stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
91f3610b9d6bef85528b56e4446cd1647db6e1f2
git.stella-ops.org/bench/reachability-benchmark/cases/go/gin-exec/main.go
master 8779e9226f feat: add stella-callgraph-node for JavaScript/TypeScript call graph extraction 
- Implemented a new tool `stella-callgraph-node` that extracts call graphs from JavaScript/TypeScript projects using Babel AST.
- Added command-line interface with options for JSON output and help.
- Included functionality to analyze project structure, detect functions, and build call graphs.
- Created a package.json file for dependency management.

feat: introduce stella-callgraph-python for Python call graph extraction

- Developed `stella-callgraph-python` to extract call graphs from Python projects using AST analysis.
- Implemented command-line interface with options for JSON output and verbose logging.
- Added framework detection to identify popular web frameworks and their entry points.
- Created an AST analyzer to traverse Python code and extract function definitions and calls.
- Included requirements.txt for project dependencies.

chore: add framework detection for Python projects

- Implemented framework detection logic to identify frameworks like Flask, FastAPI, Django, and others based on project files and import patterns.
- Enhanced the AST analyzer to recognize entry points based on decorators and function definitions.
2025-12-19 18:11:59 +02:00

42 lines
944 B
Go
Raw Blame History

// gin-exec benchmark case
// Demonstrates command injection sink reachable via Gin HTTP handler
package main
import (
"net/http"
"os/exec"
"github.com/gin-gonic/gin"
)
func main() {
r := gin.Default()
r.GET("/run", handleRun)
r.GET("/health", handleHealth)
r.Run(":8080")
}
// handleRun - VULNERABLE: command injection sink
// User-controlled input passed directly to exec.Command
func handleRun(c *gin.Context) {
cmd := c.Query("cmd")
if cmd == "" {
c.JSON(http.StatusBadRequest, gin.H{"error": "missing cmd parameter"})
return
}
// SINK: os/exec.Command with user-controlled input
output, err := exec.Command("sh", "-c", cmd).Output()
if err != nil {
c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
return
}
c.JSON(http.StatusOK, gin.H{"output": string(output)})
}
// handleHealth - safe endpoint, no sinks
func handleHealth(c *gin.Context) {
c.JSON(http.StatusOK, gin.H{"status": "ok"})
}
Reference in New Issue View Git Blame Copy Permalink