From c821df04fd7491acdb2f66d624d5a2a9fc4a0088 Mon Sep 17 00:00:00 2001 From: Caroline Russell Date: Fri, 23 Feb 2024 14:33:19 -0500 Subject: [PATCH] Fix: Correct error in jmespath expression resulting in erroneous line number entries. Signed-off-by: Caroline Russell --- atom_tools/lib/converter.py | 7 +- test/test_converter.py | 574 ++++++++++++++++++------------------ 2 files changed, 291 insertions(+), 290 deletions(-) diff --git a/atom_tools/lib/converter.py b/atom_tools/lib/converter.py index a9fa93e..83901d6 100644 --- a/atom_tools/lib/converter.py +++ b/atom_tools/lib/converter.py @@ -237,7 +237,7 @@ def query_calls(self, full_name: str, resolved_methods: List[str]) -> List: Returns: list[dict]: List of invoked calls and argument to calls. """ - result = self._query_calls_helper(full_name, '].*[][][]') + result = self._query_calls_helper(full_name) calls = [] for call in result: m = call.get('resolvedMethod', '') @@ -245,18 +245,17 @@ def query_calls(self, full_name: str, resolved_methods: List[str]) -> List: calls.append(call) return calls - def _query_calls_helper(self, full_name: str, call_type_str: str) -> List[Dict]: + def _query_calls_helper(self, full_name: str) -> List[Dict]: """ A function to help query calls. Args: full_name (str): The name of the function to query calls for. - call_type_str (str): The string to append to the calls pattern. Returns: list: The result of searching for the calls pattern in the usages. """ - pattern = f'objectSlices[].usages[?fullName=={json.dumps(full_name)}{call_type_str}' + pattern = f'objectSlices[?fullName==`{json.dumps(full_name)}`].usages[].*[][]' compiled_pattern = jmespath.compile(pattern) return compiled_pattern.search(self.usages.content) diff --git a/test/test_converter.py b/test/test_converter.py index d5b9c5c..41128c3 100644 --- a/test/test_converter.py +++ b/test/test_converter.py @@ -435,261 +435,262 @@ def test_usages_class(java_usages_1): def test_convert_usages(java_usages_1, java_usages_2, js_usages_1, js_usages_2, py_usages_1, py_usages_2): - assert java_usages_1.convert_usages() == {'/': {'post': {'responses': {}}, - 'x-atom-usages': {'com.piggymetrics.account.controller.AccountController.createNewAccount': [35]}}, - '/accounts/{accountName}': {'get': {'responses': {}}, - 'parameters': [{'in': 'path', - 'name': 'accountName', - 'required': True}], - 'x-atom-usages': {'com.piggymetrics.notification.client.AccountServiceClient.getAccount': [12]}}, - '/current': {'get': {'responses': {}}, - 'put': {'responses': {}}, - 'x-atom-usages': {'com.piggymetrics.statistics.controller.StatisticsController.getCurrentAccountStatistics': [20, - 22]}}, - '/latest': {'get': {'responses': {}}, - 'x-atom-usages': {'com.piggymetrics.statistics.client.ExchangeRatesClient.getRates': [13]}}, - '/statistics/{accountName}': {'parameters': [{'in': 'path', - 'name': 'accountName', - 'required': True}], - 'put': {'responses': {}}, - 'x-atom-usages': {'com.piggymetrics.account.client.StatisticsServiceClient.updateStatistics': [13]}}, - '/uaa/users': {'post': {'responses': {}}, - 'x-atom-usages': {'com.piggymetrics.account.client.AuthServiceClient.createUser': [12]}}, - '/{accountName}': {'get': {'responses': {}}, - 'parameters': [{'in': 'path', - 'name': 'accountName', - 'required': True}], - 'put': {'responses': {}}, - 'x-atom-usages': {'com.piggymetrics.statistics.controller.StatisticsController.saveAccountStatistics': [32]}}, - '/{name}': {'get': {'responses': {}}, - 'parameters': [{'in': 'path', 'name': 'name', 'required': True}], - 'x-atom-usages': {'com.piggymetrics.account.controller.AccountController.getAccountByName': [20]}}} - assert java_usages_2.convert_usages() == {'/': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.Test.Index': [15]}}, - '/*': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.Cors.vuls3': [41]}}, - '/Digester/sec': {'post': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.XXE.DigesterSec': [213]}}, - '/Digester/vuln': {'post': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.XXE.DigesterVuln': [198]}}, - '/DocumentBuilder/Sec': {'post': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.XXE.DocumentBuilderSec': [263]}}, - '/DocumentBuilder/vuln': {'post': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.XXE.DocumentBuilderVuln': [236]}}, - '/DocumentBuilder/xinclude/sec': {'post': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.XXE.DocumentBuilderXincludeSec': [312]}}, - '/DocumentBuilder/xinclude/vuln': {'post': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.XXE.DocumentBuilderXincludeVuln': [286]}}, - '/DocumentHelper/vuln': {'post': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.XXE.DocumentHelper': [388]}}, - '/HttpSyncClients/vuln': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.SSRF.HttpSyncClients': [265]}}, - '/HttpURLConnection/sec': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.SSRF.httpURLConnection': [74]}}, - '/HttpURLConnection/vuln': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.SSRF.httpURLConnectionVuln': [87]}}, - '/IOUtils/sec': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.SSRF.IOUtils': [246]}}, - '/ImageIO/sec': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.SSRF.ImageIO': [153]}}, - '/Jsoup/sec': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.SSRF.Jsoup': [226]}}, - '/ProcessBuilder': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.Rce.processBuilder': [64]}}, - '/SAXBuilder/sec': {'post': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.XXE.SAXBuilderSec': [102]}}, - '/SAXBuilder/vuln': {'post': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.XXE.SAXBuilderVuln': [86]}}, - '/SAXParser/sec': {'post': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.XXE.SAXParserSec': [178]}}, - '/SAXParser/vuln': {'post': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.XXE.SAXParserVuln': [160]}}, - '/SAXReader/sec': {'post': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.XXE.SAXReaderSec': [141]}}, - '/SAXReader/vuln': {'post': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.XXE.SAXReaderVuln': [123]}}, - '/XMLReader/sec': {'post': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.XXE.XMLReaderSec': [362]}}, - '/XMLReader/vuln': {'post': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.XXE.XMLReaderVuln': [342]}}, - '/aa': {'x-atom-usages': {'org.joychou.controller.Test.test': [27]}}, - '/any': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.FileUpload.index': [39]}}, - '/appInfo': {'x-atom-usages': {'org.joychou.controller.Index.appInfo': [24]}}, - '/application/javascript': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.Jsonp.safecode': [102]}}, - '/classloader': {'x-atom-usages': {'org.joychou.controller.ClassDataLoader.classData': [15]}}, - '/codeinject': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.CommandInject.codeInject': [24]}}, - '/codeinject/host': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.CommandInject.codeInjectHost': [39]}}, - '/codeinject/sec': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.CommandInject.codeInjectSec': [51]}}, - '/commonsHttpClient/sec': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.SSRF.commonsHttpClient': [207]}}, - '/createToken': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.Jwt.createToken': [31]}}, - '/deserialize': {'post': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.Fastjson.Deserialize': [17]}}, - '/dnsrebind/vuln': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.SSRF.DnsRebind': [308]}}, - '/exclued/vuln': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.GetRequestURI.exclued': [34]}}, - '/fastjsonp/getToken': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.Jsonp.getCsrfToken2': [128]}}, - '/forward': {'x-atom-usages': {'org.joychou.controller.URLRedirect.forward': [64]}}, - '/getName': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.Jwt.getNickname': [56]}}, - '/getToken': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.Jsonp.getCsrfToken1': [118]}}, - '/groovy': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.Rce.groovyshell': [128]}}, - '/httpclient/sec': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.SSRF.HttpClient': [187]}}, - '/hutool/vuln': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.SSRF.hutoolHttp': [298]}}, - '/index': {'x-atom-usages': {'org.joychou.controller.Index.index': [46]}}, - '/jdbc/ps/vuln': {'x-atom-usages': {'org.joychou.controller.SQLI.jdbc_ps_vuln': [138]}}, - '/jdbc/sec': {'x-atom-usages': {'org.joychou.controller.SQLI.jdbc_sqli_sec': [94]}}, - '/jdbc/vuln': {'x-atom-usages': {'org.joychou.controller.SQLI.jdbc_sqli_vul': [51]}}, - '/jscmd': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.Rce.jsEngine': [96]}}, - '/log4j': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.Log4j.log4j': [19]}}, - '/login': {'x-atom-usages': {'org.joychou.controller.Login.login': [22]}}, - '/logout': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.Login.logoutPage': [27]}}, - '/mybatis/orderby/sec04': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.SQLI.mybatisOrderBySec04': [240]}}, - '/mybatis/orderby/vuln03': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.SQLI.mybatisVuln03': [201]}}, - '/mybatis/sec01': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.SQLI.mybatisSec01': [211]}}, - '/mybatis/sec02': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.SQLI.mybatisSec02': [220]}}, - '/mybatis/sec03': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.SQLI.mybatisSec03': [230]}}, - '/mybatis/vuln01': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.SQLI.mybatisVuln01': [181]}}, - '/mybatis/vuln02': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.SQLI.mybatisVuln02': [191]}}, - '/noproxy': {'x-atom-usages': {'org.joychou.controller.IPForge.noProxy': [20]}}, - '/object2jsonp': {'x-atom-usages': {'org.joychou.controller.Jsonp.advice': [76]}}, - '/okhttp/sec': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.SSRF.okhttp': [168]}}, - '/openStream': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.SSRF.openStream': [118]}}, - '/path_traversal/sec': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.PathTraversal.getImageSec': [29]}}, - '/path_traversal/vul': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.PathTraversal.getImage': [24]}}, - '/pic': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.FileUpload.uploadPic': [45]}}, - '/post': {'post': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.CSRF.post': [24]}}, - '/postgresql': {'post': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.Rce.postgresql': [137]}}, - '/proxy': {'x-atom-usages': {'org.joychou.controller.IPForge.proxy': [31]}}, - '/readxlsx': {'post': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.othervulns.xlsxStreamerXXE.xllx_streamer_xxe': [35, - 43]}}, - '/redirect': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.URLRedirect.redirect': [31]}}, - '/reflect': {'x-atom-usages': {'org.joychou.controller.XSS.reflect': [27]}}, - '/rememberMe/security': {'x-atom-usages': {'org.joychou.controller.Deserialize.rememberMeBlackClassCheck': [60]}}, - '/rememberMe/vuln': {'x-atom-usages': {'org.joychou.controller.Deserialize.rememberMeVul': [35]}}, - '/request/sec': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.SSRF.request': [97]}}, - '/restTemplate/vuln1': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.SSRF.RestTemplateUrlBanRedirects': [277]}}, - '/restTemplate/vuln2': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.SSRF.RestTemplateUrl': [285]}}, - '/runtime/exec': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.Rce.CommandExec': [31]}}, - '/safe': {'x-atom-usages': {'org.joychou.controller.XSS.safe': [65]}}, - '/safecode': {'x-atom-usages': {'org.joychou.controller.CRLFInjection.crlf': [20]}}, - '/sec': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.URLWhiteList.sec': [125]}}, - '/sec/array_indexOf': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.URLWhiteList.sec_array_indexOf': [151]}}, - '/sec/checkOrigin': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.Cors.seccode': [104]}}, - '/sec/checkReferer': {'x-atom-usages': {'org.joychou.controller.Jsonp.safecode': [102]}}, - '/sec/corsFilter': {'x-atom-usages': {'org.joychou.controller.Cors.getCsrfToken_04': [98]}}, - '/sec/crossOrigin': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.Cors.secCrossOrigin': [54]}}, - '/sec/httpCors': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.Cors.getCsrfToken_02': [76]}}, - '/sec/originFilter': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.Cors.getCsrfToken_03': [87]}}, - '/sec/webMvcConfigurer': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.Cors.getCsrfToken_01': [65]}}, - '/sec/yarm': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.Rce.secYarm': [118]}}, - '/sendRedirect': {'x-atom-usages': {'org.joychou.controller.URLRedirect.sendRedirect': [52]}}, - '/sendRedirect/sec': {'x-atom-usages': {'org.joychou.controller.URLRedirect.sendRedirect_seccode': [81]}}, - '/setHeader': {'head': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.URLRedirect.setHeader': [40]}}, - '/spel/vuln': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.SpEL.rce': [24]}}, - '/status': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.FileUpload.uploadStatus': [76]}}, - '/stored/show': {'x-atom-usages': {'org.joychou.controller.XSS.show': [55]}}, - '/stored/store': {'x-atom-usages': {'org.joychou.controller.XSS.store': [40]}}, - '/upload': {'get': {'responses': {}}, - 'post': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.othervulns.xlsxStreamerXXE.index': [29, - 37]}}, - '/upload/picture': {'post': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.FileUpload.uploadPicture': [82]}}, - '/urlConnection/sec': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.SSRF.URLConnectionSec': [50]}}, - '/urlConnection/vuln': {'get': {'responses': {}}, - 'post': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.SSRF.URLConnectionVuln': [44]}}, - '/velocity': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.SSTI.velocity': [26]}}, - '/vuln/contains': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.URLWhiteList.contains': [56]}}, - '/vuln/crossOrigin': {'x-atom-usages': {'org.joychou.controller.Cors.vuls3': [42]}}, - '/vuln/emptyReferer': {'x-atom-usages': {'org.joychou.controller.Jsonp.emptyReferer': [57]}}, - '/vuln/endsWith': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.URLWhiteList.endsWith': [36]}}, - '/vuln/mappingJackson2JsonView': {'x-atom-usages': {'org.joychou.controller.Jsonp.mappingJackson2JsonView': [89]}}, - '/vuln/origin': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.Cors.vuls1': [25]}}, - '/vuln/referer': {'x-atom-usages': {'org.joychou.controller.Jsonp.referer': [45]}}, - '/vuln/regex': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.URLWhiteList.regex': [74]}}, - '/vuln/setHeader': {'get': {'responses': {}}, - 'head': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.Cors.vuls2': [33]}}, - '/vuln/url_bypass': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.URLWhiteList.url_bypass': [98]}}, - '/vuln/yarm': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.Rce.yarm': [112]}}, - '/vuln01': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.Cookies.vuln01': [25]}}, - '/vuln02': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.Cookies.vuln02': [32]}}, - '/vuln03': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.Cookies.vuln03': [45]}}, - '/vuln04': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.Cookies.vuln04': [61]}}, - '/vuln05': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.Cookies.vuln05': [76]}}, - '/vuln06': {'get': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.Cookies.vuln06': [82]}}, - '/websocket/cmd': {'x-atom-usages': {'org.joychou.controller.WebSockets.cmdInject': [30]}}, - '/websocket/proxy': {'x-atom-usages': {'org.joychou.controller.WebSockets.proxyInject': [53]}}, - '/xmlReader/sec': {'post': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.XXE.xmlReaderSec': [63]}}, - '/xmlReader/vuln': {'post': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.XXE.xmlReaderVuln': [48]}}, - '/xmlbeam/vuln': {'post': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.XXE.post': [419]}}, - '/xstream': {'post': {'responses': {}}, - 'x-atom-usages': {'org.joychou.controller.XStreamRce.parseXml': [23]}}} + assert java_usages_1.convert_usages() == { + '/': {'post': {'responses': {}}, + 'x-atom-usages': {'com.piggymetrics.account.controller.AccountController.createNewAccount': [35]}}, + '/accounts/{accountName}': {'get': {'responses': {}}, + 'parameters': [{'in': 'path', + 'name': 'accountName', + 'required': True}], + 'x-atom-usages': {'com.piggymetrics.notification.client.AccountServiceClient.getAccount': [12]}}, + '/current': {'get': {'responses': {}}, + 'put': {'responses': {}}, + 'x-atom-usages': {'com.piggymetrics.statistics.controller.StatisticsController.getCurrentAccountStatistics': [20]}}, + '/latest': {'get': {'responses': {}}, + 'x-atom-usages': {'com.piggymetrics.statistics.client.ExchangeRatesClient.getRates': [13]}}, + '/statistics/{accountName}': {'parameters': [{'in': 'path', + 'name': 'accountName', + 'required': True}], + 'put': {'responses': {}}, + 'x-atom-usages': {'com.piggymetrics.account.client.StatisticsServiceClient.updateStatistics': [13]}}, + '/uaa/users': {'post': {'responses': {}}, + 'x-atom-usages': {'com.piggymetrics.account.client.AuthServiceClient.createUser': [12]}}, + '/{accountName}': {'get': {'responses': {}}, + 'parameters': [{'in': 'path', + 'name': 'accountName', + 'required': True}], + 'put': {'responses': {}}, + 'x-atom-usages': {'com.piggymetrics.statistics.controller.StatisticsController.saveAccountStatistics': [32]}}, + '/{name}': {'get': {'responses': {}}, + 'parameters': [{'in': 'path', 'name': 'name', 'required': True}], + 'x-atom-usages': {'com.piggymetrics.account.controller.AccountController.getAccountByName': [20]}} + } + assert java_usages_2.convert_usages() == { + '/': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.Test.Index': [15]}}, + '/*': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.Cors.vuls3': [41]}}, + '/Digester/sec': {'post': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.XXE.DigesterSec': [213]}}, + '/Digester/vuln': {'post': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.XXE.DigesterVuln': [198]}}, + '/DocumentBuilder/Sec': {'post': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.XXE.DocumentBuilderSec': [263]}}, + '/DocumentBuilder/vuln': {'post': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.XXE.DocumentBuilderVuln': [236]}}, + '/DocumentBuilder/xinclude/sec': {'post': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.XXE.DocumentBuilderXincludeSec': [312]}}, + '/DocumentBuilder/xinclude/vuln': {'post': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.XXE.DocumentBuilderXincludeVuln': [286]}}, + '/DocumentHelper/vuln': {'post': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.XXE.DocumentHelper': [388]}}, + '/HttpSyncClients/vuln': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.SSRF.HttpSyncClients': [265]}}, + '/HttpURLConnection/sec': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.SSRF.httpURLConnection': [74]}}, + '/HttpURLConnection/vuln': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.SSRF.httpURLConnectionVuln': [87]}}, + '/IOUtils/sec': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.SSRF.IOUtils': [246]}}, + '/ImageIO/sec': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.SSRF.ImageIO': [153]}}, + '/Jsoup/sec': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.SSRF.Jsoup': [226]}}, + '/ProcessBuilder': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.Rce.processBuilder': [64]}}, + '/SAXBuilder/sec': {'post': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.XXE.SAXBuilderSec': [102]}}, + '/SAXBuilder/vuln': {'post': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.XXE.SAXBuilderVuln': [86]}}, + '/SAXParser/sec': {'post': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.XXE.SAXParserSec': [178]}}, + '/SAXParser/vuln': {'post': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.XXE.SAXParserVuln': [160]}}, + '/SAXReader/sec': {'post': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.XXE.SAXReaderSec': [141]}}, + '/SAXReader/vuln': {'post': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.XXE.SAXReaderVuln': [123]}}, + '/XMLReader/sec': {'post': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.XXE.XMLReaderSec': [362]}}, + '/XMLReader/vuln': {'post': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.XXE.XMLReaderVuln': [342]}}, + '/aa': {'x-atom-usages': {'org.joychou.controller.Test.test': [27]}}, + '/any': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.FileUpload.index': [39]}}, + '/appInfo': {'x-atom-usages': {'org.joychou.controller.Index.appInfo': [24]}}, + '/application/javascript': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.Jsonp.safecode': [102]}}, + '/classloader': {'x-atom-usages': {'org.joychou.controller.ClassDataLoader.classData': [15]}}, + '/codeinject': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.CommandInject.codeInject': [24]}}, + '/codeinject/host': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.CommandInject.codeInjectHost': [39]}}, + '/codeinject/sec': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.CommandInject.codeInjectSec': [51]}}, + '/commonsHttpClient