diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00008178.metadata.json b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00008178.metadata.json
index d627b7e76..333313027 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00008178.metadata.json
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00008178.metadata.json
@@ -16,7 +16,7 @@
],
"used_extensions": [],
"region": null,
- "kind": "pass"
+ "kind": "fail"
},
"tool_results": []
}
\ No newline at end of file
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00008178.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00008178.xml
index e4533fa6c..5f834ac6e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00008178.xml
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00008178.xml
@@ -1,7 +1,8 @@
+
1.2
sqli
00008178
- false
+ true
89
\ No newline at end of file
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000822.metadata.json b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000822.metadata.json
index cb09cf931..e25efd94c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000822.metadata.json
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000822.metadata.json
@@ -16,7 +16,7 @@
],
"used_extensions": [],
"region": null,
- "kind": "pass"
+ "kind": "fail"
},
"tool_results": []
}
\ No newline at end of file
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000822.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000822.xml
index e8d4f520f..63b680518 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000822.xml
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000822.xml
@@ -2,6 +2,6 @@
1.2
sqli
0000822
- false
+ true
89
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000828.metadata.json b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000828.metadata.json
index 7d7f159b6..c027ed0c9 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000828.metadata.json
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000828.metadata.json
@@ -16,7 +16,7 @@
],
"used_extensions": [],
"region": null,
- "kind": "pass"
+ "kind": "fail"
},
"tool_results": []
}
\ No newline at end of file
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000828.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000828.xml
index 4e8cb640c..28b18acf8 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000828.xml
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000828.xml
@@ -2,6 +2,6 @@
1.2
sqli
0000828
- false
+ true
89
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000843.metadata.json b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000843.metadata.json
index 1f6956bcf..87f6c594a 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000843.metadata.json
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000843.metadata.json
@@ -16,7 +16,7 @@
],
"used_extensions": [],
"region": null,
- "kind": "fail"
+ "kind": "pass"
},
"tool_results": []
}
\ No newline at end of file
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000843.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000843.xml
index 212189ef2..49ef703e6 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000843.xml
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000843.xml
@@ -1,7 +1,8 @@
+
1.2
sqli
0000843
false
89
-
+
\ No newline at end of file
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00098122.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00098122.xml
index 8cb2b4e96..f0accd25b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00098122.xml
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00098122.xml
@@ -1,3 +1,4 @@
+
1.2
trustbound
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest000981223.metadata.json b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest000981223.metadata.json
index 4ef7a05c1..4d780e4ec 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest000981223.metadata.json
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest000981223.metadata.json
@@ -26,7 +26,7 @@
"MACRO_SetName -> set787231"
],
"region": null,
- "kind": "fail"
+ "kind": "pass"
},
"tool_results": []
}
\ No newline at end of file
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest000981223.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest000981223.xml
index ba83cc4bf..3ba5bf7f6 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest000981223.xml
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest000981223.xml
@@ -1,7 +1,8 @@
+
1.2
trustbound
000981223
- true
+ false
501
\ No newline at end of file
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0010091.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0010091.java
index 3a1d160a0..723010b91 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0010091.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0010091.java
@@ -75,7 +75,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
try {
- ServiceI service111 = new ServiceSimple(request.getPathInfo());
+ ServiceI service111 = new ServiceSimple(sql);
ConsumerInterface ci111 = new ConsumerInterface(service111);
sql = ci111.getFieldValue();
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0010091.metadata.json b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0010091.metadata.json
index 0e2197bbb..a5cf43ad8 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0010091.metadata.json
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0010091.metadata.json
@@ -18,7 +18,7 @@
" MACRO_VarName -> obj12321"
],
"region": null,
- "kind": "pass"
+ "kind": "fail"
},
"tool_results": []
}
\ No newline at end of file
