1. 首頁
  2. 問答
  3. 查找匹配的字符串,並將其替換爲新列

查找匹配的字符串,並將其替換爲新列

2017-01-05 393 views
1

我試過不同的方法可以將SQL Injection替換爲A00-SQL Injection。有任何想法嗎。查找匹配的字符串,並將其替換爲新列

match.data<-data.frame(Category=c("Cross-Site Request Forgery","SQL Injection","XML External Entity Injection","Password Management: Password in Configuration File", 
         "Open Redirect","Path Manipulation","Often Misused: Authentication","ClassLoader Manipulation: Struts 1","Password Management: Hardcoded Password", 
         "Dynamic Code Evaluation: Code Injection","Cross-Site Scripting: DOM","Dynamic Code Evaluation: JNDI Reference Injection","Dynamic Code Evaluation: Unsafe Deserialization", 
         "Command Injection","XPath Injection","Access Specifier Manipulation","XSLT Injection","Often Misused: File Upload","XML Entity Expansion Injection", 
         "Header Manipulation: Cookies","Cross-Site Scripting: Persistent","Key Management: Hardcoded Encryption Key", 
         "Axis 2 Service Requester Misconfiguration: WS-Security Not Enabled","Axis 2 Misconfiguration: Insecure Message Security", 
         "Axis 2 Misconfiguration: Debug Information","Axis 2 Misconfiguration: Insecure Transport Sender", 
         "Acegi Misconfiguration: Insecure Channel Mixing","Axis 2 Misconfiguration: Insecure Transport Receiver","Header Manipulation","Unreleased Resource: Database", 
         "Key Management: Empty Encryption Key","Log Forging","Unchecked Return Value","System Information Leak: Internal","Poor Error Handling: Overly Broad Catch", 
         "System Information Leak: External","Poor Error Handling: Overly Broad Throws","System Information Leak","Poor Error Handling: Empty Catch Block", 
         "Password Management: Password in Comment","Poor Logging Practice: Use of a System Output Stream","Privacy Violation","Setting Manipulation", 
         "Poor Error Handling: Program Catches NullPointerException","Insecure Randomness","Resource Injection","Unsafe Reflection","Privacy Violation: Heap Inspection", 
         "LDAP Injection","J2EE Bad Practices: Leftover Debug Code","Weak Cryptographic Hash","LDAP Manipulation","Log Forging (debug)","Weak Encryption", 
         "Weak Cryptographic Hash: Insecure PBE Iteration Count","Cross-Site Scripting: Poor Validation","HTTP Verb Tampering","Access Control: Weak Security Constraint", 
         "Header Manipulation: SMTP","Buffer Overflow: Format String","Often Misused: Spring Remote Service","Buffer Overflow","Cross-Site Scripting: Reflected", 
         "Buffer Overflow: Signed Comparison","OGNL Expression Injection: Struts 2","OGNL Expression Injection: Dynamic Method Invocation","Password Management: Password in HTML Form", 
         "OGNL Expression Injection: Double Evaluation","Session Fixation","Password Management: Insecure Submission","Unreleased Resource","Buffer Overflow: Off-by-One", 
         "Password Management: Empty Password","Dynamic Code Evaluation: XMLDecoder Injection","XML Injection","Axis 2 Service Provider Misconfiguration: WS-Security Not Enabled", 
         "File Disclosure: J2EE","Weak SecurityManager Check: Overridable Method","Weak Encryption: Insecure Initialization Vector", 
         "Axis 2 Service Provider Misconfiguration: Outbound WS-Security Not Enabled","Axis 2 Service Provider Misconfiguration: Inbound WS-Security Not Enabled", 
         "Dynamic Code Evaluation: Script Injection","Insecure Transport: Weak SSL Protocol","SQL Injection: iBatis Data Map","Mass Assignment: Sensitive Field Exposure", 
         "Mass Assignment: Insecure Binder Configuration","Dynamic Code Evaluation: Unsafe XStream Deserialization","SQL Injection: Hibernate","File Disclosure: Struts", 
         "Missing XML Validation","J2EE Misconfiguration: Missing Error Handling","J2EE Misconfiguration: Excessive Session Timeout","Weak Encryption: Insecure Mode of Operation", 
         "Poor Error Handling: Return Inside Finally","WCF Misconfiguration: Weak Token","ASP.NET Misconfiguration: Debug Information","Integer Overflow","Insecure Randomness: Weak Entropy Source", 
         "Format String","Out-of-Bounds Read: Off-by-One","Out-of-Bounds Read","Heap Inspection","Often Misused: Privilege Management","Format String: Argument Number Mismatch","Access Control: Database", 
         "Password Management","Format String: Argument Type Mismatch","Weak Encryption: Insufficient Key Size","System Information Leak: HTML Comment in JSP","Trust Boundary Violation", 
         "System Information Leak: Incomplete Servlet Error Handling","Insecure Randomness: User-Controlled Seed","Race Condition: Singleton Member Field", 
         "J2EE Bad Practices: Non-Serializable Object Stored in Session","Password Management: Null Password","JSON Injection","Cookie Security: Overly Broad Path","SQL Injection: Persistence")) 



