Added rules file for OWASP's benchmark 13

marek-trtik · marek-trtik · commit 8a3b7d855757 · 2017-04-19T09:16:49.000+01:00
diff --git a/benchmarks/TRAINING/OWASP/BenchmarkTest00013_rules.json b/benchmarks/TRAINING/OWASP/BenchmarkTest00013_rules.json
@@ -0,0 +1,76 @@
+{
+  "namespace": "diffblue",
+  "rules":
+    [
+      {
+        "comment": "Headers returned from ServletRequest can be tainted.",
+        "class": "javax.servlet.http.HttpServletRequest",
+        "method": "getHeaders:(Ljava/lang/String;)Ljava/util/Enumeration;",
+        "result": {
+          "location": "returns",
+          "taint": "java.util.Enumeration<String>"
+        }
+      },
+      {
+        "comment": "Enumerating header strings yields tainted strings.",
+        "class": "java.util.Enumeration",
+        "method": "nextElement:()Ljava/lang/Object;",
+        "input": {
+          "location": "this",
+          "taint": "java.util.Enumeration<String>"
+        },
+        "result": {
+          "location": "returns",
+          "taint": "java.lang.String"
+        }
+      },
+      {
+        "comment": "Decoding a header string yields a tainted data string.",
+        "class": "java.net.URLDecoder",
+        "method": "decode:(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;",
+        "input": {
+          "location": "arg0",
+          "taint": "java.lang.String"
+        },
+        "result": {
+          "location": "returns",
+          "taint": "java.lang.String"
+        }
+      },
+      {
+        "comment": "PrintWriter retrieved from ServletResponse is vulnerable.",
+        "class": "javax.servlet.http.HttpServletResponse",
+        "method": "getWriter:()Ljava/io/PrintWriter;",
+        "result": {
+          "location": "returns",
+          "taint": "java.io.PrintWriter"
+        }
+      },
+      {
+        "comment": "Writing HTML header with a tainted data string.",
+        "class": "javax.servlet.http.HttpServletResponse",
+        "method": "setHeader:(Ljava/lang/String;Ljava/lang/String;)V",
+        "input": {
+          "location": "arg1",
+          "taint": "java.lang.String"
+        },
+        "sinkTarget": {
+          "location": "this",
+          "taint": "UNKNOWN"
+        }
+      },
+      {
+        "comment": "Writing HTML header with a tainted data string.",
+        "class": "java.io.PrintWriter",
+        "method": "format:(Ljava/util/Locale;Ljava/lang/String;[Ljava/lang/Object;)Ljava/io/PrintWriter;",
+        "input": {
+          "location": "arg2",
+          "taint": "java.lang.String"
+        },
+        "sinkTarget": {
+          "location": "this",
+          "taint": "java.io.PrintWriter"
+        }
+      }
+    ]
+}
