Beispiel #1
0
        public Variable SqlXssTaintVariable(XSSTaintSet xsstaintSet, SQLITaintSet sqliTaintSet)
        {
            XssTaintVariable(xsstaintSet);
            SqliTaintVariable(sqliTaintSet);

            return(this);
        }
Beispiel #2
0
        public TaintSets(SQLITaintSet sqliTaint, XSSTaintSet xssTaint) : this()
        {
            Preconditions.NotNull(sqliTaint, "sqliTaint");
            Preconditions.NotNull(xssTaint, "xssTaint");

            this.XssTaint.Add(xssTaint);
            this.SqliTaint.Add(sqliTaint);
        }
Beispiel #3
0
        public void ExpressionInfo_Merge()
        {
            var sqliTaint = new SQLITaintSet(SQLITaint.SQL_ALL);
            var xsstaint = new XSSTaintSet(XSSTaint.XSS_ALL);
            var ts1 = new TaintSets(sqliTaint, xsstaint);
            var exprInfo1 = new ExpressionInfo { ExpressionTaint = ts1 };
            var exprInfo2 = new ExpressionInfo();

            var exprInfo = exprInfo2.Merge(exprInfo1);

            Assert.AreEqual(sqliTaint, exprInfo.ExpressionTaint.SqliTaint.Single(), "SQL Taint was not the expected");
            Assert.AreEqual(xsstaint, exprInfo.ExpressionTaint.XssTaint.Single(), "XSS Taint was not the expected");
        }
Beispiel #4
0
        public void ExpressionInfo_Merge()
        {
            var sqliTaint = new SQLITaintSet(SQLITaint.SQL_ALL);
            var xsstaint  = new XSSTaintSet(XSSTaint.XSS_ALL);
            var ts1       = new TaintSets(sqliTaint, xsstaint);
            var exprInfo1 = new ExpressionInfo {
                ExpressionTaint = ts1
            };
            var exprInfo2 = new ExpressionInfo();

            var exprInfo = exprInfo2.Merge(exprInfo1);

            Assert.AreEqual(sqliTaint, exprInfo.ExpressionTaint.SqliTaint.Single(), "SQL Taint was not the expected");
            Assert.AreEqual(xsstaint, exprInfo.ExpressionTaint.XssTaint.Single(), "XSS Taint was not the expected");
        }
Beispiel #5
0
        public Source(JToken JSON)
        {
            Name = (string)JSON.SelectToken(Keys.PHPDefinitionJSONKeys.GeneralKeys.Name);
            Type = (string)JSON.SelectToken(Keys.PHPDefinitionJSONKeys.GeneralKeys.Type);
            var xssTaintStr = (string)JSON.SelectToken(Keys.PHPDefinitionJSONKeys.GeneralKeys.XssTaint);
            var sqlTaintStr = (string)JSON.SelectToken(Keys.PHPDefinitionJSONKeys.GeneralKeys.SqlTaint);

            //Set up XSS taint from JSON, if it cannot be parsed, then use the default XSS_ALL tag
            XSSTaint tmpXss  = XSSTaint.XSS_ALL;
            var      success = Enum.TryParse(xssTaintStr, out tmpXss);

            if (success)
            {
                XssTaint = new XSSTaintSet(tmpXss);
            }
            else
            {
                XssTaint = new XSSTaintSet(XSSTaint.XSS_ALL);
            }

            //Set up SQL taint from JSON. If it cannot be parsed then use the default SQL_ALL tag.
            SQLITaint tmpSqli = SQLITaint.SQL_ALL;

            success = Enum.TryParse(sqlTaintStr, out tmpSqli);
            if (success)
            {
                SqliTaint = new SQLITaintSet(tmpSqli);
            }
            else
            {
                SqliTaint = new SQLITaintSet(SQLITaint.SQL_ALL);
            }

            Formats = new List <string>();
            var formats = (JArray)JSON.SelectToken(Keys.PHPDefinitionJSONKeys.GeneralKeys.Formats);

            foreach (string format in formats)
            {
                Formats.Add(format);
            }
        }
Beispiel #6
0
        public Source(JToken JSON)
        {
            Name = (string)JSON.SelectToken(Keys.PHPDefinitionJSONKeys.GeneralKeys.Name);
            Type = (string)JSON.SelectToken(Keys.PHPDefinitionJSONKeys.GeneralKeys.Type);
            var xssTaintStr = (string)JSON.SelectToken(Keys.PHPDefinitionJSONKeys.GeneralKeys.XssTaint);
            var sqlTaintStr = (string)JSON.SelectToken(Keys.PHPDefinitionJSONKeys.GeneralKeys.SqlTaint);

            //Set up XSS taint from JSON, if it cannot be parsed, then use the default XSS_ALL tag
            XSSTaint tmpXss = XSSTaint.XSS_ALL;
            var success = Enum.TryParse(xssTaintStr, out tmpXss);
            if (success)
            {
                XssTaint = new XSSTaintSet(tmpXss);
            }
            else
            {
                XssTaint = new XSSTaintSet(XSSTaint.XSS_ALL);
            }

            //Set up SQL taint from JSON. If it cannot be parsed then use the default SQL_ALL tag.
            SQLITaint tmpSqli = SQLITaint.SQL_ALL;
            success = Enum.TryParse(sqlTaintStr, out tmpSqli);
            if (success)
            {
                SqliTaint = new SQLITaintSet(tmpSqli);
            }
            else
            {
                SqliTaint = new SQLITaintSet(SQLITaint.SQL_ALL);
            }

            Formats = new List<string>();
            var formats = (JArray)JSON.SelectToken(Keys.PHPDefinitionJSONKeys.GeneralKeys.Formats);
            foreach (string format in formats)
            {
                Formats.Add(format);
            }
        }
Beispiel #7
0
        public TaintSets Merge(TaintSets other)
        {
            Preconditions.NotNull(other, "other");

            var result = new TaintSets();

            var resultSqliTaint = new SQLITaintSet();

            if (this.SqliTaint.Any())
            {
                var leftSqliTaint = this.SqliTaint.Aggregate((curr, next) => curr.Merge(next));
                resultSqliTaint = resultSqliTaint.Merge(leftSqliTaint);
            }
            if (other.SqliTaint.Any())
            {
                var rightSqliTaint = other.SqliTaint.Aggregate((curr, next) => curr.Merge(next));
                resultSqliTaint = resultSqliTaint.Merge(rightSqliTaint);
            }

            XSSTaintSet resultXssTaintSet = new XSSTaintSet();

            if (this.XssTaint.Any())
            {
                resultXssTaintSet = resultXssTaintSet.Merge(this.XssTaint.Aggregate((curr, next) => curr.Merge(next)));
            }
            if (other.XssTaint.Any())
            {
                var rightXssTaint = other.XssTaint.Aggregate((curr, next) => curr.Merge(next));
                resultXssTaintSet = resultXssTaintSet.Merge(rightXssTaint);
            }

            result.SqliTaint.Add(resultSqliTaint);
            result.XssTaint.Add(resultXssTaintSet);

            return(result);
        }
Beispiel #8
0
        public Variable SqliTaintVariable(SQLITaintSet taintSet)
        {
            Info.Taints.SqliTaint.Add(taintSet);

            return(this);
        }