issues
search
alipay
/
ant-application-security-testing-benchmark
xAST评价体系,让安全工具不再“黑盒”. The xAST evaluation benchmark makes security tools no longer a "black box".
https://xastbenchmark.github.io
Apache License 2.0
287
stars
36
forks
source link
Improve: Supplement Testases for Java-SAST/Engine-Capability by FEYSH
#76
Open
Feysh-Inc
opened
1 month ago
Feysh-Inc
commented
1 month ago
一阶段计划:
准确度
上下文敏感
相同函数调用不同参数
对象敏感
别名对象污染
路径敏感
不涉及求解问题
多个return语句
污点链路的完整度
污点状态枚举传播场景
unknown taint
may taint
must taint
safe source
TODO
一阶段计划: