public override void VisitBinary(BinaryExPoint p)
{
List <Value> argumentValues = new List <Value>();
argumentValues.AddRange(p.LeftOperand.Value.ReadMemory(Output).PossibleValues);
argumentValues.AddRange(p.RightOperand.Value.ReadMemory(Output).PossibleValues);
p.SetValueContent(new MemoryEntry(Output.CreateInfo(mergeTaint(argumentValues))));
}
/// <summary>
/// Visits a binary expression point and propagates the taint from both the operands.
/// </summary>
/// <param name="p">point to visit</param>
public override void VisitBinary(BinaryExPoint p)
{
_currentPoint = p;
List <ValueInfo> values = new List <ValueInfo>();
bool nullValue = false;
nullValue = addOperandValues(values, p.LeftOperand, nullValue);
nullValue = addOperandValues(values, p.RightOperand, nullValue);
TaintInfo outputTaint = mergeTaint(values, nullValue);
outputTaint.setSanitized(new List <FlagType>()
{
FlagType.FilePathDirty, FlagType.HTMLDirty, FlagType.SQLDirty
});
p.SetValueContent(new MemoryEntry(Output.CreateInfo(outputTaint)));
}
public override void VisitBinaryEx(BinaryEx x)
{
var lOperand = CreateRValue(x.LeftExpr);
ValuePoint rOperand;
BinaryExPoint expression;
switch (x.PublicOperation)
{
case Operations.And:
case Operations.Or:
/* Points are created in current ordering
* 1. blockStart,
* 2. shortendPath,
* 3. nonShortendPath,
* 4. rOperand
*/
var shortableForm = x.PublicOperation == Operations.And ? ConditionForm.None : ConditionForm.All;
var nonShortableForm = shortableForm == ConditionForm.All ? ConditionForm.None : ConditionForm.All;
var shortableCondition = new AssumptionCondition(shortableForm, x.LeftExpr);
//shortened evaluation path
var shortendPath = new AssumePoint(shortableCondition, new[] { lOperand });
var nonShortableCondition = new AssumptionCondition(nonShortableForm, x.LeftExpr);
//normal evaluation
var nonShortendPath = new AssumePoint(nonShortableCondition, new[] { lOperand });
//block borders
var blockStart = new EmptyProgramPoint();
//1.
AppendToChain(blockStart);
//2.
AppendToChain(shortendPath);
//3.
AppendToChain(nonShortendPath);
//4.
rOperand = CreateRValue(x.RightExpr);
expression = new BinaryExPoint(x, lOperand, rOperand);
//shortend path is added via chain
blockStart.AddFlowChild(nonShortendPath);
//set explicit edge
PreventChainEdge(shortendPath);
shortendPath.AddFlowChild(expression);
break;
default:
rOperand = CreateRValue(x.RightExpr);
expression = new BinaryExPoint(x, lOperand, rOperand);
break;
}
Result(expression);
}
