From 8c16c9b866e8e982a63adfdfcfc7085492487458 Mon Sep 17 00:00:00 2001 From: Gr-i-niy Date: Wed, 22 Oct 2025 03:10:22 +0300 Subject: [PATCH 1/3] fix: correct metadata for tests --- .../benchmark/testcode/BenchmarkTest00008178.metadata.json | 2 +- .../org/owasp/benchmark/testcode/BenchmarkTest00008178.xml | 3 ++- .../benchmark/testcode/BenchmarkTest0000843.metadata.json | 2 +- .../org/owasp/benchmark/testcode/BenchmarkTest0000843.xml | 3 ++- .../benchmark/testcode/BenchmarkTest00098122.metadata.json | 2 +- .../org/owasp/benchmark/testcode/BenchmarkTest00098122.xml | 3 ++- .../benchmark/testcode/BenchmarkTest000981223.metadata.json | 2 +- .../org/owasp/benchmark/testcode/BenchmarkTest000981223.xml | 3 ++- .../benchmark/testcode/BenchmarkTest0010091.metadata.json | 2 +- .../org/owasp/benchmark/testcode/BenchmarkTest0010091.xml | 3 ++- .../benchmark/testcode/BenchmarkTest00216125.metadata.json | 2 +- .../org/owasp/benchmark/testcode/BenchmarkTest00216125.xml | 3 ++- .../benchmark/testcode/BenchmarkTest002164.metadata.json | 2 +- .../org/owasp/benchmark/testcode/BenchmarkTest002164.xml | 3 ++- .../benchmark/testcode/BenchmarkTest0124324.metadata.json | 2 +- .../org/owasp/benchmark/testcode/BenchmarkTest0124324.xml | 3 ++- .../benchmark/testcode/BenchmarkTest0130294.metadata.json | 2 +- .../org/owasp/benchmark/testcode/BenchmarkTest0130294.xml | 5 +++-- .../benchmark/testcode/BenchmarkTest0147879.metadata.json | 2 +- .../org/owasp/benchmark/testcode/BenchmarkTest0147879.xml | 3 ++- .../benchmark/testcode/BenchmarkTest01517108.metadata.json | 2 +- .../org/owasp/benchmark/testcode/BenchmarkTest01517108.xml | 3 ++- .../benchmark/testcode/BenchmarkTest0154729.metadata.json | 2 +- .../org/owasp/benchmark/testcode/BenchmarkTest0154729.xml | 5 +++-- .../benchmark/testcode/BenchmarkTest01548178.metadata.json | 2 +- .../org/owasp/benchmark/testcode/BenchmarkTest01548178.xml | 3 ++- .../benchmark/testcode/BenchmarkTest0155461.metadata.json | 2 +- .../org/owasp/benchmark/testcode/BenchmarkTest0155461.xml | 3 ++- .../benchmark/testcode/BenchmarkTest01726176.metadata.json | 2 +- .../org/owasp/benchmark/testcode/BenchmarkTest01726176.xml | 3 ++- .../benchmark/testcode/BenchmarkTest02355175.metadata.json | 2 +- .../org/owasp/benchmark/testcode/BenchmarkTest02355175.xml | 3 ++- .../benchmark/testcode/BenchmarkTest02561167.metadata.json | 2 +- .../org/owasp/benchmark/testcode/BenchmarkTest02561167.xml | 5 +++-- 34 files changed, 54 insertions(+), 37 deletions(-) diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00008178.metadata.json b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00008178.metadata.json index d627b7e76..333313027 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00008178.metadata.json +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00008178.metadata.json @@ -16,7 +16,7 @@ ], "used_extensions": [], "region": null, - "kind": "pass" + "kind": "fail" }, "tool_results": [] } \ No newline at end of file diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00008178.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00008178.xml index e4533fa6c..5f834ac6e 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00008178.xml +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00008178.xml @@ -1,7 +1,8 @@ + 1.2 sqli 00008178 - false + true 89 \ No newline at end of file diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000843.metadata.json b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000843.metadata.json index 1f6956bcf..87f6c594a 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000843.metadata.json +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000843.metadata.json @@ -16,7 +16,7 @@ ], "used_extensions": [], "region": null, - "kind": "fail" + "kind": "pass" }, "tool_results": [] } \ No newline at end of file diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000843.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000843.xml index 212189ef2..49ef703e6 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000843.xml +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000843.xml @@ -1,7 +1,8 @@ + 1.2 sqli 0000843 false 89 - + \ No newline at end of file diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00098122.metadata.json b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00098122.metadata.json index 8bcc51970..cda0e10c4 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00098122.metadata.json +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00098122.metadata.json @@ -26,7 +26,7 @@ "MACRO_SetName -> set787231" ], "region": null, - "kind": "pass" + "kind": "fail" }, "tool_results": [] } \ No newline at end of file diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00098122.