public XSSTaintSet AddTaint(XSSTaint taint) { return(new XSSTaintSet() { TaintTag = TaintTag | taint }); }
public XSSTaint GetTaintStatus(Dictionary <uint, string> arguments) { XSSTaint returnValue = XSSTaint.XSS_ALL; foreach (var arg in arguments) { var param = Parameters.FirstOrDefault(x => x.Key.Item1 == arg.Key); XSSTaint tmp; try { switch (param.Key.Item2) { case "flag": var flagVal = Int32.Parse(arg.Value); var flagParameter = (FlagParameter <XSSTaint>)param.Value; tmp = (XSSTaint)flagParameter.GetStatus(flagVal); break; case "bool": case "boolean": var boolVal = Boolean.Parse(arg.Value); var booleanParam = (BooleanParameter <XSSTaint>)param.Value; tmp = (XSSTaint)booleanParam.GetStatus(boolVal); break; case "int": case "integer": var intVal = Int32.Parse(arg.Value); var intParam = (IntegerParameter <XSSTaint>)param.Value; tmp = (XSSTaint)intParam.GetStatus(intVal); break; case "str": case "string": var strParam = (StringParameter <XSSTaint>)param.Value; tmp = (XSSTaint)strParam.GetStatus(arg.Value); break; case "array": case "object": default: continue; } if (tmp < returnValue) { returnValue = tmp; } } catch (NullReferenceException e) { return(this.DefaultStatus); } } return(returnValue); }
public Source(JToken JSON) { Name = (string)JSON.SelectToken(Keys.PHPDefinitionJSONKeys.GeneralKeys.Name); Type = (string)JSON.SelectToken(Keys.PHPDefinitionJSONKeys.GeneralKeys.Type); var xssTaintStr = (string)JSON.SelectToken(Keys.PHPDefinitionJSONKeys.GeneralKeys.XssTaint); var sqlTaintStr = (string)JSON.SelectToken(Keys.PHPDefinitionJSONKeys.GeneralKeys.SqlTaint); //Set up XSS taint from JSON, if it cannot be parsed, then use the default XSS_ALL tag XSSTaint tmpXss = XSSTaint.XSS_ALL; var success = Enum.TryParse(xssTaintStr, out tmpXss); if (success) { XssTaint = new XSSTaintSet(tmpXss); } else { XssTaint = new XSSTaintSet(XSSTaint.XSS_ALL); } //Set up SQL taint from JSON. If it cannot be parsed then use the default SQL_ALL tag. SQLITaint tmpSqli = SQLITaint.SQL_ALL; success = Enum.TryParse(sqlTaintStr, out tmpSqli); if (success) { SqliTaint = new SQLITaintSet(tmpSqli); } else { SqliTaint = new SQLITaintSet(SQLITaint.SQL_ALL); } Formats = new List <string>(); var formats = (JArray)JSON.SelectToken(Keys.PHPDefinitionJSONKeys.GeneralKeys.Formats); foreach (string format in formats) { Formats.Add(format); } }
public XSSTaintSet(XSSTaint taintStatus = XSSTaint.None) { this.TaintTag = taintStatus; }
public XSSSanitizer(JToken JSON) : base(JSON) { Parameters = new Dictionary <Tuple <uint, string>, Parameter>(); XSSTaint tmp; bool success = Enum.TryParse((string)JSON.SelectToken(Keys.PHPDefinitionJSONKeys.GeneralKeys.DefaultStatusCode), out tmp); DefaultStatus = success ? tmp : XSSTaint.XSS_ALL; var paramsArray = (JArray)JSON.SelectToken(Keys.PHPDefinitionJSONKeys.GeneralKeys.Parameters); foreach (JObject param in paramsArray) { var paramNumber = (uint)param.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterNumber); var type = (string)param.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterType); var isOptional = (bool?)param.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterIsOptional); var isVariadic = (bool?)param.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterIsVariadic); var paramValues = (JArray)param.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterValues); var isReturn = (bool?)param.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterIsReturnValue); if (param.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterValues) == null) { var parameter = new Parameter(isOptional ?? false, false, isVariadic ?? false, false, "", isReturn ?? false); Parameters.Add(new Tuple <uint, string>(paramNumber, type), parameter); continue; } switch (type) { case "flag": var flag = FlagParameterFactory.CreateFlagParameter <XSSTaint>(paramValues, this.DefaultStatus, isOptional: isOptional, isVaridic: isVariadic, isReturn: isReturn); Parameters.Add(new Tuple <uint, string>(paramNumber, type), flag); break; case "bool": case "boolean": var boolparam = BooleanParameterFactory.CreateBooleanParameter <XSSTaint>(paramValues, this.DefaultStatus, isOptional: isOptional, isVariadic: isVariadic, isReturn: isReturn); Parameters.Add(new Tuple <uint, string>(paramNumber, type), boolparam); break; case "int": case "integer": var intParam = IntegerParameterFactory.CreateIntParameter <XSSTaint>(paramValues, this.DefaultStatus, isOptional: isOptional, isVariadic: isVariadic, isReturn: isReturn); Parameters.Add(new Tuple <uint, string>(paramNumber, type), intParam); break; case "str": case "string": var strParam = StringParameterFactory.CreateStringParameter <XSSTaint>(paramValues, this.DefaultStatus, isOptional: isOptional, isVariadic: isVariadic, isReturn: isReturn); Parameters.Add(new Tuple <uint, string>(paramNumber, type), strParam); break; case "array": break; case "object": break; default: string s = String.Format("Unknown parameter type. Parameter number: {0} had the type {1}", paramNumber, type).ToString(); throw new NotSupportedException(s); } } }