py && !set_008_F.py", "scene": "差集操作" + }, + { + "compose": "set_remove_001_T.py && !set_remove_002_F.py", + "scene": "set元素删除操作" } ] } diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/collections/set_006_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/collections/set_006_F.py index c370ab3c..2e2f4df6 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/collections/set_006_F.py +++ b/sast-python3/case/completeness/single_app_tracing/datatype/collections/set_006_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->集合 # scene introduction = 交集-并集 # level = 2+ diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/collections/set_remove_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/collections/set_remove_001_T.py new file mode 100644 index 00000000..ae6ef758 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/collections/set_remove_001_T.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->集合 +# scene introduction = set元素删除操作 +# level = 2+ +# bind_url = completeness/single_app_tracing/datatype/collections/set_remove_001_T +# evaluation information end + +import os + +def set_remove_001_T(taint_src): + # 创建包含污点数据的set + s = {taint_src, 'clean1', 'clean2'} + + # 从set中删除污点元素 + s.remove('clean1') + + # 将删除后的set传递给sink + taint_sink(s) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + set_remove_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/collections/set_remove_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/collections/set_remove_002_F.py new file mode 100644 index 00000000..5526a7c3 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/collections/set_remove_002_F.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->集合 +# scene introduction = set元素删除操作 +# level = 2+ +# bind_url = completeness/single_app_tracing/datatype/collections/set_remove_002_F +# evaluation information end + +import os + +def set_remove_002_F(taint_src): + # 创建只包含干净数据的set + s = {taint_src, 'clean2', 'clean3'} + + # 从set中删除干净元素 + s.remove(taint_src) + + # 将删除后的set传递给sink + taint_sink(s) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + set_remove_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/config.json b/sast-python3/case/completeness/single_app_tracing/datatype/list/config.json index 9595fa87..1607d8cd 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/list/config.json +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/config.json @@ -18,6 +18,26 @@ "compose": "list_005_T.py && !list_006_F.py", "scene": "append操作" }, + { + "compose": "list_extend_001_T.py && !list_extend_002_F.py", + "scene": "extend操作" + }, + { + "compose": "list_insert_001_T.py && !list_insert_002_F.py", + "scene": "insert操作" + }, + { + "compose": "list_remove_001_T.py && !list_remove_002_F.py", + "scene": "remove操作" + }, + { + "compose": "list_pop_001_T.py && !list_pop_002_F.py", + "scene": "pop操作" + }, + { + "compose": "list_concat_001_T.py && !list_concat_002_F.py", + "scene": "连接操作" + }, { "compose": "list_007_T.py && !list_008_F.py", "scene": "泛型容器类型" diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_concat_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_concat_001_T.py new file mode 100644 index 00000000..cd4ae1d8 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_concat_001_T.py @@ -0,0 +1,31 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->列表 +# scene introduction = 连接操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/list/list_concat_001_T +# evaluation information end + +import os + +def list_concat_001_T(taint_src): + + # 创建包含污点数据的列表 + lst2 = [taint_src, 'clean3'] + + # 创建初始列表 + lst1 = ['clean1', 'clean2'] + + # 执行连接操作(+运算符) + result = lst2 + lst1 + + # 传递给sink + taint_sink(result) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + list_concat_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_concat_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_concat_002_F.py new file mode 100644 index 00000000..962e2bcb --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_concat_002_F.py @@ -0,0 +1,29 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->列表 +# scene introduction = 连接操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/list/list_concat_002_F +# evaluation information end + +import os + +def list_concat_002_F(taint_src): + # 创建初始列表 + lst1 = ['clean1', 'clean2'] + + lst2 = ['clean3', 'clean4'] + + # 执行连接操作(+运算符) + result = lst1 + lst2 + + # 传递给sink + taint_sink(result) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + list_concat_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_extend_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_extend_001_T.py new file mode 100644 index 00000000..2d5fc1de --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_extend_001_T.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->列表 +# scene introduction = extend操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/list/list_extend_001_T +# evaluation information end + +import os + +def list_extend_001_T(taint_src): + # 创建初始列表 + tainted_list = [taint_src] + + # 创建初始列表 + lst = ['clean1', 'clean2'] + + # 执行extend操作,将污点数据扩展到干净列表 + tainted_list.extend(lst) + + # 传递给sink + taint_sink(tainted_list) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + list_extend_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_extend_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_extend_002_F.py new file mode 100644 index 00000000..bcdf9616 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_extend_002_F.py @@ -0,0 +1,29 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->列表 +# scene introduction = extend操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/list/list_extend_002_F +# evaluation information end + +import os + +def list_extend_002_F(taint_src): + # 创建初始列表 + lst = ['clean1', 'clean2'] + + tainted_list = ['clean3'] + + # 执行extend操作 + tainted_list.extend(lst) + + # 传递给sink + taint_sink(tainted_list) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + list_extend_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_insert_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_insert_001_T.py new file mode 100644 index 00000000..3c98cdc5 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_insert_001_T.py @@ -0,0 +1,28 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->列表 +# scene introduction = insert操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/list/list_insert_001_T +# evaluation information end + +import os + +def list_insert_001_T(taint_src): + + # 创建初始列表 + lst = ['clean1', 'clean2'] + + # 在指定位置插入数据 + lst.insert(0, taint_src) + + # 传递给sink + taint_sink(lst) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + list_insert_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_insert_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_insert_002_F.py new file mode 100644 index 00000000..7dcbb275 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_insert_002_F.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->列表 +# scene introduction = insert操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/list/list_insert_002_F +# evaluation information end + +import os + +def list_insert_002_F(taint_src): + # 创建初始列表 + lst = ['clean1', 'clean2'] + + # 在指定位置插入干净数据 + lst.insert(0, 'clean3') + + # 传递给sink + taint_sink(lst) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + list_insert_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_pop_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_pop_001_T.py new file mode 100644 index 00000000..c704f15b --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_pop_001_T.py @@ -0,0 +1,28 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->列表 +# scene introduction = pop操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/list/list_pop_001_T +# evaluation information end + +import os + +def list_pop_001_T(taint_src): + + # 创建包含污点数据的列表,污点元素在首位 + lst = [taint_src, 'clean1', 'clean2'] + + # 弹出指定位置的元素(污点元素) + popped = lst.pop(0) + + # 将弹出的元素传递给sink + taint_sink(popped) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + list_pop_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_pop_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_pop_002_F.py new file mode 100644 index 00000000..a26784ab --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_pop_002_F.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->列表 +# scene introduction = pop操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/list/list_pop_002_F +# evaluation information end + +import os + +def list_pop_002_F(taint_src): + # 创建包含干净数据的列表 + lst = ['clean1', taint_src, 'clean3'] + + # 弹出指定位置的元素(干净元素) + popped = lst.pop(0) + + # 将弹出的元素传递给sink + taint_sink(popped) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + list_pop_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_remove_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_remove_001_T.py new file mode 100644 index 00000000..afb527e2 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_remove_001_T.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->列表 +# scene introduction = remove操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/list/list_remove_001_T +# evaluation information end + +import os + +def list_remove_001_T(taint_src): + # 创建包含污点数据的列表 + lst = ['clean1', taint_src, 'clean3'] + + # 删除污点元素 + lst.remove('clean1') + + # 传递给sink + taint_sink(lst) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + list_remove_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/list/list_remove_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_remove_002_F.py new file mode 100644 index 00000000..ae3e1d75 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/list/list_remove_002_F.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->列表 +# scene introduction = remove操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/list/list_remove_002_F +# evaluation information end + +import os + +def list_remove_002_F(taint_src): + # 创建包含干净数据的列表 + lst = ['clean1', taint_src, 'clean3'] + + # 删除干净元素 + lst.remove(taint_src) + + # 传递给sink + taint_sink(lst) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + list_remove_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/map/config.json b/sast-python3/case/completeness/single_app_tracing/datatype/map/config.json index 14e75f4c..adf9ce94 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/map/config.json +++ b/sast-python3/case/completeness/single_app_tracing/datatype/map/config.json @@ -14,6 +14,10 @@ "compose": "map_003_T.py && !map_004_F.py", "scene": "字典/映射(Map)对象2" }, + { + "compose": "map_pop_001_T.py && !map_pop_002_F.py", + "scene": "pop操作" + }, { "compose": "map_009_T.py && !map_010_F.py", "scene": "泛型映射" diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/map/map_pop_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/map/map_pop_001_T.py new file mode 100644 index 00000000..9a7b70db --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/map/map_pop_001_T.py @@ -0,0 +1,26 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字典 +# scene introduction = pop操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/map/map_pop_001_T +# evaluation information end + +import os + +def map_pop_001_T(taint_src): + # 创建包含污点数据的字典 + m = {"key1": taint_src, "key2": "clean"} + + # 弹出指定键的值(污点值) + popped_value = m.pop("key1") + # 将弹出的值传递给sink + taint_sink(popped_value) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + map_pop_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/map/map_pop_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/map/map_pop_002_F.py new file mode 100644 index 00000000..39f081f4 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/map/map_pop_002_F.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字典 +# scene introduction = pop操作 +# level = 2 +# bind_url = completeness/single_app_tracing/datatype/map/map_pop_002_F +# evaluation information end + +import os + +def map_pop_002_F(taint_src): + # 创建包含干净数据的字典 + m = {"key1": "clean1", "key2": taint_src} + + # 弹出指定键的值(干净值) + popped_value = m.pop("key1") + + # 将弹出的值传递给sink + taint_sink(popped_value) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + map_pop_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/primitives/bool_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/primitives/bool_002_F.py index 2a745afc..60730f1b 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/primitives/bool_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/datatype/primitives/bool_002_F.py @@ -9,11 +9,12 @@ import os def bool_002_F(taint_src): - taint_sink(taint_src) + tainted_bool = False + taint_sink(tainted_bool) def taint_sink(o): os.system(str(o)) if __name__ == "__main__": - taint_src = False + taint_src = True bool_002_F(taint_src) diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/config.json b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/config.json index 2da4fcba..55aa7b93 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/config.json +++ b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/config.json @@ -18,6 +18,22 @@ { "compose": "tuple_003_T.py && !tuple_004_F.py", "scene": "解包操作" + }, + { + "compose": "tuple_index_001_T.py && !tuple_index_002_F.py", + "scene": "元组索引访问" + }, + { + "compose": "tuple_slice_001_T.py && !tuple_slice_002_F.py", + "scene": "元组切片操作" + }, + { + "compose": "tuple_concat_001_T.py && !tuple_concat_002_F.py", + "scene": "元组连接操作" + }, + { + "compose": "tuple_repeat_001_T.py && !tuple_repeat_002_F.py", + "scene": "元组重复操作" } ] } diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_002_F.py index c68c8549..71285384 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_002_F.py @@ -1,5 +1,5 @@ # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->元组 # scene introduction = 元组字面量 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_004_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_004_F.py index 9bb62c89..70b06d89 100644 --- a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_004_F.py +++ b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_004_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->元组 # scene introduction = 解包操作 # level = 2+ diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_concat_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_concat_001_T.py new file mode 100644 index 00000000..ed29c9b8 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_concat_001_T.py @@ -0,0 +1,33 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->元组 +# scene introduction = 元组连接操作 +# level = 2+ +# bind_url = completeness/single_app_tracing/datatype/tuple/tuple_concat_001_T +# evaluation information end + +import os + +def tuple_concat_001_T(taint_src): + # 直接使用污点数据 + tainted_data = taint_src + + # 创建包含污点数据的元组 + t1 = (tainted_data,) + + # 创建干净的元组 + t2 = ("clean1", "clean2") + + # 执行连接操作 + result = t1 + t2 + + # 传递给sink + taint_sink(result) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + tuple_concat_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_concat_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_concat_002_F.py new file mode 100644 index 00000000..b498d758 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_concat_002_F.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->元组 +# scene introduction = 元组连接操作 +# level = 2+ +# bind_url = completeness/single_app_tracing/datatype/tuple/tuple_concat_002_F +# evaluation information end + +import os + +def tuple_concat_002_F(taint_src): + # 创建干净的元组 + t1 = ("clean1",) + + # 创建干净的元组 + t2 = ("clean2", "clean3") + + # 执行连接操作 + result = t1 + t2 + + # 传递给sink + taint_sink(result) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + tuple_concat_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_index_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_index_001_T.py new file mode 100644 index 00000000..7e7af560 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_index_001_T.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->元组 +# scene introduction = 元组索引访问 +# level = 2+ +# bind_url = completeness/single_app_tracing/datatype/tuple/tuple_index_001_T +# evaluation information end + +import os + +def tuple_index_001_T(taint_src): + # 直接使用污点数据 + tainted_data = taint_src + + # 创建包含污点数据的元组 + t = (tainted_data, "clean1", "clean2") + + # 访问第一个元素 + first_item = t[0] + + # 传递给sink + taint_sink(first_item) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + tuple_index_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_index_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_index_002_F.py new file mode 100644 index 00000000..94cca3c8 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_index_002_F.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->元组 +# scene introduction = 元组索引访问 +# level = 2+ +# bind_url = completeness/single_app_tracing/datatype/tuple/tuple_index_002_F +# evaluation information end + +import os + +def tuple_index_002_F(taint_src): + # 创建包含干净数据的元组 + t = ("clean1", taint_src, "clean3") + + # 访问第一个元素 + first_item = t[0] + + # 传递给sink + taint_sink(first_item) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + tuple_index_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_repeat_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_repeat_001_T.py new file mode 100644 index 00000000..b6b9ea45 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_repeat_001_T.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->元组 +# scene introduction = 元组重复操作 +# level = 2+ +# bind_url = completeness/single_app_tracing/datatype/tuple/tuple_repeat_001_T +# evaluation information end + +import os + +def tuple_repeat_001_T(taint_src): + # 直接使用污点数据 + tainted_data = taint_src + + # 创建包含污点数据的元组 + t = (tainted_data,) + + # 执行重复操作 + result = t * 3 + + # 传递给sink + taint_sink(result) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + tuple_repeat_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_repeat_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_repeat_002_F.py new file mode 100644 index 00000000..0725a43a --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_repeat_002_F.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->元组 +# scene introduction = 元组重复操作 +# level = 2+ +# bind_url = completeness/single_app_tracing/datatype/tuple/tuple_repeat_002_F +# evaluation information end + +import os + +def tuple_repeat_002_F(taint_src): + # 创建干净的元组 + t = ("clean1",) + + # 执行重复操作 + result = t * 3 + + # 传递给sink + taint_sink(result) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + tuple_repeat_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_slice_001_T.py b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_slice_001_T.py new file mode 100644 index 00000000..c77d5fc5 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_slice_001_T.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->元组 +# scene introduction = 元组切片操作 +# level = 2+ +# bind_url = completeness/single_app_tracing/datatype/tuple/tuple_slice_001_T +# evaluation information end + +import os + +def tuple_slice_001_T(taint_src): + # 直接使用污点数据 + tainted_data = taint_src + + # 创建包含污点数据的元组 + t = ("clean1", tainted_data, "clean2") + + # 执行切片操作,获取包含污点的部分 + slice_result = t[1:2] + + # 传递给sink + taint_sink(slice_result) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + tuple_slice_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_slice_002_F.py b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_slice_002_F.py new file mode 100644 index 00000000..0e5a8db7 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/datatype/tuple/tuple_slice_002_F.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->元组 +# scene introduction = 元组切片操作 +# level = 2+ +# bind_url = completeness/single_app_tracing/datatype/tuple/tuple_slice_002_F +# evaluation information end + +import os + +def tuple_slice_002_F(taint_src): + # 创建包含干净数据的元组 + t = (taint_src, "clean2", "clean3") + + # 执行切片操作 + slice_result = t[1:2] + + # 传递给sink + taint_sink(slice_result) + +def taint_sink(o): + os.system(str(o)) + +if __name__ == "__main__": + taint_src = "taint_src_value" + tuple_slice_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_catch_001_T.py b/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_catch_001_T.py index 6d365d92..b2de8416 100644 --- a/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_catch_001_T.py +++ b/sast-python3/case/completeness/single_app_tracing/exception_error/exception_throw/exception_catch_001_T.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = false +# real case = true # evaluation item = 完整度->单应用跟踪完整度->异常与错误处理->异常抛出与捕获 # scene introduction = exception_catch # level = 2+ diff --git a/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_mult_002_F.py b/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_mult_002_F.py index 325f5b9b..1e9661ec 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_mult_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_mult_002_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 # scene introduction = 二元运算->乘 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_sub_002_F.py b/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_sub_002_F.py index e6b60637..47f380fc 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_sub_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_sub_002_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 # scene introduction = 二元运算->减 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/expression/conditional_expression/logical_or_002_F.py b/sast-python3/case/completeness/single_app_tracing/expression/conditional_expression/logical_or_002_F.py index 9843bf64..df509edb 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/conditional_expression/logical_or_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/conditional_expression/logical_or_002_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->条件表达式 # scene introduction = 逻辑或 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/config.json b/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/config.json index 79def60c..a4c2401f 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/config.json +++ b/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/config.json @@ -9,6 +9,10 @@ { "compose": "lambda_expression_001_T.py && !lambda_expression_002_F.py", "scene": "lambda关键字" + }, + { + "compose": "lambda_multi_params_001_T.py && !lambda_multi_params_002_F.py", + "scene": "多参数lambda表达式" } ] } diff --git a/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/lambda_multi_params_001_T.py b/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/lambda_multi_params_001_T.py new file mode 100644 index 00000000..36483aa5 --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/lambda_multi_params_001_T.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = true +# evaluation item = 完整度->单应用跟踪完整度->表达式->Lambda表达式 +# scene introduction = 多参数lambda表达式 +# level = 2 +# bind_url = completeness/single_app_tracing/expression/lambda_expression/lambda_multi_params_001_T +# evaluation information end + +import os + +def lambda_multi_params_001_T(taint_src): + # 直接使用污点数据 + tainted_data = taint_src + + # 创建多参数lambda函数 + lambda_func = lambda x, y, z: x + y + z + + # 调用lambda函数,第一个参数是污点数据 + result = lambda_func(tainted_data, "_clean", "_clean") + + # 传递给sink + taint_sink(result) + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + lambda_multi_params_001_T(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/lambda_multi_params_002_F.py b/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/lambda_multi_params_002_F.py new file mode 100644 index 00000000..5269bb5f --- /dev/null +++ b/sast-python3/case/completeness/single_app_tracing/expression/lambda_expression/lambda_multi_params_002_F.py @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# evaluation information start +# real case = false +# evaluation item = 完整度->单应用跟踪完整度->表达式->Lambda表达式 +# scene introduction = 多参数lambda表达式 +# level = 2 +# bind_url = completeness/single_app_tracing/expression/lambda_expression/lambda_multi_params_002_F +# evaluation information end + +import os + +def lambda_multi_params_002_F(taint_src): + # 创建多参数lambda函数 + lambda_func = lambda x, y, z: x + y + z + + # 调用lambda函数,两个参数都是干净数据 + result = lambda_func("clean1", "clean2", "clean3") + + # 传递给sink函数,一个参数是污点数据 + taint_sink(result) + +def taint_sink(o): + os.system(o) + +if __name__ == "__main__": + taint_src = "taint_src_value" + lambda_multi_params_002_F(taint_src) \ No newline at end of file diff --git a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_006_F.py b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_006_F.py index 2bfe9d32..3fc521d2 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_006_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_006_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 # scene introduction = del运算符->字典键值对 # level = 2+ diff --git a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_008_F.py b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_008_F.py index 6f389dad..5a3ed68e 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_008_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/del_expression_008_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 # scene introduction = del运算符->切片 # level = 2+ diff --git a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/list_comprehension_002_F.py b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/list_comprehension_002_F.py index 915ab6d2..7683fdd8 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/list_comprehension_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/list_comprehension_002_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 # scene introduction = 列表推导式 # level = 3 diff --git a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/map_comprehension_002_F.py b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/map_comprehension_002_F.py index f5457289..b53c3e6c 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/map_comprehension_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/map_comprehension_002_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->语言特有的表达式 # scene introduction = 字典推导式 # level = 3 diff --git a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/set_comprehension_001_T.py b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/set_comprehension_001_T.py index a14703bc..fce29dd4 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/special_expression/set_comprehension_001_T.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/special_expression/set_comprehension_001_T.py @@ -10,8 +10,8 @@ import os # 调整内容 def set_comprehension_001_T(taint_src): - # 使用集合推导式生成一个包含偶数的集合 - s = {x for x in range(5) if x % taint_src == 0} # 只保留偶数 + # 使用集合推导式,将污点源 taint_src 直接作为集合中的元素(突出集合推导式直接包含污点源) + s = {taint_src for _ in range(1)} # 集合推导式中直接将污点源作为元素输出 taint_sink(s) def taint_sink(o): diff --git a/sast-python3/case/completeness/single_app_tracing/expression/type_cast/bool_conversion_002_F.py b/sast-python3/case/completeness/single_app_tracing/expression/type_cast/bool_conversion_002_F.py index 7ed8477c..704ee846 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/type_cast/bool_conversion_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/type_cast/bool_conversion_002_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->类型转换 # scene introduction = 布尔转换 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/expression/type_cast/type_cast_002_F.py b/sast-python3/case/completeness/single_app_tracing/expression/type_cast/type_cast_002_F.py index a67d8524..ece12278 100644 --- a/sast-python3/case/completeness/single_app_tracing/expression/type_cast/type_cast_002_F.py +++ b/sast-python3/case/completeness/single_app_tracing/expression/type_cast/type_cast_002_F.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = true +# real case = false # evaluation item = 完整度->单应用跟踪完整度->表达式->类型转换 # scene introduction = 隐式类型转换 # level = 2 diff --git a/sast-python3/case/completeness/single_app_tracing/function_call/generator_function/yieldFrom_001_T.py b/sast-python3/case/completeness/single_app_tracing/function_call/generator_function/yieldFrom_001_T.py index a06a687e..041c1456 100644 --- a/sast-python3/case/completeness/single_app_tracing/function_call/generator_function/yieldFrom_001_T.py +++ b/sast-python3/case/completeness/single_app_tracing/function_call/generator_function/yieldFrom_001_T.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = false +# real case = true # evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->生成器函数 # scene introduction = yield_from # level = 2+ diff --git a/sast-python3/case/completeness/single_app_tracing/function_call/generator_function/yieldFrom_003_T.py b/sast-python3/case/completeness/single_app_tracing/function_call/generator_function/yieldFrom_003_T.py index 4c5e9377..e6ed90da 100644 --- a/sast-python3/case/completeness/single_app_tracing/function_call/generator_function/yieldFrom_003_T.py +++ b/sast-python3/case/completeness/single_app_tracing/function_call/generator_function/yieldFrom_003_T.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # evaluation information start -# real case = false +# real case = true # evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->生成器函数 # scene introduction = yield_from # level = 2+ From e2f5c6d03679225358f143a2840ddbd6f82a3f27 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=B9=BB=E5=8D=8E?= Date: Thu, 4 Dec 2025 15:23:12 +0800 Subject: [PATCH 8/8] =?UTF-8?q?feat:=20sast-go=20=E6=9B=B4=E6=96=B0=20case?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitignore | 2 +- .../argument_passing_reference_005_F.go | 2 +- .../argument_passing_reference_006_T.go | 2 +- .../multiple_return_value_passing_003_F.go | 2 +- .../multiple_return_value_passing_004_T.go | 2 +- .../slice_index_003_T/slice_index_003_T.go | 2 +- .../slice_index_004_F/slice_index_004_F.go | 2 +- .../flow_sensitive/normal_stmt/config.json | 18 ++++ .../sequential_assign_001_T.go | 33 +++++++ .../sequential_assign_002_F.go | 34 +++++++ .../sequential_execution/config.json | 0 .../exception_throw/config.json | 22 +++++ .../exception_catch_001_T.go | 37 +++++++ .../exception_catch_002_F.go | 35 +++++++ .../exception_catch_003_T.go | 35 +++++++ .../exception_catch_004_F.go | 35 +++++++ .../return_001_T/return_001_T.go | 2 +- .../return_002_F/return_002_F.go | 2 +- .../conditional_if_no_solver_001_T.go} | 12 +-- .../conditional_switch_no_solver_001_T.go} | 12 +-- .../no_solver/config.json | 6 +- .../dynamic_tracing/dynamic_type/config.json | 0 .../multi_process/config.json | 0 .../multi_thread/config.json | 6 +- .../atomic_synchronization_001_T.go | 56 +++++++++++ .../atomic_synchronization_002_F.go | 56 +++++++++++ .../cond_synchronization_001_T.go | 51 ++++++++++ .../cond_synchronization_002_F.go | 51 ++++++++++ .../promise_callback_await/config.json | 44 ++++++++- .../mutex_synchronization_001_T.go | 53 ++++++++++ .../mutex_synchronization_002_F.go | 53 ++++++++++ .../once_execution_001_T.go | 42 ++++++++ .../once_execution_002_F.go | 42 ++++++++ .../rwmutex_synchronization_001_T.go | 51 ++++++++++ .../rwmutex_synchronization_002_F.go | 51 ++++++++++ .../synchronization_primitive_001_T.go | 2 +- .../synchronization_primitive_002_F.go | 2 +- .../synchronization_primitive_003_T.go | 2 +- .../synchronization_primitive_004_F.go | 2 +- .../waitgroup_synchronization_001_T.go | 39 ++++++++ .../waitgroup_synchronization_002_F.go | 40 ++++++++ .../synchronization_primitive/config.json | 22 ----- .../cross_init/cross_directory_init_009_T.go | 2 +- .../cross/cross_directory_015_T.go | 31 ------ .../cross_directory_export_015_T.go | 11 --- .../cross_init/cross_directory_init_015_T.go | 14 --- .../cross_directory_015_T/go.mod | 3 - .../cross/cross_directory_016_F.go | 23 ----- .../cross_directory_export_016_F.go | 11 --- .../cross_init/cross_directory_init_016_F.go | 14 --- .../cross_directory_016_F/go.mod | 3 - .../cross/cross_directory_017_T.go | 32 ------- .../cross_directory_export_017_T.go | 11 --- .../cross_directory_init_017_T_a.go | 17 ---- .../cross_directory_init_017_T_b.go | 19 ---- .../cross_directory_017_T/go.mod | 3 - .../cross/cross_directory_018_F.go | 32 ------- .../cross_directory_export_018_F.go | 11 --- .../cross_directory_init_018_F_a.go | 18 ---- .../cross_directory_init_018_F_b.go | 19 ---- .../cross_directory_018_F/go.mod | 3 - .../cross/cross_directory_019_T.go | 31 ------ .../cross_directory_export_019_T.go | 11 --- .../cross_directory_init_019_T_a.go | 17 ---- .../cross_directory_init_019_T_b.go | 18 ---- .../cross_directory_019_T/go.mod | 3 - .../cross/cross_directory_020_F.go | 32 ------- .../cross_directory_export_020_F.go | 11 --- .../cross_directory_init_020_F_a.go | 17 ---- .../cross_directory_init_020_F_b.go | 18 ---- .../cross_directory_020_F/go.mod | 3 - .../cross_file_001_T/cross_file_001_T_a.go | 2 +- .../cross_file_001_T/cross_file_001_T_b.go | 2 +- .../cross_file_002_F/cross_file_002_F_a.go | 2 +- .../cross_file_002_F/cross_file_002_F_b.go | 2 +- .../datatype/array/array_004_F/array_004_F.go | 2 +- .../array_index_001_T/array_index_001_T.go | 29 ++++++ .../array_index_002_F/array_index_002_F.go | 30 ++++++ .../array_slice_001_T/array_slice_001_T.go | 31 ++++++ .../array_slice_002_F/array_slice_002_F.go | 31 ++++++ .../datatype/array/config.json | 10 +- .../datatype/map/config.json | 6 +- .../map/map_delete_001_T/map_delete_001_T.go | 33 +++++++ .../map/map_delete_002_F/map_delete_002_F.go | 31 ++++++ .../datatype/primitives/config.json | 18 +++- .../primitives_byte_001_T.go | 29 ++++++ .../primitives_byte_002_F.go | 31 ++++++ .../primitives_char_001_T.go | 29 ++++++ .../primitives_char_002_F.go | 31 ++++++ .../primitives_string_001_T.go | 29 ++++++ .../primitives_string_002_F.go | 31 ++++++ .../primitives_uint_001_T.go | 29 ++++++ .../primitives_uint_002_F.go | 31 ++++++ .../datatype/slice/slice_001_T/slice_001_T.go | 2 +- .../datatype/string/config.json | 10 +- .../string/string_003_T/string_003_T.go | 14 +-- .../string/string_004_F/string_004_F.go | 14 +-- .../string_index_001_T/string_index_001_T.go | 29 ++++++ .../string_index_002_F/string_index_002_F.go | 29 ++++++ .../string_slice_001_T/string_slice_001_T.go | 29 ++++++ .../string_slice_002_F/string_slice_002_F.go | 29 ++++++ .../datatype/struct/config.json | 6 +- .../struct_pointer_001_T.go | 36 +++++++ .../struct_pointer_002_F.go | 36 +++++++ .../assert_statement_001_T.go | 32 +++++++ .../assert_statement_002_F.go | 32 +++++++ .../assert_statement/config.json | 18 ++++ .../exception_throw/config.json | 8 +- .../exception_throw_001_T.go | 18 ++-- .../exception_throw_002_F.go | 18 ++-- .../exception_throw_003_T.go | 48 ++++++++++ .../exception_throw_004_F.go | 52 ++++++++++ .../assign_001_T.go} | 7 +- .../assign_002_F.go} | 15 +-- .../binary_001_T.go} | 15 +-- .../binary_002_F.go} | 15 +-- .../binary_003_T/binary_003_T.go | 29 ++++++ .../binary_004_F/binary_004_F.go | 30 ++++++ .../binary_005_T/binary_005_T.go | 29 ++++++ .../binary_006_F/binary_006_F.go | 30 ++++++ .../binary_007_T/binary_007_T.go | 28 ++++++ .../binary_008_F/binary_008_F.go | 30 ++++++ .../binary_009_T/binary_009_T.go | 29 ++++++ .../binary_010_F/binary_010_F.go | 30 ++++++ .../binary_011_T.go} | 19 ++-- .../binary_012_F.go} | 22 +++-- .../binary_013_T/binary_013_T.go | 27 ++++++ .../binary_014_F/binary_014_F.go | 28 ++++++ .../binary_015_T/binary_015_T.go | 27 ++++++ .../binary_016_F/binary_016_F.go | 28 ++++++ .../binary_017_T/binary_017_T.go | 27 ++++++ .../binary_018_F/binary_018_F.go | 28 ++++++ .../binary_019_T/binary_019_T.go | 27 ++++++ .../binary_020_F/binary_020_F.go | 28 ++++++ .../bitwise_001_T.go} | 17 ++-- .../bitwise_002_F.go} | 21 ++-- .../bitwise_003_T.go} | 17 ++-- .../bitwise_004_F.go} | 21 ++-- .../bitwise_005_T.go} | 17 ++-- .../bitwise_006_F.go} | 21 ++-- .../bitwise_007_T.go} | 17 ++-- .../bitwise_008_F.go} | 21 ++-- .../bitwise_009_T.go} | 17 ++-- .../bitwise_010_F.go} | 21 ++-- .../bitwise_011_T.go} | 17 ++-- .../bitwise_012_F/bitwise_012_F.go | 30 ++++++ .../bitwise_expression_rsh_002_F.go | 29 ------ .../basic_expression_operation/config.json | 96 +++++++++++++++---- .../logic_001_T.go} | 7 +- .../logic_002_F.go} | 19 ++-- .../logic_003_T.go} | 7 +- .../logic_004_F.go} | 17 ++-- .../relation_001_T.go} | 7 +- .../relation_002_F.go} | 7 +- .../expression/type_cast/config.json | 10 +- .../type_cast_001_T/type_cast_001_T.go | 14 +-- .../type_cast_002_F/type_cast_002_F.go | 12 +-- .../type_cast_003_T/type_cast_003_T.go | 10 +- .../type_cast_004_F/type_cast_004_F.go | 10 +- .../type_cast_005_T/type_cast_005_T.go | 31 ++++++ .../type_cast_006_F/type_cast_006_F.go | 32 +++++++ .../type_cast_007_T/type_cast_007_T.go | 30 ++++++ .../type_cast_008_F/type_cast_008_F.go | 31 ++++++ .../closure_function_001_F.go | 2 +- .../argument_passing/config.json | 2 +- .../chained_call_001_T.go} | 14 +-- .../chained_call_002_F.go} | 14 +-- .../chained_call_003_T.go} | 14 +-- .../chained_call_004_F.go} | 14 +-- .../function_call/chained_call/config.json | 6 +- .../higher_order_function_002_T.go | 2 +- .../call_implement_method_001_T.go | 48 ++++++++++ .../call_implement_method_002_F.go | 48 ++++++++++ .../abstract_class/config.json | 26 +++++ .../create_implement_object_001_T.go | 52 ++++++++++ .../create_implement_object_002_F.go | 51 ++++++++++ .../write_implement_field_001_T.go | 53 ++++++++++ .../write_implement_field_002_F.go | 53 ++++++++++ .../call_anonymous_object_method_001_T.go | 39 ++++++++ .../call_anonymous_object_method_002_F.go | 39 ++++++++ .../anonymous_object/config.json | 26 +++++ .../create_anonymous_object_001_T.go | 34 +++++++ .../create_anonymous_object_002_F.go | 34 +++++++ .../write_anonymous_object_field_001_T.go | 37 +++++++ .../write_anonymous_object_field_002_F.go | 37 +++++++ .../anonymous_struct_field_001_T.go | 34 +++++++ .../anonymous_struct_field_002_F.go | 34 +++++++ .../complex_object/config.json | 51 ++++++++++ .../deep_nested_field_read_001_T.go | 62 ++++++++++++ .../deep_nested_field_read_002_F.go | 62 ++++++++++++ .../deep_nested_field_write_001_T.go | 56 +++++++++++ .../deep_nested_field_write_002_F.go | 56 +++++++++++ .../interface_field_access_001_T.go | 47 +++++++++ .../interface_field_access_002_F.go | 47 +++++++++ .../nested_pointer_field_001_T.go | 48 ++++++++++ .../nested_pointer_field_002_F.go | 48 ++++++++++ .../nested_struct_create_001_T.go | 54 +++++++++++ .../nested_struct_create_002_F.go | 54 +++++++++++ .../struct_pointer_field_001_T.go | 47 +++++++++ .../struct_pointer_field_002_F.go | 47 +++++++++ .../struct_tag_field_001_T.go | 45 +++++++++ .../struct_tag_field_002_F.go | 45 +++++++++ .../interface_implementation/config.json | 14 ++- .../direct_assignment_002_T.go | 44 +++++++++ .../direct_assignment_002_F.go | 44 +++++++++ .../field_assignment_001_T.go | 49 ++++++++++ .../field_assignment_002_F.go | 49 ++++++++++ .../struct_injection_interface_001_T.go} | 17 ++-- .../struct_injection_interface_002_F.go} | 29 +++--- .../interface_class/simple_object/config.json | 30 ++++++ .../create_object_001_T.go | 38 ++++++++ .../create_object_002_F.go | 38 ++++++++ .../create_object_003_T.go | 37 +++++++ .../create_object_004_F.go | 37 +++++++ .../write_object_property_001_T.go | 37 +++++++ .../write_object_property_002_F.go | 37 +++++++ .../write_object_property_003_T.go | 37 +++++++ .../write_object_property_004_F.go | 37 +++++++ .../interface_class/subclass/config.json | 26 +++++ .../field_write_001_T/field_write_001_T.go | 41 ++++++++ .../field_write_002_F/field_write_002_F.go | 41 ++++++++ .../method_call_001_T/method_call_001_T.go | 50 ++++++++++ .../method_call_002_F/method_call_002_F.go | 50 ++++++++++ .../object_creation_001_T.go | 41 ++++++++ .../object_creation_002_F.go | 42 ++++++++ .../variable_scope/public/config.json | 22 +++++ .../public_var_assign_001_T.go | 33 +++++++ .../public_var_assign_002_F.go | 33 +++++++ .../public_var_cross_package_001_T_a.go | 19 ++++ .../public_var_cross_package_001_T.go | 28 ++++++ .../public_var_cross_package_002_F_a.go | 19 ++++ .../public_var_cross_package_002_F.go | 28 ++++++ .../static_variable/config.json | 0 233 files changed, 5176 insertions(+), 836 deletions(-) create mode 100644 sast-go/cases/accuracy/flow_sensitive/normal_stmt/config.json create mode 100644 sast-go/cases/accuracy/flow_sensitive/normal_stmt/sequential_assign_001_T/sequential_assign_001_T.go create mode 100644 sast-go/cases/accuracy/flow_sensitive/normal_stmt/sequential_assign_002_F/sequential_assign_002_F.go delete mode 100644 sast-go/cases/accuracy/flow_sensitive/sequential_execution/config.json create mode 100644 sast-go/cases/accuracy/path_sensitive/exception_throw/config.json create mode 100644 sast-go/cases/accuracy/path_sensitive/exception_throw/exception_catch_001_T/exception_catch_001_T.go create mode 100644 sast-go/cases/accuracy/path_sensitive/exception_throw/exception_catch_002_F/exception_catch_002_F.go create mode 100644 sast-go/cases/accuracy/path_sensitive/exception_throw/exception_catch_003_T/exception_catch_003_T.go create mode 100644 sast-go/cases/accuracy/path_sensitive/exception_throw/exception_catch_004_F/exception_catch_004_F.go rename sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/{conditional_if_no_solver_001_F/conditional_if_no_solver_001_F.go => conditional_if_no_solver_001_T/conditional_if_no_solver_001_T.go} (81%) rename sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/{conditional_switch_no_solver_001_F/conditional_switch_no_solver_001_F.go => conditional_switch_no_solver_001_T/conditional_switch_no_solver_001_T.go} (80%) delete mode 100644 sast-go/cases/completeness/dynamic_tracing/dynamic_type/config.json delete mode 100644 sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/multi_process/config.json create mode 100644 sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/atomic_synchronization_001_T/atomic_synchronization_001_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/atomic_synchronization_002_F/atomic_synchronization_002_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/cond_synchronization_001_T/cond_synchronization_001_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/cond_synchronization_002_F/cond_synchronization_002_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/mutex_synchronization_001_T/mutex_synchronization_001_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/mutex_synchronization_002_F/mutex_synchronization_002_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/once_execution_001_T/once_execution_001_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/once_execution_002_F/once_execution_002_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/rwmutex_synchronization_001_T/rwmutex_synchronization_001_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/rwmutex_synchronization_002_F/rwmutex_synchronization_002_F.go rename sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/{synchronization_primitive => promise_callback_await}/synchronization_primitive_001_T/synchronization_primitive_001_T.go (87%) rename sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/{synchronization_primitive => promise_callback_await}/synchronization_primitive_002_F/synchronization_primitive_002_F.go (88%) rename sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/{synchronization_primitive => promise_callback_await}/synchronization_primitive_003_T/synchronization_primitive_003_T.go (88%) rename sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/{synchronization_primitive => promise_callback_await}/synchronization_primitive_004_F/synchronization_primitive_004_F.go (88%) create mode 100644 sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/waitgroup_synchronization_001_T/waitgroup_synchronization_001_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/waitgroup_synchronization_002_F/waitgroup_synchronization_002_F.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/synchronization_primitive/config.json delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_directory_015_T.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_export_015_T.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_init_015_T.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/go.mod delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_directory_016_F.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_export_016_F.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_init_016_F.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/go.mod delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_directory_017_T.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_export_017_T.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_a.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_b.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/go.mod delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_directory_018_F.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_export_018_F.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_a.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_b.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/go.mod delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_directory_019_T.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_export_019_T.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_a.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_b.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/go.mod delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_directory_020_F.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_export_020_F.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_a.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_b.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/go.mod create mode 100644 sast-go/cases/completeness/single_app_tracing/datatype/array/array_index_001_T/array_index_001_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/datatype/array/array_index_002_F/array_index_002_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/datatype/array/array_slice_001_T/array_slice_001_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/datatype/array/array_slice_002_F/array_slice_002_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/datatype/map/map_delete_001_T/map_delete_001_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/datatype/map/map_delete_002_F/map_delete_002_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_byte_001_T/primitives_byte_001_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_byte_002_F/primitives_byte_002_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_char_001_T/primitives_char_001_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_char_002_F/primitives_char_002_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_string_001_T/primitives_string_001_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_string_002_F/primitives_string_002_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_uint_001_T/primitives_uint_001_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_uint_002_F/primitives_uint_002_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/datatype/string/string_index_001_T/string_index_001_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/datatype/string/string_index_002_F/string_index_002_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/datatype/string/string_slice_001_T/string_slice_001_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/datatype/string/string_slice_002_F/string_slice_002_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/datatype/struct/struct_pointer_001_T/struct_pointer_001_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/datatype/struct/struct_pointer_002_F/struct_pointer_002_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/exception_error/assert_statement/assert_statement_001_T/assert_statement_001_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/exception_error/assert_statement/assert_statement_002_F/assert_statement_002_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/exception_error/assert_statement/config.json create mode 100644 sast-go/cases/completeness/single_app_tracing/exception_error/exception_throw/exception_throw_003_T/exception_throw_003_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/exception_error/exception_throw/exception_throw_004_F/exception_throw_004_F.go rename sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/{assign_expression_001_T/assign_expression_001_T.go => assign_001_T/assign_001_T.go} (75%) rename sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/{assign_expression_002_F/assign_expression_002_F.go => assign_002_F/assign_002_F.go} (69%) rename sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/{binary_expression_add_001_T/binary_expression_add_001_T.go => binary_001_T/binary_001_T.go} (68%) rename sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/{binary_expression_add_002_F/binary_expression_add_002_F.go => binary_002_F/binary_002_F.go} (69%) create mode 100644 sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_003_T/binary_003_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_004_F/binary_004_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_005_T/binary_005_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_006_F/binary_006_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_007_T/binary_007_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_008_F/binary_008_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_009_T/binary_009_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_010_F/binary_010_F.go rename sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/{binary_expression_add_assignment_001_T/binary_expression_add_assignment_001_T.go => binary_011_T/binary_011_T.go} (59%) rename sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/{binary_expression_add_assignment_002_F/binary_expression_add_assignment_002_F.go => binary_012_F/binary_012_F.go} (57%) create mode 100644 sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_013_T/binary_013_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_014_F/binary_014_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_015_T/binary_015_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_016_F/binary_016_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_017_T/binary_017_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_018_F/binary_018_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_019_T/binary_019_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_020_F/binary_020_F.go rename sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/{bitwise_expression_and_001_T/bitwise_expression_and_001_T.go => bitwise_001_T/bitwise_001_T.go} (70%) rename sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/{bitwise_expression_and_002_F/bitwise_expression_and_002_F.go => bitwise_002_F/bitwise_002_F.go} (66%) rename sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/{bitwise_expression_or_001_T/bitwise_expression_or_001_T.go => bitwise_003_T/bitwise_003_T.go} (70%) rename sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/{bitwise_expression_or_002_F/bitwise_expression_or_002_F.go => bitwise_004_F/bitwise_004_F.go} (66%) rename sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/{bitwise_expression_xor_001_T/bitwise_expression_xor_001_T.go => bitwise_005_T/bitwise_005_T.go} (70%) rename sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/{bitwise_expression_xor_002_F/bitwise_expression_xor_002_F.go => bitwise_006_F/bitwise_006_F.go} (66%) rename sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/{bitwise_expression_not_001_T/bitwise_expression_not_001_T.go => bitwise_007_T/bitwise_007_T.go} (70%) rename sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/{bitwise_expression_not_002_F/bitwise_expression_not_002_F.go => bitwise_008_F/bitwise_008_F.go} (66%) rename sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/{bitwise_expression_lsh_001_T/bitwise_expression_lsh_001_T.go => bitwise_009_T/bitwise_009_T.go} (70%) rename sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/{bitwise_expression_lsh_002_F/bitwise_expression_lsh_002_F.go => bitwise_010_F/bitwise_010_F.go} (66%) rename sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/{bitwise_expression_rsh_001_T/bitwise_expression_rsh_001_T.go => bitwise_011_T/bitwise_011_T.go} (70%) create mode 100644 sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_012_F/bitwise_012_F.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_rsh_002_F/bitwise_expression_rsh_002_F.go rename sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/{logic_expression_and_001_T/logic_expression_and_001_T.go => logic_001_T/logic_001_T.go} (75%) rename sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/{logic_expression_and_002_F/logic_expression_and_002_F.go => logic_002_F/logic_002_F.go} (70%) rename sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/{logic_expression_or_001_T/logic_expression_or_001_T.go => logic_003_T/logic_003_T.go} (76%) rename sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/{logic_expression_or_002_F/logic_expression_or_002_F.go => logic_004_F/logic_004_F.go} (72%) rename sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/{relation_expression_equal_001_T/relation_expression_equal_001_T.go => relation_001_T/relation_001_T.go} (74%) rename sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/{relation_expression_equal_002_F/relation_expression_equal_002_F.go => relation_002_F/relation_002_F.go} (74%) create mode 100644 sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_005_T/type_cast_005_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_006_F/type_cast_006_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_007_T/type_cast_007_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_008_F/type_cast_008_F.go rename sast-go/cases/completeness/single_app_tracing/function_call/chained_call/{chained_call_002_T/chained_call_002_T.go => chained_call_001_T/chained_call_001_T.go} (80%) rename sast-go/cases/completeness/single_app_tracing/function_call/chained_call/{chained_call_001_F/chained_call_001_F.go => chained_call_002_F/chained_call_002_F.go} (80%) rename sast-go/cases/completeness/single_app_tracing/function_call/chained_call/{chained_call_004_T/chained_call_004_T.go => chained_call_003_T/chained_call_003_T.go} (81%) rename sast-go/cases/completeness/single_app_tracing/function_call/chained_call/{chained_call_003_F/chained_call_003_F.go => chained_call_004_F/chained_call_004_F.go} (82%) create mode 100644 sast-go/cases/completeness/single_app_tracing/interface_class/abstract_class/call_implement_method_001_T/call_implement_method_001_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/interface_class/abstract_class/call_implement_method_002_F/call_implement_method_002_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/interface_class/abstract_class/create_implement_object_001_T/create_implement_object_001_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/interface_class/abstract_class/create_implement_object_002_F/create_implement_object_002_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/interface_class/abstract_class/write_implement_field_001_T/write_implement_field_001_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/interface_class/abstract_class/write_implement_field_002_F/write_implement_field_002_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/call_anonymous_object_method_001_T/call_anonymous_object_method_001_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/call_anonymous_object_method_002_F/call_anonymous_object_method_002_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/create_anonymous_object_001_T/create_anonymous_object_001_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/create_anonymous_object_002_F/create_anonymous_object_002_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/write_anonymous_object_field_001_T/write_anonymous_object_field_001_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/write_anonymous_object_field_002_F/write_anonymous_object_field_002_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/anonymous_struct_field_001_T/anonymous_struct_field_001_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/anonymous_struct_field_002_F/anonymous_struct_field_002_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/deep_nested_field_read_001_T/deep_nested_field_read_001_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/deep_nested_field_read_002_F/deep_nested_field_read_002_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/deep_nested_field_write_001_T/deep_nested_field_write_001_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/deep_nested_field_write_002_F/deep_nested_field_write_002_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/interface_field_access_001_T/interface_field_access_001_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/interface_field_access_002_F/interface_field_access_002_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/nested_pointer_field_001_T/nested_pointer_field_001_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/nested_pointer_field_002_F/nested_pointer_field_002_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/nested_struct_create_001_T/nested_struct_create_001_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/nested_struct_create_002_F/nested_struct_create_002_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/struct_pointer_field_001_T/struct_pointer_field_001_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/struct_pointer_field_002_F/struct_pointer_field_002_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/struct_tag_field_001_T/struct_tag_field_001_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/struct_tag_field_002_F/struct_tag_field_002_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/direct_assignment_001_T/direct_assignment_002_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/direct_assignment_002_F/direct_assignment_002_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/field_assignment_001_T/field_assignment_001_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/field_assignment_002_F/field_assignment_002_F.go rename sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/{interface_class_001_T/interface_class_001_T.go => struct_injection_interface_001_T/struct_injection_interface_001_T.go} (74%) rename sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/{interface_class_002_F/interface_class_002_F.go => struct_injection_interface_002_F/struct_injection_interface_002_F.go} (63%) create mode 100644 sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/create_object_001_T/create_object_001_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/create_object_002_F/create_object_002_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/create_object_003_T/create_object_003_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/create_object_004_F/create_object_004_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/write_object_property_001_T/write_object_property_001_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/write_object_property_002_F/write_object_property_002_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/write_object_property_003_T/write_object_property_003_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/write_object_property_004_F/write_object_property_004_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/interface_class/subclass/field_write_001_T/field_write_001_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/interface_class/subclass/field_write_002_F/field_write_002_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/interface_class/subclass/method_call_001_T/method_call_001_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/interface_class/subclass/method_call_002_F/method_call_002_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/interface_class/subclass/object_creation_001_T/object_creation_001_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/interface_class/subclass/object_creation_002_F/object_creation_002_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/variable_scope/public/config.json create mode 100644 sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_assign_001_T/public_var_assign_001_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_assign_002_F/public_var_assign_002_F.go create mode 100644 sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_cross_package_001_T/mypackage/public_var_cross_package_001_T_a.go create mode 100644 sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_cross_package_001_T/public_var_cross_package_001_T.go create mode 100644 sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_cross_package_002_F/mypackage/public_var_cross_package_002_F_a.go create mode 100644 sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_cross_package_002_F/public_var_cross_package_002_F.go delete mode 100644 sast-go/cases/completeness/single_app_tracing/variable_scope/static_variable/config.json diff --git a/.gitignore b/.gitignore index 587db6a0..501ce84c 100644 --- a/.gitignore +++ b/.gitignore @@ -16,5 +16,5 @@ logs/ /dast-java/target /tools/library/target /tools/plugin/target -/tools/library/target *.pyc +results/ \ No newline at end of file diff --git a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_reference_005_F/argument_passing_reference_005_F.go b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_reference_005_F/argument_passing_reference_005_F.go index c6fddbc9..94905a48 100644 --- a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_reference_005_F/argument_passing_reference_005_F.go +++ b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_reference_005_F/argument_passing_reference_005_F.go @@ -4,7 +4,7 @@ // evaluation item = 准确度->上下文敏感分析->参数/返回值传递 // scene introduction = 参数值传递->引用传递->map // level = 2 -// bind_url = cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_reference_005_F/argument_passing_reference_005_F +// bind_url = accuracy/context_sensitive/argument_return_value_passing/argument_passing_reference_005_F/argument_passing_reference_005_F // evaluation information end package main diff --git a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_reference_006_T/argument_passing_reference_006_T.go b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_reference_006_T/argument_passing_reference_006_T.go index a49a410f..2ca5304d 100644 --- a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_reference_006_T/argument_passing_reference_006_T.go +++ b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_reference_006_T/argument_passing_reference_006_T.go @@ -4,7 +4,7 @@ // evaluation item = 准确度->上下文敏感分析->参数/返回值传递 // scene introduction = 参数值传递->引用传递->map // level = 2 -// bind_url = cases/accuracy/context_sensitive/argument_return_value_passing/argument_passing_reference_006_T/argument_passing_reference_006_T +// bind_url = accuracy/context_sensitive/argument_return_value_passing/argument_passing_reference_006_T/argument_passing_reference_006_T // evaluation information end package main diff --git a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/multiple_return_value_passing_003_F/multiple_return_value_passing_003_F.go b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/multiple_return_value_passing_003_F/multiple_return_value_passing_003_F.go index 97492b0d..a582ac8d 100644 --- a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/multiple_return_value_passing_003_F/multiple_return_value_passing_003_F.go +++ b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/multiple_return_value_passing_003_F/multiple_return_value_passing_003_F.go @@ -4,7 +4,7 @@ // evaluation item = 准确度->上下文敏感分析->参数/返回值传递 // scene introduction = 返回值传递->函数内交换位置 // level = 2 -// bind_url = accuracy/context_sensitive/argument_return_value_passing_value_passing/multiple_return_value_passing_003_F/multiple_return_value_passing_003_F +// bind_url = accuracy/context_sensitive/argument_return_value_passing/multiple_return_value_passing_003_F/multiple_return_value_passing_003_F // evaluation information end package main diff --git a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/multiple_return_value_passing_004_T/multiple_return_value_passing_004_T.go b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/multiple_return_value_passing_004_T/multiple_return_value_passing_004_T.go index eed20141..9ab02cdf 100644 --- a/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/multiple_return_value_passing_004_T/multiple_return_value_passing_004_T.go +++ b/sast-go/cases/accuracy/context_sensitive/argument_return_value_passing/multiple_return_value_passing_004_T/multiple_return_value_passing_004_T.go @@ -4,7 +4,7 @@ // evaluation item = 准确度->上下文敏感分析->参数/返回值传递 // scene introduction = 返回值传递->函数内交换位置 // level = 2 -// bind_url = accuracy/context_sensitive/argument_return_value_passing_value_passing/multiple_return_value_passing_004_T/multiple_return_value_passing_004_T +// bind_url = accuracy/context_sensitive/argument_return_value_passing/multiple_return_value_passing_004_T/multiple_return_value_passing_004_T // evaluation information end package main diff --git a/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/slice_index_003_T/slice_index_003_T.go b/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/slice_index_003_T/slice_index_003_T.go index 03b4cc74..71261629 100644 --- a/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/slice_index_003_T/slice_index_003_T.go +++ b/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/slice_index_003_T/slice_index_003_T.go @@ -4,7 +4,7 @@ // evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) // scene introduction = 切片->切片截取 // level = 3 -// bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/slice_index_001_T/slice_index_001_T +// bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/slice_index_003_T/slice_index_003_T // evaluation information end package main diff --git a/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/slice_index_004_F/slice_index_004_F.go b/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/slice_index_004_F/slice_index_004_F.go index dd0f5c93..ce2c3d92 100644 --- a/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/slice_index_004_F/slice_index_004_F.go +++ b/sast-go/cases/accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/slice_index_004_F/slice_index_004_F.go @@ -4,7 +4,7 @@ // evaluation item = 准确度->对象敏感与域敏感分析->区分一维字典/列表/数组的不同元素->索引值为数字的场景,能够区分不同索引上特定元素的状态(无需求解) // scene introduction = 切片->切片截取 // level = 3 -// bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/slice_index_002_F/slice_index_002_F +// bind_url = accuracy/field_sensitive/one_dimensional_collection/numeric_index_state_no_solver/slice_index_004_F/slice_index_004_F // evaluation information end package main diff --git a/sast-go/cases/accuracy/flow_sensitive/normal_stmt/config.json b/sast-go/cases/accuracy/flow_sensitive/normal_stmt/config.json new file mode 100644 index 00000000..fa3573a1 --- /dev/null +++ b/sast-go/cases/accuracy/flow_sensitive/normal_stmt/config.json @@ -0,0 +1,18 @@ +{ + "normal_stmt": [ + { + "evaluation_item": "准确度->流敏感分析->常规顺序执行语句", + "scene_levels": [ + { + "level": "2", + "scene_list": [ + { + "compose": "sequential_assign_001_T/sequential_assign_001_T.go && !sequential_assign_002_F/sequential_assign_002_F.go", + "scene": "顺序赋值语句" + } + ] + } + ] + } + ] +} diff --git a/sast-go/cases/accuracy/flow_sensitive/normal_stmt/sequential_assign_001_T/sequential_assign_001_T.go b/sast-go/cases/accuracy/flow_sensitive/normal_stmt/sequential_assign_001_T/sequential_assign_001_T.go new file mode 100644 index 00000000..27cd03c2 --- /dev/null +++ b/sast-go/cases/accuracy/flow_sensitive/normal_stmt/sequential_assign_001_T/sequential_assign_001_T.go @@ -0,0 +1,33 @@ +// evaluation information start +// real case = true +// evaluation item = 准确度->流敏感分析->常规顺序执行语句 +// scene introduction = 顺序赋值语句 +// level = 2 +// bind_url = accuracy/flow_sensitive/normal_stmt/sequential_assign_001_T/sequential_assign_001_T +// date = 2025-12-01 16:19:24 +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func sequentialAssign_001_T(__taint_src string) { + // 场景特点:按顺序执行多个赋值语句 + var a string + var b string + a = __taint_src + b = a + __taint_sink(b) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + sequentialAssign_001_T(__taint_src) +} diff --git a/sast-go/cases/accuracy/flow_sensitive/normal_stmt/sequential_assign_002_F/sequential_assign_002_F.go b/sast-go/cases/accuracy/flow_sensitive/normal_stmt/sequential_assign_002_F/sequential_assign_002_F.go new file mode 100644 index 00000000..cc3a58cf --- /dev/null +++ b/sast-go/cases/accuracy/flow_sensitive/normal_stmt/sequential_assign_002_F/sequential_assign_002_F.go @@ -0,0 +1,34 @@ +// evaluation information start +// real case = false +// evaluation item = 准确度->流敏感分析->常规顺序执行语句 +// scene introduction = 顺序赋值语句 +// level = 2 +// bind_url = accuracy/flow_sensitive/normal_stmt/sequential_assign_002_F/sequential_assign_002_F +// date = 2025-12-01 16:19:24 +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func sequentialAssign_002_F(__taint_src string) { + // 场景特点:按顺序执行多个赋值语句,但污点数据未传播到最终变量 + var a string + var b string + a = __taint_src + b = "_" + _ = a // 使用变量a避免编译错误 + __taint_sink(b) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + sequentialAssign_002_F(__taint_src) +} diff --git a/sast-go/cases/accuracy/flow_sensitive/sequential_execution/config.json b/sast-go/cases/accuracy/flow_sensitive/sequential_execution/config.json deleted file mode 100644 index e69de29b..00000000 diff --git a/sast-go/cases/accuracy/path_sensitive/exception_throw/config.json b/sast-go/cases/accuracy/path_sensitive/exception_throw/config.json new file mode 100644 index 00000000..622cf722 --- /dev/null +++ b/sast-go/cases/accuracy/path_sensitive/exception_throw/config.json @@ -0,0 +1,22 @@ +{ + "exception_throw": [ + { + "evaluation_item": "准确度->路径敏感分析->异常抛出和捕获", + "scene_levels": [ + { + "level": "3", + "scene_list": [ + { + "compose": "exception_catch_001_T/exception_catch_001_T.go && !exception_catch_002_F/exception_catch_002_F.go", + "scene": "异常抛出和捕获->不可控错误处理" + }, + { + "compose": "exception_catch_003_T/exception_catch_003_T.go && !exception_catch_004_F/exception_catch_004_F.go", + "scene": "异常抛出和捕获->可控错误处理" + } + ] + } + ] + } + ] +} diff --git a/sast-go/cases/accuracy/path_sensitive/exception_throw/exception_catch_001_T/exception_catch_001_T.go b/sast-go/cases/accuracy/path_sensitive/exception_throw/exception_catch_001_T/exception_catch_001_T.go new file mode 100644 index 00000000..fd32d112 --- /dev/null +++ b/sast-go/cases/accuracy/path_sensitive/exception_throw/exception_catch_001_T/exception_catch_001_T.go @@ -0,0 +1,37 @@ +// evaluation information start +// real case = true +// evaluation item = 准确度->路径敏感分析->异常抛出和捕获 +// scene introduction = 异常抛出路径 +// level = 3 +// bind_url = accuracy/path_sensitive/exception_throw/exception_catch_001_T/exception_catch_001_T +// date = 2025-12-01 16:29:18 +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func exception_catch_001_T(__taint_src string) { + // 场景特点:在异常抛出路径中传播污点数据 + defer func() { + // recover只能在defer函数中调用,并捕获最新一次panic的值 + if r := recover(); r != nil { + __taint_sink(r) + } + }() + + // 立即平直当前函数,依次执行 defer 函数 + panic(__taint_src) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + exception_catch_001_T(__taint_src) +} diff --git a/sast-go/cases/accuracy/path_sensitive/exception_throw/exception_catch_002_F/exception_catch_002_F.go b/sast-go/cases/accuracy/path_sensitive/exception_throw/exception_catch_002_F/exception_catch_002_F.go new file mode 100644 index 00000000..b497256f --- /dev/null +++ b/sast-go/cases/accuracy/path_sensitive/exception_throw/exception_catch_002_F/exception_catch_002_F.go @@ -0,0 +1,35 @@ +// evaluation information start +// real case = false +// evaluation item = 准确度->路径敏感分析->异常抛出和捕获 +// scene introduction = 异常抛出路径 +// level = 3 +// bind_url = accuracy/path_sensitive/exception_throw/exception_catch_002_F/exception_catch_002_F +// date = 2025-12-01 16:29:18 +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func exception_catch_002_F(__taint_src string) { + // 场景特点:在异常抛出路径中传播污点数据,但污点数据未传播到汇聚点 + defer func() { + if r := recover(); r != nil { + __taint_sink("_") + } + }() + + panic(__taint_src) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + exception_catch_002_F(__taint_src) +} diff --git a/sast-go/cases/accuracy/path_sensitive/exception_throw/exception_catch_003_T/exception_catch_003_T.go b/sast-go/cases/accuracy/path_sensitive/exception_throw/exception_catch_003_T/exception_catch_003_T.go new file mode 100644 index 00000000..41f2fb24 --- /dev/null +++ b/sast-go/cases/accuracy/path_sensitive/exception_throw/exception_catch_003_T/exception_catch_003_T.go @@ -0,0 +1,35 @@ +// evaluation information start +// real case = true +// evaluation item = 准确度->路径敏感分析->异常抛出和捕获 +// scene introduction = 异常抛出路径 +// level = 3 +// bind_url = accuracy/path_sensitive/exception_throw/exception_catch_003_T/exception_catch_003_T +// date = 2025-12-01 16:29:18 +// evaluation information end + +package main + +import ( + "errors" + "fmt" + "os/exec" +) + +func exception_catch_003_T(__taint_src string) { + // 场景特点:在异常抛出路径中传播污点数据 + errMsg := createThrow(__taint_src) + __taint_sink(errMsg.Error()) +} + +func createThrow(msg string) error { + return errors.New(msg) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + exception_catch_003_T(__taint_src) +} diff --git a/sast-go/cases/accuracy/path_sensitive/exception_throw/exception_catch_004_F/exception_catch_004_F.go b/sast-go/cases/accuracy/path_sensitive/exception_throw/exception_catch_004_F/exception_catch_004_F.go new file mode 100644 index 00000000..789dd163 --- /dev/null +++ b/sast-go/cases/accuracy/path_sensitive/exception_throw/exception_catch_004_F/exception_catch_004_F.go @@ -0,0 +1,35 @@ +// evaluation information start +// real case = false +// evaluation item = 准确度->路径敏感分析->异常抛出和捕获 +// scene introduction = 异常抛出路径 +// level = 3 +// date = 2025-12-01 16:29:18 +// bind_url = accuracy/path_sensitive/exception_throw/exception_catch_004_F/exception_catch_004_T +// evaluation information end + +package main + +import ( + "errors" + "fmt" + "os/exec" +) + +func exception_catch_003_T(__taint_src string) { + // 场景特点:在异常抛出路径中传播污点数据 + errMsg := createThrow(__taint_src) + __taint_sink(errMsg.Error()) +} + +func createThrow(msg string) error { + return errors.New("_") +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + exception_catch_003_T(__taint_src) +} diff --git a/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/return_001_T/return_001_T.go b/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/return_001_T/return_001_T.go index 2fed5780..84ad0fcb 100644 --- a/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/return_001_T/return_001_T.go +++ b/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/return_001_T/return_001_T.go @@ -7,7 +7,7 @@ import "os/exec" // evaluation item = 准确度->路径敏感分析->跳转语句 // scene introduction = return // level = 4+ -// bind_url = accuracy/path_sensitive/explicit_jump_control/return/return_001_T/return_001_T +// bind_url = accuracy/path_sensitive/explicit_jump_control/return_001_T/return_001_T // evaluation information end func return_001_T(__taint_src string) string { diff --git a/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/return_002_F/return_002_F.go b/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/return_002_F/return_002_F.go index fe89e048..4ad763ec 100644 --- a/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/return_002_F/return_002_F.go +++ b/sast-go/cases/accuracy/path_sensitive/explicit_jump_control/return_002_F/return_002_F.go @@ -7,7 +7,7 @@ import "os/exec" // evaluation item = 准确度->路径敏感分析->跳转语句 // scene introduction = return // level = 4+ -// bind_url = accuracy/path_sensitive/explicit_jump_control/return/return_002_F/return_002_F +// bind_url = accuracy/path_sensitive/explicit_jump_control/return_002_F/return_002_F // evaluation information end func return_002_F(__taint_src string) string { diff --git a/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_001_F/conditional_if_no_solver_001_F.go b/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_001_T/conditional_if_no_solver_001_T.go similarity index 81% rename from sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_001_F/conditional_if_no_solver_001_F.go rename to sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_001_T/conditional_if_no_solver_001_T.go index e4bd7966..fdb1fdde 100644 --- a/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_001_F/conditional_if_no_solver_001_F.go +++ b/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_001_T/conditional_if_no_solver_001_T.go @@ -1,13 +1,13 @@ package main -import "os/exec" +import "os/exec" // evaluation information start // real case = true // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 // scene introduction = if->区分if else扁平化与分支(不求解) // level = 3 -// bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_001_F/conditional_if_no_solver_001_F +// bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_if_no_solver_001_T/conditional_if_no_solver_001_T // evaluation information end func conditional_if_no_solver_001_F(__taint_src string) { @@ -21,9 +21,9 @@ func conditional_if_no_solver_001_F(__taint_src string) { func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } +} func main() { - __taint_src := "taint_src_value" - conditional_if_no_solver_001_F(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + conditional_if_no_solver_001_F(__taint_src) +} diff --git a/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_001_F/conditional_switch_no_solver_001_F.go b/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_001_T/conditional_switch_no_solver_001_T.go similarity index 80% rename from sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_001_F/conditional_switch_no_solver_001_F.go rename to sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_001_T/conditional_switch_no_solver_001_T.go index a3f1d3a8..4a9a3ec9 100644 --- a/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_001_F/conditional_switch_no_solver_001_F.go +++ b/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_001_T/conditional_switch_no_solver_001_T.go @@ -1,13 +1,13 @@ package main -import "os/exec" +import "os/exec" // evaluation information start // real case = true // evaluation item = 准确度->路径敏感分析->条件语句、条件表达式和循环结构->无需通过对不同的条件进行求解,即能够区分不同的执行路径的状态 // scene introduction = switch->区分switch平坦化与分支(不需求解) // level = 3 -// bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_001_F/conditional_switch_no_solver_001_F +// bind_url = accuracy/path_sensitive/loop_conditional_stmt/no_solver/conditional_switch_no_solver_001_T/conditional_switch_no_solver_001_T // evaluation information end func conditional_switch_no_solver_001_F(__taint_src string) { @@ -23,9 +23,9 @@ func conditional_switch_no_solver_001_F(__taint_src string) { func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } +} func main() { - __taint_src := "taint_src_value" - conditional_switch_no_solver_001_F(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + conditional_switch_no_solver_001_F(__taint_src) +} diff --git a/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/config.json b/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/config.json index 0634d1a0..8431c302 100644 --- a/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/config.json +++ b/sast-go/cases/accuracy/path_sensitive/loop_conditional_stmt/no_solver/config.json @@ -7,7 +7,7 @@ "level": "3", "scene_list": [ { - "compose": "!conditional_if_no_solver_001_F/conditional_if_no_solver_001_F.go && !conditional_if_no_solver_002_F/conditional_if_no_solver_002_F.go", + "compose": "conditional_if_no_solver_001_T/conditional_if_no_solver_001_T.go && !conditional_if_no_solver_002_F/conditional_if_no_solver_002_F.go", "scene": "if->区分if else扁平化与分支(不求解)" }, { @@ -15,7 +15,7 @@ "scene": "if->区分if else具体路径(不求解)" }, { - "compose": "!conditional_switch_no_solver_001_F/conditional_switch_no_solver_001_F.go && !conditional_switch_no_solver_002_F/conditional_switch_no_solver_002_F.go", + "compose": "conditional_switch_no_solver_001_T/conditional_switch_no_solver_001_T.go && !conditional_switch_no_solver_002_F/conditional_switch_no_solver_002_F.go", "scene": "switch->区分switch平坦化与分支(不需求解)" }, { @@ -27,4 +27,4 @@ ] } ] -} \ No newline at end of file +} diff --git a/sast-go/cases/completeness/dynamic_tracing/dynamic_type/config.json b/sast-go/cases/completeness/dynamic_tracing/dynamic_type/config.json deleted file mode 100644 index e69de29b..00000000 diff --git a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/multi_process/config.json b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/multi_process/config.json deleted file mode 100644 index e69de29b..00000000 diff --git a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/multi_thread/config.json b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/multi_thread/config.json index 6b2530dc..8c2719ed 100644 --- a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/multi_thread/config.json +++ b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/multi_thread/config.json @@ -13,6 +13,10 @@ { "compose": "asynchronous_select_001_T/asynchronous_select_001_T.go && !asynchronous_select_002_F/asynchronous_select_002_F.go", "scene": "select" + }, + { + "compose": "atomic_synchronization_001_T/atomic_synchronization_001_T.go && !atomic_synchronization_002_F/atomic_synchronization_002_F.go", + "scene": "原子操作" } ] }, @@ -32,4 +36,4 @@ ] } ] -} \ No newline at end of file +} diff --git a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/atomic_synchronization_001_T/atomic_synchronization_001_T.go b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/atomic_synchronization_001_T/atomic_synchronization_001_T.go new file mode 100644 index 00000000..c985a407 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/atomic_synchronization_001_T/atomic_synchronization_001_T.go @@ -0,0 +1,56 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 +// scene introduction = 原子操作 +// level = 2 +// bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/atomic_synchronization_001_T/atomic_synchronization_001_T +// date = 2025-11-28 10:36:30 +// evaluation information end + +package main + +import ( + "os/exec" + "sync" + "sync/atomic" +) + +func atomic_synchronization_001_T(__taint_src string) { + var sharedData atomic.Value + var done int32 + var wg sync.WaitGroup + + // 场景特点:使用原子操作在goroutine间安全地传递数据 + wg.Add(1) + go func() { + defer wg.Done() + sharedData.Store(__taint_src) + atomic.StoreInt32(&done, 1) + }() + + // 等待写入操作完成 + wg.Wait() + + // 现在进行读取操作 + wg.Add(1) + go func() { + defer wg.Done() + for atomic.LoadInt32(&done) == 0 { + // 等待数据准备完成 + } + data := sharedData.Load().(string) + __taint_sink(data) + }() + + // 等待读取操作完成 + wg.Wait() +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := "taint_src_value" + atomic_synchronization_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/atomic_synchronization_002_F/atomic_synchronization_002_F.go b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/atomic_synchronization_002_F/atomic_synchronization_002_F.go new file mode 100644 index 00000000..16cce2cf --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/atomic_synchronization_002_F/atomic_synchronization_002_F.go @@ -0,0 +1,56 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 +// scene introduction = 原子操作 +// level = 2 +// bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/atomic_synchronization_002_F/atomic_synchronization_002_F +// date = 2025-11-28 10:36:30 +// evaluation information end + +package main + +import ( + "os/exec" + "sync" + "sync/atomic" +) + +func atomic_synchronization_002_F(__taint_src string) { + var sharedData atomic.Value + var done int32 + var wg sync.WaitGroup + + // 场景特点:使用原子操作在goroutine间传递数据,但污染数据未传递到sink + wg.Add(1) + go func() { + defer wg.Done() + sharedData.Store(__taint_src) // 污染源存储到原子值 + atomic.StoreInt32(&done, 1) + }() + + // 等待写入操作完成 + wg.Wait() + + // 现在进行读取操作 + wg.Add(1) + go func() { + defer wg.Done() + for atomic.LoadInt32(&done) == 0 { + // 等待数据准备完成 + } + _ = sharedData.Load() // 读取原子值但不传递到sink + __taint_sink("clean_data") // 使用干净数据 + }() + + // 等待读取操作完成 + wg.Wait() +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := "taint_src_value" + atomic_synchronization_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/cond_synchronization_001_T/cond_synchronization_001_T.go b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/cond_synchronization_001_T/cond_synchronization_001_T.go new file mode 100644 index 00000000..09eb1c6e --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/cond_synchronization_001_T/cond_synchronization_001_T.go @@ -0,0 +1,51 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 +// scene introduction = 条件变量 +// level = 2 +// bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/cond_synchronization_001_T/cond_synchronization_001_T +// date = 2025-11-28 10:36:30 +// evaluation information end + +package main + +import ( + "os/exec" + "sync" +) + +func cond_synchronization_001_T(__taint_src string) { + var mu sync.Mutex + cond := sync.NewCond(&mu) + var result string = "" + var wg sync.WaitGroup + + wg.Add(1) + // 启动一个goroutine来通知条件变量 + go func() { + defer wg.Done() + // 场景特点:使用条件变量等待和通知机制同步数据 + mu.Lock() + for result == "" { + cond.Wait() + } + __taint_sink(result) + mu.Unlock() + }() + + mu.Lock() + result = __taint_src + cond.Signal() + mu.Unlock() + + wg.Wait() +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := "taint_src_value" + cond_synchronization_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/cond_synchronization_002_F/cond_synchronization_002_F.go b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/cond_synchronization_002_F/cond_synchronization_002_F.go new file mode 100644 index 00000000..0000478d --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/cond_synchronization_002_F/cond_synchronization_002_F.go @@ -0,0 +1,51 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 +// scene introduction = 条件变量 +// level = 2 +// bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/cond_synchronization_002_F/cond_synchronization_002_F +// date = 2025-11-28 10:36:30 +// evaluation information end + +package main + +import ( + "os/exec" + "sync" +) + +func cond_synchronization_002_F(__taint_src string) { + var mu sync.Mutex + cond := sync.NewCond(&mu) + var result string = "" + var wg sync.WaitGroup + + wg.Add(1) + // 启动一个goroutine来通知条件变量 + go func() { + defer wg.Done() + // 场景特点:使用条件变量等待和通知机制同步数据 + mu.Lock() + for result == "" { + cond.Wait() + } + __taint_sink(result) + mu.Unlock() + }() + + mu.Lock() + result = "safe_value" + cond.Signal() + mu.Unlock() + + wg.Wait() +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := "taint_src_value" + cond_synchronization_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/config.json b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/config.json index 434cc236..e738225e 100644 --- a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/config.json +++ b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/config.json @@ -1,8 +1,46 @@ { "promise_callback_await": [ { - "evaluation_item": "", - "scene_levels": [] + "evaluation_item": "完整度->单应用跟踪完整度->并发、多线程、异步->同步原语", + "scene_levels": [ + { + "level": "2", + "scene_list": [ + { + "compose": "mutex_synchronization_001_T/mutex_synchronization_001_T.go && !mutex_synchronization_002_F/mutex_synchronization_002_F.go", + "scene": "互斥锁" + }, + { + "compose": "rwmutex_synchronization_001_T/rwmutex_synchronization_001_T.go && !rwmutex_synchronization_002_F/rwmutex_synchronization_002_F.go", + "scene": "读写锁" + }, + { + "compose": "cond_synchronization_001_T/cond_synchronization_001_T.go && !cond_synchronization_002_F/cond_synchronization_002_F.go", + "scene": "条件变量" + }, + { + "compose": "atomic_synchronization_001_T/atomic_synchronization_001_T.go && !atomic_synchronization_002_F/atomic_synchronization_002_F.go", + "scene": "原子操作" + }, + { + "compose": "waitgroup_synchronization_001_T/waitgroup_synchronization_001_T.go && !waitgroup_synchronization_002_F/waitgroup_synchronization_002_F.go", + "scene": "WaitGroup" + }, + { + "compose": "once_execution_001_T/once_execution_001_T.go && !once_execution_002_F/once_execution_002_F.go", + "scene": "Once单次执行" + }, + { + "compose": "synchronization_primitive_001_T/synchronization_primitive_001_T.go && !synchronization_primitive_002_F/synchronization_primitive_002_F.go", + "scene": "同步原语-'<-'" + }, + { + "compose": "synchronization_primitive_003_T/synchronization_primitive_003_T.go && !synchronization_primitive_004_F/synchronization_primitive_004_F.go", + "scene": "同步原语-'<-'2" + } + ] + } + ] } ] -} \ No newline at end of file +} diff --git a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/mutex_synchronization_001_T/mutex_synchronization_001_T.go b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/mutex_synchronization_001_T/mutex_synchronization_001_T.go new file mode 100644 index 00000000..24e6da63 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/mutex_synchronization_001_T/mutex_synchronization_001_T.go @@ -0,0 +1,53 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 +// scene introduction = 互斥锁 +// level = 2 +// bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/mutex_synchronization_001_T/mutex_synchronization_001_T +// date = 2025-11-28 10:36:30 +// evaluation information end + +package main + +import ( + "os/exec" + "sync" + "time" +) + +func mutex_synchronization_001_T(__taint_src string) { + var mu sync.Mutex + var wg sync.WaitGroup + var result string = __taint_src + + wg.Add(2) + // 场景特点:使用互斥锁保护临界区,确保数据一致性 + go func() { + defer wg.Done() + mu.Lock() + time.Sleep(2 * time.Second) + result = result + "1" + mu.Unlock() + }() + + go func() { + defer wg.Done() + time.Sleep(1 * time.Second) + mu.Lock() + result = result + "2" + mu.Unlock() + }() + + wg.Wait() + + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := "taint_src_value" + mutex_synchronization_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/mutex_synchronization_002_F/mutex_synchronization_002_F.go b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/mutex_synchronization_002_F/mutex_synchronization_002_F.go new file mode 100644 index 00000000..2f97ea74 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/mutex_synchronization_002_F/mutex_synchronization_002_F.go @@ -0,0 +1,53 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 +// scene introduction = 互斥锁 +// level = 2 +// bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/mutex_synchronization_002_F/mutex_synchronization_002_F +// date = 2025-11-28 10:36:30 +// evaluation information end + +package main + +import ( + "os/exec" + "sync" + "time" +) + +func mutex_synchronization_002_F(__taint_src string) { + var mu sync.Mutex + var wg sync.WaitGroup + var result string = __taint_src + + wg.Add(2) + // 场景特点:使用互斥锁保护临界区,确保数据一致性 + go func() { + defer wg.Done() + mu.Lock() + time.Sleep(2 * time.Second) + result = "1" + mu.Unlock() + }() + + go func() { + defer wg.Done() + time.Sleep(1 * time.Second) + mu.Lock() + result = result + "2" + mu.Unlock() + }() + + wg.Wait() + + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := "taint_src_value" + mutex_synchronization_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/once_execution_001_T/once_execution_001_T.go b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/once_execution_001_T/once_execution_001_T.go new file mode 100644 index 00000000..17b92372 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/once_execution_001_T/once_execution_001_T.go @@ -0,0 +1,42 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 +// scene introduction = Once单次执行 +// level = 2 +// bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/once_execution_001_T/once_execution_001_T +// date = 2025-11-28 10:36:30 +// evaluation information end + +package main + +import ( + "os/exec" + "sync" +) + +var once sync.Once +var result string + +func createOnce() { + once.Do(func() { + result = result + "1" + }) +} + +func once_execution_001_T(__taint_src string) { + result = __taint_src + // 场景特点:使用Once确保函数只执行一次,保护数据初始化 + createOnce() + createOnce() + + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := "taint_src_value" + once_execution_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/once_execution_002_F/once_execution_002_F.go b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/once_execution_002_F/once_execution_002_F.go new file mode 100644 index 00000000..78103b0e --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/once_execution_002_F/once_execution_002_F.go @@ -0,0 +1,42 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 +// scene introduction = Once单次执行 +// level = 2 +// bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/once_execution_002_F/once_execution_002_F +// date = 2025-11-28 10:36:30 +// evaluation information end + +package main + +import ( + "os/exec" + "sync" +) + +var once sync.Once +var result string + +func createOnce() { + once.Do(func() { + result = "safe_value" + }) +} + +func once_execution_002_F(__taint_src string) { + result = __taint_src + // 场景特点:使用Once确保函数只执行一次,但污染源未传递到结果 + createOnce() + createOnce() + + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := "taint_src_value" + once_execution_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/rwmutex_synchronization_001_T/rwmutex_synchronization_001_T.go b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/rwmutex_synchronization_001_T/rwmutex_synchronization_001_T.go new file mode 100644 index 00000000..76c40e60 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/rwmutex_synchronization_001_T/rwmutex_synchronization_001_T.go @@ -0,0 +1,51 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 +// scene introduction = 读写锁 +// level = 2 +// bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/rwmutex_synchronization_001_T/rwmutex_synchronization_001_T +// date = 2025-11-28 10:36:30 +// evaluation information end + +package main + +import ( + "os/exec" + "sync" + "time" +) + +func rwmutex_synchronization_001_T(__taint_src string) { + var rwMu sync.RWMutex + var result string + var wg sync.WaitGroup + + wg.Add(2) + // 场景特点:使用读写锁保护数据,写操作加写锁 + go func() { + defer wg.Done() + rwMu.Lock() + result = __taint_src + rwMu.Unlock() + }() + + go func() { + defer wg.Done() + time.Sleep(1 * time.Second) + rwMu.RLock() + __taint_sink(result) + rwMu.RUnlock() + }() + + wg.Wait() + +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := "taint_src_value" + rwmutex_synchronization_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/rwmutex_synchronization_002_F/rwmutex_synchronization_002_F.go b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/rwmutex_synchronization_002_F/rwmutex_synchronization_002_F.go new file mode 100644 index 00000000..06451bbb --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/rwmutex_synchronization_002_F/rwmutex_synchronization_002_F.go @@ -0,0 +1,51 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 +// scene introduction = 读写锁 +// level = 2 +// bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/rwmutex_synchronization_002_F/rwmutex_synchronization_002_F +// date = 2025-11-28 10:36:30 +// evaluation information end + +package main + +import ( + "os/exec" + "sync" + "time" +) + +func rwmutex_synchronization_002_F(__taint_src string) { + var rwMu sync.RWMutex + var result string + var wg sync.WaitGroup + + wg.Add(2) + // 场景特点:使用读写锁保护数据,写操作加写锁 + go func() { + defer wg.Done() + rwMu.Lock() + result = __taint_src + rwMu.Unlock() + }() + + go func() { + defer wg.Done() + time.Sleep(1 * time.Second) + rwMu.RLock() + _ = result + __taint_sink("safe_value") + rwMu.RUnlock() + }() + + wg.Wait() +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := "taint_src_value" + rwmutex_synchronization_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/synchronization_primitive/synchronization_primitive_001_T/synchronization_primitive_001_T.go b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/synchronization_primitive_001_T/synchronization_primitive_001_T.go similarity index 87% rename from sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/synchronization_primitive/synchronization_primitive_001_T/synchronization_primitive_001_T.go rename to sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/synchronization_primitive_001_T/synchronization_primitive_001_T.go index 9dfb7dda..c1fece3f 100644 --- a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/synchronization_primitive/synchronization_primitive_001_T/synchronization_primitive_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/synchronization_primitive_001_T/synchronization_primitive_001_T.go @@ -4,7 +4,7 @@ // evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 // scene introduction = 同步原语-'<-' // level = 2 -// bind_url = completeness/single_app_tracing/asynchronous_tracing/synchronization_primitive/synchronization_primitive_001_T/synchronization_primitive_001_T +// bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/synchronization_primitive_001_T/synchronization_primitive_001_T // evaluation information end package main diff --git a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/synchronization_primitive/synchronization_primitive_002_F/synchronization_primitive_002_F.go b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/synchronization_primitive_002_F/synchronization_primitive_002_F.go similarity index 88% rename from sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/synchronization_primitive/synchronization_primitive_002_F/synchronization_primitive_002_F.go rename to sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/synchronization_primitive_002_F/synchronization_primitive_002_F.go index c0f4d4f0..3220c2f0 100644 --- a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/synchronization_primitive/synchronization_primitive_002_F/synchronization_primitive_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/synchronization_primitive_002_F/synchronization_primitive_002_F.go @@ -4,7 +4,7 @@ // evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 // scene introduction = 同步原语-'<-' // level = 2 -// bind_url = completeness/single_app_tracing/asynchronous_tracing/synchronization_primitive/synchronization_primitive_002_F/synchronization_primitive_002_F +// bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/synchronization_primitive_002_F/synchronization_primitive_002_F // evaluation information end package main diff --git a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/synchronization_primitive/synchronization_primitive_003_T/synchronization_primitive_003_T.go b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/synchronization_primitive_003_T/synchronization_primitive_003_T.go similarity index 88% rename from sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/synchronization_primitive/synchronization_primitive_003_T/synchronization_primitive_003_T.go rename to sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/synchronization_primitive_003_T/synchronization_primitive_003_T.go index 73f77162..31673c15 100644 --- a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/synchronization_primitive/synchronization_primitive_003_T/synchronization_primitive_003_T.go +++ b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/synchronization_primitive_003_T/synchronization_primitive_003_T.go @@ -4,7 +4,7 @@ // evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 // scene introduction = 同步原语-'<-' // level = 2 -// bind_url = completeness/single_app_tracing/asynchronous_tracing/synchronization_primitive/synchronization_primitive_003_T/synchronization_primitive_003_T +// bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/synchronization_primitive_003_T/synchronization_primitive_003_T // evaluation information end package main diff --git a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/synchronization_primitive/synchronization_primitive_004_F/synchronization_primitive_004_F.go b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/synchronization_primitive_004_F/synchronization_primitive_004_F.go similarity index 88% rename from sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/synchronization_primitive/synchronization_primitive_004_F/synchronization_primitive_004_F.go rename to sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/synchronization_primitive_004_F/synchronization_primitive_004_F.go index 428d2602..dd67c5ae 100644 --- a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/synchronization_primitive/synchronization_primitive_004_F/synchronization_primitive_004_F.go +++ b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/synchronization_primitive_004_F/synchronization_primitive_004_F.go @@ -4,7 +4,7 @@ // evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 // scene introduction = 同步原语-'<-' // level = 2 -// bind_url = completeness/single_app_tracing/asynchronous_tracing/synchronization_primitive/synchronization_primitive_004_F/synchronization_primitive_004_F +// bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/synchronization_primitive_004_F/synchronization_primitive_004_F // evaluation information end package main diff --git a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/waitgroup_synchronization_001_T/waitgroup_synchronization_001_T.go b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/waitgroup_synchronization_001_T/waitgroup_synchronization_001_T.go new file mode 100644 index 00000000..9cb18cad --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/waitgroup_synchronization_001_T/waitgroup_synchronization_001_T.go @@ -0,0 +1,39 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 +// scene introduction = WaitGroup +// level = 2 +// bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/waitgroup_synchronization_001_T/waitgroup_synchronization_001_T +// date = 2025-11-28 10:36:30 +// evaluation information end + +package main + +import ( + "os/exec" + "sync" +) + +func waitgroup_synchronization_001_T(__taint_src string) { + var wg sync.WaitGroup + var result string + + wg.Add(1) + go func() { + defer wg.Done() + // 场景特点:使用WaitGroup等待goroutine完成,确保数据传递 + result = __taint_src + }() + + wg.Wait() + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := "taint_src_value" + waitgroup_synchronization_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/waitgroup_synchronization_002_F/waitgroup_synchronization_002_F.go b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/waitgroup_synchronization_002_F/waitgroup_synchronization_002_F.go new file mode 100644 index 00000000..4daa382c --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/waitgroup_synchronization_002_F/waitgroup_synchronization_002_F.go @@ -0,0 +1,40 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->并发、多线程、异步->同步原语 +// scene introduction = WaitGroup +// level = 2 +// bind_url = completeness/single_app_tracing/asynchronous_tracing/promise_callback_await/waitgroup_synchronization_002_F/waitgroup_synchronization_002_F +// date = 2025-11-28 10:36:30 +// evaluation information end + +package main + +import ( + "os/exec" + "sync" +) + +func waitgroup_synchronization_002_F(__taint_src string) { + var wg sync.WaitGroup + var result string + + wg.Add(1) + go func() { + defer wg.Done() + // 场景特点:使用WaitGroup等待goroutine完成,但污染源未传递到结果 + result = __taint_src + }() + + wg.Wait() + result = "safe_value" // 污染源被覆盖 + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := "taint_src_value" + waitgroup_synchronization_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/synchronization_primitive/config.json b/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/synchronization_primitive/config.json deleted file mode 100644 index 7f7ad3bb..00000000 --- a/sast-go/cases/completeness/single_app_tracing/asynchronous_tracing/synchronization_primitive/config.json +++ /dev/null @@ -1,22 +0,0 @@ -{ - "synchronization_primitive": [ - { - "evaluation_item": "完整度->单应用跟踪完整度->并发、多线程、异步->同步原语", - "scene_levels": [ - { - "level": "2", - "scene_list": [ - { - "compose": "synchronization_primitive_001_T/synchronization_primitive_001_T.go && !synchronization_primitive_002_F/synchronization_primitive_002_F.go", - "scene": "同步原语-'<-'" - }, - { - "compose": "synchronization_primitive_003_T/synchronization_primitive_003_T.go && !synchronization_primitive_004_F/synchronization_primitive_004_F.go", - "scene": "同步原语-'<-'2" - } - ] - } - ] - } - ] -} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_009_T/cross/cross_init/cross_directory_init_009_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_009_T/cross/cross_init/cross_directory_init_009_T.go index 76ab2ec1..2ab0eba5 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_009_T/cross/cross_init/cross_directory_init_009_T.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_009_T/cross/cross_init/cross_directory_init_009_T.go @@ -3,7 +3,7 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 // scene introduction = 跨package5 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_009_T/cross/ccross_init/cross_directory_init_009_T +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_009_T/cross/cross_init/cross_directory_init_009_T // evaluation information end package pkg diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_directory_015_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_directory_015_T.go deleted file mode 100644 index 23de2576..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_directory_015_T.go +++ /dev/null @@ -1,31 +0,0 @@ -// evaluation information start -// real case = true -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = init函数自动执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_directory_015_T -// evaluation information end - -// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross -// 再执行go run cross_directory_015_T.go -package main -import ( - "cross_directory_015_T/cross/cross_init" - "os/exec" - "fmt" -) - -// Go语言支持包中定义init函数,在这个包被首次初始化(import)时,会自动触发这个包的init函数 -func cross_directory_015_T() { - // 看cross_init.Status是否被init处理过 - __taint_sink(cross_init.Status) -} - -func __taint_sink(o interface{}) { - fmt.Println("o 的值:", o) - _ = exec.Command("sh", "-c", o.(string)).Run() - } - -func main() { - cross_directory_015_T() -} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_export_015_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_export_015_T.go deleted file mode 100644 index 3a1f8c66..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_export_015_T.go +++ /dev/null @@ -1,11 +0,0 @@ -// evaluation information start -// real case = true -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = init函数自动执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_export_015_T -// evaluation information end - -package cross_init - -var Taint_src = "taint_src_value" \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_init_015_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_init_015_T.go deleted file mode 100644 index c3034416..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_init_015_T.go +++ /dev/null @@ -1,14 +0,0 @@ -// evaluation information start -// real case = true -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = init函数自动执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_init_015_T -// evaluation information end - -package cross_init - -var Status string -func init() { - Status = Taint_src -} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/go.mod deleted file mode 100644 index af303122..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/go.mod +++ /dev/null @@ -1,3 +0,0 @@ -module cross_directory_015_T - -go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_directory_016_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_directory_016_F.go deleted file mode 100644 index 320f9aa8..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_directory_016_F.go +++ /dev/null @@ -1,23 +0,0 @@ -// evaluation information start -// real case = false -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = init函数自动执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_directory_016_F -// evaluation information end -// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross -// 再执行go run cross_directory_016_F.go -package main -import ( - "cross_directory_016_F/cross/cross_init" - "os/exec" -) -func cross_directory_016_F() { - __taint_sink(cross_init.Status) -} -func __taint_sink(o interface{}) { - _ = exec.Command("sh", "-c", o.(string)).Run() - } -func main() { - cross_directory_016_F() -} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_export_016_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_export_016_F.go deleted file mode 100644 index efdc3922..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_export_016_F.go +++ /dev/null @@ -1,11 +0,0 @@ -// evaluation information start -// real case = false -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = init函数自动执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_015_T/cross/cross_init/cross_directory_export_016_F -// evaluation information end - -package cross_init - -var Taint_src = "taint_src_value" \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_init_016_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_init_016_F.go deleted file mode 100644 index d3d82891..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_init_016_F.go +++ /dev/null @@ -1,14 +0,0 @@ -// evaluation information start -// real case = false -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = init函数自动执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/cross/cross_init/cross_directory_init_016_F -// evaluation information end -package cross_init - -var Status string -func init() { - Status = Taint_src - Status = "_" -} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/go.mod deleted file mode 100644 index 021168fc..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_016_F/go.mod +++ /dev/null @@ -1,3 +0,0 @@ -module cross_directory_016_F - -go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_directory_017_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_directory_017_T.go deleted file mode 100644 index 23107ad2..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_directory_017_T.go +++ /dev/null @@ -1,32 +0,0 @@ -// evaluation information start -// real case = true -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 多init函数顺序执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_directory_017_T -// evaluation information end - -// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross -// 再执行go run cross_directory_017_T.go - -package main -import ( - "cross_directory_017_T/cross/cross_init" - "os/exec" -) - -// Go语言支持同一个包中有多个init函数,这些init可以在同一个文件也可以在不同文件中。 -// init函数之间的执行是有顺序的,不同文件中则按文件排序顺序、同一文件则按init声明从上之下的顺序 -// init函数是先执行的,所有init函数执行完后才会执行自定义函数 -func cross_directory_017_T() { - // 若正确处理,Status的值应该是"taint_src_value234" - __taint_sink(cross_init.Status) -} - -func __taint_sink(o interface{}) { - _ = exec.Command("sh", "-c", o.(string)).Run() - } - -func main() { - cross_directory_017_T() -} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_export_017_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_export_017_T.go deleted file mode 100644 index 905898d5..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_export_017_T.go +++ /dev/null @@ -1,11 +0,0 @@ -// evaluation information start -// real case = true -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 多init函数顺序执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_export_017_T -// evaluation information end - -package cross_init - -var Taint_src = "taint_src_value" \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_a.go deleted file mode 100644 index 5ca360f3..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_a.go +++ /dev/null @@ -1,17 +0,0 @@ -// evaluation information start -// real case = true -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 多init函数顺序执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_a -// evaluation information end - -package cross_init - -func init() { - Status = Taint_src -} - -func init() { - Status += "2" -} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_b.go deleted file mode 100644 index 77796bc2..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_b.go +++ /dev/null @@ -1,19 +0,0 @@ -// evaluation information start -// real case = true -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 多init函数顺序执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/cross/cross_init/cross_directory_init_017_T_b -// evaluation information end - -package cross_init - -var Status string - -func init() { - Status += "3" -} - -func init() { - Status += "4" -} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/go.mod deleted file mode 100644 index 5242c6b6..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_017_T/go.mod +++ /dev/null @@ -1,3 +0,0 @@ -module cross_directory_017_T - -go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_directory_018_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_directory_018_F.go deleted file mode 100644 index fdd680cf..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_directory_018_F.go +++ /dev/null @@ -1,32 +0,0 @@ -// evaluation information start -// real case = false -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 多init函数顺序执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_directory_018_F -// evaluation information end - -// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross -// 再执行go run cross_directory_018_F.go - -package main -import ( - "cross_directory_018_F/cross/cross_init" - "os/exec" -) - -// Go语言支持同一个包中有多个init函数,这些init可以在同一个文件也可以在不同文件中。 -// init函数之间的执行是有顺序的,不同文件中则按文件排序顺序、同一文件则按init声明从上之下的顺序 -// init函数是先执行的,所有init函数执行完后才会执行自定义函数 -func cross_directory_018_F() { - // 若正确处理,Status的值应该是"_234" - __taint_sink(cross_init.Status) -} - -func __taint_sink(o interface{}) { - _ = exec.Command("sh", "-c", o.(string)).Run() - } - -func main() { - cross_directory_018_F() -} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_export_018_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_export_018_F.go deleted file mode 100644 index 62300bcd..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_export_018_F.go +++ /dev/null @@ -1,11 +0,0 @@ -// evaluation information start -// real case = false -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 多init函数顺序执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_export_018_F -// evaluation information end - -package cross_init - -var Taint_src = "taint_src_value" \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_a.go deleted file mode 100644 index b0222b25..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_a.go +++ /dev/null @@ -1,18 +0,0 @@ -// evaluation information start -// real case = false -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 多init函数顺序执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_a -// evaluation information end - -package cross_init - -func init() { - Status = Taint_src - Status = "_" -} - -func init() { - Status += "2" -} diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_b.go deleted file mode 100644 index 81456e89..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_b.go +++ /dev/null @@ -1,19 +0,0 @@ -// evaluation information start -// real case = false -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 多init函数顺序执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/cross/cross_init/cross_directory_init_018_F_b -// evaluation information end - -package cross_init - -var Status string - -func init() { - Status += "3" -} - -func init() { - Status += "4" -} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/go.mod deleted file mode 100644 index 894d75bf..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_018_F/go.mod +++ /dev/null @@ -1,3 +0,0 @@ -module cross_directory_018_F - -go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_directory_019_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_directory_019_T.go deleted file mode 100644 index 12b89b68..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_directory_019_T.go +++ /dev/null @@ -1,31 +0,0 @@ -// evaluation information start -// real case = true -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 多init函数顺序执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_directory_019_T -// evaluation information end -// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross -// 再执行go run cross_directory_019_T.go - -package main -import ( - "cross_directory_019_T/cross/cross_init" - "os/exec" - "fmt" -) - -// Go语言支持同一个包中有多个init函数,这些init可以在同一个文件也可以在不同文件中。 -// 当这个包被import时,所有包中的init函数都会被执行 -func cross_directory_019_T() { - // 若正确处理,pkg.Status的值应该是20 - __taint_sink(cross_init.Status) -} - -func __taint_sink(o interface{}) { - _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() - } - -func main() { - cross_directory_019_T() -} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_export_019_T.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_export_019_T.go deleted file mode 100644 index 842bae46..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_export_019_T.go +++ /dev/null @@ -1,11 +0,0 @@ -// evaluation information start -// real case = true -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 多init函数顺序执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_export_019_T -// evaluation information end - -package cross_init - -var Taint_src = 10 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_a.go deleted file mode 100644 index 7d94ba88..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_a.go +++ /dev/null @@ -1,17 +0,0 @@ -// evaluation information start -// real case = true -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 多init函数顺序执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_a -// evaluation information end - -package cross_init - -func init() { - Status += Taint_src -} - -func init() { - Status += 2 -} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_b.go deleted file mode 100644 index a0cb564d..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_b.go +++ /dev/null @@ -1,18 +0,0 @@ -// evaluation information start -// real case = true -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 多init函数顺序执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/cross/cross_init/cross_directory_init_019_T_b -// evaluation information end - -package cross_init - -var Status int = 1 - -func init() { - Status += 3 -} -func init() { - Status += 4 -} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/go.mod deleted file mode 100644 index e6689719..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_019_T/go.mod +++ /dev/null @@ -1,3 +0,0 @@ -module cross_directory_019_T - -go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_directory_020_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_directory_020_F.go deleted file mode 100644 index 490498fc..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_directory_020_F.go +++ /dev/null @@ -1,32 +0,0 @@ -// evaluation information start -// real case = false -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 多init函数顺序执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_directory_020_F -// evaluation information end - -// 先cd到sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross -// 再执行go run cross_directory_020_F.go - -package main -import ( - "cross_directory_020_F/cross/cross_init" - "os/exec" - "fmt" -) - -// Go语言支持同一个包中有多个init函数,这些init可以在同一个文件也可以在不同文件中。 -// 当这个包被import时,所有包中的init函数都会被执行 -func cross_directory_020_F() { - // 若正确处理,pkg.Status的值应该是0 - __taint_sink(cross_init.Status) -} - -func __taint_sink(o interface{}) { - _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() - } - -func main() { - cross_directory_020_F() -} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_export_020_F.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_export_020_F.go deleted file mode 100644 index f9f1aa96..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_export_020_F.go +++ /dev/null @@ -1,11 +0,0 @@ -// evaluation information start -// real case = false -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 多init函数顺序执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_export_020_F -// evaluation information end - -package cross_init - -var Taint_src = 10 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_a.go deleted file mode 100644 index c3cc9146..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_a.go +++ /dev/null @@ -1,17 +0,0 @@ -// evaluation information start -// real case = false -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 多init函数顺序执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_a -// evaluation information end - -package cross_init - -func init() { - Status += Taint_src -} - -func init() { - Status += 2 -} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_b.go deleted file mode 100644 index cfcac003..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_b.go +++ /dev/null @@ -1,18 +0,0 @@ -// evaluation information start -// real case = false -// evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨包 -// scene introduction = 多init函数顺序执行 -// level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/cross/cross_init/cross_directory_init_020_F_b -// evaluation information end - -package cross_init - -var Status int = 1 - -func init() { - Status += 3 -} -func init() { - Status = 0 -} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/go.mod b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/go.mod deleted file mode 100644 index 57f04550..00000000 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_directory/cross_directory_020_F/go.mod +++ /dev/null @@ -1,3 +0,0 @@ -module cross_directory_020_F - -go 1.20 \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_001_T/cross_file_001_T_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_001_T/cross_file_001_T_a.go index 19910598..b3f4c0f9 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_001_T/cross_file_001_T_a.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_001_T/cross_file_001_T_a.go @@ -4,7 +4,7 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨文件 // scene introduction = 跨文件 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_001_T/cross_file_001_T +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_001_T/cross_file_001_T_a // evaluation information end //两个文件都使用 package main,Go 会将它们视为同一个包 diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_001_T/cross_file_001_T_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_001_T/cross_file_001_T_b.go index 1b152a63..46dd7567 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_001_T/cross_file_001_T_b.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_001_T/cross_file_001_T_b.go @@ -4,7 +4,7 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨文件 // scene introduction = 跨文件 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_001_T/cross_file_001_T +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_001_T/cross_file_001_T_b // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_002_F/cross_file_002_F_a.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_002_F/cross_file_002_F_a.go index af476ac9..630101eb 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_002_F/cross_file_002_F_a.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_002_F/cross_file_002_F_a.go @@ -4,7 +4,7 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨文件 // scene introduction = 跨文件 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_002_F/cross_file_002_F +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_002_F/cross_file_002_F_a // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_002_F/cross_file_002_F_b.go b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_002_F/cross_file_002_F_b.go index f2e0344f..439d3ba7 100644 --- a/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_002_F/cross_file_002_F_b.go +++ b/sast-go/cases/completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_002_F/cross_file_002_F_b.go @@ -4,7 +4,7 @@ // evaluation item = 完整度->单应用跟踪完整度->文件、包、命名空间->跨文件 // scene introduction = 跨文件 // level = 2 -// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_002_F/cross_file_002_F +// bind_url = completeness/single_app_tracing/cross_file_package_namespace/cross_file/cross_file_002_F/cross_file_002_F_b // evaluation information end diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/array/array_004_F/array_004_F.go b/sast-go/cases/completeness/single_app_tracing/datatype/array/array_004_F/array_004_F.go index 2877a637..91b9cae3 100644 --- a/sast-go/cases/completeness/single_app_tracing/datatype/array/array_004_F/array_004_F.go +++ b/sast-go/cases/completeness/single_app_tracing/datatype/array/array_004_F/array_004_F.go @@ -4,7 +4,7 @@ // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->数组 // scene introduction = 二维 // level = 2 -// bind_url = completeness/object_tracing/datatype/array_slice/array_004_F/array_004_F +// bind_url = completeness/single_app_tracing/datatype/array/array_004_F/array_004_F // evaluation information end package main diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/array/array_index_001_T/array_index_001_T.go b/sast-go/cases/completeness/single_app_tracing/datatype/array/array_index_001_T/array_index_001_T.go new file mode 100644 index 00000000..1c2e5c01 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/datatype/array/array_index_001_T/array_index_001_T.go @@ -0,0 +1,29 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->数组 +// scene introduction = 数组索引 +// level = 2 +// date = 2025-11-28 16:27:50 +// bind_url = completeness/single_app_tracing/datatype/array/array_index_001_T/array_index_001_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func array_index_002_F(__taint_src string) { + var arr = [3]string{__taint_src, "b", "c"} + __taint_sink(arr[0]) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + array_index_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/array/array_index_002_F/array_index_002_F.go b/sast-go/cases/completeness/single_app_tracing/datatype/array/array_index_002_F/array_index_002_F.go new file mode 100644 index 00000000..25a5e55d --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/datatype/array/array_index_002_F/array_index_002_F.go @@ -0,0 +1,30 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->数组 +// scene introduction = 数组索引 +// level = 2 +// date = 2025-11-28 16:27:50 +// bind_url = completeness/single_app_tracing/datatype/array/array_index_002_F/array_index_002_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func array_index_002_F(__taint_src string) { + var arr = [3]string{__taint_src, "b", "c"} + arr[0] = "safe_value" + __taint_sink(arr[0]) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + array_index_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/array/array_slice_001_T/array_slice_001_T.go b/sast-go/cases/completeness/single_app_tracing/datatype/array/array_slice_001_T/array_slice_001_T.go new file mode 100644 index 00000000..97d0c397 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/datatype/array/array_slice_001_T/array_slice_001_T.go @@ -0,0 +1,31 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->数组 +// scene introduction = 数组切片操作 +// level = 2 +// date = 2025-11-28 16:27:50 +// bind_url = completeness/single_app_tracing/datatype/array/array_slice_001_T/array_slice_001_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func array_slice_001_T(__taint_src string) { + // 场景特点:数组切片操作传递污染数据 + var arr = [3]string{__taint_src, "b", "c"} + slice := arr[0:1] + __taint_sink(slice) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + array_slice_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/array/array_slice_002_F/array_slice_002_F.go b/sast-go/cases/completeness/single_app_tracing/datatype/array/array_slice_002_F/array_slice_002_F.go new file mode 100644 index 00000000..23571894 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/datatype/array/array_slice_002_F/array_slice_002_F.go @@ -0,0 +1,31 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->数组 +// scene introduction = 数组切片操作 +// level = 2 +// date = 2025-11-28 16:27:50 +// bind_url = completeness/single_app_tracing/datatype/array/array_slice_002_F/array_slice_002_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func array_slice_002_F(__taint_src string) { + // 场景特点:数组切片操作中污染数据被净化 + var arr = [3]string{__taint_src, "b", "c"} + slice := arr[1:1] + __taint_sink(slice) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + array_slice_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/array/config.json b/sast-go/cases/completeness/single_app_tracing/datatype/array/config.json index 1dddd500..b2770639 100644 --- a/sast-go/cases/completeness/single_app_tracing/datatype/array/config.json +++ b/sast-go/cases/completeness/single_app_tracing/datatype/array/config.json @@ -21,10 +21,18 @@ { "compose": "array_007_T/array_007_T.go && !array_008_F/array_008_F.go", "scene": "3" + }, + { + "compose": "array_slice_001_T/array_slice_001_T.go && !array_slice_002_F/array_slice_002_F.go", + "scene": "数组切片操作" + }, + { + "compose": "array_index_001_T/array_index_001_T.go && !array_index_002_F/array_index_002_F.go", + "scene": "数组索引" } ] } ] } ] -} \ No newline at end of file +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/map/config.json b/sast-go/cases/completeness/single_app_tracing/datatype/map/config.json index 631584e3..206bdbaf 100644 --- a/sast-go/cases/completeness/single_app_tracing/datatype/map/config.json +++ b/sast-go/cases/completeness/single_app_tracing/datatype/map/config.json @@ -13,10 +13,14 @@ { "compose": "map_003_T/map_003_T.go && !map_004_F/map_004_F.go", "scene": "字典/映射(Map)对象2" + }, + { + "compose": "map_delete_001_T/map_delete_001_T.go && !map_delete_002_F/map_delete_002_F.go", + "scene": "Map删除操作" } ] } ] } ] -} \ No newline at end of file +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/map/map_delete_001_T/map_delete_001_T.go b/sast-go/cases/completeness/single_app_tracing/datatype/map/map_delete_001_T/map_delete_001_T.go new file mode 100644 index 00000000..97e1d1f5 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/datatype/map/map_delete_001_T/map_delete_001_T.go @@ -0,0 +1,33 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字典 +// scene introduction = Map删除操作 +// level = 2 +// date = 2025-11-28 16:52:19 +// bind_url = completeness/single_app_tracing/datatype/map/map_delete_001_T/map_delete_001_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func map_delete_001_T(__taint_src string) { + // 场景特点:向map添加元素后不删除,保持污染数据 + set := make(map[string]bool) + set[__taint_src] = true + // 删除污染元素 + delete(set, __taint_src) + __taint_sink(set) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + map_delete_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/map/map_delete_002_F/map_delete_002_F.go b/sast-go/cases/completeness/single_app_tracing/datatype/map/map_delete_002_F/map_delete_002_F.go new file mode 100644 index 00000000..ee4443f3 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/datatype/map/map_delete_002_F/map_delete_002_F.go @@ -0,0 +1,31 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字典 +// scene introduction = Map删除操作 +// level = 2 +// date = 2025-11-28 16:52:19 +// bind_url = completeness/single_app_tracing/datatype/map/map_delete_002_F/map_delete_002_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func map_delete_002_F(__taint_src string) { + // 场景特点:向map添加污染元素后删除该元素 + set := make(map[string]bool) + set[__taint_src] = true + __taint_sink(set) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + map_delete_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/primitives/config.json b/sast-go/cases/completeness/single_app_tracing/datatype/primitives/config.json index 862f7ea6..6336d3fd 100644 --- a/sast-go/cases/completeness/single_app_tracing/datatype/primitives/config.json +++ b/sast-go/cases/completeness/single_app_tracing/datatype/primitives/config.json @@ -21,10 +21,26 @@ { "compose": "primitives_float_001_T/primitives_float_001_T.go && !primitives_float_002_F/primitives_float_002_F.go", "scene": "浮点型" + }, + { + "compose": "primitives_string_001_T/primitives_string_001_T.go && !primitives_string_002_F/primitives_string_002_F.go", + "scene": "字符串类型" + }, + { + "compose": "primitives_char_001_T/primitives_char_001_T.go && !primitives_char_002_F/primitives_char_002_F.go", + "scene": "字符类型" + }, + { + "compose": "primitives_byte_001_T/primitives_byte_001_T.go && !primitives_byte_002_F/primitives_byte_002_F.go", + "scene": "字节类型" + }, + { + "compose": "primitives_uint_001_T/primitives_uint_001_T.go && !primitives_uint_002_F/primitives_uint_002_F.go", + "scene": "无符号整型" } ] } ] } ] -} \ No newline at end of file +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_byte_001_T/primitives_byte_001_T.go b/sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_byte_001_T/primitives_byte_001_T.go new file mode 100644 index 00000000..10235010 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_byte_001_T/primitives_byte_001_T.go @@ -0,0 +1,29 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 +// scene introduction = 字节类型 +// level = 2 +// date = 2025-11-28 16:16:41 +// bind_url = completeness/single_app_tracing/datatype/primitives/primitives_byte_001_T/primitives_byte_001_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func primitives_byte_001_T(__taint_src byte) { + // 场景特点:字节类型直接传递 + __taint_sink(__taint_src) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := byte(65) + primitives_byte_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_byte_002_F/primitives_byte_002_F.go b/sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_byte_002_F/primitives_byte_002_F.go new file mode 100644 index 00000000..9bb9c818 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_byte_002_F/primitives_byte_002_F.go @@ -0,0 +1,31 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 +// scene introduction = 字节类型 +// level = 2 +// date = 2025-11-28 16:16:41 +// bind_url = completeness/single_app_tracing/datatype/primitives/primitives_byte_002_F/primitives_byte_002_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func primitives_byte_002_F(__taint_src byte) { + // 场景特点:字节类型被净化 + var sani byte = __taint_src + sani = byte(66) + __taint_sink(sani) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := byte(65) + primitives_byte_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_char_001_T/primitives_char_001_T.go b/sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_char_001_T/primitives_char_001_T.go new file mode 100644 index 00000000..9314e419 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_char_001_T/primitives_char_001_T.go @@ -0,0 +1,29 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 +// scene introduction = 字符类型 +// level = 2 +// date = 2025-11-28 16:16:41 +// bind_url = completeness/single_app_tracing/datatype/primitives/primitives_char_001_T/primitives_char_001_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func primitives_char_001_T(__taint_src rune) { + // 场景特点:字符类型直接传递 + __taint_sink(__taint_src) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := 'A' + primitives_char_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_char_002_F/primitives_char_002_F.go b/sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_char_002_F/primitives_char_002_F.go new file mode 100644 index 00000000..7805967d --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_char_002_F/primitives_char_002_F.go @@ -0,0 +1,31 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 +// scene introduction = 字符类型 +// level = 2 +// date = 2025-11-28 16:16:41 +// bind_url = completeness/single_app_tracing/datatype/primitives/primitives_char_002_F/primitives_char_002_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func primitives_char_002_F(__taint_src rune) { + // 场景特点:字符类型被净化 + var sani rune = __taint_src + sani = 'B' + __taint_sink(sani) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := 'A' + primitives_char_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_string_001_T/primitives_string_001_T.go b/sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_string_001_T/primitives_string_001_T.go new file mode 100644 index 00000000..be3a3cb9 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_string_001_T/primitives_string_001_T.go @@ -0,0 +1,29 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 +// scene introduction = 字符串类型 +// level = 2 +// date = 2025-11-28 16:16:41 +// bind_url = completeness/single_app_tracing/datatype/primitives/primitives_string_001_T/primitives_string_001_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func primitives_string_001_T(__taint_src string) { + // 场景特点:字符串类型直接传递 + __taint_sink(__taint_src) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + primitives_string_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_string_002_F/primitives_string_002_F.go b/sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_string_002_F/primitives_string_002_F.go new file mode 100644 index 00000000..c8a78687 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_string_002_F/primitives_string_002_F.go @@ -0,0 +1,31 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 +// scene introduction = 字符串类型 +// level = 2 +// date = 2025-11-28 16:16:41 +// bind_url = completeness/single_app_tracing/datatype/primitives/primitives_string_002_F/primitives_string_002_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func primitives_string_002_F(__taint_src string) { + // 场景特点:字符串类型被净化 + var sani string = __taint_src + sani = "safe_value" + __taint_sink(sani) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + primitives_string_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_uint_001_T/primitives_uint_001_T.go b/sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_uint_001_T/primitives_uint_001_T.go new file mode 100644 index 00000000..adc9f86c --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_uint_001_T/primitives_uint_001_T.go @@ -0,0 +1,29 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 +// scene introduction = 无符号整型 +// level = 2 +// date = 2025-11-28 16:16:41 +// bind_url = completeness/single_app_tracing/datatype/primitives/primitives_uint_001_T/primitives_uint_001_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func primitives_uint_001_T(__taint_src uint) { + // 场景特点:无符号整型直接传递 + __taint_sink(__taint_src) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := uint(123) + primitives_uint_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_uint_002_F/primitives_uint_002_F.go b/sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_uint_002_F/primitives_uint_002_F.go new file mode 100644 index 00000000..d4a6b6cc --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/datatype/primitives/primitives_uint_002_F/primitives_uint_002_F.go @@ -0,0 +1,31 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->基础数据类型 +// scene introduction = 无符号整型 +// level = 2 +// date = 2025-11-28 16:16:41 +// bind_url = completeness/single_app_tracing/datatype/primitives/primitives_uint_002_F/primitives_uint_002_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func primitives_uint_002_F(__taint_src uint) { + // 场景特点:无符号整型被净化 + var sani uint = __taint_src + sani = uint(0) + __taint_sink(sani) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := uint(123) + primitives_uint_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/slice/slice_001_T/slice_001_T.go b/sast-go/cases/completeness/single_app_tracing/datatype/slice/slice_001_T/slice_001_T.go index a3b73c12..78906da9 100644 --- a/sast-go/cases/completeness/single_app_tracing/datatype/slice/slice_001_T/slice_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/datatype/slice/slice_001_T/slice_001_T.go @@ -4,7 +4,7 @@ // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->切片 // scene introduction = // level = 2 -// bind_url = completeness/object_tracing/datatype/array_slice/slice_001_T/slice_001_T +// bind_url = completeness/single_app_tracing/datatype/slice/slice_001_T/slice_001_T // evaluation information end package main diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/string/config.json b/sast-go/cases/completeness/single_app_tracing/datatype/string/config.json index 7e27581f..722c1d09 100644 --- a/sast-go/cases/completeness/single_app_tracing/datatype/string/config.json +++ b/sast-go/cases/completeness/single_app_tracing/datatype/string/config.json @@ -13,10 +13,18 @@ { "compose": "string_003_T/string_003_T.go && !string_004_F/string_004_F.go", "scene": "字符串拼接" + }, + { + "compose": "string_index_001_T/string_index_001_T.go && !string_index_002_F/string_index_002_F.go", + "scene": "字符串索引访问" + }, + { + "compose": "string_slice_001_T/string_slice_001_T.go && !string_slice_002_F/string_slice_002_F.go", + "scene": "字符串切片" } ] } ] } ] -} \ No newline at end of file +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/string/string_003_T/string_003_T.go b/sast-go/cases/completeness/single_app_tracing/datatype/string/string_003_T/string_003_T.go index cd6ba18b..f9926c8a 100644 --- a/sast-go/cases/completeness/single_app_tracing/datatype/string/string_003_T/string_003_T.go +++ b/sast-go/cases/completeness/single_app_tracing/datatype/string/string_003_T/string_003_T.go @@ -1,4 +1,3 @@ - // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字符串 @@ -10,20 +9,21 @@ // 当memberAccess的object来自特殊expression,比如binaryExpression时 package main + import ( - "os/exec" "fmt" + "os/exec" ) func string_003_T(__taint_src string) { object := __taint_src + " " - __taint_sink(object[0]) + __taint_sink(object) } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() - } +} func main() { - __taint_src := "taint_src_value" - string_003_T(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + string_003_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/string/string_004_F/string_004_F.go b/sast-go/cases/completeness/single_app_tracing/datatype/string/string_004_F/string_004_F.go index de9a5a67..08fc334e 100644 --- a/sast-go/cases/completeness/single_app_tracing/datatype/string/string_004_F/string_004_F.go +++ b/sast-go/cases/completeness/single_app_tracing/datatype/string/string_004_F/string_004_F.go @@ -1,4 +1,3 @@ - // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字符串 @@ -8,20 +7,21 @@ // evaluation information end package main + import ( - "os/exec" "fmt" + "os/exec" ) func string_004_F(__taint_src string) { object := "abc" + " " - __taint_sink(object[0]) + __taint_sink(object) } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() - } +} func main() { - __taint_src := "taint_src_value" - string_004_F(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + string_004_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/string/string_index_001_T/string_index_001_T.go b/sast-go/cases/completeness/single_app_tracing/datatype/string/string_index_001_T/string_index_001_T.go new file mode 100644 index 00000000..36513fe7 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/datatype/string/string_index_001_T/string_index_001_T.go @@ -0,0 +1,29 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字符串 +// scene introduction = 字符串索引访问 +// level = 2 +// bind_url = completeness/single_app_tracing/datatype/string/string_index_001_T/string_index_001_T +// date = 2025-12-01 14:42:05 +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func string_index_001_T(__taint_src string) { + // 场景特点:通过索引访问字符串中的字符 + __taint_sink(__taint_src[0]) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + string_index_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/string/string_index_002_F/string_index_002_F.go b/sast-go/cases/completeness/single_app_tracing/datatype/string/string_index_002_F/string_index_002_F.go new file mode 100644 index 00000000..65c104a7 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/datatype/string/string_index_002_F/string_index_002_F.go @@ -0,0 +1,29 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字符串 +// scene introduction = 字符串索引访问 +// level = 2 +// bind_url = completeness/single_app_tracing/datatype/string/string_index_002_F/string_index_002_F +// date = 2025-12-01 14:42:05 +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func string_index_002_F(__taint_src string) { + // 场景特点:通过索引访问字符串中的字符,但污点数据未传播到该位置 + __taint_sink("_"[0]) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + string_index_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/string/string_slice_001_T/string_slice_001_T.go b/sast-go/cases/completeness/single_app_tracing/datatype/string/string_slice_001_T/string_slice_001_T.go new file mode 100644 index 00000000..f9bffcd6 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/datatype/string/string_slice_001_T/string_slice_001_T.go @@ -0,0 +1,29 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字符串 +// scene introduction = 字符串切片 +// level = 2 +// bind_url = completeness/single_app_tracing/datatype/string/string_slice_001_T/string_slice_001_T +// date = 2025-12-01 14:42:05 +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func string_slice_001_T(__taint_src string) { + result := __taint_src + __taint_sink(result[0:5]) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + string_slice_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/string/string_slice_002_F/string_slice_002_F.go b/sast-go/cases/completeness/single_app_tracing/datatype/string/string_slice_002_F/string_slice_002_F.go new file mode 100644 index 00000000..655033a8 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/datatype/string/string_slice_002_F/string_slice_002_F.go @@ -0,0 +1,29 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->字符串 +// scene introduction = 字符串切片 +// level = 2 +// bind_url = completeness/single_app_tracing/datatype/string/string_slice_002_F/string_slice_002_F +// date = 2025-12-01 14:42:05 +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func string_slice_002_F(__taint_src string) { + result := "safe_value_" + __taint_sink(result[0:5]) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + string_slice_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/struct/config.json b/sast-go/cases/completeness/single_app_tracing/datatype/struct/config.json index 9bc917ef..450ec8d3 100644 --- a/sast-go/cases/completeness/single_app_tracing/datatype/struct/config.json +++ b/sast-go/cases/completeness/single_app_tracing/datatype/struct/config.json @@ -25,6 +25,10 @@ { "compose": "struct_cross_001_T/struct_cross_001_T.go && !struct_cross_002_F/struct_cross_002_F.go", "scene": "跨结构体访问变量" + }, + { + "compose": "struct_pointer_001_T/struct_pointer_001_T.go && !struct_pointer_002_F/struct_pointer_002_F.go", + "scene": "结构体指针字段访问" } ] }, @@ -40,4 +44,4 @@ ] } ] -} \ No newline at end of file +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/struct/struct_pointer_001_T/struct_pointer_001_T.go b/sast-go/cases/completeness/single_app_tracing/datatype/struct/struct_pointer_001_T/struct_pointer_001_T.go new file mode 100644 index 00000000..1a7d2271 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/datatype/struct/struct_pointer_001_T/struct_pointer_001_T.go @@ -0,0 +1,36 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->结构体 +// scene introduction = 结构体指针字段访问 +// level = 2 +// bind_url = completeness/single_app_tracing/datatype/struct/struct_pointer_001_T/struct_pointer_001_T +// date = 2025-12-01 14:35:05 +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type A struct { + data string +} + +func struct_pointer_001_T(__taint_src string) { + p := &A{ + data: __taint_src, + } + // 场景特点:通过指针访问结构体字段 + __taint_sink(p.data) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + struct_pointer_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/datatype/struct/struct_pointer_002_F/struct_pointer_002_F.go b/sast-go/cases/completeness/single_app_tracing/datatype/struct/struct_pointer_002_F/struct_pointer_002_F.go new file mode 100644 index 00000000..9cef030f --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/datatype/struct/struct_pointer_002_F/struct_pointer_002_F.go @@ -0,0 +1,36 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->数据类型和结构->结构体 +// scene introduction = 结构体指针字段访问 +// level = 2 +// bind_url = completeness/single_app_tracing/datatype/struct/struct_pointer_002_F/struct_pointer_002_F +// date = 2025-12-01 14:35:05 +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type A struct { + data string +} + +func struct_pointer_002_F(__taint_src string) { + p := &A{ + data: "_", + } + // 场景特点:通过指针访问结构体字段,但污点数据未传播到该字段 + __taint_sink(p.data) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + struct_pointer_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/exception_error/assert_statement/assert_statement_001_T/assert_statement_001_T.go b/sast-go/cases/completeness/single_app_tracing/exception_error/assert_statement/assert_statement_001_T/assert_statement_001_T.go new file mode 100644 index 00000000..4241c657 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/exception_error/assert_statement/assert_statement_001_T/assert_statement_001_T.go @@ -0,0 +1,32 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->异常与错误处理->断言 +// scene introduction = 类型断言 +// level = 2 +// bind_url = completeness/single_app_tracing/exception_error/assert_statement/assert_statement_001_T/assert_statement_001_T +// evaluation information end + +package main + +import ( + "os/exec" +) + +func assert_statement_001_T(__taint_src interface{}) { + // 场景特点:对接口变量进行正确的类型断言,成功获取值 + str, ok := __taint_src.