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00098122.xml index 8cb2b4e96..fae45c919 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00098122.xml +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00098122.xml @@ -1,7 +1,8 @@ + 1.2 trustbound 00098122 - false + true 501 \ No newline at end of file diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest000981223.metadata.json b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest000981223.metadata.json index 4ef7a05c1..4d780e4ec 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest000981223.metadata.json +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest000981223.metadata.json @@ -26,7 +26,7 @@ "MACRO_SetName -> set787231" ], "region": null, - "kind": "fail" + "kind": "pass" }, "tool_results": [] } \ No newline at end of file diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest000981223.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest000981223.xml index ba83cc4bf..3ba5bf7f6 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest000981223.xml +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest000981223.xml @@ -1,7 +1,8 @@ + 1.2 trustbound 000981223 - true + false 501 \ No newline at end of file diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0010091.metadata.json b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0010091.metadata.json index 0e2197bbb..a5cf43ad8 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0010091.metadata.json +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0010091.metadata.json @@ -18,7 +18,7 @@ " MACRO_VarName -> obj12321" ], "region": null, - "kind": "pass" + "kind": "fail" }, "tool_results": [] } \ No newline at end of file diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0010091.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0010091.xml index 2bf4403d2..b4449499b 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0010091.xml +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0010091.xml @@ -1,7 +1,8 @@ + 1.2 sqli 0010091 - false + true 89 \ No newline at end of file diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00216125.metadata.json b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00216125.metadata.json index 072d9c029..373fc4dda 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00216125.metadata.json +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00216125.metadata.json @@ -30,7 +30,7 @@ "MACRO_ListName -> list787231" ], "region": null, - "kind": "fail" + "kind": "pass" }, "tool_results": [] } \ No newline at end of file diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00216125.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00216125.xml index b7938d475..cf2c1f5a2 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00216125.xml +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00216125.xml @@ -1,7 +1,8 @@ + 1.2 pathtraver 00216125 - true + false 22 \ No newline at end of file diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest002164.metadata.json b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest002164.metadata.json index 1c97eb147..936312d6a 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest002164.metadata.json +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest002164.metadata.json @@ -30,7 +30,7 @@ "MACRO_QueueName -> queue787231" ], "region": null, - "kind": "fail" + "kind": "pass" }, "tool_results": [] } \ No newline at end of file diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest002164.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest002164.xml index 716d9b7de..d67eb5ca4 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest002164.xml +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest002164.xml @@ -1,7 +1,8 @@ + 1.2 pathtraver 002164 - true + false 22 \ No newline at end of file diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0124324.metadata.json b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0124324.metadata.json index cfa9cf3cd..26b92979b 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0124324.metadata.json +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0124324.metadata.json @@ -18,7 +18,7 @@ " MACRO_VarName -> obj09823" ], "region": null, - "kind": "pass" + "kind": "fail" }, "tool_results": [] } \ No newline at end of file diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0124324.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0124324.xml index 165b454a9..9f9a4cbef 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0124324.xml +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0124324.xml @@ -1,7 +1,8 @@ + 1.2 ldapi 0124324 - false + true 90 \ No newline at end of file diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0130294.metadata.json b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0130294.metadata.json index 62d0c904a..40c133b04 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0130294.metadata.json +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0130294.metadata.json @@ -19,7 +19,7 @@ "MACRO_VarName -> obj12321" ], "region": null, - "kind": "pass" + "kind": "fail" }, "tool_results": [] } \ No newline at end of file diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0130294.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0130294.xml index f75ab6d76..18663182c 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0130294.xml +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0130294.xml @@ -1,7 +1,8 @@ + 1.2 sqli 0130294 - false + true 89 - + \ No newline at end of file diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0147879.metadata.json b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0147879.metadata.json index dd1418dae..7c19ca46e 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0147879.metadata.json +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0147879.metadata.json @@ -31,7 +31,7 @@ "MACRO_ListName -> list787231" ], "region": null, - "kind": "fail" + "kind": "pass" }, "tool_results": [] } \ No newline at end of file diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0147879.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0147879.xml index ea7cc55a1..20413b390 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0147879.xml +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0147879.xml @@ -1,7 +1,8 @@ + 1.2 xpathi 0147879 - true + false 643 \ No newline at end of file diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01517108.metadata.json b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01517108.metadata.json index 1d6ffa1d6..c2af25301 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01517108.metadata.json +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01517108.metadata.json @@ -20,7 +20,7 @@ "EXPR_String -> ~[EXPR_String]~.concat(~[EXPR_String]~)" ], "region": null, - "kind": "fail" + "kind": "pass" }, "tool_results": [] } \ No newline at end of file diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01517108.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01517108.xml index ec0f6a989..71c144020 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01517108.xml +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01517108.xml @@ -1,7 +1,8 @@ + 1.2 cmdi 01517108 - true + false 78 \ No newline at end of file diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0154729.metadata.json b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0154729.metadata.json index 7321a12f8..45cbeaf9e 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0154729.metadata.json +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0154729.metadata.json @@ -18,7 +18,7 @@ " MACRO_VarName -> obj09823" ], "region": null, - "kind": "pass" + "kind": "fail" }, "tool_results": [] } \ No newline at end of file diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0154729.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0154729.xml index 161e7b915..aa0d0847a 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0154729.xml +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0154729.xml @@ -1,7 +1,8 @@ + 1.2 trustbound 0154729 - false + true 501 - + \ No newline at end of file diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01548178.metadata.json b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01548178.metadata.json index 62c7ce3a9..ee78a9518 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01548178.metadata.json +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01548178.metadata.json @@ -18,7 +18,7 @@ " EXPR_String -> ~[EXPR_String]~.toLowerCase()" ], "region": null, - "kind": "pass" + "kind": "fail" }, "tool_results": [] } \ No newline at end of file diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01548178.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01548178.xml index 917073012..319fc0ff5 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01548178.xml +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01548178.xml @@ -1,7 +1,8 @@ + 1.2 trustbound 01548178 - false + true 501 \ No newline at end of file diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0155461.metadata.json b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0155461.metadata.json index b6d652947..d13a7a829 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0155461.metadata.json +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0155461.metadata.json @@ -18,7 +18,7 @@ " EXPR_String -> \"\"" ], "region": null, - "kind": "fail" + "kind": "pass" }, "tool_results": [] } \ No newline at end of file diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0155461.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0155461.xml index e06c5ba5a..8607d705f 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0155461.xml +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0155461.xml @@ -1,7 +1,8 @@ + 1.2 sqli 0155461 - true + false 89 \ No newline at end of file diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01726176.metadata.json b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01726176.metadata.json index 661b7ef8d..9335b97f9 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01726176.metadata.json +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01726176.metadata.json @@ -19,7 +19,7 @@ "MACRO_VarName -> sealed12321" ], "region": null, - "kind": "fail" + "kind": "pass" }, "tool_results": [] } \ No newline at end of file diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01726176.