public static TraceResult Trace(string Code, string Keyword) { IronJint IJ = new IronJint(); IJ.SetSourcesAndSinks(new List<string>() { Keyword }, DefaultSinkObjects, new List<string>(), DefaultSinkReturningMethods, DefaultArgumentReturningMethods, DefaultArgumentAssignedASourceMethods, DefaultArgumentAssignedToSinkMethods); IJ.ClearAllTaint(); IJ.JintStack.Clear(); IJ.KeywordToTrace = Keyword; IJ.TraceKeyword = true; string CleanCode = Beautify(Code); //List<string> Lines = new List<string>(CleanCode.Split(new string[] { "\r\n" }, StringSplitOptions.None)); IJ.Analyze(CleanCode); //return IJ; TraceResult TR = new TraceResult(); TR.Lines.AddRange(IJ.RawLines); TR.SourceLineNos.AddRange(IJ.SourceLines); TR.SinkLineNos.AddRange(IJ.SinkLines); TR.SourceToSinkLineNos.AddRange(IJ.SourceToSinkLines); foreach (int LineNo in TR.SourceLineNos) { TR.SourceLines.Add(IJ.RawLines[LineNo - 1]); } foreach (int LineNo in TR.SinkLineNos) { TR.SinkLines.Add(IJ.RawLines[LineNo - 1]); } foreach (int LineNo in TR.SourceToSinkLineNos) { TR.SourceToSinkLines.Add(IJ.RawLines[LineNo - 1]); } TR.KeywordContexts.AddRange(IJ.KeywordContexts); return TR; }
internal static void TraceFromUI() { try { IronUI.ShowTraceStatus("Trace in progress...", false); IronJint IJ = new IronJint(); UIIJ = IJ; IJ.SetSourcesAndSinks(ConfiguredSourceObjects, ConfiguredSinkObjects, ConfiguredSourceReturningMethods, ConfiguredSinkReturningMethods, ConfiguredArgumentReturningMethods, ConfiguredArgumentAssignedASourceMethods, ConfiguredArgumentAssignedToSinkMethods); IJ.ClearAllTaint(); IJ.JintStack.Clear(); string DirtyJS = ""; if (Tools.IsJavaScript(InputCodeString)) { DirtyJS = InputCodeString; } else { try { HTML H = new HTML(InputCodeString); List<string> Scripts = H.GetJavaScript(); StringBuilder ScriptString = new StringBuilder(); foreach (string Script in Scripts) { ScriptString.AppendLine(Script); } DirtyJS = ScriptString.ToString(); } catch { throw new Exception("Entered text does not contain valid JavaScript"); } } if (DirtyJS.Length == 0) { throw new Exception("No valid JavaScript input available to trace"); } string CleanCode = Beautify(DirtyJS); IronUI.SetJSTaintTraceCode(CleanCode, false); IJ.Lines = new List<string>(CleanCode.Split(new string[] { "\r\n" }, StringSplitOptions.None)); if (PauseAtTaint) IronUI.SetJSTaintTraceResult(); IJ.StartedFromUI = true; IJ.Analyze(CleanCode); if (!PauseAtTaint) IronUI.SetJSTaintTraceResult(); IronUI.ShowTraceStatus("Trace Completed", false); IronUI.ResetTraceStatus(); } catch(ThreadAbortException) {} catch(Exception Exp) { StopUITrace(); IronUI.ResetTraceStatus(); IronUI.ShowTraceStatus("Trace Stopped due to error: " + Exp.Message, true); IronException.Report("Error performing JS Taint Trace", Exp.Message, Exp.StackTrace); } }
public static TraceResult Trace(string Code) { IronJint IJ = new IronJint(); IJ.SetSourcesAndSinks(DefaultSourceObjects, DefaultSinkObjects, DefaultSourceReturningMethods, DefaultSinkReturningMethods, DefaultArgumentReturningMethods, DefaultArgumentAssignedASourceMethods, DefaultArgumentAssignedToSinkMethods); IJ.ClearAllTaint(); IJ.JintStack.Clear(); string CleanCode = Beautify(Code); IJ.Analyze(CleanCode); TraceResult TR = new TraceResult(); TR.Lines.AddRange(IJ.RawLines); TR.SourceLineNos.AddRange(IJ.SourceLines); TR.SinkLineNos.AddRange(IJ.SinkLines); TR.SourceToSinkLineNos.AddRange(IJ.SourceToSinkLines); foreach (int LineNo in TR.SourceLineNos) { TR.SourceLines.Add(IJ.RawLines[LineNo - 1]); } foreach (int LineNo in TR.SinkLineNos) { TR.SinkLines.Add(IJ.RawLines[LineNo - 1]); } foreach (int LineNo in TR.SourceToSinkLineNos) { TR.SourceToSinkLines.Add(IJ.RawLines[LineNo - 1]); } return TR; }