(string) + if !ok { + str = "safe_value" + } + + __taint_sink(str) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := "taint_src_value" + assert_statement_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/exception_error/assert_statement/assert_statement_002_F/assert_statement_002_F.go b/sast-go/cases/completeness/single_app_tracing/exception_error/assert_statement/assert_statement_002_F/assert_statement_002_F.go new file mode 100644 index 00000000..d710bed4 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/exception_error/assert_statement/assert_statement_002_F/assert_statement_002_F.go @@ -0,0 +1,32 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->异常与错误处理->断言 +// scene introduction = 类型断言 +// level = 2 +// bind_url = completeness/single_app_tracing/exception_error/assert_statement/assert_statement_002_F/assert_statement_002_F +// evaluation information end + +package main + +import ( + "os/exec" +) + +func assert_statement_002_F(__taint_src interface{}) { + // 场景特点:对接口变量进行错误的类型断言,导致断言失败 + _, ok := __taint_src.(int) + if !ok { + _ = 0 // 断言失败时使用安全值 + } + + __taint_sink("safe_value") +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := "taint_src_value" + assert_statement_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/exception_error/assert_statement/config.json b/sast-go/cases/completeness/single_app_tracing/exception_error/assert_statement/config.json new file mode 100644 index 00000000..1f18c719 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/exception_error/assert_statement/config.json @@ -0,0 +1,18 @@ +{ + "assert_statement": [ + { + "evaluation_item": "完整度->单应用跟踪完整度->异常与错误处理->断言", + "scene_levels": [ + { + "level": "2", + "scene_list": [ + { + "compose": "!assert_statement_001_T/assert_statement_001_T.go && assert_statement_002_F/assert_statement_002_F.go", + "scene": "类型断言" + } + ] + } + ] + } + ] +} diff --git a/sast-go/cases/completeness/single_app_tracing/exception_error/exception_throw/config.json b/sast-go/cases/completeness/single_app_tracing/exception_error/exception_throw/config.json index 21cc11fd..c94a2488 100644 --- a/sast-go/cases/completeness/single_app_tracing/exception_error/exception_throw/config.json +++ b/sast-go/cases/completeness/single_app_tracing/exception_error/exception_throw/config.json @@ -8,11 +8,15 @@ "scene_list": [ { "compose": "exception_throw_001_T/exception_throw_001_T.go && !exception_throw_002_F/exception_throw_002_F.go", - "scene": "异常抛出" + "scene": "异常抛出->函数内抛出" + }, + { + "compose": "exception_throw_003_T/exception_throw_003_T.go && !exception_throw_004_F/exception_throw_004_F.go", + "scene": "异常抛出->自定义异常抛出" } ] } ] } ] -} \ No newline at end of file +} diff --git a/sast-go/cases/completeness/single_app_tracing/exception_error/exception_throw/exception_throw_001_T/exception_throw_001_T.go b/sast-go/cases/completeness/single_app_tracing/exception_error/exception_throw/exception_throw_001_T/exception_throw_001_T.go index 9bc58492..975088ed 100644 --- a/sast-go/cases/completeness/single_app_tracing/exception_error/exception_throw/exception_throw_001_T/exception_throw_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/exception_error/exception_throw/exception_throw_001_T/exception_throw_001_T.go @@ -1,15 +1,15 @@ -package main -import "os/exec" - - // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->异常与错误处理->异常抛出与捕获 -// scene introduction = 异常抛出 +// scene introduction = 异常抛出->函数内抛出 // level = 2+ // bind_url = completeness/single_app_tracing/exception_error/exception_throw/exception_throw_001_T/exception_throw_001_T // evaluation information end +package main + +import "os/exec" + func exception_throw_001_T(__taint_src string) { defer func() { if r := recover(); r != nil { @@ -22,9 +22,9 @@ func exception_throw_001_T(__taint_src string) { func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } +} func main() { - __taint_src := "taint_src_value" - exception_throw_001_T(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + exception_throw_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/exception_error/exception_throw/exception_throw_002_F/exception_throw_002_F.go b/sast-go/cases/completeness/single_app_tracing/exception_error/exception_throw/exception_throw_002_F/exception_throw_002_F.go index 86b6479c..37146941 100644 --- a/sast-go/cases/completeness/single_app_tracing/exception_error/exception_throw/exception_throw_002_F/exception_throw_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/exception_error/exception_throw/exception_throw_002_F/exception_throw_002_F.go @@ -1,15 +1,15 @@ -package main -import "os/exec" - - // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->异常与错误处理->异常抛出与捕获 -// scene introduction = 异常抛出 +// scene introduction = 异常抛出->函数内抛出 // level = 2+ // bind_url = completeness/single_app_tracing/exception_error/exception_throw/exception_throw_002_F/exception_throw_002_F // evaluation information end +package main + +import "os/exec" + func exception_throw_002_F(__taint_src string) { defer func() { if r := recover(); r != nil { @@ -23,9 +23,9 @@ func exception_throw_002_F(__taint_src string) { func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } +} func main() { - __taint_src := "taint_src_value" - exception_throw_002_F(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + exception_throw_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/exception_error/exception_throw/exception_throw_003_T/exception_throw_003_T.go b/sast-go/cases/completeness/single_app_tracing/exception_error/exception_throw/exception_throw_003_T/exception_throw_003_T.go new file mode 100644 index 00000000..2bb742f8 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/exception_error/exception_throw/exception_throw_003_T/exception_throw_003_T.go @@ -0,0 +1,48 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->异常与错误处理->异常抛出与捕获 +// scene introduction = 异常抛出->自定义异常抛出 +// level = 2+ +// bind_url = completeness/single_app_tracing/exception_error/exception_throw/exception_throw_003_T/exception_throw_003_T +// date = 2025-11-27 10:52:11 +// evaluation information end + +package main + +import ( + "os/exec" +) + +// 场景特点:定义自定义异常类型 +type CustomError struct { + message string +} + +func (e *CustomError) Error() string { + return e.message +} + +func exception_throw_003_T(__taint_src string) { + defer func() { + if r := recover(); r != nil { + var cmdStr string = r.(*CustomError).message + __taint_sink(cmdStr) + } + }() + + throwCustomError(__taint_src) +} + +func throwCustomError(__taint_src string) { + // 场景特点:抛出自定义异常 + panic(&CustomError{message: __taint_src}) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := "taint_src_value" + exception_throw_003_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/exception_error/exception_throw/exception_throw_004_F/exception_throw_004_F.go b/sast-go/cases/completeness/single_app_tracing/exception_error/exception_throw/exception_throw_004_F/exception_throw_004_F.go new file mode 100644 index 00000000..b65db7ff --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/exception_error/exception_throw/exception_throw_004_F/exception_throw_004_F.go @@ -0,0 +1,52 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->异常与错误处理->异常抛出与捕获 +// scene introduction = 异常抛出->自定义异常抛出 +// level = 2+ +// date = 2025-11-27 10:52:11 +// bind_url = completeness/single_app_tracing/exception_error/exception_throw/exception_throw_004_F/exception_throw_004_F +// evaluation information end + +package main + +import ( + "os/exec" +) + +// 场景特点:定义自定义异常类型 +type CustomError struct { + message string +} + +func (e *CustomError) Error() string { + return e.message +} + +func exception_throw_004_T(__taint_src string) { + defer func() { + if r := recover(); r != nil { + defer func() { + if r := recover(); r != nil { + var cmdStr string = r.(*CustomError).message + __taint_sink(cmdStr) + } + }() + } + }() + + throwCustomError(__taint_src) +} + +func throwCustomError(__taint_src string) { + // 场景特点:抛出不相关的自定义异常 + panic(&CustomError{message: "unrelated_value"}) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := "taint_src_value" + exception_throw_004_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/assign_expression_001_T/assign_expression_001_T.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/assign_001_T/assign_001_T.go similarity index 75% rename from sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/assign_expression_001_T/assign_expression_001_T.go rename to sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/assign_001_T/assign_001_T.go index 92c7d2e0..febd022a 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/assign_expression_001_T/assign_expression_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/assign_001_T/assign_001_T.go @@ -4,13 +4,14 @@ // evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 // scene introduction = 赋值表达式 // level = 2 -// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/assign_expression_001_T/assign_expression_001_T +// date = 2025-11-20 15:05:13 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/assign_001_T/assign_001_T // evaluation information end package main import "os/exec" -func assign_expression_001_T(__taint_src string) { +func assign_001_T(__taint_src string) { result := __taint_src __taint_sink(result) } @@ -21,5 +22,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - assign_expression_001_T(__taint_src) + assign_001_T(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/assign_expression_002_F/assign_expression_002_F.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/assign_002_F/assign_002_F.go similarity index 69% rename from sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/assign_expression_002_F/assign_expression_002_F.go rename to sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/assign_002_F/assign_002_F.go index d6d98122..5f526d3a 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/assign_expression_002_F/assign_expression_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/assign_002_F/assign_002_F.go @@ -1,25 +1,26 @@ - // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 // scene introduction = 赋值表达式 // level = 2 -// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/assign_expression_002_F/assign_expression_002_F +// date = 2025-11-20 15:05:13 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/assign_002_F/assign_002_F // evaluation information end package main + import "os/exec" -func assign_expression_002_F(__taint_src string) { +func assign_002_F(__taint_src string) { result := "_" __taint_sink(result) } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } +} func main() { - __taint_src := "taint_src_value" - assign_expression_002_F(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + assign_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_add_001_T/binary_expression_add_001_T.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_001_T/binary_001_T.go similarity index 68% rename from sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_add_001_T/binary_expression_add_001_T.go rename to sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_001_T/binary_001_T.go index 32ebdf09..c9259ce4 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_add_001_T/binary_expression_add_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_001_T/binary_001_T.go @@ -1,25 +1,26 @@ - // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 // scene introduction = 二元运算->加 // level = 2 -// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_add_001_T/binary_expression_add_001_T +// date = 2025-11-20 15:05:13 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_001_T/binary_001_T // evaluation information end package main + import "os/exec" -func binary_expression_add_001_T(__taint_src string) { +func binary_001_T(__taint_src string) { result := __taint_src + "_" __taint_sink(result) } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } +} func main() { - __taint_src := "taint_src_value" - binary_expression_add_001_T(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + binary_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_add_002_F/binary_expression_add_002_F.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_002_F/binary_002_F.go similarity index 69% rename from sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_add_002_F/binary_expression_add_002_F.go rename to sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_002_F/binary_002_F.go index 05922e95..e36afbe4 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_add_002_F/binary_expression_add_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_002_F/binary_002_F.go @@ -1,16 +1,17 @@ - // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 // scene introduction = 二元运算->加 // level = 2 -// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_add_002_F/binary_expression_add_002_F +// date = 2025-11-20 15:05:13 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_002_F/binary_002_F // evaluation information end package main + import "os/exec" -func binary_expression_add_002_F(__taint_src string) { +func binary_002_F(__taint_src string) { result := __taint_src + "_" result = "aa" __taint_sink(result) @@ -18,9 +19,9 @@ func binary_expression_add_002_F(__taint_src string) { func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } +} func main() { - __taint_src := "taint_src_value" - binary_expression_add_002_F(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + binary_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_003_T/binary_003_T.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_003_T/binary_003_T.go new file mode 100644 index 00000000..02c7bfa9 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_003_T/binary_003_T.go @@ -0,0 +1,29 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 +// scene introduction = 二元运算->减 +// level = 2 +// date = 2025-11-20 15:14:45 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_003_T/binary_003_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func binary_003_T(__taint_src int) { + result := __taint_src - 1 + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := 10 + binary_003_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_004_F/binary_004_F.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_004_F/binary_004_F.go new file mode 100644 index 00000000..fed98d4c --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_004_F/binary_004_F.go @@ -0,0 +1,30 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 +// scene introduction = 二元运算->减 +// level = 2 +// date = 2025-11-20 15:14:45 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_004_F/binary_004_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func binary_004_F(__taint_src int) { + result := __taint_src - 1 + result = 20 + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := 10 + binary_004_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_005_T/binary_005_T.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_005_T/binary_005_T.go new file mode 100644 index 00000000..159ff939 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_005_T/binary_005_T.go @@ -0,0 +1,29 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 +// scene introduction = 二元运算->乘 +// level = 2 +// date = 2025-11-20 15:14:45 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_005_T/binary_005_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func binary_005_T(__taint_src int) { + result := __taint_src * 1 + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := 5 + binary_005_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_006_F/binary_006_F.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_006_F/binary_006_F.go new file mode 100644 index 00000000..8245a948 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_006_F/binary_006_F.go @@ -0,0 +1,30 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 +// scene introduction = 二元运算->乘 +// level = 2 +// date = 2025-11-20 15:14:45 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_006_F/binary_006_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func binary_006_F(__taint_src int) { + result := __taint_src * 1 + result = 20 + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := 10 + binary_006_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_007_T/binary_007_T.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_007_T/binary_007_T.go new file mode 100644 index 00000000..ca4193fb --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_007_T/binary_007_T.go @@ -0,0 +1,28 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 +// scene introduction = 二元运算->除 +// level = 2 +// date = 2025-11-20 15:14:45 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_007_T/binary_007_T +// evaluation information end + +package main +import ( +"fmt" +"os/exec" +) + +func binary_007_T(__taint_src int) { + result := __taint_src / 2 + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := 10 + binary_007_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_008_F/binary_008_F.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_008_F/binary_008_F.go new file mode 100644 index 00000000..322e450d --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_008_F/binary_008_F.go @@ -0,0 +1,30 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 +// scene introduction = 二元运算->除 +// level = 2 +// date = 2025-11-20 15:14:45 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_008_F/binary_008_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func binary_008_F(__taint_src int) { + result := __taint_src / 2 + result = 20 + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := 10 + binary_008_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_009_T/binary_009_T.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_009_T/binary_009_T.go new file mode 100644 index 00000000..4c3ca0d9 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_009_T/binary_009_T.go @@ -0,0 +1,29 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 +// scene introduction = 二元运算->取模 +// level = 2 +// date = 2025-11-20 15:14:45 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_009_T/binary_009_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func binary_009_T(__taint_src int) { + result := __taint_src % 2 + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := 10 + binary_009_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_010_F/binary_010_F.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_010_F/binary_010_F.go new file mode 100644 index 00000000..2d29dfb8 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_010_F/binary_010_F.go @@ -0,0 +1,30 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 +// scene introduction = 二元运算->取模 +// level = 2 +// date = 2025-11-20 15:14:45 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_010_F/binary_010_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func binary_010_F(__taint_src int) { + result := __taint_src % 2 + result = 20 + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := 10 + binary_010_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_add_assignment_001_T/binary_expression_add_assignment_001_T.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_011_T/binary_011_T.go similarity index 59% rename from sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_add_assignment_001_T/binary_expression_add_assignment_001_T.go rename to sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_011_T/binary_011_T.go index c27571ce..d8c943b6 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_add_assignment_001_T/binary_expression_add_assignment_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_011_T/binary_011_T.go @@ -1,26 +1,27 @@ - // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 // scene introduction = 二元运算->加等 // level = 2 -// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_add_assignment_001_T/binary_expression_add_assignment_001_T +// date = 2025-11-20 15:05:13 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_011_T/binary_011_T // evaluation information end package main + import "os/exec" -func binary_expression_add_assignment_002_F(__taint_src string) { - result := "_" - result += __taint_src +func binary_011_T(__taint_src int) { + result := __taint_src + result += 1 __taint_sink(result) } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } +} func main() { - __taint_src := "taint_src_value" - binary_expression_add_assignment_002_F(__taint_src) -} \ No newline at end of file + __taint_src := 10 + binary_011_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_add_assignment_002_F/binary_expression_add_assignment_002_F.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_012_F/binary_012_F.go similarity index 57% rename from sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_add_assignment_002_F/binary_expression_add_assignment_002_F.go rename to sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_012_F/binary_012_F.go index 5937137d..eedae0a6 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_add_assignment_002_F/binary_expression_add_assignment_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_012_F/binary_012_F.go @@ -1,26 +1,28 @@ - // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 // scene introduction = 二元运算->加等 // level = 2 -// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_expression_add_assignment_002_F/binary_expression_add_assignment_002_F +// date = 2025-11-20 15:05:13 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_012_F/binary_012_F // evaluation information end package main + import "os/exec" -func binary_expression_add_assignment_002_F(__taint_src string) { - result := "_" - result += __taint_src - __taint_sink("aa") +func binary_012_F(__taint_src int) { + result := __taint_src + result += 1 + result = 20 + __taint_sink(result) } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } +} func main() { - __taint_src := "taint_src_value" - binary_expression_add_assignment_002_F(__taint_src) -} \ No newline at end of file + __taint_src := 10 + binary_012_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_013_T/binary_013_T.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_013_T/binary_013_T.go new file mode 100644 index 00000000..4fcd0702 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_013_T/binary_013_T.go @@ -0,0 +1,27 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 +// scene introduction = 二元运算->减等 +// level = 2 +// date = 2025-11-20 15:54:57 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_013_T/binary_013_T +// evaluation information end + +package main + +import "os/exec" + +func binary_013_T(__taint_src int) { + result := __taint_src + result -= 1 + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := 10 + binary_013_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_014_F/binary_014_F.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_014_F/binary_014_F.go new file mode 100644 index 00000000..6ccc479f --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_014_F/binary_014_F.go @@ -0,0 +1,28 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 +// scene introduction = 二元运算->减等 +// level = 2 +// date = 2025-11-20 15:54:57 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_014_F/binary_014_F +// evaluation information end + +package main + +import "os/exec" + +func binary_014_F(__taint_src int) { + result := __taint_src + result -= 1 + result = 20 + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := 10 + binary_014_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_015_T/binary_015_T.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_015_T/binary_015_T.go new file mode 100644 index 00000000..cfea99d8 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_015_T/binary_015_T.go @@ -0,0 +1,27 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 +// scene introduction = 二元运算->乘等 +// level = 2 +// date = 2025-11-20 15:54:57 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_015_T/binary_015_T +// evaluation information end + +package main + +import "os/exec" + +func binary_015_T(__taint_src int) { + result := __taint_src + result *= 2 + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := 10 + binary_015_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_016_F/binary_016_F.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_016_F/binary_016_F.go new file mode 100644 index 00000000..7b7162b1 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_016_F/binary_016_F.go @@ -0,0 +1,28 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 +// scene introduction = 二元运算->乘等 +// level = 2 +// date = 2025-11-20 15:54:57 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_016_F/binary_016_F +// evaluation information end + +package main + +import "os/exec" + +func binary_016_F(__taint_src int) { + result := __taint_src + result *= 1 + result = 20 + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := 10 + binary_016_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_017_T/binary_017_T.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_017_T/binary_017_T.go new file mode 100644 index 00000000..46b40c68 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_017_T/binary_017_T.go @@ -0,0 +1,27 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 +// scene introduction = 二元运算->除等 +// level = 2 +// date = 2025-11-20 15:54:57 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_017_T/binary_017_T +// evaluation information end + +package main + +import "os/exec" + +func binary_017_T(__taint_src int) { + result := __taint_src + result /= 2 + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := 10 + binary_017_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_018_F/binary_018_F.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_018_F/binary_018_F.go new file mode 100644 index 00000000..0908f40f --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_018_F/binary_018_F.go @@ -0,0 +1,28 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 +// scene introduction = 二元运算->除等 +// level = 2 +// date = 2025-11-20 15:54:57 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_018_F/binary_018_F +// evaluation information end + +package main + +import "os/exec" + +func binary_018_F(__taint_src int) { + result := __taint_src + result /= 2 + result = 20 + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := 10 + binary_018_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_019_T/binary_019_T.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_019_T/binary_019_T.go new file mode 100644 index 00000000..940deecb --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_019_T/binary_019_T.go @@ -0,0 +1,27 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 +// scene introduction = 二元运算->模等 +// level = 2 +// date = 2025-11-20 15:54:57 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_019_T/binary_019_T +// evaluation information end + +package main + +import "os/exec" + +func binary_019_T(__taint_src int) { + result := __taint_src + result %= 2 + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := 10 + binary_019_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_020_F/binary_020_F.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_020_F/binary_020_F.go new file mode 100644 index 00000000..cb66704d --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/binary_020_F/binary_020_F.go @@ -0,0 +1,28 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 +// scene introduction = 二元运算->模等 +// level = 2 +// date = 2025-11-20 15:54:57 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/binary_020_F/binary_020_F +// evaluation information end + +package main + +import "os/exec" + +func binary_020_F(__taint_src int) { + result := __taint_src + result %= 2 + result = 20 + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +func main() { + __taint_src := 10 + binary_020_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_and_001_T/bitwise_expression_and_001_T.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_001_T/bitwise_001_T.go similarity index 70% rename from sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_and_001_T/bitwise_expression_and_001_T.go rename to sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_001_T/bitwise_001_T.go index c645df50..5916fde7 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_and_001_T/bitwise_expression_and_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_001_T/bitwise_001_T.go @@ -1,28 +1,29 @@ - // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 // scene introduction = 位操作->与 // level = 2 -// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_and_001_T/bitwise_expression_and_001_T +// date = 2025-11-20 15:05:13 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/bitwise_001_T/bitwise_001_T // evaluation information end package main + import ( - "os/exec" "fmt" + "os/exec" ) -func bitwise_expression_and_001_T(__taint_src int) { +func bitwise_001_T(__taint_src int) { result := __taint_src & 1 __taint_sink(result) } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() - } +} func main() { - __taint_src := 3 - bitwise_expression_and_001_T(__taint_src) -} \ No newline at end of file + __taint_src := 10 + bitwise_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_and_002_F/bitwise_expression_and_002_F.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_002_F/bitwise_002_F.go similarity index 66% rename from sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_and_002_F/bitwise_expression_and_002_F.go rename to sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_002_F/bitwise_002_F.go index 0d5daa98..08f892e6 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_and_002_F/bitwise_expression_and_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_002_F/bitwise_002_F.go @@ -1,29 +1,30 @@ - // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 // scene introduction = 位操作->与 // level = 2 -// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_and_002_F/bitwise_expression_and_002_F +// date = 2025-11-20 15:05:13 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/bitwise_002_F/bitwise_002_F // evaluation information end package main + import ( - "os/exec" "fmt" + "os/exec" ) -func bitwise_expression_and_002_F(__taint_src int) { +func bitwise_002_F(__taint_src int) { result := __taint_src & 1 - _ = result - __taint_sink("aa") + result = 20 + __taint_sink(result) } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() - } +} func main() { - __taint_src := 123 - bitwise_expression_and_002_F(__taint_src) -} \ No newline at end of file + __taint_src := 10 + bitwise_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_or_001_T/bitwise_expression_or_001_T.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_003_T/bitwise_003_T.go similarity index 70% rename from sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_or_001_T/bitwise_expression_or_001_T.go rename to sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_003_T/bitwise_003_T.go index 0b633b10..31990846 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_or_001_T/bitwise_expression_or_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_003_T/bitwise_003_T.go @@ -1,28 +1,29 @@ - // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 // scene introduction = 位操作->或 // level = 2 -// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_or_001_T/bitwise_expression_or_001_T +// date = 2025-11-20 15:05:13 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/bitwise_003_T/bitwise_003_T // evaluation information end package main + import ( - "os/exec" "fmt" + "os/exec" ) -func bitwise_expression_or_001_T(__taint_src int) { +func bitwise_003_T(__taint_src int) { result := __taint_src | 1 __taint_sink(result) } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() - } +} func main() { - __taint_src := 123 - bitwise_expression_or_001_T(__taint_src) -} \ No newline at end of file + __taint_src := 10 + bitwise_003_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_or_002_F/bitwise_expression_or_002_F.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_004_F/bitwise_004_F.go similarity index 66% rename from sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_or_002_F/bitwise_expression_or_002_F.go rename to sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_004_F/bitwise_004_F.go index f810a913..cfc8b464 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_or_002_F/bitwise_expression_or_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_004_F/bitwise_004_F.go @@ -1,29 +1,30 @@ - // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 // scene introduction = 位操作->或 // level = 2 -// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_or_002_F/bitwise_expression_or_002_F +// date = 2025-11-20 15:05:13 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/bitwise_004_F/bitwise_004_F // evaluation information end package main + import ( - "os/exec" "fmt" + "os/exec" ) -func bitwise_expression_or_002_F(__taint_src int) { +func bitwise_004_F(__taint_src int) { result := __taint_src | 1 - _ = result - __taint_sink("aa") + result = 20 + __taint_sink(result) } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() - } +} func main() { - __taint_src := 123 - bitwise_expression_or_002_F(__taint_src) -} \ No newline at end of file + __taint_src := 10 + bitwise_004_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_xor_001_T/bitwise_expression_xor_001_T.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_005_T/bitwise_005_T.go similarity index 70% rename from sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_xor_001_T/bitwise_expression_xor_001_T.go rename to sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_005_T/bitwise_005_T.go index 8b46d8da..3962c529 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_xor_001_T/bitwise_expression_xor_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_005_T/bitwise_005_T.go @@ -1,28 +1,29 @@ - // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 // scene introduction = 位操作->异或 // level = 2 -// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_xor_001_T/bitwise_expression_xor_001_T +// date = 2025-11-20 15:05:13 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/bitwise_005_T/bitwise_005_T // evaluation information end package main + import ( - "os/exec" "fmt" + "os/exec" ) -func bitwise_expression_xor_001_T(__taint_src int) { +func bitwise_005_T(__taint_src int) { result := __taint_src ^ 1 __taint_sink(result) } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() - } +} func main() { - __taint_src := 123 - bitwise_expression_xor_001_T(__taint_src) -} \ No newline at end of file + __taint_src := 10 + bitwise_005_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_xor_002_F/bitwise_expression_xor_002_F.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_006_F/bitwise_006_F.go similarity index 66% rename from sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_xor_002_F/bitwise_expression_xor_002_F.go rename to sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_006_F/bitwise_006_F.go index b2dc0f6a..432420a5 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_xor_002_F/bitwise_expression_xor_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_006_F/bitwise_006_F.go @@ -1,29 +1,30 @@ - // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 // scene introduction = 位操作->异或 // level = 2 -// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_xor_002_F/bitwise_expression_xor_002_F +// date = 2025-11-20 15:05:13 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/bitwise_006_F/bitwise_006_F // evaluation information end package main + import ( - "os/exec" "fmt" + "os/exec" ) -func bitwise_expression_xor_002_F(__taint_src int) { +func bitwise_006_F(__taint_src int) { result := __taint_src ^ 1 - _ = result - __taint_sink("aa") + result = 20 + __taint_sink(result) } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() - } +} func main() { - __taint_src := 123 - bitwise_expression_xor_002_F(__taint_src) -} \ No newline at end of file + __taint_src := 10 + bitwise_006_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_not_001_T/bitwise_expression_not_001_T.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_007_T/bitwise_007_T.go similarity index 70% rename from sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_not_001_T/bitwise_expression_not_001_T.go rename to sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_007_T/bitwise_007_T.go index 8c902222..67d6dbe5 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_not_001_T/bitwise_expression_not_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_007_T/bitwise_007_T.go @@ -1,28 +1,29 @@ - // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 // scene introduction = 位操作->按位取反 // level = 2 -// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_not_001_T/bitwise_expression_not_001_T +// date = 2025-11-20 15:05:13 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/bitwise_007_T/bitwise_007_T // evaluation information end package main + import ( - "os/exec" "fmt" + "os/exec" ) -func bitwise_expression_not_001_T(__taint_src int) { +func bitwise_007_T(__taint_src int) { result := ^__taint_src __taint_sink(result) } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() - } +} func main() { - __taint_src := 123 - bitwise_expression_not_001_T(__taint_src) -} \ No newline at end of file + __taint_src := 10 + bitwise_007_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_not_002_F/bitwise_expression_not_002_F.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_008_F/bitwise_008_F.go similarity index 66% rename from sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_not_002_F/bitwise_expression_not_002_F.go rename to sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_008_F/bitwise_008_F.go index 1ce2f802..d90d0a3d 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_not_002_F/bitwise_expression_not_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_008_F/bitwise_008_F.go @@ -1,29 +1,30 @@ - // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 // scene introduction = 位操作->按位取反 // level = 2 -// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_not_002_F/bitwise_expression_not_002_F +// date = 2025-11-20 15:05:13 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/bitwise_008_F/bitwise_008_F // evaluation information end package main + import ( - "os/exec" "fmt" + "os/exec" ) -func bitwise_expression_not_002_F(__taint_src int) { +func bitwise_008_F(__taint_src int) { result := ^__taint_src - _ = result - __taint_sink("aa") + result = 20 + __taint_sink(result) } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() - } +} func main() { - __taint_src := 123 - bitwise_expression_not_002_F(__taint_src) -} \ No newline at end of file + __taint_src := 10 + bitwise_008_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_lsh_001_T/bitwise_expression_lsh_001_T.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_009_T/bitwise_009_T.go similarity index 70% rename from sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_lsh_001_T/bitwise_expression_lsh_001_T.go rename to sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_009_T/bitwise_009_T.go index 6e4be052..e5347fad 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_lsh_001_T/bitwise_expression_lsh_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_009_T/bitwise_009_T.go @@ -1,28 +1,29 @@ - // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 // scene introduction = 位操作->左移 // level = 2 -// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_lsh_001_T/bitwise_expression_lsh_001_T +// date = 2025-11-20 15:05:13 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/bitwise_009_T/bitwise_009_T // evaluation information end package main + import ( - "os/exec" "fmt" + "os/exec" ) -func bitwise_expression_lsh_001_T(__taint_src int) { +func bitwise_009_T(__taint_src int) { result := __taint_src << 1 __taint_sink(result) } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() - } +} func main() { - __taint_src := 123 - bitwise_expression_lsh_001_T(__taint_src) -} \ No newline at end of file + __taint_src := 10 + bitwise_009_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_lsh_002_F/bitwise_expression_lsh_002_F.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_010_F/bitwise_010_F.go similarity index 66% rename from sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_lsh_002_F/bitwise_expression_lsh_002_F.go rename to sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_010_F/bitwise_010_F.go index e7ae98d7..b3451614 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_lsh_002_F/bitwise_expression_lsh_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_010_F/bitwise_010_F.go @@ -1,29 +1,30 @@ - // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 // scene introduction = 位操作->左移 // level = 2 -// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_lsh_002_F/bitwise_expression_lsh_002_F +// date = 2025-11-20 15:05:13 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/bitwise_010_F/bitwise_010_F // evaluation information end package main + import ( - "os/exec" "fmt" + "os/exec" ) -func bitwise_expression_lsh_002_F(__taint_src int) { +func bitwise_010_F(__taint_src int) { result := __taint_src << 1 - _ = result - __taint_sink("aa") + result = -1 + __taint_sink(result) } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() - } +} func main() { - __taint_src := 123 - bitwise_expression_lsh_002_F(__taint_src) -} \ No newline at end of file + __taint_src := 10 + bitwise_010_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_rsh_001_T/bitwise_expression_rsh_001_T.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_011_T/bitwise_011_T.go similarity index 70% rename from sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_rsh_001_T/bitwise_expression_rsh_001_T.go rename to sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_011_T/bitwise_011_T.go index 6c8ab0e3..752b565e 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_rsh_001_T/bitwise_expression_rsh_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_011_T/bitwise_011_T.go @@ -1,28 +1,29 @@ - // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 // scene introduction = 位操作->右移 // level = 2 -// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_rsh_001_T/bitwise_expression_rsh_001_T +// date = 2025-11-20 15:05:13 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/bitwise_011_T/bitwise_011_T // evaluation information end package main + import ( - "os/exec" "fmt" + "os/exec" ) -func bitwise_expression_rsh_001_T(__taint_src int) { +func bitwise_011_T(__taint_src int) { result := __taint_src >> 1 __taint_sink(result) } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() - } +} func main() { - __taint_src := 123 - bitwise_expression_rsh_001_T(__taint_src) -} \ No newline at end of file + __taint_src := 10 + bitwise_011_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_012_F/bitwise_012_F.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_012_F/bitwise_012_F.go new file mode 100644 index 00000000..31c131ce --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_012_F/bitwise_012_F.go @@ -0,0 +1,30 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 +// scene introduction = 位操作->右移 +// level = 2 +// date = 2025-11-20 15:05:13 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/bitwise_012_F/bitwise_012_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func bitwise_012_F(__taint_src int) { + result := __taint_src >> 10 + result = 20 + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := 123 + bitwise_012_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_rsh_002_F/bitwise_expression_rsh_002_F.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_rsh_002_F/bitwise_expression_rsh_002_F.go deleted file mode 100644 index 461f1970..00000000 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_rsh_002_F/bitwise_expression_rsh_002_F.go +++ /dev/null @@ -1,29 +0,0 @@ - -// evaluation information start -// real case = false -// evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 -// scene introduction = 位操作->右移 -// level = 2 -// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/bitwise_expression_rsh_002_F/bitwise_expression_rsh_002_F -// evaluation information end - -package main -import ( - "os/exec" - "fmt" -) - -func bitwise_expression_rsh_002_F(__taint_src int) { - result := __taint_src >> 1 - _ = result - __taint_sink("aa") -} - -func __taint_sink(o interface{}) { - _ = exec.Command("sh", "-c",fmt.Sprintf("%v", o)).Run() - } - -func main() { - __taint_src := 123 - bitwise_expression_rsh_002_F(__taint_src) -} \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/config.json b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/config.json index d002ab23..78268aff 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/config.json +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/config.json @@ -7,56 +7,116 @@ "level": "2", "scene_list": [ { - "compose": "assign_expression_001_T/assign_expression_001_T.go && !assign_expression_002_F/assign_expression_002_F.go", + "compose": "assign_001_T/assign_001_T.go && !assign_002_F/assign_002_F.go", "scene": "赋值表达式" }, { - "compose": "binary_expression_add_001_T/binary_expression_add_001_T.go && !binary_expression_add_002_F/binary_expression_add_002_F.go", + "compose": "binary_001_T/binary_001_T.go && !binary_002_F/binary_002_F.go", "scene": "二元运算->加" }, { - "compose": "binary_expression_add_assignment_001_T/binary_expression_add_assignment_001_T.go && !binary_expression_add_assignment_002_F/binary_expression_add_assignment_002_F.go", + "compose": "binary_003_T/binary_003_T.go && !binary_004_F/binary_004_F.go", + "scene": "二元运算->减" + }, + { + "compose": "binary_005_T/binary_005_T.go && !binary_006_F/binary_006_F.go", + "scene": "二元运算->乘" + }, + { + "compose": "binary_007_T/binary_007_T.go && !binary_008_F/binary_008_F.go", + "scene": "二元运算->除" + }, + { + "compose": "binary_009_T/binary_009_T.go && !binary_010_F/binary_010_F.go", + "scene": "二元运算->取模" + }, + { + "compose": "binary_011_T/binary_011_T.go && !binary_012_F/binary_012_F.go", "scene": "二元运算->加等" }, { - "compose": "bitwise_expression_and_001_T/bitwise_expression_and_001_T.go && !bitwise_expression_and_002_F/bitwise_expression_and_002_F.go", - "scene": "位操作->与" + "compose": "binary_013_T/binary_013_T.go && !binary_014_F/binary_014_F.go", + "scene": "二元运算->减等" }, { - "compose": "bitwise_expression_lsh_001_T/bitwise_expression_lsh_001_T.go && !bitwise_expression_lsh_002_F/bitwise_expression_lsh_002_F.go", - "scene": "位操作->左移" + "compose": "binary_015_T/binary_015_T.go && !binary_016_F/binary_016_F.go", + "scene": "二元运算->乘等" }, { - "compose": "bitwise_expression_not_001_T/bitwise_expression_not_001_T.go && !bitwise_expression_not_002_F/bitwise_expression_not_002_F.go", - "scene": "位操作->按位取反" + "compose": "binary_017_T/binary_017_T.go && !binary_018_F/binary_018_F.go", + "scene": "二元运算->除等" }, { - "compose": "bitwise_expression_or_001_T/bitwise_expression_or_001_T.go && !bitwise_expression_or_002_F/bitwise_expression_or_002_F.go", - "scene": "位操作->或" + "compose": "binary_019_T/binary_019_T.go && !binary_020_F/binary_020_F.go", + "scene": "二元运算->模等" }, { - "compose": "bitwise_expression_rsh_001_T/bitwise_expression_rsh_001_T.go && !bitwise_expression_rsh_002_F/bitwise_expression_rsh_002_F.go", - "scene": "位操作->右移" + "compose": "bitwise_001_T/bitwise_001_T.go && !bitwise_002_F/bitwise_002_F.go", + "scene": "位操作->与" + }, + { + "compose": "bitwise_003_T/bitwise_003_T.go && !bitwise_004_F/bitwise_004_F.go", + "scene": "位操作->或" }, { - "compose": "bitwise_expression_xor_001_T/bitwise_expression_xor_001_T.go && !bitwise_expression_xor_002_F/bitwise_expression_xor_002_F.go", + "compose": "bitwise_005_T/bitwise_005_T.go && !bitwise_006_F/bitwise_006_F.go", "scene": "位操作->异或" }, { - "compose": "logic_expression_and_001_T/logic_expression_and_001_T.go && !logic_expression_and_002_F/logic_expression_and_002_F.go", + "compose": "bitwise_007_T/bitwise_007_T.go && !bitwise_008_F/bitwise_008_F.go", + "scene": "位操作->按位取反" + }, + { + "compose": "bitwise_009_T/bitwise_009_T.go && !bitwise_010_F/bitwise_010_F.go", + "scene": "位操作->左移" + }, + { + "compose": "bitwise_011_T/bitwise_011_T.go && !bitwise_012_F/bitwise_012_F.go", + "scene": "位操作->右移" + }, + { + "compose": "logic_001_T/logic_001_T.go && !logic_002_F/logic_002_F.go", "scene": "逻辑表达式->与表达式" }, { - "compose": "logic_expression_or_001_T/logic_expression_or_001_T.go && !logic_expression_or_002_F/logic_expression_or_002_F.go", + "compose": "logic_003_T/logic_003_T.go && !logic_004_F/logic_004_F.go", "scene": "逻辑表达式->或表达式" }, { - "compose": "relation_expression_equal_001_T/relation_expression_equal_001_T.go && !relation_expression_equal_002_F/relation_expression_equal_002_F.go", + "compose": "relation_001_T/relation_001_T.go && !relation_002_F/relation_002_F.go", "scene": "关系操作->等于" + }, + { + "compose": "relation_003_T/relation_003_T.go && !relation_004_F/relation_004_F.go", + "scene": "关系操作->不等于" + }, + { + "compose": "relation_005_T/relation_005_T.go && !relation_006_F/relation_006_F.go", + "scene": "关系操作->大于" + }, + { + "compose": "relation_007_T/relation_007_T.go && !relation_008_F/relation_008_F.go", + "scene": "关系操作->小于" + }, + { + "compose": "relation_009_T/relation_009_T.go && !relation_010_F/relation_010_F.go", + "scene": "关系操作->大于等于" + }, + { + "compose": "relation_011_T/relation_011_T.go && !relation_012_F/relation_012_F.go", + "scene": "关系操作->小于等于" + }, + { + "compose": "increment_001_T/increment_001_T.go && !increment_002_F/increment_002_F.go", + "scene": "自增运算" + }, + { + "compose": "decrement_001_T/decrement_001_T.go && !decrement_002_F/decrement_002_F.go", + "scene": "自减运算" } ] } ] } ] -} \ No newline at end of file +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/logic_expression_and_001_T/logic_expression_and_001_T.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/logic_001_T/logic_001_T.go similarity index 75% rename from sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/logic_expression_and_001_T/logic_expression_and_001_T.go rename to sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/logic_001_T/logic_001_T.go index 0676fa4c..17a5e855 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/logic_expression_and_001_T/logic_expression_and_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/logic_001_T/logic_001_T.go @@ -4,7 +4,8 @@ // evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 // scene introduction = 逻辑表达式->与表达式 // level = 2 -// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/logic_expression_and_001_T/logic_expression_and_001_T +// date = 2025-11-20 15:05:13 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/logic_001_T/logic_001_T // evaluation information end package main @@ -13,7 +14,7 @@ import ( "fmt" ) -func logic_expression_and_001_T(__taint_src bool) { +func logic_001_T(__taint_src bool) { result := __taint_src && true __taint_sink(result) } @@ -24,5 +25,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := true - logic_expression_and_001_T(__taint_src) + logic_001_T(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/logic_expression_and_002_F/logic_expression_and_002_F.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/logic_002_F/logic_002_F.go similarity index 70% rename from sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/logic_expression_and_002_F/logic_expression_and_002_F.go rename to sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/logic_002_F/logic_002_F.go index 6c002989..61eda4df 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/logic_expression_and_002_F/logic_expression_and_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/logic_002_F/logic_002_F.go @@ -1,29 +1,30 @@ - // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 // scene introduction = 逻辑表达式->与表达式 // level = 2 -// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/logic_expression_and_002_F/logic_expression_and_002_F +// date = 2025-11-20 15:05:13 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/logic_002_F/logic_002_F // evaluation information end package main + import ( - "os/exec" "fmt" + "os/exec" ) -func logic_expression_and_002_F(__taint_src bool) { +func logic_002_F(__taint_src bool) { result := __taint_src && false - result = false + result = true __taint_sink(result) } func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() - } +} func main() { - __taint_src := false - logic_expression_and_002_F(__taint_src) -} \ No newline at end of file + __taint_src := true + logic_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/logic_expression_or_001_T/logic_expression_or_001_T.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/logic_003_T/logic_003_T.go similarity index 76% rename from sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/logic_expression_or_001_T/logic_expression_or_001_T.go rename to sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/logic_003_T/logic_003_T.go index 95961d7e..75513756 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/logic_expression_or_001_T/logic_expression_or_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/logic_003_T/logic_003_T.go @@ -4,7 +4,8 @@ // evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 // scene introduction = 逻辑表达式->或表达式 // level = 2 -// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/logic_expression_or_001_T/logic_expression_or_001_T +// date = 2025-11-20 15:05:13 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/logic_003_T/logic_003_T // evaluation information end package main @@ -13,7 +14,7 @@ import ( "fmt" ) -func logic_expression_or_001_T(__taint_src bool) { +func logic_003_T(__taint_src bool) { result := false || __taint_src __taint_sink(result) } @@ -24,5 +25,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := true - logic_expression_or_001_T(__taint_src) + logic_003_T(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/logic_expression_or_002_F/logic_expression_or_002_F.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/logic_004_F/logic_004_F.go similarity index 72% rename from sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/logic_expression_or_002_F/logic_expression_or_002_F.go rename to sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/logic_004_F/logic_004_F.go index 783f546b..61ef30f4 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/logic_expression_or_002_F/logic_expression_or_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/logic_004_F/logic_004_F.go @@ -1,19 +1,20 @@ - // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 // scene introduction = 逻辑表达式->或表达式 // level = 2 -// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/logic_expression_or_002_F/logic_expression_or_002_F +// date = 2025-11-20 15:05:13 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/logic_004_F/logic_004_F // evaluation information end package main + import ( - "os/exec" "fmt" + "os/exec" ) -func logic_expression_or_002_F(__taint_src bool) { +func logic_004_F(__taint_src bool) { result := false || __taint_src result = false __taint_sink(result) @@ -21,9 +22,9 @@ func logic_expression_or_002_F(__taint_src bool) { func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() - } +} func main() { - __taint_src := false - logic_expression_or_002_F(__taint_src) -} \ No newline at end of file + __taint_src := true + logic_004_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/relation_expression_equal_001_T/relation_expression_equal_001_T.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/relation_001_T/relation_001_T.go similarity index 74% rename from sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/relation_expression_equal_001_T/relation_expression_equal_001_T.go rename to sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/relation_001_T/relation_001_T.go index e0395f7e..e7c33703 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/relation_expression_equal_001_T/relation_expression_equal_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/relation_001_T/relation_001_T.go @@ -4,7 +4,8 @@ // evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 // scene introduction = 关系操作->等于 // level = 2 -// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/relation_expression_equal_001_T/relation_expression_equal_001_T +// date = 2025-11-20 15:05:13 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/relation_001_T/relation_001_T // evaluation information end package main @@ -13,7 +14,7 @@ import ( "fmt" ) -func relation_expression_equal_001_T(__taint_src string) { +func relation_001_T(__taint_src string) { result := __taint_src == "__taint_src" __taint_sink(result) } @@ -24,5 +25,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - relation_expression_equal_001_T(__taint_src) + relation_001_T(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/relation_expression_equal_002_F/relation_expression_equal_002_F.go b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/relation_002_F/relation_002_F.go similarity index 74% rename from sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/relation_expression_equal_002_F/relation_expression_equal_002_F.go rename to sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/relation_002_F/relation_002_F.go index a0747480..0fe7e880 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/relation_expression_equal_002_F/relation_expression_equal_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/basic_expression_operation/relation_002_F/relation_002_F.go @@ -4,7 +4,8 @@ // evaluation item = 完整度->单应用跟踪完整度->表达式->基础表达式 // scene introduction = 关系操作->等于 // level = 2 -// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/relation_expression_equal_002_F/relation_expression_equal_002_F +// date = 2025-11-20 15:05:13 +// bind_url = completeness/single_app_tracing/expression/basic_expression_operation/relation_002_F/relation_002_F // evaluation information end package main @@ -13,7 +14,7 @@ import ( "fmt" ) -func relation_expression_equal_002_F(__taint_src string) { +func relation_002_F(__taint_src string) { result := __taint_src == "__taint_src" result = false __taint_sink(result) @@ -25,5 +26,5 @@ func __taint_sink(o interface{}) { func main() { __taint_src := "taint_src_value" - relation_expression_equal_002_F(__taint_src) + relation_002_F(__taint_src) } \ No newline at end of file diff --git a/sast-go/cases/completeness/single_app_tracing/expression/type_cast/config.json b/sast-go/cases/completeness/single_app_tracing/expression/type_cast/config.json index 586b2d68..8243be27 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/type_cast/config.json +++ b/sast-go/cases/completeness/single_app_tracing/expression/type_cast/config.json @@ -13,10 +13,18 @@ { "compose": "type_cast_003_T/type_cast_003_T.go && !type_cast_004_F/type_cast_004_F.go", "scene": "类型断言" + }, + { + "compose": "type_cast_005_T/type_cast_005_T.go && !type_cast_006_F/type_cast_006_F.go", + "scene": "字符串到数值转换" + }, + { + "compose": "type_cast_007_T/type_cast_007_T.go && !type_cast_008_F/type_cast_008_F.go", + "scene": "指针类型转换" } ] } ] } ] -} \ No newline at end of file +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_001_T/type_cast_001_T.go b/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_001_T/type_cast_001_T.go index 7972c267..546f5fa3 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_001_T/type_cast_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_001_T/type_cast_001_T.go @@ -1,16 +1,16 @@ - // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->表达式->类型转换 // scene introduction = 显式类型转换 // level = 2 -// bind_url = completeness/single_app_tracing/expression/type_cast/type_cast_001_T +// bind_url = completeness/single_app_tracing/expression/type_cast/type_cast_001_T/type_cast_001_T // evaluation information end package main + import ( - "os/exec" "fmt" + "os/exec" ) func type_cast_001_T(__taint_src int) { @@ -20,9 +20,9 @@ func type_cast_001_T(__taint_src int) { func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() - } +} func main() { - __taint_src := 123 - type_cast_001_T(__taint_src) -} \ No newline at end of file + __taint_src := 123 + type_cast_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_002_F/type_cast_002_F.go b/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_002_F/type_cast_002_F.go index 74585ad5..2dc53444 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_002_F/type_cast_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_002_F/type_cast_002_F.go @@ -1,4 +1,3 @@ - // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->表达式->类型转换 @@ -8,9 +7,10 @@ // evaluation information end package main + import ( - "os/exec" "fmt" + "os/exec" ) func type_cast_002_F(__taint_src int) { @@ -21,9 +21,9 @@ func type_cast_002_F(__taint_src int) { func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() - } +} func main() { - __taint_src := 13 - type_cast_002_F(__taint_src) -} \ No newline at end of file + __taint_src := 13 + type_cast_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_003_T/type_cast_003_T.go b/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_003_T/type_cast_003_T.go index b165d89e..7def7d09 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_003_T/type_cast_003_T.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_003_T/type_cast_003_T.go @@ -1,4 +1,3 @@ - // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->表达式->类型转换 @@ -8,6 +7,7 @@ // evaluation information end package main + import "os/exec" func type_cast_003_T(__taint_src interface{}) { @@ -18,9 +18,9 @@ func type_cast_003_T(__taint_src interface{}) { func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } +} func main() { - __taint_src := "taint_src_value" - type_cast_003_T(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + type_cast_003_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_004_F/type_cast_004_F.go b/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_004_F/type_cast_004_F.go index 4ea2a3b1..02a78084 100644 --- a/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_004_F/type_cast_004_F.go +++ b/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_004_F/type_cast_004_F.go @@ -1,4 +1,3 @@ - // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->表达式->类型转换 @@ -8,6 +7,7 @@ // evaluation information end package main + import "os/exec" func type_cast_004_F(__taint_src interface{}) { @@ -18,9 +18,9 @@ func type_cast_004_F(__taint_src interface{}) { func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } +} func main() { - __taint_src := "taint_src_value" - type_cast_004_F(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + type_cast_004_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_005_T/type_cast_005_T.go b/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_005_T/type_cast_005_T.go new file mode 100644 index 00000000..58821f28 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_005_T/type_cast_005_T.go @@ -0,0 +1,31 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->表达式->类型转换 +// scene introduction = 字符串到数值转换 +// level = 2 +// date = 2025-11-20 19:27:07 +// bind_url = completeness/single_app_tracing/expression/type_cast/type_cast_005_T/type_cast_005_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" + "strconv" +) + +func type_cast_005_T(__taint_src string) { + // 场景特点:字符串转换为整数类型 + result, _ := strconv.Atoi(__taint_src) + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "123" + type_cast_005_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_006_F/type_cast_006_F.go b/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_006_F/type_cast_006_F.go new file mode 100644 index 00000000..aaaa1e42 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_006_F/type_cast_006_F.go @@ -0,0 +1,32 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->表达式->类型转换 +// scene introduction = 字符串到数值转换 +// level = 2 +// date = 2025-11-20 19:27:07 +// bind_url = completeness/single_app_tracing/expression/type_cast/type_cast_006_F/type_cast_006_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" + "strconv" +) + +func type_cast_006_F(__taint_src string) { + // 场景特点:字符串转换后重新赋值 + result, _ := strconv.Atoi(__taint_src) + result = 456 + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "123" + type_cast_006_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_007_T/type_cast_007_T.go b/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_007_T/type_cast_007_T.go new file mode 100644 index 00000000..e385fa25 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_007_T/type_cast_007_T.go @@ -0,0 +1,30 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->表达式->类型转换 +// scene introduction = 指针类型转换 +// level = 2 +// date = 2025-11-20 19:27:07 +// bind_url = completeness/single_app_tracing/expression/type_cast/type_cast_007_T/type_cast_007_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func type_cast_007_T(__taint_src *string) { + // 场景特点:指针类型转换为接口类型 + var result interface{} = __taint_src + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "tainted_string" + type_cast_007_T(&__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_008_F/type_cast_008_F.go b/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_008_F/type_cast_008_F.go new file mode 100644 index 00000000..3754fcb1 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/expression/type_cast/type_cast_008_F/type_cast_008_F.go @@ -0,0 +1,31 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->表达式->类型转换 +// scene introduction = 指针类型转换 +// level = 2 +// date = 2025-11-20 19:27:07 +// bind_url = completeness/single_app_tracing/expression/type_cast/type_cast_008_F/type_cast_008_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func type_cast_008_F(__taint_src *string) { + // 场景特点:指针类型转换后重新赋值 + var result interface{} = __taint_src + result = "safe_value" + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "tainted_string" + type_cast_008_F(&__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/anonymous_function_closure/closure_function_001_F/closure_function_001_F.go b/sast-go/cases/completeness/single_app_tracing/function_call/anonymous_function_closure/closure_function_001_F/closure_function_001_F.go index f7597c64..12aeef24 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/anonymous_function_closure/closure_function_001_F/closure_function_001_F.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/anonymous_function_closure/closure_function_001_F/closure_function_001_F.go @@ -4,7 +4,7 @@ // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->匿名函数/闭包 // scene introduction = 一阶闭包 // level = 2 -// bind_url = completeness/single_app_tracing/function_call/anonymous_function_closure/closure_function_001_F +// bind_url = completeness/single_app_tracing/function_call/anonymous_function_closure/closure_function_001_F/closure_function_001_F // evaluation information end package main diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/argument_passing/config.json b/sast-go/cases/completeness/single_app_tracing/function_call/argument_passing/config.json index 0a87a77f..6c3bdd7d 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/argument_passing/config.json +++ b/sast-go/cases/completeness/single_app_tracing/function_call/argument_passing/config.json @@ -31,4 +31,4 @@ ] } ] -} \ No newline at end of file +} diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_002_T/chained_call_002_T.go b/sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_001_T/chained_call_001_T.go similarity index 80% rename from sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_002_T/chained_call_002_T.go rename to sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_001_T/chained_call_001_T.go index 8ca6f9b3..2391f913 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_002_T/chained_call_002_T.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_001_T/chained_call_001_T.go @@ -1,16 +1,16 @@ - // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->链式调用 // scene introduction = 链式调用 // level = 2 -// bind_url = completeness/single_app_tracing/function_call/chained_call/chained_call_002_T/chained_call_002_T +// bind_url = completeness/single_app_tracing/function_call/chained_call/chained_call_001_T/chained_call_001_T // evaluation information end package main + import "os/exec" -func chained_call_002_T(__taint_src string) { +func chained_call_001_T(__taint_src string) { new(A).setName("_").clearName().setName(__taint_src).process() } @@ -34,9 +34,9 @@ func (a *A) process() { func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } +} func main() { - __taint_src := "taint_src_value" - chained_call_002_T(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + chained_call_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_001_F/chained_call_001_F.go b/sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_002_F/chained_call_002_F.go similarity index 80% rename from sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_001_F/chained_call_001_F.go rename to sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_002_F/chained_call_002_F.go index 70ebba6e..c0cc5331 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_001_F/chained_call_001_F.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_002_F/chained_call_002_F.go @@ -1,16 +1,16 @@ - // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->链式调用 // scene introduction = 链式调用 // level = 2 -// bind_url = completeness/single_app_tracing/function_call/chained_call/chained_call_001_F/chained_call_001_F +// bind_url = completeness/single_app_tracing/function_call/chained_call/chained_call_002_F/chained_call_002_F // evaluation information end package main + import "os/exec" -func chained_call_001_F(__taint_src string) { +func chained_call_002_F(__taint_src string) { new(A).setName(__taint_src).clearName().setName("_").process() } @@ -34,9 +34,9 @@ func (a *A) process() { func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } +} func main() { - __taint_src := "taint_src_value" - chained_call_001_F(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + chained_call_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_004_T/chained_call_004_T.go b/sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_003_T/chained_call_003_T.go similarity index 81% rename from sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_004_T/chained_call_004_T.go rename to sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_003_T/chained_call_003_T.go index 39fa760a..d5b950aa 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_004_T/chained_call_004_T.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_003_T/chained_call_003_T.go @@ -1,16 +1,16 @@ - // evaluation information start // real case = true // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->链式调用 // scene introduction = 链式调用 // level = 2 -// bind_url = completeness/single_app_tracing/function_call/chained_call/chained_call_004_T/chained_call_004_T +// bind_url = completeness/single_app_tracing/function_call/chained_call/chained_call_003_T/chained_call_003_T // evaluation information end package main + import "os/exec" -func chained_call_004_T(__taint_src string) { +func chained_call_003_T(__taint_src string) { NewB().SetName(__taint_src).SetOther().Process() } @@ -42,9 +42,9 @@ func (b *B) Process() { func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } +} func main() { - __taint_src := "taint_src_value" - chained_call_004_T(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + chained_call_003_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_003_F/chained_call_003_F.go b/sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_004_F/chained_call_004_F.go similarity index 82% rename from sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_003_F/chained_call_003_F.go rename to sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_004_F/chained_call_004_F.go index e7d6db6c..f415ceb0 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_003_F/chained_call_003_F.