/// <summary>
/// If the function is a sanitizer, the sanitized taint flows are removed
/// </summary>
/// <param name="p">program point with a function</param>
/// <param name="taintInfo">TaintInfo that is being sanitized</param>
private void sanitize(NativeAnalyzerPoint p, ref TaintInfo taintInfo)
{
NativeAnalyzerMethod method = p.Analyzer.Method;
QualifiedName functName = getMethodName(p);
functAnalyzer = NativeFunctionAnalyzer.CreateInstance();
List <FlagType> flags;
if (functAnalyzer.SanitizingFunctions.TryGetValue(functName, out flags))
{
taintInfo.setSanitized(flags);
}
}
/// <summary>
/// Visits a binary expression point and propagates the taint from both the operands.
/// </summary>
/// <param name="p">point to visit</param>
public override void VisitBinary(BinaryExPoint p)
{
_currentPoint = p;
List <ValueInfo> values = new List <ValueInfo>();
bool nullValue = false;
nullValue = addOperandValues(values, p.LeftOperand, nullValue);
nullValue = addOperandValues(values, p.RightOperand, nullValue);
TaintInfo outputTaint = mergeTaint(values, nullValue);
outputTaint.setSanitized(new List <FlagType>()
{
FlagType.FilePathDirty, FlagType.HTMLDirty, FlagType.SQLDirty
});
p.SetValueContent(new MemoryEntry(Output.CreateInfo(outputTaint)));
}