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0010091.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0010091.xml
index 2bf4403d2..b4449499b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0010091.xml
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0010091.xml
@@ -1,7 +1,8 @@
+
1.2
sqli
0010091
- false
+ true
89
\ No newline at end of file
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00216125.metadata.json b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00216125.metadata.json
index 072d9c029..373fc4dda 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00216125.metadata.json
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00216125.metadata.json
@@ -30,7 +30,7 @@
"MACRO_ListName -> list787231"
],
"region": null,
- "kind": "fail"
+ "kind": "pass"
},
"tool_results": []
}
\ No newline at end of file
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00216125.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00216125.xml
index b7938d475..cf2c1f5a2 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00216125.xml
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00216125.xml
@@ -1,7 +1,8 @@
+
1.2
pathtraver
00216125
- true
+ false
22
\ No newline at end of file
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest002164.metadata.json b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest002164.metadata.json
index 1c97eb147..936312d6a 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest002164.metadata.json
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest002164.metadata.json
@@ -30,7 +30,7 @@
"MACRO_QueueName -> queue787231"
],
"region": null,
- "kind": "fail"
+ "kind": "pass"
},
"tool_results": []
}
\ No newline at end of file
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest002164.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest002164.xml
index 716d9b7de..d67eb5ca4 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest002164.xml
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest002164.xml
@@ -1,7 +1,8 @@
+
1.2
pathtraver
002164
- true
+ false
22
\ No newline at end of file
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest003281.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest003281.java
index 5fc7b1aec..30e31f936 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest003281.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest003281.java
@@ -78,8 +78,10 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
("[^abc]"
+ (("[a-z]+" + "+")
+ "|"
- + ((("[^abc]" + "*?") + "??") + "|" + "\0mnn"))));
- Matcher matcher = pattern.matcher(request.changeSessionId());
+ + ((("[^abc]" + "*?")) + "|" + "\0mnn"))));
+ if (request.getSession() != null) {
+ Matcher matcher = pattern.matcher(request.changeSessionId());
+ }
java.sql.CallableStatement statement = connection.prepareCall(sql);
java.sql.ResultSet rs = statement.executeQuery();
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0057315.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0057315.java
index 101d813ba..a675557f9 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0057315.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0057315.java
@@ -59,7 +59,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
Queue queue787231 = new PriorityQueue<>();
queue787231.offer(
- param.concat(value).replaceAll("\\", param.toLowerCase()));
+ param.concat(value).replaceAll("\\.", param.toLowerCase()));
param = queue787231.poll();
flag = false;
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest011439.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest011439.java
index 344613113..7b9966d16 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest011439.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest011439.java
@@ -93,7 +93,7 @@ public T9 varargsWithGenerics(T9... elements) {
}
public String combineStrings(String... strings) {
- return String.join(", ", strings);
+ return String.join("_", strings);
}
private class Test9 {
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0120422.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0120422.java
index ed08d75ae..3ecffaff9 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0120422.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0120422.java
@@ -73,8 +73,8 @@ public String doSomething(HttpServletRequest request, String param)
List list787232 = new ArrayList<>();
list787232.add(request.getRemoteUser());
- list787232.clear();
String value7846 = list787232.get(0);
+ list787232.clear();
String a40584 = param; // assign
StringBuilder b40584 = new StringBuilder(a40584); // stick in stringbuilder
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01242179.metadata.json b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01242179.metadata.json
index 1f5f04b69..2e33446f5 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01242179.metadata.json
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01242179.metadata.json
@@ -23,7 +23,7 @@
"MACRO_QueueName@1 -> queue787231"
],
"region": null,
- "kind": "fail"
+ "kind": "pass"
},
"tool_results": []
}
\ No newline at end of file
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01242179.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01242179.xml
index de1d74b8a..b46329565 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01242179.xml
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01242179.xml
@@ -2,6 +2,6 @@
1.2
ldapi
01242179
- true
+ false
90
\ No newline at end of file
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0124324.metadata.json b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0124324.metadata.json
