public XSSTaintSet AddTaint(XSSTaint taint)
{
return(new XSSTaintSet()
{
TaintTag = TaintTag | taint
});
}
public XSSTaint GetTaintStatus(Dictionary <uint, string> arguments)
{
XSSTaint returnValue = XSSTaint.XSS_ALL;
foreach (var arg in arguments)
{
var param = Parameters.FirstOrDefault(x => x.Key.Item1 == arg.Key);
XSSTaint tmp;
try
{
switch (param.Key.Item2)
{
case "flag":
var flagVal = Int32.Parse(arg.Value);
var flagParameter = (FlagParameter <XSSTaint>)param.Value;
tmp = (XSSTaint)flagParameter.GetStatus(flagVal);
break;
case "bool":
case "boolean":
var boolVal = Boolean.Parse(arg.Value);
var booleanParam = (BooleanParameter <XSSTaint>)param.Value;
tmp = (XSSTaint)booleanParam.GetStatus(boolVal);
break;
case "int":
case "integer":
var intVal = Int32.Parse(arg.Value);
var intParam = (IntegerParameter <XSSTaint>)param.Value;
tmp = (XSSTaint)intParam.GetStatus(intVal);
break;
case "str":
case "string":
var strParam = (StringParameter <XSSTaint>)param.Value;
tmp = (XSSTaint)strParam.GetStatus(arg.Value);
break;
case "array":
case "object":
default:
continue;
}
if (tmp < returnValue)
{
returnValue = tmp;
}
}
catch (NullReferenceException e)
{
return(this.DefaultStatus);
}
}
return(returnValue);
}
public Source(JToken JSON)
{
Name = (string)JSON.SelectToken(Keys.PHPDefinitionJSONKeys.GeneralKeys.Name);
Type = (string)JSON.SelectToken(Keys.PHPDefinitionJSONKeys.GeneralKeys.Type);
var xssTaintStr = (string)JSON.SelectToken(Keys.PHPDefinitionJSONKeys.GeneralKeys.XssTaint);
var sqlTaintStr = (string)JSON.SelectToken(Keys.PHPDefinitionJSONKeys.GeneralKeys.SqlTaint);
//Set up XSS taint from JSON, if it cannot be parsed, then use the default XSS_ALL tag
XSSTaint tmpXss = XSSTaint.XSS_ALL;
var success = Enum.TryParse(xssTaintStr, out tmpXss);
if (success)
{
XssTaint = new XSSTaintSet(tmpXss);
}
else
{
XssTaint = new XSSTaintSet(XSSTaint.XSS_ALL);
}
//Set up SQL taint from JSON. If it cannot be parsed then use the default SQL_ALL tag.
SQLITaint tmpSqli = SQLITaint.SQL_ALL;
success = Enum.TryParse(sqlTaintStr, out tmpSqli);
if (success)
{
SqliTaint = new SQLITaintSet(tmpSqli);
}
else
{
SqliTaint = new SQLITaintSet(SQLITaint.SQL_ALL);
}
Formats = new List <string>();
var formats = (JArray)JSON.SelectToken(Keys.PHPDefinitionJSONKeys.GeneralKeys.Formats);
foreach (string format in formats)
{
Formats.Add(format);
}
}
public XSSTaintSet(XSSTaint taintStatus = XSSTaint.None)
{
this.TaintTag = taintStatus;
}
public XSSSanitizer(JToken JSON) : base(JSON)
{
Parameters = new Dictionary <Tuple <uint, string>, Parameter>();
XSSTaint tmp;
bool success = Enum.TryParse((string)JSON.SelectToken(Keys.PHPDefinitionJSONKeys.GeneralKeys.DefaultStatusCode), out tmp);
DefaultStatus = success ? tmp : XSSTaint.XSS_ALL;
var paramsArray = (JArray)JSON.SelectToken(Keys.PHPDefinitionJSONKeys.GeneralKeys.Parameters);
foreach (JObject param in paramsArray)
{
var paramNumber = (uint)param.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterNumber);
var type = (string)param.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterType);
var isOptional = (bool?)param.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterIsOptional);
var isVariadic = (bool?)param.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterIsVariadic);
var paramValues = (JArray)param.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterValues);
var isReturn = (bool?)param.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterIsReturnValue);
if (param.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterValues) == null)
{
var parameter = new Parameter(isOptional ?? false, false, isVariadic ?? false, false, "", isReturn ?? false);
Parameters.Add(new Tuple <uint, string>(paramNumber, type), parameter);
continue;
}
switch (type)
{
case "flag":
var flag = FlagParameterFactory.CreateFlagParameter <XSSTaint>(paramValues, this.DefaultStatus,
isOptional: isOptional, isVaridic: isVariadic, isReturn: isReturn);
Parameters.Add(new Tuple <uint, string>(paramNumber, type), flag);
break;
case "bool":
case "boolean":
var boolparam = BooleanParameterFactory.CreateBooleanParameter <XSSTaint>(paramValues, this.DefaultStatus,
isOptional: isOptional, isVariadic: isVariadic, isReturn: isReturn);
Parameters.Add(new Tuple <uint, string>(paramNumber, type), boolparam);
break;
case "int":
case "integer":
var intParam = IntegerParameterFactory.CreateIntParameter <XSSTaint>(paramValues, this.DefaultStatus,
isOptional: isOptional, isVariadic: isVariadic, isReturn: isReturn);
Parameters.Add(new Tuple <uint, string>(paramNumber, type), intParam);
break;
case "str":
case "string":
var strParam = StringParameterFactory.CreateStringParameter <XSSTaint>(paramValues, this.DefaultStatus,
isOptional: isOptional, isVariadic: isVariadic, isReturn: isReturn);
Parameters.Add(new Tuple <uint, string>(paramNumber, type), strParam);
break;
case "array":
break;
case "object":
break;
default:
string s = String.Format("Unknown parameter type. Parameter number: {0} had the type {1}", paramNumber, type).ToString();
throw new NotSupportedException(s);
}
}
}