Beispiel #1
0
        public TaintStatus(TaintInfo taintInfo)
        {
            this.tainted  = taintInfo.taint;
            this.priority = taintInfo.priority;

            lines = getLines(taintInfo);
        }
Beispiel #2
0
        public TaintStatus(TaintInfo taintInfo, Analysis.FlagType flag)
        {
            this.tainted  = taintInfo.taint;
            this.priority = taintInfo.priority;

            lines = getLines(taintInfo, flag);
        }
Beispiel #3
0
 public bool equalTo(TaintPriority other)
 {
     return(other.HTML == HTML && other.SQL == SQL && other.FilePath == FilePath);
 }
Beispiel #4
0
        /// <summary>
        /// Merges multiple taint information into one.
        /// </summary>
        /// <param name="values">info values with taint information</param>
        /// <param name="nullValue">indicator of null flow</param>
        /// <returns>merged taint information</returns>
        private TaintInfo mergeTaint(List <ValueInfo> values, bool nullValue)
        {
            TaintInfo info = new TaintInfo();

            info.point = _currentPoint;
            TaintPriority    priority            = new TaintPriority(true);
            List <TaintInfo> processedTaintInfos = new List <TaintInfo>();

            //if _currentPoint is a ConcatExPoint, its priority is high whenever one of the values has high priority
            if (_currentPoint is ConcatExPoint)
            {
                priority.setAll(false);
            }
            Taint taint          = new Taint(false);
            bool  existsNullFlow = false;
            bool  existsFlow     = false;
            bool  tainted        = false;

            foreach (var pair in values)
            {
                existsFlow |= (pair.values.Count > 0);
                foreach (var infoValue in pair.values)
                {
                    if (infoValue is UndefinedValue)
                    {
                        continue;
                    }
                    if (!(infoValue is InfoValue <TaintInfo>))
                    {
                        continue;
                    }
                    TaintInfo varInfo = (((InfoValue <TaintInfo>)infoValue).Data);
                    if (processedTaintInfos.Contains(varInfo))
                    {
                        continue;
                    }
                    processedTaintInfos.Add(varInfo);
                    existsNullFlow |= varInfo.nullValue;
                    tainted        |= varInfo.tainted;

                    /* If _currentPoint is not ConcatExPoint, the priority is low whenever one of the values
                     * has a low priority.
                     * If _currentPoint is ConcatExPoint, the priority is high whenever one of the values has
                     * a high priority */
                    if (!(_currentPoint is ConcatExPoint))
                    {
                        priority.copyTaint(false, varInfo.priority);
                    }
                    if (_currentPoint is ConcatExPoint)
                    {
                        priority.copyTaint(true, varInfo.priority);
                    }

                    taint.copyTaint(true, varInfo.taint);

                    info.possibleTaintFlows.Add(new TaintFlow(varInfo, pair.variable));
                }
            }

            info.nullValue = existsNullFlow;
            info.tainted   = tainted;

            if (!existsFlow)
            {
                priority.setAll(false);
            }

            if (nullValue && !existsNullFlow)
            {
                if (!existsFlow)
                {
                    priority.setAll(true);
                }
                info.nullValue = true;
                info.tainted   = true;
            }

            info.priority = priority;
            info.taint    = taint;
            return(info);
        }
Beispiel #5
0
 public TaintStatus(bool tainted, TaintPriority priority, params List <int>[] lines)
 {
     this.tainted  = new Taint.Taint(tainted);
     this.priority = priority;
     this.lines    = new List <List <int> >(lines);
 }