This repostitory contains the code of the AsiaCCS 2023 submission "Benchmarking the Benchmarks".
The Code folder contains the necessary code to rerun the evaluation.
Contains benchmark test suites as provided by the test suite providers such as NIST.
Note that for copyright reasons you need to fill these folders manually.
Code/Input/Juliet should contain the code of Juliet v. 1.3 available from NIST.
Code/Input/BenchmarkJava/ should contain the code of OWASP
Migrates servlets from javax.servlet (old namespace) to jakarta.servlet (new namespace). Also generates web.xml files for Servlet test cases.
Creates the Models.xml file in the Output folder. The Models.xml file specifies the behavior of each test case. In an ideal world, such as specification would be written by the test case author.
Takes the Models.xml and Presets.xml from the Output folder and creates exploit Java files.
Contains code used to start servlet containers and to create the environment the exploit should work in.
Evaluates the outputs from the docker containers.
Contains source code to generate a native Exploit native JNI *.so file.