void Analyze(VariableDeclarationStatement Stmt) { SetCurrentLineAndCharNos(Stmt); ItemChecker TC = new ItemChecker(this); if (Stmt.Identifier != null) { List<JintItem> LeftItems = new List<JintItem>() { new JintItem(Stmt.Source, JintState.Identifier, Stmt.Identifier, this)}; int StatusIndex = AddToJintStack(Stmt.Source, JintState.Identifier, Stmt.Identifier); if (Stmt.Expression != null) { int RightExpIndex = AddToJintStack(Stmt.Source, JintState.AssignmentExpressionRight); Analyze(Stmt.Expression); List<JintItem> RightItems = RemoveJintStackFrom(RightExpIndex + 1); if (Stmt.Expression.GetType().Name.Equals("AssignmentExpression")) { Analyze(((AssignmentExpression)Stmt.Expression).Left); RightItems = RemoveJintStackFrom(RightExpIndex + 1); } List<List<JintItem>> RightItemParts = ItemChecker.GetItemParts(RightItems); UpdateMappings(LeftItems, RightItemParts); foreach (List<JintItem> RightItemPart in RightItemParts) { TaintResult RightResult = TC.Check(RightItemPart); if (RightResult.SourceTaint) { foreach (JintItem Item in LeftItems) { Item.SourceReasons.AddRange(RightResult.SourceReasons); } AddToSourceObjects(LeftItems); if (RightItems.Count > 0) AddSourceLine(RightItemPart[0].LineNo, RightResult.SourceReasons); else AddSourceLine(CurrentLineNo, RightResult.SourceReasons); } if (RightResult.SinkTaint) { foreach (JintItem Item in LeftItems) { Item.SinkReasons.AddRange(RightResult.SinkReasons); } AddToSinkObjects(LeftItems); if (RightItems.Count > 0) AddSinkLine(RightItemPart[0].LineNo, RightResult.SinkReasons); else AddSinkLine(CurrentLineNo, RightResult.SinkReasons); } } RemoveJintStackFrom(StatusIndex); } } }
void Analyze(MethodCall Stmt) { SetCurrentLineAndCharNos(Stmt); int LineNo = CurrentLineNo; JintItem LastItem; if (JintStack.Count > 0) { LastItem = JintStack[JintStack.Count - 1]; if (LastItem.State == JintState.MethodCallArgument || LastItem.State == JintState.MethodName) { LastItem = new JintItem(CurrentLineNo, 0, JintState.AnonymousMethod); JintStack.Add(LastItem); } } else { LastItem = new JintItem(CurrentLineNo, 0, JintState.AnonymousMethod); JintStack.Add(LastItem); } int MethodCallIndex = 0; if (LastItem.State == JintState.Identifier || LastItem.State == JintState.Property || LastItem.State == JintState.Indexer || LastItem.State == JintState.StringIndex || LastItem.State == JintState.IdentifierIndex || LastItem.State == JintState.IntIndex || LastItem.State == JintState.AnonymousMethod || LastItem.LineNo != LineNo) { RemoveJintStackFrom(JintStack.Count - 1); if (LastItem.State == JintState.Identifier || LastItem.State == JintState.Property) JintStack.Add(new JintItem(LastItem.LineNo, LastItem.CharNo, JintState.MethodCallName, LastItem.Value)); else JintStack.Add(new JintItem(LastItem.LineNo, LastItem.CharNo, JintState.MethodCallName, "")); LineNo = LastItem.LineNo; MethodCallIndex = JintStack.Count - 1; if (Stmt.Arguments != null) { if (Stmt.Arguments.Count > 0) Analyze(Stmt.Arguments); else AddToJintStack(Stmt.Source, JintState.MethodCallArgument); } List<JintItem> MethodRelatedItems = GetMethodItems(MethodCallIndex); ItemChecker IC = new ItemChecker(this); List<JintItem> MethodArguments = IC.GetLastMethodArguments(MethodRelatedItems); List<int> SourcePositions = new List<int>(); List<int> SinkPositions = new List<int>(); for (int i = 0; i < MethodArguments.Count; i++) { TaintResult Result = IC.Check(MethodArguments[i].SubItems); if (Result.SourceTaint) { SourcePositions.Add(i); Result.SourceReasons.Add("Method Argument is a Source"); AddSourceLine(CurrentLineNo, Result.SourceReasons); } if (Result.SinkTaint) { SinkPositions.Add(i); Result.SinkReasons.Add("Method Argument is a Sink"); AddSinkLine(CurrentLineNo, Result.SinkReasons); } } foreach (List<JintItem> Template in ArgumentAssignedASourceMethods) { if(Template.Count == 0) continue; TaintResult MethodResult = IC.IsMatch(MethodRelatedItems, Template); if (MethodResult.NeutralReasons.Count > 0) { List<JintItem> TemplateArguments = IC.GetLastMethodArguments(Template); if(TemplateArguments.Count == 0) continue; AddSourceLine(LineNo, Template[0].SourceReasons); if (TemplateArguments.Count == 1 && TemplateArguments[0].SubItems.Count == 0 && SinkPositions.Count > 0) AddSourceToSinkLine(LineNo); else if (MethodArguments.Count == TemplateArguments.Count) { foreach (int i in SinkPositions) { if(TemplateArguments.Count > i) if(TemplateArguments[i].SubItems.Count > 0) if(TemplateArguments[i].SubItems[0].State == JintState.MethodCallArgumentTaintPointer) AddSourceToSinkLine(LineNo); } } } } foreach (List<JintItem> Template in ArgumentAssignedToSinkMethods) { if (Template.Count == 0) continue; TaintResult MethodResult = IC.IsMatch(MethodRelatedItems, Template); if (MethodResult.NeutralReasons.Count > 0) { List<JintItem> TemplateArguments = IC.GetLastMethodArguments(Template); if (TemplateArguments.Count == 0) continue; AddSinkLine(LineNo, Template[0].SinkReasons); if (TemplateArguments.Count == 1 && TemplateArguments[0].SubItems.Count == 0 && SourcePositions.Count > 0) AddSourceToSinkLine(LineNo); else if (MethodArguments.Count == TemplateArguments.Count) { foreach (int i in SourcePositions) { if (TemplateArguments.Count > i) if (TemplateArguments[i].SubItems.Count > 0) if (TemplateArguments[i].SubItems[0].State == JintState.MethodCallArgumentTaintPointer) AddSourceToSinkLine(LineNo); } } } } } else { IronException.Report("MethodName missing in IronJint", "LastItem State -" + LastItem.State.ToString()); } if (Stmt.Generics != null) Analyze(Stmt.Generics); }
void Analyze(ReturnStatement Stmt) { SetCurrentLineAndCharNos(Stmt); if (Stmt.Expression != null) { int StatusIndex = JintStack.Count; Analyze(Stmt.Expression); if (JintStack.Count > StatusIndex) { List<JintItem> ReturnItems = RemoveJintStackFrom(StatusIndex); if (ReturnItems.Count > 0) { ItemChecker IC = new ItemChecker(this); TaintResult ReturnResult = IC.Check(ReturnItems); if (ReturnResult.SourceTaint) AddSourceLine(ReturnItems[0].LineNo, ReturnResult.SourceReasons); if (ReturnResult.SinkTaint) AddSinkLine(ReturnItems[0].LineNo, ReturnResult.SinkReasons); } } } }
void Analyze(AssignmentExpression Stmt) { SetCurrentLineAndCharNos(Stmt); List<JintItem> LeftItems = new List<JintItem>(); List<List<JintItem>> LeftItemParts = new List<List<JintItem>>(); List<List<JintItem>> SinkTaintedLeftItems = new List<List<JintItem>>(); ItemChecker TC = new ItemChecker(this); if (Stmt.Left != null) { int StatusIndex = AddToJintStack(Stmt.Left.Source, JintState.AssignmentExpressionLeft); Analyze(Stmt.Left); LeftItems = RemoveJintStackFrom(StatusIndex + 1); LeftItemParts = ItemChecker.GetItemParts(LeftItems); foreach (List<JintItem> LeftItemPart in LeftItemParts) { TaintResult LeftResult = TC.Check(LeftItemPart); if (LeftResult.SinkTaint) { SinkTaintedLeftItems.Add(LeftItemPart); if (LeftItemPart.Count > 0) AddSinkLine(LeftItemPart[0].LineNo, LeftResult.SinkReasons); else AddSinkLine(CurrentLineNo, LeftResult.SinkReasons); } } RemoveJintStackFrom(StatusIndex); } List<JintItem> RightItems = new List<JintItem>(); if (Stmt.Right != null) { int StatusIndex = AddToJintStack(Stmt.Left.Source, JintState.AssignmentExpressionRight); Analyze(Stmt.Right); RightItems = RemoveJintStackFrom(StatusIndex + 1); if (Stmt.Right.GetType().Name.Equals("AssignmentExpression")) { Analyze(((AssignmentExpression)Stmt.Right).Left); RightItems = RemoveJintStackFrom(StatusIndex + 1); } List<List<JintItem>> RightItemParts = ItemChecker.GetItemParts(RightItems); UpdateMappings(LeftItems, RightItemParts); foreach (List<JintItem> RightItemPart in RightItemParts) { TaintResult RightResult = TC.Check(RightItemPart); if (RightResult.SourceTaint) { foreach (JintItem Item in LeftItems) { Item.SourceReasons.AddRange(RightResult.SourceReasons); } AddToSourceObjects(LeftItems); if (RightItems.Count > 0) AddSourceLine(RightItemPart[0].LineNo, RightResult.SourceReasons); else AddSourceLine(CurrentLineNo, RightResult.SourceReasons); if (SinkTaintedLeftItems.Count > 0) if (LeftItems.Count > 0) AddSourceToSinkLine(LeftItems[0].LineNo); else AddSourceToSinkLine(CurrentLineNo); } else { foreach (List<JintItem> LeftItemPart in LeftItemParts) { RemoveFromSourceTaintedItems(LeftItemPart); } } if (RightResult.SinkTaint) { foreach (JintItem Item in LeftItems) { Item.SinkReasons.AddRange(RightResult.SinkReasons); } foreach (List<JintItem> LeftItemPart in LeftItemParts) { AddToSinkObjects(LeftItemPart); } if (RightItems.Count > 0) AddSinkLine(RightItemPart[0].LineNo, RightResult.SinkReasons); else AddSinkLine(CurrentLineNo, RightResult.SinkReasons); } else { foreach (List<JintItem> LeftItemPart in LeftItemParts) { RemoveFromSinkTaintedItems(LeftItemPart); } } } RemoveJintStackFrom(StatusIndex); } }