diff --git a/.github/workflows/generate-repository.yml b/.github/workflows/generate-repository.yml index 412aa32..c472ec5 100644 --- a/.github/workflows/generate-repository.yml +++ b/.github/workflows/generate-repository.yml @@ -4,7 +4,6 @@ on: push: branches: [ master ] pull_request: - branches: [ master ] jobs: build: @@ -14,16 +13,13 @@ jobs: steps: - name: checkout uses: actions/checkout@v2 - - name: Set up JDK 12 - uses: actions/setup-java@v1.3.0 + - name: Set up JDK, Scala, and SBT + uses: olafurpg/setup-scala@v10 with: - java-version: 12 + java-version: adopt@1.15 - name: compile, run, and test run: | - sbt run && sleep 4m & - sleep 130s - cd /tmp - git clone http://127.0.0.1:9000/benchmark42 benchmark42 - cd /tmp/benchmark42 + sbt run + cd target/benchmarks sbt compile diff --git a/.gitignore b/.gitignore index 2da52ba..487ddde 100644 --- a/.gitignore +++ b/.gitignore @@ -213,3 +213,5 @@ tags .idea/ project/metals.sbt + +.bsp/sbt.json diff --git a/.scalafmt.conf b/.scalafmt.conf new file mode 100644 index 0000000..7253c63 --- /dev/null +++ b/.scalafmt.conf @@ -0,0 +1,2 @@ +version = 2.4.2 +rewrite.rules = [ AvoidInfix, SortImports ] diff --git a/build.sbt b/build.sbt index 352142f..fb27247 100644 --- a/build.sbt +++ b/build.sbt @@ -2,7 +2,7 @@ lazy val commonSettings = Seq( version := "1.0.0-SNAPSHOT", organization := "org.combinators", - scalaVersion := "2.12.10", + scalaVersion := "2.12.13", resolvers ++= Seq( Resolver.sonatypeRepo("releases"), @@ -13,18 +13,19 @@ lazy val commonSettings = Seq( "-unchecked", "-deprecation", "-feature", - "-language:implicitConversions" + "-language:implicitConversions", + "-Ypartial-unification" ), libraryDependencies ++= Seq( "org.combinators" %% "templating" % "1.1.0", - "org.scalactic" %% "scalactic" % "3.0.1" % "test", - "org.scalatest" %% "scalatest" % "3.0.1" % "test" + "org.scalactic" %% "scalactic" % "3.2.2" % "test", + "org.scalatest" %% "scalatest" % "3.2.2" % "test" ), headerLicense := Some(HeaderLicense.Custom( """|Websecbench is a suite of web security benchmarks generated by (CL)S. - |Copyright (C) 2020 Jan Bessai and Malte Mues + |Copyright (C) 2021 Jan Bessai and Malte Mues | |This program is free software; you can redistribute it and/or |modify it under the terms of the GNU General Public License @@ -40,8 +41,12 @@ lazy val commonSettings = Seq( |along with this program; if not, write to the Free Software |Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |""".stripMargin - )) - + )), + scapegoatVersion in ThisBuild := "1.4.7", + scapegoatDisabledInspections := Seq( + "EmptyInterpolatedString", + "UnsafeTraversableMethods" + ) ) lazy val root = (Project(id = "websecbench", base = file("."))) @@ -49,10 +54,12 @@ lazy val root = (Project(id = "websecbench", base = file("."))) .settings( moduleName := "websecbench", libraryDependencies ++= Seq( - "org.combinators" %% "cls-scala" % "2.0.0+12-8d994c6b", + "org.combinators" %% "cls-scala" % "3.0.0", "org.scalameta" %% "scalameta" % "3.4.0", "org.scalameta" %% "contrib" % "3.4.0", - "org.combinators" %% "jgitserv" % "0.0.1" + "org.combinators" %% "jgitserv" % "0.0.1", + "org.typelevel" %% "cats-core" % "2.3.1", + "org.typelevel" %% "cats-effect" % "2.3.1" ) ) diff --git a/project/build.properties b/project/build.properties index 059dc1f..d18a12e 100644 --- a/project/build.properties +++ b/project/build.properties @@ -1 +1 @@ -sbt.version = 1.0.4 +sbt.version = 1.4.7 diff --git a/project/plugins.sbt b/project/plugins.sbt index b31e1af..cc5dfb3 100644 --- a/project/plugins.sbt +++ b/project/plugins.sbt @@ -1 +1,3 @@ -addSbtPlugin("de.heikoseeberger" % "sbt-header" % "5.4.0") +addSbtPlugin("de.heikoseeberger" % "sbt-header" % "5.6.0") +addSbtPlugin("com.sksamuel.scapegoat" %% "sbt-scapegoat" % "1.1.0") +addSbtPlugin("org.scalameta" % "sbt-scalafmt" % "2.4.2") diff --git a/src/main/resources/org/owasp/benchmark/helpers/Utils.java b/src/main/resources/org/owasp/benchmark/helpers/Utils.java index 580eaaa..2d63058 100644 --- a/src/main/resources/org/owasp/benchmark/helpers/Utils.java +++ b/src/main/resources/org/owasp/benchmark/helpers/Utils.java @@ -1,6 +1,6 @@ /* * Websecbench is a suite of web security benchmarks generated by (CL)S. - * Copyright (C) 2020 Jan Bessai and Malte Mues + * Copyright (C) 2021 Jan Bessai and Malte Mues * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff --git a/src/main/scala/org/combinators/websecbench/CodeGenerator.scala b/src/main/scala/org/combinators/websecbench/CodeGenerator.scala index 36d772c..cf22c27 100644 --- a/src/main/scala/org/combinators/websecbench/CodeGenerator.scala +++ b/src/main/scala/org/combinators/websecbench/CodeGenerator.scala @@ -1,6 +1,6 @@ /* * Websecbench is a suite of web security benchmarks generated by (CL)S. - * Copyright (C) 2020 Jan Bessai and Malte Mues + * Copyright (C) 2021 Jan Bessai and Malte Mues * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -28,17 +28,16 @@ import com.github.javaparser.ast.stmt.Statement import org.combinators.templating.persistable.{JavaPersistable, Persistable} import org.combinators.templating.twirl.Java -case class CodeGenerator[NodeType]( - methods: List[MethodDeclaration], - currentNode: NodeType, - toMethodBody: NodeType => Seq[Statement], - unitTests : Seq[CompilationUnit], - metaData: Seq[MetaData], - sourceData: Seq[TaintSource] +final case class CodeGenerator[NodeType]( + methods: List[MethodDeclaration], + currentNode: NodeType, + toMethodBody: NodeType => Seq[Statement], + unitTests: Seq[CompilationUnit], + metaData: Seq[MetaData], + sourceData: Seq[TaintSource] ) { def toCode(benchmarkName: String): CompilationUnit = { - Java( - s""" + Java(s""" |import javax.servlet.http.HttpServlet; |import javax.servlet.http.HttpServletRequest; |import javax.servlet.http.HttpServletResponse; @@ -58,16 +57,17 @@ case class CodeGenerator[NodeType]( } def vulnerabilityReport(benchmarkName: String): String = { - metaData.map(n =>{ - n.getTaintSources.intersect(sourceData).isEmpty match { - case true => n.makeSafe.toReportElement(benchmarkName) - case false => n.toReportElement(benchmarkName) - } - }).mkString("\n") + metaData + .map(n => { + n.getTaintSources.intersect(sourceData).isEmpty match { + case true => n.makeSafe.toReportElement(benchmarkName) + case false => n.toReportElement(benchmarkName) + } + }) + .mkString("\n") } } - object CodeGenerator { def requestExpr: Expression = Java(s"request").expression() @@ -75,9 +75,9 @@ object CodeGenerator { def responseExpr: Expression = Java(s"response").expression() - - - def compilationUnitPersistable[A](benchmarkName: String)(implicit javaPersistable: Persistable.Aux[CompilationUnit]): Persistable.Aux[CodeGenerator[A]] = + def compilationUnitPersistable[A](benchmarkName: String)( + implicit javaPersistable: Persistable.Aux[CompilationUnit] + ): Persistable.Aux[CodeGenerator[A]] = new Persistable { type T = CodeGenerator[A] def rawText(elem: CodeGenerator[A]) = @@ -87,13 +87,15 @@ object CodeGenerator { javaPersistable.path(elem.toCode(benchmarkName)) } - def vulnerabilityReportPersistable[A](benchmarkName: String): Persistable.Aux[CodeGenerator[A]] = + def vulnerabilityReportPersistable[A]( + benchmarkName: String + ): Persistable.Aux[CodeGenerator[A]] = new Persistable { type T = CodeGenerator[A] def rawText(elem: CodeGenerator[A]): Array[Byte] = elem.vulnerabilityReport(benchmarkName).getBytes(StandardCharsets.UTF_8) - def path(elem: CodeGenerator[A]): Path = + def path(elem: CodeGenerator[A]): Path = Paths.get(".", "src", "main", "reports", s"$benchmarkName.xml") } } diff --git a/src/main/scala/org/combinators/websecbench/ComponentTag.scala b/src/main/scala/org/combinators/websecbench/ComponentTag.scala index 835394f..7c98b18 100644 --- a/src/main/scala/org/combinators/websecbench/ComponentTag.scala +++ b/src/main/scala/org/combinators/websecbench/ComponentTag.scala @@ -1,6 +1,6 @@ /* * Websecbench is a suite of web security benchmarks generated by (CL)S. - * Copyright (C) 2020 Jan Bessai and Malte Mues + * Copyright (C) 2021 Jan Bessai and Malte Mues * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff --git a/src/main/scala/org/combinators/websecbench/InhabitationController.scala b/src/main/scala/org/combinators/websecbench/InhabitationController.scala index f2e9a82..7b11aa2 100644 --- a/src/main/scala/org/combinators/websecbench/InhabitationController.scala +++ b/src/main/scala/org/combinators/websecbench/InhabitationController.scala @@ -1,6 +1,6 @@ /* * Websecbench is a suite of web security benchmarks generated by (CL)S. - * Copyright (C) 2020 Jan Bessai and Malte Mues + * Copyright (C) 2021 Jan Bessai and Malte Mues * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -18,110 +18,123 @@ */ package org.combinators.websecbench -import java.nio.file.Paths - +import java.nio.file.{Files, Path, Paths} import cats.effect.{ExitCode, IO, IOApp} +import cats.implicits._ import com.github.javaparser.ast.expr.Expression import org.combinators.templating.persistable.JavaPersistable._ import org.combinators.cls.types.Type -import org.combinators.jgitserv.{BranchTransaction, GitService, ResourcePersistable} +import org.combinators.jgitserv.{BranchTransaction, ResourcePersistable} import org.combinators.templating.persistable.BundledResource import org.combinators.websecbench.SemanticTypes.JavaVoid -import org.eclipse.jgit.lib.BranchConfig -case class BenchmarkSelector( - tags: Set[ComponentTag], - targetType: Type, - maximalNumberOfResults: Int +final case class BenchmarkSelector( + tags: Set[ComponentTag], + targetType: Type, + maximalNumberOfResults: Int ) class BenchmarkController( - selectedBenchmarks: Set[BenchmarkSelector], - benchmarkName: String, - shuffleSolutions: Boolean = true, - port: Int = 9000) extends IOApp { + selectedBenchmarks: Set[BenchmarkSelector], + benchmarkName: String, + targetDirectory: Path, + shuffleSolutions: Boolean = true +) extends IOApp { lazy val buildDotSbt: BundledResource = BundledResource("/build.sbt", Paths.get("build.sbt"), getClass) lazy val owaspUtils: BundledResource = - BundledResource("/org/owasp/benchmark/helpers/Utils.java", - Paths.get("src", "main", "java", "org", "owasp", "benchmark", "helpers", "Utils.java"), - getClass) + BundledResource( + "/org/owasp/benchmark/helpers/Utils.java", + Paths.get( + "src", + "main", + "java", + "org", + "owasp", + "benchmark", + "helpers", + "Utils.java" + ), + getClass + ) lazy val storeResource = ResourcePersistable.apply - - lazy val emptyBenchmark: BranchTransaction = - BranchTransaction - .empty(benchmarkName) - .persist(buildDotSbt)(storeResource) - .persist(owaspUtils)(storeResource) - .commit("Add shared resources") + + lazy val emptyBenchmark: IO[Unit] = IO { + Files.createDirectories(targetDirectory) + storeResource.persistOverwriting(targetDirectory, buildDotSbt) + storeResource.persistOverwriting(targetDirectory, owaspUtils) + } lazy val numberFormat: String = { val maxBenchmarks = selectedBenchmarks.map(_.maximalNumberOfResults).sum - s"%0${maxBenchmarks.toString.length}d" + s"%0${maxBenchmarks.toString.length}d" } - def transactionFor(benchmarkSelector: BenchmarkSelector): Seq[Int => BranchTransaction] = { + def transactionFor( + benchmarkSelector: BenchmarkSelector + ): Seq[Int => IO[Unit]] = { val Gamma = Repository.repository(benchmarkSelector.tags) - val results = Gamma.inhabit[CodeGenerator[Expression]](benchmarkSelector.targetType) - val toStore = results.size.map(s => - Math.min(benchmarkSelector.maximalNumberOfResults, s.toInt) - ).getOrElse(benchmarkSelector.maximalNumberOfResults) + val results = + Gamma.inhabit[CodeGenerator[Expression]](benchmarkSelector.targetType) + val toStore = results.size + .map(s => Math.min(benchmarkSelector.maximalNumberOfResults, s.toInt)) + .getOrElse(benchmarkSelector.maximalNumberOfResults) - (0 until toStore).foldLeft(Seq.empty[Int => BranchTransaction]) { case (transactions, resultNumber) => - val nextTransaction = (nextNumber : Int) => { - val currentName = s"%s_$numberFormat".format(benchmarkName, nextNumber) - val storeCompilationUnit = CodeGenerator.compilationUnitPersistable[Expression](currentName) - val storeVulnerabilityReport = CodeGenerator.vulnerabilityReportPersistable[Expression](currentName) - val result = results.interpretedTerms.index(BigInt(resultNumber)) - BranchTransaction - .checkout(benchmarkName) - .persist(result)(storeCompilationUnit) - .persist(result)(storeVulnerabilityReport) - .commit(s"Add benchmark ${currentName}") - } - nextTransaction +: transactions + (0 until toStore).foldLeft(Seq.empty[Int => IO[Unit]]) { + case (transactions, resultNumber) => + val nextTransaction = (nextNumber: Int) => { + val currentName = + s"%s_$numberFormat".format(benchmarkName, nextNumber) + val storeCompilationUnit = + CodeGenerator.compilationUnitPersistable[Expression](currentName) + val storeVulnerabilityReport = CodeGenerator + .vulnerabilityReportPersistable[Expression](currentName) + val result = results.interpretedTerms.index(BigInt(resultNumber)) + IO[Unit] { + storeCompilationUnit.persistOverwriting(targetDirectory, result) + storeVulnerabilityReport.persistOverwriting(targetDirectory, result) + } + } + nextTransaction +: transactions } } - - def computeTransactions: Seq[BranchTransaction] = { + + def computeTransactions: Seq[IO[Unit]] = { val transactions = selectedBenchmarks.toSeq.flatMap(transactionFor) val suffledTransactions = if (shuffleSolutions) scala.util.Random.shuffle(transactions) else transactions emptyBenchmark +: - suffledTransactions - .zipWithIndex - .map { case (transaction, number) => transaction(number) } + suffledTransactions.zipWithIndex + .map { case (transaction, number) => transaction(number) } } def run(args: List[String]): IO[ExitCode] = { for { - _ <- IO { println(s"Computing solutions") } + _ <- IO { println("Computing solutions") } transactions = computeTransactions - _ <- IO { println(s"Use: git clone http://127.0.0.1:${port}/$benchmarkName $benchmarkName") } - exitCode <- new GitService(transactions, benchmarkName, port).run(args) - } yield exitCode + _ <- transactions.toList.sequence + } yield ExitCode.Success } } object Benchmark42 - extends BenchmarkController( - Set( - BenchmarkSelector( - tags = Set( - ComponentTag.FileIO, - ComponentTag.Process, - ComponentTag.ReadFromRequest, - ComponentTag.DatabaseIO - ), - targetType = JavaVoid, - maximalNumberOfResults = 100 - ) - ), - benchmarkName = "benchmark42", - shuffleSolutions = false - ) - - + extends BenchmarkController( + Set( + BenchmarkSelector( + tags = Set( + ComponentTag.FileIO, + ComponentTag.Process, + ComponentTag.ReadFromRequest, + ComponentTag.DatabaseIO + ), + targetType = JavaVoid, + maximalNumberOfResults = 100 + ) + ), + benchmarkName = "benchmark42", + targetDirectory = Paths.get("target", "benchmarks"), + shuffleSolutions = false + ) diff --git a/src/main/scala/org/combinators/websecbench/MetaData.scala b/src/main/scala/org/combinators/websecbench/MetaData.scala index ae8aa96..ce4361b 100644 --- a/src/main/scala/org/combinators/websecbench/MetaData.scala +++ b/src/main/scala/org/combinators/websecbench/MetaData.scala @@ -1,6 +1,6 @@ /* * Websecbench is a suite of web security benchmarks generated by (CL)S. - * Copyright (C) 2020 Jan Bessai and Malte Mues + * Copyright (C) 2021 Jan Bessai and Malte Mues * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -23,10 +23,11 @@ trait MetaData { def toReportElement(testNumber: String): String def getTaintSources: Seq[TaintSource] - def makeSafe:MetaData + def makeSafe: MetaData } -case class PathTraversalVulnerability(isVulnerable: Boolean) extends MetaData { +final case class PathTraversalVulnerability(isVulnerable: Boolean) + extends MetaData { def toReportElement(testNumber: String): String = { s""" | @@ -39,12 +40,13 @@ case class PathTraversalVulnerability(isVulnerable: Boolean) extends MetaData { |""".stripMargin } - override def getTaintSources = Seq(UncheckedString()) + override def getTaintSources = Seq(UncheckedString) override def makeSafe: MetaData = PathTraversalVulnerability(false) } -case class SQLInjectionVulnerability(isVulnerable: Boolean) extends MetaData { +final case class SQLInjectionVulnerability(isVulnerable: Boolean) + extends MetaData { def toReportElement(testNumber: String): String = { s""" | @@ -57,12 +59,12 @@ case class SQLInjectionVulnerability(isVulnerable: Boolean) extends MetaData { |""".stripMargin } - override def getTaintSources = Seq(UncheckedString()) + override def getTaintSources = Seq(UncheckedString) override def makeSafe: MetaData = SQLInjectionVulnerability(false) } trait TaintSource -case class UncheckedString() extends TaintSource -case class StaticString() extends TaintSource +case object UncheckedString extends TaintSource +case object StaticString extends TaintSource diff --git a/src/main/scala/org/combinators/websecbench/Repository.scala b/src/main/scala/org/combinators/websecbench/Repository.scala index 1b583e1..8fd32a5 100644 --- a/src/main/scala/org/combinators/websecbench/Repository.scala +++ b/src/main/scala/org/combinators/websecbench/Repository.scala @@ -1,6 +1,6 @@ /* * Websecbench is a suite of web security benchmarks generated by (CL)S. - * Copyright (C) 2020 Jan Bessai and Malte Mues + * Copyright (C) 2021 Jan Bessai and Malte Mues * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -23,7 +23,6 @@ import com.github.javaparser.ast.expr.Expression import org.combinators.cls.interpreter.{InhabitationResult, ReflectedRepository} import org.combinators.cls.types.Type - object Repository { val components: Seq[TaggedComponent] = Seq( @@ -33,11 +32,21 @@ object Repository { databaseinteraction.components ).flatten - def repository(componentTags: Set[ComponentTag]): ReflectedRepository[Repository.type] = { - val selectedComponents = components.filter(comp => comp.tags.intersect(componentTags).nonEmpty) + def repository( + componentTags: Set[ComponentTag] + ): ReflectedRepository[Repository.type] = { + val selectedComponents = + components.filter(comp => comp.tags.intersect(componentTags).nonEmpty) - selectedComponents.foldLeft(ReflectedRepository(this, classLoader = getClass.getClassLoader,substitutionSpace = SemanticTypes.kinding)) { case (repo, component) => - component.addToRepository(repo) + selectedComponents.foldLeft( + ReflectedRepository( + this, + classLoader = getClass.getClassLoader, + substitutionSpace = SemanticTypes.kinding + ) + ) { + case (repo, component) => + component.addToRepository(repo) } } } diff --git a/src/main/scala/org/combinators/websecbench/SemanticTypes.scala b/src/main/scala/org/combinators/websecbench/SemanticTypes.scala index 12b38a7..0de289c 100644 --- a/src/main/scala/org/combinators/websecbench/SemanticTypes.scala +++ b/src/main/scala/org/combinators/websecbench/SemanticTypes.scala @@ -1,6 +1,6 @@ /* * Websecbench is a suite of web security benchmarks generated by (CL)S. - * Copyright (C) 2020 Jan Bessai and Malte Mues + * Copyright (C) 2021 Jan Bessai and Malte Mues * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -33,7 +33,6 @@ object SemanticTypes { val Encoded: Type = Constructor("Encoded") val JavaSQL: Type = Constructor("JavaSQL"); - val UsageStatus: Variable= Variable("streamStatus") + val UsageStatus: Variable = Variable("streamStatus") val kinding = Kinding(UsageStatus).addOption(Used).addOption(Unused) } - diff --git a/src/main/scala/org/combinators/websecbench/TaggedComponent.scala b/src/main/scala/org/combinators/websecbench/TaggedComponent.scala index 617bfa5..9497bcf 100644 --- a/src/main/scala/org/combinators/websecbench/TaggedComponent.scala +++ b/src/main/scala/org/combinators/websecbench/TaggedComponent.scala @@ -1,6 +1,6 @@ /* * Websecbench is a suite of web security benchmarks generated by (CL)S. - * Copyright (C) 2020 Jan Bessai and Malte Mues + * Copyright (C) 2021 Jan Bessai and Malte Mues * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -23,5 +23,7 @@ import org.combinators.cls.interpreter.ReflectedRepository trait TaggedComponent { val tags: Set[ComponentTag] - def addToRepository(repository: ReflectedRepository[Repository.type]): ReflectedRepository[Repository.type] + def addToRepository( + repository: ReflectedRepository[Repository.type] + ): ReflectedRepository[Repository.type] } diff --git a/src/main/scala/org/combinators/websecbench/databaseinteraction/ReadFromDatabase.scala b/src/main/scala/org/combinators/websecbench/databaseinteraction/ReadFromDatabase.scala index eddd50c..3370115 100644 --- a/src/main/scala/org/combinators/websecbench/databaseinteraction/ReadFromDatabase.scala +++ b/src/main/scala/org/combinators/websecbench/databaseinteraction/ReadFromDatabase.scala @@ -1,6 +1,6 @@ /* * Websecbench is a suite of web security benchmarks generated by (CL)S. - * Copyright (C) 2020 Jan Bessai and Malte Mues + * Copyright (C) 2021 Jan Bessai and Malte Mues * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -23,17 +23,21 @@ import com.github.javaparser.ast.body.MethodDeclaration import com.github.javaparser.ast.expr.Expression import org.combinators.cls.interpreter.ReflectedRepository import org.combinators.templating.twirl.Java -import org.combinators.websecbench.{CodeGenerator, ComponentTag, Repository, SQLInjectionVulnerability, TaggedComponent} +import org.combinators.websecbench.{ + CodeGenerator, + ComponentTag, + Repository, + SQLInjectionVulnerability, + TaggedComponent +} import org.combinators.websecbench.SemanticTypes.{JavaSQL, JavaString, JavaVoid} import org.combinators.cls.types.syntax._ -object ReadFromDatabase extends TaggedComponent{ +object ReadFromDatabase extends TaggedComponent { override val tags: Set[ComponentTag] = Set(ComponentTag.DatabaseIO) - val readFromDatabase: MethodDeclaration = { - Java( - s""" + Java(s""" |private void readFromDatabase(String sql, HttpServletResponse response) { | try { | java.sql.Connection connection = org.owasp.benchmark.helpers.DatabaseHelper.getSqlConnection(); @@ -53,12 +57,15 @@ object ReadFromDatabase extends TaggedComponent{ def apply(sql: CodeGenerator[Expression]): CodeGenerator[Expression] = { sql.copy( methods = readFromDatabase +: sql.methods, - currentNode = Java(s"readFromDatabase(${sql.currentNode}, ${CodeGenerator.responseExpr})").expression[Expression](), + currentNode = Java( + s"readFromDatabase(${sql.currentNode}, ${CodeGenerator.responseExpr})" + ).expression[Expression](), metaData = sql.metaData :+ SQLInjectionVulnerability(true) - ) + ) } val semanticType = JavaSQL :&: JavaString =>: JavaVoid - override def addToRepository(repository: ReflectedRepository[Repository.type]) - : ReflectedRepository[Repository.type] = repository.addCombinator(this) + override def addToRepository( + repository: ReflectedRepository[Repository.type] + ): ReflectedRepository[Repository.type] = repository.addCombinator(this) } diff --git a/src/main/scala/org/combinators/websecbench/databaseinteraction/package.scala b/src/main/scala/org/combinators/websecbench/databaseinteraction/package.scala index a41a905..623c1a1 100644 --- a/src/main/scala/org/combinators/websecbench/databaseinteraction/package.scala +++ b/src/main/scala/org/combinators/websecbench/databaseinteraction/package.scala @@ -1,6 +1,6 @@ /* * Websecbench is a suite of web security benchmarks generated by (CL)S. - * Copyright (C) 2020 Jan Bessai and Malte Mues + * Copyright (C) 2021 Jan Bessai and Malte Mues * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -23,5 +23,5 @@ package object databaseinteraction { val components: Seq[TaggedComponent] = Seq( ReadFromDatabase - ) + ) } diff --git a/src/main/scala/org/combinators/websecbench/iointeraction/CloseInputStream.scala b/src/main/scala/org/combinators/websecbench/iointeraction/CloseInputStream.scala index ffb8067..d9907f9 100644 --- a/src/main/scala/org/combinators/websecbench/iointeraction/CloseInputStream.scala +++ b/src/main/scala/org/combinators/websecbench/iointeraction/CloseInputStream.scala @@ -1,6 +1,6 @@ /* * Websecbench is a suite of web security benchmarks generated by (CL)S. - * Copyright (C) 2020 Jan Bessai and Malte Mues + * Copyright (C) 2021 Jan Bessai and Malte Mues * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -23,17 +23,21 @@ import com.github.javaparser.ast.body.MethodDeclaration import com.github.javaparser.ast.expr.Expression import org.combinators.cls.interpreter.ReflectedRepository import org.combinators.templating.twirl.Java -import org.combinators.websecbench.{CodeGenerator, ComponentTag, Repository, TaggedComponent} +import org.combinators.websecbench.{ + CodeGenerator, + ComponentTag, + Repository, + TaggedComponent +} import org.combinators.websecbench.SemanticTypes.JavaInputStream import org.combinators.websecbench.SemanticTypes.JavaVoid -import org.combinators.websecbench.SemanticTypes.{Used, Unused, UsageStatus} +import org.combinators.websecbench.SemanticTypes.{Unused, UsageStatus, Used} import org.combinators.cls.types.syntax._ object CloseInputStream extends TaggedComponent { - val tags = Set(ComponentTag.FileIO) - val closeInputStream: MethodDeclaration = { - Java( - s""" + val tags = Set(ComponentTag.FileIO) + val closeInputStream: MethodDeclaration = { + Java(s""" |private void closeInputStream(java.io.InputStream is) { | try { | if(is != null) { @@ -44,17 +48,23 @@ object CloseInputStream extends TaggedComponent { | } |} |""".stripMargin).methodDeclarations().head - } + } - def apply(inputStreamGenerator: CodeGenerator[Expression]): CodeGenerator[Expression] = { - inputStreamGenerator.copy( - methods = closeInputStream +: inputStreamGenerator.methods, - currentNode = Java(s"closeInputStream(${inputStreamGenerator.currentNode})").expression[Expression]() - ) - } + def apply( + inputStreamGenerator: CodeGenerator[Expression] + ): CodeGenerator[Expression] = { + inputStreamGenerator.copy( + methods = closeInputStream +: inputStreamGenerator.methods, + currentNode = Java( + s"closeInputStream(${inputStreamGenerator.currentNode})" + ).expression[Expression]() + ) + } - val semanticType = JavaInputStream(Used) =>: JavaVoid + val semanticType = JavaInputStream(Used) =>: JavaVoid - def addToRepository(repository: ReflectedRepository[Repository.type]): ReflectedRepository[Repository.type] = - repository.addCombinator(this) + def addToRepository( + repository: ReflectedRepository[Repository.type] + ): ReflectedRepository[Repository.type] = + repository.addCombinator(this) } diff --git a/src/main/scala/org/combinators/websecbench/iointeraction/CloseOutputStream.scala b/src/main/scala/org/combinators/websecbench/iointeraction/CloseOutputStream.scala index 0e94b8a..1c02be4 100644 --- a/src/main/scala/org/combinators/websecbench/iointeraction/CloseOutputStream.scala +++ b/src/main/scala/org/combinators/websecbench/iointeraction/CloseOutputStream.scala @@ -1,6 +1,6 @@ /* * Websecbench is a suite of web security benchmarks generated by (CL)S. - * Copyright (C) 2020 Jan Bessai and Malte Mues + * Copyright (C) 2021 Jan Bessai and Malte Mues * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -23,14 +23,23 @@ import com.github.javaparser.ast.expr.Expression import org.combinators.cls.interpreter.ReflectedRepository import org.combinators.cls.types.syntax._ import org.combinators.templating.twirl.Java -import org.combinators.websecbench.{CodeGenerator, ComponentTag, Repository, TaggedComponent} -import org.combinators.websecbench.SemanticTypes.{JavaOutputStream, JavaVoid, Unused, UsageStatus} +import org.combinators.websecbench.{ + CodeGenerator, + ComponentTag, + Repository, + TaggedComponent +} +import org.combinators.websecbench.SemanticTypes.{ + JavaOutputStream, + JavaVoid, + Unused, + UsageStatus +} object CloseOutputStream extends TaggedComponent { val tags = Set(ComponentTag.FileIO) val closeInputStream: MethodDeclaration = { - Java( - s""" + Java(s""" |private void closeOutputStream(java.io.OutputStream os) { | try { | if(os != null) { @@ -43,15 +52,21 @@ object CloseOutputStream extends TaggedComponent { |""".stripMargin).methodDeclarations().head } - def apply(inputStreamGenerator: CodeGenerator[Expression]): CodeGenerator[Expression] = { + def apply( + inputStreamGenerator: CodeGenerator[Expression] + ): CodeGenerator[Expression] = { inputStreamGenerator.copy( methods = closeInputStream +: inputStreamGenerator.methods, - currentNode = Java(s"closeOutputStream(${inputStreamGenerator.currentNode})").expression[Expression]() - ) + currentNode = Java( + s"closeOutputStream(${inputStreamGenerator.currentNode})" + ).expression[Expression]() + ) } - - val semanticType = JavaOutputStream(UsageStatus) =>: JavaVoid - def addToRepository(repository: ReflectedRepository[Repository.type]): ReflectedRepository[Repository.type] = + val semanticType = JavaOutputStream(UsageStatus) =>: JavaVoid + + def addToRepository( + repository: ReflectedRepository[Repository.type] + ): ReflectedRepository[Repository.type] = repository.addCombinator(this) } diff --git a/src/main/scala/org/combinators/websecbench/iointeraction/CreateFileInputStream.scala b/src/main/scala/org/combinators/websecbench/iointeraction/CreateFileInputStream.scala index c967a5c..fcefada 100644 --- a/src/main/scala/org/combinators/websecbench/iointeraction/CreateFileInputStream.scala +++ b/src/main/scala/org/combinators/websecbench/iointeraction/CreateFileInputStream.scala @@ -1,6 +1,6 @@ /* * Websecbench is a suite of web security benchmarks generated by (CL)S. - * Copyright (C) 2020 Jan Bessai and Malte Mues + * Copyright (C) 2021 Jan Bessai and Malte Mues * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -24,15 +24,24 @@ import com.github.javaparser.ast.expr.Expression import org.combinators.cls.interpreter.ReflectedRepository import org.combinators.cls.types.syntax._ import org.combinators.templating.twirl.Java -import org.combinators.websecbench.{CodeGenerator, ComponentTag, PathTraversalVulnerability, Repository, TaggedComponent} -import org.combinators.websecbench.SemanticTypes.{JavaFilename, JavaInputStream, Unused} +import org.combinators.websecbench.{ + CodeGenerator, + ComponentTag, + PathTraversalVulnerability, + Repository, + TaggedComponent +} +import org.combinators.websecbench.SemanticTypes.{ + JavaFilename, + JavaInputStream, + Unused +} object CreateFileInputStream extends TaggedComponent { val tags = Set(ComponentTag.FileIO) val createFileInputStream: MethodDeclaration = { - Java( - s""" + Java(s""" |public java.io.InputStream openFileInputStream(String filename, HttpServletResponse response) throws java.io.IOException { | try { | java.io.FileInputStream fis = null; @@ -56,13 +65,17 @@ object CreateFileInputStream extends TaggedComponent { def apply(fileName: CodeGenerator[Expression]): CodeGenerator[Expression] = { fileName.copy( methods = createFileInputStream +: fileName.methods, - currentNode = Java(s"openFileInputStream(${fileName.currentNode}, ${CodeGenerator.responseExpr})").expression[Expression](), - metaData = fileName.metaData :+ PathTraversalVulnerability(true) - ) + currentNode = Java( + s"openFileInputStream(${fileName.currentNode}, ${CodeGenerator.responseExpr})" + ).expression[Expression](), + metaData = fileName.metaData :+ PathTraversalVulnerability(true) + ) } val semanticType = JavaFilename =>: JavaInputStream(Unused) - def addToRepository(repository: ReflectedRepository[Repository.type]): ReflectedRepository[Repository.type] = + def addToRepository( + repository: ReflectedRepository[Repository.type] + ): ReflectedRepository[Repository.type] = repository.addCombinator(this) } diff --git a/src/main/scala/org/combinators/websecbench/iointeraction/CreateFileOutputStream.scala b/src/main/scala/org/combinators/websecbench/iointeraction/CreateFileOutputStream.scala index f0aa085..49adcc3 100644 --- a/src/main/scala/org/combinators/websecbench/iointeraction/CreateFileOutputStream.scala +++ b/src/main/scala/org/combinators/websecbench/iointeraction/CreateFileOutputStream.scala @@ -1,6 +1,6 @@ /* * Websecbench is a suite of web security benchmarks generated by (CL)S. - * Copyright (C) 2020 Jan Bessai and Malte Mues + * Copyright (C) 2021 Jan Bessai and Malte Mues * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -24,15 +24,24 @@ import com.github.javaparser.ast.expr.Expression import org.combinators.cls.interpreter.ReflectedRepository import org.combinators.cls.types.syntax._ import org.combinators.templating.twirl.Java -import org.combinators.websecbench.