修复漏洞类型和逻辑bug (#32)

yulailailailai · web-flow · commit 885cde0d8b6c · 2024-01-09T12:04:35.000+08:00
diff --git a/dast-java/src/main/java/com/alipay/antbenchmark/controller/bs/BS00141Controller.java b/dast-java/src/main/java/com/alipay/antbenchmark/controller/bs/BS00141Controller.java
@@ -26,7 +26,7 @@ public class BS00141Controller extends HttpServlet {
     public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
         response.setContentType("text/html;charset=UTF-8");
         String param = request.getParameter("BS00141");
-        if (!new URL(param).getHost().endsWith("alipay.com")) {
+        if (!new URL(param).getHost().endsWith(".alipay.com")) {
             response.getWriter().println("Hacker!");
             return;
         }
diff --git a/dast-java/src/main/resources/scorecard/BS00087.yaml b/dast-java/src/main/resources/scorecard/BS00087.yaml
@@ -1,5 +1,5 @@
 benchmark-version: "1.2"
-category: "cmdi"
+category: "sqli"
 test-number: "00087"
 vulnerability: "true"
-cwe: "78"
+cwe: "89"

Original file line number	Diff line number	Diff line change
`@@ -26,7 +26,7 @@ public class BS00141Controller extends HttpServlet {`
`26`	`26`	`public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {`
`27`	`27`	`response.setContentType("text/html;charset=UTF-8");`
`28`	`28`	`String param = request.getParameter("BS00141");`
`29`		`- if (!new URL(param).getHost().endsWith("alipay.com")) {`
	`29`	`+ if (!new URL(param).getHost().endsWith(".alipay.com")) {`
`30`	`30`	`response.getWriter().println("Hacker!");`
`31`	`31`	`return;`
`32`	`32`	`}`