index cfa9cf3cd..26b92979b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0124324.metadata.json
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0124324.metadata.json
@@ -18,7 +18,7 @@
" MACRO_VarName -> obj09823"
],
"region": null,
- "kind": "pass"
+ "kind": "fail"
},
"tool_results": []
}
\ No newline at end of file
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0124324.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0124324.xml
index 165b454a9..9f9a4cbef 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0124324.xml
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0124324.xml
@@ -1,7 +1,8 @@
+
1.2
ldapi
0124324
- false
+ true
90
\ No newline at end of file
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01287156.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01287156.java
index 500348666..35bd7affe 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01287156.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01287156.java
@@ -56,7 +56,9 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
String[] args = {cmd};
Pattern pattern = Pattern.compile(("\r" + "*"));
- Matcher matcher = pattern.matcher(request.getRemoteUser().substring(42));
+ if (request.getRemoteUser() != null) {
+ Matcher matcher = pattern.matcher(request.getRemoteUser().substring(42));
+ }
String[] argsEnv = {bar};
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest012871561.metadata.json b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest012871561.metadata.json
index f71d2e554..20fea5d53 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest012871561.metadata.json
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest012871561.metadata.json
@@ -22,7 +22,7 @@
"MACRO_VarName -> sealed21341"
],
"region": null,
- "kind": "fail"
+ "kind": "pass"
},
"tool_results": []
}
\ No newline at end of file
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest012871561.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest012871561.xml
index 85b6ada72..1a8c22169 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest012871561.xml
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest012871561.xml
@@ -2,6 +2,6 @@
1.2
cmdi
012871561
- true
+ false
78
\ No newline at end of file
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0130294.metadata.json b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0130294.metadata.json
index 62d0c904a..40c133b04 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0130294.metadata.json
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0130294.metadata.json
@@ -19,7 +19,7 @@
"MACRO_VarName -> obj12321"
],
"region": null,
- "kind": "pass"
+ "kind": "fail"
},
"tool_results": []
}
\ No newline at end of file
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0130294.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0130294.xml
index f75ab6d76..18663182c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0130294.xml
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0130294.xml
@@ -1,7 +1,8 @@
+
1.2
sqli
0130294
- false
+ true
89
-
+
\ No newline at end of file
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0132635.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0132635.java
index 9e9c0285e..e43a616e0 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0132635.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0132635.java
@@ -58,7 +58,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
list787231.add("wcgbs");
list787231.add(bar);
Stream stream787231 = list787231.stream();
- stream787231.map(entry111 -> entry111 + "mcbgw");
+ stream787231 = stream787231.map(entry111 -> entry111 + "mcbgw");
bar = stream787231.findFirst().get();
org.owasp.benchmark.helpers.LDAPManager ads = new org.owasp.benchmark.helpers.LDAPManager();
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0147879.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0147879.xml
index ea7cc55a1..581f34faf 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0147879.xml
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0147879.xml
@@ -1,3 +1,4 @@
+
1.2
xpathi
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01497174.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01497174.java
index c793f31b5..34e87e522 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01497174.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01497174.java
@@ -140,9 +140,9 @@ public String InterfaceCall(String t) {
File f = new File(bar);
- valuesList.remove(0); // remove the 1st safe value
-
bar = valuesList.get(0); // get the param value
+
+ valuesList.remove(0); // remove the 1st safe value
}
return bar;
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01497174.metadata.json b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01497174.metadata.json
index dada8b765..e898765a8 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01497174.metadata.json
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01497174.metadata.json
@@ -21,7 +21,7 @@
"EXPR_NestedRecord -> (new NestedRecord(new SimpleRecord(~[EXPR_String]~), new SimpleRecord(~[EXPR_String]~)))"
],
"region": null,
- "kind": "fail"
+ "kind": "pass"
},
"tool_results": []
}
\ No newline at end of file
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01497174.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01497174.xml
index bea7b3a1b..c5d571baa 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01497174.xml
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01497174.xml
@@ -2,6 +2,6 @@
1.2
pathtraver
01497174
- true
+ false
22
