2026-03-13 17:42:27 +08:00
|
|
|
|
#!/usr/bin/env python3
|
|
|
|
|
|
# -*- coding: utf-8 -*-
|
|
|
|
|
|
"""
|
|
|
|
|
|
测试文件:包含常见代码缺陷,用于验证扫描器
|
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
|
|
|
|
import os
|
|
|
|
|
|
import sys
|
|
|
|
|
|
import json
|
|
|
|
|
|
import pickle
|
|
|
|
|
|
import subprocess
|
|
|
|
|
|
from ast import parse
|
|
|
|
|
|
from typing import List, Dict
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# 缺陷1: 未使用的导入
|
|
|
|
|
|
import unused_module # 未使用
|
|
|
|
|
|
import collections as col # 使用了 col 但 flake8 可能检测
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# 缺陷2: 未使用的变量
|
|
|
|
|
|
def unused_variable_demo():
|
|
|
|
|
|
"""演示未使用的变量"""
|
|
|
|
|
|
result = calculate() # result 未被使用
|
|
|
|
|
|
print("Function executed")
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def calculate():
|
|
|
|
|
|
"""计算并返回结果"""
|
|
|
|
|
|
return 42
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# 缺陷3: 未定义的变量
|
|
|
|
|
|
def undefined_variable_demo():
|
|
|
|
|
|
"""演示未定义的变量"""
|
|
|
|
|
|
print(undefined_var) # undefined_var 未定义
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# 缺陷4: 变量在定义前使用
|
|
|
|
|
|
def use_before_define():
|
|
|
|
|
|
"""在定义前使用变量"""
|
|
|
|
|
|
print(before_var) # before_var 在下面才定义
|
|
|
|
|
|
before_var = 100
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# 缺陷5: 硬编码密码(安全问题)
|
|
|
|
|
|
def connect_database():
|
|
|
|
|
|
"""连接数据库"""
|
|
|
|
|
|
password = "admin123" # 硬编码密码
|
|
|
|
|
|
username = "root"
|
|
|
|
|
|
return f"Connecting with {username}:{password}"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# 缺陷6: 使用 eval(安全问题)
|
|
|
|
|
|
def unsafe_eval():
|
|
|
|
|
|
"""危险使用 eval"""
|
|
|
|
|
|
user_input = "os.system('ls')"
|
|
|
|
|
|
result = eval(user_input) # 危险!
|
|
|
|
|
|
return result
|
