-
Notifications
You must be signed in to change notification settings - Fork 53
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Initial port of Benchmark utilities to this utilities project.
More stuff probably needs to be detangled/removed, and the utilities still need to be converted to Maven plugins so they can be used by other projects via mvn commands.
- Loading branch information
1 parent
42170c2
commit daf0dd7
Showing
117 changed files
with
29,868 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| *.class | ||
| .project | ||
| .java-version | ||
|
|
||
| # Package Files # | ||
| *.jar | ||
|
|
||
| # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml | ||
| *.classpath | ||
| .settings/ | ||
| *.DS_Store | ||
| data/ | ||
| internalscripts/ | ||
| src/main/resources/benchmark.properties | ||
| src/main/resources/testNumber.properties | ||
| target/ | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| <?xml version="1.0" encoding="UTF-8"?> | ||
| <extensions> | ||
| <extension> | ||
| <groupId>co.leantechniques</groupId> | ||
| <artifactId>maven-buildtime-extension</artifactId> | ||
| <version>3.0.3</version> | ||
| </extension> | ||
| </extensions> | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| eclipse.preferences.version=1 | ||
| indentationChar=space | ||
| indentationSize=4 | ||
| lineWidth=999 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| eclipse.preferences.version=1 | ||
| indentationChar=space | ||
| indentationSize=4 | ||
| lineWidth=999 | ||
| formatCommentJoinLines=false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| # OWASP Benchmark Utilities | ||
|
|
||
| This project provides utility functions for the OWASP Benchmark project. | ||
|
|
||
| The public documentation for the Benchmark is on the OWASP site at <a href="https://owasp.org/www-project-benchmark">OWASP Benchmark</a> as well as the github repo at: <a href="https://github.com/OWASP/Benchmark">OWASP Benchmark GitHub</a>. Please refer to these sites for the details on how to build and run the Benchmark, how to scan it with various AST tools, and how to then score those tools against the Benchmark. | ||
|
|
||
| This project provides a Maven plugin for OWASP Benchmark that currently has the following capabilities: | ||
|
|
||
| 1. Scorecard Generator - when invoked, it analyzes all the tool scan results in the /results folder as compared to the expected results file for the test suite, and generates a scorecard for all those tools in the /scorecard folder. | ||
|
|
||
| 2. Crawler - used to invoke every HTTP endpoint in a Benchmark test suite. Typically used to exercise the entire test suite so IAST and other code execution monitoring tools can identify vulnerabilities in the test suite | ||
|
|
||
| 3. Timer - A utility function is included that times how long a job takes to run. This is typically used to record how long it take an open source tool to scan a test suite. This scan time is commonly appended to the results file name so the scan time can be included in the generated scorecard for that tool. | ||
|
|
||
| How these plugins are invoked is TBD. |
Oops, something went wrong.