public TaintStatus(TaintInfo taintInfo)
{
this.tainted = taintInfo.taint;
this.priority = taintInfo.priority;
lines = getLines(taintInfo);
}
public TaintStatus(TaintInfo taintInfo, Analysis.FlagType flag)
{
this.tainted = taintInfo.taint;
this.priority = taintInfo.priority;
lines = getLines(taintInfo, flag);
}
public bool equalTo(TaintPriority other)
{
return(other.HTML == HTML && other.SQL == SQL && other.FilePath == FilePath);
}
/// <summary>
/// Merges multiple taint information into one.
/// </summary>
/// <param name="values">info values with taint information</param>
/// <param name="nullValue">indicator of null flow</param>
/// <returns>merged taint information</returns>
private TaintInfo mergeTaint(List <ValueInfo> values, bool nullValue)
{
TaintInfo info = new TaintInfo();
info.point = _currentPoint;
TaintPriority priority = new TaintPriority(true);
List <TaintInfo> processedTaintInfos = new List <TaintInfo>();
//if _currentPoint is a ConcatExPoint, its priority is high whenever one of the values has high priority
if (_currentPoint is ConcatExPoint)
{
priority.setAll(false);
}
Taint taint = new Taint(false);
bool existsNullFlow = false;
bool existsFlow = false;
bool tainted = false;
foreach (var pair in values)
{
existsFlow |= (pair.values.Count > 0);
foreach (var infoValue in pair.values)
{
if (infoValue is UndefinedValue)
{
continue;
}
if (!(infoValue is InfoValue <TaintInfo>))
{
continue;
}
TaintInfo varInfo = (((InfoValue <TaintInfo>)infoValue).Data);
if (processedTaintInfos.Contains(varInfo))
{
continue;
}
processedTaintInfos.Add(varInfo);
existsNullFlow |= varInfo.nullValue;
tainted |= varInfo.tainted;
/* If _currentPoint is not ConcatExPoint, the priority is low whenever one of the values
* has a low priority.
* If _currentPoint is ConcatExPoint, the priority is high whenever one of the values has
* a high priority */
if (!(_currentPoint is ConcatExPoint))
{
priority.copyTaint(false, varInfo.priority);
}
if (_currentPoint is ConcatExPoint)
{
priority.copyTaint(true, varInfo.priority);
}
taint.copyTaint(true, varInfo.taint);
info.possibleTaintFlows.Add(new TaintFlow(varInfo, pair.variable));
}
}
info.nullValue = existsNullFlow;
info.tainted = tainted;
if (!existsFlow)
{
priority.setAll(false);
}
if (nullValue && !existsNullFlow)
{
if (!existsFlow)
{
priority.setAll(true);
}
info.nullValue = true;
info.tainted = true;
}
info.priority = priority;
info.taint = taint;
return(info);
}
public TaintStatus(bool tainted, TaintPriority priority, params List <int>[] lines)
{
this.tainted = new Taint.Taint(tainted);
this.priority = priority;
this.lines = new List <List <int> >(lines);
}