Add Detection for BOLA, BFLA, XSS Injection, and Mass Assignment Vulnerabilities

[Eric-0522]

Hello,

This PR adds detection mechanisms for several security vulnerabilities, including BOLA, BFLA, XSS Injection, and Mass Assignment. These changes aim to enhance the security of the API detection tool by identifying and mitigating these vulnerabilities.

Changes:

1. BOLA Detection: Implemented logic to detect Broken Object Level Authorization vulnerabilities.
2. BFLA Detection: Added checks to identify Broken Function Level Authorization issues.
3. XSS Injection Detection: Included filters and validations to prevent Cross-Site Scripting attacks.
4. Mass Assignment Detection: Implemented measures to prevent unauthorized mass assignment of attributes.

We tested the detection mechanisms on the crAPI (completely ridiculous API) project. The following summarizes the performance of our API detection tool across different types of vulnerabilities. The number of API endpoints tested is 44 for each category.

BOLA:
True Positives (TP): 2
False Positives (FP): 13
True Negatives (TN): 29
False Negatives (FN): 0
Accuracy: 70.45%
Recall: 100%

BFLA:
True Positives (TP): 2
False Positives (FP): 2
True Negatives (TN): 40
False Negatives (FN): 0
Accuracy: 95.45%
Recall: 100%

XSS Injection:
True Positives (TP): 0
False Positives (FP): 6
True Negatives (TN): 38
False Negatives (FN): 0
Accuracy: 86.36%
Recall: 100%

Mass Assignment:
True Positives (TP): 1
False Positives (FP): 5
True Negatives (TN): 38
False Negatives (FN): 0
Accuracy: 88.64%
Recall: 100%

These results indicate varying levels of detection accuracy and false positive rates for different vulnerabilities.

Please review the changes and let me know if there are any questions or further improvements needed.
Please note that some of the commit messages are in Chinese and will need translation. Let me know if you need any assistance with this.

Thank you!