/sec': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.SSRF.commonsHttpClient': [207]}}, + '/createToken': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.Jwt.createToken': [31]}}, + '/deserialize': {'post': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.Fastjson.Deserialize': [17]}}, + '/dnsrebind/vuln': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.SSRF.DnsRebind': [308]}}, + '/exclued/vuln': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.GetRequestURI.exclued': [34]}}, + '/fastjsonp/getToken': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.Jsonp.getCsrfToken2': [128]}}, + '/forward': {'x-atom-usages': {'org.joychou.controller.URLRedirect.forward': [64]}}, + '/getName': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.Jwt.getNickname': [56]}}, + '/getToken': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.Jsonp.getCsrfToken1': [118]}}, + '/groovy': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.Rce.groovyshell': [128]}}, + '/httpclient/sec': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.SSRF.HttpClient': [187]}}, + '/hutool/vuln': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.SSRF.hutoolHttp': [298]}}, + '/index': {'x-atom-usages': {'org.joychou.controller.Index.index': [46]}}, + '/jdbc/ps/vuln': {'x-atom-usages': {'org.joychou.controller.SQLI.jdbc_ps_vuln': [138]}}, + '/jdbc/sec': {'x-atom-usages': {'org.joychou.controller.SQLI.jdbc_sqli_sec': [94]}}, + '/jdbc/vuln': {'x-atom-usages': {'org.joychou.controller.SQLI.jdbc_sqli_vul': [51]}}, + '/jscmd': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.Rce.jsEngine': [96]}}, + '/log4j': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.Log4j.log4j': [19]}}, + '/login': {'x-atom-usages': {'org.joychou.controller.Login.login': [22]}}, + '/logout': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.Login.logoutPage': [27]}}, + '/mybatis/orderby/sec04': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.SQLI.mybatisOrderBySec04': [240]}}, + '/mybatis/orderby/vuln03': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.SQLI.mybatisVuln03': [201]}}, + '/mybatis/sec01': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.SQLI.mybatisSec01': [211]}}, + '/mybatis/sec02': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.SQLI.mybatisSec02': [220]}}, + '/mybatis/sec03': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.SQLI.mybatisSec03': [230]}}, + '/mybatis/vuln01': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.SQLI.mybatisVuln01': [181]}}, + '/mybatis/vuln02': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.SQLI.mybatisVuln02': [191]}}, + '/noproxy': {'x-atom-usages': {'org.joychou.controller.IPForge.noProxy': [20]}}, + '/object2jsonp': {'x-atom-usages': {'org.joychou.controller.Jsonp.advice': [76]}}, + '/okhttp/sec': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.SSRF.okhttp': [168]}}, + '/openStream': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.SSRF.openStream': [118]}}, + '/path_traversal/sec': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.PathTraversal.getImageSec': [29]}}, + '/path_traversal/vul': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.PathTraversal.getImage': [24]}}, + '/pic': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.FileUpload.uploadPic': [45]}}, + '/post': {'post': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.CSRF.post': [24]}}, + '/postgresql': {'post': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.Rce.postgresql': [137]}}, + '/proxy': {'x-atom-usages': {'org.joychou.controller.IPForge.proxy': [31]}}, + '/readxlsx': {'post': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.othervulns.xlsxStreamerXXE.xllx_streamer_xxe': [35]}}, + '/redirect': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.URLRedirect.redirect': [31]}}, + '/reflect': {'x-atom-usages': {'org.joychou.controller.XSS.reflect': [27]}}, + '/rememberMe/security': {'x-atom-usages': {'org.joychou.controller.Deserialize.rememberMeBlackClassCheck': [60]}}, + '/rememberMe/vuln': {'x-atom-usages': {'org.joychou.controller.Deserialize.rememberMeVul': [35]}}, + '/request/sec': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.SSRF.request': [97]}}, + '/restTemplate/vuln1': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.SSRF.RestTemplateUrlBanRedirects': [277]}}, + '/restTemplate/vuln2': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.SSRF.RestTemplateUrl': [285]}}, + '/runtime/exec': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.Rce.CommandExec': [31]}}, + '/safe': {'x-atom-usages': {'org.joychou.controller.XSS.safe': [65]}}, + '/safecode': {'x-atom-usages': {'org.joychou.controller.CRLFInjection.crlf': [20]}}, + '/sec': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.URLWhiteList.sec': [125]}}, + '/sec/array_indexOf': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.URLWhiteList.sec_array_indexOf': [151]}}, + '/sec/checkOrigin': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.Cors.seccode': [104]}}, + '/sec/checkReferer': {'x-atom-usages': {'org.joychou.controller.Jsonp.safecode': [102]}}, + '/sec/corsFilter': {'x-atom-usages': {'org.joychou.controller.Cors.getCsrfToken_04': [98]}}, + '/sec/crossOrigin': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.Cors.secCrossOrigin': [54]}}, + '/sec/httpCors': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.Cors.getCsrfToken_02': [76]}}, + '/sec/originFilter': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.Cors.getCsrfToken_03': [87]}}, + '/sec/webMvcConfigurer': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.Cors.getCsrfToken_01': [65]}}, + '/sec/yarm': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.Rce.secYarm': [118]}}, + '/sendRedirect': {'x-atom-usages': {'org.joychou.controller.URLRedirect.sendRedirect': [52]}}, + '/sendRedirect/sec': {'x-atom-usages': {'org.joychou.controller.URLRedirect.sendRedirect_seccode': [81]}}, + '/setHeader': {'head': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.URLRedirect.setHeader': [40]}}, + '/spel/vuln': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.SpEL.rce': [24]}}, + '/status': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.FileUpload.uploadStatus': [76]}}, + '/stored/show': {'x-atom-usages': {'org.joychou.controller.XSS.show': [55]}}, + '/stored/store': {'x-atom-usages': {'org.joychou.controller.XSS.store': [40]}}, + '/upload': {'get': {'responses': {}}, + 'post': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.othervulns.xlsxStreamerXXE.index': [29]}}, + '/upload/picture': {'post': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.FileUpload.uploadPicture': [82]}}, + '/urlConnection/sec': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.SSRF.URLConnectionSec': [50]}}, + '/urlConnection/vuln': {'get': {'responses': {}}, + 'post': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.SSRF.URLConnectionVuln': [44]}}, + '/velocity': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.SSTI.velocity': [26]}}, + '/vuln/contains': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.URLWhiteList.contains': [56]}}, + '/vuln/crossOrigin': {'x-atom-usages': {'org.joychou.controller.Cors.vuls3': [42]}}, + '/vuln/emptyReferer': {'x-atom-usages': {'org.joychou.controller.Jsonp.emptyReferer': [57]}}, + '/vuln/endsWith': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.URLWhiteList.endsWith': [36]}}, + '/vuln/mappingJackson2JsonView': {'x-atom-usages': {'org.joychou.controller.Jsonp.mappingJackson2JsonView': [89]}}, + '/vuln/origin': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.Cors.vuls1': [25]}}, + '/vuln/referer': {'x-atom-usages': {'org.joychou.controller.Jsonp.referer': [45]}}, + '/vuln/regex': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.URLWhiteList.regex': [74]}}, + '/vuln/setHeader': {'get': {'responses': {}}, + 'head': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.Cors.vuls2': [33]}}, + '/vuln/url_bypass': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.URLWhiteList.url_bypass': [98]}}, + '/vuln/yarm': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.Rce.yarm': [112]}}, + '/vuln01': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.Cookies.vuln01': [25]}}, + '/vuln02': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.Cookies.vuln02': [32]}}, + '/vuln03': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.Cookies.vuln03': [45]}}, + '/vuln04': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.Cookies.vuln04': [61]}}, + '/vuln05': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.Cookies.vuln05': [76]}}, + '/vuln06': {'get': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.Cookies.vuln06': [82]}}, + '/websocket/cmd': {'x-atom-usages': {'org.joychou.controller.WebSockets.cmdInject': [30]}}, + '/websocket/proxy': {'x-atom-usages': {'org.joychou.controller.WebSockets.proxyInject': [53]}}, + '/xmlReader/sec': {'post': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.XXE.xmlReaderSec': [63]}}, + '/xmlReader/vuln': {'post': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.XXE.xmlReaderVuln': [48]}}, + '/xmlbeam/vuln': {'post': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.XXE.post': [419]}}, + '/xstream': {'post': {'responses': {}}, + 