pattern <- c("SQL injection","injection","Dynamic Code Evaluation","Authentication", 
      "Session Fixation","Cross-Site Scripting","Parameter Pollution","persisted bjects", 
      "Configuration","Exposure","Access","File Inclusion","Cross-Site Request Forgery", 
      "not defined","Open Redirect") 

replace <- c("A00-SQL Injection","A01-Injection","A01-Injection", 
      "A02-Broken Auth & Session Management","A02-Broken Auth & Session Management", 
      "A03-Cross-Site Scripting","A04-Insecure Direct ObjRefs","A04-Insecure Direct ObjRefs", 
      "A05-Security Misconfig","A06-Sensitive Data Exposure","A07-Missing Funct Lvl Access Control", 
      "A07-Missing Funct Lvl Access Control","A08-CSRF","A09-Using Components w/ Known Vulns", 
      "A10-Unvalidated Redirects/Fwds") 

for(x in 1:length(pattern)){ 
    match.data[grepl(pattern[x], match.data$Category, ignore.case = TRUE),"OwaspTop10"] <- replace[x] 
}

預期成果是什麼關係模式SQL Injections必須以價值創造A00-SQL Injection新列。其他所有模式爲Injection的客戶都必須創建值爲A01-Injection的新列。

輸出我得到的,如果你運行的是粘貼 enter image description here

在此先感謝

問題是與SQL Injection代碼。 OwaspTop10專欄應該有A00-SQL Injection

只需要別的東西。如果我在數組末尾添加SQL InjectionA00-SQL Injection的映射。我得到正確的輸出 enter image description here

注:第2行具有正確的映射

來源

2017-01-05 Lee S

+0

,如果有一些不具備'SQL Injections'或'Injection'應該是什麼新列的值? – ggsdc

+0

模式和替換之間有一對一映射。 pattern和replace的長度是15.例如,這個'Cross-Site Scripting'將被替換爲'A03-Cross-Site Scripting'。另一個例子'動態代碼評估'將被替換爲'注入' –

+0

當你有一個條目說「SQL注入」它也說「注入」。你想申請_both_替換嗎?答案應該是「A00-SQL A01-Injection」? – G5W

回答

3 
match.data$Swap = NA #Create New Column 
for (i in 1:nrow(match.data)){ 
    key = gsub(" ","",match.data$Category[i]) #Remove all spaces in the string of original column to check for match 
    for (j in 1:length(pattern)){ 
     pat = gsub(" ","",pattern[j]) #Remove all spaces from patterns too 
     if (grepl(pat, key, ignore.case = TRUE)){ #Check if there is a match 
      match.data$Swap[i] = replace2[j] #Find replacement and add it to the column 
      break #Break if a replacement has been found 
     } 
    } 
}

編輯

也是繼似乎工作(基於this)。我想知道這是否會更快。

match.data$c2 = tolower(gsub(" ","",match.data$Category)) 
p2 = tolower(gsub(" ", "",pattern)) 
replace.data = data.frame(p2,replace) 

x <- sapply(p2, function(x) grepl(x, match.data$c2)) 
match.data$p2 <- apply(x, 1, function(i) paste0(names(i)[i], collapse = ",")) 
match.data$p2 = gsub("(.*),.*", "\\1", match.data$p2) 
library(qdapTools) 
match.data$replace = lookup(match.data$p2,replace.data)

來源

2017-01-05 17:16:30

+1

Darshan,這是它。你首先刪除間距,這是一個很好的技巧。尼斯。再次感謝。這工作真的很好 –

+0

這個工程,但緩慢如此緩慢 –

+1

Darshan Baral,非常感謝。這和以前一樣快。至少這一個給我預期的結果。 –

1

您可以運行這樣的事情:

match.data = sapply(match.data, FUN= function(x){ 
    for(i in 1:length(pattern)){ 
     x = gsub(pattern[i],replace[i],x) 
    } 
    return(x) 
})

來源

2017-01-05 17:24:15 Kristofersen

相關問題

 相關問題