Question

我尝试过不同的方法将A00-SQL Injection替换为match.data<-data.frame(Category=c("Cross-Site Request Forgery","SQL Injection","XML External Entity Injection","Password Management: Password in Configuration File", "Open Redirect","Path Manipulation","Often Misused: Authentication","ClassLoader Manipulation: Struts 1","Password Management: Hardcoded Password", "Dynamic Code Evaluation: Code Injection","Cross-Site Scripting: DOM","Dynamic Code Evaluation: JNDI Reference Injection","Dynamic Code Evaluation: Unsafe Deserialization", "Command Injection","XPath Injection","Access Specifier Manipulation","XSLT Injection","Often Misused: File Upload","XML Entity Expansion Injection", "Header Manipulation: Cookies","Cross-Site Scripting: Persistent","Key Management: Hardcoded Encryption Key", "Axis 2 Service Requester Misconfiguration: WS-Security Not Enabled","Axis 2 Misconfiguration: Insecure Message Security", "Axis 2 Misconfiguration: Debug Information","Axis 2 Misconfiguration: Insecure Transport Sender", "Acegi Misconfiguration: Insecure Channel Mixing","Axis 2 Misconfiguration: Insecure Transport Receiver","Header Manipulation","Unreleased Resource: Database", "Key Management: Empty Encryption Key","Log Forging","Unchecked Return Value","System Information Leak: Internal","Poor Error Handling: Overly Broad Catch", "System Information Leak: External","Poor Error Handling: Overly Broad Throws","System Information Leak","Poor Error Handling: Empty Catch Block", "Password Management: Password in Comment","Poor Logging Practice: Use of a System Output Stream","Privacy Violation","Setting Manipulation", "Poor Error Handling: Program Catches NullPointerException","Insecure Randomness","Resource Injection","Unsafe Reflection","Privacy Violation: Heap Inspection", "LDAP Injection","J2EE Bad Practices: Leftover Debug Code","Weak Cryptographic Hash","LDAP Manipulation","Log Forging (debug)","Weak Encryption", "Weak Cryptographic Hash: Insecure PBE Iteration Count","Cross-Site Scripting: Poor Validation","HTTP Verb Tampering","Access Control: Weak Security Constraint", "Header Manipulation: SMTP","Buffer Overflow: Format String","Often Misused: Spring Remote Service","Buffer Overflow","Cross-Site Scripting: Reflected", "Buffer Overflow: Signed Comparison","OGNL Expression Injection: Struts 2","OGNL Expression Injection: Dynamic Method Invocation","Password Management: Password in HTML Form", "OGNL Expression Injection: Double Evaluation","Session Fixation","Password Management: Insecure Submission","Unreleased Resource","Buffer Overflow: Off-by-One", "Password Management: Empty Password","Dynamic Code Evaluation: XMLDecoder Injection","XML Injection","Axis 2 Service Provider Misconfiguration: WS-Security Not Enabled", "File Disclosure: J2EE","Weak SecurityManager Check: Overridable Method","Weak Encryption: Insecure Initialization Vector", "Axis 2 Service Provider Misconfiguration: Outbound WS-Security Not Enabled","Axis 2 Service Provider Misconfiguration: Inbound WS-Security Not Enabled", "Dynamic Code Evaluation: Script Injection","Insecure Transport: Weak SSL Protocol","SQL Injection: iBatis Data Map","Mass Assignment: Sensitive Field Exposure", "Mass Assignment: Insecure Binder Configuration","Dynamic Code Evaluation: Unsafe XStream Deserialization","SQL Injection: Hibernate","File Disclosure: Struts", "Missing XML Validation","J2EE Misconfiguration: Missing Error Handling","J2EE Misconfiguration: Excessive Session Timeout","Weak Encryption: Insecure Mode of Operation", "Poor Error Handling: Return Inside Finally","WCF Misconfiguration: Weak Token","ASP.NET Misconfiguration: Debug Information","Integer Overflow","Insecure Randomness: Weak Entropy Source", "Format String","Out-of-Bounds Read: Off-by-One","Out-of-Bounds Read","Heap Inspection","Often Misused: Privilege Management","Format String: Argument Number Mismatch","Access Control: Database", "Password Management","Format String: Argument Type Mismatch","Weak Encryption: Insufficient Key Size","System Information Leak: HTML Comment in JSP","Trust Boundary Violation", "System Information Leak: Incomplete Servlet Error Handling","Insecure Randomness: User-Controlled Seed","Race Condition: Singleton Member Field", "J2EE Bad Practices: Non-Serializable Object Stored in Session","Password Management: Null Password","JSON Injection","Cookie Security: Overly Broad Path","SQL Injection: Persistence")) pattern <- c("SQL injection","injection","Dynamic Code Evaluation","Authentication", "Session Fixation","Cross-Site Scripting","Parameter Pollution","persisted bjects", "Configuration","Exposure","Access","File Inclusion","Cross-Site Request Forgery", "not defined","Open Redirect") replace <- c("A00-SQL Injection","A01-Injection","A01-Injection", "A02-Broken Auth & Session Management","A02-Broken Auth & Session Management", "A03-Cross-Site Scripting","A04-Insecure Direct ObjRefs","A04-Insecure Direct ObjRefs", "A05-Security Misconfig","A06-Sensitive Data Exposure","A07-Missing Funct Lvl Access Control", "A07-Missing Funct Lvl Access Control","A08-CSRF","A09-Using Components w/ Known Vulns", "A10-Unvalidated Redirects/Fwds") for(x in 1:length(pattern)){ match.data[grepl(pattern[x], match.data$Category, ignore.case = TRUE),"OwaspTop10"] <- replace[x] }。任何想法。

SQL Injections

预期输出是模式A00-SQL Injection的任何内容必须创建值为Injection的新列。模式A01-Injection的所有其他内容都必须创建值为SQL Injection的新列。

如果您运行粘贴的代码，我会得到输出

提前致谢

问题在于A00-SQL Injection。 OwaspTop10列应该有SQL Injection

只是换个别的东西。如果我在数组末尾将A00-SQL Injection的末尾的映射添加到{{1}}。我得到了正确的输出

注意：第2行具有正确的映射

Answer 1

match.data$Swap = NA #Create New Column
for (i in 1:nrow(match.data)){ 
    key = gsub(" ","",match.data$Category[i]) #Remove all spaces in the string of original column to check for match
    for (j in 1:length(pattern)){ 
        pat = gsub(" ","",pattern[j]) #Remove all spaces from patterns too
        if (grepl(pat, key, ignore.case = TRUE)){ #Check if there is a match
            match.data$Swap[i] = replace2[j] #Find replacement and add it to the column
            break #Break if a replacement has been found
        }
    }
}

修改

以下似乎也有效（基于this）。我想知道它是否会更快。

match.data$c2 = tolower(gsub(" ","",match.data$Category)) p2 = tolower(gsub(" ", "",pattern)) replace.data = data.frame(p2,replace) x <- sapply(p2, function(x) grepl(x, match.data$c2)) match.data$p2 <- apply(x, 1, function(i) paste0(names(i)[i], collapse = ",")) match.data$p2 = gsub("(.*),.*", "\\1", match.data$p2) library(qdapTools) match.data$replace = lookup(match.data$p2,replace.data)

Answer 2

你可以运行这样的东西：

match.data = sapply(match.data, FUN= function(x){
   for(i in 1:length(pattern)){
       x = gsub(pattern[i],replace[i],x)
   }
   return(x)
})

找到匹配的字符串并将其替换为新列

2 个答案: