This repository contains security vulnerability examples in multiple programming languages, demonstrating common security pitfalls and how to identify them using taint analysis.

• Demonstrates command injection vulnerability through unsafe system command execution
• Key files: app.py

• Shows directory traversal vulnerability via unsafe file path handling
• Key files: main.go

• Illustrates Cross-Site Scripting (XSS) vulnerability in web applications
• Key files: app.rb

• Demonstrates insecure deserialization vulnerability
• Key files: Program.cs

• Shows insecure API usage for sensitive data storage
• Key files: ViewController.swift

• Demonstrates authentication flaws like weak passwords, no rate limiting
• Key files: app.py

• Shows insecure handling of sensitive data like credit cards
• Key files: server.js

• Illustrates Cross-Site Request Forgery attack
• Key files: transfer.php, attack.html

Each project includes:

• Taint parameter identification
• Propagation path analysis
• Dangerous function documentation
• Exploitation scenarios

---

本仓库包含多种编程语言的安全漏洞示例，演示常见的安全陷阱及如何使用污点分析识别它们。

• 通过不安全的系统命令执行演示命令注入漏洞
• 关键文件: app.py

• 展示通过不安全的文件路径处理导致的目录遍历漏洞
• 关键文件: main.go

• 展示Web应用中的跨站脚本(XSS)漏洞
• 关键文件: app.rb

• 演示不安全的反序列化漏洞
• 关键文件: Program.cs

• 展示敏感数据存储的不安全API使用
• 关键文件: ViewController.swift

每个项目包含:

• 污点参数识别
• 参数传播路径分析
• 危险函数文档
• 漏洞利用场景