Skip to content

Title #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Gr-i-niy wants to merge 8 commits into
base: fix/tests_metadata
Choose a base branch
from
Open

Title #1

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
389587a
fix: configure html and servlets url
Gr-i-niy Sep 3, 2025
a5a9717
fix: correct metadata for xss
Gr-i-niy Sep 3, 2025
fbdc748
chore: add docker deploy
Gr-i-niy Sep 23, 2025
2398533
Merge pull request #1 from Gr-i-niy/fix/runtime-errors
Gr-i-niy Sep 28, 2025
0d35afd
chore: remove answers for test
Gr-i-niy Oct 2, 2025
553e2d9
fix: make BenchmarkTest0010091 vulnerable
Gr-i-niy Oct 16, 2025
3b98f82
fix: correct testcode errors
Gr-i-niy Oct 17, 2025
a72cdd5
chore: remove java22 tests metadata
Gr-i-niy Oct 21, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
The diff you're trying to view is too large. We only load the first 3000 changed files.
16 changes: 7 additions & 9 deletions VMs/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,10 @@
# This dockerfile builds a container that pulls down and runs the latest version of BenchmarkJava
FROM ubuntu:latest
MAINTAINER "Dave Wichers dave.wichers@owasp.org"
FROM sapmachine:22.0.1-jdk-ubuntu-24.04

RUN apt-get update
RUN DEBIAN_FRONTEND="noninteractive" apt-get -y install tzdata

RUN apt-get install -q -y \
openjdk-11-jre-headless \
openjdk-11-jdk \
git \
maven \
wget \
Expand All @@ -23,22 +21,22 @@ RUN mvn install

# Download, build BenchmarkJava
WORKDIR /owasp
RUN git clone https://github.com/OWASP-Benchmark/BenchmarkJava
RUN git clone https://github.com/flawgarden/BenchmarkJava-mutated.git

# Workaround for security fix for CVE-2022-24765
RUN git config --global --add safe.directory /owasp/BenchmarkJava
RUN git config --global --add safe.directory /owasp/BenchmarkJava-mutated

WORKDIR /owasp/BenchmarkJava
WORKDIR /owasp/BenchmarkJava-mutated
RUN mvn clean package cargo:install

RUN useradd -d /home/bench -m -s /bin/bash bench
RUN echo bench:bench | chpasswd

RUN chown -R bench /owasp/
ENV PATH /owasp/BenchmarkJava:$PATH
ENV PATH=/owasp/BenchmarkJava-mutated:$PATH

# start up Benchmark once, for 60 seconds, then kill it, so the additional dependencies required to run it are downloaded/cached in the image as well.
# exit 0 is required to return a 'success' code, otherwise the timeout returns a failure code, causing the Docker build to fail.
WORKDIR /owasp/BenchmarkJava
WORKDIR /owasp/BenchmarkJava-mutated
RUN timeout 60 ./runBenchmark.sh; exit 0

16 changes: 3 additions & 13 deletions VMs/buildDockerImage.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,13 +1,3 @@
# Pull in latest version of ubuntu. This builds an image using the OS native to this platform.
docker pull ubuntu:latest
# Remove any ubuntu:<none> image if it was left behind by a new version of ubuntu:latest being pulled
i=$(docker images | grep "ubuntu" | grep "<none" | awk '{print $3}')
if [ "$i" ]
then
docker rmi $i
fi

# Since Docker doesn't auto delete anything, just like for the Ubuntu update, delete any existing benchmark:latest image before building a new one
docker image rm benchmark:latest
docker build -t benchmark .

# Since Docker doesn't auto delete anything, just like for the Ubuntu update, delete any existing benchmark-mutated:latest image before building a new one
docker image rm benchmark-mutated:latest
docker build -t benchmark-mutated .
2 changes: 1 addition & 1 deletion VMs/runDockerImage.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
docker run -t -i -p 8443:8443 --rm benchmark /bin/bash -c "git pull && ./runRemoteAccessibleBenchmark.sh"
docker run -t -i -p 8443:8443 --rm benchmark-mutated /bin/bash -c "git pull && ./runRemoteAccessibleBenchmark.sh"

11,336 changes: 874 additions & 10,462 deletions data/benchmark-crawler-http.xml
View file
Open in desktop

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00004178.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@WebServlet(value = "/trustbound-00/BenchmarkTest00004")
@WebServlet(value = "/trustbound-00/BenchmarkTest00004178")
public class BenchmarkTest00004178 extends HttpServlet {

private static final long serialVersionUID = 1L;
Expand Down
29 changes: 0 additions & 29 deletions src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00004178.metadata.json
View file
Open in desktop

This file was deleted.

7 changes: 0 additions & 7 deletions src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00004178.xml
View file
Open in desktop

This file was deleted.

2 changes: 1 addition & 1 deletion src/main/java/org/owasp/benchmark/testcode/BenchmarkTest000041781.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@WebServlet(value = "/trustbound-00/BenchmarkTest00004")
@WebServlet(value = "/trustbound-00/BenchmarkTest000041781")
public class BenchmarkTest000041781 extends HttpServlet {

private static final long serialVersionUID = 1L;
Expand Down
29 changes: 0 additions & 29 deletions src/main/java/org/owasp/benchmark/testcode/BenchmarkTest000041781.metadata.json
View file
Open in desktop

This file was deleted.

7 changes: 0 additions & 7 deletions src/main/java/org/owasp/benchmark/testcode/BenchmarkTest000041781.xml
View file
Open in desktop

This file was deleted.

2 changes: 1 addition & 1 deletion src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00007141.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@WebServlet(value = "/cmdi-00/BenchmarkTest00007")
@WebServlet(value = "/cmdi-00/BenchmarkTest00007141")
public class BenchmarkTest00007141 extends HttpServlet {

private static final long serialVersionUID = 1L;
Expand Down
22 changes: 0 additions & 22 deletions src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00007141.metadata.json
View file
Open in desktop

This file was deleted.

7 changes: 0 additions & 7 deletions src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00007141.xml
View file
Open in desktop

This file was deleted.

2 changes: 1 addition & 1 deletion src/main/java/org/owasp/benchmark/testcode/BenchmarkTest000081.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@WebServlet(value = "/sqli-00/BenchmarkTest00008")
@WebServlet(value = "/sqli-00/BenchmarkTest000081")
public class BenchmarkTest000081 extends HttpServlet {

private static final long serialVersionUID = 1L;
Expand Down
22 changes: 0 additions & 22 deletions src/main/java/org/owasp/benchmark/testcode/BenchmarkTest000081.metadata.json
View file
Open in desktop

This file was deleted.

7 changes: 0 additions & 7 deletions src/main/java/org/owasp/benchmark/testcode/BenchmarkTest000081.xml
View file
Open in desktop

This file was deleted.

2 changes: 1 addition & 1 deletion src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000810.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@WebServlet(value = "/sqli-00/BenchmarkTest00008")
@WebServlet(value = "/sqli-00/BenchmarkTest0000810")
public class BenchmarkTest0000810 extends HttpServlet {

private static final long serialVersionUID = 1L;
Expand Down
22 changes: 0 additions & 22 deletions src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000810.metadata.json
View file
Open in desktop

This file was deleted.

7 changes: 0 additions & 7 deletions src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000810.xml
View file
Open in desktop

This file was deleted.

2 changes: 1 addition & 1 deletion src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00008102.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@WebServlet(value = "/sqli-00/BenchmarkTest00008")
@WebServlet(value = "/sqli-00/BenchmarkTest00008102")
public class BenchmarkTest00008102 extends HttpServlet {

private static final long serialVersionUID = 1L;
Expand Down
22 changes: 0 additions & 22 deletions src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00008102.metadata.json
View file
Open in desktop

This file was deleted.

2 changes: 1 addition & 1 deletion src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000811.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@WebServlet(value = "/sqli-00/BenchmarkTest00008")
@WebServlet(value = "/sqli-00/BenchmarkTest0000811")
public class BenchmarkTest0000811 extends HttpServlet {

private static final long serialVersionUID = 1L;
Expand Down
22 changes: 0 additions & 22 deletions src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000811.metadata.json
View file
Open in desktop

This file was deleted.

7 changes: 0 additions & 7 deletions src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000811.xml
View file
Open in desktop

This file was deleted.

2 changes: 1 addition & 1 deletion src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00008111.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@WebServlet(value = "/sqli-00/BenchmarkTest00008")
@WebServlet(value = "/sqli-00/BenchmarkTest00008111")
public class BenchmarkTest00008111 extends HttpServlet {

private static final long serialVersionUID = 1L;
Expand Down
22 changes: 0 additions & 22 deletions src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00008111.metadata.json
View file
Open in desktop

This file was deleted.

Loading