Beispiel #1
0
        /// <summary>
        /// Convert values to string representation and concatenate them.
        /// </summary>
        /// <param name="leftOperand">The left operand of concatenation.</param>
        /// <param name="rightOperand">The right operand of concatenation.</param>
        /// <returns>Concatenated string of both operands.</returns>
        public Value EvaluateConcatenation(Value leftOperand, Value rightOperand)
        {
            // Gets type of left operand and convert to string
            leftOperand.Accept(this);

            var leftString = result;

            // Gets type of right operand and convert to string
            rightOperand.Accept(this);

            // Get all flags from both operands if they are tainted
            var flags    = FlagsHandler.GetFlagsFromValues(leftOperand, rightOperand);
            var flagInfo = new Flags(flags);

            // Check whether it is concrete or abstract value
            Value taintedResult;

            if ((leftString != null) && (result != null))
            {
                taintedResult = OutSet.CreateString(string.Concat(leftString.Value, result.Value));
            }
            else
            {
                taintedResult = OutSet.AnyStringValue;
            }

            return(taintedResult.SetInfo(flagInfo));
        }
Beispiel #2
0
        /// <summary>
        /// Convert all possible values to string representation and concatenate every combination of them.
        /// </summary>
        /// <param name="leftOperand">The left operand of concatenation.</param>
        /// <param name="rightOperand">The right operand of concatenation.</param>
        /// <returns>All string ​​resulting from the combination of left and right operand values.</returns>
        public MemoryEntry EvaluateConcatenation(MemoryEntry leftOperand, MemoryEntry rightOperand)
        {
            var values = new HashSet <Value>();

            AnyStringValue leftAnyString;
            var            leftStrings = Evaluate(leftOperand, out leftAnyString);

            AnyStringValue rightAnyString;
            var            rightStrings = Evaluate(rightOperand, out rightAnyString);

            if ((leftAnyString != null) || (rightAnyString != null))
            {
                // Get all flags from both abstract operands if they are tainted
                Dictionary <FlagType, bool> flags;
                if (leftAnyString != null)
                {
                    if (rightAnyString != null)
                    {
                        flags = FlagsHandler.GetFlagsFromValues(leftAnyString, rightAnyString);
                    }
                    else
                    {
                        flags = FlagsHandler.GetFlagsFromValues(leftAnyString);
                    }
                }
                else
                {
                    flags = FlagsHandler.GetFlagsFromValues(rightAnyString);
                }

                var flagInfo = new Flags(flags);
                values.Add(OutSet.AnyStringValue.SetInfo(flagInfo));
            }

            foreach (var leftValue in leftStrings)
            {
                foreach (var rightValue in rightStrings)
                {
                    // Get all flags from all combinations of both operands if they are tainted
                    var taintedResult = OutSet.CreateString(string.Concat(leftValue.Value,
                                                                          rightValue.Value));

                    if ((leftValue.GetInfo <Flags>() != null) || (rightValue.GetInfo <Flags>() != null))
                    {
                        var flags    = FlagsHandler.GetFlagsFromValues(leftValue, rightValue);
                        var flagInfo = new Flags(flags);
                        values.Add(taintedResult.SetInfo(flagInfo));
                    }
                    else
                    {
                        values.Add(taintedResult);
                    }
                }
            }

            return(new MemoryEntry(values));
        }
Beispiel #3
0
        /// <inheritdoc />
        protected override void flowThrough()
        {
            PrepareArguments();

            if (ThisObj == null)
            {
                Flow.CalledObject = new MemoryEntry(OutSet.CreateString(StaticMethodCall.ClassName.QualifiedName.Name.LowercaseValue));
                Services.FunctionResolver.IndirectStaticMethodCall(StaticMethodCall.ClassName.QualifiedName,
                                                                   Name.Value.ReadMemory(OutSnapshot), Flow.Arguments);
            }
            else
            {
                Services.FunctionResolver.IndirectStaticMethodCall(ThisObj.Value,
                                                                   Name.Value.ReadMemory(OutSnapshot), Flow.Arguments);
            }
        }
Beispiel #4
0
        /// <inheritdoc />
        protected override void flowThrough()
        {
            switch (_partial.Type)
            {
            case PseudoConstUse.Types.Line:
                Value = OutSet.CreateSnapshotEntry(new MemoryEntry(OutSet.CreateInt(_partial.Position.FirstLine)));
                return;

            case PseudoConstUse.Types.File:
                Value = OutSet.CreateSnapshotEntry(new MemoryEntry(OutSet.CreateString(OwningScriptFullName)));
                return;

            case PseudoConstUse.Types.Dir:
                Value = OutSet.CreateSnapshotEntry(new MemoryEntry(OutSet.CreateString(OwningScript.Directory.FullName)));
                return;

            case PseudoConstUse.Types.Function:
                if (OwningPPGraph.FunctionName == null)
                {
                    Value = OutSet.CreateSnapshotEntry(new MemoryEntry(OutSet.UndefinedValue));
                }
                else
                {
                    Value = OutSet.CreateSnapshotEntry(new MemoryEntry(OutSet.CreateString(OwningPPGraph.FunctionName)));
                }
                return;

            case PseudoConstUse.Types.Method:
            case PseudoConstUse.Types.Class:
            case PseudoConstUse.Types.Namespace:
                Value = OutSet.CreateSnapshotEntry(new MemoryEntry(OutSet.AnyStringValue));
                return;

            default:
                Value = OutSet.CreateSnapshotEntry(new MemoryEntry(OutSet.AnyValue));
                return;
            }
        }
Beispiel #5
0
 /// <summary>
 /// Create string representation of given literal
 /// </summary>
 /// <param name="x">Literal value</param>
 /// <returns>Created literal value representation</returns>
 public virtual MemoryEntry StringLiteral(StringLiteral x)
 {
     return(new MemoryEntry(OutSet.CreateString(x.Value as string)));
 }