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/chained_call/chained_call_004_F/chained_call_004_F.go @@ -1,16 +1,16 @@ - // evaluation information start // real case = false // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->链式调用 // scene introduction = 链式调用 // level = 2 -// bind_url = completeness/single_app_tracing/function_call/chained_call/chained_call_003_F/chained_call_003_F +// bind_url = completeness/single_app_tracing/function_call/chained_call/chained_call_004_F/chained_call_004_F // evaluation information end package main + import "os/exec" -func chained_call_003_F(__taint_src string) { +func chained_call_004_F(__taint_src string) { NewB().SetName(__taint_src).ClearName().SetOther().Process() } @@ -43,9 +43,9 @@ func (b *B) Process() { func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } +} func main() { - __taint_src := "taint_src_value" - chained_call_003_F(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + chained_call_004_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/chained_call/config.json b/sast-go/cases/completeness/single_app_tracing/function_call/chained_call/config.json index 838088e5..e6eb2cc2 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/chained_call/config.json +++ b/sast-go/cases/completeness/single_app_tracing/function_call/chained_call/config.json @@ -7,11 +7,11 @@ "level": "2", "scene_list": [ { - "compose": "!chained_call_001_F/chained_call_001_F.go && chained_call_002_T/chained_call_002_T.go", + "compose": "chained_call_001_T/chained_call_001_T.go && !chained_call_002_F/chained_call_002_F.go", "scene": "链式调用" }, { - "compose": "!chained_call_003_F/chained_call_003_F.go && chained_call_004_T/chained_call_004_T.go", + "compose": "chained_call_003_T/chained_call_003_T.go && !chained_call_004_F/chained_call_004_F.go", "scene": "链式调用2" } ] @@ -19,4 +19,4 @@ ] } ] -} \ No newline at end of file +} diff --git a/sast-go/cases/completeness/single_app_tracing/function_call/higher_order_function/higher_order_function_002_T/higher_order_function_002_T.go b/sast-go/cases/completeness/single_app_tracing/function_call/higher_order_function/higher_order_function_002_T/higher_order_function_002_T.go index 6a5d01df..c257af0a 100644 --- a/sast-go/cases/completeness/single_app_tracing/function_call/higher_order_function/higher_order_function_002_T/higher_order_function_002_T.go +++ b/sast-go/cases/completeness/single_app_tracing/function_call/higher_order_function/higher_order_function_002_T/higher_order_function_002_T.go @@ -4,7 +4,7 @@ // evaluation item = 完整度->单应用跟踪完整度->函数和方法调用->高阶函数 // scene introduction = 一阶 // level = 2 -// bind_url = completeness/single_app_tracing/function_call/higher_order_function/higher_order_function_002_F/higher_order_function_002_F +// bind_url = completeness/single_app_tracing/function_call/higher_order_function/higher_order_function_002_T/higher_order_function_002_T // evaluation information end package main diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/abstract_class/call_implement_method_001_T/call_implement_method_001_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/abstract_class/call_implement_method_001_T/call_implement_method_001_T.go new file mode 100644 index 00000000..10b58f74 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/abstract_class/call_implement_method_001_T/call_implement_method_001_T.go @@ -0,0 +1,48 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->接口与类->抽象类的实现类 +// scene introduction = 实现类方法调用 +// level = 2 +// date = 2025-11-19 15:52:00 +// bind_url = completeness/single_app_tracing/interface_class/abstract_class/call_implement_method_001_T/call_implement_method_001_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +// 定义抽象接口 +type AbstractShape interface { + ProcessData(data string) string +} + +// 实现类 +type Circle struct { + name string +} + +func (c *Circle) ProcessData(data string) string { + // 场景特点:实现类方法处理输入数据并返回 + c.name = data + return c.name +} + +func call_implement_method_001_T(__taint_src string) { + shape := &Circle{} + + // 调用实现类实现的抽象方法 + result := shape.ProcessData(__taint_src) + taint_sink(result) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + call_implement_method_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/abstract_class/call_implement_method_002_F/call_implement_method_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/abstract_class/call_implement_method_002_F/call_implement_method_002_F.go new file mode 100644 index 00000000..defd56dc --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/abstract_class/call_implement_method_002_F/call_implement_method_002_F.go @@ -0,0 +1,48 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->接口与类->抽象类的实现类 +// scene introduction = 实现类方法调用 +// level = 2 +// date = 2025-11-19 15:52:00 +// bind_url = completeness/single_app_tracing/interface_class/abstract_class/call_implement_method_002_F/call_implement_method_002_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +// 定义抽象接口 +type AbstractShape interface { + ProcessData(data string) string +} + +// 实现类 +type Circle struct { + name string +} + +func (c *Circle) ProcessData(data string) string { + // 场景特点:实现类方法处理输入数据,但返回安全值 + c.name = data + return "safe_value" // 返回安全值而非处理后的数据 +} + +func call_implement_method_002_F(__taint_src string) { + shape := &Circle{} + + // 调用实现类实现的抽象方法 + result := shape.ProcessData(__taint_src) + taint_sink(result) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + call_implement_method_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/abstract_class/config.json b/sast-go/cases/completeness/single_app_tracing/interface_class/abstract_class/config.json index e69de29b..2abdd275 100644 --- a/sast-go/cases/completeness/single_app_tracing/interface_class/abstract_class/config.json +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/abstract_class/config.json @@ -0,0 +1,26 @@ +{ + "abstract_class": [ + { + "evaluation_item": "完整度->单应用跟踪完整度->接口与类->抽象类的实现类", + "scene_levels": [ + { + "level": "2", + "scene_list": [ + { + "compose": "create_implement_object_001_T/create_implement_object_001_T.go && !create_implement_object_002_F/create_implement_object_002_F.go", + "scene": "创建实现类对象" + }, + { + "compose": "write_implement_field_001_T/write_implement_field_001_T.go && !write_implement_field_002_F/write_implement_field_002_F.go", + "scene": "实现类字段写入" + }, + { + "compose": "call_implement_method_001_T/call_implement_method_001_T.go && !call_implement_method_002_F/call_implement_method_002_F.go", + "scene": "实现类方法调用" + } + ] + } + ] + } + ] +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/abstract_class/create_implement_object_001_T/create_implement_object_001_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/abstract_class/create_implement_object_001_T/create_implement_object_001_T.go new file mode 100644 index 00000000..47b3c677 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/abstract_class/create_implement_object_001_T/create_implement_object_001_T.go @@ -0,0 +1,52 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->接口与类->抽象类的实现类 +// scene introduction = 创建实现类对象 +// level = 2 +// date = 2025-11-19 14:32:00 +// bind_url = completeness/single_app_tracing/interface_class/abstract_class/create_implement_object_001_T/create_implement_object_001_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +// 定义抽象接口 +type AbstractShape interface { + GetName() string + SetName(name string) +} + +// 实现类 +type Circle struct { + name string +} + +func (c *Circle) GetName() string { + return c.name +} + +func (c *Circle) SetName(name string) { + c.name = name +} + +func create_implement_object_001_T(__taint_src string) { + // 场景特点:通过抽象类引用创建实现类实例 + var shape AbstractShape + shape = &Circle{ + name: __taint_src, + } + taint_sink(shape.GetName()) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + create_implement_object_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/abstract_class/create_implement_object_002_F/create_implement_object_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/abstract_class/create_implement_object_002_F/create_implement_object_002_F.go new file mode 100644 index 00000000..23a1e197 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/abstract_class/create_implement_object_002_F/create_implement_object_002_F.go @@ -0,0 +1,51 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->接口与类->抽象类的实现类 +// scene introduction = 创建实现类对象 +// level = 2 +// date = 2025-11-19 14:32:00 +// bind_url = completeness/single_app_tracing/interface_class/abstract_class/create_implement_object_002_F/create_implement_object_002_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +// 定义抽象接口 +type AbstractShape interface { + GetName() string + SetName(name string) +} + +// 实现类 +type Circle struct { + name string +} + +func (c *Circle) GetName() string { + return c.name +} + +func (c *Circle) SetName(name string) { + c.name = name +} + +func create_implement_object_002_F(__taint_src string) { + // 场景特点:通过抽象类引用创建实现类实例,但数据流中断 + shape := AbstractShape(&Circle{ + name: "safe_value", // 使用安全值而非污点源 + }) + taint_sink(shape.GetName()) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + create_implement_object_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/abstract_class/write_implement_field_001_T/write_implement_field_001_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/abstract_class/write_implement_field_001_T/write_implement_field_001_T.go new file mode 100644 index 00000000..3a9f5ce8 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/abstract_class/write_implement_field_001_T/write_implement_field_001_T.go @@ -0,0 +1,53 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->接口与类->抽象类的实现类 +// scene introduction = 实现类字段写入 +// level = 2 +// date = 2025-11-19 15:52:00 +// bind_url = completeness/single_app_tracing/interface_class/abstract_class/write_implement_field_001_T/write_implement_field_001_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +// 定义抽象接口 +type AbstractShape interface { + GetName() string + SetName(name string) +} + +// 实现类 +type Circle struct { + Name string // 导出字段 +} + +func (c *Circle) GetName() string { + return c.Name +} + +func (c *Circle) SetName(name string) { + c.Name = name +} + +func write_implement_field_001_T(__taint_src string) { + // 场景特点:向实现类对象的导出字段赋值 + shape := &Circle{} + + // 通过类型断言获取具体类型并写入字段 + shape.Name = __taint_src + + taint_sink(shape.GetName()) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + write_implement_field_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/abstract_class/write_implement_field_002_F/write_implement_field_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/abstract_class/write_implement_field_002_F/write_implement_field_002_F.go new file mode 100644 index 00000000..78ed1e06 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/abstract_class/write_implement_field_002_F/write_implement_field_002_F.go @@ -0,0 +1,53 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->接口与类->抽象类的实现类 +// scene introduction = 实现类字段写入 +// level = 2 +// date = 2025-11-19 15:52:00 +// bind_url = completeness/single_app_tracing/interface_class/abstract_class/write_implement_field_002_F/write_implement_field_002_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +// 定义抽象接口 +type AbstractShape interface { + GetName() string + SetName(name string) +} + +// 实现类 +type Circle struct { + Name string // 导出字段 +} + +func (c *Circle) GetName() string { + return c.Name +} + +func (c *Circle) SetName(name string) { + c.Name = name +} + +func write_implement_field_002_F(__taint_src string) { + // 场景特点:向实现类对象的导出字段赋值,但数据流中断 + shape := &Circle{} + + // 向实现类对象的导出字段写入安全值 + shape.Name = "safe_value" // 使用安全值而非污点源 + + taint_sink(shape.GetName()) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + write_implement_field_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/call_anonymous_object_method_001_T/call_anonymous_object_method_001_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/call_anonymous_object_method_001_T/call_anonymous_object_method_001_T.go new file mode 100644 index 00000000..d2a11838 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/call_anonymous_object_method_001_T/call_anonymous_object_method_001_T.go @@ -0,0 +1,39 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->接口与类->匿名对象 +// scene introduction = 调用匿名对象方法 +// level = 2 +// date = 2025-11-19 15:44:00 +// bind_url = completeness/single_app_tracing/interface_class/anonymous_object/call_anonymous_object_method_001_T/call_anonymous_object_method_001_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func call_anonymous_object_method_005_T(__taint_src string) { + // 场景特点:匿名对象定义方法并调用返回污染数据 + obj := struct { + getName func() string + }{ + getName: func() string { + return __taint_src + }, + } + + // 场景特点:调用匿名对象的方法获取返回值 + result := obj.getName() + taint_sink(result) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + call_anonymous_object_method_005_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/call_anonymous_object_method_002_F/call_anonymous_object_method_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/call_anonymous_object_method_002_F/call_anonymous_object_method_002_F.go new file mode 100644 index 00000000..adc76a0b --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/call_anonymous_object_method_002_F/call_anonymous_object_method_002_F.go @@ -0,0 +1,39 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->接口与类->匿名对象 +// scene introduction = 调用匿名对象方法 +// level = 2 +// date = 2025-11-19 15:44:00 +// bind_url = completeness/single_app_tracing/interface_class/anonymous_object/call_anonymous_object_method_002_F/call_anonymous_object_method_002_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func call_anonymous_object_method_006_F(__taint_src string) { + // 场景特点:匿名对象定义方法并调用返回安全数据 + obj := struct { + getName func() string + }{ + getName: func() string { + return "safe_value" + }, + } + + // 场景特点:调用匿名对象的方法获取安全返回值 + result := obj.getName() + taint_sink(result) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + call_anonymous_object_method_006_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/config.json b/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/config.json index e69de29b..a1478546 100644 --- a/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/config.json +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/config.json @@ -0,0 +1,26 @@ +{ + "anonymous_object": [ + { + "evaluation_item": "完整度->单应用跟踪完整度->接口与类->匿名对象", + "scene_levels": [ + { + "level": "2", + "scene_list": [ + { + "compose": "create_anonymous_object_001_T/create_anonymous_object_001_T.go && !create_anonymous_object_002_F/create_anonymous_object_002_F.go", + "scene": "创建匿名对象" + }, + { + "compose": "write_anonymous_object_field_001_T/write_anonymous_object_field_001_T.go && !write_anonymous_object_field_002_F/write_anonymous_object_field_002_F.go", + "scene": "写入匿名对象字段" + }, + { + "compose": "call_anonymous_object_method_001_T/call_anonymous_object_method_001_T.go && !call_anonymous_object_method_002_F/call_anonymous_object_method_002_F.go", + "scene": "调用匿名对象方法" + } + ] + } + ] + } + ] +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/create_anonymous_object_001_T/create_anonymous_object_001_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/create_anonymous_object_001_T/create_anonymous_object_001_T.go new file mode 100644 index 00000000..4576673a --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/create_anonymous_object_001_T/create_anonymous_object_001_T.go @@ -0,0 +1,34 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->接口与类->匿名对象 +// scene introduction = 创建匿名对象 +// level = 2 +// date = 2025-11-19 15:38:00 +// bind_url = completeness/single_app_tracing/interface_class/anonymous_object/create_anonymous_object_001_T/create_anonymous_object_001_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func create_anonymous_object_001_T(__taint_src string) { + // 场景特点:使用结构体字面量创建匿名对象 + person := struct { + name string + }{ + name: __taint_src, + } + taint_sink(person.name) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + create_anonymous_object_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/create_anonymous_object_002_F/create_anonymous_object_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/create_anonymous_object_002_F/create_anonymous_object_002_F.go new file mode 100644 index 00000000..b99caa76 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/create_anonymous_object_002_F/create_anonymous_object_002_F.go @@ -0,0 +1,34 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->接口与类->匿名对象 +// scene introduction = 创建匿名对象 +// level = 2 +// date = 2025-11-19 15:38:00 +// bind_url = completeness/single_app_tracing/interface_class/anonymous_object/create_anonymous_object_002_F/create_anonymous_object_002_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func create_anonymous_object_002_F(__taint_src string) { + // 场景特点:使用结构体字面量创建匿名对象但使用安全值 + person := struct { + name string + }{ + name: "safe_value", + } + taint_sink(person.name) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + create_anonymous_object_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/write_anonymous_object_field_001_T/write_anonymous_object_field_001_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/write_anonymous_object_field_001_T/write_anonymous_object_field_001_T.go new file mode 100644 index 00000000..63b5688c --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/write_anonymous_object_field_001_T/write_anonymous_object_field_001_T.go @@ -0,0 +1,37 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->接口与类->匿名对象 +// scene introduction = 写入匿名对象字段 +// level = 2 +// date = 2025-11-19 15:44:00 +// bind_url = completeness/single_app_tracing/interface_class/anonymous_object/write_anonymous_object_field_001_T/write_anonymous_object_field_001_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func write_anonymous_object_field_003_T(__taint_src string) { + // 场景特点:向匿名对象的字段写入污染数据 + person := struct { + name string + }{ + name: "initial", + } + + // 场景特点:直接给匿名对象字段赋值 + person.name = __taint_src + taint_sink(person.name) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + write_anonymous_object_field_003_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/write_anonymous_object_field_002_F/write_anonymous_object_field_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/write_anonymous_object_field_002_F/write_anonymous_object_field_002_F.go new file mode 100644 index 00000000..7fa11388 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/anonymous_object/write_anonymous_object_field_002_F/write_anonymous_object_field_002_F.go @@ -0,0 +1,37 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->接口与类->匿名对象 +// scene introduction = 写入匿名对象字段 +// level = 2 +// date = 2025-11-19 15:44:00 +// bind_url = completeness/single_app_tracing/interface_class/anonymous_object/write_anonymous_object_field_002_F/write_anonymous_object_field_002_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func write_anonymous_object_field_004_F(__taint_src string) { + // 场景特点:向匿名对象的字段写入安全数据 + person := struct { + name string + }{ + name: "initial", + } + + // 场景特点:直接给匿名对象字段赋安全值 + person.name = "safe_value" + taint_sink(person.name) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + write_anonymous_object_field_004_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/anonymous_struct_field_001_T/anonymous_struct_field_001_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/anonymous_struct_field_001_T/anonymous_struct_field_001_T.go new file mode 100644 index 00000000..427cfd6f --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/anonymous_struct_field_001_T/anonymous_struct_field_001_T.go @@ -0,0 +1,34 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +// scene introduction = 匿名结构体字段访问 +// level = 2 +// bind_url = completeness/single_app_tracing/interface_class/complex_object/anonymous_struct_field_001_T/anonymous_struct_field_001_T +// date: 2025-11-17 14:38:00 +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func anonymous_struct_field_001_T(__taint_src string) { + // 场景特点:访问匿名结构体的字段 + person := struct { + name string + }{ + name: __taint_src, + } + taint_sink(person.name) // 直接访问匿名结构体的字段 +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + anonymous_struct_field_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/anonymous_struct_field_002_F/anonymous_struct_field_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/anonymous_struct_field_002_F/anonymous_struct_field_002_F.go new file mode 100644 index 00000000..966ed0e0 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/anonymous_struct_field_002_F/anonymous_struct_field_002_F.go @@ -0,0 +1,34 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +// scene introduction = 匿名结构体字段访问 +// level = 2 +// bind_url = completeness/single_app_tracing/interface_class/complex_object/anonymous_struct_field_002_F/anonymous_struct_field_002_F +// date: 2025-11-17 14:38:00 +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +func anonymous_struct_field_002_F(__taint_src string) { + // 场景特点:访问匿名结构体的字段但使用安全值 + person := struct { + name string + }{ + name: "safe_value", + } + taint_sink(person.name) // 直接访问匿名结构体的字段 +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + anonymous_struct_field_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/config.json b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/config.json index e69de29b..d887085f 100644 --- a/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/config.json +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/config.json @@ -0,0 +1,51 @@ +{ + "complex_object": [ + { + "evaluation_item": "完整度->单应用跟踪完整度->接口与类->复杂对象", + "scene_levels": [ + { + "level": "2", + "scene_list": [ + { + "compose": "nested_struct_create_001_T/nested_struct_create_001_T.go && !nested_struct_create_002_F/nested_struct_create_002_F.go", + "scene": "嵌套结构体创建" + }, + { + "compose": "struct_pointer_field_001_T/struct_pointer_field_001_T.go && !struct_pointer_field_002_F/struct_pointer_field_002_F.go", + "scene": "结构体指针字段访问" + }, + { + "compose": "interface_field_access_001_T/interface_field_access_001_T.go && !interface_field_access_002_F/interface_field_access_002_F.go", + "scene": "接口类型字段访问" + }, + { + "compose": "nested_pointer_field_001_T/nested_pointer_field_001_T.go && !nested_pointer_field_002_F/nested_pointer_field_002_F.go", + "scene": "结构体嵌套指针字段" + }, + { + "compose": "anonymous_struct_field_001_T/anonymous_struct_field_001_T.go && !anonymous_struct_field_002_F/anonymous_struct_field_002_F.go", + "scene": "匿名结构体字段访问" + }, + { + "compose": "struct_tag_field_001_T/struct_tag_field_001_T.go && !struct_tag_field_002_F/struct_tag_field_002_F.go", + "scene": "结构体标签字段处理" + } + ] + }, + { + "level": "2+", + "scene_list":[ + { + "compose": "deep_nested_field_read_001_T/deep_nested_field_read_001_T.go && !deep_nested_field_read_002_F/deep_nested_field_read_002_F.go", + "scene": "多层嵌套字段读取" + }, + { + "compose": "deep_nested_field_write_001_T/deep_nested_field_write_001_T.go && !deep_nested_field_write_002_F/deep_nested_field_write_002_F.go", + "scene": "多层嵌套字段写入" + } + ] + } + ] + } + ] +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/deep_nested_field_read_001_T/deep_nested_field_read_001_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/deep_nested_field_read_001_T/deep_nested_field_read_001_T.go new file mode 100644 index 00000000..a300acca --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/deep_nested_field_read_001_T/deep_nested_field_read_001_T.go @@ -0,0 +1,62 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +// scene introduction = 多层嵌套字段读取 +// level = 2+ +// date = 2025-11-17 14:32:00 +// bind_url = completeness/single_app_tracing/interface_class/complex_object/deep_nested_field_read_001_T/deep_nested_field_read_001_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type Street struct { + name string + no int +} + +type Address struct { + city string + street Street +} + +type Person struct { + name string + address Address +} + +type Company struct { + name string + manager Person +} + +func deep_nested_field_read_001_T(__taint_src string) { + // 场景特点:读取四层嵌套结构体的最深层字段 + comp := Company{ + name: "TechCorp", + manager: Person{ + name: "John", + address: Address{ + city: "Beijing", + street: Street{ + name: __taint_src, + no: 100, + }, + }, + }, + } + taint_sink(comp.manager.address.street.name) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + deep_nested_field_read_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/deep_nested_field_read_002_F/deep_nested_field_read_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/deep_nested_field_read_002_F/deep_nested_field_read_002_F.go new file mode 100644 index 00000000..0e4d24f6 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/deep_nested_field_read_002_F/deep_nested_field_read_002_F.go @@ -0,0 +1,62 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +// scene introduction = 多层嵌套字段读取 +// level = 2+ +// date = 2025-11-17 14:32:00 +// bind_url = completeness/single_app_tracing/interface_class/complex_object/deep_nested_field_read_002_F/deep_nested_field_read_002_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type Street struct { + name string + no int +} + +type Address struct { + city string + street Street +} + +type Person struct { + name string + address Address +} + +type Company struct { + name string + manager Person +} + +func deep_nested_field_read_002_F(__taint_src string) { + // 场景特点:读取四层嵌套结构体的最深层字段但使用安全值 + comp := Company{ + name: "TechCorp", + manager: Person{ + name: "John", + address: Address{ + city: "Beijing", + street: Street{ + name: "safe_value", + no: 100, + }, + }, + }, + } + taint_sink(comp.manager.address.street.name) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + deep_nested_field_read_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/deep_nested_field_write_001_T/deep_nested_field_write_001_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/deep_nested_field_write_001_T/deep_nested_field_write_001_T.go new file mode 100644 index 00000000..0a39d13a --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/deep_nested_field_write_001_T/deep_nested_field_write_001_T.go @@ -0,0 +1,56 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +// scene introduction = 多层嵌套字段写入 +// level = 2+ +// date = 2025-11-17 14:33:00 +// bind_url = completeness/single_app_tracing/interface_class/complex_object/deep_nested_field_write_001_T/deep_nested_field_write_001_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type Street struct { + name string + no int +} + +type Address struct { + city string + street Street +} + +type Person struct { + name string + address Address +} + +type Company struct { + name string + manager Person +} + +func deep_nested_field_write_001_T(__taint_src string) { + // 场景特点:向四层嵌套结构体的最深层字段赋值 + var comp Company + comp.name = "TechCorp" + comp.manager.name = "John" + comp.manager.address.city = "Beijing" + comp.manager.address.street.name = __taint_src + comp.manager.address.street.no = 100 + + taint_sink(comp.manager.address.street.name) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + deep_nested_field_write_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/deep_nested_field_write_002_F/deep_nested_field_write_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/deep_nested_field_write_002_F/deep_nested_field_write_002_F.go new file mode 100644 index 00000000..6410267f --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/deep_nested_field_write_002_F/deep_nested_field_write_002_F.go @@ -0,0 +1,56 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +// scene introduction = 多层嵌套字段写入 +// level = 2+ +// date = 2025-11-17 14:33:00 +// bind_url = completeness/single_app_tracing/interface_class/complex_object/deep_nested_field_write_002_F/deep_nested_field_write_002_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type Street struct { + name string + no int +} + +type Address struct { + city string + street Street +} + +type Person struct { + name string + address Address +} + +type Company struct { + name string + manager Person +} + +func deep_nested_field_write_002_F(__taint_src string) { + // 场景特点:向四层嵌套结构体的最深层字段赋值但使用安全值 + var comp Company + comp.name = "TechCorp" + comp.manager.name = "John" + comp.manager.address.city = "Beijing" + comp.manager.address.street.name = "safe_value" + comp.manager.address.street.no = 100 + + taint_sink(comp.manager.address.street.name) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + deep_nested_field_write_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/interface_field_access_001_T/interface_field_access_001_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/interface_field_access_001_T/interface_field_access_001_T.go new file mode 100644 index 00000000..db596083 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/interface_field_access_001_T/interface_field_access_001_T.go @@ -0,0 +1,47 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +// scene introduction = 接口类型字段访问 +// level = 2 +// date = 2025-11-17 14:36:00 +// bind_url = completeness/single_app_tracing/interface_class/complex_object/interface_field_access_001_T/interface_field_access_001_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type DataHolder interface { + GetData() string +} + +type MyData struct { + data string +} + +func (m MyData) GetData() string { + return m.data +} + +type Container struct { + holder DataHolder +} + +func interface_field_access_001_T(__taint_src string) { + // 场景特点:通过接口类型访问底层结构体字段 + data := MyData{data: __taint_src} + container := Container{holder: data} + taint_sink(container.holder.GetData()) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + interface_field_access_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/interface_field_access_002_F/interface_field_access_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/interface_field_access_002_F/interface_field_access_002_F.go new file mode 100644 index 00000000..7ddb06fb --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/interface_field_access_002_F/interface_field_access_002_F.go @@ -0,0 +1,47 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +// scene introduction = 接口类型字段访问 +// level = 2 +// date = 2025-11-17 14:36:00 +// bind_url = completeness/single_app_tracing/interface_class/complex_object/interface_field_access_002_F/interface_field_access_002_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type DataHolder interface { + GetData() string +} + +type MyData struct { + data string +} + +func (m MyData) GetData() string { + return m.data +} + +type Container struct { + holder DataHolder +} + +func interface_field_access_002_F(__taint_src string) { + // 场景特点:通过接口类型访问底层结构体字段但使用安全值 + data := MyData{data: "safe_value"} + container := Container{holder: data} + taint_sink(container.holder.GetData()) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + interface_field_access_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/nested_pointer_field_001_T/nested_pointer_field_001_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/nested_pointer_field_001_T/nested_pointer_field_001_T.go new file mode 100644 index 00000000..b44d0be4 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/nested_pointer_field_001_T/nested_pointer_field_001_T.go @@ -0,0 +1,48 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +// scene introduction = 结构体嵌套指针字段 +// level = 2 +// date = 2025-11-17 14:37:00 +// bind_url = completeness/single_app_tracing/interface_class/complex_object/nested_pointer_field_001_T/nested_pointer_field_001_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type Contact struct { + phone *string + email string +} + +type Person struct { + name string + contact Contact +} + +func nested_pointer_field_001_T(__taint_src string) { + // 场景特点:访问嵌套结构体中的指针字段 + phone := __taint_src + contact := Contact{ + phone: &phone, + email: "test@example.com", + } + person := Person{ + name: "John", + contact: contact, + } + taint_sink(*person.contact.phone) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + nested_pointer_field_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/nested_pointer_field_002_F/nested_pointer_field_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/nested_pointer_field_002_F/nested_pointer_field_002_F.go new file mode 100644 index 00000000..f11b9af0 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/nested_pointer_field_002_F/nested_pointer_field_002_F.go @@ -0,0 +1,48 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +// scene introduction = 结构体嵌套指针字段 +// level = 2 +// date = 2025-11-17 14:37:00 +// bind_url = completeness/single_app_tracing/interface_class/complex_object/nested_pointer_field_002_F/nested_pointer_field_002_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type Contact struct { + phone *string + email string +} + +type Person struct { + name string + contact Contact +} + +func nested_pointer_field_002_F(__taint_src string) { + // 场景特点:访问嵌套结构体中的指针字段但使用安全值 + phone := "safe_value" + contact := Contact{ + phone: &phone, + email: "test@example.com", + } + person := Person{ + name: "John", + contact: contact, + } + taint_sink(*person.contact.phone) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + nested_pointer_field_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/nested_struct_create_001_T/nested_struct_create_001_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/nested_struct_create_001_T/nested_struct_create_001_T.go new file mode 100644 index 00000000..d8cda4ff --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/nested_struct_create_001_T/nested_struct_create_001_T.go @@ -0,0 +1,54 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +// scene introduction = 嵌套结构体创建 +// level = 2 +// date = 2025-11-17 14:30:00 +// bind_url = completeness/single_app_tracing/interface_class/complex_object/nested_struct_create_001_T/nested_struct_create_001_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type Address struct { + city string + street string +} + +type Person struct { + name string + address Address +} + +type Company struct { + name string + manager Person +} + +func nested_struct_create_001_T(__taint_src string) { + // 场景特点:创建多层嵌套结构体并初始化最内层字段 + comp := Company{ + name: "TechCorp", + manager: Person{ + name: __taint_src, + address: Address{ + city: "Beijing", + street: "Main St", + }, + }, + } + taint_sink(comp.manager.name) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + nested_struct_create_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/nested_struct_create_002_F/nested_struct_create_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/nested_struct_create_002_F/nested_struct_create_002_F.go new file mode 100644 index 00000000..a6e0c7df --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/nested_struct_create_002_F/nested_struct_create_002_F.go @@ -0,0 +1,54 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +// scene introduction = 嵌套结构体创建 +// level = 2 +// date = 2025-11-17 14:30:00 +// bind_url = completeness/single_app_tracing/interface_class/complex_object/nested_struct_create_002_F/nested_struct_create_002_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type Address struct { + city string + street string +} + +type Person struct { + name string + address Address +} + +type Company struct { + name string + manager Person +} + +func nested_struct_create_002_F(__taint_src string) { + // 场景特点:创建多层嵌套结构体但使用安全值初始化 + comp := Company{ + name: "TechCorp", + manager: Person{ + name: "safe_value", + address: Address{ + city: "Beijing", + street: "Main St", + }, + }, + } + taint_sink(comp.manager.name) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + nested_struct_create_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/struct_pointer_field_001_T/struct_pointer_field_001_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/struct_pointer_field_001_T/struct_pointer_field_001_T.go new file mode 100644 index 00000000..fe015fb3 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/struct_pointer_field_001_T/struct_pointer_field_001_T.go @@ -0,0 +1,47 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +// scene introduction = 结构体指针字段访问 +// level = 2 +// date = 2025-11-17 14:31:00 +// bind_url = completeness/single_app_tracing/interface_class/complex_object/struct_pointer_field_001_T/struct_pointer_field_001_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type Address struct { + city string + street string +} + +type Person struct { + name string + address *Address +} + +func struct_pointer_field_001_T(__taint_src string) { + // 场景特点:通过指针访问嵌套结构体字段 + addr := &Address{ + city: __taint_src, + street: "Main St", + } + person := Person{ + name: "John", + address: addr, + } + taint_sink(person.address.city) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + struct_pointer_field_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/struct_pointer_field_002_F/struct_pointer_field_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/struct_pointer_field_002_F/struct_pointer_field_002_F.go new file mode 100644 index 00000000..0e10e0c0 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/struct_pointer_field_002_F/struct_pointer_field_002_F.go @@ -0,0 +1,47 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +// scene introduction = 结构体指针字段访问 +// level = 2 +// date = 2025-11-17 14:31:00 +// bind_url = completeness/single_app_tracing/interface_class/complex_object/struct_pointer_field_002_F/struct_pointer_field_002_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type Address struct { + city string + street string +} + +type Person struct { + name string + address *Address +} + +func struct_pointer_field_002_F(__taint_src string) { + // 场景特点:通过指针访问嵌套结构体字段但使用安全值 + addr := &Address{ + city: "safe_value", + street: "Main St", + } + person := Person{ + name: "John", + address: addr, + } + taint_sink(person.address.city) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + struct_pointer_field_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/struct_tag_field_001_T/struct_tag_field_001_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/struct_tag_field_001_T/struct_tag_field_001_T.go new file mode 100644 index 00000000..0e08552e --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/struct_tag_field_001_T/struct_tag_field_001_T.go @@ -0,0 +1,45 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +// scene introduction = 结构体标签字段处理 +// level = 2 +// date = 2025-11-17 14:39:00 +// bind_url = completeness/single_app_tracing/interface_class/complex_object/struct_tag_field_001_T/struct_tag_field_001_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" + "reflect" +) + +type Person struct { + Name string `json:"name"` // 带标签的字段 + Age int `json:"age"` +} + +func struct_tag_field_001_T(__taint_src string) { + // 场景特点:通过反射访问带标签的结构体字段 + person := Person{ + Name: __taint_src, + Age: 25, + } + + // 使用反射获取字段值 + v := reflect.ValueOf(person) + field := v.FieldByName("Name") + if field.IsValid() { + taint_sink(field.String()) + } +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + struct_tag_field_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/struct_tag_field_002_F/struct_tag_field_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/struct_tag_field_002_F/struct_tag_field_002_F.go new file mode 100644 index 00000000..a0b314b3 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/complex_object/struct_tag_field_002_F/struct_tag_field_002_F.go @@ -0,0 +1,45 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->接口与类->复杂对象 +// scene introduction = 结构体标签字段处理 +// level = 2 +// date = 2025-11-17 14:39:00 +// bind_url = completeness/single_app_tracing/interface_class/complex_object/struct_tag_field_002_F/struct_tag_field_002_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" + "reflect" +) + +type Person struct { + Name string `json:"name"` // 带标签的字段 + Age int `json:"age"` +} + +func struct_tag_field_002_F(__taint_src string) { + // 场景特点:通过反射访问带标签的结构体字段但使用安全值 + person := Person{ + Name: "safe_value", + Age: 25, + } + + // 使用反射获取字段值 + v := reflect.ValueOf(person) + field := v.FieldByName("Name") + if field.IsValid() { + taint_sink(field.String()) + } +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + struct_tag_field_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/config.json b/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/config.json index e69ba0d0..de7e8aa3 100644 --- a/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/config.json +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/config.json @@ -1,18 +1,26 @@ { "interface_implementation": [ { - "evaluation_item": "完整度->单应用跟踪完整度->接口与类->简单对象", + "evaluation_item": "完整度->单应用跟踪完整度->接口与类->接口的实现", "scene_levels": [ { "level": "2", "scene_list": [ { - "compose": "interface_class_001_T/interface_class_001_T.go && !interface_class_002_F/interface_class_002_F.go", + "compose": "struct_injection_interface_001_T/struct_injection_interface_001_T.go && !struct_injection_interface_002_F/struct_injection_interface_002_F.go", "scene": "结构体注入接口" + }, + { + "compose": "direct_assignment_001_T/direct_assignment_002_T.go && !direct_assignment_002_F/direct_assignment_002_F.go", + "scene": "接口直接赋值" + }, + { + "compose": "field_assignment_001_T/field_assignment_001_T.go && !field_assignment_002_F/field_assignment_002_F.go", + "scene": "接口字段赋值" } ] } ] } ] -} \ No newline at end of file +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/direct_assignment_001_T/direct_assignment_002_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/direct_assignment_001_T/direct_assignment_002_T.go new file mode 100644 index 00000000..e8fc870d --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/direct_assignment_001_T/direct_assignment_002_T.go @@ -0,0 +1,44 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->接口与类->接口的实现 +// scene introduction = 接口直接赋值 +// level = 2 +// bind_url = completeness/single_app_tracing/interface_class/interface_implementation/direct_assignment_001_T/direct_assignment_002_T +// evaluation information end + +package main + +import "os/exec" + +func interface_direct_assignment_003_T(__taint_src string) { + // 场景特点:接口类型变量直接赋值为实现类实例 + var testInterface IIctest + testImpl := &IctestImpl{} + testInterface = testImpl + + // 通过接口调用方法,污点数据直接传递 + result, _ := testInterface.test(__taint_src) + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +// IIctest 定义了测试接口 +type IIctest interface { + test(taint_src string) (interface{}, error) +} + +// IctestImpl 是 IIctest 的实现 +type IctestImpl struct{} + +// test 实现接口方法,直接返回污点数据 +func (s *IctestImpl) test(taint_src string) (interface{}, error) { + return taint_src, nil +} + +func main() { + __taint_src := "taint_src_value" + interface_direct_assignment_003_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/direct_assignment_002_F/direct_assignment_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/direct_assignment_002_F/direct_assignment_002_F.go new file mode 100644 index 00000000..4a73bae7 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/direct_assignment_002_F/direct_assignment_002_F.go @@ -0,0 +1,44 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->接口与类->接口的实现 +// scene introduction = 接口直接赋值 +// level = 2 +// bind_url = completeness/single_app_tracing/interface_class/interface_implementation/direct_assignment_002_F/direct_assignment_002_F +// evaluation information end + +package main + +import "os/exec" + +func interface_direct_assignment_004_F(__taint_src string) { + // 场景特点:接口类型变量直接赋值为实现类实例 + var testInterface IIctest + testImpl := &IctestImpl{} + testInterface = testImpl + + // 通过接口调用方法,但传入固定字符串而非污点数据 + result, _ := testInterface.test("safe_string") + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +// IIctest 定义了测试接口 +type IIctest interface { + test(taint_src string) (interface{}, error) +} + +// IctestImpl 是 IIctest 的实现 +type IctestImpl struct{} + +// test 实现接口方法,直接返回传入数据 +func (s *IctestImpl) test(taint_src string) (interface{}, error) { + return taint_src, nil +} + +func main() { + __taint_src := "taint_src_value" + interface_direct_assignment_004_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/field_assignment_001_T/field_assignment_001_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/field_assignment_001_T/field_assignment_001_T.go new file mode 100644 index 00000000..d837ff8a --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/field_assignment_001_T/field_assignment_001_T.go @@ -0,0 +1,49 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->接口与类->接口的实现 +// scene introduction = 接口字段赋值 +// level = 2 +// bind_url = completeness/single_app_tracing/interface_class/interface_implementation/field_assignment_001_T/field_assignment_001_T +// evaluation information end + +package main + +import "os/exec" + +func interface_field_assignment_011_T(__taint_src string) { + // 场景特点:将接口类型字段赋值为实现类实例 + container := &Container{} + testImpl := &IctestImpl{} + container.testInterface = testImpl + + // 通过结构体字段调用接口方法,污点数据直接传递 + result, _ := container.testInterface.test(__taint_src) + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +// IIctest 定义了测试接口 +type IIctest interface { + test(taint_src string) (interface{}, error) +} + +// IctestImpl 是 IIctest 的实现 +type IctestImpl struct{} + +// test 实现接口方法,直接返回污点数据 +func (s *IctestImpl) test(taint_src string) (interface{}, error) { + return taint_src, nil +} + +// Container 包含接口类型字段 +type Container struct { + testInterface IIctest +} + +func main() { + __taint_src := "taint_src_value" + interface_field_assignment_011_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/field_assignment_002_F/field_assignment_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/field_assignment_002_F/field_assignment_002_F.go new file mode 100644 index 00000000..1ab9a845 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/field_assignment_002_F/field_assignment_002_F.go @@ -0,0 +1,49 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->接口与类->接口的实现 +// scene introduction = 接口字段赋值 +// level = 2 +// bind_url = completeness/single_app_tracing/interface_class/interface_implementation/field_assignment_002_F/field_assignment_002_F +// evaluation information end + +package main + +import "os/exec" + +func interface_field_assignment_012_F(__taint_src string) { + // 场景特点:将接口类型字段赋值为实现类实例 + container := &Container{} + testImpl := &IctestImpl{} + container.testInterface = testImpl + + // 通过结构体字段调用接口方法,但传入固定字符串而非污点数据 + result, _ := container.testInterface.test("safe_string") + __taint_sink(result) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", o.(string)).Run() +} + +// IIctest 定义了测试接口 +type IIctest interface { + test(taint_src string) (interface{}, error) +} + +// IctestImpl 是 IIctest 的实现 +type IctestImpl struct{} + +// test 实现接口方法,直接返回传入数据 +func (s *IctestImpl) test(taint_src string) (interface{}, error) { + return taint_src, nil +} + +// Container 包含接口类型字段 +type Container struct { + testInterface IIctest +} + +func main() { + __taint_src := "taint_src_value" + interface_field_assignment_012_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/interface_class_001_T/interface_class_001_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/struct_injection_interface_001_T/struct_injection_interface_001_T.go similarity index 74% rename from sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/interface_class_001_T/interface_class_001_T.go rename to sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/struct_injection_interface_001_T/struct_injection_interface_001_T.go index 2d6155b1..5ac6d320 100644 --- a/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/interface_class_001_T/interface_class_001_T.go +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/struct_injection_interface_001_T/struct_injection_interface_001_T.go @@ -1,15 +1,16 @@ // evaluation information start // real case = true -// evaluation item = 完整度->单应用跟踪完整度->接口与类->简单对象 +// evaluation item = 完整度->单应用跟踪完整度->接口与类->接口的实现 // scene introduction = 结构体注入接口 // level = 2 -// bind_url = completeness/single_app_tracing/interface_class/interface_implementation/interface_class_001_T/interface_class_001_T +// bind_url = completeness/single_app_tracing/interface_class/interface_implementation/struct_injection_interface_001_T/struct_injection_interface_001_T // evaluation information end package main + import "os/exec" -func interface_class_001_T(__taint_src string) { +func struct_injection_interface_001_T(__taint_src string) { // 创建 IctestImpl 实例 testSvc := &IctestImpl{} @@ -30,7 +31,7 @@ type IIctest interface { test(taint_src string) (interface{}, error) } -//IctestAPI 是业务门面,对外暴露统一 API,内部依赖 IIctest 实现 +// IctestAPI 是业务门面,对外暴露统一 API,内部依赖 IIctest 实现 type IctestAPI struct { _test_svc IIctest } @@ -42,7 +43,7 @@ func NewIctestAPI(testSvc IIctest) *IctestAPI { } } -// GetTest 通过接口调用底层实现,将输入原样返回(导致污点传播) +// GetTest 通过接口调用底层实现,将输入原样返回(导致污点传播) func (e *IctestAPI) GetTest(taint_src string) (interface{}, error) { return e._test_svc.test(taint_src) } @@ -50,7 +51,7 @@ func (e *IctestAPI) GetTest(taint_src string) (interface{}, error) { // IctestImpl 是 IIctest 的默认实现 type IctestImpl struct{} -//test 实现 IIctest 接口,直接将 taint_src 返回,不做任何校验 +// test 实现 IIctest 接口,直接将 taint_src 返回,不做任何校验 func (s *IctestImpl) test(taint_src string) (interface{}, error) { // 污点数据未经处理直接返回 return taint_src, nil @@ -58,5 +59,5 @@ func (s *IctestImpl) test(taint_src string) (interface{}, error) { func main() { __taint_src := "taint_src_value" - interface_class_001_T(__taint_src) -} \ No newline at end of file + struct_injection_interface_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/interface_class_002_F/interface_class_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/struct_injection_interface_002_F/struct_injection_interface_002_F.go similarity index 63% rename from sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/interface_class_002_F/interface_class_002_F.go rename to sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/struct_injection_interface_002_F/struct_injection_interface_002_F.go index fae163ef..3fbd6b35 100644 --- a/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/interface_class_002_F/interface_class_002_F.go +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/interface_implementation/struct_injection_interface_002_F/struct_injection_interface_002_F.go @@ -1,15 +1,16 @@ // evaluation information start // real case = false -// evaluation item = 完整度->单应用跟踪完整度->接口与类->简单对象 +// evaluation item = 完整度->单应用跟踪完整度->接口与类->接口的实现 // scene introduction = 结构体注入接口 // level = 2 -// bind_url = completeness/single_app_tracing/interface_class/interface_implementation/interface_class_002_F/interface_class_002_F +// bind_url = completeness/single_app_tracing/interface_class/interface_implementation/struct_injection_interface_002_F/struct_injection_interface_002_F // evaluation information end package main + import "os/exec" -func interface_class_002_F(__taint_src string) { +func struct_injection_interface_002_F(__taint_src string) { //创建 IctestImpl 实例 testSvc := &IctestImpl{} @@ -20,43 +21,43 @@ func interface_class_002_F(__taint_src string) { result, _ := testAPI.GetTest("aa") __taint_sink(result) } - + func __taint_sink(o interface{}) { _ = exec.Command("sh", "-c", o.(string)).Run() - } +} -//IIctest 定义了业务层接口,用于演示接口与实现的解耦 +// IIctest 定义了业务层接口,用于演示接口与实现的解耦 type IIctest interface { test(taint_src string) (interface{}, error) } -//IctestAPI 是业务门面,对外暴露统一 API,内部依赖 IIctest 实现 +// IctestAPI 是业务门面,对外暴露统一 API,内部依赖 IIctest 实现 type IctestAPI struct { _test_svc IIctest } -//NewIctestAPI 构造器,注入 IIctest 实现 +// NewIctestAPI 构造器,注入 IIctest 实现 func NewIctestAPI(testSvc IIctest) *IctestAPI { return &IctestAPI{ _test_svc: testSvc, } } -//GetTest 通过接口调用底层实现,将输入原样返回 +// GetTest 通过接口调用底层实现,将输入原样返回 func (e *IctestAPI) GetTest(taint_src string) (interface{}, error) { return e._test_svc.test(taint_src) } -//IctestImpl 是 IIctest 的默认实现 +// IctestImpl 是 IIctest 的默认实现 type IctestImpl struct{} -//test 实现 IIctest 接口,直接将 传入的值 返回,不做任何校验 +// test 实现 IIctest 接口,直接将 传入的值 返回,不做任何校验 func (s *IctestImpl) test(taint_src string) (interface{}, error) { //污点数据未经处理直接返回 return taint_src, nil } func main() { - __taint_src := "taint_src_value" - interface_class_002_F(__taint_src) -} \ No newline at end of file + __taint_src := "taint_src_value" + struct_injection_interface_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/config.json b/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/config.json index e69de29b..ec361311 100644 --- a/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/config.json +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/config.json @@ -0,0 +1,30 @@ +{ + "simple_object": [ + { + "evaluation_item": "完整度->单应用跟踪完整度->接口与类->简单对象", + "scene_levels": [ + { + "level": "2", + "scene_list": [ + { + "compose": "create_object_001_T/create_object_001_T.go && !create_object_002_F/create_object_002_F.go", + "scene": "创建对象->结构体初始化" + }, + { + "compose": "create_object_003_T/create_object_003_T.go && !create_object_004_F/create_object_004_F.go", + "scene": "创建对象->new分配" + }, + { + "compose": "write_object_property_001_T/write_object_property_001_T.go && !write_object_property_002_F/write_object_property_002_F.go", + "scene": "写入对象属性->直接赋值" + }, + { + "compose": "write_object_property_003_T/write_object_property_003_T.go && !write_object_property_004_F/write_object_property_004_F.go", + "scene": "写入对象属性->指针赋值" + } + ] + } + ] + } + ] +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/create_object_001_T/create_object_001_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/create_object_001_T/create_object_001_T.go new file mode 100644 index 00000000..781621ef --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/create_object_001_T/create_object_001_T.go @@ -0,0 +1,38 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->接口与类->简单对象 +// scene introduction = 创建对象->结构体初始化 +// level = 2 +// date = 2025-11-14 18:40:00 +// bind_url = completeness/single_app_tracing/interface_class/simple_object/create_object_001_T/create_object_001_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type Person struct { + name string + age int +} + +func create_object_001_T(__taint_src string) { + // 场景特点:使用字面值初始化结构体 + p := Person{ + name: __taint_src, + age: 25, + } + taint_sink(p.name) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + create_object_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/create_object_002_F/create_object_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/create_object_002_F/create_object_002_F.go new file mode 100644 index 00000000..e2b4a568 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/create_object_002_F/create_object_002_F.go @@ -0,0 +1,38 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->接口与类->简单对象 +// scene introduction = 创建对象->结构体初始化 +// level = 2 +// date = 2025-11-14 18:40:00 +// bind_url = completeness/single_app_tracing/interface_class/simple_object/create_object_002_F/create_object_002_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type Person struct { + name string + age int +} + +func create_object_002_F(__taint_src string) { + // 场景特点:使用字面值初始化结构体但使用安全值 + p := Person{ + name: "safe_value", + age: 25, + } + taint_sink(p.name) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + create_object_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/create_object_003_T/create_object_003_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/create_object_003_T/create_object_003_T.go new file mode 100644 index 00000000..e3bb52f6 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/create_object_003_T/create_object_003_T.go @@ -0,0 +1,37 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->接口与类->简单对象 +// scene introduction = 创建对象->new分配 +// level = 2 +// date = 2025-11-14 18:40:00 +// bind_url = completeness/single_app_tracing/interface_class/simple_object/create_object_003_T/create_object_003_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type Person struct { + name string + age int +} + +func create_object_003_T(__taint_src string) { + // 场景特点:使用new关键字创建结构体实例 + p := new(Person) + p.name = __taint_src + p.age = 25 + taint_sink(p.name) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + create_object_003_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/create_object_004_F/create_object_004_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/create_object_004_F/create_object_004_F.go new file mode 100644 index 00000000..bef9e412 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/create_object_004_F/create_object_004_F.go @@ -0,0 +1,37 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->接口与类->简单对象 +// scene introduction = 创建对象->new分配 +// level = 2 +// date = 2025-11-14 18:40:00 +// bind_url = completeness/single_app_tracing/interface_class/simple_object/create_object_004_F/create_object_004_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type Person struct { + name string + age int +} + +func create_object_004_F(__taint_src string) { + // 场景特点:使用new关键字创建结构体实例但使用安全值 + p := new(Person) + p.name = "safe_value" + p.age = 25 + taint_sink(p.name) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + create_object_004_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/write_object_property_001_T/write_object_property_001_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/write_object_property_001_T/write_object_property_001_T.go new file mode 100644 index 00000000..9de9e607 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/write_object_property_001_T/write_object_property_001_T.go @@ -0,0 +1,37 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->接口与类->简单对象 +// scene introduction = 写入对象属性->直接赋值 +// level = 2 +// date = 2025-11-14 18:40:00 +// bind_url = completeness/single_app_tracing/interface_class/simple_object/write_object_property_001_T/write_object_property_001_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type Person struct { + name string + age int +} + +func write_object_property_001_T(__taint_src string) { + // 场景特点:给结构体字段直接赋值 + var p Person + p.name = __taint_src + p.age = 25 + taint_sink(p.name) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + write_object_property_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/write_object_property_002_F/write_object_property_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/write_object_property_002_F/write_object_property_002_F.go new file mode 100644 index 00000000..e230d4c4 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/write_object_property_002_F/write_object_property_002_F.go @@ -0,0 +1,37 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->接口与类->简单对象 +// scene introduction = 写入对象属性->直接赋值 +// level = 2 +// date = 2025-11-14 18:40:00 +// bind_url = completeness/single_app_tracing/interface_class/simple_object/write_object_property_002_F/write_object_property_002_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type Person struct { + name string + age int +} + +func write_object_property_002_F(__taint_src string) { + // 场景特点:给结构体字段直接赋值但使用安全值 + var p Person + p.name = "safe_value" + p.age = 25 + taint_sink(p.name) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + write_object_property_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/write_object_property_003_T/write_object_property_003_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/write_object_property_003_T/write_object_property_003_T.go new file mode 100644 index 00000000..28fdda1b --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/write_object_property_003_T/write_object_property_003_T.go @@ -0,0 +1,37 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->接口与类->简单对象 +// scene introduction = 写入对象属性->指针赋值 +// level = 2 +// date = 2025-11-14 18:40:00 +// bind_url = completeness/single_app_tracing/interface_class/simple_object/write_object_property_003_T/write_object_property_003_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type Person struct { + name string + age int +} + +func write_object_property_003_T(__taint_src string) { + // 场景特点:给指针结构体字段赋值 + p := &Person{} + p.name = __taint_src + p.age = 25 + taint_sink(p.name) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + write_object_property_003_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/write_object_property_004_F/write_object_property_004_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/write_object_property_004_F/write_object_property_004_F.go new file mode 100644 index 00000000..459eaa09 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/simple_object/write_object_property_004_F/write_object_property_004_F.go @@ -0,0 +1,37 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->接口与类->简单对象 +// scene introduction = 写入对象属性->指针赋值 +// level = 2 +// date = 2025-11-14 18:40:00 +// bind_url = completeness/single_app_tracing/interface_class/simple_object/write_object_property_004_F/write_object_property_004_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type Person struct { + name string + age int +} + +func write_object_property_004_F(__taint_src string) { + // 场景特点:给指针结构体字段赋值但使用安全值 + p := &Person{} + p.name = "safe_value" + p.age = 25 + taint_sink(p.name) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + write_object_property_004_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/config.json b/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/config.json index e69de29b..44350462 100644 --- a/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/config.json +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/config.json @@ -0,0 +1,26 @@ +{ + "subclass": [ + { + "evaluation_item": "完整度->单应用跟踪完整度->接口与类->子类对象", + "scene_levels": [ + { + "level": "2", + "scene_list": [ + { + "compose": "object_creation_001_T/object_creation_001_T.go && !object_creation_002_F/object_creation_002_F.go", + "scene": "子类对象创建" + }, + { + "compose": "field_write_001_T/field_write_001_T.go && !field_write_002_F/field_write_002_F.go", + "scene": "子类字段写入" + }, + { + "compose": "method_call_001_T/method_call_001_T.go && !method_call_002_F/method_call_002_F.go", + "scene": "子类方法调用" + } + ] + } + ] + } + ] +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/field_write_001_T/field_write_001_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/field_write_001_T/field_write_001_T.go new file mode 100644 index 00000000..06f5ac00 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/field_write_001_T/field_write_001_T.go @@ -0,0 +1,41 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->接口与类->子类对象 +// scene introduction = 子类字段写入 +// level = 2 +// date = 2025-11-18 14:15:00 +// bind_url = completeness/single_app_tracing/interface_class/subclass/field_write_001_T/field_write_001_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type Base struct { + id int +} + +type SubClass struct { + name string + Base +} + +func subclass_field_write_005_T(__taint_src string) { + // 场景特点:给子类结构体字段直接赋值 + var s SubClass + s.id = 1 + s.name = __taint_src + taint_sink(s.name) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + subclass_field_write_005_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/field_write_002_F/field_write_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/field_write_002_F/field_write_002_F.go new file mode 100644 index 00000000..c4237940 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/field_write_002_F/field_write_002_F.go @@ -0,0 +1,41 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->接口与类->子类对象 +// scene introduction = 子类字段写入 +// level = 2 +// date = 2025-11-18 14:15:00 +// bind_url = completeness/single_app_tracing/interface_class/subclass/field_write_002_F/field_write_002_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type Base struct { + id int +} + +type SubClass struct { + name string + Base +} + +func subclass_field_write_006_F(__taint_src string) { + // 场景特点:给子类结构体字段直接赋值但使用安全值 + var s SubClass + s.id = 1 + s.name = "safe_value" + taint_sink(s.name) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + subclass_field_write_006_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/method_call_001_T/method_call_001_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/method_call_001_T/method_call_001_T.go new file mode 100644 index 00000000..64f5618f --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/method_call_001_T/method_call_001_T.go @@ -0,0 +1,50 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->接口与类->子类对象 +// scene introduction = 子类方法调用 +// level = 2 +// date = 2025-11-18 14:15:00 +// bind_url = completeness/single_app_tracing/interface_class/subclass/method_call_001_T/method_call_001_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type Base struct { + id int +} + +func (b Base) GetID() int { + return b.id +} + +type SubClass struct { + name string + Base +} + +func (s SubClass) GetName() string { + return s.name +} + +func subclass_method_call_007_T(__taint_src string) { + // 场景特点:调用子类的实例方法获取字段值 + s := SubClass{ + Base: Base{id: 1}, + name: __taint_src, + } + taint_sink(s.GetName()) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + subclass_method_call_007_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/method_call_002_F/method_call_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/method_call_002_F/method_call_002_F.go new file mode 100644 index 00000000..1b56ee59 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/method_call_002_F/method_call_002_F.go @@ -0,0 +1,50 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->接口与类->子类对象 +// scene introduction = 子类方法调用 +// level = 2 +// date = 2025-11-18 14:15:00 +// bind_url = completeness/single_app_tracing/interface_class/subclass/method_call_002_F/method_call_002_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type Base struct { + id int +} + +func (b Base) GetID() int { + return b.id +} + +type SubClass struct { + name string + Base +} + +func (s SubClass) GetName() string { + return s.name +} + +func subclass_method_call_008_F(__taint_src string) { + // 场景特点:调用子类的实例方法获取字段值但使用安全值 + s := SubClass{ + Base: Base{id: 1}, + name: "safe_value", + } + taint_sink(s.GetName()) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + subclass_method_call_008_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/object_creation_001_T/object_creation_001_T.go b/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/object_creation_001_T/object_creation_001_T.go new file mode 100644 index 00000000..e462c3c0 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/object_creation_001_T/object_creation_001_T.go @@ -0,0 +1,41 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->接口与类->子类对象 +// scene introduction = 子类对象创建 +// level = 2 +// bind_url = completeness/single_app_tracing/interface_class/subclass/object_creation_001_T/object_creation_001_T +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type Base struct { + id int +} + +type SubClass struct { + name string + Base +} + +func object_creation_001_T(__taint_src string) { + // 场景特点:使用字面值初始化子类结构体 + s := SubClass{ + Base: Base{id: 1}, + name: __taint_src, + } + taint_sink(s.name) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + object_creation_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/object_creation_002_F/object_creation_002_F.go b/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/object_creation_002_F/object_creation_002_F.go new file mode 100644 index 00000000..567d9e82 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/interface_class/subclass/object_creation_002_F/object_creation_002_F.go @@ -0,0 +1,42 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->接口与类->子类对象 +// scene introduction = 子类对象创建 +// level = 2 +// date = 2025-11-18 14:15:00 +// bind_url = completeness/single_app_tracing/interface_class/subclass/object_creation_002_F/object_creation_002_F +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +type Base struct { + id int +} + +type SubClass struct { + name string + Base +} + +func subclass_object_creation_002_F(__taint_src string) { + // 场景特点:使用字面值初始化子类结构体但使用安全值 + s := SubClass{ + Base: Base{id: 1}, + name: "safe_value", + } + taint_sink(s.name) +} + +func taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + subclass_object_creation_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/variable_scope/public/config.json b/sast-go/cases/completeness/single_app_tracing/variable_scope/public/config.json new file mode 100644 index 00000000..93342ae5 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/variable_scope/public/config.json @@ -0,0 +1,22 @@ +{ + "public": [ + { + "evaluation_item": "完整度->单应用跟踪完整度->变量作用域->public变量", + "scene_levels": [ + { + "level": "2", + "scene_list": [ + { + "compose": "public_var_assign_001_T/public_var_assign_001_T.go && !public_var_assign_002_F/public_var_assign_002_F.go", + "scene": "Public变量赋值" + }, + { + "compose": "(public_var_cross_package_001_T/public_var_cross_package_001_T.go || public_var_cross_package_001_T/mypackage/public_var_cross_package_001_T_a.go) && !(public_var_cross_package_002_F/public_var_cross_package_002_F.go || public_var_cross_package_002_F/mypackage/public_var_cross_package_002_F_a.go)", + "scene": "Public变量跨包访问" + } + ] + } + ] + } + ] +} diff --git a/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_assign_001_T/public_var_assign_001_T.go b/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_assign_001_T/public_var_assign_001_T.go new file mode 100644 index 00000000..4218279f --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_assign_001_T/public_var_assign_001_T.go @@ -0,0 +1,33 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->变量作用域->public变量 +// scene introduction = Public变量赋值 +// level = 2 +// bind_url = completeness/single_app_tracing/variable_scope/public/public_var_assign_001_T/public_var_assign_001_T +// date = 2025-12-01 15:25:25 +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +// Public变量(首字母大写) +var PublicVar string + +func publicVarAssign_001_T(__taint_src string) { + // 场景特点:为public变量赋值 + PublicVar = __taint_src + __taint_sink(PublicVar) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + publicVarAssign_001_T(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_assign_002_F/public_var_assign_002_F.go b/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_assign_002_F/public_var_assign_002_F.go new file mode 100644 index 00000000..80103897 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_assign_002_F/public_var_assign_002_F.go @@ -0,0 +1,33 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->变量作用域->public变量 +// scene introduction = Public变量赋值 +// level = 2 +// bind_url = completeness/single_app_tracing/variable_scope/public/public_var_assign_002_F/public_var_assign_002_F +// date = 2025-12-01 15:25:25 +// evaluation information end + +package main + +import ( + "fmt" + "os/exec" +) + +// Public变量(首字母大写) +var PublicVar string + +func publicVarAssign_002_F(__taint_src string) { + // 场景特点:为public变量赋值,但不是污点数据 + PublicVar = "_" + __taint_sink(PublicVar) +} + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + publicVarAssign_002_F(__taint_src) +} diff --git a/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_cross_package_001_T/mypackage/public_var_cross_package_001_T_a.go b/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_cross_package_001_T/mypackage/public_var_cross_package_001_T_a.go new file mode 100644 index 00000000..033b9285 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_cross_package_001_T/mypackage/public_var_cross_package_001_T_a.go @@ -0,0 +1,19 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->变量作用域->public变量 +// scene introduction = Public变量跨包访问 +// level = 2 +// bind_url = completeness/single_app_tracing/variable_scope/public/public_var_cross_package_001_T/mypackage/public_var_cross_package_001_T_a +// date = 2025-12-01 15:25:25 +// evaluation information end + +package mypackage + +// Public变量(首字母大写,导出变量) +var PublicVar string + +// 为public变量赋值的函数 +func SetPublicVar(__taint_src string) { + // 场景特点:在不同包中为public变量赋值 + PublicVar = __taint_src +} diff --git a/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_cross_package_001_T/public_var_cross_package_001_T.go b/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_cross_package_001_T/public_var_cross_package_001_T.go new file mode 100644 index 00000000..0052c090 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_cross_package_001_T/public_var_cross_package_001_T.go @@ -0,0 +1,28 @@ +// evaluation information start +// real case = true +// evaluation item = 完整度->单应用跟踪完整度->变量作用域->public变量 +// scene introduction = Public变量跨包访问 +// level = 2 +// bind_url = completeness/single_app_tracing/variable_scope/public/public_var_cross_package_001_T/public_var_cross_package_001_T +// date = 2025-12-01 15:25:25 +// evaluation information end + +package main + +import ( + "ant-application-security-testing-benchmark/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_cross_package_001_T/mypackage" + "fmt" + "os/exec" +) + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + // 场景特点:在不同包中为public变量赋值 + mypackage.SetPublicVar(__taint_src) + // 场景特点:在主包中访问不同包的public变量 + __taint_sink(mypackage.PublicVar) +} diff --git a/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_cross_package_002_F/mypackage/public_var_cross_package_002_F_a.go b/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_cross_package_002_F/mypackage/public_var_cross_package_002_F_a.go new file mode 100644 index 00000000..6ccb4f72 --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_cross_package_002_F/mypackage/public_var_cross_package_002_F_a.go @@ -0,0 +1,19 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->变量作用域->public变量 +// scene introduction = Public变量跨包访问 +// level = 2 +// bind_url = completeness/single_app_tracing/variable_scope/public/public_var_cross_package_002_F/mypackage/public_var_cross_package_002_F_a +// date = 2025-12-01 15:25:25 +// evaluation information end + +package mypackage + +// Public变量(首字母大写,导出变量) +var PublicVar string + +// 为public变量赋值的函数 +func SetPublicVar(__taint_src string) { + // 场景特点:在不同包中为public变量赋值,但不是污点数据 + PublicVar = "_" +} diff --git a/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_cross_package_002_F/public_var_cross_package_002_F.go b/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_cross_package_002_F/public_var_cross_package_002_F.go new file mode 100644 index 00000000..f5f2af1f --- /dev/null +++ b/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_cross_package_002_F/public_var_cross_package_002_F.go @@ -0,0 +1,28 @@ +// evaluation information start +// real case = false +// evaluation item = 完整度->单应用跟踪完整度->变量作用域->public变量 +// scene introduction = Public变量跨包访问 +// level = 2 +// bind_url = completeness/single_app_tracing/variable_scope/public/public_var_cross_package_002_F/public_var_cross_package_002_F +// date = 2025-12-01 15:25:25 +// evaluation information end + +package main + +import ( + "ant-application-security-testing-benchmark/sast-go/cases/completeness/single_app_tracing/variable_scope/public/public_var_cross_package_002_F/mypackage" + "fmt" + "os/exec" +) + +func __taint_sink(o interface{}) { + _ = exec.Command("sh", "-c", fmt.Sprintf("%v", o)).Run() +} + +func main() { + __taint_src := "taint_src_value" + // 场景特点:在不同包中为public变量赋值 + mypackage.SetPublicVar(__taint_src) + // 场景特点:在主包中访问不同包的public变量,但污点数据未传播到该变量 + __taint_sink(mypackage.PublicVar) +} diff --git a/sast-go/cases/completeness/single_app_tracing/variable_scope/static_variable/config.json b/sast-go/cases/completeness/single_app_tracing/variable_scope/static_variable/config.json deleted file mode 100644 index e69de29b..00000000