Merge pull request diffblue#474 from diffblue/owen-jones-diffblue/fix-benchmark-shell-scripts

owen-jones-diffblue · web-flow · commit f7f5102d49c8 · 2018-06-27T11:25:57.000+01:00
SEC-471: fix benchmark shell scripts
diff --git a/benchmarks/GENUINE/Ginco_files/0001-Reverting-XSS-issue-and-adding-generation-of-jar.patch b/benchmarks/GENUINE/Ginco_files/0001-Reverting-XSS-issue-and-adding-generation-of-jar.patch
@@ -26,8 +26,8 @@ diff -ur Ginco/ginco-admin/src/main/java/fr/mcc/ginco/rest/services/ImportRestSe
  		response.setExternalConceptIds(externalConceptIds);
  		ObjectMapper mapper = new ObjectMapper();
  		String serialized = mapper.writeValueAsString(new ExtJsonFormLoadData(response));
-- 		return StringEscapeUtils.unescapeHtml4(serialized);
-+ 		return serialized;
+-		return StringEscapeUtils.unescapeHtml4(serialized);
++		return serialized;
  	}
  
  	/**
diff --git a/benchmarks/GENUINE/WebGoat.sh b/benchmarks/GENUINE/WebGoat.sh
@@ -5,8 +5,8 @@ if [ -z "$SECURITY_SCANNER_HOME" ]; then
     exit 1
 fi
 
-LESSONS_WHICH_WORK='webgoat-run-SqlInjectionLesson5a webgoat-run-SqlInjectionLesson5b webgoat-run-SqlInjectionLesson6a webgoat-run-SqlInjectionLesson12a webgoat-run-SqlInjectionChallenge webgoat-run-Assignment5 webgoat-run-Assignment6 webgoat-run-CrossSiteScriptingLesson5a webgoat-run-SimpleXXE webgoat-run-BlindSendFileAssignment'
-LESSONS_WHICH_DO_NOT_WORK='webgoat-run-CrossSiteScriptingLesson5a webgoat-run-Assignment3 webgoat-run-ContentTypeAssignment webgoat-run-VulnerableComponentsLesson webgoat-run-MissingFunctionACUsers'
+LESSONS_WHICH_WORK='SqlInjectionLesson5a SqlInjectionLesson5b SqlInjectionLesson6a SqlInjectionLesson12a SqlInjectionChallenge Assignment5 Assignment6 CrossSiteScriptingLesson5a SimpleXXE BlindSendFileAssignment'
+LESSONS_WHICH_DO_NOT_WORK='CrossSiteScriptingLesson5a Assignment3 ContentTypeAssignment VulnerableComponentsLesson MissingFunctionACUsers'
 
 set -u
 set -x
diff --git a/benchmarks/GENUINE/WebGoat_files/Main.java b/benchmarks/GENUINE/WebGoat_files/Main.java
@@ -77,14 +77,14 @@ public static void main(String[] args) {
     public static void SqlInjectionLesson5a(String[] args) {
         // WebGoat/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson5a.java
         String test = makeTainted("dave");
-        SqlInjectionLesson5a obj = CProver.nondetWithNull();
+        SqlInjectionLesson5a obj = CProver.nondetWithNull((SqlInjectionLesson5a)null);
         obj.completed(test);
     }
 
     public static void SqlInjectionLesson5b(String[] args) {
         // WebGoat/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson5b.java
         String test = makeTainted("dave");
-        SqlInjectionLesson5b obj = CProver.nondetWithNull();
+        SqlInjectionLesson5b obj = CProver.nondetWithNull((SqlInjectionLesson5b)null);
         try {
             obj.completed(test, null);
         }
@@ -95,7 +95,7 @@ public static void SqlInjectionLesson5b(String[] args) {
     public static void SqlInjectionLesson6a(String[] args) {
         // WebGoat/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson6a.java
         String test = makeTainted(args[0]);
-        SqlInjectionLesson6a obj = CProver.nondetWithNull();
+        SqlInjectionLesson6a obj = CProver.nondetWithNull((SqlInjectionLesson6a)null);
         try {
             obj.completed(test);
         }
@@ -106,7 +106,7 @@ public static void SqlInjectionLesson6a(String[] args) {
     public static void SqlInjectionLesson12a(String[] args) {
         // WebGoat/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/mitigation/SqlInjectionLesson12a.java
         String arg0 = makeTainted(args[0]);
-        SqlInjectionLesson12a obj = CProver.nondetWithNull();
+        SqlInjectionLesson12a obj = CProver.nondetWithNull((SqlInjectionLesson12a)null);
         try {
             obj.completed(arg0);
         }
@@ -119,7 +119,7 @@ public static void SqlInjectionChallenge(String[] args) {
         String arg0 = makeTainted(args[0]);
         String arg1 = makeTainted(args[1]);
         String arg2 = makeTainted(args[2]);
-        SqlInjectionChallenge obj = CProver.nondetWithNull();
+        SqlInjectionChallenge obj = CProver.nondetWithNull((SqlInjectionChallenge)null);
         try {
             obj.registerNewUser(arg0, arg1, arg2);
         }
@@ -131,7 +131,7 @@ public static void Assignment5(String[] args) {
         // WebGoat/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge5/challenge6/Assignment5.java
         String arg0 = makeTainted(args[0]);
         String arg1 = makeTainted(args[1]);
-        Assignment5 obj = CProver.nondetWithNull();
+        Assignment5 obj = CProver.nondetWithNull((Assignment5)null);
         try {
             obj.login(arg0, arg1);
         }
@@ -144,7 +144,7 @@ public static void Assignment6(String[] args) {
         String arg0 = makeTainted(args[0]);
         String arg1 = makeTainted(args[1]);
         String arg2 = makeTainted(args[2]);
-        Assignment6 obj = CProver.nondetWithNull();
+        Assignment6 obj = CProver.nondetWithNull((Assignment6)null);
         try {
             obj.registerNewUser(arg0, arg1, arg2);
         }
@@ -155,7 +155,7 @@ public static void Assignment6(String[] args) {
     public static void CrossSiteScriptingLesson5a(String[] args) {
         // WebGoat/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/CrossSiteScriptingLesson5a.java
         String arg0 = makeTainted(args[0]);
-        CrossSiteScriptingLesson5a obj = CProver.nondetWithNull();
+        CrossSiteScriptingLesson5a obj = CProver.nondetWithNull((CrossSiteScriptingLesson5a)null);
         try {
             obj.completed(1, 2, 3, 4, arg0, 5, null);
         }
@@ -167,7 +167,7 @@ public static void Assignment3(String[] args) {
         // WebGoat/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge3/Assignment3.java
         String arg0 = makeTainted(args[0]);
         String arg1 = makeTainted(args[1]);
-        Assignment3 obj = CProver.nondetWithNull();
+        Assignment3 obj = CProver.nondetWithNull((Assignment3)null);
         try {
             obj.createNewComment(arg0, arg1);
         }
@@ -178,7 +178,7 @@ public static void Assignment3(String[] args) {
     public static void SimpleXXE(String[] args) {
         // WebGoat/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/plugin/SimpleXXE.java
         String arg0 = makeTainted(args[0]);
-        SimpleXXE obj = CProver.nondetWithNull();
+        SimpleXXE obj = CProver.nondetWithNull((SimpleXXE)null);
         try {
             obj.createNewComment(arg0);
         }
@@ -190,7 +190,7 @@ public static void ContentTypeAssignment(String[] args) {
         // WebGoat/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/plugin/ContentTypeAssignment.java
         String arg0 = makeTainted(args[0]);
         String arg1 = args[1];
-        ContentTypeAssignment obj = CProver.nondetWithNull();
+        ContentTypeAssignment obj = CProver.nondetWithNull((ContentTypeAssignment)null);
         try {
             obj.createNewUser(arg0, arg1);
         }
@@ -201,7 +201,7 @@ public static void ContentTypeAssignment(String[] args) {
     public static void BlindSendFileAssignment(String[] args) {
         // WebGoat/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/plugin/BlindSendFileAssignment.java
         String arg0 = makeTainted(args[0]);
-        BlindSendFileAssignment obj = CProver.nondetWithNull();
+        BlindSendFileAssignment obj = CProver.nondetWithNull((BlindSendFileAssignment)null);
         try {
             obj.addComment(arg0);
         }
@@ -212,7 +212,7 @@ public static void BlindSendFileAssignment(String[] args) {
     public static void VulnerableComponentsLesson(String[] args) {
         // WebGoat/webgoat-lessons/vulnerable-components/src/main/java/org/owasp/webgoat/plugin/VulnerableComponentsLesson.java
         String arg0 = makeTainted(args[0]);
-        VulnerableComponentsLesson obj = CProver.nondetWithNull();
+        VulnerableComponentsLesson obj = CProver.nondetWithNull((VulnerableComponentsLesson)null);
         try {
             obj.completed(arg0);
         }
@@ -222,8 +222,8 @@ public static void VulnerableComponentsLesson(String[] args) {
 
     public static void MissingFunctionACUsers(String[] args) {
         // WebGoat/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/plugin/MissingFunctionACUsers.java
-        HttpServletRequest arg0 = CProver.nondetWithNull();
-        MissingFunctionACUsers obj = CProver.nondetWithNull();
+        HttpServletRequest arg0 = CProver.nondetWithNull((HttpServletRequest)null);
+        MissingFunctionACUsers obj = CProver.nondetWithNull((MissingFunctionACUsers)null);
         try {
             obj.usersService(arg0);
         }