{CodeGenerator, ComponentTag, PathTraversalVulnerability, Repository, TaggedComponent} -import org.combinators.websecbench.SemanticTypes.{JavaFilename, JavaOutputStream, Unused} +import org.combinators.websecbench.{ + CodeGenerator, + ComponentTag, + PathTraversalVulnerability, + Repository, + TaggedComponent +} +import org.combinators.websecbench.SemanticTypes.{ + JavaFilename, + JavaOutputStream, + Unused +} -object CreateFileOutputStream extends TaggedComponent{ +object CreateFileOutputStream extends TaggedComponent { val tags = Set(ComponentTag.FileIO) val createFileInputStream: MethodDeclaration = { - Java( - s""" + Java(s""" |public java.io.FileOutputStream openFileOutputStream(String fileName, HttpServletResponse response) throws java.io.IOException { | java.io.FileOutputStream fos = null; | try { @@ -53,13 +62,17 @@ object CreateFileOutputStream extends TaggedComponent{ def apply(fileName: CodeGenerator[Expression]): CodeGenerator[Expression] = { fileName.copy( methods = createFileInputStream +: fileName.methods, - currentNode = Java(s"openFileOutputStream(${fileName.currentNode}, ${CodeGenerator.responseExpr})").expression[Expression](), - metaData = fileName.metaData :+ PathTraversalVulnerability(true) - ) + currentNode = Java( + s"openFileOutputStream(${fileName.currentNode}, ${CodeGenerator.responseExpr})" + ).expression[Expression](), + metaData = fileName.metaData :+ PathTraversalVulnerability(true) + ) } val semanticType = JavaFilename =>: JavaOutputStream(Unused) - def addToRepository(repository: ReflectedRepository[Repository.type]): ReflectedRepository[Repository.type] = + def addToRepository( + repository: ReflectedRepository[Repository.type] + ): ReflectedRepository[Repository.type] = repository.addCombinator(this) } diff --git a/src/main/scala/org/combinators/websecbench/iointeraction/ReadFromInputStream.scala b/src/main/scala/org/combinators/websecbench/iointeraction/ReadFromInputStream.scala index dd14ba3..0ff1909 100644 --- a/src/main/scala/org/combinators/websecbench/iointeraction/ReadFromInputStream.scala +++ b/src/main/scala/org/combinators/websecbench/iointeraction/ReadFromInputStream.scala @@ -1,6 +1,6 @@ /* * Websecbench is a suite of web security benchmarks generated by (CL)S. - * Copyright (C) 2020 Jan Bessai and Malte Mues + * Copyright (C) 2021 Jan Bessai and Malte Mues * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -24,17 +24,21 @@ import com.github.javaparser.ast.expr.Expression import org.combinators.cls.interpreter.ReflectedRepository import org.combinators.cls.types.Type import org.combinators.templating.twirl.Java -import org.combinators.websecbench.{CodeGenerator, ComponentTag, Repository, TaggedComponent} +import org.combinators.websecbench.{ + CodeGenerator, + ComponentTag, + Repository, + TaggedComponent +} import org.combinators.websecbench.SemanticTypes.JavaInputStream -import org.combinators.websecbench.SemanticTypes.{Used, Unused} +import org.combinators.websecbench.SemanticTypes.{Unused, Used} import org.combinators.cls.types.syntax._ object ReadFromInputStream extends TaggedComponent { val tags = Set(ComponentTag.FileIO) val readFromInputStream: MethodDeclaration = { - Java( - s""" + Java(s""" |private java.io.InputStream readFromInputStream(java.io.InputStream is, HttpServletResponse response) throws java.io.IOException { | try { | byte[] b = new byte[1000]; @@ -61,12 +65,16 @@ object ReadFromInputStream extends TaggedComponent { def apply(fileName: CodeGenerator[Expression]): CodeGenerator[Expression] = { fileName.copy( methods = readFromInputStream +: fileName.methods, - currentNode = Java(s"readFromInputStream(${fileName.currentNode}, ${CodeGenerator.responseExpr})").expression() + currentNode = Java( + s"readFromInputStream(${fileName.currentNode}, ${CodeGenerator.responseExpr})" + ).expression() ) } val semanticType: Type = JavaInputStream(Unused) =>: JavaInputStream(Used) - def addToRepository(repository: ReflectedRepository[Repository.type]): ReflectedRepository[Repository.type] = + def addToRepository( + repository: ReflectedRepository[Repository.type] + ): ReflectedRepository[Repository.type] = repository.addCombinator(this) } diff --git a/src/main/scala/org/combinators/websecbench/iointeraction/package.scala b/src/main/scala/org/combinators/websecbench/iointeraction/package.scala index 7d0a02b..df6ce6c 100644 --- a/src/main/scala/org/combinators/websecbench/iointeraction/package.scala +++ b/src/main/scala/org/combinators/websecbench/iointeraction/package.scala @@ -1,6 +1,6 @@ /* * Websecbench is a suite of web security benchmarks generated by (CL)S. - * Copyright (C) 2020 Jan Bessai and Malte Mues + * Copyright (C) 2021 Jan Bessai and Malte Mues * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff --git a/src/main/scala/org/combinators/websecbench/processing/AttachDirectoryName.scala b/src/main/scala/org/combinators/websecbench/processing/AttachDirectoryName.scala index 3aa7da7..c9c6136 100644 --- a/src/main/scala/org/combinators/websecbench/processing/AttachDirectoryName.scala +++ b/src/main/scala/org/combinators/websecbench/processing/AttachDirectoryName.scala @@ -1,6 +1,6 @@ /* * Websecbench is a suite of web security benchmarks generated by (CL)S. - * Copyright (C) 2020 Jan Bessai and Malte Mues + * Copyright (C) 2021 Jan Bessai and Malte Mues * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -23,7 +23,12 @@ import com.github.javaparser.ast.body.MethodDeclaration import com.github.javaparser.ast.expr.Expression import org.combinators.cls.interpreter.ReflectedRepository import org.combinators.templating.twirl.Java -import org.combinators.websecbench.{CodeGenerator, ComponentTag, Repository, TaggedComponent} +import org.combinators.websecbench.{ + CodeGenerator, + ComponentTag, + Repository, + TaggedComponent +} import org.combinators.cls.types.syntax._ import org.combinators.websecbench.SemanticTypes._ @@ -31,8 +36,7 @@ object AttachDirectoryName extends TaggedComponent { val tags = Set(ComponentTag.Process) val relativeToBenchmarkDir: MethodDeclaration = { - Java( - s""" + Java(s""" |public String relativeToBenchmarkDir(String filename) { | return org.owasp.benchmark.helpers.Utils.testfileDir + filename; |} @@ -42,12 +46,15 @@ object AttachDirectoryName extends TaggedComponent { def apply(fileName: CodeGenerator[Expression]): CodeGenerator[Expression] = { fileName.copy( methods = relativeToBenchmarkDir +: fileName.methods, - currentNode = Java(s"relativeToBenchmarkDir(${fileName.currentNode})").expression[Expression]() + currentNode = Java(s"relativeToBenchmarkDir(${fileName.currentNode})") + .expression[Expression]() ) } val semanticType = JavaString =>: JavaFilename - def addToRepository(repository: ReflectedRepository[Repository.type]): ReflectedRepository[Repository.type] = + def addToRepository( + repository: ReflectedRepository[Repository.type] + ): ReflectedRepository[Repository.type] = repository.addCombinator(this) } diff --git a/src/main/scala/org/combinators/websecbench/processing/CreateSQLQuery1.scala b/src/main/scala/org/combinators/websecbench/processing/CreateSQLQuery1.scala index 109a546..83d7130 100644 --- a/src/main/scala/org/combinators/websecbench/processing/CreateSQLQuery1.scala +++ b/src/main/scala/org/combinators/websecbench/processing/CreateSQLQuery1.scala @@ -1,6 +1,6 @@ /* * Websecbench is a suite of web security benchmarks generated by (CL)S. - * Copyright (C) 2020 Jan Bessai and Malte Mues + * Copyright (C) 2021 Jan Bessai and Malte Mues * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -23,11 +23,17 @@ import com.github.javaparser.ast.body.MethodDeclaration import com.github.javaparser.ast.expr.Expression import org.combinators.cls.interpreter.ReflectedRepository import org.combinators.templating.twirl.Java -import org.combinators.websecbench.{CodeGenerator, ComponentTag, MetaData, PathTraversalVulnerability, Repository, TaggedComponent} +import org.combinators.websecbench.{ + CodeGenerator, + ComponentTag, + MetaData, + PathTraversalVulnerability, + Repository, + TaggedComponent +} import org.combinators.cls.types.syntax._ import org.combinators.websecbench.SemanticTypes._ - object CreateSQLQuery1 extends TaggedComponent { val tags = Set(ComponentTag.Process) @@ -44,13 +50,13 @@ object CreateSQLQuery1 extends TaggedComponent { methods = relativeToBenchmarkDir +: fileName.methods, currentNode = Java(s"createSQLQuery(${fileName.currentNode})") .expression[Expression]() - ) + ) } val semanticType = JavaString :&: Decoded =>: JavaSQL def addToRepository( - repository: ReflectedRepository[Repository.type] - ): ReflectedRepository[Repository.type] = + repository: ReflectedRepository[Repository.type] + ): ReflectedRepository[Repository.type] = repository.addCombinator(this) } diff --git a/src/main/scala/org/combinators/websecbench/processing/ReplaceFilenameWithStaticString.scala b/src/main/scala/org/combinators/websecbench/processing/ReplaceFilenameWithStaticString.scala index 71b5de3..1c2b80e 100644 --- a/src/main/scala/org/combinators/websecbench/processing/ReplaceFilenameWithStaticString.scala +++ b/src/main/scala/org/combinators/websecbench/processing/ReplaceFilenameWithStaticString.scala @@ -1,6 +1,6 @@ /* * Websecbench is a suite of web security benchmarks generated by (CL)S. - * Copyright (C) 2020 Jan Bessai and Malte Mues + * Copyright (C) 2021 Jan Bessai and Malte Mues * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -22,12 +22,22 @@ package org.combinators.websecbench.processing import com.github.javaparser.ast.body.MethodDeclaration import com.github.javaparser.ast.expr.Expression import org.combinators.cls.interpreter.ReflectedRepository +import org.combinators.cls.types.Type import org.combinators.templating.twirl.Java -import org.combinators.websecbench.{CodeGenerator, ComponentTag, MetaData, PathTraversalVulnerability, Repository, StaticString, TaggedComponent, TaintSource, UncheckedString} +import org.combinators.websecbench.{ + CodeGenerator, + ComponentTag, + MetaData, + PathTraversalVulnerability, + Repository, + StaticString, + TaggedComponent, + TaintSource, + UncheckedString +} import org.combinators.cls.types.syntax._ import org.combinators.websecbench.SemanticTypes._ - object ReplaceFilenameWithStaticString extends TaggedComponent { val tags = Set(ComponentTag.Process) @@ -46,17 +56,17 @@ object ReplaceFilenameWithStaticString extends TaggedComponent { methods = relativeToBenchmarkDir +: fileName.methods, currentNode = Java(s"relativeToBenchmarkDir(${fileName.currentNode})") .expression[Expression](), - sourceData = fileName.sourceData.map{ - case UncheckedString() => StaticString() - case x:TaintSource => x + sourceData = fileName.sourceData.map { + case UncheckedString => StaticString + case x: TaintSource => x } ) } - val semanticType = JavaString =>: JavaFilename + val semanticType: Type = JavaString =>: JavaFilename def addToRepository( - repository: ReflectedRepository[Repository.type] + repository: ReflectedRepository[Repository.type] ): ReflectedRepository[Repository.type] = repository.addCombinator(this) } diff --git a/src/main/scala/org/combinators/websecbench/processing/URLDecoder.scala b/src/main/scala/org/combinators/websecbench/processing/URLDecoder.scala index aa7d03b..e3a8ca4 100644 --- a/src/main/scala/org/combinators/websecbench/processing/URLDecoder.scala +++ b/src/main/scala/org/combinators/websecbench/processing/URLDecoder.scala @@ -1,6 +1,6 @@ /* * Websecbench is a suite of web security benchmarks generated by (CL)S. - * Copyright (C) 2020 Jan Bessai and Malte Mues + * Copyright (C) 2021 Jan Bessai and Malte Mues * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -23,11 +23,17 @@ import com.github.javaparser.ast.body.MethodDeclaration import com.github.javaparser.ast.expr.Expression import org.combinators.cls.interpreter.ReflectedRepository import org.combinators.templating.twirl.Java -import org.combinators.websecbench.{CodeGenerator, ComponentTag, MetaData, PathTraversalVulnerability, Repository, TaggedComponent} +import org.combinators.websecbench.{ + CodeGenerator, + ComponentTag, + MetaData, + PathTraversalVulnerability, + Repository, + TaggedComponent +} import org.combinators.cls.types.syntax._ import org.combinators.websecbench.SemanticTypes._ - object URLDecoder extends TaggedComponent { val tags = Set(ComponentTag.Process) @@ -44,13 +50,13 @@ object URLDecoder extends TaggedComponent { methods = relativeToBenchmarkDir +: fileName.methods, currentNode = Java(s"urlDecoding(${fileName.currentNode})") .expression[Expression]() - ) + ) } val semanticType = JavaString :&: Encoded =>: JavaString :&: Decoded def addToRepository( - repository: ReflectedRepository[Repository.type] - ): ReflectedRepository[Repository.type] = + repository: ReflectedRepository[Repository.type] + ): ReflectedRepository[Repository.type] = repository.addCombinator(this) } diff --git a/src/main/scala/org/combinators/websecbench/processing/package.scala b/src/main/scala/org/combinators/websecbench/processing/package.scala index 3c75bc5..c0f2acc 100644 --- a/src/main/scala/org/combinators/websecbench/processing/package.scala +++ b/src/main/scala/org/combinators/websecbench/processing/package.scala @@ -1,6 +1,6 @@ /* * Websecbench is a suite of web security benchmarks generated by (CL)S. - * Copyright (C) 2020 Jan Bessai and Malte Mues + * Copyright (C) 2021 Jan Bessai and Malte Mues * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff --git a/src/main/scala/org/combinators/websecbench/request/GetCookie.scala b/src/main/scala/org/combinators/websecbench/request/GetCookie.scala index cb25ce5..2e4dd29 100644 --- a/src/main/scala/org/combinators/websecbench/request/GetCookie.scala +++ b/src/main/scala/org/combinators/websecbench/request/GetCookie.scala @@ -1,6 +1,6 @@ /* * Websecbench is a suite of web security benchmarks generated by (CL)S. - * Copyright (C) 2020 Jan Bessai and Malte Mues + * Copyright (C) 2021 Jan Bessai and Malte Mues * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -25,7 +25,13 @@ import org.combinators.cls.interpreter.ReflectedRepository import org.combinators.cls.types.Type import org.combinators.cls.types.syntax._ import org.combinators.templating.twirl.Java -import org.combinators.websecbench.{CodeGenerator, ComponentTag, Repository, TaggedComponent, UncheckedString} +import org.combinators.websecbench.{ + CodeGenerator, + ComponentTag, + Repository, + TaggedComponent, + UncheckedString +} import org.combinators.websecbench.SemanticTypes.JavaString import org.combinators.websecbench.request.SemanticTypes._ @@ -33,8 +39,7 @@ object GetCookie extends TaggedComponent { val tags = Set(ComponentTag.ReadFromRequest) val getCookieMethod: MethodDeclaration = { - Java( - s""" + Java(s""" |public String getCookie(HttpServletRequest request) throws IOException { | javax.servlet.http.Cookie[] theCookies = request.getCookies(); | @@ -55,16 +60,19 @@ object GetCookie extends TaggedComponent { def apply(): CodeGenerator[Expression] = { CodeGenerator( methods = List(getCookieMethod), - currentNode = Java(s"getCookie(${CodeGenerator.requestExpr})").expression[Expression](), + currentNode = Java(s"getCookie(${CodeGenerator.requestExpr})") + .expression[Expression](), toMethodBody = expr => Java(s"${expr};").statements(), unitTests = Seq.empty, metaData = Seq.empty, - sourceData = Seq(UncheckedString()) + sourceData = Seq(UncheckedString) ) } val semanticType: Type = RequestContent :&: JavaString - def addToRepository(repository: ReflectedRepository[Repository.type]): ReflectedRepository[Repository.type] = + def addToRepository( + repository: ReflectedRepository[Repository.type] + ): ReflectedRepository[Repository.type] = repository.addCombinator(this) } diff --git a/src/main/scala/org/combinators/websecbench/request/GetHeader.scala b/src/main/scala/org/combinators/websecbench/request/GetHeader.scala index 62955c1..f18656c 100644 --- a/src/main/scala/org/combinators/websecbench/request/GetHeader.scala +++ b/src/main/scala/org/combinators/websecbench/request/GetHeader.scala @@ -1,6 +1,6 @@ /* * Websecbench is a suite of web security benchmarks generated by (CL)S. - * Copyright (C) 2020 Jan Bessai and Malte Mues + * Copyright (C) 2021 Jan Bessai and Malte Mues * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -21,7 +21,15 @@ package org.combinators.websecbench.request import com.github.javaparser.ast.expr.Expression import org.combinators.templating.twirl.Java -import org.combinators.websecbench.{CodeGenerator, ComponentTag, PathTraversalVulnerability, Repository, SQLInjectionVulnerability, TaggedComponent, UncheckedString} +import org.combinators.websecbench.{ + CodeGenerator, + ComponentTag, + PathTraversalVulnerability, + Repository, + SQLInjectionVulnerability, + TaggedComponent, + UncheckedString +} import org.combinators.websecbench.SemanticTypes.{Encoded, JavaString} import SemanticTypes._ import com.github.javaparser.ast.body.MethodDeclaration @@ -32,8 +40,7 @@ import org.combinators.cls.types.syntax._ object GetHeader extends TaggedComponent { val tags = Set(ComponentTag.ReadFromRequest) - val getCookieMethod: MethodDeclaration = Java( - s""" + val getCookieMethod: MethodDeclaration = Java(s""" |public String getHeader(HttpServletRequest request) throws IOException { | String param = ""; | if (request.getHeader("BenchmarkTest00008") != null) { @@ -46,16 +53,19 @@ object GetHeader extends TaggedComponent { def apply(): CodeGenerator[Expression] = { CodeGenerator( methods = List(getCookieMethod), - currentNode = Java(s"getHeader(${CodeGenerator.requestExpr})").expression[Expression](), + currentNode = Java(s"getHeader(${CodeGenerator.requestExpr})") + .expression[Expression](), toMethodBody = expr => Java(s"${expr};").statements(), unitTests = Seq.empty, - metaData = Seq.empty, - sourceData = Seq(UncheckedString()) - ) + metaData = Seq.empty, + sourceData = Seq(UncheckedString) + ) } val semanticType: Type = RequestContent :&: JavaString :&: Encoded - def addToRepository(repository: ReflectedRepository[Repository.type]): ReflectedRepository[Repository.type] = + def addToRepository( + repository: ReflectedRepository[Repository.type] + ): ReflectedRepository[Repository.type] = repository.addCombinator(this) } diff --git a/src/main/scala/org/combinators/websecbench/request/SemanticTypes.scala b/src/main/scala/org/combinators/websecbench/request/SemanticTypes.scala index ed928bc..6af63a3 100644 --- a/src/main/scala/org/combinators/websecbench/request/SemanticTypes.scala +++ b/src/main/scala/org/combinators/websecbench/request/SemanticTypes.scala @@ -1,6 +1,6 @@ /* * Websecbench is a suite of web security benchmarks generated by (CL)S. - * Copyright (C) 2020 Jan Bessai and Malte Mues + * Copyright (C) 2021 Jan Bessai and Malte Mues * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff --git a/src/main/scala/org/combinators/websecbench/request/package.scala b/src/main/scala/org/combinators/websecbench/request/package.scala index 91e4093..ecaa4e2 100644 --- a/src/main/scala/org/combinators/websecbench/request/package.scala +++ b/src/main/scala/org/combinators/websecbench/request/package.scala @@ -1,6 +1,6 @@ /* * Websecbench is a suite of web security benchmarks generated by (CL)S. - * Copyright (C) 2020 Jan Bessai and Malte Mues + * Copyright (C) 2021 Jan Bessai and Malte Mues * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License