void Analyze(VariableDeclarationStatement Stmt)
{
SetCurrentLineAndCharNos(Stmt);
ItemChecker TC = new ItemChecker(this);
if (Stmt.Identifier != null)
{
List<JintItem> LeftItems = new List<JintItem>() { new JintItem(Stmt.Source, JintState.Identifier, Stmt.Identifier, this)};
int StatusIndex = AddToJintStack(Stmt.Source, JintState.Identifier, Stmt.Identifier);
if (Stmt.Expression != null)
{
int RightExpIndex = AddToJintStack(Stmt.Source, JintState.AssignmentExpressionRight);
Analyze(Stmt.Expression);
List<JintItem> RightItems = RemoveJintStackFrom(RightExpIndex + 1);
if (Stmt.Expression.GetType().Name.Equals("AssignmentExpression"))
{
Analyze(((AssignmentExpression)Stmt.Expression).Left);
RightItems = RemoveJintStackFrom(RightExpIndex + 1);
}
List<List<JintItem>> RightItemParts = ItemChecker.GetItemParts(RightItems);
UpdateMappings(LeftItems, RightItemParts);
foreach (List<JintItem> RightItemPart in RightItemParts)
{
TaintResult RightResult = TC.Check(RightItemPart);
if (RightResult.SourceTaint)
{
foreach (JintItem Item in LeftItems)
{
Item.SourceReasons.AddRange(RightResult.SourceReasons);
}
AddToSourceObjects(LeftItems);
if (RightItems.Count > 0)
AddSourceLine(RightItemPart[0].LineNo, RightResult.SourceReasons);
else
AddSourceLine(CurrentLineNo, RightResult.SourceReasons);
}
if (RightResult.SinkTaint)
{
foreach (JintItem Item in LeftItems)
{
Item.SinkReasons.AddRange(RightResult.SinkReasons);
}
AddToSinkObjects(LeftItems);
if (RightItems.Count > 0)
AddSinkLine(RightItemPart[0].LineNo, RightResult.SinkReasons);
else
AddSinkLine(CurrentLineNo, RightResult.SinkReasons);
}
}
RemoveJintStackFrom(StatusIndex);
}
}
}
void Analyze(MethodCall Stmt)
{
SetCurrentLineAndCharNos(Stmt);
int LineNo = CurrentLineNo;
JintItem LastItem;
if (JintStack.Count > 0)
{
LastItem = JintStack[JintStack.Count - 1];
if (LastItem.State == JintState.MethodCallArgument || LastItem.State == JintState.MethodName)
{
LastItem = new JintItem(CurrentLineNo, 0, JintState.AnonymousMethod);
JintStack.Add(LastItem);
}
}
else
{
LastItem = new JintItem(CurrentLineNo, 0, JintState.AnonymousMethod);
JintStack.Add(LastItem);
}
int MethodCallIndex = 0;
if (LastItem.State == JintState.Identifier || LastItem.State == JintState.Property || LastItem.State == JintState.Indexer || LastItem.State == JintState.StringIndex || LastItem.State == JintState.IdentifierIndex || LastItem.State == JintState.IntIndex || LastItem.State == JintState.AnonymousMethod || LastItem.LineNo != LineNo)
{
RemoveJintStackFrom(JintStack.Count - 1);
if (LastItem.State == JintState.Identifier || LastItem.State == JintState.Property)
JintStack.Add(new JintItem(LastItem.LineNo, LastItem.CharNo, JintState.MethodCallName, LastItem.Value));
else
JintStack.Add(new JintItem(LastItem.LineNo, LastItem.CharNo, JintState.MethodCallName, ""));
LineNo = LastItem.LineNo;
MethodCallIndex = JintStack.Count - 1;
if (Stmt.Arguments != null)
{
if (Stmt.Arguments.Count > 0)
Analyze(Stmt.Arguments);
else
AddToJintStack(Stmt.Source, JintState.MethodCallArgument);
}
List<JintItem> MethodRelatedItems = GetMethodItems(MethodCallIndex);
ItemChecker IC = new ItemChecker(this);
List<JintItem> MethodArguments = IC.GetLastMethodArguments(MethodRelatedItems);
List<int> SourcePositions = new List<int>();
List<int> SinkPositions = new List<int>();
for (int i = 0; i < MethodArguments.Count; i++)
{
TaintResult Result = IC.Check(MethodArguments[i].SubItems);
if (Result.SourceTaint)
{
SourcePositions.Add(i);
Result.SourceReasons.Add("Method Argument is a Source");
AddSourceLine(CurrentLineNo, Result.SourceReasons);
}
if (Result.SinkTaint)
{
SinkPositions.Add(i);
Result.SinkReasons.Add("Method Argument is a Sink");
AddSinkLine(CurrentLineNo, Result.SinkReasons);
}
}
foreach (List<JintItem> Template in ArgumentAssignedASourceMethods)
{
if(Template.Count == 0) continue;
TaintResult MethodResult = IC.IsMatch(MethodRelatedItems, Template);
if (MethodResult.NeutralReasons.Count > 0)
{
List<JintItem> TemplateArguments = IC.GetLastMethodArguments(Template);
if(TemplateArguments.Count == 0) continue;
AddSourceLine(LineNo, Template[0].SourceReasons);
if (TemplateArguments.Count == 1 && TemplateArguments[0].SubItems.Count == 0 && SinkPositions.Count > 0)
AddSourceToSinkLine(LineNo);
else if (MethodArguments.Count == TemplateArguments.Count)
{
foreach (int i in SinkPositions)
{
if(TemplateArguments.Count > i)
if(TemplateArguments[i].SubItems.Count > 0)
if(TemplateArguments[i].SubItems[0].State == JintState.MethodCallArgumentTaintPointer)
AddSourceToSinkLine(LineNo);
}
}
}
}
foreach (List<JintItem> Template in ArgumentAssignedToSinkMethods)
{
if (Template.Count == 0) continue;
TaintResult MethodResult = IC.IsMatch(MethodRelatedItems, Template);
if (MethodResult.NeutralReasons.Count > 0)
{
List<JintItem> TemplateArguments = IC.GetLastMethodArguments(Template);
if (TemplateArguments.Count == 0) continue;
AddSinkLine(LineNo, Template[0].SinkReasons);
if (TemplateArguments.Count == 1 && TemplateArguments[0].SubItems.Count == 0 && SourcePositions.Count > 0)
AddSourceToSinkLine(LineNo);
else if (MethodArguments.Count == TemplateArguments.Count)
{
foreach (int i in SourcePositions)
{
if (TemplateArguments.Count > i)
if (TemplateArguments[i].SubItems.Count > 0)
if (TemplateArguments[i].SubItems[0].State == JintState.MethodCallArgumentTaintPointer)
AddSourceToSinkLine(LineNo);
}
}
}
}
}
else
{
IronException.Report("MethodName missing in IronJint", "LastItem State -" + LastItem.State.ToString());
}
if (Stmt.Generics != null) Analyze(Stmt.Generics);
}
void Analyze(ReturnStatement Stmt)
{
SetCurrentLineAndCharNos(Stmt);
if (Stmt.Expression != null)
{
int StatusIndex = JintStack.Count;
Analyze(Stmt.Expression);
if (JintStack.Count > StatusIndex)
{
List<JintItem> ReturnItems = RemoveJintStackFrom(StatusIndex);
if (ReturnItems.Count > 0)
{
ItemChecker IC = new ItemChecker(this);
TaintResult ReturnResult = IC.Check(ReturnItems);
if (ReturnResult.SourceTaint)
AddSourceLine(ReturnItems[0].LineNo, ReturnResult.SourceReasons);
if (ReturnResult.SinkTaint)
AddSinkLine(ReturnItems[0].LineNo, ReturnResult.SinkReasons);
}
}
}
}
void Analyze(AssignmentExpression Stmt)
{
SetCurrentLineAndCharNos(Stmt);
List<JintItem> LeftItems = new List<JintItem>();
List<List<JintItem>> LeftItemParts = new List<List<JintItem>>();
List<List<JintItem>> SinkTaintedLeftItems = new List<List<JintItem>>();
ItemChecker TC = new ItemChecker(this);
if (Stmt.Left != null)
{
int StatusIndex = AddToJintStack(Stmt.Left.Source, JintState.AssignmentExpressionLeft);
Analyze(Stmt.Left);
LeftItems = RemoveJintStackFrom(StatusIndex + 1);
LeftItemParts = ItemChecker.GetItemParts(LeftItems);
foreach (List<JintItem> LeftItemPart in LeftItemParts)
{
TaintResult LeftResult = TC.Check(LeftItemPart);
if (LeftResult.SinkTaint)
{
SinkTaintedLeftItems.Add(LeftItemPart);
if (LeftItemPart.Count > 0)
AddSinkLine(LeftItemPart[0].LineNo, LeftResult.SinkReasons);
else
AddSinkLine(CurrentLineNo, LeftResult.SinkReasons);
}
}
RemoveJintStackFrom(StatusIndex);
}
List<JintItem> RightItems = new List<JintItem>();
if (Stmt.Right != null)
{
int StatusIndex = AddToJintStack(Stmt.Left.Source, JintState.AssignmentExpressionRight);
Analyze(Stmt.Right);
RightItems = RemoveJintStackFrom(StatusIndex + 1);
if (Stmt.Right.GetType().Name.Equals("AssignmentExpression"))
{
Analyze(((AssignmentExpression)Stmt.Right).Left);
RightItems = RemoveJintStackFrom(StatusIndex + 1);
}
List<List<JintItem>> RightItemParts = ItemChecker.GetItemParts(RightItems);
UpdateMappings(LeftItems, RightItemParts);
foreach (List<JintItem> RightItemPart in RightItemParts)
{
TaintResult RightResult = TC.Check(RightItemPart);
if (RightResult.SourceTaint)
{
foreach (JintItem Item in LeftItems)
{
Item.SourceReasons.AddRange(RightResult.SourceReasons);
}
AddToSourceObjects(LeftItems);
if (RightItems.Count > 0)
AddSourceLine(RightItemPart[0].LineNo, RightResult.SourceReasons);
else
AddSourceLine(CurrentLineNo, RightResult.SourceReasons);
if (SinkTaintedLeftItems.Count > 0)
if (LeftItems.Count > 0)
AddSourceToSinkLine(LeftItems[0].LineNo);
else
AddSourceToSinkLine(CurrentLineNo);
}
else
{
foreach (List<JintItem> LeftItemPart in LeftItemParts)
{
RemoveFromSourceTaintedItems(LeftItemPart);
}
}
if (RightResult.SinkTaint)
{
foreach (JintItem Item in LeftItems)
{
Item.SinkReasons.AddRange(RightResult.SinkReasons);
}
foreach (List<JintItem> LeftItemPart in LeftItemParts)
{
AddToSinkObjects(LeftItemPart);
}
if (RightItems.Count > 0)
AddSinkLine(RightItemPart[0].LineNo, RightResult.SinkReasons);
else
AddSinkLine(CurrentLineNo, RightResult.SinkReasons);
}
else
{
foreach (List<JintItem> LeftItemPart in LeftItemParts)
{
RemoveFromSinkTaintedItems(LeftItemPart);
}
}
}
RemoveJintStackFrom(StatusIndex);
}
}
