public VariableState(SyntaxNode node, VariableTaint taint = Unknown, object value = null)
{
Taint = taint;
Value = null;
if (Taint == Constant)
{
Value = value;
}
Node = node;
Properties = new Dictionary <string, VariableState>();
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="taint">Initial state</param>
public VariableState(SyntaxNode p_node, VariableTaint taint = UNKNOWN, List <VariableTag> p_tags = null)
{
this.taint = taint;
if (p_tags == null)
{
this.tags = new List <VariableTag>();
}
else
{
tags = p_tags;
}
node = p_node;
}
public void ResolveTaint(VariableTaint newTaint)
{
if (Taint == Unset)
{
Taint = newTaint;
}
else
{
switch (newTaint)
{
case Tainted:
Taint = Tainted;
break;
case Unknown:
if (Taint != Tainted)
{
Taint = Unknown;
}
break;
case Safe:
if (Taint != Tainted && Taint != Unknown)
{
Taint = Safe;
}
break;
case Constant:
case Unset:
break;
default:
throw new ArgumentOutOfRangeException();
}
}
}
public override VariableTaint Merge(VariableTaint other)
{
XSSTaintSet newSet = (XSSTaintSet)other;
return(Merge(newSet));
}
/// <summary>
/// Merges two taints (in concatenation case for example). The worst case wins.
/// So tainted + sanitized gives tainted.
/// </summary>
public void MergeTaint(VariableTaint newTaint, object value = null)
{
if (newTaint == Unset)
{
return;
}
if (((Taint & Constant) != 0ul) && ((Taint & Safe) != 0ul))
{
throw new ArgumentOutOfRangeException(); // precondition
}
if (((newTaint & Constant) != 0ul) && ((newTaint & Safe) != 0ul))
{
throw new ArgumentOutOfRangeException();
}
if (Taint == Unset)
{
Taint = newTaint;
}
else if (Taint != Safe && newTaint != Safe &&
(Taint & (Unknown | Tainted)) != 0ul && ((Taint & Safe) != 0ul) &&
(newTaint & (Unknown | Tainted)) != 0ul && ((newTaint & Safe) != 0ul))
{
if (((Taint & Tainted) != 0ul) || ((newTaint & Tainted) != 0ul))
{
Taint = Tainted | (Taint & newTaint & Safe);
}
else
{
Taint = Unknown | (Taint & newTaint & Safe);
}
}
else if ((Taint == Constant && ((newTaint & Tainted) != 0ul) ||
(newTaint == Constant && ((Taint & Tainted) != 0ul))))
{
Taint = Tainted | ((Taint | newTaint) & Safe);
}
else if ((Taint == Constant && ((newTaint & Unknown) != 0ul) ||
(newTaint == Constant && ((Taint & Unknown) != 0ul))))
{
Taint = Unknown | ((Taint | newTaint) & Safe);
}
else if ((Taint == Safe && ((newTaint & (Unknown | Tainted)) != 0ul)))
{
Taint = newTaint;
}
else if ((newTaint == Safe && ((Taint & (Unknown | Tainted)) != 0ul)))
{
//Taint = Taint;
}
else if (((newTaint & Tainted) != 0ul) || ((Taint & Tainted) != 0ul))
{
Taint = Tainted;
}
else if (((newTaint & Unknown) != 0ul) || ((Taint & Unknown) != 0ul))
{
Taint = Unknown;
}
else if (Taint == Constant && newTaint == Constant)
{
Taint = Constant;
}
else
{
Taint = Safe;
}
if (Taint == Constant)
{
Value = value;
}
}
public void AddTaintedVar(Variable var, VariableTaint varTaint)
{
Taint = Taint.SetItem(var, varTaint);
}
/// <summary>
///
/// </summary>
/// <param name="taint">Initial state</param>
public VariableState(VariableTaint taint = UNKNOWN)
{
this.taint = taint;
this.tags = new List <VariableTag>();
node = null;
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="taint">Initial state</param>
public VariableState(SyntaxNode node, VariableTaint taint = Unknown, List <VariableTag> tags = null)
{
Taint = taint;
Tags = tags ?? new List <VariableTag>();
Node = node;
}
