private static ImmutableHashSet <SourceInfo> GetSourceInfos(SinkKind sinkKind)
{
switch (sinkKind)
{
case SinkKind.Sql:
case SinkKind.Dll:
case SinkKind.FilePathInjection:
case SinkKind.ProcessCommand:
case SinkKind.Xss:
case SinkKind.Regex:
case SinkKind.Ldap:
case SinkKind.Redirect:
case SinkKind.XPath:
case SinkKind.Xml:
case SinkKind.Xaml:
return(WebInputSources.SourceInfos);
case SinkKind.InformationDisclosure:
return(InformationDisclosureSources.SourceInfos);
case SinkKind.ZipSlip:
return(ZipSlipSources.SourceInfos);
case SinkKind.HardcodedEncryptionKey:
return(HardcodedBytesSources.SourceInfos);
case SinkKind.HardcodedCertificate:
return(HardcodedCertificateSources.SourceInfos.AddRange(HardcodedBytesSources.SourceInfos));
default:
Debug.Fail($"Unhandled SinkKind {sinkKind}");
return(ImmutableHashSet <SourceInfo> .Empty);
}
}
/// <summary>
/// Get OpenCV access to the specified camera.
/// </summary>
/// <remarks>
/// This allows you to get images from the camera for image processing on the roboRIO.
/// </remarks>
/// <param name="camera">The camera to get OpenCV access from
/// (e.g. as returned by <see cref="StartAutomaticCapture()"/>.</param>
/// <returns>The <see cref="CvSink"/> to get frames from.</returns>
public CvSink GetVideo(VideoSource camera)
{
string name = $"opencv_{camera.Name}";
lock (m_lockObject)
{
VideoSink sink;
m_sinks.TryGetValue(name, out sink);
if (sink != null)
{
SinkKind kind = sink.Kind;
if (kind != SinkKind.CV)
{
throw new VideoException($"expected OpenCV sink, but got {kind}");
}
return((CvSink)sink);
}
}
CvSink newSink = new CvSink(name);
newSink.Source = camera;
AddServer(newSink);
return(newSink);
}
private static ImmutableHashSet <SanitizerInfo> GetSanitizerInfos(SinkKind sinkKind)
{
switch (sinkKind)
{
case SinkKind.Sql:
case SinkKind.XPath:
return(PrimitiveTypeConverterSanitizers.SanitizerInfos);
case SinkKind.Xss:
return(XssSanitizers.SanitizerInfos);
case SinkKind.Ldap:
return(LdapSanitizers.SanitizerInfos);
case SinkKind.Xml:
return(PrimitiveTypeConverterSanitizers.SanitizerInfos.Union(XmlSanitizers.SanitizerInfos));
case SinkKind.Dll:
case SinkKind.InformationDisclosure:
case SinkKind.FilePathInjection:
case SinkKind.ProcessCommand:
case SinkKind.Regex:
case SinkKind.Redirect:
case SinkKind.Xaml:
case SinkKind.HardcodedEncryptionKey:
return(ImmutableHashSet <SanitizerInfo> .Empty);
case SinkKind.ZipSlip:
return(ZipSlipSanitizers.SanitizerInfos);
default:
Debug.Fail($"Unhandled SinkKind {sinkKind}");
return(ImmutableHashSet <SanitizerInfo> .Empty);
}
}
private static ImmutableHashSet <SourceInfo> GetSourceInfos(SinkKind sinkKind)
{
switch (sinkKind)
{
case SinkKind.Sql:
case SinkKind.Dll:
case SinkKind.FilePathInjection:
case SinkKind.ProcessCommand:
case SinkKind.Xss:
case SinkKind.Regex:
case SinkKind.Ldap:
case SinkKind.Redirect:
case SinkKind.XPath:
case SinkKind.Xml:
case SinkKind.Xaml:
return(WebInputSources.SourceInfos);
case SinkKind.InformationDisclosure:
return(InformationDisclosureSources.SourceInfos);
default:
Debug.Fail($"Unhandled SinkKind {sinkKind}");
return(ImmutableHashSet <SourceInfo> .Empty);
}
}
// Just to make hardcoding SinkInfos more convenient.
public static void AddSinkInfo(
this PooledHashSet <SinkInfo> builder,
string fullTypeName,
SinkKind sinkKind,
bool isInterface,
bool isAnyStringParameterInConstructorASink,
IEnumerable <string>?sinkProperties,
IEnumerable <(string Method, string[] Parameters)>?sinkMethodParameters)
private static ImmutableHashSet <SinkInfo> GetSinkInfos(SinkKind sinkKind)
{
switch (sinkKind)
{
case SinkKind.Sql:
return(SqlSinks.SinkInfos);
case SinkKind.Dll:
return(DllSinks.SinkInfos);
case SinkKind.InformationDisclosure:
case SinkKind.Xss:
return(WebOutputSinks.SinkInfos);
case SinkKind.FilePathInjection:
return(FilePathInjectionSinks.SinkInfos);
case SinkKind.ProcessCommand:
return(ProcessCommandSinks.SinkInfos);
case SinkKind.Regex:
return(RegexSinks.SinkInfos);
case SinkKind.Ldap:
return(LdapSinks.SinkInfos);
case SinkKind.Redirect:
return(RedirectSinks.SinkInfos);
case SinkKind.XPath:
return(XPathSinks.SinkInfos);
case SinkKind.Xml:
return(XmlSinks.SinkInfos);
case SinkKind.Xaml:
return(XamlSinks.SinkInfos);
case SinkKind.ZipSlip:
return(ZipSlipSinks.SinkInfos);
case SinkKind.HardcodedEncryptionKey:
return(HardcodedEncryptionKeySinks.SinkInfos);
case SinkKind.HardcodedCertificate:
return(HardcodedCertificateSinks.SinkInfos);
default:
Debug.Fail($"Unhandled SinkKind {sinkKind}");
return(ImmutableHashSet <SinkInfo> .Empty);
}
}
private TaintedDataSymbolMap <T> GetFromMap <T>(SinkKind sinkKind, ImmutableDictionary <SinkKind, Lazy <TaintedDataSymbolMap <T> > > map)
where T : ITaintedDataInfo
{
if (map.TryGetValue(sinkKind, out Lazy <TaintedDataSymbolMap <T> > lazySourceSymbolMap))
{
return(lazySourceSymbolMap.Value);
}
else
{
Debug.Fail($"SinkKind {sinkKind} entry missing from {typeof(T).Name} map");
return(new TaintedDataSymbolMap <T>(this.WellKnownTypeProvider, Enumerable.Empty <T>()));
}
}
static WebOutputSinks()
{
// TODO paulming: Review why InformationDisclosure and XSS sinks are different.
var builder = PooledHashSet <SinkInfo> .GetInstance();
SinkKind[] sinkKinds = new SinkKind[] { SinkKind.InformationDisclosure, SinkKind.Xss };
builder.AddSinkInfo(
WellKnownTypeNames.SystemWebUIITextControl,
sinkKinds,
isInterface: true,
isAnyStringParameterInConstructorASink: false,
sinkProperties: new[] { "Text" },
sinkMethodParameters: null);
builder.AddSinkInfo(
WellKnownTypeNames.SystemWebHttpResponseBase,
sinkKinds,
isInterface: false,
isAnyStringParameterInConstructorASink: false,
sinkProperties: null,
sinkMethodParameters: new[] {
public bool HasTaintArraySource(SinkKind sinkKind)
{
return(GetSourceInfos(sinkKind).Any(o => o.TaintConstantArray));
}
public TaintedDataSymbolMap <SinkInfo> GetSinkSymbolMap(SinkKind sinkKind)
{
return(this.GetFromMap <SinkInfo>(sinkKind, this.SinkSymbolMap));
}
public TaintedDataSymbolMap <SanitizerInfo> GetSanitizerSymbolMap(SinkKind sinkKind)
{
return(this.GetFromMap <SanitizerInfo>(sinkKind, this.SanitizerSymbolMap));
}
public bool HasTaintArraySource(SinkKind sinkKind, Configuration config)
{
return(GetSourceInfos(sinkKind, config).Any(o => o.TaintConstantArray));
}
private ImmutableHashSet <SourceInfo> GetSourceInfos(SinkKind sinkKind, Configuration config)
{
var typeToInfos = new Dictionary <string, AggregatedSource>();
foreach (var entryPoint in config.TaintEntryPoints)
{
if (!typeToInfos.TryGetValue(entryPoint.Key, out var value))
{
value = new AggregatedSource();
typeToInfos.Add(entryPoint.Key, value);
}
if (value.entryPoint != null)
{
throw new ArgumentException($"Duplicate entrypoint for type '{entryPoint.Key}'");
}
value.entryPoint = entryPoint.Value;
}
foreach (var source in config.TaintSources)
{
if (source.TaintTypes != null && !source.TaintTypes.Contains((TaintType)sinkKind))
{
continue;
}
if (!typeToInfos.TryGetValue(source.Type, out var value))
{
value = new AggregatedSource();
typeToInfos.Add(source.Type, value);
}
if (value.source != null)
{
throw new ArgumentException($"Duplicate taint source for type '{source.Type}'");
}
value.source = source;
}
foreach (var sanitizer in config.Sanitizers)
{
var methods = sanitizer.Methods.Where(x => x.InOut != null && x.InOut.Any(io => io.outArgumentName != TaintedTargetValue.Return));
if (!methods.Any())
{
continue;
}
if (!typeToInfos.TryGetValue(sanitizer.Type, out var value))
{
value = new AggregatedSource();
typeToInfos.Add(sanitizer.Type, value);
}
if (value.sanitizer != null)
{
throw new ArgumentException($"Duplicate sanitizer for type '{sanitizer.Type}'");
}
value.sanitizer = sanitizer;
}
foreach (var transfer in config.Transfers)
{
if (!typeToInfos.TryGetValue(transfer.Type, out var value))
{
value = new AggregatedSource();
typeToInfos.Add(transfer.Type, value);
}
if (value.transfer != null)
{
throw new ArgumentException($"Duplicate taint source for type '{transfer.Type}'");
}
value.transfer = transfer;
}
var sourceInfosBuilder = PooledHashSet <SourceInfo> .GetInstance();
foreach (var type in typeToInfos)
{
bool?isIterface = null;
if (type.Value.sanitizer?.IsInterface != null)
{
if (isIterface.HasValue && isIterface != type.Value.sanitizer.IsInterface)
{
throw new ArgumentException($"Inconsistent 'IsInterface' for type '{type.Key}'");
}
else
{
isIterface = type.Value.sanitizer.IsInterface;
}
}
if (type.Value.source?.IsInterface != null)
{
if (isIterface.HasValue && isIterface != type.Value.sanitizer.IsInterface)
{
throw new ArgumentException($"Inconsistent 'IsInterface' for type '{type.Key}'");
}
else
{
isIterface = type.Value.source.IsInterface;
}
}
if (type.Value.transfer?.IsInterface != null)
{
if (isIterface.HasValue && isIterface != type.Value.transfer.IsInterface)
{
throw new ArgumentException($"Inconsistent 'IsInterface' for type '{type.Key}'");
}
else
{
isIterface = type.Value.sanitizer.IsInterface;
}
}
SourceInfo metadata;
if (type.Value.source != null && type.Value.source.Methods == null && type.Value.source.Properties == null)
{
metadata = new SourceInfo(
type.Key,
isInterface: isIterface ?? false,
taintedMethods:
ImmutableHashSet <(MethodMatcher, ImmutableHashSet <string>)> .Empty,
taintedMethodsNeedsPointsToAnalysis:
ImmutableHashSet <(MethodMatcher, ImmutableHashSet <(PointsToCheck, string)>)> .Empty,
taintedMethodsNeedsValueContentAnalysis:
ImmutableHashSet <(MethodMatcher, ImmutableHashSet <(ValueContentCheck, string)>)> .Empty,
transferMethods:
ImmutableHashSet <(MethodMatcher, ImmutableHashSet <(string, string)>)> .Empty,
allProperitesAreTainted: true,
allFieldsAreTainted: true
);
}
else
{
metadata = new SourceInfo(
type.Key,
isInterface: isIterface ?? false,
taintedProperties: type.Value.source?.Properties?.ToImmutableHashSet(StringComparer.Ordinal)
?? ImmutableHashSet <string> .Empty,
taintedFields: ImmutableHashSet <string> .Empty,
dependencyFullTypeNames:
type.Value.entryPoint?.Dependency?.ToImmutableArray(),
taintedArguments: type.Value.entryPoint != null ?
new ParameterMatcher[] {
(parameter, wellKnownTypeProvider) => {
if (!(parameter.ContainingSymbol is IMethodSymbol methodSymbol) || methodSymbol.IsPropertyAccessor())
{
return(false);
}
if (type.Value.entryPoint.Class != null)
{
if (!(methodSymbol.ContainingSymbol is INamedTypeSymbol typeSymbol))
{
return(false);
}
var classCache = s_classIsControllerByCompilation.GetOrCreateValue(wellKnownTypeProvider.Compilation, (compilation) => new ConcurrentDictionary <INamedTypeSymbol, bool>());
if (!classCache.TryGetValue(typeSymbol, out bool isTaintEntryClass))
{
isTaintEntryClass = false;
bool IsTaintEntryClassBySuffix()
{
if (typeSymbol.Name.EndsWith(type.Value.entryPoint.Class.Suffix.Text, StringComparison.Ordinal))
{
return(true);
}
else if (type.Value.entryPoint.Class.Suffix.IncludeParent &&
typeSymbol.GetBaseTypes().Any(x => x.Name.EndsWith(type.Value.entryPoint.Class.Suffix.Text, StringComparison.Ordinal)))
{
return(true);
}
else
{
return(false);
}
}
if (type.Value.entryPoint.Class.Accessibility != null &&
type.Value.entryPoint.Class.Accessibility.All(a => a != typeSymbol.DeclaredAccessibility))
{
isTaintEntryClass = false;
}
else
{
if (type.Value.entryPoint.Class.Suffix != null &&
type.Value.entryPoint.Class.Parent == null)
{
isTaintEntryClass = IsTaintEntryClassBySuffix();
}
else if (type.Value.entryPoint.Class.Parent != null)
{
var parentType = wellKnownTypeProvider.GetOrCreateTypeByMetadataName(type.Value.entryPoint.Class.Parent);
if ((parentType.TypeKind == TypeKind.Interface && typeSymbol.AllInterfaces.Any(x => x == parentType)) ||
typeSymbol.GetBaseTypesAndThis().Any(x => x == parentType))
{
isTaintEntryClass = type.Value.entryPoint.Class.Suffix != null ? IsTaintEntryClassBySuffix() : true;
}
}
if (type.Value.entryPoint.Class.Attributes?.Exclude != null &&
type.Value.entryPoint.Class.Attributes.Exclude.Any(x => typeSymbol.HasDerivedTypeAttribute(wellKnownTypeProvider.GetOrCreateTypeByMetadataName(x.Type))))
{
isTaintEntryClass = false;
}
else if (type.Value.entryPoint.Class.Attributes?.Include != null &&
type.Value.entryPoint.Class.Attributes.Include.Any(x => typeSymbol.HasDerivedTypeAttribute(wellKnownTypeProvider.GetOrCreateTypeByMetadataName(x.Type))))
{
isTaintEntryClass = true;
}
}
classCache.TryAdd(typeSymbol, isTaintEntryClass);
}
if (!isTaintEntryClass)
{
return(false);
}
}
if (type.Value.entryPoint.Method != null)
{
if (type.Value.entryPoint.Method.Static.HasValue && type.Value.entryPoint.Method.Static != methodSymbol.IsStatic)
{
return(false);
}
if (type.Value.entryPoint.Method.Name != null)
{
if (type.Value.entryPoint.Method.NameRegex == null)
{
return(type.Value.entryPoint.Method.Name == methodSymbol.Name);
}
if (!type.Value.entryPoint.Method.NameRegex.IsMatch(methodSymbol.Name))
{
return(false);
}
}
if (type.Value.entryPoint.Method.IncludeConstructor.HasValue && type.Value.entryPoint.Method.IncludeConstructor != methodSymbol.IsConstructor())
{
return(false);
}
if (type.Value.entryPoint.Method.Accessibility.All(a => a != methodSymbol.DeclaredAccessibility))
{
return(false);
}
if (type.Value.entryPoint.Method.Attributes?.Exclude != null &&
type.Value.entryPoint.Method.Attributes.Exclude.Any(x => methodSymbol.HasDerivedMethodAttribute(wellKnownTypeProvider.GetOrCreateTypeByMetadataName(x.Type))))
{
return(false);
}
}
if (type.Value.entryPoint.Parameter?.Attributes?.Exclude != null &&
type.Value.entryPoint.Parameter.Attributes.Exclude.Any(x => parameter.HasAttribute(wellKnownTypeProvider.GetOrCreateTypeByMetadataName(x.Type))))
{
return(false);
}
return(true);
}
}.ToImmutableHashSet() : ImmutableHashSet <ParameterMatcher> .Empty,
