issues
search
alipay
/
ant-application-security-testing-benchmark
xAST评价体系,让安全工具不再“黑盒”. The xAST evaluation benchmark makes security tools no longer a "black box".
https://xastbenchmark.github.io
Apache License 2.0
323
stars
40
forks
source link
Improve: Supplement Testcases for Java-SAST/Engine-Analysis-Capability by FEYSH-3
#89
Open
Feysh-Inc
opened
3 months ago
Feysh-Inc
commented
3 months ago
三阶段计划:
准确度
对象敏感
别名是否被污染
BaseAlias
FieldAlias
HeapContextAlias
HeapOverwriteAlias
HeapPointsToSelfAlias
InnerClassAlias
MultiFieldAccessAlias
上下文敏感
相同函数调用不同参数
HeapAllocSite
MultipleCallSite
TODO
三阶段计划: