-
Notifications
You must be signed in to change notification settings - Fork 19
-
实现效果
- 筛选满足自定义条件的source
- 设置source为ptiant入口
- 自定义sink危险函数
- 输出函数调用路径及污点传播路径
以webgoat为例,设置满足一下条件的method为source,其参数为污点
- RestController
- RequestMapping
定义sink危险函数如
- Runtime.getRuntime.exec
- Process.start
- new File()
输出函数调用路径及污点传播路径
TODO
请师傅补充规则
Beta Was this translation helpful? Give feedback.
All reactions
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment