public SQLITaintSet AddTaint(SQLITaint taint, Variable initTaintedVar = null) { return(new SQLITaintSet() { InitialTaintedVariable = initTaintedVar.Name, TaintTag = TaintTag | taint }); }
public SQLITaint GetTaintStatus(Dictionary <uint, string> arguments) { SQLITaint returnValue = SQLITaint.SQL_ALL; foreach (var arg in arguments) { SQLITaint tmp; var param = Parameters.FirstOrDefault(x => x.Key.Item1 == arg.Key); try { switch (param.Key.Item2) { case "flag": var flagVal = Int32.Parse(arg.Value); var flagParam = (FlagParameter <SQLITaint>)param.Value; tmp = (SQLITaint)flagParam.GetStatus(flagVal); break; case "bool": case "boolean": var boolVal = Boolean.Parse(arg.Value); var boolParam = (BooleanParameter <SQLITaint>)param.Value; tmp = (SQLITaint)boolParam.GetStatus(boolVal); break; case "int": case "integer": var intVal = Int32.Parse(arg.Value); var intParam = (IntegerParameter <SQLITaint>)param.Value; tmp = (SQLITaint)intParam.GetStatus(intVal); break; case "str": case "string": var stringParam = (StringParameter <SQLITaint>)param.Value; tmp = (SQLITaint)stringParam.GetStatus(arg.Value); break; case "array": case "object": default: continue; } if (tmp < returnValue) { returnValue = tmp; } } catch (NullReferenceException e) { Debug.WriteLine("Could not find value, returning default: Exception was: {0}", e); return(this.DefaultStatus); } } return(returnValue); }
public Source(JToken JSON) { Name = (string)JSON.SelectToken(Keys.PHPDefinitionJSONKeys.GeneralKeys.Name); Type = (string)JSON.SelectToken(Keys.PHPDefinitionJSONKeys.GeneralKeys.Type); var xssTaintStr = (string)JSON.SelectToken(Keys.PHPDefinitionJSONKeys.GeneralKeys.XssTaint); var sqlTaintStr = (string)JSON.SelectToken(Keys.PHPDefinitionJSONKeys.GeneralKeys.SqlTaint); //Set up XSS taint from JSON, if it cannot be parsed, then use the default XSS_ALL tag XSSTaint tmpXss = XSSTaint.XSS_ALL; var success = Enum.TryParse(xssTaintStr, out tmpXss); if (success) { XssTaint = new XSSTaintSet(tmpXss); } else { XssTaint = new XSSTaintSet(XSSTaint.XSS_ALL); } //Set up SQL taint from JSON. If it cannot be parsed then use the default SQL_ALL tag. SQLITaint tmpSqli = SQLITaint.SQL_ALL; success = Enum.TryParse(sqlTaintStr, out tmpSqli); if (success) { SqliTaint = new SQLITaintSet(tmpSqli); } else { SqliTaint = new SQLITaintSet(SQLITaint.SQL_ALL); } Formats = new List <string>(); var formats = (JArray)JSON.SelectToken(Keys.PHPDefinitionJSONKeys.GeneralKeys.Formats); foreach (string format in formats) { Formats.Add(format); } }
public SQLSanitizer(JToken JSON) : base(JSON) { Parameters = new Dictionary <Tuple <uint, string>, Parameter>(); SQLITaint tmp; bool success = Enum.TryParse((string)JSON.SelectToken(Keys.PHPDefinitionJSONKeys.GeneralKeys.DefaultStatusCode), out tmp); DefaultStatus = success ? tmp : SQLITaint.SQL_ALL; var paramsArray = (JArray)JSON.SelectToken(Keys.PHPDefinitionJSONKeys.GeneralKeys.Parameters); foreach (JObject param in paramsArray) { var paramValues = (JArray)param.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterValues); var type = (string)param.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterType); var paramNumber = (uint)param.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterNumber); var isOptional = (bool?)param.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterIsOptional); var variadic = (bool?)param.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterIsVariadic); var isReturn = (bool?)param.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterIsReturnValue); if (paramValues == null) { var objectParam = new Parameter(isOptional ?? false, false, variadic ?? false, false, "", isReturn ?? false); Parameters.Add(new Tuple <uint, string>(paramNumber, type), objectParam); continue; } switch (type) { case "flag": var flag = FlagParameterFactory.CreateFlagParameter <SQLITaint>(paramValues, DefaultStatus, isOptional: isOptional, isVaridic: variadic, isReturn: isReturn); Parameters.Add(new Tuple <uint, string>(paramNumber, type), flag); break; case "bool": case "boolean": var boolparam = BooleanParameterFactory.CreateBooleanParameter <SQLITaint>(paramValues, DefaultStatus, isOptional: isOptional, isVariadic: variadic, isReturn: isReturn); Parameters.Add(new Tuple <uint, string>(paramNumber, type), boolparam); break; case "int": case "integer": var intParam = IntegerParameterFactory.CreateIntParameter <SQLITaint>(paramValues, DefaultStatus, isOptional: isOptional, isVariadic: variadic, isReturn: isReturn); Parameters.Add(new Tuple <uint, string>(paramNumber, type), intParam); break; case "str": case "string": var strParam = StringParameterFactory.CreateStringParameter <SQLITaint>(paramValues, DefaultStatus, isOptional: isOptional, isVariadic: variadic, isReturn: isReturn); Parameters.Add(new Tuple <uint, string>(paramNumber, type), strParam); break; case "array": break; case "object": break; default: string s = String.Format("Unknown parameter type. Parameter number: {0} had the type {1}", paramNumber, type).ToString(); throw new NotSupportedException(s); } } }
public SQLITaintSet(SQLITaint initialTaint = SQLITaint.None) { this.TaintTag = initialTaint; }