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01726176.xml index e83eb64fe..55f79117e 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01726176.xml +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01726176.xml @@ -1,7 +1,8 @@ + 1.2 sqli 01726176 - true + false 89 \ No newline at end of file diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02355175.metadata.json b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02355175.metadata.json index 97aaea5c2..f92073ebb 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02355175.metadata.json +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02355175.metadata.json @@ -16,7 +16,7 @@ ], "used_extensions": [], "region": null, - "kind": "fail" + "kind": "pass" }, "tool_results": [] } \ No newline at end of file diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02355175.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02355175.xml index 813284fcc..728b6fc6f 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02355175.xml +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02355175.xml @@ -1,7 +1,8 @@ + 1.2 sqli 02355175 - true + false 89 \ No newline at end of file diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02561167.metadata.json b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02561167.metadata.json index ca0a09731..4ec6bfa85 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02561167.metadata.json +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02561167.metadata.json @@ -18,7 +18,7 @@ " MACRO_VarName -> sealed09823" ], "region": null, - "kind": "pass" + "kind": "fail" }, "tool_results": [] } \ No newline at end of file diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02561167.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02561167.xml index 5c8457189..47e95d095 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02561167.xml +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02561167.xml @@ -1,7 +1,8 @@ + 1.2 pathtraver 02561167 - false + true 22 - + \ No newline at end of file From 46737998d93619252505a693970f462e054acacb Mon Sep 17 00:00:00 2001 From: Gr-i-niy Date: Wed, 22 Oct 2025 03:10:51 +0300 Subject: [PATCH 2/3] fix: correct tests to match metadata --- .../owasp/benchmark/testcode/BenchmarkTest0010091.java | 2 +- .../owasp/benchmark/testcode/BenchmarkTest003281.java | 6 ++++-- .../owasp/benchmark/testcode/BenchmarkTest0057315.java | 2 +- .../owasp/benchmark/testcode/BenchmarkTest011439.java | 2 +- .../owasp/benchmark/testcode/BenchmarkTest0120422.java | 2 +- .../owasp/benchmark/testcode/BenchmarkTest01287156.java | 4 +++- .../owasp/benchmark/testcode/BenchmarkTest0132635.java | 2 +- .../owasp/benchmark/testcode/BenchmarkTest01497174.java | 4 ++-- .../owasp/benchmark/testcode/BenchmarkTest0153396.java | 9 +++++---- .../owasp/benchmark/testcode/BenchmarkTest01709123.java | 2 +- .../owasp/benchmark/testcode/BenchmarkTest01709142.java | 4 ++-- .../owasp/benchmark/testcode/BenchmarkTest02059143.java | 5 ++--- .../owasp/benchmark/testcode/BenchmarkTest02355175.java | 3 ++- .../owasp/benchmark/testcode/BenchmarkTest02511101.java | 5 +++-- .../owasp/benchmark/testcode/BenchmarkTest0252534.java | 4 ++-- 15 files changed, 31 insertions(+), 25 deletions(-) diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0010091.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0010091.java index 3a1d160a0..723010b91 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0010091.java +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0010091.java @@ -75,7 +75,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) try { - ServiceI service111 = new ServiceSimple(request.getPathInfo()); + ServiceI service111 = new ServiceSimple(sql); ConsumerInterface ci111 = new ConsumerInterface(service111); sql = ci111.getFieldValue(); diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest003281.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest003281.java index 5fc7b1aec..30e31f936 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest003281.java +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest003281.java @@ -78,8 +78,10 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) ("[^abc]" + (("[a-z]+" + "+") + "|" - + ((("[^abc]" + "*?") + "??") + "|" + "\0mnn")))); - Matcher matcher = pattern.matcher(request.changeSessionId()); + + ((("[^abc]" + "*?")) + "|" + "\0mnn")))); + if (request.getSession() != null) { + Matcher matcher = pattern.matcher(request.changeSessionId()); + } java.sql.CallableStatement statement = connection.prepareCall(sql); java.sql.ResultSet rs = statement.executeQuery(); diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0057315.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0057315.java index 101d813ba..a675557f9 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0057315.java +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0057315.java @@ -59,7 +59,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) Queue queue787231 = new PriorityQueue<>(); queue787231.offer( - param.concat(value).replaceAll("\\", param.toLowerCase())); + param.concat(value).replaceAll("\\.", param.toLowerCase())); param = queue787231.poll(); flag = false; diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest011439.