我試過不同的方法可以將SQL Injection
替換爲A00-SQL Injection
。有任何想法嗎。查找匹配的字符串,並將其替換爲新列
match.data<-data.frame(Category=c("Cross-Site Request Forgery","SQL Injection","XML External Entity Injection","Password Management: Password in Configuration File",
"Open Redirect","Path Manipulation","Often Misused: Authentication","ClassLoader Manipulation: Struts 1","Password Management: Hardcoded Password",
"Dynamic Code Evaluation: Code Injection","Cross-Site Scripting: DOM","Dynamic Code Evaluation: JNDI Reference Injection","Dynamic Code Evaluation: Unsafe Deserialization",
"Command Injection","XPath Injection","Access Specifier Manipulation","XSLT Injection","Often Misused: File Upload","XML Entity Expansion Injection",
"Header Manipulation: Cookies","Cross-Site Scripting: Persistent","Key Management: Hardcoded Encryption Key",
"Axis 2 Service Requester Misconfiguration: WS-Security Not Enabled","Axis 2 Misconfiguration: Insecure Message Security",
"Axis 2 Misconfiguration: Debug Information","Axis 2 Misconfiguration: Insecure Transport Sender",
"Acegi Misconfiguration: Insecure Channel Mixing","Axis 2 Misconfiguration: Insecure Transport Receiver","Header Manipulation","Unreleased Resource: Database",
"Key Management: Empty Encryption Key","Log Forging","Unchecked Return Value","System Information Leak: Internal","Poor Error Handling: Overly Broad Catch",
"System Information Leak: External","Poor Error Handling: Overly Broad Throws","System Information Leak","Poor Error Handling: Empty Catch Block",
"Password Management: Password in Comment","Poor Logging Practice: Use of a System Output Stream","Privacy Violation","Setting Manipulation",
"Poor Error Handling: Program Catches NullPointerException","Insecure Randomness","Resource Injection","Unsafe Reflection","Privacy Violation: Heap Inspection",
"LDAP Injection","J2EE Bad Practices: Leftover Debug Code","Weak Cryptographic Hash","LDAP Manipulation","Log Forging (debug)","Weak Encryption",
"Weak Cryptographic Hash: Insecure PBE Iteration Count","Cross-Site Scripting: Poor Validation","HTTP Verb Tampering","Access Control: Weak Security Constraint",
"Header Manipulation: SMTP","Buffer Overflow: Format String","Often Misused: Spring Remote Service","Buffer Overflow","Cross-Site Scripting: Reflected",
"Buffer Overflow: Signed Comparison","OGNL Expression Injection: Struts 2","OGNL Expression Injection: Dynamic Method Invocation","Password Management: Password in HTML Form",
"OGNL Expression Injection: Double Evaluation","Session Fixation","Password Management: Insecure Submission","Unreleased Resource","Buffer Overflow: Off-by-One",
"Password Management: Empty Password","Dynamic Code Evaluation: XMLDecoder Injection","XML Injection","Axis 2 Service Provider Misconfiguration: WS-Security Not Enabled",
"File Disclosure: J2EE","Weak SecurityManager Check: Overridable Method","Weak Encryption: Insecure Initialization Vector",
"Axis 2 Service Provider Misconfiguration: Outbound WS-Security Not Enabled","Axis 2 Service Provider Misconfiguration: Inbound WS-Security Not Enabled",
"Dynamic Code Evaluation: Script Injection","Insecure Transport: Weak SSL Protocol","SQL Injection: iBatis Data Map","Mass Assignment: Sensitive Field Exposure",
"Mass Assignment: Insecure Binder Configuration","Dynamic Code Evaluation: Unsafe XStream Deserialization","SQL Injection: Hibernate","File Disclosure: Struts",
"Missing XML Validation","J2EE Misconfiguration: Missing Error Handling","J2EE Misconfiguration: Excessive Session Timeout","Weak Encryption: Insecure Mode of Operation",
"Poor Error Handling: Return Inside Finally","WCF Misconfiguration: Weak Token","ASP.NET Misconfiguration: Debug Information","Integer Overflow","Insecure Randomness: Weak Entropy Source",
"Format String","Out-of-Bounds Read: Off-by-One","Out-of-Bounds Read","Heap Inspection","Often Misused: Privilege Management","Format String: Argument Number Mismatch","Access Control: Database",
"Password Management","Format String: Argument Type Mismatch","Weak Encryption: Insufficient Key Size","System Information Leak: HTML Comment in JSP","Trust Boundary Violation",
"System Information Leak: Incomplete Servlet Error Handling","Insecure Randomness: User-Controlled Seed","Race Condition: Singleton Member Field",
"J2EE Bad Practices: Non-Serializable Object Stored in Session","Password Management: Null Password","JSON Injection","Cookie Security: Overly Broad Path","SQL Injection: Persistence"))
pattern <- c("SQL injection","injection","Dynamic Code Evaluation","Authentication",
"Session Fixation","Cross-Site Scripting","Parameter Pollution","persisted bjects",
"Configuration","Exposure","Access","File Inclusion","Cross-Site Request Forgery",
"not defined","Open Redirect")
replace <- c("A00-SQL Injection","A01-Injection","A01-Injection",
"A02-Broken Auth & Session Management","A02-Broken Auth & Session Management",
"A03-Cross-Site Scripting","A04-Insecure Direct ObjRefs","A04-Insecure Direct ObjRefs",
"A05-Security Misconfig","A06-Sensitive Data Exposure","A07-Missing Funct Lvl Access Control",
"A07-Missing Funct Lvl Access Control","A08-CSRF","A09-Using Components w/ Known Vulns",
"A10-Unvalidated Redirects/Fwds")
for(x in 1:length(pattern)){
match.data[grepl(pattern[x], match.data$Category, ignore.case = TRUE),"OwaspTop10"] <- replace[x]
}
預期成果是什麼關係模式SQL Injections
必須以價值創造A00-SQL Injection
新列。其他所有模式爲Injection
的客戶都必須創建值爲A01-Injection
的新列。
在此先感謝
問題是與SQL Injection
代碼。 OwaspTop10專欄應該有A00-SQL Injection
只需要別的東西。如果我在數組末尾添加SQL Injection
到A00-SQL Injection
的映射。我得到正確的輸出
注:第2行具有正確的映射
,如果有一些不具備'SQL Injections'或'Injection'應該是什麼新列的值? – ggsdc
模式和替換之間有一對一映射。 pattern和replace的長度是15.例如,這個'Cross-Site Scripting'將被替換爲'A03-Cross-Site Scripting'。另一個例子'動態代碼評估'將被替換爲'注入' –
當你有一個條目說「SQL注入」它也說「注入」。你想申請_both_替換嗎?答案應該是「A00-SQL A01-Injection」? – G5W