\ No newline at end of file
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01517108.metadata.json b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01517108.metadata.json
index 1d6ffa1d6..c2af25301 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01517108.metadata.json
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01517108.metadata.json
@@ -20,7 +20,7 @@
"EXPR_String -> ~[EXPR_String]~.concat(~[EXPR_String]~)"
],
"region": null,
- "kind": "fail"
+ "kind": "pass"
},
"tool_results": []
}
\ No newline at end of file
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01517108.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01517108.xml
index ec0f6a989..71c144020 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01517108.xml
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01517108.xml
@@ -1,7 +1,8 @@
+
1.2
cmdi
01517108
- true
+ false
78
\ No newline at end of file
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0153396.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0153396.java
index 34532143c..fa340628e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0153396.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0153396.java
@@ -80,10 +80,11 @@ public String doSomething(HttpServletRequest request, String param)
if (param != null) {
bar = bar = bar;
- new String(
- org.apache.commons.codec.binary.Base64.decodeBase64(
- org.apache.commons.codec.binary.Base64.encodeBase64(
- param.getBytes())));
+ bar =
+ new String(
+ org.apache.commons.codec.binary.Base64.decodeBase64(
+ org.apache.commons.codec.binary.Base64.encodeBase64(
+ param.getBytes())));
}
return bar;
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0154729.metadata.json b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0154729.metadata.json
index 7321a12f8..45cbeaf9e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0154729.metadata.json
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0154729.metadata.json
@@ -18,7 +18,7 @@
" MACRO_VarName -> obj09823"
],
"region": null,
- "kind": "pass"
+ "kind": "fail"
},
"tool_results": []
}
\ No newline at end of file
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0154729.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0154729.xml
index 161e7b915..aa0d0847a 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0154729.xml
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0154729.xml
@@ -1,7 +1,8 @@
+
1.2
trustbound
0154729
- false
+ true
501
-
+
\ No newline at end of file
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01548178.metadata.json b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01548178.metadata.json
index 62c7ce3a9..ee78a9518 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01548178.metadata.json
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01548178.metadata.json
@@ -18,7 +18,7 @@
" EXPR_String -> ~[EXPR_String]~.toLowerCase()"
],
"region": null,
- "kind": "pass"
+ "kind": "fail"
},
"tool_results": []
}
\ No newline at end of file
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01548178.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01548178.xml
index 917073012..319fc0ff5 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01548178.xml
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01548178.xml
@@ -1,7 +1,8 @@
+
1.2
trustbound
01548178
- false
+ true
501
\ No newline at end of file
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0155461.metadata.json b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0155461.metadata.json
index b6d652947..d13a7a829 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0155461.metadata.json
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0155461.metadata.json
@@ -18,7 +18,7 @@
" EXPR_String -> \"\""
],
"region": null,
- "kind": "fail"
+ "kind": "pass"
},
"tool_results": []
}
\ No newline at end of file
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0155461.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0155461.xml
index e06c5ba5a..8607d705f 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0155461.xml
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0155461.xml
@@ -1,7 +1,8 @@
+
1.2
sqli
0155461
- true
+ false
89
\ No newline at end of file
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01709123.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01709123.java
index 1452fc510..710763c01 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01709123.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01709123.java
@@ -107,7 +107,7 @@ public String doSomething(HttpServletRequest request, String param)
list787232.add(a15574);
list787232.add(a15574);
Stream stream787231 = list787232.stream();
- stream787231.map(entry111 -> entry111 + param.toString());
+ stream787231 = stream787231.map(entry111 -> entry111 + param.toString());
String value7842 = stream787231.findFirst().get();
java.util.HashMap map15574 = new java.util.HashMap();
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01709142.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01709142.java
index ffb637737..7e6da6e9c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01709142.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01709142.java
@@ -124,10 +124,10 @@ public String doSomething(HttpServletRequest request, String param)
String value78410 =
map787233.entrySet().stream()
- .filter(entry -> entry.equals("pxltl"))
+ .filter(entry -> entry.getValue().equals("pxltl"))
.findFirst()
.get()
- .getValue();
+ .getKey();
return bar;