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest011439.java index 344613113..7b9966d16 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest011439.java +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest011439.java @@ -93,7 +93,7 @@ public T9 varargsWithGenerics(T9... elements) { } public String combineStrings(String... strings) { - return String.join(", ", strings); + return String.join("_", strings); } private class Test9 { diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0120422.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0120422.java index ed08d75ae..3ecffaff9 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0120422.java +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0120422.java @@ -73,8 +73,8 @@ public String doSomething(HttpServletRequest request, String param) List list787232 = new ArrayList<>(); list787232.add(request.getRemoteUser()); - list787232.clear(); String value7846 = list787232.get(0); + list787232.clear(); String a40584 = param; // assign StringBuilder b40584 = new StringBuilder(a40584); // stick in stringbuilder diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01287156.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01287156.java index 500348666..35bd7affe 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01287156.java +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01287156.java @@ -56,7 +56,9 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) String[] args = {cmd}; Pattern pattern = Pattern.compile(("\r" + "*")); - Matcher matcher = pattern.matcher(request.getRemoteUser().substring(42)); + if (request.getRemoteUser() != null) { + Matcher matcher = pattern.matcher(request.getRemoteUser().substring(42)); + } String[] argsEnv = {bar}; diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0132635.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0132635.java index 9e9c0285e..e43a616e0 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0132635.java +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0132635.java @@ -58,7 +58,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) list787231.add("wcgbs"); list787231.add(bar); Stream stream787231 = list787231.stream(); - stream787231.map(entry111 -> entry111 + "mcbgw"); + stream787231 = stream787231.map(entry111 -> entry111 + "mcbgw"); bar = stream787231.findFirst().get(); org.owasp.benchmark.helpers.LDAPManager ads = new org.owasp.benchmark.helpers.LDAPManager(); diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01497174.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01497174.java index c793f31b5..34e87e522 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01497174.java +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01497174.java @@ -140,9 +140,9 @@ public String InterfaceCall(String t) { File f = new File(bar); - valuesList.remove(0); // remove the 1st safe value - bar = valuesList.get(0); // get the param value + + valuesList.remove(0); // remove the 1st safe value } return bar; diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0153396.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0153396.java index 34532143c..fa340628e 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0153396.java +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0153396.java @@ -80,10 +80,11 @@ public String doSomething(HttpServletRequest request, String param) if (param != null) { bar = bar = bar; - new String( - org.apache.commons.codec.binary.Base64.decodeBase64( - org.apache.commons.codec.binary.Base64.encodeBase64( - param.getBytes()))); + bar = + new String( + org.apache.commons.codec.binary.Base64.decodeBase64( + org.apache.commons.codec.binary.Base64.encodeBase64( + param.getBytes()))); } return bar; diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01709123.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01709123.java index 1452fc510..710763c01 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01709123.java +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01709123.java @@ -107,7 +107,7 @@ public String doSomething(HttpServletRequest request, String param) list787232.add(a15574); list787232.add(a15574); Stream stream787231 = list787232.stream(); - stream787231.map(entry111 -> entry111 + param.toString()); + stream787231 = stream787231.map(entry111 -> entry111 + param.toString()); String value7842 = stream787231.findFirst().get(); java.util.HashMap map15574 = new java.util.HashMap(); diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01709142.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01709142.java index ffb637737..7e6da6e9c 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01709142.java +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01709142.java @@ -124,10 +124,10 @@ public String doSomething(HttpServletRequest request, String param) String value78410 = map787233.entrySet().stream() - .filter(entry -> entry.equals("pxltl")) + .filter(entry -> entry.getValue().equals("pxltl")) .findFirst() .get() - .getValue(); + .getKey(); return bar; } diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02059143.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02059143.java index 5416548bb..fc9a3d7cb 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02059143.java +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02059143.java @@ -68,7 +68,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) a2 = "-c"; } - a1 = paramOrEmptyMutual2(a1.length(), a1); + a1 = paramOrEmptyMutual2(a1.length() + 2, a1); String[] args = {a1, a2, "echo " + bar}; @@ -117,11 +117,10 @@ public String paramOrEmptyMutual1(int value, String param) { if (param.length() == value) { return param; } else if (value > param.length()) { - paramOrEmptyMutual2(value, param); + return paramOrEmptyMutual2(value, param); } else { return ""; } - return ""; } public String paramOrEmptyMutual2(int value, String param) { diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02355175.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02355175.java index 431112a33..7741cadbb 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02355175.java +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02355175.java @@ -29,6 +29,7 @@ public class BenchmarkTest02355175 extends HttpServlet { private static final long serialVersionUID = 1L; + private static final String DEFAULT_PASSWORD = "ewbfhjewk"; @Override public void doGet(HttpServletRequest request, HttpServletResponse response) @@ -55,7 +56,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) ConsumerSimple cs111 = new ConsumerSimple(service111); name = cs111.getFieldValue(); - if (value.equals("BenchmarkTest02355")) { + if (value.equals("DEFAULT_PASSWORD")) { param = name; flag = false; } diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02511101.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02511101.java index 6dac5e5b1..539c3a9e4 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02511101.java +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02511101.java @@ -50,8 +50,9 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) String cmd = bar = combineStrings(response.encodeRedirectURL(param), bar.replace('/', '.')); - org.owasp.benchmark.helpers.Utils.getInsecureOSCommandString( - this.getClass().getClassLoader()); + cmd = + org.owasp.benchmark.helpers.Utils.getInsecureOSCommandString( + this.getClass().getClassLoader()); String[] args = {cmd}; String[] argsEnv = {bar}; diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0252534.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0252534.java index 8a73e7fbb..12ab6ca87 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0252534.java +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0252534.java @@ -76,10 +76,10 @@ private static String doSomething(HttpServletRequest request, String param) ArrayHolder ah = new ArrayHolder(tmpArrayUnique42); String value78410 = map787231.entrySet().stream() - .filter(entry -> entry.equals("brxqm")) + .filter(entry -> entry.getValue().equals("brxqm")) .findFirst() .get() - .getValue(); + .getKey(); param = ah.values[0]; Object obj21341 = new ImplementingSubClass(); From b9cf6d5b4a26c260fae45b81f2a67d7c9a97e61d Mon Sep 17 00:00:00 2001 From: Gr-i-niy Date: Wed, 29 Oct 2025 15:05:48 +0300 Subject: [PATCH 3/3] fix: add results from new agents --- .../owasp/benchmark/testcode/BenchmarkTest0000822.metadata.json | 2 +- .../java/org/owasp/benchmark/testcode/BenchmarkTest0000822.xml | 2 +- .../owasp/benchmark/testcode/BenchmarkTest0000828.metadata.json | 2 +- .../java/org/owasp/benchmark/testcode/BenchmarkTest0000828.xml | 2 +- .../benchmark/testcode/BenchmarkTest00098122.metadata.json | 2 +- .../java/org/owasp/benchmark/testcode/BenchmarkTest00098122.xml | 2 +- .../benchmark/testcode/BenchmarkTest01242179.metadata.json | 2 +- .../java/org/owasp/benchmark/testcode/BenchmarkTest01242179.xml | 2 +- .../benchmark/testcode/BenchmarkTest012871561.metadata.json | 2 +- .../org/owasp/benchmark/testcode/BenchmarkTest012871561.xml | 2 +- .../owasp/benchmark/testcode/BenchmarkTest0147879.metadata.json | 2 +- .../java/org/owasp/benchmark/testcode/BenchmarkTest0147879.xml | 2 +- .../benchmark/testcode/BenchmarkTest01497174.metadata.json | 2 +- .../java/org/owasp/benchmark/testcode/BenchmarkTest01497174.xml | 2 +- 14 files changed, 14 insertions(+), 14 deletions(-) diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000822.metadata.json b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000822.metadata.json index cb09cf931..e25efd94c 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000822.metadata.json +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000822.metadata.json @@ -16,7 +16,7 @@ ], "used_extensions": [], "region": null, - "kind": "pass" + "kind": "fail" }, "tool_results": [] } \ No newline at end of file diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000822.