SQL Injection
をA00-SQL Injection
に置き換えて別の方法を試しました。何か案は。一致する文字列を見つけて新しい列に置き換えます
match.data<-data.frame(Category=c("Cross-Site Request Forgery","SQL Injection","XML External Entity Injection","Password Management: Password in Configuration File",
"Open Redirect","Path Manipulation","Often Misused: Authentication","ClassLoader Manipulation: Struts 1","Password Management: Hardcoded Password",
"Dynamic Code Evaluation: Code Injection","Cross-Site Scripting: DOM","Dynamic Code Evaluation: JNDI Reference Injection","Dynamic Code Evaluation: Unsafe Deserialization",
"Command Injection","XPath Injection","Access Specifier Manipulation","XSLT Injection","Often Misused: File Upload","XML Entity Expansion Injection",
"Header Manipulation: Cookies","Cross-Site Scripting: Persistent","Key Management: Hardcoded Encryption Key",
"Axis 2 Service Requester Misconfiguration: WS-Security Not Enabled","Axis 2 Misconfiguration: Insecure Message Security",
"Axis 2 Misconfiguration: Debug Information","Axis 2 Misconfiguration: Insecure Transport Sender",
"Acegi Misconfiguration: Insecure Channel Mixing","Axis 2 Misconfiguration: Insecure Transport Receiver","Header Manipulation","Unreleased Resource: Database",
"Key Management: Empty Encryption Key","Log Forging","Unchecked Return Value","System Information Leak: Internal","Poor Error Handling: Overly Broad Catch",
"System Information Leak: External","Poor Error Handling: Overly Broad Throws","System Information Leak","Poor Error Handling: Empty Catch Block",
"Password Management: Password in Comment","Poor Logging Practice: Use of a System Output Stream","Privacy Violation","Setting Manipulation",
"Poor Error Handling: Program Catches NullPointerException","Insecure Randomness","Resource Injection","Unsafe Reflection","Privacy Violation: Heap Inspection",
"LDAP Injection","J2EE Bad Practices: Leftover Debug Code","Weak Cryptographic Hash","LDAP Manipulation","Log Forging (debug)","Weak Encryption",
"Weak Cryptographic Hash: Insecure PBE Iteration Count","Cross-Site Scripting: Poor Validation","HTTP Verb Tampering","Access Control: Weak Security Constraint",
"Header Manipulation: SMTP","Buffer Overflow: Format String","Often Misused: Spring Remote Service","Buffer Overflow","Cross-Site Scripting: Reflected",
"Buffer Overflow: Signed Comparison","OGNL Expression Injection: Struts 2","OGNL Expression Injection: Dynamic Method Invocation","Password Management: Password in HTML Form",
"OGNL Expression Injection: Double Evaluation","Session Fixation","Password Management: Insecure Submission","Unreleased Resource","Buffer Overflow: Off-by-One",
"Password Management: Empty Password","Dynamic Code Evaluation: XMLDecoder Injection","XML Injection","Axis 2 Service Provider Misconfiguration: WS-Security Not Enabled",
"File Disclosure: J2EE","Weak SecurityManager Check: Overridable Method","Weak Encryption: Insecure Initialization Vector",
"Axis 2 Service Provider Misconfiguration: Outbound WS-Security Not Enabled","Axis 2 Service Provider Misconfiguration: Inbound WS-Security Not Enabled",
"Dynamic Code Evaluation: Script Injection","Insecure Transport: Weak SSL Protocol","SQL Injection: iBatis Data Map","Mass Assignment: Sensitive Field Exposure",
"Mass Assignment: Insecure Binder Configuration","Dynamic Code Evaluation: Unsafe XStream Deserialization","SQL Injection: Hibernate","File Disclosure: Struts",
"Missing XML Validation","J2EE Misconfiguration: Missing Error Handling","J2EE Misconfiguration: Excessive Session Timeout","Weak Encryption: Insecure Mode of Operation",
"Poor Error Handling: Return Inside Finally","WCF Misconfiguration: Weak Token","ASP.NET Misconfiguration: Debug Information","Integer Overflow","Insecure Randomness: Weak Entropy Source",
"Format String","Out-of-Bounds Read: Off-by-One","Out-of-Bounds Read","Heap Inspection","Often Misused: Privilege Management","Format String: Argument Number Mismatch","Access Control: Database",
"Password Management","Format String: Argument Type Mismatch","Weak Encryption: Insufficient Key Size","System Information Leak: HTML Comment in JSP","Trust Boundary Violation",
"System Information Leak: Incomplete Servlet Error Handling","Insecure Randomness: User-Controlled Seed","Race Condition: Singleton Member Field",
"J2EE Bad Practices: Non-Serializable Object Stored in Session","Password Management: Null Password","JSON Injection","Cookie Security: Overly Broad Path","SQL Injection: Persistence"))
pattern <- c("SQL injection","injection","Dynamic Code Evaluation","Authentication",
"Session Fixation","Cross-Site Scripting","Parameter Pollution","persisted bjects",
"Configuration","Exposure","Access","File Inclusion","Cross-Site Request Forgery",
"not defined","Open Redirect")
replace <- c("A00-SQL Injection","A01-Injection","A01-Injection",
"A02-Broken Auth & Session Management","A02-Broken Auth & Session Management",
"A03-Cross-Site Scripting","A04-Insecure Direct ObjRefs","A04-Insecure Direct ObjRefs",
"A05-Security Misconfig","A06-Sensitive Data Exposure","A07-Missing Funct Lvl Access Control",
"A07-Missing Funct Lvl Access Control","A08-CSRF","A09-Using Components w/ Known Vulns",
"A10-Unvalidated Redirects/Fwds")
for(x in 1:length(pattern)){
match.data[grepl(pattern[x], match.data$Category, ignore.case = TRUE),"OwaspTop10"] <- replace[x]
}
の予想される出力は、パターンSQL Injections
を使って何が価値A00-SQL Injection
を持つ新しい列を作成する必要があります。パターンがInjection
のものはすべて、値がA01-Injection
の新しい列を作成する必要があります。あなたは
感謝を貼り付けているコードを実行する場合、私が得る
出力。 OwaspTop10列には、A00-SQL Injection
とする必要があります。配列の末尾にSQL Injection
〜A00-SQL Injection
の最後のマッピングを追加すると私は正しい出力
NOTEを得る:2行目は正しいマッピング
をそして新しい列の値がどうあるべきか 'SQL Injections'や' Injection'を持っていないものがある場合は? – ggsdc
patternとreplaceの間に1対1のマッピングがあります。 patternとreplaceの長さは15です。たとえば、この「クロスサイトスクリプティング」は「A03-Cross-Site Scripting」に置き換えられます。別の例の「動的コード評価」は「注入」に置き換えられます –
「SQLインジェクション」という項目がある場合は「インジェクション」と表示されます。 _both_の置き換えを適用しますか?答えは "A00-SQL A01-Injection"でなければなりませんか? – G5W