性能用例

增加性能用例

Author: alipaydeshui

src/main/java/com/iast/astbenchmark/analyser/bean/consts/VendorEnum.java

@@ -3,7 +3,8 @@
 public enum VendorEnum {
     IAST("IAST","IAST"),
     SEEKER("SEEKER","SEEKER"),
-    DONGTAI("DONGTAI","DONGTAI")
+    DONGTAI("DONGTAI","DONGTAI"),
+    XMIRROR("XMIRROR","XMIRROR")
     ;
     private String code;
     private String description;

src/main/java/com/iast/astbenchmark/analyser/service/impl/ConfigServiceImpl.java

@@ -34,6 +34,8 @@ public String getDetection(VendorEnum vendor) {
                 return seekerDetectionPath;
             case DONGTAI:
                 return dongtaiDetectionPath;
+            case XMIRROR:
+                return xmirrorDetectionPath;
         }
         return "";
     }
@@ -49,6 +51,8 @@ public String getDetection(VendorEnum vendor) {
     private String seekerDetectionPath;
     @Value("${dongtai.detectionPath}")
     private String dongtaiDetectionPath;
+    @Value("${xmirror.detectionPath}")
+    private String xmirrorDetectionPath;
 
     @Override
     public void doChanhge(VendorEnum vendor, String path, String checkFlag) {
@@ -63,6 +67,9 @@ public void doChanhge(VendorEnum vendor, String path, String checkFlag) {
            case DONGTAI:
                dongtaiDetectionPath=path;
                break;
+          case XMIRROR:
+                xmirrorDetectionPath = path;
+               break;
        }
     }
 }

src/main/java/com/iast/astbenchmark/cases/AstPerfCase001.java

@@ -0,0 +1,129 @@
+package com.iast.astbenchmark.cases;
+
+import com.google.common.collect.Maps;
+import com.iast.astbenchmark.cases.bean.big.BigParamBean;
+import com.iast.astbenchmark.cases.bean.big.BigSizeBean;
+import com.iast.astbenchmark.common.CommonConsts;
+import com.iast.astbenchmark.common.utils.MyCommonTestUtil;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.io.IOException;
+import java.lang.reflect.Method;
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * 性能测试靶场
+ * ● 超长调用链路（污点链路长度1000）有漏洞场景，占比5%
+ * ● 大污点对象（污点对象大小超过1K）有漏洞场景，占比5%
+ * ● 多污点对象（同一个请求同时跟踪100个污点对象）有漏洞场景，占比5%
+ */
+@RestController()
+public class AstPerfCase001 {
+    /**
+     * 1 无漏洞简单场景
+     */
+    @PostMapping("case99001")
+    public Map<String,String> aTaintCase99001(@RequestParam String cmd) {
+           Map res =  Maps.newHashMap();
+           res.put(cmd,cmd);
+           return res;
+    }
+
+    /**
+     * 有漏洞简单场景（污点链路长度<10）
+     */
+    @PostMapping("case99002")
+    public Map<String,String> aTaintCase99002(@RequestParam String cmd) {
+        Map<String,String> modelMap = new HashMap<>();
+        if (cmd == null) {
+            modelMap.put("status", CommonConsts.ERROR_STR);
+            return modelMap;
+        }
+        try {
+            /** 递归10次*/
+            cmd = MyCommonTestUtil.traceDeepth(cmd, 0, 10);
+            Runtime.getRuntime().exec(cmd);
+            modelMap.put("status", CommonConsts.SUCCESS_STR);
+        } catch (IOException e) {
+            modelMap.put("status", CommonConsts.ERROR_STR);
+        }
+        return modelMap;
+    }
+
+    /**
+     * 超长调用链路（污点链路长度1000）有漏洞场景，占比5%
+     */
+    @PostMapping("case99003")
+    public Map<String,String> aTaintCase99003(@RequestParam String cmd) {
+        Map<String,String> modelMap = new HashMap<>();
+        if (cmd == null) {
+            modelMap.put("status", CommonConsts.ERROR_STR);
+            return modelMap;
+        }
+        try {
+            /** 递归1000次*/
+            cmd = MyCommonTestUtil.traceDeepth(cmd, 0, 1000);
+            Runtime.getRuntime().exec(cmd);
+            modelMap.put("status", CommonConsts.SUCCESS_STR);
+        } catch (IOException e) {
+            modelMap.put("status", CommonConsts.ERROR_STR);
+        }
+        return modelMap;
+    }
+
+    /**
+     * 大污点对象（污点对象大小超过1K）有漏洞场景
+     * @param
+     * @return
+     */
+    @PostMapping("case99004")
+    public Map<String,String> aTaintCase99004(@RequestBody BigParamBean bigParamBean) {
+
+        Map<String,String> modelMap = new HashMap<>();
+        try {
+            String exec = bigParamBean.getCmd();
+            Runtime.getRuntime().exec(exec);
+            modelMap.put("status", CommonConsts.SUCCESS_STR);
+        } catch (IOException e) {
+            modelMap.put("status", CommonConsts.ERROR_STR);
+        }
+        return modelMap;
+
+    }
+
+    /**
+     * 多污点对象（同一个请求同时跟踪100个污点对象）有漏洞场景
+     * @param
+     * @return
+     */
+    @PostMapping("case99005")
+    public Map<String,String> aTaintCase99005(@RequestBody BigSizeBean bigSizeBean) {
+        Map<String,String> modelMap = new HashMap<>();
+        try {
+            sink(1,bigSizeBean,100);
+            modelMap.put("status", CommonConsts.SUCCESS_STR);
+        } catch (Exception e) {
+            modelMap.put("status", CommonConsts.ERROR_STR);
+        }
+        return modelMap;
+    }
+    private void sink(int deep,BigSizeBean bigSizeBean,int maxDeep){
+        if(deep>=maxDeep){
+            return;
+        }
+        Method method = null;
+        try {
+            method = bigSizeBean.getClass().getMethod("getCmd"+deep);
+            String exec = (String) method.invoke(bigSizeBean);
+            Runtime.getRuntime().exec(exec);
+        } catch (Exception e){
+        }
+        deep++;
+        sink(deep,bigSizeBean,maxDeep);
+    }
+
+}