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000822.xml index e8d4f520f..63b680518 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000822.xml +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000822.xml @@ -2,6 +2,6 @@ 1.2 sqli 0000822 - false + true 89 diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000828.metadata.json b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000828.metadata.json index 7d7f159b6..c027ed0c9 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000828.metadata.json +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000828.metadata.json @@ -16,7 +16,7 @@ ], "used_extensions": [], "region": null, - "kind": "pass" + "kind": "fail" }, "tool_results": [] } \ No newline at end of file diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000828.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000828.xml index 4e8cb640c..28b18acf8 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000828.xml +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0000828.xml @@ -2,6 +2,6 @@ 1.2 sqli 0000828 - false + true 89 diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00098122.metadata.json b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00098122.metadata.json index cda0e10c4..8bcc51970 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00098122.metadata.json +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00098122.metadata.json @@ -26,7 +26,7 @@ "MACRO_SetName -> set787231" ], "region": null, - "kind": "fail" + "kind": "pass" }, "tool_results": [] } \ No newline at end of file diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00098122.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00098122.xml index fae45c919..f0accd25b 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00098122.xml +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00098122.xml @@ -3,6 +3,6 @@ 1.2 trustbound 00098122 - true + false 501 \ No newline at end of file diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01242179.metadata.json b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01242179.metadata.json index 1f5f04b69..2e33446f5 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01242179.metadata.json +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01242179.metadata.json @@ -23,7 +23,7 @@ "MACRO_QueueName@1 -> queue787231" ], "region": null, - "kind": "fail" + "kind": "pass" }, "tool_results": [] } \ No newline at end of file diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01242179.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01242179.xml index de1d74b8a..b46329565 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01242179.xml +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01242179.xml @@ -2,6 +2,6 @@ 1.2 ldapi 01242179 - true + false 90 \ No newline at end of file diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest012871561.metadata.json b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest012871561.metadata.json index f71d2e554..20fea5d53 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest012871561.metadata.json +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest012871561.metadata.json @@ -22,7 +22,7 @@ "MACRO_VarName -> sealed21341" ], "region": null, - "kind": "fail" + "kind": "pass" }, "tool_results": [] } \ No newline at end of file diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest012871561.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest012871561.xml index 85b6ada72..1a8c22169 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest012871561.xml +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest012871561.xml @@ -2,6 +2,6 @@ 1.2 cmdi 012871561 - true + false 78 \ No newline at end of file diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0147879.metadata.json b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0147879.metadata.json index 7c19ca46e..dd1418dae 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0147879.metadata.json +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0147879.metadata.json @@ -31,7 +31,7 @@ "MACRO_ListName -> list787231" ], "region": null, - "kind": "pass" + "kind": "fail" }, "tool_results": [] } \ No newline at end of file diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0147879.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0147879.xml index 20413b390..581f34faf 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0147879.xml +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest0147879.xml @@ -3,6 +3,6 @@ 1.2 xpathi 0147879 - false + true 643 \ No newline at end of file diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01497174.metadata.json b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01497174.metadata.json index dada8b765..e898765a8 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01497174.metadata.json +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01497174.metadata.json @@ -21,7 +21,7 @@ "EXPR_NestedRecord -> (new NestedRecord(new SimpleRecord(~[EXPR_String]~), new SimpleRecord(~[EXPR_String]~)))" ], "region": null, - "kind": "fail" + "kind": "pass" }, "tool_results": [] } \ No newline at end of file diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01497174.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01497174.xml index bea7b3a1b..c5d571baa 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01497174.xml +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01497174.xml @@ -2,6 +2,6 @@ 1.2 pathtraver 01497174 - true + false 22 \ No newline at end of file