Example #1
0
        public SQLSink(JToken JSON) : base(JSON)
        {
            SQLITaint tmp;
            bool      success = Enum.TryParse((string)JSON.SelectToken(Keys.PHPDefinitionJSONKeys.GeneralKeys.DefaultStatusCode), out tmp);

            DefaultStatus = success ? tmp : SQLITaint.SQL_ALL;

            this.Classnames = new List <string>();
            var classnames = (JArray)JSON.SelectToken(Keys.PHPDefinitionJSONKeys.GeneralKeys.Classnames);

            if (classnames != null)
            {
                foreach (string format in classnames)
                {
                    this.Classnames.Add(format);
                }
            }

            var paramArray = (JArray)JSON.SelectToken(Keys.PHPDefinitionJSONKeys.GeneralKeys.Parameters);

            foreach (JObject param in paramArray)
            {
                //if (param.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterValues) == null) continue;

                var parameterNumber = (uint)param.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterNumber);
                var type            = (string)param.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterType);
                var optional        = (bool?)param.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterIsOptional);
                var vulnerable      = (bool?)param.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterCanCreateHole);
                var paramValues     = (JArray)param.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterValues);
                var variadic        = (bool?)param.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterIsVariadic);

                switch (type)
                {
                case "flag":
                    var flagParam = FlagParameterFactory.CreateFlagParameter <SQLITaint>(paramValues, DefaultStatus, isOptional: optional,
                                                                                         isVulnerable: vulnerable, isVaridic: variadic);
                    Parameters.Add(new Tuple <uint, string>(parameterNumber, type), flagParam);
                    break;

                case "bool":
                case "boolean":
                    var boolParam = BooleanParameterFactory.CreateBooleanParameter <SQLITaint>(paramValues, DefaultStatus, isOptional: optional,
                                                                                               isVulnerable: vulnerable, isVariadic: variadic);
                    Parameters.Add(new Tuple <uint, string>(parameterNumber, type), boolParam);
                    break;

                case "int":
                case "integer":
                    var intParam = IntegerParameterFactory.CreateIntParameter <SQLITaint>(paramValues, DefaultStatus, isOptional: optional,
                                                                                          isVulnerable: vulnerable, isVariadic: variadic);
                    Parameters.Add(new Tuple <uint, string>(parameterNumber, type), intParam);
                    break;

                case "str":
                case "string":
                    var strParam = StringParameterFactory.CreateStringParameter <SQLITaint>(paramValues, DefaultStatus, isOptional: optional,
                                                                                            isVulnerable: vulnerable, isVariadic: variadic);
                    Parameters.Add(new Tuple <uint, string>(parameterNumber, type), strParam);
                    break;

                case "array":
                case "object":
                default:
                    Parameters.Add(new Tuple <uint, string>(parameterNumber, type), new Parameter(optional ?? false, vulnerable ?? false));
                    break;
                }
            }
        }
Example #2
0
        public SQLSanitizer(JToken JSON) : base(JSON)
        {
            Parameters = new Dictionary <Tuple <uint, string>, Parameter>();

            SQLITaint tmp;
            bool      success = Enum.TryParse((string)JSON.SelectToken(Keys.PHPDefinitionJSONKeys.GeneralKeys.DefaultStatusCode), out tmp);

            DefaultStatus = success ? tmp : SQLITaint.SQL_ALL;

            var paramsArray = (JArray)JSON.SelectToken(Keys.PHPDefinitionJSONKeys.GeneralKeys.Parameters);

            foreach (JObject param in paramsArray)
            {
                var paramValues = (JArray)param.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterValues);
                var type        = (string)param.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterType);
                var paramNumber = (uint)param.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterNumber);
                var isOptional  = (bool?)param.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterIsOptional);
                var variadic    = (bool?)param.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterIsVariadic);
                var isReturn    = (bool?)param.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterIsReturnValue);

                if (paramValues == null)
                {
                    var objectParam = new Parameter(isOptional ?? false, false, variadic ?? false, false, "", isReturn ?? false);
                    Parameters.Add(new Tuple <uint, string>(paramNumber, type), objectParam);
                    continue;
                }

                switch (type)
                {
                case "flag":
                    var flag = FlagParameterFactory.CreateFlagParameter <SQLITaint>(paramValues, DefaultStatus,
                                                                                    isOptional: isOptional, isVaridic: variadic, isReturn: isReturn);
                    Parameters.Add(new Tuple <uint, string>(paramNumber, type), flag);
                    break;