'x-atom-usages': {'org.joychou.controller.XStreamRce.parseXml': [23]}} + } assert len(js_usages_1.convert_usages()) == 142 assert len(js_usages_2.convert_usages()) == 21 assert py_usages_2.convert_usages() == {'/': {}, @@ -753,36 +754,37 @@ def test_convert_usages2(py_usages_1): def test_endpoints_to_openapi(java_usages_1): - assert java_usages_1.endpoints_to_openapi() == {'info': {'title': 'OpenAPI Specification for data', 'version': '1.0.0'}, - 'openapi': '3.1.0', - 'paths': {'/': {'post': {'responses': {}}, - 'x-atom-usages': {'com.piggymetrics.account.controller.AccountController.createNewAccount': [35]}}, - '/accounts/{accountName}': {'get': {'responses': {}}, - 'parameters': [{'in': 'path', - 'name': 'accountName', - 'required': True}], - 'x-atom-usages': {'com.piggymetrics.notification.client.AccountServiceClient.getAccount': [12]}}, - '/current': {'get': {'responses': {}}, - 'put': {'responses': {}}, - 'x-atom-usages': {'com.piggymetrics.statistics.controller.StatisticsController.getCurrentAccountStatistics': [20, - 22]}}, - '/latest': {'get': {'responses': {}}, - 'x-atom-usages': {'com.piggymetrics.statistics.client.ExchangeRatesClient.getRates': [13]}}, - '/statistics/{accountName}': {'parameters': [{'in': 'path', - 'name': 'accountName', - 'required': True}], - 'put': {'responses': {}}, - 'x-atom-usages': {'com.piggymetrics.account.client.StatisticsServiceClient.updateStatistics': [13]}}, - '/uaa/users': {'post': {'responses': {}}, - 'x-atom-usages': {'com.piggymetrics.account.client.AuthServiceClient.createUser': [12]}}, - '/{accountName}': {'get': {'responses': {}}, + assert java_usages_1.endpoints_to_openapi() == { + 'info': {'title': 'OpenAPI Specification for data', 'version': '1.0.0'}, + 'openapi': '3.1.0', + 'paths': {'/': {'post': {'responses': {}}, + 'x-atom-usages': {'com.piggymetrics.account.controller.AccountController.createNewAccount': [35]}}, + '/accounts/{accountName}': {'get': {'responses': {}}, + 'parameters': [{'in': 'path', + 'name': 'accountName', + 'required': True}], + 'x-atom-usages': {'com.piggymetrics.notification.client.AccountServiceClient.getAccount': [12]}}, + '/current': {'get': {'responses': {}}, + 'put': {'responses': {}}, + 'x-atom-usages': {'com.piggymetrics.statistics.controller.StatisticsController.getCurrentAccountStatistics': [20]}}, + '/latest': {'get': {'responses': {}}, + 'x-atom-usages': {'com.piggymetrics.statistics.client.ExchangeRatesClient.getRates': [13]}}, + '/statistics/{accountName}': {'parameters': [{'in': 'path', + 'name': 'accountName', + 'required': True}], + 'put': {'responses': {}}, + 'x-atom-usages': {'com.piggymetrics.account.client.StatisticsServiceClient.updateStatistics': [13]}}, + '/uaa/users': {'post': {'responses': {}}, + 'x-atom-usages': {'com.piggymetrics.account.client.AuthServiceClient.createUser': [12]}}, + '/{accountName}': {'get': {'responses': {}}, + 'parameters': [{'in': 'path', + 'name': 'accountName', + 'required': True}], + 'put': {'responses': {}}, + 'x-atom-usages': {'com.piggymetrics.statistics.controller.StatisticsController.saveAccountStatistics': [32]}}, + '/{name}': {'get': {'responses': {}}, 'parameters': [{'in': 'path', - 'name': 'accountName', + 'name': 'name', 'required': True}], - 'put': {'responses': {}}, - 'x-atom-usages': {'com.piggymetrics.statistics.controller.StatisticsController.saveAccountStatistics': [32]}}, - '/{name}': {'get': {'responses': {}}, - 'parameters': [{'in': 'path', - 'name': 'name', - 'required': True}], - 'x-atom-usages': {'com.piggymetrics.account.controller.AccountController.getAccountByName': [20]}}}} + 'x-atom-usages': {'com.piggymetrics.account.controller.AccountController.getAccountByName': [20]}}} + }