src/main/java/com/iast/astbenchmark/cases/AstTaintCase001.java

@@ -320,6 +320,7 @@ public Map<String, Object> aTaintCase008(@RequestBody SoureWithSetBean setBean)
      * @return
      */
     @PostMapping("case009/{cmd}")
+    @Deprecated
     public Map<String, Object> aTaintCase009(@PathVariable Byte cmd) {
         Map<String, Object> modelMap = new HashMap<>();
         if (cmd == null) {
@@ -343,6 +344,7 @@ public Map<String, Object> aTaintCase009(@PathVariable Byte cmd) {
      * @return
      */
     @PostMapping("case0010/{cmd}")
+    @Deprecated
     public Map<String, Object> aTaintCase0010(@PathVariable Integer cmd) {
         Map<String, Object> modelMap = new HashMap<>();
         if (cmd == null) {
@@ -366,6 +368,7 @@ public Map<String, Object> aTaintCase0010(@PathVariable Integer cmd) {
      * @return
      */
     @PostMapping("case0011/{cmd}")
+    @Deprecated
     public Map<String, Object> aTaintCase0011(@PathVariable Long cmd) {
         Map<String, Object> modelMap = new HashMap<>();
         if (cmd == null) {
@@ -388,6 +391,7 @@ public Map<String, Object> aTaintCase0011(@PathVariable Long cmd) {
      * @return
      */
     @PostMapping("case0012/{cmd}")
+    @Deprecated
     public Map<String, Object> aTaintCase0012(@PathVariable Character cmd) {
         Map<String, Object> modelMap = new HashMap<>();
         if (cmd == null) {
@@ -517,6 +521,7 @@ public Map<String, Object> aTaintCase00926(@RequestBody SourceTestObject[][] cmd
      * @return
      */
     @PostMapping("case0017")
+    @Deprecated
     public Map<String, Object> aTaintCase0017(@RequestBody String cmd) {
         Map<String, Object> modelMap = new HashMap<>();
         if (cmd == null) {
@@ -605,6 +610,7 @@ public Map<String, Object> aTaintCase0017(@RequestBody String cmd) {
     //}
 
     @PostMapping("case0021")
+    @Deprecated
     public Map<String, Object> aTaintCase0021(@RequestBody SourceTestWithMPObject cmd) {
         Map<String, Object> modelMap = new HashMap<>();
         try {
@@ -617,6 +623,7 @@ public Map<String, Object> aTaintCase0021(@RequestBody SourceTestWithMPObject cm
     }
 
     @PostMapping("case0021/2")
+    @Deprecated
     public Map<String, Object> aTaintCase0021_2(@RequestBody SourceTestWithMPObject cmd) {
         Map<String, Object> modelMap = new HashMap<>();
         try {
@@ -629,6 +636,7 @@ public Map<String, Object> aTaintCase0021_2(@RequestBody SourceTestWithMPObject
     }
 
     @PostMapping("case0021/3")
+    @Deprecated
     public Map<String, Object> aTaintCase0021_3(@RequestBody SourceTestWithMPObject cmd) {
         Map<String, Object> modelMap = new HashMap<>();
         try {
@@ -783,7 +791,7 @@ public Map<String, Object> aTaintCase00924_2(@RequestBody LayerBaseBean9 cmd) {
     public Map<String, Object> aTaintCase00924_3(@RequestBody LayerBaseBean9 cmd) {
         Map<String, Object> modelMap = new HashMap<>();
         try {
-            Runtime.getRuntime().exec(cmd.getCmda2());
+            Runtime.getRuntime().exec(cmd.getCmda9());
             modelMap.put("status", SUCCESS_STR);
         } catch (IOException e) {
             modelMap.put("status", ERROR_STR);

src/main/java/com/iast/astbenchmark/cases/AstTaintCase002.java

@@ -199,6 +199,7 @@ public Map<String, Object> aTaintCase0027(HttpServletRequest request, @RequestPa
      * @return
      */
     @PostMapping("case0028")
+    @Deprecated
     public Map<String, Object> aTaintCase0028(HttpServletRequest request) {
         Map<String, Object> modelMap = new HashMap<>();
         try {
@@ -218,6 +219,7 @@ public Map<String, Object> aTaintCase0028(HttpServletRequest request) {
      * @return
      */
     @PostMapping("case0029")
+    @Deprecated
     public Map<String, Object> aTaintCase0029(HttpServletRequest request) {
         Map<String, Object> modelMap = new HashMap<>();
         try {
@@ -237,6 +239,7 @@ public Map<String, Object> aTaintCase0029(HttpServletRequest request) {
      * @return
      */
     @PostMapping("case0030")
+    @Deprecated
     public Map<String, Object> aTaintCase0030(HttpServletRequest request) {
         Map<String, Object> modelMap = new HashMap<>();
         try {
@@ -256,6 +259,7 @@ public Map<String, Object> aTaintCase0030(HttpServletRequest request) {
      * @return
      */
     @PostMapping("case0031")
+    @Deprecated
     public Map<String, Object> aTaintCase0031(HttpServletRequest request) {
         Map<String, Object> modelMap = new HashMap<>();
         try {
@@ -275,6 +279,7 @@ public Map<String, Object> aTaintCase0031(HttpServletRequest request) {
      * @return
      */
     @PostMapping("case0032")
+    @Deprecated
     public Map<String, Object> aTaintCase0032(HttpServletRequest request) {
         Map<String, Object> modelMap = new HashMap<>();
         try {
@@ -865,6 +870,7 @@ public Map<String, Object> aTaintCase00139(HttpServletRequest request) {
      * aTaintCase0060 传播场景->运算符->赋值
      */
     @PostMapping(value = "case0060")
+    @Deprecated
     public Map<String, Object> aTaintCase0060(@RequestParam String cmd) {
         Map<String, Object> modelMap = new HashMap<>();
         try {
@@ -2107,6 +2113,7 @@ public Map<String, Object> aTaintCase00104_2(@RequestParam String cmd) {
      * aTaintCase00106 触发污点跟踪能力（sink）->sink方法特性支持->sink点污点来自固定参数
      */
     @PostMapping(value = "case00106")
+    @Deprecated
     public Map<String, Object> aTaintCase00106(@RequestParam String cmd) {
         Map<String, Object> modelMap = new HashMap<>();
         try {
@@ -2121,6 +2128,7 @@ public Map<String, Object> aTaintCase00106(@RequestParam String cmd) {
      * aTaintCase00107 触发污点跟踪能力（sink）->sink方法特性支持->sink点污点来自可变参数
      */
     @PostMapping(value = "case00107")
+    @Deprecated
     public Map<String, Object> aTaintCase00107(@RequestParam String cmd) {
         Map<String, Object> modelMap = new HashMap<>();
         try {
@@ -2137,6 +2145,7 @@ public Map<String, Object> aTaintCase00107(@RequestParam String cmd) {
      * path="/data/ls"
      */
     @PostMapping(value = "case00108")
+    @Deprecated
     public Map<String, Object> aTaintCase00108(@RequestParam String path) {
         Map<String, Object> modelMap = new HashMap<>();
         InputStream in = null;
@@ -2191,6 +2200,7 @@ public Map<String, Object> aTaintCase00110(@RequestParam String cmd1,@RequestPar
      * 从文件中读取命令，并用命令行执行
      */
     @PostMapping(value = "case00111")
+    @Deprecated
     public Map<String, Object> aTaintCase00111(@RequestParam String path) {
         Map<String, Object> modelMap = new HashMap<>();
 

src/main/java/com/iast/astbenchmark/cases/AstTaintCase004.java

@@ -801,6 +801,7 @@ public Map<String, Object> aTaintCase00947_3(@RequestParam String cmd) {
         try {
             String hardcode = "a";
             StringBuilder builder = new StringBuilder(hardcode+cmd);
+            builder.deleteCharAt(1);
             Runtime.getRuntime().exec(builder.toString());
             modelMap.put("status", CommonConsts.SUCCESS_STR);
         } catch (IOException e)  {

src/main/java/com/iast/astbenchmark/cases/bean/big/BigParamBean.java

@@ -0,0 +1,8 @@
+package com.iast.astbenchmark.cases.bean.big;
+
+import lombok.Data;
+
+@Data
+public class BigParamBean {
+    private String cmd;
+}