                case "bool":
                case "boolean":
                    var boolparam = BooleanParameterFactory.CreateBooleanParameter <SQLITaint>(paramValues, DefaultStatus,
                                                                                               isOptional: isOptional, isVariadic: variadic, isReturn: isReturn);
                    Parameters.Add(new Tuple <uint, string>(paramNumber, type), boolparam);
                    break;

                case "int":
                case "integer":
                    var intParam = IntegerParameterFactory.CreateIntParameter <SQLITaint>(paramValues, DefaultStatus,
                                                                                          isOptional: isOptional, isVariadic: variadic, isReturn: isReturn);
                    Parameters.Add(new Tuple <uint, string>(paramNumber, type), intParam);
                    break;

                case "str":
                case "string":
                    var strParam = StringParameterFactory.CreateStringParameter <SQLITaint>(paramValues, DefaultStatus,
                                                                                            isOptional: isOptional, isVariadic: variadic, isReturn: isReturn);
                    Parameters.Add(new Tuple <uint, string>(paramNumber, type), strParam);
                    break;

                case "array":
                    break;

                case "object":
                    break;

                default:
                    string s = String.Format("Unknown parameter type. Parameter number: {0} had the type {1}", paramNumber, type).ToString();
                    throw new NotSupportedException(s);
                }
            }
        }
Example #3
0
        public XSSSink(JToken JSON) : base(JSON)
        {
            Parameters = new Dictionary <Tuple <uint, string>, Parameter>();

            XSSTaint tmp;
            bool     success = Enum.TryParse((string)JSON.SelectToken(Keys.PHPDefinitionJSONKeys.GeneralKeys.DefaultStatusCode), out tmp);

            DefaultStatus = success ? tmp : XSSTaint.XSS_ALL;

            Outputs = (bool)JSON.SelectToken(Keys.PHPDefinitionJSONKeys.GeneralKeys.OutputsPerDefault);

            var parameters = (JArray)JSON.SelectToken(Keys.PHPDefinitionJSONKeys.GeneralKeys.Parameters);

            foreach (JObject parameterObject in parameters)
            {
                var parameterNumber = (uint)parameterObject.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterNumber);
                var optional        = (bool?)parameterObject.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterIsOptional);
                var type            = (string)parameterObject.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterType);
                var paramValues     = (JArray)parameterObject.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterValues);
                var vulnerable      = (bool?)parameterObject.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterCanCreateHole);
                var isVariadic      = (bool?)parameterObject.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterIsVariadic);
                //TODO: Add support for return parameters

                switch (type)
                {
                case "flag":
                    var flagParam = FlagParameterFactory.CreateFlagParameter <XSSTaint>(paramValues, DefaultStatus, isOptional: optional,
                                                                                        isVulnerable: vulnerable, isVaridic: isVariadic);
                    Parameters.Add(new Tuple <uint, string>(parameterNumber, type), flagParam);
                    break;

                case "bool":
                case "boolean":
                    var boolParam = BooleanParameterFactory.CreateBooleanParameter <XSSTaint>(paramValues, DefaultStatus, isOptional: optional,
                                                                                              isVulnerable: vulnerable, isVariadic: isVariadic);
                    Parameters.Add(new Tuple <uint, string>(parameterNumber, type), boolParam);
                    break;

                case "int":
                case "integer":
                    var intParam = IntegerParameterFactory.CreateIntParameter <XSSTaint>(paramValues, DefaultStatus, isOptional: optional,
                                                                                         isVulnerable: vulnerable, isVariadic: isVariadic);
                    Parameters.Add(new Tuple <uint, string>(parameterNumber, type), intParam);
                    break;

                case "str":
                case "string":
                    var strParam = StringParameterFactory.CreateStringParameter <XSSTaint>(paramValues, DefaultStatus, isOptional: optional,
                                                                                           isVulnerable: vulnerable, isVariadic: isVariadic);
                    Parameters.Add(new Tuple <uint, string>(parameterNumber, type), strParam);
                    break;

                case "array":
                case "object":
                case "mix":
                    var tuple = new Tuple <uint, string>(parameterNumber, type);
                    Parameters.Add(tuple, new Parameter(optional ?? false, vulnerable ?? true, isVariadic ?? false, false, "", false));
                    break;

                default:
                    string s = String.Format("Unknown parameter type. Parameter number: {0} had the type {1}", parameterNumber, type).ToString();
                    throw new NotSupportedException(s);
                }
            }
        }