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01726176.metadata.json b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01726176.metadata.json
index 661b7ef8d..9335b97f9 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01726176.metadata.json
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01726176.metadata.json
@@ -19,7 +19,7 @@
"MACRO_VarName -> sealed12321"
],
"region": null,
- "kind": "fail"
+ "kind": "pass"
},
"tool_results": []
}
\ No newline at end of file
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01726176.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01726176.xml
index e83eb64fe..55f79117e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01726176.xml
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01726176.xml
@@ -1,7 +1,8 @@
+
1.2
sqli
01726176
- true
+ false
89
\ No newline at end of file
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02059143.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02059143.java
index 5416548bb..fc9a3d7cb 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02059143.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02059143.java
@@ -68,7 +68,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
a2 = "-c";
}
- a1 = paramOrEmptyMutual2(a1.length(), a1);
+ a1 = paramOrEmptyMutual2(a1.length() + 2, a1);
String[] args = {a1, a2, "echo " + bar};
@@ -117,11 +117,10 @@ public String paramOrEmptyMutual1(int value, String param) {
if (param.length() == value) {
return param;
} else if (value > param.length()) {
- paramOrEmptyMutual2(value, param);
+ return paramOrEmptyMutual2(value, param);
} else {
return "";
}
- return "";
}
public String paramOrEmptyMutual2(int value, String param) {
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02355175.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02355175.java
index 431112a33..7741cadbb 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02355175.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02355175.java
@@ -29,6 +29,7 @@
public class BenchmarkTest02355175 extends HttpServlet {
private static final long serialVersionUID = 1L;
+ private static final String DEFAULT_PASSWORD = "ewbfhjewk";
@Override
public void doGet(HttpServletRequest request, HttpServletResponse response)
@@ -55,7 +56,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
ConsumerSimple cs111 = new ConsumerSimple(service111);
name = cs111.getFieldValue();
- if (value.equals("BenchmarkTest02355")) {
+ if (value.equals("DEFAULT_PASSWORD")) {
param = name;
flag = false;
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02355175.metadata.json b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02355175.metadata.json
index 97aaea5c2..f92073ebb 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02355175.metadata.json
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02355175.metadata.json
@@ -16,7 +16,7 @@
],
"used_extensions": [],
"region": null,
- "kind": "fail"
+ "kind": "pass"
},
"tool_results": []
}
\ No newline at end of file
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02355175.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02355175.xml
index 813284fcc..728b6fc6f 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02355175.xml
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02355175.xml
@@ -1,7 +1,8 @@
+
1.2
sqli
02355175
- true
+ false
89
\ No newline at end of file
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02511101.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02511101.java
index 6dac5e5b1..539c3a9e4 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02511101.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02511101.java
@@ -50,8 +50,9 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
String cmd = bar = combineStrings(response.encodeRedirectURL(param), bar.replace('/', '.'));
- org.owasp.benchmark.helpers.Utils.getInsecureOSCommandString(
- this.getClass().getClassLoader());
+ cmd =
+ org.owasp.benchmark.helpers.Utils.getInsecureOSCommandString(
+ this.getClass().getClassLoader());
String[] args = {cmd};
String[] argsEnv = {bar};
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0252534.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0252534.java
index 8a73e7fbb..12ab6ca87 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0252534.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0252534.java
@@ -76,10 +76,10 @@ private static String doSomething(HttpServletRequest request, String param)
ArrayHolder ah = new ArrayHolder(tmpArrayUnique42);
String value78410 =
map787231.entrySet().stream()
- .filter(entry -> entry.equals("brxqm"))
+ .filter(entry -> entry.getValue().equals("brxqm"))
.findFirst()
.get()
- .getValue();
+ .getKey();
param = ah.values[0];
Object obj21341 = new ImplementingSubClass();
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02561167.metadata.json b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02561167.metadata.json
index ca0a09731..4ec6bfa85 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02561167.metadata.json
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02561167.metadata.json
@@ -18,7 +18,7 @@
" MACRO_VarName -> sealed09823"
],
"region": null,
- "kind": "pass"
+ "kind": "fail"
},
"tool_results": []
}
\ No newline at end of file
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02561167.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02561167.xml
index 5c8457189..47e95d095 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02561167.xml
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02561167.xml
@@ -1,7 +1,8 @@
+
1.2
pathtraver
02561167
- false
+ true
22
-
+
\ No newline at end of file